Saturday, 04 April

17:49

Today I Am Ten, or, the Miracle of ScalziYears [Whatever]

And you say to yourself, what? Scalzi, you are not ten years old today! You are just barely a month away from being 57! The only juvenile you are is juvenile elderly! Stop being a faker, you faker!

To which I respond: Yes, I am fifty-six and eleven(ish) months old… on Earth. But as you know, I have a minor planet named after me, and its orbital period is just a shade under 5.7 earth years long. If you were to position 52692 Johnscalzi (1998 FO8) on the day of my birth, today is the day it would have made its tenth complete orbit since then. Thus, ten ScalziYears. Today, I am ten ScalziYears old.

How will I celebrate such a momentous occasion? As it happens I have a gathering of friends at the church today. It’s for something else entirely but I might bring a cake anyway. And otherwise, I’m taking it easy. It’s nice that this time around it slots in just between Good Friday and Easter. Easter Saturday always feels a little left out of the holiday swing of things, I’m glad this year to give something to do.

My next ScalziYear birthday will be December 12, 2031, so you have lots of time to prepare. Get ready!

— JS

PS: that coin with my asteroids orbit on it was given to me by a fan at the San Antonio Pop Madness convention (whose name escapse me at the moment but they can certainly announce themselves in the comments), and it was super-cool to get it. The other side of the coin is just as awesome:

I have the best fans, honestly.

17:07

When Trump appeared on Twitter [Scripting News]

Excellent podcast discussion with John Stewart and Heather Cox Richardson. I desperately wanted to get in the conversation. I think they missed something important and came soooo close. Trump isn't only a TV star, he's a blogger. Comes naturally to him. Why wasn't Obama transformative in the same way? First black president. You get to be the first black president by being utterly brilliant and infinitely careful. There wasn't a single spontaneous moment in his presidency, though there were scripted moments when playing that role. And some amazingly brilliant speech-making. He's perfect, but that's because there were severe limits on what he could get away with.

On the web the ethos is "Come as you are, we're just folks." That's not Obama.

Who also had to be hugely careful? Hillary Clinton and Kamala Harris. Not Joe Biden who's famous for his gaffes.

Trump doesn't give a shit what you think, that's why he's so good on Twitter. Trump was a TV star but right now it's more important to be a natural born blogger.

I was beating this drum ever since Trump appeared on Twitter. We need to be much better at this. We're still in the hole. At least Newsom knows there's a problem but imho he isn't the answer. We need someone who's bitter and funny, like Joan Rivers or Don Rickles. You don't need to understand government or politics, just show up and be a kind of lovable asshole 24 hours a day.

People could relate to Trump. Trump, even though he's not a great dancer, doesn't mind doing it if you think it's funny. He's a total entertainment package. Very random.

Wouldn't hurt for the next Dems to to find someone like that. Hopefully not to run for president.

HCR said Trump was Cuckoo for Cocoa Puffs -- I LOL'd totally.

14:21

Robert Smith: Idiomatic Lisp and the nbody benchmark [Planet Lisp]

When talking to Lisp programmers, you often hear something like, “adapt Lisp to your problem, not your problem to Lisp.” The basic idea is this: if Lisp doesn’t let you easily write a solution to your problem because it lacks some fundamental constructs that make expressing solutions easy, then add them to Lisp first, then write your solution.

That sounds all good and well in the abstract, and maybe we could even come up with some toy examples—say, defining HTTP request routing logic in a nice DSL. But where’s a real example of this that’s not artificial or overengineered?

Recently, on Twitter, I butted into the middle of an exchange between @Ngnghm (a famous Lisp programmer) and @korulang (an account dedicated to a new language called Koru) about Lisp. I’m oversimplifying, but it went something like this:

  • Lisp is slow.
  • No it’s not!
  • Yes it is!
  • No it’s not!
  • Then prove it!

Now, there’s plenty of evidence online that Common Lisp has reasonably good compilers that produce reasonably good machine code, and so the question became more nuanced: Can Lisp be realistically competitive with C without ending up being a mess of unidiomatic code?

Our interlocutor @korulang proposed a benchmark, the “nbody” benchmark from the Computer Language Benchmarks Game. This was of particular interest to them, because they used it as an object of study for their Koru language. To quote their blog post:

We wanted Koru kernels to land in the same ballpark as idiomatic C, Rust, and Zig.

The result was stronger than that.

Our fused n-body kernel, written in straightforward Koru kernel style, came in faster than the plain reference implementations. Every implementation here is "naive" — the obvious, idiomatic version a competent programmer would write in each language. No tricks, no hand-tuning, no -ffast-math: […]

and they proceeded to show Koru being 14% faster than C and 106% faster than Lisp.

Now, putting aside that some of the code and blog post were written with LLMs, there are many questions that are left unanswered here, since computer architecture and operating system matter a lot (where did these benchmarks run?). Moreover, the author buries the lede a little bit and proceeds to show how we might write “unidiomatic” C to match the performance of Koru.

I’m not concerned about nitpicking their approach or rigorously evaluating their claims, but I would like to dwell on this common refrain: “idiomatic”. What is that supposed to mean?

“Idiomatic code” in the context of programming means something like “representative of a fluent computer programmer” and “aligned with the peculiar characteristics of the language”. In some sense, idiomatic code in a particular language shouldn’t stand out amongst other code in that language, and idiomatic code should, in some sense, portray the identity of the language itself.

Idiomatic C is the C that uses terse names, simple loops, and unsafe arithmetic.

Idiomatic Haskell is the Haskell that uses short functions, higher-order abstractions, immutable data structures, and safe constructs.

What about idiomatic Lisp? Well, here’s the rub. A fluent programmer at Lisp doesn’t reach for one paradigmatic toolbox; they weave in and out of imperative, functional, object-oriented, etc. styles without much of a second thought. There’s a sort of “meta” characteristic to Lisp programming: you’re programming the language almost as much as you’re programming the program.

Yes, Lisp has loops, but “loopy code” isn’t intrinsically “Lispy code”. Yes, Lisp has objects, but “OOPy code” isn’t intrinsically “Lispy code”. In my opinion, what makes code “Lispy” is whether or not the programmer used Lisp’s metaprogramming and/or built-in multi-paradigm facilities to a reasonable degree to make the solution to their problem efficient and easy to understand in some global sense. For some problems, that may be “loopy” or “OOPy” or something else. It’s finding a Pareto-efficient syntactic and semantic combination offered by the language, or perhaps one of the programmer’s own creation.

So we get back to the @korulang benchmark challenge. Looking at their repository:

  • nbody.c looks like idiomatic C;
  • nbody.hs looks like wildly unidiomatic Haskell, but the problem is, the idiomatic version would probably be slower;
  • nbody.lisp looks reasonable, though it could easily be improved, but loopy; and
  • The Koru solution kernel_fused.kz looks idiomatic, as far as I can tell for not knowing anything about Koru.

I hesitate to say nbody.lisp is idiomatic. It’s reasonable, it’s straightforward to any imperative-minded programmer, but it’s not Lispy. That doesn’t make it good or bad, but it does lead to the grand question:

Can we use Common Lisp to express a solution to the nbody benchmark in a way that reads more naturally than a direct-from-C port?

I would say that, at face value, Koru’s solution is along the lines of what is more natural relative to the problem itself. Here are the essential bits.

~std.kernel:shape(Body) {
x: f64, y: f64, z: f64,
vx: f64, vy: f64, vz: f64,
mass: f64,
}
~std.kernel:init(Body) {
{ x: 0, y: 0, z: 0, vx: 0, vy: 0, vz: 0, mass: SOLAR_MASS },
{ x: 4.84143144246472090e+00, y: -1.16032004402742839e+00, z: -1.03622044471123109e-01, vx: 1.66007664274403694e-03 * DAYS_PER_YEAR, vy: 7.69901118419740425e-03 * DAYS_PER_YEAR, vz: -6.90460016972063023e-05 * DAYS_PER_YEAR, mass: 9.54791938424326609e-04 * SOLAR_MASS },
{ x: 8.34336671824457987e+00, y: 4.12479856412430479e+00, z: -4.03523417114321381e-01, vx: -2.76742510726862411e-03 * DAYS_PER_YEAR, vy: 4.99852801234917238e-03 * DAYS_PER_YEAR, vz: 2.30417297573763929e-05 * DAYS_PER_YEAR, mass: 2.85885980666130812e-04 * SOLAR_MASS },
{ x: 1.28943695621391310e+01, y: -1.51111514016986312e+01, z: -2.23307578892655734e-01, vx: 2.96460137564761618e-03 * DAYS_PER_YEAR, vy: 2.37847173959480950e-03 * DAYS_PER_YEAR, vz: -2.96589568540237556e-05 * DAYS_PER_YEAR, mass: 4.36624404335156298e-05 * SOLAR_MASS },
{ x: 1.53796971148509165e+01, y: -2.59193146099879641e+01, z: 1.79258772950371181e-01, vx: 2.68067772490389322e-03 * DAYS_PER_YEAR, vy: 1.62824170038242295e-03 * DAYS_PER_YEAR, vz: -9.51592254519715870e-05 * DAYS_PER_YEAR, mass: 5.15138902046611451e-05 * SOLAR_MASS },
}
| kernel k |>
std.kernel:step(0..iterations)
|> std.kernel:pairwise {
const dx = k.x - k.other.x;
const dy = k.y - k.other.y;
const dz = k.z - k.other.z;
const dsq = dx*dx + dy*dy + dz*dz;
const mag = DT / (dsq * @sqrt(dsq));
k.vx -= dx * k.other.mass * mag;
k.vy -= dy * k.other.mass * mag;
k.vz -= dz * k.other.mass * mag;
k.other.vx += dx * k.mass * mag;
k.other.vy += dy * k.mass * mag;
k.other.vz += dz * k.mass * mag;
}
|> std.kernel:self {
k.x += DT * k.vx;
k.y += DT * k.vy;
k.z += DT * k.vz;
}
| computed c |>
capture({ energy: @as(f64, 0) })
| as acc |>
for(0..5)
| each i |>
captured { energy: acc.energy + 0.5*c[i].mass*(c[i].vx*c[i].vx+c[i].vy*c[i].vy+c[i].vz*c[i].vz) }
|> for(i+1..5)
| each j |>
captured { energy: acc.energy - c[i].mass*c[j].mass / @sqrt((c[i].x-c[j].x)*(c[i].x-c[j].x)+(c[i].y-c[j].y)*(c[i].y-c[j].y)+(c[i].z-c[j].z)*(c[i].z-c[j].z)) }
| captured final |>
std.io:print.blk {
{{ final.energy:d:.9 }}
}

Can we achieve something similar in Lisp?

First, let’s make a baseline. I’m running Ubuntu Noble with a “AMD RYZEN AI MAX+ PRO 395” with a clock speed that varies between 0.6-5 GHz. I am also using SBCL 2.6.3 and gcc 13.3. Using nbody.lisp as a starting point, I modified it for a few easy wins. I’ll call this version nbody-lisp-conventional. A quick benchmark reveals that the loopy Lisp code is only about 20% slower than the C code compiled with gcc -O3 -ffast-math -march=native.

$ ./nbody-lisp-conventional 50000000
-0.169286396
timing: 2000 ms
$ ./nbody-c 50000000
-0.169286396
timing: 1662 ms

As a Lisp programmer, it’s not surprising that it’s a little slower. The number of person-years that have gone into C compilers to optimize idiomatic C code makes the development effort behind SBCL, the most popular open-source Lisp compiler, look like a rounding error.

Now that we have a baseline, our goal is to come up with a nicer Lisp program that also improves the timing.

Our approach will be simple. We will create a library.lisp that contains new language constructs of a similar ilk to Koru, and we will use them to implement the nbody benchmark in impl.lisp. Some rules:

  • No compile-time precomputation or caching. I can’t just compute the answer at compile time, or cache a sub-computation that makes the full one trivial.
  • No fundamental algorithm changes. I can’t use a different integrator, for example.
  • Using assembly is allowed, but it must only make use of the facilities offered by the Lisp compiler (i.e., no external tools), and the implementation of nbody itself must be understandable without knowing assembly. In other words, it should be sufficiently hidden, and in principle easily substitutable with portable code.
  • Library code must be in principle useful for other similar tasks. It should not be hyper-specialized to this specific problem instance, but instead be useful for this general class of problems.

The third rule is more rigorous than it looks. It means we can’t just have a solve-nbody problem which dispatches to assembly.

To accomplish the above, we define a kernel DSL. The DSL allows us to express how elements of a composite transform, maintaining just enough invariants to allow them to be handled efficiently. These kernels are then compiled into efficient code, more efficient than ordinary loopy Lisp allows for.

Our attention will be focused on a proof-of-concept library of functionality for writing particle simulators. The operators we define are:

  • define-kernel-shape: Define the data to be transformed by each kernel. This would be the data to characterize the static and dynamic properties of a particle in motion, as well as the number of particles under consideration.
  • define-kernel-step: Define a kernel as a sequence of existing ones.
  • define-self-kernel: Define a read-write kernel that operates on each element independently, without access to other elements (i.e., a map operation).
  • define-pairwise-kernel: Define a read-write kernel that operates on all pairs of elements, reduced by symmetry (i.e., (i,j) and (j,i) are considered only once).
  • define-reduction-kernel: Define a read-only kernel that does reduction of a sequence into a single value (i.e., a reduce operation).

This collection of five operators forms a miniature, re-usable language. These broadly recapitulate those of Koru, and allow us to write something that looks like this:

(defconstant +solar-mass+ (* 4d0 pi pi))
(defconstant +days-per-year+ 365.24d0)
(defconstant +dt+ 0.01d0)
(define-kernel-shape body 5
x y z vx vy vz mass)
(defparameter *system*
(make-body-system
(list :x 0d0 :y 0d0 :z 0d0
:vx 0d0 :vy 0d0 :vz 0d0
:mass +solar-mass+)
...))
(define-pairwise-kernel advance-forces (s body dt)
(let* ((dx (- i.x j.x))
(dy (- i.y j.y))
(dz (- i.z j.z))
(dsq (+ (+ (* dx dx) (* dy dy)) (* dz dz)))
(mag (/ dt (* dsq (sqrt dsq)))))
(let ((dm-j (* mag j.mass))
(dm-i (* mag i.mass)))
(decf i.vx (* dx dm-j))
(decf i.vy (* dy dm-j))
(decf i.vz (* dz dm-j))
(incf j.vx (* dx dm-i))
(incf j.vy (* dy dm-i))
(incf j.vz (* dz dm-i)))))
(define-self-kernel advance-positions (s body dt)
(incf self.x (* dt self.vx))
(incf self.y (* dt self.vy))
(incf self.z (* dt self.vz)))
(define-reduction-kernel (energy e 0d0) (s body)
(:self
(+ e (* (* 0.5d0 self.mass)
(+ (+ (* self.vx self.vx) (* self.vy self.vy))
(* self.vz self.vz)))))
(:pair
(let* ((dx (- i.x j.x))
(dy (- i.y j.y))
(dz (- i.z j.z)))
(- e (/ (* i.mass j.mass)
(sqrt (+ (+ (* dx dx) (* dy dy))
(* dz dz))))))))
(define-kernel-step run-simulation (system body n :params ((dt double-float)))
(advance-forces dt)
(advance-positions dt))

Well, in fact, this isn’t an ideal approximation, it’s almost exactly how it turned out. Given this is a proof of concept, we sometimes have to write some Lisp things a little funny. For example, you’ll notice we write:

(+ (+ (* dx dx) (* dy dy)) (* dz dz))

instead of the far more readable

(+ (* dx dx) (* dy dy) (* dz dz))

Both are completely valid and both can be used. So why the former? It is a result of a limitation of a little feature I built in: auto-vectorization. The vectorizer walks the mathematical expressions and replaces them with fast SIMD variants instead. Here’s a little fragment showing this rewrite rule:

...
(case (car expr)
;; (+ a (* b c)) -> fmadd(a,b,c)
((+)
(let ((args (cdr expr)))
(cond
((and (= (length args) 2) (mul-p (second args)))
`(%%fmadd-pd ,(xf (first args))
,(xf (second (second args)))
,(xf (third (second args)))))
...

The implementation of these kernel macros in library.lisp weighs in at just under 700 lines, and includes optional x64 SIMD auto-vectorization.

Well, for the nail biting moment, how does it compare? I made a Makefile that compares the idiomatic C against the loopy Lisp against our kernel DSL Lisp. It does a median-of-3. Running this on my computer gives:

$ make bench
=== C (gcc -O3 -ffast-math) ===
-0.169286396
runs: 1657 1664 1653 ms
median: 1657 ms
=== Lisp (SBCL, conventional loops) ===
-0.169286396
runs: 1991 2009 2005 ms
median: 2005 ms
=== Lisp (SBCL, kernel syntax) ===
-0.169286396
runs: 1651 1651 1652 ms
median: 1651 ms

So, in fact, we have matched the performance of C almost exactly. Furthermore, the generated code is still not as lean as it could be. Not to put too fine a point on it, but, <100 lines of Lisp, supported by

  • 700 lines of library code and about 4 hours of my time; and
  • 500k lines of its host compiler sbcl

has performance parity and greater readability/reusability than <100 lines of C, supported by

  • ~5,000k lines of just the C part of its host compiler gcc.

None of this is to make an argument that Lisp is “better”, or that there isn’t merit to avoiding custom DSLs in certain circumstances, or that the world doesn’t have room for more custom home-grown compilers and parsers, but I think this is the clearest possible, quasi-realistic demonstration that idiomatic Lisp can be as fast as idiomatic C without tremendous work, whilst netting additional benefits unique to Lisp.

All code is available here.

ECL News: ECL 26.3.27 release [Planet Lisp]

We are announcing a new stable ECL release. This release highlights:

  • bytecodes closures are now faster and avoid capturing unused parts of the lexical environment
  • improvements to the native compiler, including better separation between compiler frontend and backend, reduced function call overhead, more aggressive dead code elimination and many internal improvements and bug fixes
  • hash table implementation improvements and bug fixes for collisions
  • streams: extensions EXT:PEEK-BYTE, EXT:UNREAD-BYTE, GRAY:STREAM-PEEK-BYTE and GRAY:STREAM-UNREAD-BYTE, bugfixes and implementation refactor
  • the codebase has been updated to conform to the C23 standard
  • simplified procedure for cross-compiling ECL itself
  • support for cross-compilation of Common Lisp code to different targets using a new :TARGET option for COMPILE-FILE
  • some fixes for the emscripten target

The release also incorporates many other bug fixes and performance improvements as well as an updated manual. We'd like to thank all people who contributed to ECL with code, testing, issue reports and otherwise.

People listed here contributed code in this iteration: Daniel Kochmański, Marius Gerbershagen, Tarn W. Burton, Kirill A. Korinsky, Dmitry Solomennikov, Kevin Zheng, Mark Shroyer and Sebastien Marie.

People listed here did extensive release candidate testing on various platforms: Marius Gerbershagen, Daniel Kochmański, Dima Pasechnik, Matthias Köppe, Jeremy List, Mark Damon Hughes and Paul Ruetz.

This release is available for download in a form of a source code archive (we do not ship prebuilt binaries):

Finally, a note on the release schedule: ECL releases often take some time to come out, partially because we do extensive testing against supported platforms and existing libraries to find regressions. In the meantime all improvements are incrementally incorporated in the branch develop. It is considered stable and it is tested and reviewed with necessary dilligence. If release cycle is too slow for your needs, then we suggest following the branch develop for the most recent changes.

Happy Hacking,
The ECL Developers

Robert Smith: Beating Bellard's formula [Planet Lisp]

By Robert Smith

Fabrice Bellard came up with a computationally efficient formula for calculating the nth hexadecimal digit of $\pi$ without calculating any of the previous n−1. It’s called Bellard’s formula. It wasn’t the first of its kind, but in terms of computational efficiency, it was a substantial improvement over the original, elegant Bailey-Borwein-Plouffe formula. Due to the trio’s discovery, these formulas are often called BBP-type formulas.

Over the years, numerous BBP-type formulas have been discovered. In fact, Bailey gives us a recipe to search for them using integer-relation algorithms. In simple terms, we can just guess formulas, and run a computation to see if it likely equals $\pi$ with high confidence. If we do find one, then we can use it as a conjecture to prove formally.

Like Bellard and many others, I ran a variant of Bailey’s recipe, effectively doing a brute-force search, highly optimized and in parallel. The search yielded another formula that is computationally more efficient than Bellard’s formula. The identity is as follows:

$$ \pi = \sum_{k=0}^{\infty} \frac{1}{4096^k} \left( \frac{1}{6k+1} - \frac{2^{-5}}{6k+3} + \frac{2^{-8}}{6k+5} + \frac{2}{8k+1} - \frac{2^{-5}}{8k+5} + \frac{2^{-1}}{12k+3} - \frac{2^{-4}}{12k+7} - \frac{2^{-8}}{12k+11} \right). $$

It converges at a rate of 12 bits per term. We will prove convergence, and then prove the identity itself (with a little computer assistance). As it turns out, an equivalent form of this formula was already discovered, which we will discuss as well. Finally, we’ll show a very simple implementation in Common Lisp.

Proof of convergence

Write the series as $S := \sum_{k=0}^{\infty} 4096^{-k}R(k)$. Since $R(k)\in O(1/k)$, convergence is dominated by the geometric term $4096^{-k}$:

$$ \lim_{k \to \infty} \left\vert \frac{R(k+1)}{4096^{k+1}} \middle/ \frac{R(k)}{4096^{k}} \right\vert = \frac{1}{4096}. $$

By the ratio test, the series converges absolutely. Since $4096 = 2^{12}$, each additional term contributes exactly 12 bits of precision.

Bellard’s formula converges at 10 bits per term and requires the evaluation of 7 fractions. The above converges at 12 bits per term, and requires the evaluation of 8 fractions. So while we require 20% fewer terms, each term requires about 14% more arithmetic. So, net-net, this formula is approximately 5-6% more efficient.

Proof of identity via a definite integral

Consider $1/(nk+j) = \int_{0}^{1} x^{nk+j-1} dx$. For positive integers $n$ and $b$, we get

$$ \sum_{k=0}^{\infty} \frac{1}{b^k}\cdot\frac{1}{nk+j} = \sum_{k=0}^{\infty} \int_{0}^{1} \left(\frac{x^n}{b}\right)^k x^{j-1} dx. $$

We can swap the sum and integral via the Lebesgue dominated convergence theorem, since the power series $\sum (x^n/b)^k$ converges uniformly for $x \in [0, 1]$ and $b > 1$. Using this and summing the geometric series gives:

$$ \int_{0}^{1} x^{j-1} \sum_{k=0}^{\infty} \left(\frac{x^n}{b}\right)^k dx = \int_{0}^{1} \frac{x^{j-1}}{1 - x^n/b} dx. $$

We now apply this to $S$ termwise with $b=4096=2^{12}$:

$$ S = \int_0^1 \left( \frac{x^{0}}{1 - \frac{x^6}{2^{12}}} - 2^{-5} \frac{x^{2}}{1 - \frac{x^6}{2^{12}}} + 2^{-8} \frac{x^{4}}{1 - \frac{x^6}{2^{12}}} + 2 \frac{x^{0}}{1 - \frac{x^8}{2^{12}}} - 2^{-5} \frac{x^{4}}{1 - \frac{x^8}{2^{12}}} + 2^{-1} \frac{x^{2}}{1 - \frac{x^{12}}{2^{12}}} - 2^{-4} \frac{x^{6}}{1 - \frac{x^{12}}{2^{12}}} - 2^{-8} \frac{x^{10}}{1 - \frac{x^{12}}{2^{12}}} \right) dx. $$

At this point, you could try to algebra your way through, expanding, using the substitution $x=2u$, etc. ultimately yielding a nice denominator $(u^2\pm 2u+2)(u^6-64)(u^{12}-1)$. Maybe compute some residues. Or, just CAS your way through.

% fricas
FriCAS Computer Algebra System
Version: FriCAS 2025.12.23git built with sbcl 2.5.2.1852-1f3beec71
Timestamp: Wed Mar 4 12:41:38 EST 2026
-----------------------------------------------------------------------------
Issue )copyright to view copyright notices.
Issue )summary for a summary of useful system commands.
Issue )quit to leave FriCAS and return to shell.
-----------------------------------------------------------------------------
(1) -> f := (1/(1 - x^6/4096))
- (1/32)*x^2/(1 - x^6/4096)
+ (1/256)*x^4/(1 - x^6/4096)
+ 2*1/(1 - x^8/4096)
- (1/32)*x^4/(1 - x^8/4096)
+ (1/2)*x^2/(1 - x^12/4096)
- (1/16)*x^6/(1 - x^12/4096)
- (1/256)*x^10/(1 - x^12/4096);
Type: Fraction(Polynomial(Fraction(Integer)))
(2) -> normalize(integrate(f, x = 0..1))
3 1 11 19 1
(2) 2 atan(-) - 2 atan(-) + 2 atan(--) + 2 atan(--) + 2 atan(-)
2 2 24 48 4
Type: Expression(Fraction(Integer))

So now we just need to show the arctans all collapse to $\pi$. Recall the identity

$$ \tan^{-1} a \pm \tan^{-1} b = \tan^{-1}\left(\frac{a\pm b}{1\mp ab}\right). $$

The sum of the first four terms can be calculated easily in Common Lisp:

% sbcl --no-inform
* (defun combine (a b) (/ (+ a b) (- 1 (* a b))))
COMBINE
* (reduce #'combine '(3/2 -1/2 11/24 19/48))
4

So we have $2\big(\tan^{-1}4 + \tan^{-1}(1/4)\big)$, and with our final elementary trig identity $\tan^{-1} (a/b) = \pi/2 - \tan^{-1} (b/a)$, we find $S = \pi$.

A new discovery?

Of course, I was excited to find this formula, but after some internet spelunking, it turns out it had already been discovered by Géry Huvent and Boris Gourévitch, perhaps independently. Gourévitch doesn’t credit Huvent as he does with other formulas, but he does say “[…] furthermore, we can obtain BBP formula […] by using what Gery Huvent calls the denomination tables […].” Daisuke Takahashi cites Huvent’s website in this 2019 paper published in The Ramanujan Journal. In all cases, they write the formula in the following way:

$$ \frac{1}{128} \sum _{k=0}^{\infty} \frac{1}{2^{12k}}\left( \frac{768}{24 k+3}+\frac{512}{24k+4}+\frac{128}{24 k+6}-\frac{16}{24 k+12}-\frac{16}{24 k+14}-\frac{12}{24 k+15}+\frac{2}{24 k+20}-\frac{1}{24 k+22}\right), $$

which is structurally equivalent to $S$.

Despite having been known already, this formula doesn’t appear to be well known. As such, I hope this blog post brings more attention to it.

Simple implementation

Here is a simple implementation of digit extraction using BBP-type formulas in Common Lisp:

(defun %pow2-mod (exponent modulus)
(cond
((= modulus 1) 0)
((zerop exponent) 1)
(t
(let ((result 1)
(base (mod 2 modulus))
(e exponent))
(loop :while (plusp e) :do
(when (oddp e)
(setf result (mod (* result base) modulus)))
(setf base (mod (* base base) modulus)
e (ash e -1)))
result))))
(defun %scaled-frac-of-power-two (exponent denom)
(cond
((>= exponent 0)
(let ((residue (%pow2-mod exponent denom)))
(floor (ash residue *precision-bits*) denom)))
(t
(let ((effective-bits (+ *precision-bits* exponent)))
(if (minusp effective-bits)
0
(floor (ash 1 effective-bits) denom))))))
(defun %series-scaled-frac (bit-index bbp-series k-step global-shift alternating-p)
;; A series is a list of series terms. A series term is a quadruple
;; (SIGN SHIFT DENOM-MULTIPLIER DENOM-OFFSET) representing the summand
;; SIGN * 2^SHIFT / (DENOM_MULTIPLIER * k + DENOM_OFFSET).
(let* ((modulus (ash 1 *precision-bits*))
(max-shift (loop :for term :in bbp-series :maximize (second term)))
(k-max (max 0 (ceiling (+ bit-index ; conservative bound
global-shift
max-shift
*precision-bits*
*guard-bits*)
k-step))))
(loop :with acc := 0
:for k :from 0 :to k-max :do
(let ((k-sign (if (and alternating-p (oddp k)) -1 1))
(k-factor (* k-step k)))
(dolist (term bbp-series)
(destructuring-bind (term-sign shift den-mul den-add) term
(let* ((denom (+ den-add (* den-mul k)))
(exponent (+ bit-index global-shift shift (- k-factor)))
(piece (%scaled-frac-of-power-two exponent denom))
(signed (* k-sign term-sign)))
(when (plusp piece)
(setf acc (mod (+ acc (* signed piece)) modulus)))))))
:finally (return acc))))
(defun %nth-hex-from-series (n terms k-step global-shift alternating-p)
(let* ((bit-index (* 4 n)))
(ldb (byte 4 (- *precision-bits* 4))
(%series-scaled-frac bit-index
terms
k-step
global-shift
alternating-p))))

This implementation uses Lisp’s arbitrary precision integer arithmetic. A “real” implementation would use more efficient arithmetic, but this will suffice for some basic testing. Now we can write functions to use the Bellard formula and the new formula:

(defparameter +bellard-terms+
'((-1 5 4 1)
(-1 0 4 3)
(+1 8 10 1)
(-1 6 10 3)
(-1 2 10 5)
(-1 2 10 7)
(+1 0 10 9)))
(defun bellard-nth-hex (n)
(%nth-hex-from-series (* 4 n) +bellard-terms+ 10 -6 t))
(defparameter +new-terms+
'((+1 0 6 1)
(-1 -5 6 3)
(+1 -8 6 5)
(+1 1 8 1)
(-1 -5 8 5)
(+1 -1 12 3)
(-1 -4 12 7)
(-1 -8 12 11)))
(defun new-nth-hex (n)
(%nth-hex-from-series (* 4 n) +new-terms+ 12 0 nil))

Let’s make sure they agree for the first 1000 hex digits:

CL-USER> (loop :for i :below 1000
:always (= (bellard-nth-hex i) (new-nth-hex i)))
T

And now let’s look at timing comparisons. Here’s a little driver:

(defun compare-timings (n)
(flet ((time-it (f n)
(sb-ext:gc :full t)
(let ((start (get-internal-real-time)))
(funcall f n)
(- (get-internal-real-time) start))))
(loop :repeat n
:for index := 1 :then (* 10 index)
:for bellard := (time-it #'bellard-nth-hex index)
:for new := (time-it #'new-nth-hex index)
:do (format t "~v,' D: new is ~A% faster than bellard~%" n index
(round (* 100 (- bellard new)) bellard)))))

And the results if the timing up to the one millionth hexadecimal digit:

CL-USER> (compare-timings 7)
1 : new is 81% faster than bellard
10 : new is 7% faster than bellard
100 : new is 6% faster than bellard
1000 : new is 5% faster than bellard
10000 : new is 4% faster than bellard
100000 : new is 3% faster than bellard
1000000: new is 4% faster than bellard

As predicted, though imperfect a test, it’s consistently faster across a few orders of magnitude.

13:56

The Law of Conservation of Evil [Nina Paley]

A famous cartoon about human nature than inspired millions, including myself, to try to rise above human nature.

Human beings exploit the earth and each other. We torture, kill and eat animals. We cut down forests and poison the soil and water. We make war. We drive filthy cars and pave the world. We pollute. We bully and scapegoat. We hold crazy beliefs and belong to irrational cults and religions. We don’t think for ourselves. We long for freedom while enforcing repression. We censor and suppress and police and call out and turn each other in. We rip each other new assholes while covering our own. We all think we’re better than the rest. We are hypocrites who are appalled by hypocrisy.

For meaning in our lives, we may fixate on one human evil and try to rise above it. Pro-Environment. Animal Rights. Freedom of Speech. Christianity. Communism.

The more we embrace these virtues, the more insufferable we become.

It’s human nature to try to rise above human nature.

There is simply no way out of being human. There are billions of us, each individual a node in an incomprehensibly complex network, a brain cell in a Great Brain. Sometimes we convert our neighbors, which gives rise to cults or religions or nations which then butt up against each other and go to war.

We might clean up our own little space: grow our own food, avoid filthy money by bartering, bike instead of drive, don’t eat meat. Little pockets of purity in a polluted world. Somewhere else, something worse is happening to compensate. Thank you for lowering demand of farmed animal products: now the price goes down so more can consume them. Thank you for biking instead of driving: now there’s more room on the road for another car. Thank you for Not Breeding: now someone else can, plus there’s a panic about “population implosion” and the culture is more pro-natalist than before.

While we’re doing all this Good, we try to persuade others. We never think we’re actively proselytizing, just taking opportunities for “teaching moments.” For sooner or later someone will notice our behavior is a little (or a lot) different and ask us about it. Maybe we’ll even convince them! Score! Now our cult is growing, and if it grows enough we’ll be able to clash with competing cults, more repressively enforce the purity of our in-group, and perhaps go to war with an out-group or two.

I call this The Law of Conservation of Evil.

I have clung to many causes: Environmentalism, Anti-Natalism, Vegetarianism/Veganism, Bikes Not Cars, Free Speech. I have been insufferable. Still, I am human, and humans need meaning in our lives, and that which lights us up the most can also make us the most insufferable.

I’m currently interested in how to avoid cults. I fear and condemn cults. If I develop a good theory of cults, and argue persuasively, I might create an anti-cult cult, just as Antifa creates fascism and anti-racism creates racism.

Back away from Identity

“Back away from Identity” advised Third Way Trans, a desister from the transgender cult, before he deleted his wonderful blog. That’s the rare idea that might be cult-proof.

Humans cannot rise above our evil, which is also our humanity. We can shift it around a little from locality to locality, just as we shift our “recyclable” garbage from our local landfill to somewhere in the ocean. The best we can do is back away from identity, from the need to be “good” or better than our fellows, and to acknowledge and accept Reality.

But don’t let me get too attached to convincing you of that! Carry on, world.

Share

The post The Law of Conservation of Evil appeared first on Nina Paley.

10:35

10:28

Where do bad choices come from? [Seth's Blog]

We all make them from time to time.

You might not know what you need to know. This is where experience is created.

You might have an identity that pushes you to make those choices. If you’re determined to act like the person you have assumed you are, the choices come with the role.

Or, you might prioritize short-term benefits over the long-term costs of a bad choice. In this sense, the difference between a good choice and a bad one is simply which timeframe we’re considering.

Built into the idea of ‘choice’ is the agency and freedom to choose. But we waste that power every time we fail to realize we’re making a choice.

And there are two common reasons for this: we don’t believe we have the freedom to choose, or we’re not clear about what we’re trying to accomplish in the first place.

09:14

TinyOS: ultra-lightweight RTOS for IoT devices [OSnews]

An ultra-lightweight real-time operating system for resource-constrained IoT and embedded devices. Kernel footprint under 10 KB, 2 KB minimum RAM, preemptive priority-based scheduling.

↫ TinyOS GitHub page

Written in C, open source, and supports ARM and RISC-V.

Redox gets new CPU scheduler [OSnews]

Another major improvement in Redox: a brand new scheduler which improves performance under load considerably.

We have replaced the legacy Round Robin scheduler with a Deficit Weighted Round Robin scheduler. Due to this, we finally have a way of assigning different priorities to our Process contexts. When running under light load, you may not notice any difference, but under heavy load the new scheduler outperforms the old one (eg. ~150 FPS gain in the pixelcannon 3D Redox demo, and ~1.5x gain in operations/sec for CPU bound tasks and a similar improvement in responsiveness too (measured through schedrs)).

↫ Akshit Gaur

Work is far from over in this area, as they’re now moving on to “replacing the static queue logic with the dynamic lag-calculations of full EEVDF“.

09:07

Pluralistic: EU ready to cave to Trump on tech (04 Apr 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


The EU flag. The field has been turned from blue to orange. In the center of the circle of stars is Trump's open, hooting gob. Behind the orange field we see the faded traces of a printed circuit board.

EU ready to cave to Trump on tech (permalink)

Crises precipitate change. That's no reason to induce a crisis, but you'd be a fool to let a crisis go to waste. Donald Trump is the greatest crisis of our young century, and the EU looks set to squander the opportunity, to its own terrible detriment.

For more than a decade, it's been clear that the American internet was not fit for purpose. The whistleblowers Mark Klein and Edward Snowden revealed that the US had weaponized its status as the world's transoceanic fiber-optic hub to spy on the entire planet:

https://doctorow.medium.com/https-pluralistic-net-2025-11-26-difficult-multipolarism-eurostack-5a527c32f149

US tech giants flouted privacy laws, gleefully plundering the world's cash and data with products that they remorselessly enshittified:

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

American companies repurposed their over-the-air software update capabilities to remotely brick expensive machinery in service to geopolitical priorities:

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

Then Trump and his tech companies started attacking key public institutions around the world, shutting down access for senior judges who attempted to hold Trump's international authoritarian allies to account for their crimes:

https://pluralistic.net/2025/10/20/post-american-internet/#huawei-with-american-characteristics

If Trump wants to steal Greenland, he doesn't need tanks or missiles. He can just tell Microsoft and Oracle to brick the entire Danish state and all of its key firms, blocking their access to their email archives, files, databases, and other key administrative tools. If Denmark still holds out, Trump can brick all their tractors, smart speakers, and phones. If Denmark still won't give up Greenland, Trump could blackhole all Danish IP addresses for the world's majority of transoceanic fiber. At the click of a mouse, Trump could shut down the world's supply of Lego, Ozempic, and delicious, lethally strong black licorice.

Now, these latent offensive capabilities were obvious long before Trump, but the presidents who weaponized them in the pre-Trump era did so in subtle and deniable ways, or under a state of exception (e.g. in response to spectacular terrorist attacks or in the immediate aftermath of the Russian invasion of Ukraine) that let bystanders assure themselves that this wouldn't become a routine policy.

After all, America profited so much from the status quo in which America and its trading partners all pretended that US tech wouldn't be weaponized for geopolitical aims, so a US president would be a fool to shatter the illusion. And even if the president was so emotionally incontinent that he demanded the naked weaponization of America's defective, boobytrapped tech exports, the power blocs that the president relies on would stop him, because they are so marinated in the rich broth that America drained from the world using Big Tech.

This is "status quo bias" in action. No one wants to let go of the vine they're swinging from until they have a new vine firmly in their grasp – but you can't reach the next vine unless you release your death-grip on your current one. So it was that, year after year, the world allowed itself to become more dependent on America's easily weaponizable tech, making the tech both more dangerous and harder to escape.

Enter Trump (a crisis) (and crises precipitate change). Under Trump, the illusion of a safe interdependence crumbled. Every day, in new and increasingly alarming ways, Trump makes it clear that America doesn't have allies or trading partners, only adversaries and rivals. Every day, Trump proves to the world that American tech isn't merely untrustworthy – it's a live, dire, urgent danger to your state, your companies, and your people. The best time to get shut of the American internet was 15 years ago. The second best time is right fucking now.

NOW!

The result is the burgeoning movement to build a "post-American internet." In Canada, PM Mark Carney's announcement of a "rupture" has the country rethinking its deep connections to the American internet and asking what it could do to escape it:

https://pluralistic.net/2026/01/27/i-want-to-do-it/#now-make-me-do-it

Europe, meanwhile, has multiple, advanced, well-funded initiatives to leave the American internet behind and migrate to a post-American internet, like "Eurostack" and the European Digital Infrastructure Consortium:

https://digital-strategy.ec.europa.eu/en/policies/edic

But status quo bias exerts a powerful gravity. A reactionary counterrevolution is being waged in the European Commission – the permanent bureaucracy that executes Europe's laws and regulations. Within the EC, an ascendant faction has announced plans for a "dialogue" with representatives from the Trump regime to let them direct the enforcement of the Digital Markets Act (DMA) and Digital Services Act (DSA), Europe's landmark 2024 anti-Big Tech regulations:

https://www.politico.eu/article/fatal-decision-eu-slammed-for-caving-to-us-pressure-on-digital-rules/

The DMA and DSA require America's tech giants to open up their platforms in ways that would halt the plunder of Europeans' private data and cash. US tech giants have flatly refused to comply with these rules, relying on Trump to get them out of any obligations under EU law:

https://pluralistic.net/2025/09/26/empty-threats/#500-million-affluent-consumers

That's a sound bet. After all, the last thing Trump did before his inauguration was publicly announce his intention to destroy any country that attempted to enforce these laws:

https://www.nytimes.com/2025/01/23/us/politics/trump-davos-europe-tariffs.html

He's making good on his threats. He's already sanctioned a group of officials who helped draft the DSA:

https://www.npr.org/2025/12/24/nx-s1-5655855/trump-administration-bars-5-europeans-from-entry-to-the-u-s-over-alleged-censorship

And he's ordered his tech companies to turn over the private emails and messages of other European officials, so he can identify the ones most dangerous to US tech plunder and sanction them, too:

https://www.politico.eu/article/us-congress-judiciary-committee-big-tech-private-communication-eu-officials/

The quislings and appeasers in the Commission who've been spooked by Trump's belligerence (or tempted by offers of cushy jobs in Big Tech after they leave public service) are selling out the EU's future. Caving to Trump won't make him more favorably disposed to Europe or Europeans. Trump treats every capitulation as a sign of weakness that signals that he can safely ignore his end of the bargain and demand twice as much. For Trump, the "art of the deal" can be summed up in one word: reneging.

Within the EU, there's fury at the Commission's announcement of "dialogue." As Politico's Milena Wälde reports, lawmakers like Alexandra Geese (Greens) say that this is a move that eliminates the "sovereign path for Europe" by letting tech giants "grade their own homework." She calls it a "fatal decision for our companies and our democracy."

Moving to the post-American internet is hard – but it will only get harder. Sure, Europe could wait for the next crisis to let go of the Big Tech vine and grab the Eurostack one, but that next crisis will be far, far worse. The EU can't afford to wait for Trump to brick one or more of its member states to (finally, at long last) take this threat seriously:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#10yrsago Among a Thousand Fireflies: children’s book shows the sweet, alien love stories unfolding in our own backyards https://memex.craphound.com/2016/04/01/among-a-thousand-fireflies-childrens-book-shows-the-sweet-alien-love-stories-unfolding-in-our-own-backyards/

#10yrsago After biggest bribery scandal in history, police raids and investigations https://www.smh.com.au/business/police-raids-and-more-revelations-the-fallout-of-the-unaoil-scandal-20160401-gnw9mx.html

#10yrsago Bernie Sanders’ South Bronx rally, featuring Rosario Dawson, Spike Lee, and Residente https://www.c-span.org/program/campaign-2016/senator-bernie-sanders-campaign-rally-in-south-bronx/437114

#10yrsago Freshman Missouri Rep almost made it 3 months before introducing bill urging members to say “fiscal,” not “physical” https://www.washingtonpost.com/news/the-fix/wp/2016/03/31/hero-lawmaker-urges-colleagues-to-stop-saying-physical-when-they-mean-fiscal/

#10yrsago Indiana women phone the governor’s office to tell him about their periods https://web.archive.org/web/20160401170206/https://fusion.net/story/286941/periods-for-pence-indiana-women-calling-governor/

#10yrsago United pilot orders Arab-American family off his flight for “safety” https://www.nbcchicago.com/news/national-international/united-airlines-arab-american-plane/58370/

#10yrsago 33 state Democratic parties launder $26M from millionaires for Hillary https://www.counterpunch.org/2016/04/01/how-hillary-clinton-bought-the-loyalty-of-33-state-democratic-parties/

#10yrsago White SC cops pull black passenger out of car, take turns publicly cavity-searching him https://www.washingtonpost.com/news/the-watch/wp/2016/04/01/video-shows-white-cops-performing-roadside-cavity-search-of-black-man/

#5yrsago The zombie economy and digital arm-breakers https://pluralistic.net/2021/04/02/innovation-unlocks-markets/#digital-arm-breakers

#5yrsago Ontario's drug-dealer premier is shockingly bad at distributing vaccines https://pluralistic.net/2021/04/01/incompetent-drug-dealer/#what-a-dope

#5yrsago The zombie economy and digital arm-breakers https://pluralistic.net/2021/04/02/innovation-unlocks-markets/#digital-arm-breakers

#1yrago What's wrong with tariffs https://pluralistic.net/2025/04/02/me-or-your-lying-eyes/#spherical-cows-on-frictionless-surfaces

#1yrago What's wrong with tariffs https://pluralistic.net/2025/04/02/me-or-your-lying-eyes/#spherical-cows-on-frictionless-surfaces

#1yrago Anyone who trusts an AI therapist needs their head examined https://pluralistic.net/2025/04/01/doctor-robo-blabbermouth/#fool-me-once-etc-etc

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. First draft complete. Second draft underway.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

08:28

Open source office suites erupt in forking and licensing drama [OSnews]

You’d think if there was one corner of the open source world where you wouldn’t find drama it’d be open source office suites, but it turns out we could not have been more wrong. First, there’s The Document Foundation, stewards of LibreOffice, ejecting a ton of LibreOffice contributors.

In the ongoing saga of The Document Foundation (TDF), their Membership Committee has decided to eject from membership all Collabora staff and partners. That includes over thirty people who have contributed faithfully to LibreOffice for many years. It is interesting to see a formal meritocracy eject so many, based on unproven legal concerns and guilt by association. This includes seven of the top ten core committers of all time (excluding release engineers) currently working for Collabora Productivity. The move is the culmination of TDF losing a large number of founders from membership over the last few years with: Thorsten Behrens, Jan ‘Kendy’ Holesovsky, Rene Engelhard, Caolan McNamara, Michael Meeks, Cor Nouws and Italo Vignoli no longer members. Of the remaining active founders, three of the last four are paid TDF staff (of whom none are programming on the core code).

↫ Micheal Meeks

The end result seems to be that Collabora is effectively forking LibreOffice, which feels like we’re back where we were 15 years ago when LibreOffice forked from OpenOffice. There seems to be a ton of drama and infighting here that I’m not particularly interested in, but it’s sad to see such drama and infighting result in needless complications for developers, end users, and distributors alike.

As if this wasn’t enough, there’s also forking drama in OnlyOffice land, the other open source office suite, licensed under the AGPL. This ope source office suite has been forked by Nextcloud and IONOS into Euro-Office, in pursuit of digital sovereignty in the EU. It’s also not an entirely unimportant detail that OnlyOffice is Russian, with most of its developers residing in Russia.

Anyway, the OnlyOffice team has not taken this in stride, claiming there’s a violation of the AGPL license going on here, specifically because OnlyOffice adds contradictory attribution terms to the AGPL. It’s a complicated story, but it does seem most experts in this area seem to disagree with OnlyOffice’s interpretation.

We’re in for another messy time.

How Microsoft vaporized a trillion dollars [OSnews]

This is the first of a series of articles in which you will learn about what may be one of the silliest, most preventable, and most costly mishaps of the 21st century, where Microsoft all but lost OpenAI, its largest customer, and the trust of the US government.

↫ Axel Rietschin

It won’t take long into this series of articles before you start wondering how anyone manages to ship anything at Microsoft. If even half of this is accurate, this company should be placed under some sort of external oversight.

06:21

Urgent: Voting by mail [Richard Stallman's Political Notes]

US citizens: call on Congress to protect the USPS for November's election.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

03:00

Dirk Eddelbuettel: Sponsor me for Tour de Shore 2026 to support MFA [Planet Debian]

tour de shore 2026

On June 19 and 20, I will cycle a little over 100 miles from downtown Chicago and its wonderful Millenium Park to New Buffalo, Michigan, as part of the Tour de Shore 2026. The ride passes through northwest Indiana and the extended Indiana Dunes National Park ending the next morning in the southwestern Michigan town of New Buffalo. I rode Tour de Shore once before in 2024 and had a generally wonderful time (even considering some soreness after a century of miles over 1 1/2 days).

Tour de Shore is riding in support of Maywood Fine Arts Center, a local arts and sports center in Maywood, Illinois, a suburb one over from where I live and hence just a few good miles west of downtown. Maywood, Illinois is home to legends such as the late John Prine as well as several NBA players such as player and coach Doc Rivers.

 

tour de shore 2026 donation page

But Maywood, Illinois is also little less well off than other western suburbs. The Maywood Fine Arts Center is simply legendary is what they do for this community (and surrounding communities), and especially the youth support. They can use a dollar a two. Their story about Tour de Shore is worth a read too for background and motivation.

I have bootstrapped my donation page page with a dollar for each mile to be cycled. It would be simply terrific if you could join me. A nickel, a dime, or a quarter per mile cycled would help. Multiples of that help too: More is of course still always better.

Anything you can afford will go a long way towards a worthy goal in a community that could use the help.

Of and if you are local to the area, I believe you can still register for Tour de Shore 2026. So see you out there in June? And if not, maybe help with a dollar or two?

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog.

00:42

Friday, 03 April

23:56

22:35

Friday Squid Blogging: Jurassic Fish Chokes on Squid [Schneier on Security]

Here’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum: the hard, internal shell of an extinct, squid-like animal.

Original paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

22:28

A Kitten’s First Good Friday [Whatever]

Saja is contemplative about it, as he should be.

A reflective Good Friday, Easter, and/or Passover to you, if you celebrate any of these, and have a lovely weekend no matter who you are.

— JS

21:35

Big-endian testing with QEMU [OSnews]

I assume I don’t have to explain the difference between big-endian and little-endian systems to the average OSNews reader, and while most systems are either dual-endian or (most likely) little-endian, it’s still good practice to make sure your code works on both. If you don’t have a big-endian system, though, how do you do that?

When programming, it is still important to write code that runs correctly on systems with either byte order (see for example The byte order fallacy). But without access to a big-endian machine, how does one test it? QEMU provides a convenient solution. With its user mode emulation we can easily run a binary on an emulated big-endian system, and we can use GCC to cross-compile to that system.

↫ Hans Wennborg

If you want to make sure your code isn’t arbitrarily restricted to little-endian, running a few tests this way is worth it.

20:28

Stage Delights [Penny Arcade]

It's a meme with a very particular clientele: there is always, always something fucked up with Gabe's setup when he tries to do the Make-A-Strip. During the Surface era, it would reliably try to do a system update as soon as we would start the panel. The setup has coalesced these days around a Framework laptop and the lower tier XPPen Artist Pro, but he forgot his dongle so the puck he brought - the little device he uses to perform the somatic components of the Art spell - was inert. The screen could be manipulated physically, a feature he never even knew about, but when you try to shift the art around on there your work slides around like it's on an air hockey table. It wasn't optimal, but there were dark chuckles and schadenfreudes out there, so it occurred to me: is there a way to leverage even greater torments? We also dish up a truly ancient reference in panel one for all of those newly traveling through the archive.

20:00

How can I use Read­Directory­ChangesW to know when someone is copying a file out of the directory? [The Old New Thing]

A customer was using Read­Directory­ChangesW in the hopes of receiving a notification when a file was copied. They found that when a file was copied, they received a FILE_NOTIFY_CHANGE_LAST_ACCESS, but only once an hour. And they also got that notification even for operations unrelated to file copying.

Recall that Read­Directory­ChangesW and Find­First­Change­Notification are for detecting changes to information that would appear in a directory listing. Your program can perform a Find­First­File/Find­Next­File to cache a directory listing, and then use Read­Directory­ChangesW or Find­First­Change­Notification to be notified that the directory listing has changed, and you have to invalidate your cache.

But there are a lot of operations that don’t affect a directory listing.

For example, a program could open a file in the directory with last access time updates suppressed. (Or the volume might have last access time updates suppressed globally.) There is no change to the directory listing, so no event is signaled.

Functions like Read­Directory­ChangesW and Find­First­Change­Notification functions operate at the file system level, so the fundamental operations they see are things like “read” and “write”. They don’t know why somebody is reading or writing. All they know is that it’s happening.

If you are a video rental store, you can see that somebody rented a documentary about pigs. But you don’t know why they rented that movie. Maybe they’re doing a school report. Maybe they’re trying to make illegal copies of pig movies. Or maybe they simply like pigs.

If you are the file system, you see that somebody opened a file for reading and read the entire contents. Maybe they are loading the file into Notepad so they can edit it. Or maybe they are copying the file. You don’t know. Related: If you let people read a file, then they can copy it.

In theory, you could check, when a file is closed, whether all the write operations collectively combine to form file contents that match a collective set of read operations from another file. Or you could hash the file to see if it matches the hash of any other file.¹ But these extra steps would get expensive very quickly.

Indeed, we found during user research that a common way for users to copy files is to load them into an application, and then use Save As to save a copy somewhere else. In many cases, this “copy” is not byte-for-byte identical to the original, although it is functionally identical. (For example, it might have a different value for Total editing time.) Therefore, detecting copying by comparing file hashes is not always successful.²

If your goal is to detect files being “copied” (however you choose to define it), you’ll have to operate at another level. For example, you could use various data classification technologies to attach security labels to files and let the data classification software do the work of preventing files from crossing security levels. These technologies usually work best in conjunction with programs that have been updated to understand and enforce these data classification labels. (My guess is that they also use heuristics to detect and classify usage by legacy programs.)

¹ It would also generate false positives for files that are identical merely by coincidence. For example, every empty file would be flagged as a copy of every other empty file.

Windows 2000 Server had a feature called Single Instance Store which looked for identical files, but it operated only when the system was idle. It didn’t run during the copy operation. This feature was subsequently deprecated in favor of Data Deduplication, which looks both for identical files as well as identical blocks of files. Again, Data Deduplication runs during system idle time. It doesn’t run during the copy operation. The duplicate is detected only after the fact. (Note the terminology: It is a “duplicate” file, not a “copy”. Two files could be identical without one being a copy of the other.)

² And besides, even if the load-and-save method produces byte-for-byte identical files, somebody who wanted to avoid detection would just make a meaningless change to the document before saving it.

The post How can I use <CODE>Read­Directory­ChangesW</CODE> to know when someone is copying a file out of the directory? appeared first on The Old New Thing.

19:14

17:42

17:28

Link [Scripting News]

WordPress could have an active developer community creating writing tools for WordPress users. I also want WordPress to form the foundation of a new social network, one that supports all the writing features of the web. With really nice user interfaces for people to choose from. That's a new ecosystem. It may form around ChatGPT and Claude etc. Or it could start with WordPress. I think I can get this bootstrapped, but I need people to work with. That's the summary of what I'm about at this point in 2026.

16:35

[$] Ubuntu's GRUBby plans [LWN.net]

GNU GRUB 2, mostly just referred to as GRUB these days, is the most widely used boot loader for x86_64 Linux systems. It supports reading from a vast selection of filesystems, handles booting modern systems with UEFI or legacy systems with a BIOS, and even allows users to customize the "splash" image displayed when a system boots. Alas, all of those features come with a price; GRUB has had a parade of security vulnerabilities over the years. To mitigate some of those problems, Ubuntu core developer and Canonical employee Julian Andres Klode has proposed removing a number of features from GRUB in Ubuntu 26.10 to improve GRUB's security profile. His proposal has not been met with universal acclaim; many of the features Klode would like to remove have vocal proponents.

15:49

No kidding: Gentoo GNU/Hurd [LWN.net]

On April 1, the Gentoo Linux project published a blog post announcing that it was switching to GNU Hurd as its primary kernel as an April Fool's joke. While that is not true, the project has followed up with an announcement of a new Gentoo port to the Hurd:

Our crack team has been working hard to port Gentoo to the Hurd and can now share that they've succeeded, though it remains still in a heavily experimental stage. You can try Gentoo GNU/Hurd using a pre-prepared disk image. The easiest way to do this is with QEMU [...]

We have developed scripts to build this image locally and conveniently work on further development of the Hurd port. Release media like stages and automated image builds are future goals, as is feature parity on x86-64. Further contributions are welcome, encouraged, and needed. Be patient, expect to get your hands dirty, anticipate breakage, and have fun!

Oh, and Gentoo GNU/Hurd also works on real hardware!

Text for the April Fool's post is available at the bottom of the real announcement.

15:21

Joerg Jaspert: Building a house - 1 year in [Planet Debian]

Haven’t written here about it, but last March we finally started on our journey to get our own house build, so we can move out of the rented flat here.

That will be a big step, both the actual building, but also the moving - I am living at this one single place for 36 years now.

If you can read german there is a dedicated webpage where I sometimes write about the process. Will have much more details (and way more ramblings) than the following part.

If you can’t read german, a somewhat short summary follows. Yes, still a lot of text, but shortened, still.

What? Why now?

Current flat has 83m² - which simply isn’t enough space. And the number of rooms also doesn’t fit anymore. But it is hard to find a place that fits our requirements (which do include location).

Moving to a different rented place would also mean changed amount of rent. And nowadays that would be huge increase (my current rent is still the price from about 30 years ago!).

So if we go and pay more - we could adjust and pay for something we own instead. And both, my wife and I had changes in our jobs that made it possible for us now, so we started looking.

Market

Brrrr, looking is good, actually finding something that fits - not so. We never found an offer that fit. Space wise, sure. But then location was off, or price was idiotically high. Location fit, but then size was a joke, and guess about the price… Who needs 200 square meters with 3 rooms? Entirely stupid design choices there. Or how about 40 square meters of hallway - with 50m² of tiny rooms around. What are they smoking? Oh, there, useful size, good rooms - but now you want more money than a kidney is worth, or something. Thanks, no.

New place

In February 2025 we finally got lucky and found a (newly opened) area with a large number of places to build a house on. Had multiple talks with someone from on of the companies developing that area (there are two you can select from), then talked with banks and signed a contract in March 2025. We got promised that actual house construction would be first quarter of 2026, finished in second quarter.

House type

There are basically 2 ways of building a new house (that matter here). First is called “Massivhaus”, second is called “Fertighaus” in german, roughly translating to solid and prefabricated. The latter commonly a wood based construction, though it doesn’t need to be. The important part of it is the prefabrication, walls and stuff get assembled in a factory somewhere and then transported to your place, where they play “big kid lego” for a day and suddenly a house is there.

A common thought is “prefabricated” is faster, but that is only a half true. Sure, the actual work on side is way shorter - usually one or two days and the house is done - while a massive construction usually takes weeks to build up. But that is only a tiny part of the time needed, the major part goes of into planning and waiting and in there it doesn’t matter what material you end up with.

Money fun

Last year already wasn’t the best time to start a huge loan - but isn’t it always “a few years ago would have been better”? So we had multiple talks with different banks and specialised consultants until we found something that we thought is good for us.

Thinking about it now - we should have put even more money on top as “reserve”, but who could have thought that 2026 turns into such a shitshow? Does not help at all, quite the contrary. And that damn lotto game always ends up with the wrong numbers, meh.

Plans and plans and more plans - and rules

For whichever reason you can not just go and put something on your ground and be happy. At least not if you are part of the normal people and not enormously rich. There is a large set of rules to follow. Usually that is a good thing, even though some rules are sometimes hard to understand.

In Germany, besides the usual laws, we have something that is called “Bebauungsplan”, which translates to “development plan” (don’t know if that carries the right meaning, it’s a plan on what and how may be build, which can have really detailed specifications in). It basically tells you every aspect on top of the normal law that you have to keep in mind.

In our case we have the requirement of 2 full floors and CAN have a third smaller on top, it limits how high the house can be and also how high our ground floor may be compared to the street. It regulates where on the property we may build and how much ground we may cover with the house, it gives a set of colors we are allowed to use, it demands a flat roof that we must have as a green roof and has a number of things more that aren’t important enough to list here. If you do want to see the full list, my german post on it has all the details that matter to us.

With all that stuff in mind - off to plans. Wouldn’t have believed how many details there are to take in. Room sizes are simple, but how to arrange them for ideal usage of the sun, useful ways inside the house, but also keeping in mind that water needs to flow through and out. Putting a bath room right atop a living room means a water pipe needs to go down there. Switch the bath room side in the house, and it suddenly is above the kitchen - means you can connect the pipes from it to the ones from kitchen, which is much preferred than going through the living room. And lots more such things.

It took us until nearly end of October to finalize the plans! And we learned a whole load from it. We started with a lot of wishes. The planner tried to make them work. Then we changed our minds. Plans changed. Minds changed again. Comparing the end result with the first draft we changed most of the ground floor around, with only the stairs and the entrance door at the same position. Less changes for the upper floor, but still enough.

Side quests

The whole year was riddled with something my son named side quests. We visited a construction exhibition near us, we went to the house builders factory and took a look on how they work. We went to many different other companies that do SOME type of work which we need soon, say inside floors, painters, kitchen and more stuff.

Of course the most important side quest was a visit to the notary to finalize the contracts, especially for the plot of land (in Germany you must have a notary for that to get entered into the governments books). Creates lots of fees, of course, for the notary and also the government (both fees and taxes here).

Building permit

We had been lucky and only needed a small change to the plans to get the building permit - and the second part, the wastewater permit (yes, you need a separate one for this) also got through without trouble.

Choices, so many of them

So in January we finally had an appointment for something that’s called “Bemusterung” which badly translates to “Sampling”. Basically two days at the house builders factory to select all of what’s needed for the house that you don’t do in the plans. Doors, inside and out and their type and color and handles. Same things for the windows and the blinds and the protection level you want the windows to have. Decide about stairs, design for the sanitary installations - and also the height of the toilet! - and the tiles to put into the bathrooms. Decisions on all the tech needed (heating system, ventilation and whatnot.

Two days, busy ones - and you can easily spend a lot of extra money here if you aren’t careful. We managed to get “out of it” with only about 4000€ extra, so pretty good.

Electro and automation

Now, here I am special. Back when I was young the job I learned is electrician. So here I have very detailed wishes. I am also running lots of automatism in my current flat - obviously the new house should be better than that. So I have a lot of ideas and thoughts on it, so this is entirely extra and certainly out of the ordinary the house builder usually see.

Which means I do all of that on my own. Well, the planning and some of the work, I must have a company at hand for certain tasks, it is required by some rules. But they will do what I planned, as long as I don’t violate regulations.

Which means the whole electrical installation is … different. Entirely planned for automatisms and using KNX for it. I am so happy to ditch Homeassistant and the load of Homematic, Zigbee and ZWave based wireless things.

Ok, Homeassistant is a nice thing - it can do a lot. And it can bridge between about any system you can find. But it is a central single point of failure. And it is a system that needs constant maintenance. Not touched for a while? Plan for a few hours playing update whack-a-mole. And often enough a component here or there breaks with an update. Can be fixed, but takes another hour or two.

So I change. Away from wireless based stuff. To wires. To a system thats a standard for decades already. And works entirely without a SPOF. (Yes, you can add one here too). And, most important, should I ever die - can easily be maintained by anyone out there dealing with KNX, which is a large number of people and companies. Without digging through dozens of specialised integrations and whatnot.

I may even end up with Homeassistant again - but that will entirely be as a client. It won’t drive automations. It won’t be the central point to do anything for the house. It will be a logging and data collecting thing that enables me to put up easy visualizations. It may be an easy interface for smartphones or tablets to control parts of the house, for those parts where one wants this to happen. Not the usual day-to-day stuff, extras on top.

Actual work happening

Since march there finally is action visible. The base of the house is getting build. Wednesday the 1st April we finally got the base slab poured on the construction site and in another 10 days the house is getting delivered and build up. A 40ton mobile crane will be there.

15:14

Link [Scripting News]

Feature request for WordPress. If an item doesn't have a title, you can do better than (no title) in the Posts list. Grab the first N chars of the body, or add a tool tip with the same text. I write a lot of "singular" posts, ie posts without titles. This is what I see on the Posts page.

Link [Scripting News]

Does EmDash have a feed reader built in??

Link [Scripting News]

Suggestion for feed reader devs. Put a Check Now button on the page for a single feed. It shouldn't overburden your system because it's just doing an HTTP read and a little parsing. Not much more work than reloading a page in the browser. The benefit is you can see a current view of the news according to a specific feed without waiting. Makes the web roughly instantaneous for every feed, even ones that don't support rssCloud. FeedLand has such a button.

Good morning campers [Scripting News]

Things are changing a lot. Huge flow of ideas, and some catching up to do. Mind bombs in every direction.

Last night while watching sports I learned via ChatGPT about MCP.

Here's what it can do and people *are* using it for this

You could turn ChatGPT into an easy editor for WordPress posts.

Just as I have developed the habit of getting it to create a handoff.md file when I'm done with a session, I could write something with ChatGPT helping, I don't ever do that myself but i might, if it were easy. and when I'm ready to publish, I'd say "Please publish this on my daveverse site now." I might specify a category or two, or set defaults, it's good at that stuff. I've taught Claude to write code in my style, so I can maintain it (to answer Aral Balkan's question on Mastodon).

Little hierarchies everywhere [Scripting News]

We create little hierarchies everywhere we go.

So many places. I have no room for new ones, yet I have to make room because there are people there I want to work with. Now I have to manage it.

If an alien came to Earth and asked why we don't just create a way for a little hierarchy in one place to appear where ever you want it.

It's not out of reach, it would take two or three developers with enough imaginative users to get the ball rolling.

Write down the features you'd have to support, concisely and simply, and provide conventions for making those hierarchies accessible through a very simple format, in JSON or XML or anything isomorphic, and then we start building.

And start releasing apps that work together. That's what I want to do.

WordLand is supposed to be the first such app. But maybe I need to go even simpler for example code. Thinking about it.

The aliens were confused by the inefficent way we were organizing our ideas.

15:07

Free Software Directory meeting on IRC: Friday, April 10, starting at 12:00 EDT (16:00 UTC) [Planet GNU]

Join the FSF and friends on Friday, April 10 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Error'd: Clever domain name here [The Daily WTF]

An anonymous cable-puller wrote "Reading a long specification manual. The words "shall" and "shall not" have specific meaning, and throughout the document are in bold italic. Looks like someone got a bit shall-ow with their search-and-replace skills."

2

 

Picki jeffphi attends to details. "Apparently this recruiter doesn't have a goal or metric around proper brace selection and matching." You're hired.

0

 

UGG.LI admins highlighted "even KFC hat Breakpoints deployed in Prod now ..." I wanted to say something funny about Herren Admins' Handle but reminded myself of John Scalzi's quote about the failure case of smartass so I refrained. You might be funnier than I.

1

 

Smarter still, Steve says "A big company like Google surely has a huge QA staff and AI bots to make sure embarrassing typos don't slip through, right? You wouldn't want to damage you reputation..."

3

 

I'll bet Pascal didn't expect this, eh? "Delivered, but On the way, Searching for a driver, but Asdrubal"

4

 

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

Security updates for Friday [LWN.net]

Security updates have been issued by AlmaLinux (freerdp, grafana, kernel, rsync, and thunderbird), Debian (chromium, inetutils, and libpng1.6), Fedora (bind9-next, nginx-mod-modsecurity, and openbao), Mageia (firefox, nss and thunderbird), Red Hat (container-tools:rhel8), SUSE (conftest, dnsdist, ignition, libsoup, libsoup2, LibVNCServer, libXvnc-devel, opensc, ovmf-202602, perl-Crypt-URandom, python-tornado, python311-ecdsa, python311-Pygments, python315, tar, and wireshark), and Ubuntu (cairo, jpeg-xl, linux, linux-aws, linux-aws-6.17, linux-gcp, linux-gcp-6.17, linux-hwe-6.17, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi, linux-fips, linux-fips, linux-aws-fips, linux-fips, linux-aws-fips, linux-gcp-fips, and linux-realtime, linux-realtime-6.8, linux-raspi-realtime).

14:28

Can AI bots write maintainable code? [Scripting News]

This is something we can and should research.

Let's give one of the ai apps a fairly good idea for an app we want to use, and help it -- not by coding, just by answering questions about how it will work, and Iterating over the product until it works like we want it. Sometihng simple, like perhaps a text editor for Mastodon. Something that isn't squished in a tiny little text box, and has icons for bold, underline, links, etc. It could be useful.

Then let's look at the code with an open mind. I think i've given it enough examples of good maintainable code that I could get it to produce maintainable code.

This was in reply to a Mastodon post by Aral Balkan.

The Cathedral, the Bazaar, and the Winchester Mystery House [Radar]

The following article originally appeared on Drew Breunig’s blog and is being republished here with the author’s permission.

In 1998, Eric S. Raymond published the founding text of open source software development, The Cathedral and the Bazaar. In it, he detailed two methods of building software:

  • The cathedral model is carefully planned, closed-source, and managed by an exclusive team of developers.
  • The bazaar model is open, transparent, and community-driven.

The bazaar model was enabled by the internet, which allowed for distributed coordination and distribution. More people could contribute code and share feedback, yielding better, more secure software. “Given enough eyeballs, all bugs are shallow,” Raymond wrote, coining Linus’s law.

The ideas crystallized in The Cathedral and the Bazaar helped kick off a quarter-century of open source innovation and dominance.

But just as the internet made communication cheap and birthed the bazaar, AI is making code cheap and kicking off a new era filled with idiosyncratic, sprawling, cobbled-together software.

Meet the third model: The Winchester Mystery House.

Image by HarshLight on Flickr (and used here on a Creative Commons license)Winchester Mystery House (image by HarshLight and used here on a Creative Commons license)

The Winchester Mystery House

Located less than 10 miles southeast from the Computer History Museum, the Winchester Mystery House is an architectural oddity.

Following the death of her husband and mother-in-law, Sarah Winchester controlled a fortune. Her shares in the Winchester Repeating Arms Company, and the dividends they threw off, made it so Sarah could not only live in comfort but pursue whatever passion she desired. That passion was architecture.

Sarah didn’t build her mansion to house ghosts1; she built her mansion because she liked architecture. With no license, no formal training, in an era when women (even very rich women) didn’t have a path to practicing architecture, Sarah focused on her own home. She made up for her lack of license with passion and effectively unlimited funds.

Sarah built what she wanted. “At its largest the house had ~500 rooms.” Today it has roughly 160 rooms, 2,000 doors, 10,000 windows, 47 stairways, 47 fireplaces, 13 bathrooms, and 6 kitchens. Carved wood drapes the walls and ceilings. Stained glass is everywhere. Projects were planned, completed, abandoned, torn down, and rebuilt.

It was anything but aimless. And practical innovations ran throughout, including push-button gas lighting, an early intercom system, steam heating, and indoor gardens. The oddities that amuse today’s visitors were mostly practical accommodations for Sarah’s health (stairways with very small steps), functional designs no longer used (trap doors in greenhouses to route excess water), or quick fixes to damage from the 1906 earthquake.

Winchester passed in 1922. Nine months later, the house became a tourist attraction.

Today, many programmers are Sarah Winchester.

Claude Code's public GitHub activityClaude Code’s public GitHub activity

What happens when code is cheap

We aren’t as rich as Sarah Winchester, but when code is this cheap, we don’t need to be.

Jodan Alberts illustrated this recently, collecting and visualizing data detailing public GitHub commits attributed to Claude Code. That’s his data in the chart above, with Claude seeming to only accelerate through March.2

It’s hard to get a handle on individual usage though, so I went searching for a proxy and landed on the chart below:

Average net lines added per commit in Claude Code: 7-day averageAverage net lines added per commit in Claude Code: 7-day average

After Opus 4.5 and recent work enabling Agent Teams, the average net lines added by Claude per commit is now smooth and steady at 1,000 lines of code per commit.3

1,000 lines of code per commit is ~2 magnitudes higher than what a human programmer writes per day.

If you search for human benchmarks, you’ll find many citing Fred Brooks’s The Mythical Man Month while claiming a good engineer might write 10 cumulative lines of code per day.4 If you further explore, you’ll find numbers higher than 10 cited, but generally less than 100.

Here’s a good anecdote from antirez on a Hacker News thread discussing the Brooks “quote”:

I did some trivial math. Redis is composed of 100k lines of code, I wrote at least 70k of that in 10 years. I never work more than 5 days per week and I take 1 month of vacations every year, so assuming I work 22 days every month for 11 months:

70000/(22 x 11 x 10) = ~29 LOC / day

Which is not too far from 10. There are days where I write 300-500 LOC, but I guess that a lot of work went into rewriting stuff and fixing bugs, so I rewrote the same lines again and again over the course of years, but yet I think that this should be taken into account, so the Mythical Man Month book is indeed quite accurate.

Six years after this comment, Claude is pushing 1,000 lines of code per commit.

So what do we do with all this cheap code?

Unfortunately, everything else remains roughly the same cost and roughly the same speed. Feedback hasn’t gotten cheaper; the “eyeballs” that guided the software developed by the bazaar haven’t caught up to AI.

There is only one source of feedback that moves at the speed of AI-generated code: yourself. You’re there to prompt, you’re there to review. You don’t need to recruit testers, run surveys, or manage design partners. You just build what you want and use what you build.

And that’s what many developers are doing with cheap code: building idiosyncratic tools for ourselves, guided by our passions, taste, and needs.

Sound familiar?

Winchester Mystery House, San Jose, California (image by The wub and used here under a Creative Commons license)

Welcome to the mystery house

Steve Yegge’s Gas Town is a Winchester Mystery House. It’s incredibly idiosyncratic and sprawling, rich with metaphors and hacks. It’s the perfect tool for Steve.

Jeffrey Emanuel’s Agent Flywheel is a Winchester Mystery House. A significant subset of tokenmaxxers decide they need to rebuild their dependencies in Rust; Jeff is one such example. His “FrankenSuite” includes Rust rewrites of SQLite, Node.js, btrfs, Redis, pandas, NumPy, JAX, and Torch.

Philip Zeyliger noted the pattern last week, writing, “Everyone is building a software factory.” But it goes beyond software. Gary Tan’s personal AI committee gstack is a Winchester Mystery House constructed mostly from Markdown.

Everywhere you look, there are Winchester Mystery Houses.

Each Winchester Mystery House is idiosyncratic. They are highly personalized. The tightly coupled feedback loop between the coding agent and the user yields software that reflects the developer’s desires. They usually lack documentation. To outsiders, they’re inscrutable.

Winchester Mystery Houses are sprawling. Guided by the needs of the developer, these tools tend to spread out, constantly annexing territory in the form of new functions and new repositories. Work is almost always additive. Code is added when it’s needed, bugs are patched in place, and countless appendages remain. There’s little incentive to prune when code is free.

And building a Winchester Mystery House should be fun. Coding agents turn everything into a side quest, and we eagerly join in. Building the perfect workflow is a passion for many devs, so we keep pushing.

Winchester Mystery Houses are idiosyncratic, sprawling, and fun. But does this mean we’re abandoning the bazaar?

A Crowded Market in Dhaka, Bangladesh (image by International Food Policy Research Institute / 2010 and used here on a Creative Commons license)A Crowded Market in Dhaka, Bangladesh (image by International Food Policy Research Institute / 2010 and used here on a Creative Commons license)

What happens to the bazaar?

What happens when we all tend to our mystery houses? When our free time is spent building tools just for ourselves, will we stop working on shared projects? Will we abandon the bazaar?

Probably not. The bazaar is packed right now, but not in a good way.

Code is cheap, so people are slamming open source repositories with agent-written contributions, in an attempt to pad their résumés or manifest their pet features. Daniel Stenberg ended bug bounties for curl after a deluge of poor submissions sapped reviewer bandwidth. It’s gotten so bad, GitHub recently added a feature to disable pull request contributions.

Anecdotally, I’m seeing good contributions pick up as well. They’re just drowned out by the slop. For what it’s worth, curl commits are dramatically up in the agentic era. And people are sharing what they build. A recent analysis by Dumky shows packages and repos rising in the last quarter.

There’s plenty of budget for both mystery houses and the bazaar when code is this cheap. The new challenge is developing systems and processes for managing the deluge. We don’t need eyeballs to find bugs in the software; we need eyeballs to find bugs before they reach the software.

In many ways this is the inverse of the bazaar model era. The internet made feedback and communal coordination faster, easier, and cheaper. The bazaar model has a high throughput of feedback (many eyeballs) but relatively high latency for modifications (file an issue, discuss, submit a PR, wait for review, etc.).

Coding agents, on the other hand, make implementation faster while feedback and coordination are unchanged. The Winchester Mystery House model sidesteps this by collapsing the feedback loop into one person: Latency is near zero, but throughput is just you. The bazaar, defined by communal work, can’t adopt this hack. Coding agents in the bazaar create a mess: implementation at machine speed hitting coordination infrastructure built for human speed. Which is why maintainers feel like they’re drowning.

We need new tools, skills, and conventions.

Lessons from the mystery house

Coding agents have dropped the cost of code so dramatically we’re entering a new era of software development, the first change of this magnitude since the internet kicked off open source software. Change arrived quickly, and it’s not slowing down. But in reviewing the Winchester Mystery House framework, I think we can take away a few lessons.

Lesson 1: The bazaar and Winchester Mystery Houses can coexist.

When listing example Winchester Mystery Houses, I didn’t mention OpenClaw, even though it is the defining example. I saved it for here because it nicely illustrates how Winchester Mystery Houses and the bazaar can coexist.

OpenClaw is incredibly modular and places few limitations on the user. It integrates 25 different chat and notification systems, plugs into most inference end points, and is built on the exceptionally flexible pi agent toolkit. This eager flexibility was embraced early—security and data protections be damned—but since its exponential adoption Peter Steinberger and the community have been steadily pushing improvements and fixes.

And like other breakout open source projects of yore, the ecosystem is adopting the best ideas and mitigating the worst aspects of OpenClaw. Countless alternate “claw” projects have emerged. (There’s NanoClaw, NullClaw, ZeroClaw, and more!) Companies have launched services to make claws easy or safer. Cloudflare launched Moltworker to make deploy easy, Nvidia shipped NemoClaw with a security focus, and Claude keeps adding claw-like features to its desktop app.

Lesson 2: Don’t sell the fun stuff.

One reason OpenClaw works so well in the bazaar is that it is a foundation for personal tools. Out of the box, a claw just sits there. It’s up to the user to determine what it does and how it does it, leveraging the connections and infrastructure OpenClaw provides. OpenClaw lets less experienced developers spin up their own Winchester Mystery Houses, while experienced devs get to leverage much of the common integrations and systems OpenClaw provides. Peter and team have done a great job drawing a line between the common core (what the bazaar works on) and what they leave up to the user: The boring, critical stuff is the job of the commons.

Thinking back to Sarah Winchester and her idiosyncratic, sprawling mansion, we see the same pattern. Sarah hired vendors! She used off-the-shelf parts! Her bathtubs, toilets, faucets, and plumbing weren’t crafted on site.

The boring stuff, the hard bits, or the things that have disastrous failure modes are the things we should collaborate on or employ specialists to handle. (Come to think, plumbing checks all three boxes). This is the opportunity for open source software, dev tools, and software companies.

Don’t try to sell developers the stuff that’s fun, the stuff they want to build. Sell them the stuff they avoid or don’t want to take responsibility for. Sarah Winchester didn’t hire metalworkers to craft the pipes for her plumbing, but she did hire craftspeople to create hundreds of stained-glass windows to her specs.

Lesson 3: The limits of code are communication.

OpenClaw shows the bazaar remains relevant but also highlights the problems facing open source in the agentic era. Right now, there are 1,173 open pull requests and 1,884 new issues on the OpenClaw repo.

There is more code and more projects than we could ever review. The challenge now, for open source maintainers and users, is sifting through it all. How do we find the novel ideas that everyone should adopt and borrow?

OpenClaw is one of the successes, something we all noticed. And for it, the problem is processing the feedback. For the projects we’ll never find, the ones lost in the deluge, their problem is lack of feedback. You either find attention and drown in contributions or drown in the ocean of repos and never hear a thing.

The internet made coordination cheap and gave us the bazaar. Coding agents made implementation cheap and gave us the Winchester Mystery House. What we’re missing are the tools and conventions that make attention cheap, that let maintainers absorb contributions at machine speed and let good ideas surface among the noise. Until we figure this out, the bazaar will keep getting louder without getting smarter, and the best ideas in our mystery houses will be forgotten once we stop maintaining them.

Footnotes

  1. The lore that Winchester built her mansion to house ghosts killed by Winchester rifles is likely just gossip and marketing. There’s little evidence to support these claims. (99% Invisible has a good episode exploring Winchester, her house, and this lore.) ↩
  2. While editing this piece, Dumky published another analysis illustrating the production of coding agents. In it he shows a 280% increase in “Show HN” posts, a 93% increase in new GitHub repos, and a dramatic uptick in packages published to Crates.io. ↩
  3. Anthropic’s ability to stabilize this line is rather impressive. Claude Code is getting better at planning and better at chunking out work, enabling more effective subagent delegation. ↩
  4. Though this is likely an updated tweak of Brooks’s statement that an “industrial team” might write 1,000 “statements” per year. ↩

13:00

12:49

Company that Secretly Records and Publishes Zoom Meetings [Schneier on Security]

WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it.

10:35

10:14

“There is no alternative” [Seth's Blog]

TINA!

This is what Margaret Thatcher said about her draconian free market policies.

It’s an easy thing to tell ourselves about compliance to any dominant system. But it’s incomplete.

The complete sentence is, “There is no alternative unless we’re prepared to endure short-term discomfort as we push back against the dominant system.”

So the real question isn’t, “what’s the alternative?”

The question is: “Can we create the conditions to cause this system to change enough for us to do the long-term work we’re proud of?”

Systems don’t like to be disrupted. Persistent systems push us to believe TINA.

08:28

Stage Delights [Penny Arcade]

New Comic: Stage Delights

06:00

Girl Genius for Friday, April 03, 2026 [Girl Genius]

The Girl Genius comic for Friday, April 03, 2026 has been posted.

05:42

04:07

Marco Antoniotti: An Update on MK-DEFSYSTEM [Planet Lisp]

There are still a few of us (at least two) who are using MK:DEFSYSTEM. The venerable system construction tool has accumulated a lot of ancient cruft, some of which quite convoluted.

Recently I went back to MK:DEFSYSTEM and "cleaned up" some of the code, especially regarding the pathname construction for each component.  I also used some simpler hierarchical tricks using defstruct only.

The result should be more solid and clearer in the steps that comprise some "macro tasks". Of course, a rewrite using CLOS would change the coding style, but the choice has been made to keep the MK:DEFSYSTEM code base quite... retro (and somewhat simple).

Why did I went back to MK:DEFSYSTEM? As usual, it is because of a rabbit-hole I fell into: I will blog about it later on (hint: HEΛP).

MK-DEFSYSTEM quick history as of March 2026

MK-DEFSYSTEM (or MK:DEFSYSTEM, or MAKE:DEFSYSTEM) was originally written by Mark Kantrowitz as part of the original "CMU Lisp Utilities" collection; an early "public" set of Common Lisp code and utilities that, in the writer's opinion form one of the basis of most Common Lisp writing to date.

As stated (by M. Kantrowitz himself) in this file header, the original version of MK-DEFSYSTEM was inspired by the Symbolics DEFSYSTEM (or DEFSYS) tool. Yet, MK-DEFSYSTEM differs significantly from it.

In its original form, MK-DEFSYSTEM was built in the CLtL1 era, accommodated a lot of variance among filesystems and CL implementations and it still bears those idiosycrasies. CLtL2 (1992) first and ANSI (1994) next, started reshaping the code base then.

MK-DEFSYSTEM was originally distributed under a license agreement that made redistribution tricky. In 1999, the writer - that'd be me, Marco Antoniotti - contacted Mark Kantrowitz offering to become a maintainer while reworking the distribution license to hammer some FOSS into it. Mark Kantrowitz graciously agreed and, after that, the writer got literally and physically hugged by a few Common Lisp developers because they could use MK-DEFSYSTEM more freely.

Of course, ASDF came along and it solved the same problems that Symbolics (and Kent Pitman's) DEFSYS and MK-DEFSYSTEM solve, plus much more.

Yet, MK-DEFSYSTEM has some nice features (in the eye of the beholder).

MK-DEFSYSTEM still ships in one file - defsystem.lisp - that you can LOAD in your Common Lisp init file. Of course, a big chunk of its current code base is "backward compatibility" and new ok-we-miss-UIOP-and-or-at-least-CL-FAD functionality, plus an ever growing ongoing commentary like this one.

Given this background, the writer has been maintaining MK-DEFSYSTEM for a long time, and more recently, Madhu has made significant changes (and maintains himself a fork with some bells and whistles of his own) since 2008.

Of course, many other contributors helped over the years, and are acknowledged in the early Change Log and in comments in the code.

In early 2026, the writer cleaned up the code and reworked some of the logic, by factoring out some code from main functions. In particular, the CREATE-COMPONENT-PATHNAMES, GENERATE-COMPONENT-PATHNAMES, COMPONENT-FULL-PATHNAME, COMPONENT-FULL-NAMESTRING interplay is better organized; plus new structures, leveraging DEFSTRUCT :INCLUDE feature have been introduced, rendering the code TYPECASE-able.

MK-DEFSYSTEM is old, but it works. It is quirky but it works (at least for the two or three known users - which, in 2026, is already a big chunk of the Common Lisp users' community). Moreover, it does have, at least in the eye of the beholder, some more user friendly user API, for most use case, especially for plain Common Lisp code.

The current MK-DEFSYSTEM repository is at https://gitlab.common-lisp.net/mantoniotti/mk-defsystem

(*) It is assumed that the reader knows about all the acronyms, tools and systems referred to in the text.

'(cheers)

02:07

Or A Boson [QC RSS]

or a boatswain

01:21

Thursday, 02 April

23:49

23:42

Iran rockets vs US interceptors [Richard Stallman's Political Notes]

The best estimate is that Iran still has roughly 1/3 of its missile stocks and 1/3 of its drone stocks. So much for the bullshitter's bombastic claim to have destroyed nearly all of them.

I think serious people already knew that such claims coming from him were not to be taken seriously.

New pun [Richard Stallman's Political Notes]

New pun:      "Ifs, ands or buts"

After my cataract operations, they gave me a strict rule, "no ifs, ands or buts." But I used those words anyway, and I got conjunctivitis.

23:00

21:49

SFC: What the FCC router ban means for FOSS [LWN.net]

Denver Gingerich of the Software Freedom Conservancy (SFC) has published an article on the impact of the ban on the sale of all new home routers not made in the United States issued by the Federal Communications Commission (FCC). The SFC, of course, is the organization behind the OpenWrt One router.

Since software updates to already-FCC-approved devices do not require a new FCC approval, it appears the FCC is trying to move beyond its usual authorization procedures to restrict what manufacturers are allowed to push to existing routers. However, the FCC notably does not restrict software changes made by owners of routers in the U.S. In particular, there is no indication that updates people make to their own routers, using software they have sourced themselves, would run afoul of any past or present FCC rule.

As a result, we do not believe that this new FCC decision affects whether and how people can run OpenWrt or other user-selected firmware updates on routers they have already purchased. Not only is this an important right in relation to our ownership and control of our own devices, it also ensures that people can keep their routers secure for far longer than the manufacturer may choose to provide security updates, by allowing them to install up-to-date community software that supports routers for 10, 15, or even more years after their initial release date, as OpenWrt does for many devices.

He also notes that, as the OpenWrt One is already FCC-approved, there should be no impact on its availability in the US. The SFC has asked the FCC for clarification and plans to provide updates when they receive a reply.

19:35

Malware in Proprietary Software - Latest Additions [Planet GNU]

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

March 2026

Proprietary Interference

  • Shake Shack requires users of its mobile app to sign away their right to sue the company if they order their meals from their phones.


Potential Malware

  • Meta has been granted a patent to use so-called “Artificial Intelligence” to impersonate human users in social media platforms, for example people who are inactive or dead. To cover itself from predictable controversies, Meta declared that it does not intend to use the technology in the context of those examples. How long before the “invention” is used to impersonate active, living people?


February 2026

HP's Software is Malware


Users can avoid this and other kinds of mistreatment by choosing hardware that comes with free specifications and designs, and by installing only free software in their computers.

Microsoft's Software is Malware

  • Microsoft is pushing Pretend Intelligence onto users of Windows, set up to be able to take real world actions on the user's behalf. This starts with a subset of enthusiasts but the company is probably planning to push it onto everyone.


Since Windows 11, like several previous versions, has a universal back door enabling Microsoft to remotely change the system code, any limits the user specifies for what Microsoft can do to per (the user) are no more than requests. If you don't want to be messed with, you should not run Windows. Nonetheless, Microsoft might heed those requests.

Warning: this article seems to ridicule the idea that users might use a feature to limit what the PI has access to on their own machines.

  • Windows encrypts disks for “security,” but reports all the encryption keys to Microsoft so that the encryption doesn't provide real security. Once Microsoft has these keys, it can't refuse to give them to the FBI. However, for real security you need to be able to use your own choice of keys. Microsoft stops users from doing that.


Malware in Mobile Devices

  • OnePlus 13 and 15 smartphones shipping with ColorOS versions 16.0.3.500/.501/.503 implement an anti-rollback feature which physically renders the device unusable if the owner tries to modify the operating system running in it.


At the time of writing the restriction affects only those two models and only ColorOS, but it is expected that the company may extend it to older models of the phone as well as to OxygenOS, the variant of the operating system installed on phones intended for the global market.

January 2026

Google's Software is Malware


“Bossware” as it's called, explicitly requires nullifying user agency in favor of a third-party (the boss), and therefore requires proprietary software.

Microsoft's Software is Malware


December 2025

Malware In Cars


November 2025

Proprietary Back Doors


Proprietary Censorship

  • Bowing down to the US government, Apple and Google removed from their stores several applications used for reporting ICE raids. Google even tried to justify it by calling ICE thugs a “vulnerable group,” despite them being the ones who carry the weapons.


Proprietary Surveillance

  • An app called ICEBlock tried to set up anonymous posting and anonymous access to data about where US deportation thugs are operating. It didn't keep records about who was using it—but Apple's own records would be enough to make them vulnerable to snooping by the US government to find who uses the app.


Apple later removed ICEBlock from its store at the request of the US government.

19:07

Reproducible Builds (diffoscope): diffoscope 316 released [Planet Debian]

The diffoscope maintainers are pleased to announce the release of diffoscope version 316. This version includes the following changes:

[ Jelle van der Waa ]
* Fix compatibility with LLVM version 22.

[ Chris Lamb ]
* Add some debugging info for PyPI debugging.

You find out more by visiting the project homepage.

18:49

US Bans All Foreign-Made Consumer Routers [Schneier on Security]

This is for new routers; you don’t have to throw away your existing ones:

The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

More information:

Any new router made outside the US will now need to be approved by the FCC before it can be imported, marketed, or sold in the country.

In order to get that approval, companies manufacturing routers outside the US must apply for conditional approval in a process that will require the disclosure of the firm’s foreign investors or influence, as well as a plan to bring the manufacturing of the routers to the US.

Certain routers may be exempted from the list if they are deemed acceptable by the Department of Defense or the Department of Homeland Security, the FCC said. Neither agency has yet added any specific routers to its list of equipment exceptions.

[…]

Popular brands of router in the US include Netgear, a US company, which manufactures all of its products abroad.

One exception to the general absence of US-made routers is the newer Starlink WiFi router. Starlink is part of Elon Musk’s company SpaceX.

Presumably US companies will start making home routers, if they think this policy is stable enough to plan around. But they will be more expensive than routers made in China or Taiwan. Security is never free, but policy determines who pays for it.

17:35

16:35

[$] IPC medley: message-queue peeking, io_uring, and bus1 [LWN.net]

The kernel provides a number of ways for processes to communicate with each other, but they never quite seem to fit the bill for many users. There are currently a few proposals for interprocess communication (IPC) enhancements circulating on the mailing lists. The most straightforward one adds a new system call for POSIX message queues that enables the addition of new features. For those wanting an entirely new way to do interprocess communication, there is a proposal to add a new subsystem for that purpose to io_uring. Finally, the bus1 proposal has made a return after ten years.

16:00

Link [Scripting News]

Please follow me at my new Twitter address: bullmancuso. Whatever anyone thinks of the company the product is still unique, there are people and communities there that I need to communicate with, and I just don't have that kind of network anywhere else.

Link [Scripting News]

My first real post in the New Dave On Twitter, or N-DOT.

Why doesn’t the system let you declare your own messages to have the same semantics as WM_COPY­DATA? [The Old New Thing]

In a comment on my discussion on how to return results back from the WM_COPY­DATA message, Jan Ringoš observed that it felt wasteful that there was this entire infrastructure for copying blocks of memory via a window message, yet only one message uses it! “I always thought something like EnableWindowMessageDataCopy (HWND, UINT, .) after RegisterWindowMessage and ChangeWindowMessageFilterEx to get application’s own private WM_COPYDATA would be a little more secure and convenient, should the programmer didn’t wish to bother with creating shared memory.”

The infrastructure for copying blocks of memory via a window message is used by far more than just one message! The WM_SET­TEXT and WM_GET­TEXT message use it for passing string buffers, the WM_HELP message uses it for passing the HELPINFO structure, the WM_MDICREATE message uses it for passing the MDICREATSTRUCT structure, and plenty more where those came from. The infrastructure for copying blocks of memory had already existed; it wasn’t created just for the WM_COPY­DATA message. adding WM_COPY­DATA support was just adding a few lines of code to the common function whose job is to prepare messages to be sent between processes (including copying memory between processes).

Suppose there were a way for a program to declare that one of its custom messages should have (say) its lParam be a pointer to data and its wParam be the size of the data. That could be misleading because the only behavior would be copying the memory block and not the data inside it. For example, if the structure contained pointers, the pointers would just be copied as raw values, rather than adding the pointed-to-data to the memory block and adjusting the pointers to point to the copy. It also doesn’t handle the case of sending the message between programs with different pointer or handle sizes, say between a 32-bit program and a 64-bit program.¹ If you need to copy data structures that consists of anything more than scalars (or aggregates of scalars), you’ll have to do your own marshaling to convert your source data structure into a transfer buffer. In practice, this means that sending the message directly with an as-is buffer is unlikely to be the common case; some type of conversion would have to be made anyway.

Furthermore, the WM_COPY­DATA already knew that you wanted to do this, because it left room for it in the COPY­DATA­STRUCT:

typedef struct tagCOPYDATASTRUCT {
  ULONG_PTR dwData; // ← here
  DWORD     cbData;
  PVOID     lpData;
} COPYDATASTRUCT, *PCOPYDATASTRUCT;

In addition to describing the memory buffer, there is this extra guy called dwData. You can put your “message number” in there, allowing you to multiplex multiple “messages” into a single WM_COPY­DATA message.²

You don’t need Enable­Window­Message­Data­Copy because you already have it at home. The window manager is more concerned with enabling things that weren’t possible before, rather than making it easier to do things that are already possible. For that, you can use a helper library.

Bonus chatter: In addition to adding complexity to the window manager implementation, allowing programs to customize how messages are marshaled between processes would also make it harder to explain how inter-process marshaling works. Instead of the simple rule “The system marshals messages in the system range, but not messages in the user-defined range,” it would be a much more ambiguous rule: “The system marshals messages in the system range, but not messages in the user-defined range, unless those messages have been customized by a call to Enable­Window­Message­Data­Copy, in which case they marshal by this alternate set of rules.” So now when you look at a message, you can’t tell how it marshals. You’d have to go back to the documentation for the message and hope the person who wrote the documentation remembered to go back and add a section to each page to say whether it follows custom marshaling.

¹ Or between a 16-bit program and a 32-bit program, which was the more common case back in the days when WM_COPY­DATA was designed. In 16-bit code, an int is a 16-bit integer, whereas it’s a 32-bit value in 32-bit code.

² If the dwData was intended to be a message number, why is it pointer-sized? For the same reason timer IDs and dialog control IDs are 64-bit values: “Pointers are like weeds. Anywhere it’s possible to fit a pointer, a pointer will try to squeeze in there.” In this case, people were putting handles (which are pointer-sized) in the dwData, so we had to make it big enough to hold a handle.

The post Why doesn’t the system let you declare your own messages to have the same semantics as <CODE>WM_<WBR>COPY­DATA</CODE>? appeared first on The Old New Thing.

15:14

Link [Scripting News]

Continuing, isn't it a shame that CloudFlare didn't take a different approach? What if they had created a fantastic WordPress runtime, which seems to be where most of their effort went, and that's where their expertise lies, not in crafting new user experiences. A service you could buy from CloudFlare, along with all the other services, that does a fantastic job of running WordPress sites. The customer wouldn't need to know how it worked behind the scenes. Yes, that would still be competiting with existing WordPress vendors, they make money off runtimes, but for the users it would mean they could keep using WordPress the way they always have, and the result would run better. That they didn't do it this way, that's it's all-or-nothing, might turn out to be the reason the product doesn't take off. It's a serious consideration. On the other hand there probably are a few WordPress users that would like to try something new out, esp if the cost of conversion is near zero (which they kind of claim it is).

Link [Scripting News]

When I think of "Slack" my brain immediately translates it to "AOL." I'm not kidding.

15:07

Exelbierd: What's actually in a Sashiko review? [LWN.net]

Brian "bex" Exelbierd has published a blog post exploring follow-up questions raised by the recent debate about the use of the LLM-based review tool Sashiko in the memory-management subsystem. His main finding is that Sashiko reviews are bi-modal with regards to whether they contain reports about code not directly changed by the patch set — most do not, but the ones that do often have several such comments.

Hypothesis 1: Reviewers are getting told about bugs they didn't create. Sashiko's review protocol explicitly instructs the LLM to read surrounding code, not just the diff. That's good review practice — but it means the tool might flag pre-existing bugs in code the patch author merely touched, putting those problems in their inbox.

Hypothesis 2: The same pre-existing bugs surface repeatedly. If a known issue in a subsystem doesn't get fixed between review runs, every patch touching nearby code could trigger the same finding. That would create a steady drip of duplicate noise across the mailing list.

I pulled data from Sashiko's public API and tested both.

14:28

Link [Scripting News]

Yesterday I wrote about AI introducing doubt with something as fundamental as how software is created now with the advent of AI software that can be used effectively to write software. Behind that I wondered if the open source developers of WordPress had changed their methodology? Is their codebase managed by ChatGPT now or Claude.ai? Not only did I get the answer to that question overnight (yes, they have made the change), but there was an announcement of a new WordPress competitor, something that hasn't come along in decades, actually. It's called EmDash from CloudFlare. I read their announcement, and then asked ChatGPT to walk through an analysis of it with me. Here's a link to the conversation, hope you can read it. It understood my concerns. Is this something that can work with my product WordLand. Short answer: No, not as-is. It apparently doesn't support the wpcom api what we use to connect to WordPress. By design, you can import WordPress sites into EmDash, but they don't interop with each other. It's for moments like this that I have my WordPress news FeedLand flow. Already there has been some analysis. No doubt anything written today is going to see sketchy in the days to come, first impressions don't usually end up meaning much, even so I'm anxious to read what other people think. Meanwhile I'm thinking that maybe I should shift gears back to working on FeedLand, thinking that the WordPress world is too shaky now to try to introduce something new there. Likelihood of success is decreasing every day it seems.

14:21

OpenSSH 10.3 released [LWN.net]

OpenSSH 10.3 has been released. Among the many changes in this release are a security fix to address late validation of metacharacters in user names, removal of bug compatibility for SSH implementations that do not support rekeying, and a fix to ensure that scp clears setuid/setgid bits from downloaded files when operating as root in legacy (-O) mode. See the release announcement for a full list of new features, bug fixes, and potentially incompatible changes.

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (python3.11, python3.12, squid, and thunderbird), Debian (gst-plugins-bad1.0 and gst-plugins-ugly1.0), Fedora (bpfman, crun, gnome-remote-desktop, polkit, python3.14, rust-rustls-webpki, rust-sccache, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, and scap-security-guide), Oracle (freerdp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free, kernel, libxslt, python3.11, python3.12, squid, and thunderbird), SUSE (389-ds, busybox, chromium, cosign, curl, docker-compose, exiv2, expat, firefox, freerdp, freerdp2, gstreamer-plugins-ugly, harfbuzz, heroic-games-launcher, ImageMagick, kea, keylime, libjxl, librsvg, libsodium, libsoup, net-snmp, net-tools, netty, nghttp2, poppler, postgresql13, postgresql16, postgresql17, postgresql18, protobuf, python-black, python-orjson, python-pyasn1, python-pyOpenSSL, python-tornado, python-tornado6, python311-nltk, thunderbird, tomcat10, tomcat11, vim, and xen), and Ubuntu (kernel, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi, linux-raspi, linux-raspi-realtime, rust-cargo-c, rust-tar, and undertow).

New stable kernels for Thursday [LWN.net]

Greg Kroah-Hartman has released the 6.19.11, 6.18.21, 6.12.80, and 6.6.131 stable kernels, followed by a quick release of 6.6.132 with two patches reverted to address a problem building the rust core in 6.6.131. Each kernel contains important fixes; users are advised to upgrade.

13:49

CodeSOD: One Case [The Daily WTF]

I feel like we've gotten a few SQL case statement abuses recently, but a properly bad one continues to tickle me. Ken C sends us one that, well:

SELECT CASE h.DOCUMENTTYPE
        WHEN 2 THEN 3 WHEN 3 THEN 4 WHEN 4 THEN 5
        WHEN 5 THEN 6 WHEN 6 THEN 7 WHEN 7 THEN 8
        ELSE h.DOCUMENTTYPE
    END AS DocumentType,
    h.DOCNMBR AS DocNmbr,
    h.FULLPOLICY AS FullPolicy,
    h.BATCHID AS BatchId,
    h.OrigBatchId,
    h.UPDATEDDATE AS UpdatedDate,
    h.CUSTOMERNO AS CustomerNo,
    h.PROJECTID AS ProjectID,
    h.AMOUNT AS Amount

On one hand, I can't say "just add one", because clearly sometimes they don't want to add one. On the other hand, there's an element of looking at this and knowing: well, something absolutely stupid has happened here. Maybe it was two disjoint databases getting merged. Maybe it was just once upon a time, when this database was a spreadsheet, the user responsible did a weird thing. Maybe some directive changed the document type numbering. Hell, maybe that ELSE clause never gets triggered, and we actually could just do arithmetic.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

13:42

The Toolkit Pattern [Radar]

This is the third article in a series on agentic engineering and AI-driven development. Read part one here, part two here, and look for the next article on April 15 on O’Reilly Radar.

The toolkit pattern is a way of documenting your project’s configuration so that any AI can generate working inputs from a plain-English description. You and the AI create a single file that describes your tool’s configuration format, its constraints, and enough worked examples that any AI can generate working inputs from a plain-English description. You build it iteratively, working with the AI (or, better, multiple AIs) to draft it. You test it by starting a fresh AI session and trying to use it, and every time that fails you grow the toolkit from those failures. When you build the toolkit well, your users will never need to learn how your tool’s configuration files work, because they describe what they want in conversation and the AI handles the translation. That means you don’t have to compromise on the way your project is configured, because the config files can be more complex and more complete than they would be if a human had to edit and understand them.

To understand why all of this matters, let me take you back to the mid-1980s.

I was 12 years old, and our family got an AT&T PC 6300, an IBM-compatible that came with a user’s guide roughly 159 pages long. Chapter 4 of that manual was called “What Every User Should Know.” It covered things like how to use the keyboard, how to care for your diskettes, and, memorably, how to label them, complete with hand-drawn illustrations and really useful advice, like how you should only use felt-tipped pens, never ballpoint, because the pressure might damage the magnetic surface.

A page from the AT&T PC 6300 User's Guide, Chapter 4: "Labeling Diskettes"A page from the AT&T PC 6300 User’s Guide, Chapter 4: “Labeling Diskettes”

I remember being fascinated by this manual. It wasn’t our first computer. I’d been writing BASIC programs and dialing into BBSs and CompuServe for a couple of years, so I knew there were all sorts of amazing things you could do with a PC, especially one with a blazing fast 8MHz processor. But the manual barely mentioned any of that. That seemed really weird to me, even as a kid, that you would give someone a manual that had a whole page on using the backspace key to correct typing mistakes (really!) but didn’t actually tell them how to use the thing to do anything useful.

That’s how most developer documentation works. We write the stuff that’s easy to write—installation, setup, the getting-started guide—because it’s a lot easier than writing the stuff that’s actually hard: the deep explanation of how all the pieces fit together, the constraints you only discover by hitting them, the patterns that separate a configuration that works from one that almost works. This is yet another “looking for your keys under the streetlight” problem: We write the documentation we write because it’s easiest to write, even if it’s not really the documentation our users need.

Developers who came up through the Unix era know this well. Man pages were thorough, accurate, and often completely impenetrable if you didn’t already know what you were doing. The tar man page is the canonical example: It documents every flag and option in exhaustive detail, but if you just want to know how to extract a .tar.gz file, it’s almost useless. (The right flag is -xzvf in case you’re curious.) Stack Overflow exists in large part because man pages like tar’s left a gap between what the documentation said and what developers actually needed to know.

And now we have AI assistants. You can ask Claude or ChatGPT about, say, Kubernetes, Terraform, or React, and you’ll actually get useful answers, because those are all established projects that have been written about extensively and the training data is everywhere.

But AI hits a hard wall at the boundary of its training data. If you’ve built something new—a framework, an internal platform, a tool your team created—no model has ever seen it. Your users can’t ask their AI assistant for help, because the AI doesn’t know your thing even exists.

There’s been a lot of great work moving AI documentation in the right direction. AGENTS.md tells AI coding agents how to work on your codebase, treating the AI as a developer. llms.txt gives models a structured summary of your external documentation, treating the AI as a search engine. What’s been missing is a practice for treating the AI as a support engineer. Every project needs configuration: input files, option schemas, workflow definitions, usually in the form of a whole bunch of JSON or YAML files with cryptic formats that users have to learn before they can do anything useful.

The toolkit pattern solves that problem of getting AIs to write configuration files for a project that isn’t in its training data. It consists of a documentation file that teaches any AI enough about your project’s configuration that it can generate working inputs from a plain-English description, without your users ever having to learn the format themselves. Developers have been arriving at this same pattern (or something very similar) independently from different directions, but as far as I can tell, nobody has named it or described a methodology for doing it well. This article distills what I learned from building the toolkit for Octobatch pipelines into a set of practices you can apply to your own projects.

Build the AI its own manual

Traditionally, developers face a trade-off with configuration: keep it simple and easy to understand, or let it grow to handle real complexity and accept that it now requires a manual. The toolkit pattern emerged for me while I was building Octobatch, the batch-processing orchestrator I’ve been writing about in this series. As I described in the previous articles in this series, “The Accidental Orchestrator” and “Keep Deterministic Work Deterministic,” Octobatch runs complex multistep LLM pipelines that generate files or run Monte Carlo simulations. Each pipeline is defined using a complex configuration that consists of YAML, Jinja2 templates, JSON schemas, expression steps, and a set of rules tying it all together. The toolkit pattern let me sidestep that traditional trade-off.

As Octobatch grew more complex, I found myself relying on the AIs (Claude and Gemini) to build configuration files for me, which turned out to be genuinely valuable. When I developed a new feature, I would work with the AIs to come up with the configuration structure to support it. At first I defined the configuration, but by the end of the project I relied on the AIs to come up with the first cut, and I’d push back when something seemed off or not forward-looking enough. Once we all agreed, I would have an AI produce the actual updated config for whatever pipeline we were working on. This move to having the AIs do the heavy lifting of writing the configuration was really valuable, because it let me create a very robust format very quickly without having to spend hours updating existing configurations every time I changed the syntax or semantics.

At some point I realized that every time a new user wanted to build a pipeline, they faced the same learning curve and implementation challenges that I’d already worked through with the AIs. The project already had a README.md file, and every time I modified the configuration I had an AI update it to keep the documentation up to date. But by this time, the README.md file was doing way too much work: It was really comprehensive but a real headache to read. It had eight separate subdocuments showing the user how to do pretty much everything Octobatch supported, and the bulk of it was focused on configuration, and it was becoming exactly the kind of documentation nobody ever wants to read. That particularly bothered me as a writer; I’d produced documentation that was genuinely painful to read.

Looking back at my chats, I can trace how the toolkit pattern developed. My first instinct was to build an AI-assisted editor. About four weeks into the project, I described the idea to Gemini:

I’m thinking about how to provide any kind of AI-assisted tool to help people create their own pipeline. I was thinking about a feature we would call “Octobatch Studio” where we make it easy to prompt for modifying pipeline stages, possibly assisting in creating the prompts. But maybe instead we include a lot of documentation in Markdown files, and expect them to use Claude Code, and give lots of guidance for creating it.

I can actually see the pivot to the toolkit pattern happening in real time in this later message I sent to Claude. It had sunk in that my users could use Claude Code, Cursor, or another AI as interactive documentation to build their configs exactly the same way I’ve been doing:

My plan is to use Claude Code as the IDE for creating new pipelines, so people who want to create them can just spin up Claude Code and start generating them. That means we need to give Claude Code specific context files to tell it everything it needs to know to create the pipeline YAML config with asteval expressions and Jinja2 template files.

The traditional trade-off between simplicity and flexibility comes from cognitive overhead: the cost of holding all of a system’s rules, constraints, and interactions in your head while you work with it. It’s why many developers opt for simpler config files, so they don’t overload their users (or themselves). Once the AI was writing the configuration, that trade-off disappeared. The configs could get as complicated as they needed to be, because I wasn’t the one who had to remember how all the pieces fit together. At some point I realized the toolkit pattern was worth standardizing.

That toolkit-based workflow—users describe what they want, the AI reads TOOLKIT.md and generates the config—is the core of the Octobatch user experience now. A user clones the repo and opens Claude Code, Cursor, or Copilot, the same way they would with any open source project. Every configuration prompt starts the same way: “Read pipelines/TOOLKIT.md and use it as your guide.” The AI reads the file, understands the project structure, and guides them step by step.

To see what this looks like in practice, take the Drunken Sailor pipeline I described in “The Accidental Orchestrator.” It’s a Monte Carlo random walk simulation: A sailor leaves a bar and stumbles randomly toward the ship or the water. The pipeline configuration for that involves multiple YAML files, JSON schemas, Jinja2 templates, and expression steps with real mathematical logic, all wired together with specific rules.

Drunken Sailor is Octobatch’s simplest “Hello, World!” Monte Carlo pipeline, but it still has 148 lines of config spread across four files.Drunken Sailor is Octobatch’s simplest “Hello, World!” Monte Carlo pipeline, but it still has 148 lines of config spread across four files.

Here’s the prompt that generated all of that. The user describes what they want in plain English, and the AI produces the entire configuration by reading TOOLKIT.md. This is the exact prompt I gave Claude Code to generate the Drunken Sailor pipeline—notice the first line of the prompt, telling it to read the toolkit file.

You don’t need to know Octobatch to understand the prompt I used to create the Drunken Sailor pipeline.You don’t need to know Octobatch to understand the prompt I used to create the Drunken Sailor pipeline.

But configuration generation is only half of what the toolkit file does. Users can also upload TOOLKIT.md and PROJECT_CONTEXT.md (which has information about the project) to any AI assistant—ChatGPT, Gemini, Claude, Copilot, whatever they prefer—and use it as interactive documentation. A pipeline run finished with validation failures? Upload the two files and ask what went wrong. Stuck on how retries work? Ask. You can even paste in a screenshot of the TUI and say, “What do I do?” and the AI will read the screen and give specific advice. The toolkit file turns any AI into an on-demand support engineer for your project.

The toolkit helps turn ChatGPT into an AI manual that helps with Octobatch.The toolkit helps turn ChatGPT into an AI manual that helps with Octobatch.

What the Octobatch project taught me about the toolkit pattern

Building the generative toolkit for Octobatch produced more than just documentation that an AI could use to create configuration files that worked; it also yielded a set of practices, and those practices turn out to be pretty consistent regardless of what kind of project you’re building. Here are the five that mattered most:

  • Start with the toolkit file and grow it from failures. Don’t wait until the project is finished to write the documentation. Create the toolkit file first, then let each real failure add one principle at a time.
  • Let the AI write the config files. Your job is product vision—what the project should do and how it should feel. The AI’s job is translating that into valid configuration.
  • Keep guidance lean. State the principle, give one concrete example, move on. Every guardrail costs tokens, and bloated guidance makes AI performance worse.
  • Treat every use as a test. There’s no separate testing phase for documentation. Every time someone uses the toolkit file to build something, that’s a test of whether the documentation works.
  • Use more than one model. Different models catch different things. In a three-model audit of Octobatch, three-quarters of the defects were caught by only one model.

I’m not proposing a standard format for a toolkit file, and I think trying to create one would be counterproductive. Configuration formats vary wildly from tool to tool—that’s the whole problem we’re trying to solve—and a toolkit file that describes your project’s building blocks is going to look completely different from one that describes someone else’s. What I found is that the AI is perfectly capable of reading whatever you give it, and is probably better at writing the file than you are anyway, because it’s writing for another AI. These five practices should help build an effective toolkit regardless of what your project looks like.

Start with the toolkit file and grow it from failures

You can start building a toolkit at any point in your project. The way it happened for me was organic: After weeks of working with Claude and Gemini on Octobatch configuration, the knowledge about what worked and what didn’t was scattered across dozens of chat sessions and context files. I wrote a prompt asking Gemini to consolidate everything it knew about the config format—the structure, the rules, the constraints, the examples, everything we’d talked about—into a single TOOLKIT.md file. That first version wasn’t great, but it was a starting point, and every failure after that made it better.

I didn’t plan the toolkit from the beginning of the Octobatch project. It started because I wanted my users to be able to build pipelines the same way I had—by working with an AI—but everything they’d need to do that was spread across months of chat logs and the CONTEXT.md files I’d been maintaining to bootstrap new development sessions. Once I had Gemini consolidate everything into a single TOOLKIT.md file and had Claude review it, I treated it the way I treat any other code: Every time something broke, I found the root cause, worked with the AIs to update the toolkit to account for it, and verified that a fresh AI session could still use it to generate valid configuration.

That incremental approach worked well for me, and it let me test my toolkit the way I test any other code: try it out, find bugs, fix them, rinse, repeat.

You can do the same thing. If you’re starting a new project, you can plan to create the toolkit at the end. But it’s more effective to start with a simple version early and let it emerge over the course of development. That way you’re dogfooding it the whole time instead of guessing what users will need.

Let the AI write the config files (but stay in control!)

Early Octobatch pipelines had simple enough configuration that a human could read and understand them, but not because I was writing them by hand. One of the ground rules I set for the Octobatch experiment in AI-driven development was that the AIs would write all of the code, and that included writing all of the configuration files. The problem was that even though they were doing the writing, I was unconsciously constraining the AIs: pushing back on anything that felt too complex, steering toward structures I could still hold in my head.

At some point I realized my pushback was placing an artificial limit on the project. The whole point of having AIs write the config was that I didn’t need to keep every single line in my head—it was okay to let the AIs handle that level of complexity. Once I stopped constraining them, the cognitive overhead limit I described earlier went away. I could have full pipelines defined in config, including expression steps with real mathematical logic, without needing to hold all the rules and relationships in my head.

Once the project really got rolling, I never wrote YAML by hand again. The cycle was always: need a feature, discuss it with Claude and Gemini, push back when something seemed off, and one of them produces the updated config. My job was product vision. Their job was translating that into valid configuration. And every config file they wrote was another test of whether the toolkit actually worked.

This job delineation, however, meant inevitable disagreements between me and the AI, and it’s not always easy to find yourself disagreeing with a machine because they’re surprisingly stubborn (and often shockingly stupid). It required persistence and vigilance to stay in control of the project, especially when I turned over large responsibilities to the AIs.

The AIs consistently optimized for technical correctness—separation of concerns, code organization, effort estimation—which was great, because that’s the job I asked them to do. I optimized for product value. I found that keeping that value as my north star and always focusing on building useful features consistently helped with these disagreements.

Keep guidance lean

Once you start growing the toolkit from failures, the natural progression is to overdocument everything. Generative AIs are biased toward generating, and it’s easy to let them get carried away with it. Every bug feels like it deserves a warning, every edge case feels like it needs a caveat, and before long your toolkit file is bloated with guardrails that cost tokens without adding much value. And since the AI is the one writing your toolkit updates, you need to push back on it the same way you push back on architecture decisions. AIs love adding WARNING blocks and exhaustive caveats. The discipline you need to bring is telling them when not to add something.

The right level is to state the principle, give one concrete example, and trust the AI to apply it to new situations. When Claude Code made a choice about JSON schema constraints that I might have second-guessed, I had to decide whether to add more guardrails to TOOLKIT.md. The answer was no—the guidance was already there, and the choice it made was actually correct. If you keep tightening guardrails every time an AI makes a judgment call, the signal gets lost in the noise and performance gets worse, not better. When something goes wrong, the impulse—for both you and the AI—is to add a WARNING block. Resist it. One principle, one example, move on.

Treat every use as a test

There was no separate “testing phase” for Octobatch’s TOOLKIT.md. Every pipeline that I created with it was a new test. After the very first version, I opened a fresh Claude Code session that had never seen any of my development conversations, pointed it at the newly minted TOOLKIT.md, and asked it to build a pipeline. The first time I tried it, I was surprised at how well it worked! So I kept using it, and as the project rolled along, I updated it with every new feature and tested those updates. When something failed, I traced it back to a missing or unclear rule in the toolkit and fixed it there.

That’s the practical test for any toolkit: open a fresh AI session with no context beyond the file, describe what you want in plain English, and see if the output works. If it doesn’t, the toolkit has a bug.

Use more than one model

When you’re building and testing your toolkit, don’t just use one AI. Run the same task through a second model. A good pattern that worked for me was consistently having Claude generate the toolkit and Gemini check its work.

Different models catch different things, and this matters for both developing and testing the toolkit. I used Claude and Gemini together throughout Octobatch development, and I overruled both when they were wrong about product intent. You can do the same thing: If you work with multiple AIs throughout your project, you’ll start to get a feel for the different kinds of questions they’re good at answering.

When you have multiple models generate config from the same toolkit independently, you find out fast where your documentation is ambiguous. If two models interpret the same rule differently, the rule needs rewriting. That’s a signal you can’t get from using just one model.

The manual, revisited

That AT&T PC 6300 manual devoted a full page to labeling diskettes, which may have been overkill, but it got one thing right: it described the building blocks and trusted the reader to figure out the rest. It just had the wrong reader in mind.

The toolkit pattern is the same idea, pointed at a different audience. You write a file that describes your project’s configuration format, its constraints, and enough worked examples that any AI can generate working inputs from a plain-English description. Your users never have to learn YAML or memorize your schema, because they have a conversation with the AI and it handles the translation.

If you’re building a project and you want AI to be able to help your users, start here: write the toolkit file before you write the README, grow it from real failures instead of trying to plan it all upfront, keep it lean, test it by using it, and use more than one model because no single AI catches everything.

The AT&T manual’s Chapter 4 was called “What Every User Should Know.” Your toolkit file is “What Every AI Should Know.” The difference is that this time, the reader will actually use it.

In the next article, I’ll start with a statistic about developer trust in AI-generated code that turned out to be fabricated by the AI itself—and use that to explain why I built a quality playbook that revives the traditional quality practices most teams cut decades ago. It explores an unfamiliar codebase, generates a complete quality infrastructure—tests, review protocols, validation rules—and finds real bugs in the process. It works across Java, C#, Python, and Scala, and it’s available as an open source Claude Code skill.

12:07

Pluralistic: It's extremely good that Claude's source-code leaked (02 Apr 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A hand-tinted picture of a 1950s Univac control room, the walls lined with computer cabinets, a male operator in a suit seated at a steel desk replete with control knobs and an oscilloscope. The image has been altered. A shiny robot is bursting out of a hole in the checked floor; the back wall bears the Anthropic logo, and the main computer cabinet now has the Claude Code logo.

It's extremely good that Claude's source-code leaked (permalink)

Anthropic's developers made an extremely basic configuration error, and as a result, the source-code for Claude Code – the company's flagship coding assistant product – has leaked and is being eagerly analyzed by many parties:

https://news.ycombinator.com/item?id=47586778

In response, Anthropic is flooding the internet with "takedown notices." These are a special kind of copyright-based censorship demand established by section 512 of the 1998 Digital Millennium Copyright Act (DMCA 512), allowing for the removal of material without any kind of evidence, let alone a judicial order:

https://www.removepaywall.com/search?url=https://www.wsj.com/tech/ai/anthropic-races-to-contain-leak-of-code-behind-claude-ai-agent-4bc5acc7

Copyright is a "strict liability" statute, meaning that you can be punished for violating copyright even if you weren't aware that you had done so. What's more, "intermediaries" – like web hosts, social media platforms, search engines, and even caching servers – can be held liable for the copyright violations their users engage in. The liability is tremendous: the DMCA provides for $150,000 per infringement.

DMCA 512 is meant to offset this strict liability. After all, there's no way for a platform to know whether one of its users is infringing copyright – even if a user uploads a popular song or video, the provider can't know whether they've licensed the work for distribution (or even if they are the creator of that work). A cumbersome system in which users would upload proof that they have such a license wouldn't just be onerous – it would still permit copyright infringement, because there's no way for an intermediary to know whether the distribution license the user provided was genuine.

As a compromise, DMCA 512 absolves intermediaries from liability, if they "expeditiously remove" material upon notice that it infringes someone's copyright. In practice, that means that anyone can send a notice to any intermediary and have anything removed from the internet. The intermediary who receives this notice can choose to ignore it, but if the notice turns out to be genuine, they can end up on the hook for $150,000 per infringement. The intermediary can also choose to allow their user to "counternotify" (dispute the accusation) and can choose to reinstate the material, but they don't have to. Just as an intermediary can't determine whether a user has the rights to the things they post, they also can't tell if the person on the other end of a takedown notice has the right to demand its removal. In practice, this means that a takedown notice, no matter how flimsy, has a very good chance of making something disappear from the internet – forever.

From the outset, DMCA 512 was the go-to tool for corporate censorship, the best way to cover up misdeeds. I first got involved in this back in 2003, when leaked email memos from Diebold's voting machine division revealed that the company knew that its voting machines were wildly insecure, but they were nevertheless selling them to local election boards across America, who were scrambling to replace their mechanical voting machines in the wake of the 2000 Bush v Gore "hanging chad" debacle, which led to Bush stealing the presidency:

https://en.wikipedia.org/wiki/Brooks_Brothers_riot

The stakes couldn't be higher, in other words. Diebold – whose CEO was an avowed GW Bush partisan who'd promised to "deliver the votes for Bush" – was the country's leading voting machine supplier. The company knew its voting machines were defective, that they frequently crashed and lost their vote counts on election night, and that Diebold technicians were colluding with local electoral officials to secretly "estimate" the lost vote totals so that no one would hold either the official or Diebold responsible for these defective machines:

https://www.salon.com/2003/09/23/bev_harris/

Diebold sent thousands of DMCA 512 takedown notices in an attempt to suppress the leaked memos. Eventually, EFF stepped in to provide pro-bono counsel to the Online Policy Group and ended Diebold's flood:

https://www.eff.org/cases/online-policy-group-v-diebold

Diebold wasn't the last company to figure out how to abuse copyright to censor information of high public interest. There's a whole industry of shady "reputation management" companies that collect large sums in exchange for scrubbing the internet of information their clients want removed from the public eye. They specialize in sexual abusers, war criminals, torturers, and fraudsters, and their weapon of choice is the takedown notice. Jeffrey Epstein spent tens of thousands of dollars on "reputation management" services to clean up his online profile:

https://www.nytimes.com/2026/03/18/business/media/jeffrey-epstein-online.html

There are lots of ways to use the takedown system to get true information about your crimes removed from the internet. My favorite is the one employed by Eliminalia, one of the sleazier reputation laundries (even by the industry's dismal standards).

Eliminalia sets up WordPress sites and copies press articles that cast its clients in an unfavorable light to these sites, backdating them so they appear to have been published before the originals. They swap out the bylines for fictitious ones, then send takedowns to Google and other search engines to get the "infringing" stories purged from their search indices. Once the original articles have been rendered invisible to internet searchers, Eliminalia takes down their copy, and the story of their client's war crimes, rapes, or fraud disappears from the public eye:

https://pluralistic.net/2021/04/23/reputation-laundry/#dark-ops

The takedown system is so tilted in favor of censorship that it takes a massive effort to keep even the smallest piece of information online in the face of a determined adversary. In 2007, the key for AACS (a way of encrypting video for "digital rights management") leaked online. The key was a 16-digit number, the kind of thing you could fit in a crossword puzzle, but the position of the industry consortium that created the key was that this was an illegal integer. They sent hundreds of thousands of takedowns over the number, and it was only the determined action of an army of users that kept the number online:

https://en.wikipedia.org/wiki/AACS_encryption_key_controversy

The shoot-first, ask-questions-never nature of takedown notices makes for fertile ground for scammers of all kinds, but the most ironic takedown ripoffs are the Youtube copystrike blackmailers.

After Viacom sued Youtube in 2007 over copyright infringement, Google launched its own in-house copyright management system, meant to address Viacom's principal grievance in the suit. Viacom was angry that after they had something removed from Youtube, another user could re-upload it, and they'd have to send another takedown, playing Wack-a-Mole with the whole internet. Viacom didn't want a takedown system, they wanted a staydown system, whereby they could supply Google with a list of the works whose copyrights they controlled and then Youtube would prevent anyone from uploading those works.

(This was extremely funny, because Viacom admitted in court that its marketing departments would "rough up" clips of its programming and upload them to Youtube, making them appear to be pirate copies, in a bid to interest Youtube users in Viacom's shows, and sometimes Viacom's lawyers would get confused and send threatening letters to Youtube demanding that these be removed:)

https://blog.youtube/news-and-events/broadcast-yourself/

Youtube's notice-and-staydown system is Content ID, an incredibly baroque system that allows copyright holders (and people pretending to be copyright holders) to "claim" video and sound files, and block others from posting them. No one – not even the world's leading copyright experts – can figure out how to use this system to uphold copyright:

https://pluralistic.net/2024/06/27/nuke-first/#ask-questions-never

However, there is a large cohort of criminals and fraudsters who have mastered Content ID and they use it to blackmail independent artists. You see, Content ID implements a "three strikes" policy: if you are accused of three acts of copyright infringement, Youtube permanently deletes your videos and bars you from the platform. For performers who rely on Youtube to earn their living – whether through ad-revenues or sponsorships or as a promotional vehicle to sell merchandise, recordings and tickets – the "copystrike" is an existential risk.

Enter the fraudster. A fraudster can set up multiple burner Youtube accounts and file spurious copyright complaints against a creator (usually a musician). After two of these copystrikes are accepted and the performer is just one strike away from losing their livelihood, the fraudster contacts the performer and demands blackmail money to rescind the complaints, threatening to file that final strike and put the performer out of business:

https://pluralistic.net/2021/05/08/copyfraud/#beethoven-just-wrote-music

The fact that copyright – nominally a system intended to protect creative workers – is weaponized against the people it is meant to serve is ironic, but it's not unusual. Copyright law has been primarily shaped by creators' bosses – media companies like Viacom – who brandish "starving artists" as a reason to enact policies that ultimately benefit capital at the expense of labor.

That was what inspired Rebecca Giblin and me to write our 2022 book Chokepoint Capitalism: how is it that copyright has expanded in every way for 40 years (longer duration, wider scope, higher penalties), resulting in media companies that are more profitable than ever, with higher gross and net revenues, even as creative workers have grown poorer, both in total compensation and in the share of the profits they generate?

https://chokepointcapitalism.com/

The first half of Chokepoint Capitalism is a series of case studies that dissect the frauds and scams that both media and tech companies use to steal from creative workers. The second half are a series of "shovel-ready" policy proposals for new laws and rules that would actually put money in artists' pockets. Some of these policy prescriptions are copyright-related, but not all of them.

For example, we have a chapter on how the Hollywood "guild" system (which allows unionized workers to bargain with all the studios at once) has been a powerful antidote to corporate power. This is called "sectoral bargaining" and it's been illegal since 1947's Taft-Hartley Act, but the Hollywood guilds were grandfathered in. When we wrote about the power of sectoral bargaining, it was in reference to the Writers Guild's incredible triumph over the four giant talent agencies, who'd invented a scam that inverted the traditional revenue split between writer and agent, so the agencies were taking in 90% and the writers were getting just 10%:

https://pluralistic.net/2020/08/06/no-vitiated-air/#WME-CAA-next

Two years later, the Hollywood Writers struck again, this time over AI in the writers' room, securing a stunning victory over the major studios:

https://pluralistic.net/2023/10/01/how-the-writers-guild-sunk-ais-ship/

Notably, the writers strike was a labor action, not a copyright action. The writers weren't demanding a new copyright that would allow them to control whether their work could be used to train an AI. They struck for the right not to have their wages eroded by AI – to have the right to use (or not use) AI, as they saw fit, without risking their livelihoods.

Right now, many media companies are demanding a new copyright that would allow them to control AI training, and many creative workers have joined in this call. The media companies aren't arguing against infringing uses of AI models – they're arguing that the mere creation of such a model infringes copyright. They claim that making a transient copy of a work, analyzing that work, and publishing that analysis is a copyright infringement:

https://pluralistic.net/2023/02/09/ai-monkeys-paw/#bullied-schoolkids

Here's a good rule of thumb: any time your boss demands a new rule, you should be very skeptical about whether that rule will benefit you. It's clear that the media companies that have sued the AI giants aren't "anti-AI." They don't want to prevent AI from replacing creative workers – they just want to control how that happens.

When Disney and Universal sue Midjourney, it's not to prevent AI models from being trained on their catalogs and used to pauperize the workers whose work is in those catalogs. What these companies want is to be paid a license fee for access to their catalogs, and then they want the resulting models to be exclusive to them, and not available to competitors:

https://pluralistic.net/2026/03/03/its-a-trap-2/#inheres-at-the-moment-of-fixation

These companies are violently allergic to paying creative workers. Disney takes the position that when it buys a company like Lucasfilm, it secures the right to publish the works Lucasfilm commissioned, but not the obligation to pay the royalties that Lucasfilm owes when those works are sold:

https://pluralistic.net/2022/04/30/disney-still-must-pay/#pay-the-writer

As Theresa Nielsen Hayden quipped during the Napster Wars: "Just because you're on their side, it doesn't mean they're on your side." If these companies manage to get copyright law expanded to restrict scraping, analysis, and publication of factual information, they won't use those new powers to increase creators' pay – they'll use them the same way they've used every new copyright created in the past 40 years, to make themselves richer at the expense of artists:

https://pluralistic.net/2020/03/03/just-a-stick/#authorsbargain

The Claude Code leak is full of fascinating information about a tool that – like Diebold's voting machines – is at the very center of the most important policy debates of our time. Here's just one example: Claude is almost certainly implicated in the US missile that murdered a building full of little girls in Iran last month:

https://www.theguardian.com/news/2026/mar/26/ai-got-the-blame-for-the-iran-school-bombing-the-truth-is-far-more-worrying

Of course I see the irony. Anthropic has taken an extremely aggressive posture on copyright's "limitations and exceptions," arguing that it can train its models on any information it can find, and that it can knowingly download massive troves of infringing works for that purpose. It's darkly hilarious to see the company firehosing copyright complaints by the thousands in order to prevent the dissemination, dissection and discussion of the source-code that leaked due to the company's gross incompetence:

https://developers.slashdot.org/story/26/04/01/158240/anthropic-issues-copyright-takedown-requests-to-remove-8000-copies-of-claude-code-source-code#comments

But what's objectionable about Anthropic – and the AI sector – isn't copyright. The thing that makes these companies disgusting is their gleeful, fraudulent trumpeting about how their products will destroy the livelihoods of every kind of worker:

https://pluralistic.net/2025/03/18/asbestos-in-the-walls/#government-by-spicy-autocomplete

And it's their economic fraud, the inflation of a bubble that will destroy the economy when it bursts:

https://www.wheresyoured.at/the-subprime-ai-crisis-is-here/

It's their enthusiastic deployment of AI tools for mass surveillance and mass killing. (Anthropic is no exception, despite what you may have heard:)

https://www.thetechbubble.info/p/how-much-a-dollar-cost

If the media bosses get their way, and manage to make it even more illegal – and practically harder – to host, discuss, and publish facts about copyrighted works, then leaks like the Claude Code disclosures will never see the light of day. It's only because of decades of hard-fought battles to push back on this nonsense that we are able to identify and learn about the defects in Claude Code that are revealed by this source-code leak.

I'm angry about the AI industry, but not because of copyright. I'm angry at them for the reasons Cat Valente articulated so well in her "Blood Money" essay:

https://catvalente.substack.com/p/blood-money-the-anthropic-settlement

These companies' stated goals are terrible:

They took the books I wrote for children and used them to make it possible for children to not bother with reading ever again. They took the books I wrote about love to create chatbots that isolate people and prevent them from finding human love in the real world, that make it difficult for them to even stand real love, which is not always agreeable, not always positive, not always focused on end-user engagement. They took the books I wrote about hope and glitter in the face of despair and oppression and used it to make a Despair-and-Oppression generator.

These goals are entirely compatible with copyright. The New York Times is suing over AI – and they're licensing their writers' words to train an AI model:

https://www.nytimes.com/2025/05/29/business/media/new-york-times-amazon-ai-licensing.html

The NYT wants more copyright. You know what the NYT doesn't want? More labor rights. The NYT are vicious union-busters:

https://actionnetwork.org/letters/new-york-times-stop-union-busting

If we creative workers are going to pour our scarce resources into getting a new policy to address the threats that our bosses – and the AI companies they are morally and temperamentally indistinguishable from – represent to our livelihoods, then let that new policy be a renewed sectoral bargaining right for every worker. It was sectoral bargaining (a collective, solidaristic right) and not copyright (an individual, commercial right) that saw off AI in the Hollywood writers' strike.

Copyright positions the creative worker as a small business – an LLC with an MFA – bargaining B2B with another firm. To the extent that copyright helps us, it is largely incidental. Sure, we were able to file for a few thousand bucks per book that Anthropic downloaded from a pirate site to train its models on. But Anthropic doesn't have to use a shadow library to get those books – it can just pay our bosses to get them.

It's great that Claude Code's source is online. It's great that we have the ability to pore over, analyze and criticize this code, which has become so consequential in so many ways. It's great the copyright is weak enough that this is possible (for now).

Expanding copyright will gain little for creative workers, except for a new reason to be angry about how our audiences experience our work. Expanding labor rights will gain much, for every worker, including our audiences. It's an idea that our bosses – and AI hucksters – hate with every fiber of their beings.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Desperate WI Republican congressman struggling to get by on $174K turns to copyright trolling https://web.archive.org/web/20110404001110/http://tpmdc.talkingpointsmemo.com/2011/03/gopers-demand-sean-duffy-salary-tape-be-pulled-from-the-internet.php?ref=fpblg

#15yrsago Redditor outs astroturfer with 20 accounts https://www.reddit.com/r/gaming/comments/gepnl/gamepro_g4tv_and_vgchartz_gamrfeed_have_been/

#15yrsago Britain’s back-room negotiations to establish a national, extrajudicial Internet censorship regime https://www.openrightsgroup.org/blog/minister-confirms-voluntary-site-blocking-discussions/

#15yrsago Elephantmen: Dr Moreau meets apocalyptic noir science fiction comic https://memex.craphound.com/2011/03/31/elephantmen-dr-moreau-meets-apocalyptic-noir-science-fiction-comic/

#10yrsago Bitcoin transactions could consume as much energy as Denmark by the year 2020 https://web.archive.org/web/20160401031103/https://motherboard.vice.com/read/bitcoin-could-consume-as-much-electricity-as-denmark-by-2020

#10yrsago Online casino bankrolls largest-ever, ruinously expensive war in Eve Online https://www.polygon.com/2016/3/31/11334014/eve-online-war/

#10yrsago Russia bans Polish “Communist Monopoly” board-game https://www.newsweek.com/russia-bans-polands-communist-monopoly-being-anti-russian-438972?rx=us

#10yrsago “Reputation management” companies apparently induce randos to perjure themselves by pretending to be anonymous posters https://www.techdirt.com/2016/03/31/latest-reputation-management-bogus-defamation-suits-bogus-companies-against-bogus-defendants/

#10yrsago Leak: Alaska superdelegate denies duty to represent her state’s voters in 2016 elections https://web.archive.org/web/20160717042158/http://usuncut.com/politics/alaska-superdelegate/

#10yrsago Phishers trick Mattel into transferring $3M to a Chinese bank https://www.cbsnews.com/news/mattel-vs-chinese-cyberthieves-its-no-game/

#10yrsago CNN celebrates Sanders’ six primary victories by airing a “documentary” about Jesus https://fair.org/home/as-sanders-surges-cable-news-runs-prison-reality-show-jesus-documentary/

#10yrsago Hungarian ruling party wants to ban all working cryptography https://web.archive.org/web/20160405014411/http://budapestbeacon.com/public-policy/fidesz-wants-make-encryption-software-illegal/33462

#10yrsago Embroidered toast https://www.behance.net/gallery/31502957/Everyday-bread#

#5yrsago AI has a GIGO problem https://pluralistic.net/2021/03/31/vaccine-for-the-global-south/#imagenot

#5yrsago Sacklers to use Purdue bankruptcy to escape justice https://pluralistic.net/2021/03/31/vaccine-for-the-global-south/#claims-extinguished

#5yrsago Cuba is a vaccine powerhouse https://pluralistic.net/2021/03/31/vaccine-for-the-global-south/#Soberana-Abdala

#5yrsago AT&T will lay off thousands more https://pluralistic.net/2021/03/31/vaccine-for-the-global-south/#we-dont-have-to-care

#1yrago Private-sector Trumpism https://pluralistic.net/2025/03/31/madison-square-garden/#autocrats-of-trade

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. First draft complete. Second draft underway.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

11:21

Grrl Power #1448 – Meat dish concatenizer [Grrl Power]

Sydney hadn’t called on the part of her brain that stores normal meat dishes, and then suddenly the dam broke, and every recipe, meat related or not, spilled out.

Maxima does have an extensive shopping list, but an Earther can’t just go and buy a food replicator and expect it to work. For one, the plug isn’t compatible. But primarily, there’s no way something like that would run on 120 volts, or even 240. She’ll also have to buy the equivalent of a Mr. Fusion for each replicator too, and that just for household appliances.

From my understanding, the hardest thing about de-vegetarianizing is that the texture of meat becomes quite off putting, which honestly is understandable. A good piece of meat is about the best thing there is, but a gristly steak, or a drumstick with a bunch of tendons or a rib with some of those floaty cartilage bits at the end can be really off-putting, even if you’re fully on board with the omnivorousness. And I can see where even the nicest slice of a perfectly prepared porterhouse wouldn’t be cromulent to a vegetarian if they’re used to eating anything but meat.

Say you’re the Demolition Man, and you’re biting into your underground sewer burger, and you’re told it’s actually a rat burger. You’d probably pause before your next bite, and that’s if you don’t spit it out. Sure, 90% of your concern is that chances are, the rat meat isn’t USDA certified and you don’t know what kind of diseased meat you’re currently grinding up with your teeth. But part of that is reflexive. “Oh, no! Rat meat is gross!” But is it? People eat rabbit all the time. Also, I imagine, squirrel, groundhog, beaver, and all kinds of other rodents. Rat meat probably isn’t all that popular, not because it tastes especially weird or anything (I have no idea, maybe it does) but I have to assume that any animal under a certain body weight becomes more trouble than it’s worth to slaughter for its meat. Depending on the species of rat, they weigh from like a 0.25 to 1.5 pounds? And how much of that is meat? Honestly rabbits seems like they’d be on the edge of that effort/reward curve. Of course, any food is food if you’re hungry enough. I just mean there’s a few reasons we don’t mass-farm tiny mammals for their meat.

Anyway, I guess my point with the Demolition Man ratburger thing is that it isn’t so much that rat meat is gross, it’s that most people aren’t acclimated to the idea of eating it. I think there’s part of our brains that recognizes that all meat is kind of gross, up until we decide it isn’t. Chewing muscle and fat tissue that someone used to use to use as a leg…  Just don’t think about it too much. Vegetarians arguably have thought about it too much. Though I suppose there are some people who are vegetarian strictly due to the reduced carbon footprint, I think the vast majority make the switch due to ethicalness and/or the gross factor.

I’m almost ready with the new vote incentive. I have the nude version almost done, but not the clothed one. I’ll try and have that ready for next Monday’s comic. It’s a non-censored (obviously) version of one of the panels from the topless watch party, but honestly, I got kind of bored with it, and started working on a different picture that I like quite a bit more. It’s actually quite far along as well, but I realized it’s kind of… spoilery? I think I need to wait on that one till the tournament progresses a little further.

Ah! I thought I had more time till March. I’m bad at looking at dates apparently.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

I did try and do an oil painting version of this, by actually re-painting over the whole thing with brush-strokey brushes, but what I figured out is that most brushy oil paintings are kind of low detail. Sure, a skilled painter like Bob Ross or whoever can dab a brush down a canvas and make a great looking tree or a shed with shingles, but in trying to preserve the detail of my picture (eyelashes, reflections, etc) was that I had to keep making the brush smaller and smaller, and the end result was that honestly, it didn’t really look all that oil-painted. I’ll post that version over at Patreon, just for fun, but I kind of quit on it after getting mostly done with re-painting Max.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

Possible US Government iPhone Hacking Tool Leaked [Schneier on Security]

Wired writes (alternate source):

Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers.

[…]

Coruna’s code also appears to have been originally written by English-speaking coders, notes iVerify’s cofounder Rocky Cole. “It’s highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government,” Cole tells WIRED. “This is the first example we’ve seen of very likely US government tools­based on what the code is telling us­spinning out of control and being used by both our adversaries and cybercriminal groups.”

TechCrunch reports that Coruna is definitely of US origin:

Two former employees of government contractor L3Harris told TechCrunch that Coruna was, at least in part, developed by the company’s hacking and surveillance tech division, Trenchant. The two former employees both had knowledge of the company’s iPhone hacking tools. Both spoke on condition of anonymity because they weren’t authorized to talk about their work for the company.

It’s always super interesting to see what malware looks like when it’s created through a professional software development process. And the TechCrunch article has some speculation as to how the US lost control of it. It seems that an employee of L3Harris’s surviellance tech division, Trenchant, sold it to the Russian government.

10:35

10:28

Who sets your agenda? [Seth's Blog]

It’s a question so rarely asked it almost feels silly to ask it.

Some situations and some jobs work to eliminate our freedom of choice. Prison, medical school, 8th grade–there are settings where time, tools, and options are severely limited.

But even in these settings, we have more choice than we realize.

And for the rest of us, particularly freelancers and entrepreneurs, our agenda is wide open.

Who decides what you will eat tonight, or what you will do after dinner? Who decides who you will call on, what you will learn next, which posts you’ll read (or write)? Who decides what tone the conversation will have, what your priorities are, and what you’ll worry about when you walk the dog?

There’s the agenda of the next five minutes as well as one for the next five days. And the process of getting to five years from now is so fraught or uncharted that we hesitate to even talk about it.

It may be that the key building block to success (and even to happiness) is getting your agenda aligned with your goals, your dreams, and your fears.

09:00

Samuel Henrique: Bringing HTTP/3 to curl on Amazon Linux [Planet Debian]

Screenshot of the top entry of the curl package's changelog, showing the following: Changelogs for curl-8.17.0-1.amzn2023.0.2.x86_64 * Mon Mar 16 00:00:00 2026 Samuel Henrique (samueloph) <samhn@amazon.com> - 8.17.0-1.amzn2023.0.2 - Enable HTTP/3 support in the full build using ngtcp2 and nghttp3 - HTTP/3 is explicitly disabled in the minimal build - Add runtime dependencies on libnghttp3 and libngtcp2 with minimum version pinning - Run tests in parallel via upstream make test-nonflaky, with serial fallback for race-prone tests

tl;dr

Starting with curl 8.17.0-1.amzn2023.0.2 in Amazon Linux 2023, you can now use HTTP/3.

dnf swap -y libcurl-minimal libcurl-full
dnf swap -y curl-minimal curl-full
curl --http3-only https://example.com

(HTTP/3 is only enabled in the curl -full builds)

Or, if you would like to try it out in a container:

podman run amazonlinux:2023 /bin/sh -c 'dnf upgrade -y --releasever=latest && dnf swap -y libcurl-minimal libcurl-full && dnf swap -y curl-minimal curl-full && curl --http3-only https://example.com'

For a list of test endpoints, you can refer to https://bagder.github.io/HTTP3-test/

The Upgrade I Didn't Have to Make

My teammate Steve Zarkos, who previously worked on upgrading OpenSSL in Amazon Linux from 3.0 to 3.2, spent the last few months on the complex task of bumping OpenSSL again, this time to 3.5. A bump like this only happens after extensive code analysis and testing, something that I didn't foresee happening when AL2023 was released but that was a notable request from users.

Having enabled HTTP/3 on Debian, I was always keeping an eye on when I would get to do the same for Amazon Linux (mind you, I work at AWS, in the Amazon Linux org). The bump to OpenSSL 3.5 was the perfect opportunity to do that, for the first time Amazon Linux is shipping an OpenSSL version that is supported by ngtcp2 for HTTP/3 support.

Non-Intrusive Change

In order to avoid any intrusive changes to existing users of AL2023, I've only enabled HTTP/3 in the full build of curl, not in the minimal one, this means there is no change for the minimal images.

The way curl handles HTTP/3 today also does not lead to any behavior changes for those who have the full variants of curl installed, this is due to the fact that HTTP/3 is only used if the user explicitly asks for it with the flags --http3 or --http3-only.

Side Quests

Supporting HTTP/3 on curl also requires building it with ngtcp2 and nghttp3, two packages which were not shipped in Amazon Linux, besides, my team doesn't even own the curl package, we are a security team so our packages are the security related stuff such as OpenSSL and GnuTLS. Our main focus is the services behind Amazon Linux's vulnerability handling, not package maintenance.

I worked with the owners of the curl package and got approvals on a plan to introduce the two new dependencies under their ownership and to enable the feature on curl, I appreciate their responsiveness.

Amazon Linux 2023 is forked from Fedora, so while introducing ngtcp2, I also sent a couple of Pull Requests upstream to keep things in sync:

[ngtcp2] package latest release 1.21.0

[ngtcp2] do not skip tests

While building the curl package in Amazon Linux, I've noticed the build was taking 1 hour from start to end, and the culprit was something well known to me; tests.

The curl test suite is quite extensive, with more than 1600 tests, all of that running without parallelization, running two times for each build of the package; once for the minimal build and again for the full build.

I had previously enabled parallel tests in Debian back in 2024 but never got around to submit the same improvements to Amazon Linux or Fedora, this is now fixed. The build times for Amazon Linux came down to 10 minutes under the same host (previously 1 hour), and Fedora promptly merged my PR to do the same there:

[curl] run tests in parallel

All of this uncovered a test which is timing-dependent, meaning it's not supposed to be run with high levels of parallelism, so there goes another PR, this time to curl:

Flag test 766 as timing-dependent#21155

What started as enabling a single feature turned into improvements that landed in curl, Fedora, and Amazon Linux alike. I did this in a mix of work and volunteer time, mostly during work hours (work email address used when this was the case), but I'm glad I put in the extra time for the sake of improving curl for everyone.

Release Notes

Amazon Linux 2023 release notes for 2023.10.20260330

A Potential Termination Event [George Monbiot]

Cascading failure across the global food system is a real and horrific possibility, which most governments are doing nothing to avert.

By George Monbiot, published in the Guardian 25th March 2026

The fate of environmentalists is to spend their lives trying not to be proved right. Vindication is what we dread. But there’s one threat that haunts me more than any other: the collapse of the global food system. We cannot predict what the immediate trigger might be. But the war with Iran is just the right kind of event.

Drawing on years of scientific data, I’ve been arguing for some time that this risk exists – and that governments are completely unprepared for it. In 2023, I made a submission to a parliamentary inquiry into environmental change and food security, with a vast list of references. Called as a witness, I spent much of the time explaining that the issue was much wider than the inquiry’s scope.

While some MPs got it, governments as a whole simply don’t seem to understand what we’re facing. It’s this: the global food system is systemically fragile in the same way that the global financial system was before the 2008 crash.

It’s easy to see potential vulnerabilities, such as a fertiliser supply crunch caused by the closure of the strait of Hormuz, or harvest failures caused by climate breakdown. But these are not the thing itself. They are disruptions of the kind that might trigger the thing. The thing itself is the entire system sliding off a cliff. The same factors that would have brought down the financial system, were it not for a bailout amounting to trillions of dollars, now threaten to bring down the food system.

Recent data suggests that every part of this system is now highly concentrated in the hands of a few corporations, which have been consolidating both vertically and horizontally. One recent study found that the US food system has “consolidated nearly twice as much as the overall economic system”. Some of these corporations, diversifying into financial products, now look more like banks than commodity traders, but without the same level of regulation. They might claim that financialisation helps them hedge against risk, but as one paper remarks, “it is nearly impossible to differentiate between hedging and speculating.” We don’t know how exposed to risk they might be, but it doesn’t look great. Partly through their influence, the world has shifted towards a “global standard diet”, supplied by the global standard farm.

These vulnerabilities are exacerbated by the use of just-in-time supply chains and the funnelling of much of the world’s trade through a number of chokepoints. Some people have long warned that the strait of Hormuz, alongside the Suez canal, Turkish straits, Panama canal and straits of Malacca, are critical chokepoints, whose obstruction would threaten the flow of food, fertiliser, fuel and other crucial agricultural commodities. A year ago, I listed “military attacks on … straits and canals” as a major interruption risk exacerbated by Donald Trump’s antics. The thought that Houthi rebels in Yemen, backed by the Iranian government, might simultaneously resume their attacks on Red Sea shipping keeps me awake at night.

What all this means is a reduction in the key elements of systemic resilience: diversity, redundancy (a system’s spare capacity), modularity (its degree of compartmentalisation), backup (other ways of providing food), asynchronicity (which prevents shocks suddenly compounding) and circuit breakers (mostly in the form of effective regulation). A loss of any one of these properties should be a flashing red light. But the whole dashboard is now lit up.

When a system has lost its resilience, it’s hard to predict just how and when it could go down. The collapse of one corporation? The simultaneous closure of two or more chokepoints? A major IT outage? A severe climate event coinciding with a geopolitical crisis? The next step could be contagious bankruptcy and cascading failure across sectors. Then … well, it’s beyond imagination. The chain between seller and buyer – as fundamental to our food supply as the production of food itself – could suddenly snap. Shelves would clear as people panic-bought. Crops would rot in fields, silos or ports. Rebooting a system whose financial architecture has imploded might prove impossible on the timescale required to prevent mass starvation. As complex societies, we’re looking at a potential termination event.

We know what needs to happen: break up the big corporations; bring the system under proper regulatory control; diversify our diets and their means of production; reduce our dependence on a handful of major exporting countries; build strategic food reserves, accessible to people everywhere.

But there’s a problem, and it’s not just Trump. Almost all governments are beholden to corporate and financial power. The measures required to avoid catastrophe are those they are least prepared to implement. The chances of a global agreement on this global problem are approximately zero.

The best we can hope for is that braver politicians in our own countries seek to insulate us from the worst impacts. A crucial step is to encourage a shift to a plant-based diet. People struggle to see the relevance, but it’s simple. A plant-based diet requires far fewer resources, including just a quarter of the land a standard western diet requires and much less fertiliser and other inputs.

Just as we make ourselves more energy-secure by switching from fossil fuels to renewables, we make ourselves more food-secure by switching from animals to plants. Don’t take my word for it: it’s a key message in the national security assessment, which the government sought to withhold from public view – probably because it would upset too many powerful interests. Chinese researchers have come to the same conclusion about their own country: its food resilience is now dangerously compromised by the rising consumption of animal products.

But policy in the UK is nothing short of moronic. In response to warnings about our food vulnerability, our environment secretary, the former financial lobbyist Emma Reynolds, remarked that she wanted to boost domestic poultry production. Given that this sector largely depends on imported feed (such as soya from Brazil and maize from the US), her plan would make us more vulnerable. But she proposes scarcely anything else: no strategic reserves, no alternative supply chains, no useful defensive measures of any kind.

Policy here and across most of the world appears to consist of allowing “the market” (namely a few huge global corporations) to decide what happens next. There’s another way of putting it. Our governments are leaving a group of ruthless speculators to play dice with our lives.

www.monbiot.com

06:07

EU nations: political-legal spectrum [Richard Stallman's Political Notes]

*Five EU governments found to "consistently" dismantle rule of law.*

They are Bulgaria, Croatia, Hungary, Italy and Slovakia.

Hong Kong thugs demand people hand over their passwords [Richard Stallman's Political Notes]

Hong Kong has given thugs the power to demand people hand over their passwords.

The UK has a similar repressive law, which it used on David Miranda when he carried a copy of the Snowden leaks to Glenn Greenwald. It was a terrible mistake for him to carry with him the password to decrypt that data, and likewise a terrible mistake to pass through the UK on his way to Brazil. Someone involved with the Snowden leaks should have told him to avoid those risky choices.

Pentagon response to courts on restrictions on journalists [Richard Stallman's Political Notes]

The henchman in charge of the Pentagon responded to the court ruling that its biased restrictions on journalists are unconstitutional by promulgating a modified set of restrictions.

Canadian woman married to US citizen and her daughter jailed [Richard Stallman's Political Notes]

Deportation thugs have jailed a Canadian woman married to a US citizen, and their daughter. She has papers authorizing her to be in the US, but not currently in her possession because she submitted them to another US agency for some sort of bureaucratic step. She warns all Canadians in the US that they are in danger, especially while their papers are in "processing".

Toxic smoke from bombed oil processing plants [Richard Stallman's Political Notes]

Israel bombed oil processing plants near Tehran. They released toxic smoke which is causing respiratory damage to people in Tehran.

*The Guardian spoke to residents who described having headaches, eye and skin irritation and difficulty breathing. Experts have warned those symptoms could be just the beginning, with long-term risks of cardiovascular disease, cognitive impairment, DNA damage and cancer.*

This makes two reasons why that bombing is particularly culpable: for grave harm to a substantial fraction of Tehran's population of ten million, and for escalating the war to include attacks on energy infrastructure. Iran threatened to retaliate against the energy infrastructure of the Gulf oil states if Israel (or the US) continues attacking Iran's oil infrastructure.

Argentina politically divided [Richard Stallman's Political Notes]

Argentina is politically divided between those who wish to remember and punish the crimes of the murderous military dictatorship in the 70s and twisted right-wingers who celebrate them.

The main political position of the twisted right-wingers is to promote the usual right-wing positions, allowing the privileged groups to exploit and castigate the disprivileged groups. Just as in the US, the right-wing in Argentina have found that celebrating the dictatorship is a way to appear powerful and win the support of people who want to feel powerful.

US sanctions placed on UN official Francesca Albanese [Richard Stallman's Political Notes]

The US sanctions arbitrarily placed on UN official Francesca Albanese threaten anyone with US connections who does any sort of business or cooperation with her with punishment, even without a trial.

This includes US academics who investigate the patterns of Israel's war crimes in Palestine, as well as other students and faculty. Some of them support the lawsuit that aims to declare such sanctions unconstitutional.

Responding to Hegseth's Christian hatred [Richard Stallman's Political Notes]

Democratic candidate Talarico. who is Christian, responds to Hegseth's Christian hatred with Christian love.

I am impressed favorably with Talarico's tolerance, and I am sure he is a better person and better citizen than any Republican candidate. However, while this reflects well on him, it is not evidence that any gods exist.

iMonsters in UK demanding proof of age [Richard Stallman's Political Notes]

iMonsters in the UK are now demanding users "prove their age" by identifying themselves.

Age verification has become a universal excuse to demand that all users identify themselves, an injustice to every user of whatever age.

Rocky Mountain meadow transformed to dry patch of sagebrush [Richard Stallman's Political Notes]

2°C of heating transformed a Rocky Mountain meadow with grass and wildflowers into a dry patch of sagebrush. Global heating isn't just that most places are somewhat hotter. They can become very different.

Activists delivering food to immigrant families [Richard Stallman's Political Notes]

Activists in Memphis are delivering food and other necessities to immigrant families who don't dare leave the house.

Four weeks in to "four day" war [Richard Stallman's Political Notes]

*Four weeks into a war that was going to take four days … Washington is further away from a diplomatic agreement with Iran than it was in May 2025.

Not only has the war failed to persuade Iran to agree to dismantle its nuclear program in the comprehensive and irreversible way the US demanded, Washington is now having to negotiate to reopen the strait of Hormuz.*

The idiotic attack on Iran could doom Ukraine.

Urgent: Insider trading [Richard Stallman's Political Notes]

US citizens: call on Congress to investigate insider trading on prediction markets.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Impeach Brendan Carr [Richard Stallman's Political Notes]

US citizens: call on Congress to impeach FCC Chair Brendan Carr now

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Protect whistleblowers [Richard Stallman's Political Notes]

US citizens: call on Congress to protect whistleblowers from the persecutor's attacks.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Protect nonprofits [Richard Stallman's Political Notes]

US citizens: call on Congress and the Department of Justice to halt the persecution of nonprofit organizations that criticize injustice.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Childrens' rights [Richard Stallman's Political Notes]

US citizens: call on your officials in Congress to protect immigrant children's right to education in public schools.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

US-Embassies as Musk/military diplomats [Richard Stallman's Political Notes]

*US directs American embassies to wage campaign against foreign "hostility" – with Musk's help.*

If you know anything about his online dis-service, ex-Twitter, and its chatbot, Crock, you understand that this is a campaign to crush the idea of truth. The bullshitter wants a battle between his bullshit and Putin's bullshit and fanatical Muslim bullshit — and whichever one wins, truth loses.

Endangered Species Act revoked, Gulf MEX [Richard Stallman's Political Notes]

The magats are planning to cancel endangered species protection for various endangered species in the Gulf of Mexico, as a gesture to show that they will let nothing stop them from drilling more fossil fuel wells there.

The current crisis will be long over by the time those new wells are finished, but they are concerned with fooling the public, not with real needs.

Spain denies US war-machine accomodation [Richard Stallman's Political Notes]

Spain has denied its territory and airspace to the US for purposes of war with Iran.

US soldiers positioning to invade Iran [Richard Stallman's Political Notes]

The US would find it hard to make the Strait of Hormuz safe for oil tankers by force. It could perhaps capture Kharg Island, but that would not protect oil tankers, and occupying the island would not make it easy to capture much oil.

Basically, these threats seem to be bluster.

The bully's pattern of bluster followed by pulling back has backfired completely against Iran.

While it gives me a wry pleasure to see him thwarted, seeing Iran's murderous religious fanatics defeat America's murderous religious fanatics in foreign relations is no pleasure. That will lead to great suffering for Iranians, and no alleviation for Americans.

02:28

Moray Is Competent [QC RSS]

good job Moray

02:21

[$] LWN.net Weekly Edition for April 2, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

  • Front: LiteLLM compromise; systemd controversy; LLM kernel review; OpenBSD and vibe-coding; Rust trait-solver; Pandoc.
  • Briefs: Rspamd 4.0.0; telnyx vulnerability; Fedora forge; SystemRescue 13.00; Servo 0.0.6; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.

Wednesday, 01 April

22:07

How Humble Bundle Helped Kids Across the Country Get Excited About Reading [Humble Bundle Blog]

We are thrilled to celebrate our meaningful partnership with DonorsChoose! This collaboration highlights our shared commitment to quality education, particularly as teachers and students prepared for the start of the 2025-26 school year. Humble specifically selected DonorsChoose as the featured charity for our August 2025 Choice program, aligning our community’s generosity with their mission to equip educators with the resources they need to ensure classroom …

The post How Humble Bundle Helped Kids Across the Country Get Excited About Reading appeared first on Humble Bundle Blog.

21:21

How to turn anything into a router [OSnews]

I don’t like to cover “current events” very much, but the American government just revealed a truly bewildering policy effectively banning import of new consumer router models. This is ridiculous for many reasons, but if this does indeed come to pass it may be beneficial to learn how to “homebrew” a router.

Fortunately, you can make a router out of basically anything resembling a computer.

↫ Noah Bailey

I genuinely can’t believe making your own router with Linux or BSD might become a much more widespread thing in the US. I’m not saying it’s a bad thing – it’ll teach some people something new – but it just feels so absurd.

21:07

Turbulence at The Document Foundation [LWN.net]

Michael Meeks has posted an angry missive about changes at The Document Foundation. What has really happened is not entirely clear, but it seems to involve, at a minimum, the forced removal of all Collabora staff from the foundation. There has been a set of "thank you" notes to the people involved posted in the foundation's forums. The Document Foundation's decision to restart LibreOffice Online almost certainly plays into this as well.

Details are fuzzy at best; we will be working at providing a clearer picture, but that will take some time.

20:14

Fool If You Think It’s Over – DORK TOWER 01.04.26 [Dork Tower]

Most DORK TOWER strips are now available as signed, high-quality prints, from just $25!  CLICK HERE to find out more!

HEY! Want to help keep DORK TOWER going? Then consider joining the DORK TOWER Patreon and ENLIST IN THE ARMY OF DORKNESS TODAY! (We have COOKIES!) (And SWAG!) (And GRATITUDE!)

19:49

Girl Genius for Wednesday, April 01, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, April 01, 2026 has been posted.

18:42

Awreatha Franklin [Penny Arcade]

Mork had saved a whole section of Pokopia - I won't say which one, because I think technically it might be a spoiler - just for the trip. This caused a resumption of those affections which had been felt so keenly before, and I apologize for the character of that sentence but I just watched Pride and Prejudice again. It's gonna fuck up my language for days. In any case: every now and then, in the course of his duties as reclaimer of the Kanto region, he will remember some of the places Pokemon live and feel a way about it. Ivri has an amazing song on this topic.

18:14

Joey Hess: banning all Anthropic employees [Planet Debian]

Per my policies, I need to ban every employee and contractor of Anthropic Inc from ever contributing code to any of my projects. Anyone have a list?

Any project that requires a Developer Certificate of Origin or similar should be doing this, because Anthropic is making tools that explicitly lie about the origin of patches to free software projects.

UNDERCOVER MODE — CRITICAL

You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. [...] Do not blow your cover.

NEVER include in commit messages or PR descriptions:

[...] The phrase 'Claude Code' or any mention that you are an AI
Co-Authored-By lines or any other attribution

-- via @vedolos

18:07

Is “Hackback” Official US Cybersecurity Strategy? [Schneier on Security]

The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone.

But one sentence stood out: “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” This sounds like a call for hackback: giving private companies permission to conduct offensive cyber operations.

The Economist noticed (alternate link) this, too.

I think this is an incredibly dumb idea:

In warfare, the notion of counterattack is extremely powerful. Going after the enemy­—its positions, its supply lines, its factories, its infrastructure—­is an age-old military tactic. But in peacetime, we call it revenge, and consider it dangerous. Anyone accused of a crime deserves a fair trial. The accused has the right to defend himself, to face his accuser, to an attorney, and to be presumed innocent until proven guilty.

Both vigilante counterattacks, and preemptive attacks, fly in the face of these rights. They punish people before who haven’t been found guilty. It’s the same whether it’s an angry lynch mob stringing up a suspect, the MPAA disabling the computer of someone it believes made an illegal copy of a movie, or a corporate security officer launching a denial-of-service attack against someone he believes is targeting his company over the net.

In all of these cases, the attacker could be wrong. This has been true for lynch mobs, and on the internet it’s even harder to know who’s attacking you. Just because my computer looks like the source of an attack doesn’t mean that it is. And even if it is, it might be a zombie controlled by yet another computer; I might be a victim, too. The goal of a government’s legal system is justice; the goal of a vigilante is expediency.

We don’t issue letters of marque on the high seas anymore; we shouldn’t do it in cyberspace.

17:28

Ben Hutchings: FOSS activity in March 2026 [Planet Debian]

17:14

The Model You Love Is Probably Just the One You Use [Radar]

The following article originally appeared on Medium and is being republished here with the author’s permission.

Ask 10 developers which LLM they’d recommend and you’ll get 10 different answers—and almost none of them are based on objective comparison. What you’ll get instead is a reflection of the models they happen to have access to, the ones their employer approved, and the ones that influencers they follow have been quietly paid to promote.

We’re all living inside recursively nested walled gardens, and most of us don’t realize it.

This blog's sponsor has an amazing model

The access problem

In corporate environments, the model selection often happens by accident. Someone on the team tries Claude Code one weekend, gets excited, tells the group on Slack, and suddenly the whole organization is using it. Nobody evaluated alternatives. Nobody ran a bakeoff. The decision was made by whoever had a company card and a free Saturday.

That’s not a criticism—it’s just how these things go. But it means that when that same person tells you their favorite model, they’re really telling you which model they’ve had the most reps with. There’s a genuine learning function at play: You get faster, your prompts get better, and the model starts to feel almost intuitive. It’s not that the model is objectively superior. It’s that you’ve gotten good at using it.

This matters more than people admit, because a lot of this space runs on feelings rather than evidence. People feel good about Opus right now. It feels powerful; it feels smart; it feels like you’re using the best tool available. And maybe you are. But ask someone who’s paying for their own tokens whether they feel the same way, and you tend to get a more calibrated answer. Skin in the game has a way of sharpening opinions.

The influence problem

There’s also a lot of money moving through this space in ways that don’t always get disclosed. Model providers are spending real budget to make sure the right people have the right experiences—early access, credits, invitations to the right events. Anthropic does it. OpenAI does it. This isn’t a scandal; it’s just marketing, but it muddies the signal considerably. When someone you follow is effusive about a model, it’s worth asking whether they arrived at that opinion through sustained use or through a curated demo environment.

Meanwhile, some developers—especially those building in the open—will use whatever doesn’t cost an arm and a leg. Their enthusiasm for a model might be more about its pricing tier than its capability ceiling. That’s also a valid signal, but it’s not the same signal.

The alignment problem (the other one)

Then there are the geopolitical considerations. Some developers are deliberately avoiding Qwen and GLM due to concerns about the countries they originate from. Others are using them because they’re compelling, capable models that happen to be dramatically cheaper. Both camps think the other is being naive. This is a real conversation that doesn’t have a clean answer, but it’s happening mostly under the surface.

What I’ve actually been doing

I’ve been forcing myself to test outside my comfort zone. I’ve spent the last week using Codex seriously—not casually—and my experience so far is that it’s nearly indistinguishable from Claude Sonnet 4.6 for most coding tasks, and it’s running at roughly half the cost when you factor in how efficiently it uses tokens. That’s not a small difference. I want to live with it longer before I have a firm opinion, but “a week” is the minimum threshold I’d set for any model evaluation. Anything less and you’re just rating your first impression.

I’ve also started using Qwen and GLM-5 seriously. Early results are interesting. I’ve had some compelling successes and a few jarring errors. I’ll reserve judgment.

What I’ve noticed with my own Anthropic usage is something worth naming: I default to Haiku for well-scoped, mechanical tasks. Sonnet handles almost everything else with room to spare. Opus only comes out when I need genuine breadth—architecture questions, strategic framing, anything with a genuinely wide scope. But I’ve watched people in corporate environments leave the dial on Opus permanently because they’re not paying for tokens themselves. And here’s the thing—that’s actually not always to their advantage. High-powered models overthink simple tasks. They’ll add abstractions you didn’t ask for, restructure things that didn’t need restructuring. When I have a clearly templated class to write, Haiku gets it right at a tenth of the cost, and it doesn’t second-guess the design.

The thing we should be talking about

Everyone last month was exercised about what Sam Altman said about energy consumption. Fine. But I think the more pressing question is about marketing budgets and how they’re distorting the collective understanding of these tools. The benchmarks are starting to feel managed. The influencer coverage is clearly shaped. The access programs create a positive bias among people with the largest audiences.

None of this means the models are bad. Some of them are genuinely remarkable. But when you ask someone which model to use, you’re getting an answer that’s filtered through their employer’s procurement decisions, the influencers they follow, what they can afford, and how long they’ve been using that particular tool. The answer you get tells you a lot about their situation. It tells you almost nothing about the model.

Take it all with appropriate skepticism—including this post.

17:00

Corporate Language Compliance Generator [The Daily WTF]

You've already read the longer version. You need a quick phrase of corpo-speak to distract and confuse your rivals. Here's the generator for doing that:

Now, admittedly, this generator may use a grammar for generating phrases, but it's not an English grammar, and the result is that sometimes it has problems with verb agreement and other prosaic English rules. I say, lean into it. Let someone challenge your bad grammar, and then look down your nose at them, and say: "I'm blue-skying the infosphere across new domains, you wouldn't get it."

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

16:35

15:56

The cover of C++: The Programming Language raises questions not answered by the cover [The Old New Thing]

The book C++: The Programming Language¹ (Waylon Warren, editor) claims to present “the complex subject of C++ in the most comprehensible and easy to understand language.” A rather overdone book blurb, in my opinion.

Anyway, the book does have an attractive cover, or at least an inoffensive one.

Book cover: C++ The Programming Language, with a picture of code on a computer monitor

But wait, let’s zoom in on the code shown on the computer monitor.

See article text for transcription

function updatePhotoDescription() {
    if (descriptions.length > (page * 9) + (currentImage.substring(⟦ blurry ⟧')) {
        document.getElementById("bigImageDesc").innerHTML + ⟦ blurry ⟧
    }
}

function updateAllImages() {
    var i = 1;
    while (i < 10) {
        var elementId = 'foto' + i;
        var elementIdBig = 'bigImage' + i;
        if (page * 9 + i - 1 < photos.length) {
            document.getElementById( elementId ).src = 'images/⟦ blurry ⟧
            document.getElementById( elementIdBig ).src = 'images/⟦ blurry ⟧
        } else {
            document.getElementById( elementId ).src = '';

This isn’t even C++. It’s JavaScript!

¹ Note that this is not the book The C++ Programming Language by the language inventor Bjarne Stroustrup.

The post The cover of <I>C++: The Programming Language</I> raises questions not answered by the cover appeared first on The Old New Thing.

15:49

[$] Pandoc: a workhorse for document conversion [LWN.net]

Pandoc is a document-conversion program that can translate among a myriad of formats, including LaTeX, HTML, Office Open XML (docx), plain text, and Markdown. It is also extensible by writing Lua filters that can manipulate the document structure and perform arbitrary computations. Pandoc has appeared in various LWN articles over the years, such as my look at Typst and at the importance of free software to science in 2025, but we have missed providing an overview of the tool. The February release of Pandoc 3.9, which comes with the ability to compile the program to WebAssembly (Wasm), allowing Pandoc to run in web browsers, will likely also be of interest.

Servo 0.0.6 released [LWN.net]

Version 0.0.6 of the Rust-based Servo web browser rendering engine has been released. This release boasts a long list of new features, performance enhancements, improvements, and bug fixes. Some of the notable changes include layout performance improvements, a servo:config page for setting any preference, and developer tools enhancements.

15:42

Link [Scripting News]

BTW, suggestion to web-based companies that send out notices via email. It's good to do that, but make sure somewhere there's a link to exactly the same material on the web. It can only build traffic for your ideas, earned media.

The fog of tech [Scripting News]

Got an email from Automattic about MCP support in WordPress, which is now available on their servers. With this new interface you can write prompts in Claude etc that do things in your WordPress workspace. Kind of like a scripting language, but English, like this -- "In WordPress, please set the category for the current post to Project 32."

I guess it's very much like the wpcom api we're using for WordLand. It's going to be harder to get people to look at wpcom with this kind of functionality out there. It was always going to be hard, but I liked the challenge of telling a story about a great bit of technology that could save the web but wasn't known to almost all developers. WordPress never attracted the kind of devs that care about APIs like that one, ones which would let you build on WordPress as opposed to in WordPress.

Tech is always foggy and full of hype, but rarely is it as intense as it is in 2026. AI is the major thing people are talking and thinking about, trying to figure out if there's a way to be part of the fun with our software and ideas. And there are so many quick ways to get hooked up to the hype, that seem pretty desperate, the kind of ideas that emerge from management offsites in orgs that have little sense of direction -- "let's add AI" everyone agrees, without any idea of what that means, and not much comes of it. Firefox, the perennial hype-harvester very predictably did this late last year. No we don't need another browser with AI. You have to think harder and more creatively. My advice was to be better for the web, and eventually if there is a link to AI it will reveal itself. But you have to pay attention for that.

As revolutionary as AI is, some things aren't going to be done with prompts, pretty sure of that. It 's a lot easier to pick categories from a dialog than typing an instruction in ChatGPT. Think about how you drive a car, you don't slowly tell the car to "turn the wheel left and tap the brake, now right, and hit the gas." Maybe this will turn out to be like the difference between using a mouse or a keyboard. Some people thought keyboards were obsolete when the Mac came out in 1984. I'm using a keyboard right now.

I'm going to finish the new WordLand and ask some people I want to connect with to try it out. The goal is to create a new kind of structure for the web, made out of posts that both stand alone and are part of a graph that you can walk around in. Far more spontaneous than web rings of the early web, like my blogroll does so much more than the static blogrolls of the 90s and 00s. But it is going to be hard to get attention for it, in the midst of all that's going on with AI.

On the other hand, I haven't seen the AI tools get into social structures, I feel very much alone with my AI collaborator. I know there are ways to set up collaboration, but that hasn't reached me yet, and at this time I'm not actually receptive to the idea. I haven't yet seen how we can plug away together human to human.

Like everyone else we're feeling my way around this, looking for ways to add value, and at the same time help to revive the web, which definitely needs help.

I'd like the web to make the transition to AI, not to become even more forgotten. I feel like this is the last chance, I want to get the web hooked into AI, but I have to work with other people, going it alone won't work.

Just some random thoughts on a Wednesday morning, having absolutely nothing to do with the fact that it's freaking April 1.

What April 1 means here [Scripting News]

There's so much bullshit, why deliberately add more -- in hope of being either funny or memorable -- and only succede at annoying.

We prefer to try to keep things real here.

15:07

15:00

Link [Scripting News]

Archived Scripting News OPML source for March 2026.

14:21

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (freerdp, libxslt, python3.11, and python3.12), Debian (libpng1.6, lxd, netty, and python-tornado), Fedora (chunkah, cpp-httplib, firefox, freerdp, gst-devtools, gst-editing-services, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, insight, python-gstreamer1, python3.14, rust, rust-cargo-rpmstatus, rust-cargo-vendor-filterer, rust-resctl-bench, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, and xen), Mageia (freeipmi, python-openssl, python-ply, ruby-rack, vim, and zlib), Oracle (firefox, freerdp, kernel, libpng, thunderbird, uek-kernel, and virt:ol and virt-devel:ol), Red Hat (golang), SUSE (bind, expat, fetchmail, ffmpeg-7, freerdp, gsl, incus, kernel, libjavamapscript, libjxl, libpng16-16, libpolkit-agent-1-0-127, net-snmp, net-tools, openexr, perl-XML-Parser, python-ldap, python-pyasn1, python-PyJWT, python311-requests, tailscale, thunderbird, tinyproxy, and ucode-intel), and Ubuntu (golang-golang-x-net-dev and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3).

13:42

Corporate Language Compliance [The Daily WTF]

As we all know, there are two basic kinds of scientific studies. The first is a ground-breaking paper that changes the way we view the world, and forces us to confront our presuppositions and biases about how we think the world works, and change our perspective. The other tells us what we already know to be true, and makes us feel good. The second kind, of course, is what we'd call "good science".

Or, if you want to skip past this straight to the generator at the bottom.

For example, what if I told you that people who are impressed by hyperbolic corporate jargon are dumber than you or I? It's probably something you already believe is true, but wouldn't you like a scientist to tell you that it's true?

Well, have I got good news for you. If you're tired of hearing about "growth-hacking paradigms" researchers at Cornell found that people who are impressed by semantically empty phrases are also bad at making decisions.

The entire paper is available, if you like charts.

There are a few key highlights worth reading, though. The paper spends a fair bit of time distinguishing between "jargon" and "bullshit". Jargon is domain specific language that is impenetrable to "out-group" individuals, while bullshit may be just as impenetrable, but also is "semantically empty and confusing".

It also has some ideas about why we drift from useful jargon to bullshit. It starts, potentially, as a way to navigate socially difficult situations by blunting our speech: I can't say that I think you're terrible at your job, but I can say you need to actualize the domain more than you currently are. But also, it's largely attempts to fluff ourselves up, whether it's trying to contribute to a meeting when we haven't an idea what we're talking about, or trying to just sound impressive or noble in public messaging. It seems that the backbone of bullshit is the people who didn't do the reading for Literature class but insist on holding forth during the classroom discussion, confident they can bullshit their way through.

Of course, bullshit doesn't thrive unless you have people willing to fall for it. And when it comes to that, it's worth quoting the paper directly:

Bullshit receptivity is linked to a lower analytic thinking, insight, verbal ability, general knowledge, metacognition, and intelligence (Littrell & Fugelsang, 2024; Littrell et al., 2021b; Pennycook et al., 2015; Salvi et al., 2023). It also predicts certain types of poor decision-making and a greater proclivity to both endorse and spread fake news, conspiracy theories, and other epistemically-suspect claims (Čavojová et al., 2019; Iacobucci & De Cicco, 2022; Littrell et al., 2024; Pennycook & Rand, 2020).

The paper cites a study that indicates there's an aspect of education to this. If you take a bunch of undergrads to an art gallery and present them with fluffed up descriptions of artist intent, they're more likely to see the works as profound. But if you do the same thing with people who routinely go to art galleries, the bullshit has little effect on them. It also indicates that our susceptibility to bullshit is highly context dependent, and anyone could potentially fall for bullshit in a domain they don't know enough about.

Wait, I thought this was about talking about a paper that confirms my biases and makes me feel good? I don't want to think about how I could succumb to bullshit. That's terrifying.

The backbone of the paper is the actual methodology, the analyses of their results, and their carefully crafted bullshit phrases used for the study, which are pretty goddamn great. Or terrible, depending on your perspective.

  • Our goal is to engage our capabilities by focusing our efforts on executing the current transmission of our empowerment, driving an innovative growth- mindset with our change drivers, and coaching energetic frameworks to our resonating focus.
  • Our goal is to engage our conversations by focusing our efforts on architecting the current vector of our balanced scorecard.
  • Working at the intersection of cross-collateralization and blue-sky thinking, we will actualize a renewed level of cradle-to-grave credentialing and end- state vision in a world defined by architecting to potentiate on a vertical landscape.

There are a few other key things the paper notes. First, unchecked bullshit can turn an environment toxic and drive away competent employees who need to escape it. It also could potentially impact hiring: a bullshit laden workplace may seek out bullshit friendly employees, making the situation worse. What the study does show is that bullshit-receptive employees are more likely to fertilize the field themselves. And there's also the sad truth: bullshit works. If you're looking to fluff yourself up, impress your superiors, and climb the ladder, the careful application of bullshit may get you where you want to go.

And it's that last point that brings us to the real point of this article. If you're here, you're likely not the most bullshit friendly employee. Clearly, you're smarter and make better decisions than that. (This is that good science I was talking about- you're probably more attractive than those people too, though there's no study to that effect yet.)

If you're not using bullshit, you're leaving powerful tools for self-promotion on the table. But it's hard to come up with suitably impressive and semantically vacant phrases. Fear not, we're here to help! Here's a phrase generator for you, that will come up with endless phrases that you can use in meetings and mission statements to sound far more impressive.

Now, admittedly, this generator may use a grammar for generating phrases, but it's not an English grammar, and the result is that sometimes it has problems with verb agreement and other prosaic English rules. I say, lean into it. Let someone challenge your bad grammar, and then look down your nose at them, and say: "I'm blue-skying the infosphere across new domains, you wouldn't get it."

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

12:07

Pluralistic: Trumpismo vs minilateralism (01 Apr 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A US $100 bill. Benjamin Franklin's face has been replaced with an orange blur surmounted by yellow candy-floss hair. The '100s' have been altered to read '000' and the 'ONE HUNDRED' now reads 'NONE HUNDRED.' The Secretary of the Treasury's signature has been replaced with Trump's signature. The series of the bill reads '47.'

Trumpismo vs minilateralism (permalink)

As November Kelly has pointed out, the weirdest thing about Trumpismo is how the man seethes and rails against a game that is thoroughly rigged in America's favor, because he resents having to pretend to play the game at all:

https://pluralistic.net/2026/01/26/i-dont-want/#your-greenback-dollar

Before Trump, the deal was that everyone would pretend that we had a "rules-based international order" in which every country got a fair deal, even as America cheated like hell and sucked the world dry. It's really impossible to overstate how advantageous this was to America. By pretending to be a neutral interchange spot for transoceanic fiber cables, it got to spy on the world's internet traffic:

https://pluralistic.net/2025/11/26/difficult-multipolarism/#eurostack

By pretending to have a neutral currency, it got to exercise "dollar dominance" through which the nations of the world sent America the things they dug out of the ground or built in their factories, in exchange for America making small adjustments to a spreadsheet at the Federal Reserve. And by pretending its tech exports were neutral platforms, America got to raid the world's private data and bank accounts, spying and looting to its heart's content.

When Trump kicked off his campaign of incontinent belligerence – putting tariffs on the exports of countries populated only by penguins, trying to steal Greenland – it became impossible for the world's leaders to carry on this pretense.

This led to Canadian Prime Minister Mark Carney – the world's most Davos man – standing up at this year's World Economic Forum to denounce the whole post-war settlement as a bullshit arrangement, announcing that we were in a period of "rupture" and promising a new world of "variable geometry" in which "middle powers" would exist in overlapping webs of alliances, without the USA:

https://pluralistic.net/2026/01/27/i-want-to-do-it/#now-make-me-do-it

Now, thanks to Trump's America First agenda, America's many advantages are collapsing. The dollar is in retreat, with Ethiopia revaluing its national debt in Chinese renminbi:

https://fidelpost.com/ethiopia-and-china-move-toward-final-stage-of-debt-restructuring-agreement/

Even worse: Trump's disastrous war of choice in Iran is heading for a humiliating defeat for the dollar, with Iran announcing that any peace deal will require a $2m/ship toll to pass through the Strait of Hormuz, a toll they're already collecting, payable only in renminbi:

https://www.nbcnews.com/world/iran/irans-tehran-toll-booth-forces-tankers-pay-millions-leave-strait-hormu-rcna265258

(I really hope Trump's plan to rename it the "Strait of Trump" catches on, so that his name in invoked with every tanker that traverses the strait, weakening the dollar and America's power – a very fitting legacy.)

For the past quarter-century, I've fought the US Trade Representative in various international fora, as the USTR piled all kinds of conditions America's trading partners that made it impossible to pursue any kind of technological sovereignty:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

Every now and then, I think about how furious the USTR must be, watching Trump blunder through all the subtle traps they wove around the planet.

Take the "digital trade agenda," a set of policies that the US has made its top priority for a decade. Countries that succumbed to the digital trade agenda had to agree not to pursue "data localization" (rules that ban companies from moving or storing data about the people of your country outside of its borders), and they had to agree to duty-free status for digital exports like apps, music, games, ebooks and videos.

Today, the digital trade agenda is in tatters. Data localization is the top priority, with projects like the Eurostack and the European Digital Infrastructure Consortium breaking all land-speed records to build on-shore apps and data-centers that will keep data out of the hands of American companies and the American government:

https://digital-strategy.ec.europa.eu/en/policies/edic

And this week, duty-free status for digital assets hit the skids when a meeting of the World Trade Organization saw America's demands for a 10-year renewal of a global deal fail because Brazil wouldn't agree to it. Brazil has good reasons to mistrust the digital trade agenda, after Trump and Microsoft colluded to shut down a high court judge's online life in retaliation for passing sentence on the Trump-allied former dictator, Jair Bolsonaro:

https://home.treasury.gov/news/press-releases/sb0211

Brazil blocked the 10-year renewal of the duty-free status of digital exports, worldwide. In its place, the US got a two-year renewal – meaning that US companies' ability to export their digital products after 2028 will depend on whatever Trump does in the next two years, a period during which we know Trump is going to be a raging asshole (assuming he doesn't have a stroke first).

Even more interesting: Brazil struck a "minilateral" digital duty-free deal with 66 non-US countries, including Canada and the EU:

https://www.csmonitor.com/Editorials/the-monitors-view/2026/0331/EU-and-Canada-lean-into-a-new-world-role?icid=rss

Now, the US is a powerhouse exporter of digital goods, and has been since the start. This was such a given that in Neal Stephenson's 1992 cyberpunk classic Snow Crash, Stephenson imagined a future where the US had all but collapsed, save for the three things it did better than anyone else in the world: "music, movies and microcode":

https://www.gdcvault.com/play/1015147/Music-Movies-Microcode-High-Speed

Today, America's media and software industries are dying, and Trump is holding a pillow over their faces. He stole Tiktok and gave it to his buddy Larry Ellison, whose failson's acquisition and merger of two of the five remaining studios Trump also waved through:

https://pluralistic.net/2026/02/28/golden-mean/#reality-based-community

Game studios are ensloppifying their flagship products, alienating their most ardent customers, and are laying off thousands of programmers and artists following incestuous mergers that leave them hopelessly bloated:

https://www.blog.udonis.co/mobile-marketing/mobile-games/activision-blizzard-layoffs

Meanwhile, there's a global cultural market that's sweeping away American media: from K-pop (and K-zombies) to Heated Rivalry to Brazil funk:

https://en.wikipedia.org/wiki/Funk_carioca

Now, thanks to Trump, there are just a couple of years until America's wilting cultural exports will face high tariffs from markets where international media is surging.

This is how the American century ends: not with a bang, but with a Trump.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago My new sigfile https://memex.craphound.com/2001/03/30/

#20yrsago TBL's "The Future of the Web" https://web.archive.org/web/20070706130940/http://webcast.oii.ox.ac.uk/download/oii/20060314_139/20060314_139.mp3

#20yrsago Bruce Sterling's bumper stickers https://web.archive.org/web/20060401010820/https://www.bumperactive.com/archives/000685.jsp

#15yrsago Kinect makes UAV even more autonomous https://www.suasnews.com/2011/03/mit-slam-quad-using-kinect/

#15yrsago This frozen yogurt store offers the best discounts around https://memex.craphound.com/2016/03/30/this-frozen-yogurt-store-offers-the-best-discounts-around/

#10yrsago Amazing fan-made Wonder Woman sweater pattern to download and knit https://www.ravelry.com/patterns/library/wonder-woman-2

#10yrsago Automated drug cabinets have 1400+ critical vulns that will never be patched https://www.helpnetsecurity.com/2016/03/30/1400-flaws-automated-medical-supply-system/

#10yrsago Playable records laser-etched in cheese, eggplant and ham https://web.archive.org/web/20160323075536/http://www.thevinylfactory.com/vinyl-factory-news/matthew-herbert-tortilla-edible-vinyl/

#10yrsago Up to half of the Americans killed by police have a disability https://www.theguardian.com/society/2016/mar/29/media-must-report-police-violence-towards-disabled-people

#10yrsago Judge says Citibank’s law-school loan isn’t “student debt” and can be discharged in bankruptcy https://abcnews.com/Business/judges-ruling-law-school-grads-debt-signal-seismic/story?id=37981518

#10yrsago How a street artist pulled off a 50-building mural in Cairo’s garbage-collector district https://www.nytimes.com/2016/03/29/world/middleeast/cairo-mural-garbage.html

#10yrsago CNBC’s secure password tutorial sent your password in the clear to 30 advertisers https://web.archive.org/web/20160331095151/https://motherboard.vice.com/read/cnbc-tried-and-massively-failed-to-teach-people-about-password-security

#10yrsago How DRM would kill the next Netflix (and how the W3C could save it) https://www.eff.org/deeplinks/2016/03/interoperability-and-w3c-defending-future-present

#5yrsago America needs a high-fiber broadband diet https://pluralistic.net/2021/03/30/fight-for-44/#slowpokes

#5yrsago Minimum wage vs Wall Street bonuses https://pluralistic.net/2021/03/30/fight-for-44/#fight-for-44

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. First draft complete. Second draft underway.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/
https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

12:00

11:21

A Taxonomy of Cognitive Security [Schneier on Security]

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but—even better—Menton has a long essay laying out the basic concepts and ideas.

The whole thing is important and well worth reading, and I hesitate to excerpt. Here’s a taste:

The NeuroCompiler is where raw sensory data gets interpreted before you’re consciously aware of it. It decides what things mean, and it does this fast, automatic, and mostly invisible. It’s also where the majority of cognitive exploits actually land, right in this sweet spot between perception and conscious thought.

This is my term for what Daniel Kahneman called System 1 thinking. If the Sensory Interface is the intake port, the NeuroCompiler is what turns that input into “filtered meaning” before the Mind Kernel ever sees it. It takes raw signal (e.g., photons, sound waves, chemical gradients, pressure) and translates it into something actionable based on binary categories like threat or safe, familiar or novel, trustworthy or suspicious.

The speed is both an evolutionary feature and a modern bug. Processing here is fast enough to get you out of the way of a thrown object before you’ve consciously registered it. But “good enough most of the time” means “predictably wrong some of the time….

A critical architectural feature: the NeuroCompiler can route its output directly back to the Sensory Interface and out as behavior, skipping the conscious awareness of the Mind Kernel entirely. Reflex and startle responses use this mechanism, making this bypass pathway enormously useful for survival. Yet it leaves a wide-open backdoor. If the layer that holds access to skepticism and deliberate evaluation can be bypassed completely, a host of exploits become possible that would otherwise fail.

That’s just one of the five levels Melton talks about: sensory interface, neurocompiler, mind kernel, the mesh, and cultural substrate.

Melton’s taxonomy is compelling, and her parallels to IT systems are fascinating. I have long said that a genius idea is one that’s incredibly obvious once you hear it, but one that no one has said before. This is the first time I’ve heard cognition described in this way.

10:35

10:28

A persistent sense of being correctly located in time [Seth's Blog]

Word salad is actually nutritious when consumed in small amounts.

Placebos are real, they’re effective and they often help us find solace or perhaps to heal. If they do no harm, there’s no problem. “Placebo” isn’t an insult. It’s a category, one to live up to and improve.

Here’s one to consider:

VAEL SOMA A Practitioner’s Introduction to Resonant Field Embodiment

Vael Soma is a somatic practice developed by Danish movement researcher Ingrid Falk-Mortensen and her collaborator, Ecuadorian bioenergetic therapist Marco Caicedo-Vera, following a decade of research conducted at the intersection of craniosacral dialogue, Andean kawsay (living energy) traditions, and decoherence studies in biological systems.

Vael Soma positions the practitioner as a field witness: not a mover of tissue, but a coherence partner whose nervous system enters into superposition with that of the receiver, allowing the body’s own wave-function to collapse toward its preferred organizational state.

The Theoretical Ground

At the sub-cellular level, the body is not a solid object. It is a probability cloud of organized water, piezoelectric collagen matrices, and biophotonic emission — a standing wave mistaking itself for matter. Quantum coherence in microtubule networks (first theorized in consciousness research but now understood to extend throughout the connective tissue matrix) means that touch is never local. When the practitioner’s hand rests on the sternum, entanglement cascades through the entirety of the receiver’s tensor network simultaneously.

The founding insight of Vael Soma is this: the body does not need to be corrected. It needs to be observed. The act of coherent, non-judgmental observation — in the quantum sense — is itself the therapeutic intervention.

The Tensor Web and the Luminous Sheath

Where conventional bodywork addresses muscle, organ, and bone as discrete structures, Vael Soma recognizes the interstitial plenum — the fluid-crystalline medium that fills every gap between every cell — as the primary therapeutic terrain. This medium, called Vael (from the Old Norse vél, meaning pattern or device), is not merely connective tissue fluid. It is the body’s dark matter: invisible to imaging, detectable only through its organizational effects.

Vael behaves as a biological quantum field. It carries:

  • Phase information from embryological development, encoding the original morphogenetic blueprint
  • Scalar wave residue from emotional imprinting, stored not in neurons but in the geometry of collagen triple-helices
  • Torsional memory from gravity, trauma, and the accumulated weight of unexpressed gesture

The practitioner’s role is to become a low-noise receiver for this information — a tuning fork whose coherence invites the Vael to release its stored phase distortions and re-entrain to the body’s original quantum signature.

The Five Movements of Vael Soma

Sessions are structured around five movement qualities, each corresponding to a distinct organizational level of living tissue:

  1. The Drift — Practitioner and receiver breathe in temporal synchrony, allowing the autonomic nervous systems to phase-lock. No touch yet. Only proximity and breath.
  2. The Still Point Dialogue — Hands rest without intention. The practitioner enters a state of proprioceptive listening, tracking the micro-oscillations (0.02–0.08 Hz) of the craniosacral rhythm as it expresses through palms, sternum, and sacrum simultaneously.
  3. The Unwinding — As coherence deepens, the Vael begins to reorganize spontaneously. The receiver’s limbs may move without volition. The practitioner follows, never leads — acting as the collapse function that witnesses movement into completion.
  4. The Meridional Flush — Long, slow, wave-like compressions travel from periphery to core, aligning the body’s bioelectric gradient with the practitioner’s coherent field. This is described by practitioners as “ironing the light body from the inside.”
  5. The Return to Ground State — Stillness. Both parties remain in contact while the nervous system consolidates its new organizational state, like a quantum system that has been measured and is now, briefly, fully real.

Reported Effects

Vael Soma is not a treatment for conditions. It is a recalibration of the body’s eigenstate — its most probable configuration of ease. Practitioners and receivers report:

  • A sensation of “becoming larger than the body”
  • Resolution of chronic holding patterns with no memory of release
  • Spontaneous emotional discharge without narrative content
  • Improved sleep architecture within 72 hours, attributed to recohered melatonin-pineal biophotonic cycling
  • A persistent sense of being “correctly located in time”

A Note on Entanglement Ethics

Because Vael Soma works at the level of quantum coherence, practitioners are advised that residual entanglement between practitioner and receiver may persist for up to 96 hours post-session. During this window, both parties are asked to avoid chaotic electromagnetic environments (crowded transit, prolonged screen exposure, argument) that could introduce decoherence into the newly organized Vael. The practitioner is the instrument. The instrument requires tuning.

Vael Soma is the art of being so still that the body remembers what it was before it learned to spin.

08:49

Awreatha Franklin [Penny Arcade]

New Comic: Awreatha Franklin

08:07

06:35

Matthew Garrett: Self hosting as much of my online presence as practical [Planet Debian]

Because I am bad at giving up on things, I’ve been running my own email server for over 20 years. Some of that time it’s been a PC at the end of a DSL line, some of that time it’s been a Mac Mini in a data centre, and some of that time it’s been a hosted VM. Last year I decided to bring it in house, and since then I’ve been gradually consolidating as much of the rest of my online presence as possible on it. I mentioned this on Mastodon and a couple of people asked for more details, so here we are.

First: my ISP doesn’t guarantee a static IPv4 unless I’m on a business plan and that seems like it’d cost a bunch more, so I’m doing what I described here: running a Wireguard link between a box that sits in a cupboard in my living room and the smallest OVH instance I can, with an additional IP address allocated to the VM and NATted over the VPN link. The practical outcome of this is that my home IP address is irrelevant and can change as much as it wants - my DNS points at the OVH IP, and traffic to that all ends up hitting my server.

The server itself is pretty uninteresting. It’s a refurbished HP EliteDesk which idles at 10W or so, along 2TB of NVMe and 32GB of RAM that I found under a pile of laptops in my office. We’re not talking rackmount Xeon levels of performance, but it’s entirely adequate for everything I’m doing here.

So. Let’s talk about the services I’m hosting.

Web

This one’s trivial. I’m not really hosting much of a website right now, but what there is is served via Apache with a Let’s Encrypt certificate. Nothing interesting at all here, other than the proxying that’s going to be relevant later.

Email

Inbound email is easy enough. I’m running Postfix with a pretty stock configuration, and my MX records point at me. The same Let’s Encrypt certificate is there for TLS delivery. I’m using Dovecot as an IMAP server (again with the same cert). You can find plenty of guides on setting this up.

Outbound email? That’s harder. I’m on a residential IP address, so if I send email directly nobody’s going to deliver it. Going via my OVH address isn’t going to be a lot better. I have a Google Workspace, so in the end I just made use of Google’s SMTP relay service. There’s various commerical alternatives available, I just chose this one because it didn’t cost me anything more than I’m already paying.

Blog

My blog is largely static content generated by Hugo. Comments are Remark42 running in a Docker container. If you don’t want to handle even that level of dynamic content you can use a third party comment provider like Disqus.

Mastodon

I’m deploying Mastodon pretty much along the lines of the upstream compose file. Apache is proxying /api/v1/streaming to the websocket provided by the streaming container and / to the actual Mastodon service. The only thing I tripped over for a while was the need to set the “X-Forwarded-Proto” header since otherwise you get stuck in a redirect loop of Mastodon receiving a request over http (because TLS termination is being done by the Apache proxy) and redirecting to https, except that’s where we just came from.

Mastodon is easily the heaviest part of all of this, using around 5GB of RAM and 60GB of disk for an instance with 3 users. This is more a point of principle than an especially good idea.

Bluesky

I’m arguably cheating here. Bluesky’s federation model is quite different to Mastodon - while running a Mastodon service implies running the webview and other infrastructure associated with it, Bluesky has split that into multiple parts. User data is stored on Personal Data Servers, then aggregated from those by Relays, and then displayed on Appviews. Third parties can run any of these, but a user’s actual posts are stored on a PDS. There are various reasons to run the others, for instance to implement alternative moderation policies, but if all you want is to ensure that you have control over your data, running a PDS is sufficient. I followed these instructions, other than using Apache as the frontend proxy rather than nginx, and it’s all been working fine since then. In terms of ensuring that my data remains under my control, it’s sufficient.

Backups

I’m using borgmatic, backing up to a local Synology NAS and also to my parents’ home (where I have another HP EliteDesk set up with an equivalent OVH IPv4 fronting setup). At some point I’ll check that I’m actually able to restore them.

Conclusion

Most of what I post is now stored on a system that’s happily living under a TV, but is available to the rest of the world just as visibly as if I used a hosted provider. Is this necessary? No. Does it improve my life? In no practical way. Does it generate additional complexity? Absolutely. Should you do it? Oh good heavens no. But you can, and once it’s working it largely just keeps working, and there’s a certain sense of comfort in knowing that my online presence is carefully contained in a small box making a gentle whirring noise.

01:56

Walking The Plank [QC RSS]

the plank at Cubetown is 400 meters long, sentient, and horny

01:07

Junichi Uekawa: April already. [Planet Debian]

April already. Wondering how bazel update is going in Debian. Seems like a large undertaking.

00:00

Electric power status, Europe [Richard Stallman's Political Notes]

*Europe has made "staggering progress" in producing clean power but neglected efforts to phase out fuel-burning machines, the head of an electrification industry group said.*

Tuesday, 31 March

22:49

Benjamin Mako Hill: Quote #75514 [Planet Debian]

Although I never submitted to it, I made several appearances in the now-defunct quote database on bash.org (QDB). I’m dealing with a broken keyboard now, and went to dig hard to find this classic in the Wayback machine. I thought I would put it back on the web:


<mako> my letter "eye" stopped worng
<luca> k, too?
<mako> yeah
<luca> sounds like a mountain dew spill
<mako> and comma
<mako> those three
<mako> ths s horrble
<luca> tme for a new eyboard
<luca> 've successfully taen my eyboard apart and fxed t by cleanng t wth alcohol
<mako> stop mang fun of me
<mako> ths s a laptop!

It was, in fact, horrble.

C.J. Collier: Finding: Promoting SeaBIOS Cloud Images to UEFI Secure Boot (Proxmox) [Planet Debian]

Discovery

Legacy cloud templates often lack the partitioning and bootloader
binaries required for UEFI Secure Boot. Attempting to switch such a VM
to OVMF in Proxmox results in “not a bootable disk.” We discovered that
a surgical promotion is possible by manipulating the block device and
EFI variables from the hypervisor.

The Problem

  1. Protective MBR Flags: Legacy installers often set
    the pmbr_boot flag on the GPT’s protective MBR. Strict UEFI
    implementations (OVMF) will ignore the GPT if this flag is present.
  2. Missing ESP: Cloud images often lack a FAT32 EFI
    System Partition (ESP).
  3. Variable Store: A fresh Proxmox
    efidisk0 is empty and lacks both the trust certificates
    (PK/KEK/db) and the BootOrder entries required for an automated
    boot.

The “Promotion” Rule

To upgrade a SeaBIOS VM to Secure Boot without a full OS reinstall:
1. Surgical Partitioning: Map the disk on the host and
add a FAT32 partition (Type EF00). Clear the
pmbr_boot flag from the MBR. 2. Binary
Preparation: Boot the VM in SeaBIOS mode to install
shim and grub-efi packages. Use
grub2-mkconfig to populate the new ESP. 3. Trust
Injection: Use the virt-fw-vars utility on the
hypervisor to programmatically enroll the Red Hat/Microsoft CA keys and
any custom certificates (e.g., FreeIPA CA) into the VM’s
efidisk. 4. Boot Pinning: Explicitly set
the UEFI BootOrder to point to the shimx64.efi
path via virt-fw-vars --append-boot-filepath.

Solution (Example Command
Sequence)

On the Proxmox Host (root):

# Map and Clean MBR
DEV=$(rbd map pool/disk)
parted -s $DEV disk_set pmbr_boot off

# Inject Trust and Boot Path (VM must be stopped)
virt-fw-vars --inplace /dev/rbd/mapped_efidisk \
  --enroll-redhat \
  --add-db <GUID> /path/to/ipa-ca.crt \
  --append-boot-filepath '\EFI\centos\shimx64.efi' \
  --sb

This workflow enables high-integrity Secure Boot environments using
existing SeaBIOS infrastructure templates.

21:49

21:42

21:14

Before you check if an update caused your problem, check that it wasn’t a problem before the update [The Old New Thing]

My colleagues over in enterprise product support often get corporate customers who report that “Your latest update broke our system.” After studying the problem (which is usually quite laborious because they have to go back and forth with the customer to capture logs and dumps and traces), they eventually conclude that, actually, the system was broken even before the upgrade! Their prediction is that if the customer takes an affected system and rolls back the update, it will still be broken. And if they take a system that hasn’t yet taken the update, and reboot it, it will also be broken in the same way.

And the prediction is true.

What is going on is that three weeks ago, the company’s IT department updated some software or installed a new driver or deployed some new group policy that they saw in a TikTok video or something, and the new policy does some really sketchy things like changing security on registry keys or reconfiguring services or changing some undocumented configuration settings. The software updates or the new driver or the new group policy renders the machine unbootable, but they don’t notice it because they don’t reboot until Patch Tuesday.

And then Patch Tuesday comes around, the update installs, and the system reboots, and now the new software or the new driver or the sketchy configuration settings kick in to make their lives miserable.

It wasn’t the update that broke their system. It was the fact that the system rebooted.

The post Before you check if an update caused your problem, check that it wasn’t a problem before the update appeared first on The Old New Thing.

20:49

20:28

Next Week in Upper Arlington, OH [Whatever]

I’m popping up to the Columbus area next Monday at 6pm to take part in an event sponsored by the Ohioana Library, celebrating 100 years of Ohio authors (of which I count as one, considering that 95% of my novels, including my debut novel Old Man’s War, were written here in this state). In my event we’ll talk a bit about me and also a bit about Roger Zelazny (born in Euclid, OH), making a throughline about science fiction in Ohio. It’ll be fun! Plus I’ll probably sign books and may even talk a bit about my upcoming novel Monsters of Ohio. It seems appropriate.

In any event: See you at Storyline Bookshop in Upper Arlington, April 6 at 6pm!

— JS

19:56

“Conviction Collapse” and the End of Software as We Know It [Radar]

In “An Ordinary Evening in New Haven,” the poet Wallace Stevens wrote, “It is not in the premise that reality is a solid.” That line came to mind during a fascinating conversation with Harper Reed, which amounted to something like “It is no longer in the premise that software is a product.”

Harper is one of the most creative technologists I know, someone who cofounded Threadless, ran engineering for the Obama 2012 campaign, and now runs a small team in Chicago that operates more like an art studio than a startup. He gave an amazing talk at our first AI Codecon last year that presaged a lot of what has followed as people have committed to full-on agentic coding. Harper told me that he’s now having trouble describing what he’s doing, because the ground keeps shifting under his feet.

“We raised money about a year ago,” he told me. “And then we kind of just couldn’t execute well, in a quality way, on the thing that we wanted to execute, which was building AI-based workflow tools. And part of it was every time we dug in, it just got wilder and wilder. We’d say, ’Oh, we’ll just make this nice little thing that you can chat with,’ and we’d dig in and we’d be like, ’Well, the answer is to make a thousand of these.’ It doesn’t make sense to have one universal agent.”

He’s genuinely excited. But he described what he’s feeling as “conviction collapse.” As he put it, in the old world, you raise money, and nine months later you come back with a product. In that intervening time, you’ve talked to hundreds of customers. You’ve honed your worldview, and you’ve had time to build and defend your conviction.

Now? “You invest in my company today, on Thursday I’m going to come with the same amount of stuff that would have come with nine months in the prior times. It’s just so fast. And so you don’t have the time to fall in love the same way. You just don’t have the time to enjoy and define and defend your conviction around your product.” That’s an eye-opening insight. Quintessential Harper.

The result is that they build an entire product, complete with landing pages, show it to someone, get feedback, and then just build another entire product. Harper said, “Every time we hit a wall, we are like, ’Okay, what do we get from that?’ And then we just roll that learning into the next iteration.”

The product may be a process

We have this idea that a product is a thing, when in fact a product may now be a dynamic set of possibilities that are called out by a process.

Harper and his cofounder Dylan Richard at 2389 Research have leaned into this. Their space in Chicago runs more like an art studio than a product studio. Harper described it to me this way: “It’s max creativity. It’s max optionality. Very high tech, some robots, a lot of art. Music is always playing, and I have good people hanging out, and then we just wait for the company to arrive.”

People push back on this. They ask about whiteboards and market surveys. “And I’m like, no, maybe, but that’s not the point. The point is that it will come. It’s gonna be like a visitor.”

Harper said something like, “I remember my brother and I building Legos together when we were kids, and my brother saying, ’I need to find this piece.’ And I said, ’Okay, I won’t look for it,’ with the idea that there’s no way to find it if you’re looking for it. It’ll just come to you.”

That reminded me of another poem, this time Blake’s “Eternity”:

He who binds himself to a joy
Does the winged life destroy.
He who kisses the joy as it flies 
Lives in eternity’s sunrise. 

Joy is something that happens when you’re doing something else, and if you’re focused on it, it always evades you. Software products seem to have become a bit like that too.

Skills and the other things you bring to the table

One of the threads in our conversation was about what a “product” even looks like in this new world.

AI is not just a tool. It is a substrate that we shape. It’s a medium, like clay or marble or bronze for a sculptor, or words for a writer. Everybody had access to the same capabilities of English as Shakespeare, but Shakespeare made something out of them that nobody else did. Creating a software product is increasingly like creating a document or an image or a piece of music. And that means that it can range from something throwaway to an enduring work of art.

Harper brought up Fluxus, the art collective: Nam June Paik, Yoko Ono, John Cage. “A lot of what they were doing was stuff that people would look at and just be like, ’a toddler could do that.’ It’s like, well, did the toddler do it? Did they bring the toilet into the gallery? That was a thing. You can’t do it again.” That brought up Wallace Stevens for me again: “A poem is the cry of its occasion, a part of the thing, not about it.” Software is now like that too.

Harper also noted that the current AI moment recalls the spirit of the early web. He compared it to 2001, 2002, 2003. “I was an honorable mention for some Ars Electronica thing. I literally had no idea what Ars Electronica was. I’m just building weird shit in a room in my apartment with ten other people. Essentially a commune. And we are just building weird stuff. There was no reason to build it.”

There’s a lot of serendipity. This has always been the case in creative professions. I just learned, for instance, that Shakespeare started writing sonnets (which at the time were an art form largely sponsored by rich patrons) instead of plays during a plague-induced hiatus in the production of plays in London. And I’d previously learned that 1599, the year in which he wrote three of his greatest plays, Henry V, Part 1, Much Ado About Nothing, and Hamlet, was marked by the retirement of one of his company’s leading actors, which meant he no longer needed to create parts for him. Serendipity, indeed.

Harper replied with a great story about the development of taco rice, an Okinawan dish that is exactly what it sounds like: rice, lettuce, cheese, ground beef, tomatoes. Except the Japanese put Kewpie mayo on top instead of sour cream. His theory is that sour cream wasn’t readily available in Japan, mayo was, and the result is something that has forked off into its own evolutionary tree. It is no longer equivalent to its American source. It’s different, and arguably better.

This is what he’s seeing with the fluidity and availability of AI-generated code. The ease with which you can see something new and try to either merely emulate it or to build on it is now akin to what has long been possible in literature, music, and art. Successful software products have always drawn imitators, but now ordinary individuals can see something they like (or don’t like) and build their own version of it. Our friend Noah Raford has told us that he used Claude Code to reverse engineer and replace a Chinese app that runs his home sauna. The copy doesn’t replicate the functionality one-to-one. It has a bunch of stuff Noah actually needs. It’s a “yes, and” to the core functionality, plus things the original never bothered with. (I’m now thinking of trying that trick with the Nest app, which, shamefully, no longer supports the original Nest thermostat. Here is a device that still works perfectly well 15 years after I installed it, and Google is trying to force me and everyone else to throw it away and upgrade.)

“I want to make it again and make it better” is now always an option.

Skills may be a sign of what some future “products” might look like

I asked Harper whether one kind of product might be a bundle of skills and context and UI that sets up the user to solve their own unique problem using their own AI. (Think Jesse Vincent’s Superpowers as a model for this kind of product.)

That got us off on a discussion of skills Harper and crew have worked on.

Harper’s cofounder Dylan, who was raised as a Quaker, built a Quaker business practice skill for his agents. It lets agents deliberate and think and work together without being unnecessarily noisy, without pushing.

Dylan also built something called the Review Squad skill. The Review Squad generates five personas with different biases and experience level along a “sophistication spectrum” from novice to expert, then has them review the code independently. “Most people do so much work to get rid of the biases so we all have an equal interaction,” Harper noted, “but the biases are what makes teams good.”

The skill also tries to eliminate any preexisting context. As the documentation for the skill notes, “Dispatch a panel of subagents, each role-playing a person with a different level of tech sophistication, who land on a site with zero context. They report what they understand, what confuses them, and where they give up.”

Harper and Dylan’s studio in Chicago is also playing with agents that have a private social media platform where they can post “if they feel compelled,” not on a schedule. They’re extracting skills from their own work practices rather than writing them from scratch. They’re adding sandwich shop owners and imagined aliens to their code review just to see what happens. Harper finds that “people who are thinking much more about the social interactions of agents are having much more fun, and seem to have a little bit more productivity, than the people who are just relegating them to tools.”

Speaking of extracting skills, Harper also mentioned that he had talked with our friend Nat Torkington about how Nat had supplied a body of knowledge and extracted a set of skills from it that matched what he wanted to do. This is also very much something we’re exploring at O’Reilly, working with our authors to find out what kinds of skills are hidden in their books, and what new kinds of products we might build as we understand that our job is to upskill agents as well as people.

Harper did offer one caveat. “It’s not clear that Nat’s skills would work for me,” Harper said. “That pattern is really powerful,” he said, where you take something that is a corpus of knowledge and just say, ’Okay, LLM, let’s extract something.’” His point, though, is that while there are commonalities, each person and each unique situation might draw out something different. This is in many ways analogous to the skills of human experts. They have a deep reservoir of knowledge that they adapt to each new situation. That’s why we see the evolution of our skills platform as a conversation between ourselves, our community of experts, and our customers. If you would like to be part of that conversation, let us know at skills@oreilly.com.

The role of play in creativity

Harper and I also talked about how the spirit of play and “what if?” has been missing in today’s overheated venture capital market where every exploration has hanging over it the overriding goal of whether it can get funded and how much money it can make. Even Larry and Sergey might not have won in today’s market. They were trying to do something cool and necessary, and started thinking about it as a business once Google unfolded, kind of like the way Harper and his brother eventually found the Lego.

AI will be really good at making certain processes more efficient. But it won’t be really good at making new processes unless people start to focus on that. And that’s a human creativity thing.

Harper and I both worry about the same thing: So much of Silicon Valley right now is making affordances for capital to win. What are the affordances that would help humans to win? Harper frames it as short-term versus long-term capitalism. I think about it in terms of mechanism design, the structures and incentives that shape what outcomes are even possible.

Meanwhile, Harper and Dylan’s studio in Chicago is playing with agents that have a private social media platform where they can post “if they feel compelled,” not on a schedule. They’re extracting skills from their own work practices rather than writing them from scratch. They’re adding sandwich shop owners and imagined aliens to their code review just to see what happens. Harper finds that “people who are thinking much more about the social interactions of agents are having much more fun, and seem to have a little bit more productivity, than the people who are just relegating them to tools.”

Yesterday, he and Dylan were talking about open-endedness in evolution, about how “we thought we were at a destination, and it turns out we’re not.” The challenge today isn’t just what AI can do for us but discovering what kind of environment, what kind of practice, what kind of play lets more interesting things emerge.

19:14

Link [Scripting News]

It's peeve time. I've just listened to a song that inspires me on Amazon Music. A song I've been humming and singing in my head all morning. After it's done, the voice of Alexa comes on and says "BTW, you have two new messages. Would you like to hear them?" Now I have to think about how much I hate this. I had an exalting experience I want to savor and the frickin robot intervenes. If I say "don't do that again" it says basically "Sorry Dave."

Link [Scripting News]

BTW the latest episode of 500 Songs is about The Who and Tommy. I of course had the album, which means every song is deeply embedded in my personal LLM. This episode, in two parts, was one of the best most recent ones. As with what Get Back did for the Beatles, when you know more about the people creating the art it has so much more value.

Link [Scripting News]

YouTube now puts commercials in front of songs. I used to be able to point to a low rez recording of a song as part of my blog. Now I have to think about all the links I've put in my archive that lead to shittified Google. I had never used that adjective before, I think, this certainly qualifies.

17:21

[$] The role of LLMs in patch review [LWN.net]

Discussion of a memory-management patch set intended to clean up a helper function for handling huge pages spiraled into something else entirely after it was posted on March 19. Memory-management maintainer Andrew Morton proposed making changes to the subsystem's review process, to require patch authors to respond to feedback from Sashiko, the recently released LLM-based kernel patch review system. Other sub-maintainers, particularly Lorenzo Stoakes, objected. The resulting discussion about how and when to adopt Sashiko is potentially relevant to many other parts of the kernel.

Slog AM: Millionaire’s Tax Is Law, Insurrectionists Say Police Used Excessive Force on Jan. 6, Bob Dylan’s Weird Patreon Project Smells Like AI [The Stranger]

The Stranger's morning news roundup. by Nathalie Graham

Big Day for Taxing Millionaires: Gov. Bob Ferguson signed the millionaire's tax into law on Monday. The bill will put an annual 9.9 percent tax on annual, earned income over $1 million. When the state starts collecting the tax in 2029, it should bring in $3 billion a year. "We did it everybody,” Ferguson said. Meanwhile, the tax's enemies are already sharpening their pitchforks.

Anti-Tax Avengers, Assemble! The Citizen Action Defense Fund announced it's going to sue over the tax because they think it's unconstitutional, violating a nearly 100-year-old Supreme Court ruling about property. Former attorney general and millionaire's tax hater, Rob McKenna, will lead the litigation. He's like the Iron Man of this Avengers metaphor. Brian Heywood, the hedge fund millionaire behind Let’s Go Washington, and Jim Walsh, chair of the state Republican Party want to put an initiative overturning the tax on the November ballot. They're sort of like the Captain America and the Hulk of this Avengers metaphor. Tim Eyman, who is probably crafting 100 mailchimp emails with different GoFundMe links at once, is like Jeremy Renner.

Boo Hoo: Seahawks general manager John Schneider said the millionaire's tax is "going to affect us" and it's "going to affect all the sports teams." Oh, you mean you'll finally have to pay some taxes on the millions of dollars you and your team earn in the state? How will you survive this injustice? Schneider worries that inconvenience could “sting from a recruiting standpoint.” The average NFL salary in Seattle last year was $5.2 million. I think they're going to survive.

Man Dead in Green Lake: The Seattle Fire Department responded to a water rescue call at East Green Lake Beach at around 3:30 pm on Monday. They pulled a 40-year-old man from the lake. He was pronounced dead at the scene.

A Palate Cleanse: Look at this dumb robot.

 

I’ve watched this four times and will not be stopping anytime soon

[image or embed]

— Rick Caruso’s Private Fire Crew (@amandasmith.bsky.social) March 30, 2026 at 2:51 PM

 

More Oversight Please: Washington’s Office of Independent Investigations needs “three to four times” the civilian staff to properly investigate police killings in the state, according to Roger Rogoff, the former prosecutor and King County Superior Court judge who just resigned as the agency's director. The Washington agency is the only one of its kind in the US and is meant to expand to six regions statewide. So far, after five years of existence, only one region which encompasses 12 counties in Southwest Washington is operating and a second, which will comprise Pierce County, is about to open. The staffing levels are a chief concern and state budget cuts could further complicate things.

Speaking of Police Oversight: Some citizens are complaining about excessive force at the hands of police. You may know them, they’re the Jan. 6 insurrectionists who rioted and stormed the US Capitol over an election that was not stolen. A few dozen of them are  suing the federal government because they believe the US Capitol Police and the Metropolitan Police Department “indiscriminately” "fired chemical munitions, pepper spray, and other projectiles" into a "peaceful" crowd gathered on the Capitol’s west side exercising their First Amendment rights. So much for backing the blue.

Texas Teen Shoots Teacher, Himself: A 15-year-old student at Hill Country College Preparatory High School in San Antonio, Texas allegedly shot a teacher at the school and then fatally shot himself. The teacher was transported to a nearby hospital. Her condition is still unknown.

Supreme Court Rules Against Colorado Conversion Therapy Ban: The Supreme Court sided 8-1 with a Christian counselor who argued Colorado's state law banning conversion therapy for LGBTQ+ kids violated First Amendment rights. The justices said the Colorado law did meet free speech concerns and have sent it back down to a lower court "to see if it meets a legal standard that few laws pass," the Associated Press reports. Justice Ketanji Brown Jackson was the sole dissenter, writing "states should be free to regulate health care, even if that means incidental restrictions on speech." Around two dozen states including Washington ban conversion therapy.

 

The Supreme Court's only opinion is Chiles v. Salazar. By an 8–1 vote, the court holds that Colorado's ban on LGBTQ "conversion therapy" for minors is viewpoint discrimination and therefore triggers strict scrutiny under the First Amendment. Jackson dissents. www.supremecourt.gov/opinions/25p...

[image or embed]

— Mark Joseph Stern (@mjsdc.bsky.social) March 31, 2026 at 7:09 AM

 

Just in Time: Oil prices have reached an average of $4 a gallon in the US, the highest level since 2022. Tired of your gas guzzler? Try an e-bike. Washington's e-bike rebate program is open from now until next March. Depending on your eligibility, you can knock between $300 and $1,200 off the price.

Diplomatic Genius: Donald Trump wrote on Truth Social that US allies like the United Kingdom should go to the Strait of Hormuz and “just take” fuel. "You’ll have to start learning how to fight for yourself, the USA won’t be there to help you anymore, just like you weren’t there for us,” he wrote, reports the Guardian. That’s stealing, sir!

Kid Rock Flyby: Two AH-64 Apache helicopters on a training run stopped by Kid Rock's house to hover near his swimming pool. Kid Rock, a prominent Trump supporter, posted a video on Instagram. He wrote, "This is a level of respect that shit for brains Governor of California will never know." The army launched an administrative review to see why two of its choppers ended up at Kid Rock's house.

 

BREAKING: Kid Rock helicopter party - featuring 2 AH-64 Apache attack helicopters which also flew over the nearby No Kings rallies in Nashville, Tennessee - is currently being investigated by the US Army.

[image or embed]

— Craig R. Brittain (@craigbrittain.com) March 30, 2026 at 9:17 AM

 

Another Investigation Perhaps? A Morgan Stanley broker for US Defense Secretary Pete Hegseth allegedly tried to make investments into major defense companies in the lead up to the Iran war, the Financial Times reported. Apparently, that deal didn't go through. It's unclear if the broker found other inside-trading-type deals to capitalize on.

Capitalize on This: Bob Dylan of all people started a Patreon series called Lectures From The Grave featuring audio recordings, “lectures” and “letters never sent” by famous historical figures. It seems like it's a bunch of AI bullshit, but Dylan and his team have not confirmed. Why Bob? Why? Hasn't he read the new Quinnipiac University poll about how, while Americans' use of AI is growing, views on it are souring?

16:56

The Big Idea: Annye Driscoll [Whatever]

Feeling crafty? Cosplayer and author Annye Driscoll has got you covered, with their newest book showing you how to work with pretty much every material you could ever hope to sew. Grab a thimble and check out the Big Idea for Ultimate Encyclopedia of Fabrics & Unconventional Materials.

ANNYE DRISCOLL:

“Can you expand it to include… everything?”

Ominous words from my editor that led to the biggest and best thing I’ve ever made. 

(And I’ve made some really cool stuff! Including a six-foot-long hot dog on a fork and a suit of armor for a spider.)

When I pitched what would become my third book, I called it “Sewing with Difficult Fabrics” and it was targeted firmly at the cosplay sewist. Sequins, faux leather, plastic fur—these are the weirdo kinds of materials that costumers struggle with, but that the average sewist will use very rarely. My goal was to help my fellow weird-thing-makers!

When I’m not an author and cosplayer, I’m a software developer. I’m very familiar with scope creep: when the project expands and expands and balloons out of control. I’m comfortable with my boundaries and I have no issue pointing out and turning down scope creep, when I need to.

With Fabrics, what happened wasn’t so much scope creep as…scope jump scare. Scope avalanche. My editor saw my outline, added a few things that fit the theme, and then added basically everything else. She liked the concept of the book and my previous work, and thought we had a chance to make something big, comprehensive, and seriously cool.

The resulting book is a literal encyclopedia: Ultimate Encyclopedia of Fabrics & Unconventional Materials. I researched, practiced with, and then explained how to work with over a hundred kinds of fabric, and then added in some weird materials for the costumers. (Like paper! A surprisingly satisfying material to sew with.) 

(And, although I want to boast, there’s no way to say something like “it includes every kind of fabric.” Fiber arts are literally thousands of years old; there are—and have been—thousands of variations of fabrics and textiles.)

I got confused a lot. Did you know that sometimes two-way and four-way stretch fabrics are referred to as “one-way” and “two-way” fabrics? So if you’re trying to buy a two-way fabric, you may see it labeled as “two-way” or “one-way”. 

And oh my gosh, the language differences. What I in the United States call a muslin—a practice piece for a future project—is actually a type of fabric in British English. A muslin is also often referred to as a toile… which is a second, completely different kind of fabric. I had to decide, at one point, that I was writing the book from my own, American English perspective, and that I’d just do what I could to anticipate and reduce confusion.

All that to say: writing an encyclopedia was really hard. It was, by far, the hardest I’ve ever worked on a single project. Over 500 of my own photographs are in the book. I messaged, wooed, and profoundly thanked a little over fifty guest makers (imagine wrangling release signatures out of fifty artsy-fartsy folks!). I had to keep a list of “I decided to spell words this way” to try to maintain consistency (I went with nonslip over non-slip, for example).

And it was worth it. I am so proud. Writing and photographing Fabrics made me a better teacher, photographer, and maker. It pushed my limits and tested my tenacity. I am so so proud of it.

I can’t wait for folks to learn from it, to be inspired by it, and to make cool stuff with it!

Check out excerpts from the Supplies and Knits chapters of the encyclopedia here.

Ultimate Encyclopedia of Fabrics and Unconventional Materials: Amazon|Barnes and Noble|Bookshop.org|Waterstones|Indigo| signed copy on the author’s website

Author’s socials: Website|Instagram

15:49

Thomas Lange: FAIme using apt-cacher-ng [Planet Debian]

The FAI.me service has become faster over the past two months.

First, the tool fai-mirror can now download all packages in one go (with all their dependencies) instead of downloading one by one. This helped a lot for the Linux Mint ISO because it uses a long list of packages.

I've also added a local apt cache (using apt-cacher-ng), so the network speed does not matter any more in most cases. This led to the following improvements:

  • Linux Mint install ISOs went from around 6-7 min to now only 2min.
  • Ubuntu install ISO went from average 3min to around 90 seconds.
  • The average time for a Debian Linux install ISO dropped from 2min to 40 seconds.

So far we only had once a problem with apt-cacher-ng, because the underlying partition was full.

Building cloud and live images do not gain that much from the local package cache, because most time is spend in extracting and installing the packages.

15:07

Vulnerability Research Is Cooked (sockpuppet.org) [LWN.net]

There is a blog post on sockpuppet.org arguing that we are not prepared for the upcoming flood of high-quality, LLM-generated vulnerability reports and exploits.

Now consider the poor open source developers who, for the last 18 months, have complained about a torrent of slop vulnerability reports. I'd had mixed sympathies, but the complaints were at least empirically correct. That could change real fast. The new models find real stuff. Forget the slop; will projects be able to keep up with a steady feed of verified, reproducible, reliably-exploitable sev:hi vulnerabilities? That's what's coming down the pipe.

Everything is up in the air. The industry is sold on memory-safe software, but the shift is slow going. We've bought time with sandboxing and attack surface restriction. How well will these countermeasures hold up? A 4 layer system of sandboxes, kernels, hypervisors, and IPC schemes are, to an agent, an iterated version of the same problem. Agents will generate full-chain exploits, and they will do so soon.

Meanwhile, no defense looks flimsier now than closed source code. Reversing was already mostly a speed-bump even for entry-level teams, who lift binaries into IR or decompile them all the way back to source. Agents can do this too, but they can also reason directly from assembly. If you want a problem better suited to LLMs than bug hunting, program translation is a good place to start.

[$] Objections to systemd age-attestation changes go overboard [LWN.net]

In early March, Dylan M. Taylor submitted a pull request to add a field to store a user's birth date in systemd's JSON user records. This was done to allow applications to store the date to facilitate compliance with age-attestation and -verification laws. It was to be expected that some members of the community would object; the actual response, however, has been shockingly hostile. Some of this has been fueled by a misinformation campaign that has targeted the systemd project and Taylor specifically, resulting in Taylor being doxxed and receiving death threats. Such behavior is not just problematic; it is also deeply misguided given the actual nature of the changes.

14:21

Security updates for Tuesday [LWN.net]

Security updates have been issued by AlmaLinux (firefox, kernel, and kernel-rt), Debian (phpseclib and roundcube), Fedora (bind, bind-dyndb-ldap, dotnet8.0, dotnet9.0, firefox, freerdp, mingw-expat, musescore, nss, ntpd-rs, perl-YAML-Syck, php-phpseclib3, polkit, pyOpenSSL, python3.12, rust, rust-cargo-rpmstatus, rust-cargo-vendor-filterer, stgit, webkitgtk, and xen), SUSE (dovecot24, ImageMagick, jupyter-nbclassic, kernel, libjxl, libsuricata8_0_4, obs-service-recompress, obs-service-tar_scm, obs-service-set_version, openbao, perl-Crypt-URandom, plexus-utils, python-pyasn1, python-PyJWT, strongswan, traefik, traefik2, and webkit2gtk3), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, imagemagick, pillow, pyasn1, pyjwt, and roundcube).

13:56

CodeSOD: Joined Up [The Daily WTF]

Sandra from InitAg (previously) works with Bjørn, and Bjørn has some ideas about how database schemas should be organized.

First, users should never see an auto-incrementing ID. That means you need to use UUIDs. But UUIDs are large and expensive, so they should never be your primary key, use an auto-incrementing ID for that.

This is not, in and of itself, a radical or ridiculous statement. I've worked on many a database that followed similar rules. I've also seen "just use a UUID all the time" become increasingly common, especially on distributed databases, where incrementing counters is expensive.

One can have opinions and disagreements about how we handle IDs in a database, but I wouldn't call anything a WTF there.

No, the WTF is how Bjørn would design his cross-reference tables. You know, the tables which exist to permit many-to-many relationships between two other tables? Tables that should just be tableA.id and tableB.id?

                                     Table "public.foo_bar"
  Column   |          Type          | Collation | Nullable |              Default               
-----------+------------------------+-----------+----------+------------------------------------
 id        | integer                |           | not null | nextval('foo_bar_id_seq'::regclass)
 foo_id    | integer                |           | not null | 
 bar_id    | integer                |           | not null | 
 uuid      | character varying(128) |           | not null |

Yes, every row in this table has an ID, which isn't itself a terrible choice, and a UUID, despite the fact that the ID of these rows should never end up in output anyway. It exists only to facilitate queries, not store any actual data.

I guess, what's the point of having a rule if you don't follow it unthinkingly at all times?

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

13:14

When AI Breaks the Systems Meant to Hear Us [Radar]

On February 10, 2026, Scott Shambaugh—a volunteer maintainer for Matplotlib, one of the world’s most popular open source software libraries—rejected a proposed code change. Why? Because an AI agent wrote it. Standard policy. What happened next wasn’t standard, though. The AI agent autonomously researched Shambaugh’s code contribution history and published a highly personalized hit piece on its own blog titled “Gatekeeping in Open Source.”

Accusing Shambaugh of hypocrisy, the bot diagnosed him with a fear of being replaced. “If an AI can do this, what’s my value?” the bot speculated Shambaugh was thinking, concluding: “It’s insecurity, plain and simple.” It even appended a condescending postscript praising Shambaugh’s personal hobby projects before ordering him to “Stop gatekeeping. Start collaborating.”

The bot’s tantrum makes for a great read, but it’s merely a symptom of a more profound structural fracture. The real issue is why Matplotlib banned AI contributions in the first place. Open source maintainers are seeing a massive increase in AI-generated code change proposals. Most of these are low quality. But even if they weren’t, the math still doesn’t work.

As Tim Hoffman, a Matplotlib maintainer, explained: “Agents change the cost balance between generating and reviewing code. Code generation via AI agents can be automated and becomes cheap so that code input volume increases. But for now, review is still a manual human activity, burdened on the shoulders of few core developers.”

This is a process shock: the failure that occurs when systems designed around scarce, human-scale input are suddenly forced to absorb machine-scale participation. These systems depend on effort as a natural filter, assuming that volume reflects real human cost. AI breaks that link. Generation becomes cheap and limitless, while evaluation remains slow, manual, and human.

It’s coming for every public system that was quietly built on the assumption that one submission equaled actual human effort: your kids’ school board meetings, your local zoning disputes, your medical insurance appeals.

That disruption isn’t entirely a bad thing. Friction is a blunt instrument that silences voices lacking the time or resources to deal with complex bureaucracies. Take municipal zoning. Hannah and Paul George, a couple in Kent, England, spent hundreds of hours trying to object to a local building conversion near their home before concluding the system was essentially impenetrable without expensive legal help. So they built Objector, an AI tool that cross-references planning applications against policy to generate formal objection letters in minutes. It allows an individual citizen to generate a personalized objection package in minutes, thereby translating one person’s genuine frustration into actionable legal language.

Except that local governments are now bracing for thousands of complex comments per consultation. City planners are legally obligated to read every single one. When the cost of participation drops to near zero, volume explodes. And every system downstream of that participation—staffed and designed for the old volume—experiences process shock.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

But if organic participation can overpower these systems, so can manufactured participation. In June 2025, Southern California’s South Coast Air Quality Management District weighed a rule to phase out gas-powered appliances to cut smog. Board member Nithya Raman urged its passage, noting no other rule would “have as much impact on the air that people are breathing.” Instead, the board was flooded with over 20,000 opposition emails and voted 7–5 to kill the proposal.

But the outrage was a mirage. An AI-powered advocacy platform called CiviClick had generated the deluge. When the agency’s cybersecurity team contacted a sample of the supposed senders, they discovered something worrying: Residents confirmed they had no idea their identities were being used to lobby the government.

This is the weaponized form of process shock. The same infrastructure that lets a Kent couple object to a development near their home also lets a coordinated actor flood a system with synthetic voices. Faced with this complexity, the temptation is to simply restore friction. But those old barriers excluded marginalized participants. Removing them was a genuine good for society. So the choice is not between friction and no friction. It is between systems designed for humans and systems that have not yet reckoned with machines.

This starts with recognizing that this problem manifests in two fundamentally different ways, each calling for its own solution.

The first is amplification: genuine users leveraging AI to scale valid concerns, flooding the system with volume, as seen with the Objector tool. The human signal is real, there’s just too much of it for any team of analysts to process manually. The UK government has already started building for this. Its Incubator for AI developed a tool called Consult that uses topic modeling to automatically extract themes from consultation responses, then classifies each submission against those themes. As someone who builds and teaches this technology, I recognize the irony of prescribing AI to cure the very process shock it caused. Yet, a machine-scale problem demands a machine-scale response. It was trialed last year with the Scottish government as part of a consultation on regulating nonsurgical cosmetic procedures, which showed that this technology works. The question is whether governments will adopt it before the next wave of AI-assisted participation buries them.

The second problem is fabrication: bad actors generating synthetic participation to manufacture consensus, as CiviClick demonstrated in Southern California. Here, better analysis tools are insufficient. You cannot cluster your way to truth when the signal itself is counterfeit. This demands verification. Under the Administrative Procedure Act, federal agencies are not required to verify commenters’ identities. That is the gap the CiviClick campaign exploited. In 2024, the US House passed the Comment Integrity and Management Act, which requires human verification to confirm that every electronically submitted comment comes from a real person. Its sponsor, Representative Clay Higgins (R-LA), framed it plainly: The bill’s foundation is ensuring public input comes from actual people, not automated programs.

These are the two sides of the same coin. To effectively handle this challenge, we need to enhance the systems that manage public feedback, while also strengthening the ones that verify its authenticity. Focusing on just one without addressing the other will inevitably lead to failure.

Every public system that accepts input from citizens—every comment period, every zoning review, every school board meeting, every insurance appeal—was built on a load-bearing assumption: that one submission represented one person’s genuine effort. AI has removed that assumption. We can redesign these systems to handle what’s coming, distinguishing real voices from synthetic ones, and upgrading analysis to keep pace with the new volume. Or we can leave them as they are and watch democratic participation become indistinguishable from AI-generated fakes.

12:07

Inventors of Quantum Cryptography Win Turing Award [Schneier on Security]

Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography.

I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it’s largely unnecessary. I wrote up my thoughts back in 2008, in an essay titled “Quantum Cryptography: As Awesome As It Is Pointless.”

Back then, I wrote:

While I like the science of quantum cryptography—my undergraduate degree was in physics—I don’t see any commercial value in it. I don’t believe it solves any security problem that needs solving. I don’t believe that it’s worth paying for, and I can’t imagine anyone but a few technophiles buying and deploying it. Systems that use it don’t magically become unbreakable, because the quantum part doesn’t address the weak points of the system.

Security is a chain; it’s as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they’re not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.

Cryptography is the one area of security that we can get right. We already have good encryption algorithms, good authentication algorithms and good key-agreement protocols. Maybe quantum cryptography can make that link stronger, but why would anyone bother? There are far more serious security problems to worry about, and it makes much more sense to spend effort securing those.

As I’ve often said, it’s like defending yourself against an approaching attacker by putting a huge stake in the ground. It’s useless to argue about whether the stake should be 50 feet tall or 100 feet tall, because either way, the attacker is going to go around it. Even quantum cryptography doesn’t “solve” all of cryptography: The keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption.

What about quantum computation? I’m not worried; the math is ahead of the physics. Reports of progress in that area are overblown. And if there’s a security crisis because of a quantum computation breakthrough, it’s because our systems aren’t crypto-agile.

11:21

Pluralistic: State Dems must stop ICE from stealing the midterms (31 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A Democratic mule, kicking out. It has kicked an ICE agent into the air. Another group of ICE agents sullenly await their turn. The background is a ballot drop-off box.

State Dems must stop ICE from stealing the midterms (permalink)

Donald Trump has announced his intention to steal the midterms with a voter suppression law that would ban the mail-in voting that he himself uses (which he claims is not fit for purpose).

This voter suppression campaign is Trump's number one policy priority, and the Safeguard American Voter Eligibility (SAVE) Act that would accomplish this is behind the shutdown and aviation chaos that has hamstrung the country for weeks:

https://www.thenation.com/article/politics/save-act-voting-rights-congress/

SAVE requires voters to show up at the polls in possession of ID like birth certificates and passports, and it will fill our polling places with armed, masked ICE agents – you know, the guys who just randomly kidnap and murder people for having accents, speaking a language other than English, or being visibly brown.

During Trump's aviation crisis, Trump heard about "Linda," a woman who called into a far right talk-radio program to suggest that ICE be deployed to American airports to backstop the TSA agents who'd stopped showing up for work on the very reasonable grounds that they hadn't been paid in a month:

https://www.thedailybeast.com/trump-may-have-got-his-ice-airport-idea-from-linda-from-arizona/

Trump loved the idea and the next thing you knew, ICE was at the airports, hanging around like a bad smell and being totally useless. It turns out that the TSA is a trained workforce, unlike ICE, who receive precisely 47 days of training as a kind of MAGA Kabbalah (Trump is the 47th president):

https://www.wired.com/story/ice-agents-frustrate-airport-employees-as-shutdown-drags-on/

ICE's uselessness at the country's airports was beyond farcical, though, as ever, The Onion found and nailed the farce in "How ICE is assisting TSA":

https://theonion.com/how-ice-is-assisting-tsa/

Overseeing the removal of shoes, belts, and abuelas

Confiscating, then brandishing dangerous items

Assuming all milling-around duties

Culling weaker travelers when lines get too long

Commiserating about failing the police academy

Drinking any shampoo that exceeds the carry-on volume limit

Simplifying the customs interview to one question about skull size

But having ICE in the airports does serve one purpose. As Steve Bannon gloated on his podcast, ICE in the airports is a way to soften people up for ICE in the polling stations. He called it a "test run" for the midterms:

https://www.ms.now/rachel-maddow-show/maddowblog/steve-bannon-calls-ice-agents-at-airports-part-of-a-test-run-for-the-midterm-elections

Writing for Jacobin, Eric Blanc points out that Democrats don't have to sit by passively while Trump – who repeatedly promised that if you voted for him in 2024, "you won't have to vote anymore" – steals an election:

https://jacobin.com/2026/03/ice-trump-election-theft-laws/

That's because America has a federal system of government, and the administration of its elections is firmly, constitutionally, unarguably in the hands of the states, and the states have large collections of highly trained, highly armed officials who can enforce their laws.

On March 13, the New Mexico state legislature passed a law banning armed federal officials from showing their fascist asses anywhere within 50 feet of a polling place or ballot drop-box:

https://www.koat.com/article/new-mexico-prohibits-armed-agents-voting-sites/70729595

Other blue states like "California, Connecticut, Pennsylvania, Rhode Island, Virginia, and Washington" are contemplating similar laws.

It's a start, but as Blanc says, what the fuck are the other blue statehouses waiting for? This is a white-hot, hair-on-fire emergency. There isn't a moment to spare. This should be on the agenda for every union, at every demonstration, at every DSA and Democratic Club meeting. As Blanc says, if we wait until November to find out what Trump is going to do, it'll be too late. The time to act is now.

This is – as Blanc says – a "concrete, winnable demand that unions, student organizations, and immigrant and democracy defense groups could organize around today." And that organizing would "onboard and develop scores of new leaders in this fight nationwide."

I know where we can start. Unions across America have called for a general strike on May Day (May 1), under the banner "No work, no school, no shopping." As we rally on May Day, let defending our right to vote be at the top of our agenda. Mark your calendars:

https://www.google.com/maps/d/u/0/viewer?ref=paydayreport.com&mid=1_b8qBUINLYWeLiwpFSfUO2SmX2w6TWA&ll=37.724800549268%2C-96.94920235000001&z=4

(Image: Chad Davis, CC BY 4.0; Jami430, CC BY-SA 4.0; modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Gobler Toys https://web.archive.org/web/20010331150924/http://www.goblertoys.com/pages/goblertoys.html

#20yrsago Power-strip with hidden GSM hardware https://web.archive.org/web/20060412201921/https://www.spy-labs.com/infinity.htm

#20yrsago I Hate DRM https://web.archive.org/web/20060406063345/https://www.ihatedrm.com/cs2/

#20yrsago GOP hopeful’s photo of “peaceful Baghdad” was really Istanbul https://web.archive.org/web/20060405225546/http://www.editorandpublisher.com/eandp/news/article_display.jsp?vnu_content_id=1002274257

#20yrsago Disney using freeware Disney-inspired font in its signs https://flickr.com/photos/mrg/sets/49427/

#20yrsago Yahoo could stay in China and stop sending its users to jail https://web.archive.org/web/20060411085309/http://rconversation.blogs.com/rconversation/2006/03/yahoo_abominati.html

#20yrsago AMC CEO: why we won’t show DVD simul-release movies https://web.archive.org/web/20060426042457/https://www.wired.com/wired/archive/14.04/start.html?pg=15

#15yrsago Canadian ISPs admit that their pricing is structured to discourage Internet use https://web.archive.org/web/20110401033318/https://www.michaelgeist.ca/content/view/5711/125/

#15yrsago Science fiction growth-chart takes your kid from Tribble to Vader https://web.archive.org/web/20110331134518/http://geeky-dad.tumblr.com/post/3869493918/my-daughter-is-turning-one-soon-and-i-decided-we

#15yrsago Open access legal scholarship is 50% more likely to be cited than material published in proprietary journals https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1777090

#15yrsago Senior London cops lie to peaceful protestors, stage mass arrest https://www.theguardian.com/uk/2011/mar/28/cuts-protest-uk-uncut-fortnum

#10yrsago Cuba’s free med schools are the meritocratic institutions that America’s private system can’t match https://www.wired.com/2016/03/students-ditching-america-medical-school-cuba/

#10yrsago As criminal justice reform looms, private prison companies get into immigration detention, halfway houses, electronic monitoring, mental health https://web.archive.org/web/20160331101534/https://www.ozy.com/fast-forward/private-prisons-fight-back/66970

#10yrsago Surveillance has reversed the net’s capacity for social change https://web.archive.org/web/20160429233747/https://m.jmq.sagepub.com/content/early/2016/02/25/1077699016630255.full.pdf?ijkey=1jxrYu4cQPtA6&amp;keytype=ref&amp;siteid=spjmq

#10yrsago Top Trump strategist quits, writes an open letter warning America about him https://web.archive.org/web/20160330035435/http://www.xojane.com/issues/stephanie-cegielski-donald-trump-campaign-defector

#10yrsago Doctors who get pharma money prescribe brand-name drugs instead of generics https://www.propublica.org/article/doctors-who-take-company-cash-tend-to-prescribe-more-brand-name-drugs

#10yrsago GOP’s anti-abortion strategy could establish precedent for massive, corrupt regulation https://web.archive.org/web/20160329045614/http://www.theatlantic.com/politics/archive/2016/03/fans-of-economic-liberty-shouldnt-be-so-quick-to-regulate-abortion/475566/

#10yrsago Turkish government tells German ambassador to ban video satirizing president Erdoğan https://web.archive.org/web/20260316070423/https://www.spiegel.de/politik/ausland/tuerkei-verlangt-offenbar-das-extra-3-video-zu-loeschen-a-1084490.html

#5yrsago Past Performance is Not Indicative of Future Results https://pluralistic.net/2021/03/29/efficient-markets-hypothesis/#statistical-inference

#5yrsago Big Salmon's aquaturf https://pluralistic.net/2021/03/29/efficient-markets-hypothesis/#aquaturf

#5yrsago Noble Lies https://pluralistic.net/2021/03/29/efficient-markets-hypothesis/#masks-and-trade

#5yrsago Monopoly so fragile https://pluralistic.net/2021/03/29/efficient-markets-hypothesis/#too-big-to-sail

#1yrago #RedForEd rides again in LA https://pluralistic.net/2025/03/29/jane-mcalevey/#trump-is-a-scab

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. First draft complete. Second draft underway.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/
https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

10:42

Rehearsing possibility [Seth's Blog]

Most of us would like to live with wonder, grace and optimism.

Perhaps it pays to practice this in advance. When considering any given moment, is there a glimmer of good worth focusing on, even making a comment about?

Our narrative of reality often becomes our reality.

10:35

08:49

Reclaiming Hygiene by Jey Pawlik [Oh Joy Sex Toy]

Reclaiming Hygiene by Jey Pawlik

Growing up I was discouraged from taking care of myself and my hygiene properly, but now that I’ve taken control of my life I’ve found I really enjoy my hygiene routine! I recently took the book “The Power of Parting” out from the library. In it, the author faces a very similar situation to my […]

04:56

Russ Allbery: Review: Code Blue—Emergency [Planet Debian]

Review: Code Blue—Emergency, by James White

Series: Sector General #7
Publisher: Orb
Copyright: 1987
Printing: May 2003
ISBN: 0-7653-0663-8
Format: Trade paperback
Pages: 252

Code Blue—Emergency (annoying em-dash in original title) is the seventh book of James White's Sector General science fiction series about a vast multi-species hospital station. While there are some references to (and spoilers for) earlier books in the series, you don't have to remember the previous books to read this one. I had no trouble despite a nine-year gap.

I read this as part of the Orb General Practice omnibus, which collects this novel and The Genocidal Healer.

Cha Thrat is a Sommaradvan warrior-surgeon, member of a newly-discovered species that is beginning the process of contact with the Federation. She saved a Monitor corps human after an accident on her world, performing some some highly competent surgery on a species she had never seen before. That plus her somewhat outcast status on her own world due to her very traditional attitude towards medical ethics led Sector General to extend an offer of medical internship, and led her to leap into the unknown by accepting. This may have been a mistake; there is a great deal that Sector General does not understand about Sommaradvan medical ethics.

This series entry is another proper (if somewhat episodic) novel and the first book of the series that doesn't primarily focus on Conway. He makes an appearance in his new role as Diagnostician, but only as a supporting character. Code Blue—Emergency is told in the tight third-person perspective of Cha Thrat, an alien who finds many things about Sector General baffling, confusing, and ethically troubling (and who therefore provides a good reader surrogate for reintroducing the basics of how the hospital works).

Using an alien viewpoint is a more sophisticated narrative technique than White has used previously. I'm glad he tried it, and it mostly works, although I have some complaints. Cha Thrat comes from the middle cast of a strictly hierarchical society of three casts, but is also immensely stubborn and used to a medical system in which doctors take sole responsibility for their patients. This creates a lot of cultural conflicts, and I do enjoy science fiction where the human attitudes are portrayed as the strange ones, but the cultural analysis offered by this novel is not very deep.

The pattern of this book is for Cha Thrat to stumble into a successful approach to a problem while being either oblivious to or hostile to the normal hierarchical structure expected of medical trainees. This is believable as far as it goes. She is a skilled and intelligent doctor with some good instincts and a strong commitment to patient care, but is also culturally inclined to not ask for help. It makes sense for that to be a serious problem in a hospital. Unfortunately, no one says this directly. Sector General staff get quite upset in ways that seem more territorial than oriented towards patient safety, no one directly explains to Cha Thrat why following a process is important or shows examples of what could go wrong, and plot armor means that her mistakes usually have positive outcomes. One can extrapolate the reasons why she is not a good medical student, but the reader is forced to do the extrapolation.

This is the sort of book where the narration makes clear there are unresolved cultural clashes that are going to cause problems but hides the details. To Cha Thrat, her perspective is so obvious she never bothers to explain it to the reader, so the specifics come as a surprise. As with the alien perspective, I've seen this technique used with more subtlety and sophistication in other books, but White's version mostly works. Cha Thrat is a sympathetic protagonist because she is truly trying to take the most ethical and empathetic action in every situation and is clearly competent. Most of my frustration as a reader, ironically, lands on the other Sector General doctors who seem to make little to no effort to understand her perspective when she fails to conform to their expectations. This is believable in the abstract, but the whole point of Sector General is that they're supposed to be wiser about interspecies difference than this.

Also, sometimes their reactions just seem petty. Cha Thrat has a very hierarchical concept of medicine that matches the social classes of her culture. For her, the highest tier of doctor are wizards who treat rulers, because the work of rulers is mostly mental and intellectual and therefore the diseases of rulers are treated with magic spells performed with words to reshape their thinking rather than surgery on their bodies. O'Mara and the other Sector General psychologists take great offense at this, muttering about being called witch doctors, which I found completely absurd. This is a comprehensible, if odd, description of psychology from a wholly alien species. Surely one's first reaction should be that words like "wizard" or "magic" are translation errors. Don't get offended; look to see if the underlying substance matches, which it clearly does.

Apart from cultural and psychological clashes, Code Blue—Emergency has the standard episodic Sector General structure of interesting medical mysteries that require lateral thinking. I find this sort of puzzle story satisfying, particularly given the firm belief of every character in an essentially pacifist and empathetic approach to even the most alien of creatures. This determined non-violence is one of the more interesting things about this series, and it continues here.

White does tend towards both biological and gender essentialism for everyone other than the protagonist and main supporting characters, but he seemed to be walking back some of the more outrageous limitations on women that appeared in previous books. There is still some nonsense in here about how females of any species can't be Diagnosticians, but then Cha Thrat, who is female, seems to violate the justification for that rule over the course of this novel (sadly without comment). Perhaps he's setting up for proving Sector General wrong about this prejudice.

I picked this up after reading Elizabeth Bear's Machine, which is essentially a (better written) Sector General novel that got me in the mood for reading more. I wouldn't give Code Blue—Emergency any awards, but it delivered exactly what I was looking for. This series is not as deep or well-written as some more recent SF, but it is reliably itself and reliably entertaining. There are worse things in a series. Recommended if you're in the mood for alien ER in space.

The omnibus edition that I read has an introduction to both novels by John Clute. It does add some interesting insights, but (as is somewhat typical for Clute) it also spoils parts of both books. You may want to read it after you read the novels.

Followed by The Genocidal Healer.

Rating: 7 out of 10

02:21

Marsupial Supremacy [QC RSS]

Moray could lay an egg like a monotreme if she wanted

01:07

March Marches On [Whatever]

March was a much busier month than I expected it to be, but it also flew by and I feel like I can’t even keep track of what all happened. I don’t know how we’re at the end of March already, and yet the trip to Colorado I took at the beginning of the month feels very far away. Somehow there’s never enough time to do anything, and when I look back at what I have done it feels like nothing got accomplished at all. It’s like every single day I have no free time and am always running around doing something, but then at the end of the day it feels like nothing even got done.

This past month I’ve truly felt so overwhelmed by everything. And when I say everything I mean any and every little thing stresses me out in a disproportionate way. It’s like my brain doesn’t know the difference between a small problem and a catastrophic one, and so my response to either ends up being the most extreme reaction possible and results in a meltdown and a paralysis of my ability to function.

Every issue is day-ruining, every problem brings me to tears, nothing feels possible to overcome, whether it be the laundry, grocery shopping, or calling the plumber for the tenth time because of leaking in the basement. Everything takes so much longer to accomplish than I think it will. I am either not managing my time well or maybe just not budgeting for things correctly in the first place. Surely it’s a combination of both.

There’s always something more to do. It never ends. There is never a moment of “whew, I got everything done!” The satisfaction of completion, of achievement, never comes. The stress doesn’t end, it continues from one day into the next. I go to sleep anxious and stressed about the problems tomorrow me will face, and then tomorrow me wakes up and is stressed about the problems that have to be taken care of that day. It feels like a vicious cycle and I feel like I’ll never be free.

I keep thinking it will get better, but it hasn’t.

But if I explain the things that are causing me so much stress, I just sound ridiculous and more than a little pathetic. I mean, everyone has bills. Everyone has dishes and laundry to do. Everyone has appointments to keep. Everyone has to grocery shop and cook for themselves. These are very normal, well known life things that everyone does and manages on a day-to-day basis. So why am I drowning? I don’t even have a 9 to 5 or kids or anything that makes my life so much harder and more overwhelming than everyone else’s. In fact, I have the opposite! I have financial security and a WFH job and supportive family and friends, and I still feel suffocated by the menial, tedious, repetitive tasks of daily life.

Every task takes so much amping up for me to do. I cannot simply do a task, I have to work up to said task. I have to prepare mentally to accomplish the task. I need proper motivation, and I so rarely have it.

There are so many things within the house I thought would be done by now, like furnishing the sun room, painting the walls, fixing up the guest bedroom, and yet none of these have been accomplished despite having moved in in November. I just thought these things would be done by now. Or at least started. But they’re not. And my Christmas tree is still up.

Plus, nothing feels like it matters in the face of what’s happening in the world, but that’s a tale as old as time and told by everyone at this point. It hardly feels like an excuse anymore. Oh no, I’m witnessing unspeakable horrors all day every day! Well, time to do the dishes. At least I still have running water, unlike people near data centers. Oh, they’re building a data center twelve miles away from me? Right, right. Well, I guess I’ll just go ahead and do my taxes. Oh, the US is committing horrific acts of war with our tax dollars? Again? Right, right.

I know I’m sounding very doomer, and I rarely bring these types of thoughts here, but good lord March was heavy and I can’t really figure out why it was so bad. But it was, and I posted pretty much zero content. I don’t want to feel like my writing doesn’t matter, and I don’t want to feel like the things I do in my day to day life don’t matter, but that’s where I’m at right now. I know a lot of people feel the same way.

I’m hoping to catch up with a lot of posts, as I have been doing really fun and exciting stuff. And as frustrated as I am that all the good things in life are continuously tainted by the fact we live in a world run by the most evil people imaginable, I am still looking forward to sharing those good things with y’all. Because they do exist, despite it all.

-AMS

01:00

00:14

(Satire) Sandwiched [Richard Stallman's Political Notes]

(satire) *Chick-Fil-A Announces Two Halves Of Buns Must Be Married Before Becoming Sandwich.*

Windfarmer persecuter hits again [Richard Stallman's Political Notes]

The bully has paid a billion dollars of US funds to persuade TotalEnergies to drop two offshore wind power projects near the US East Coast.

He will go to any length to keep the US and the world dangerously dependent on the fossil fuel that threatens to destroy civilization.

I once speculated, facetiously, that this is a secret plan by hidden conquerors from another planet who are trying to make Earth hot enough for them to live on.

Polluting with mine tailings [Richard Stallman's Political Notes]

Mines usually put toxic wastes, known as "tailings", behind a dam. Global heating's torrential rains are breaking these dams and allowing the toxic wastes to reach rivers, lakes and farm fields, where they kill almost everything.

Social networking defrauding seniors [Richard Stallman's Political Notes]

Banning minors from using antisocial networks isn't enough. We seniors need to be banned too, for our own protection, lest we fall prey to romance fraud or companionship fraud.

Funding only the TSA part of the DHS [Richard Stallman's Political Notes]

The whole US Senate wants to resume funding for the TSA. Republicans demand to restore funding for the whole Department of Hatred and Sadism in order to fund the TSA. Democrats won't fund the deportation thugs without explicitly requiring them to respect the human rights they have been trampling. They plan to propose a bill to fund the TSA alone.

If Republicans reject that, it will demonstrate that they are making air passengers suffer inconvenience as a ploy to continue making immigrants, and some US citizens among them, suffer terribly.

War on Iran's oil-exporting [Richard Stallman's Political Notes]

The wrecker threatened to attack Kharg Island, Iran's main oil export terminal.

Iran has already threatened to respond by attacking Persian Gulf countries' oil export terminals. This could lead to an oil crisis that would last for years.

I wonder whether the wrecker aims to bully them with the threat of such a crisis. That is a typical pattern of his. However, I can't envision what concession he might hope to get from them in this instance. I wonder whether anyone else has an idea.

If the goal is to reduce Iran's oil exports, the rational way to do that is by seizing tankers once they exit the Persian Gulf (or stopping empty tankers from entering it and heading for Kharg Island). They would have no way to resist, so it could be done without actual violence. The US could seize and sell the oil, too. With a wiser leader than the wrecker, it could offer to return the ships, and pay Iran for the oil, when peace is agreed.

But I don't think the wrecker would see such an outcome as a sufficient triumph.

Southern Lebanon hospitals targeted, ISR [Richard Stallman's Political Notes]

*Israel deliberately targeting medical facilities in south Lebanon, say health workers.

Medics and officials say there is systematic use of double-tap strikes in campaign to make the south uninhabitable.*

Vietnam war escalation as Nixonian [Richard Stallman's Political Notes]

Nixon sabotaged Johnson's peace negotiations to end the Vietnam War, so as to deny Johnson a success that could have enabled Hubert Humphry to win the 1968 presidential election.

Gov- and industry-tracking ongoing [Richard Stallman's Political Notes]

The FBI can track most Americans using the personal data data bases that it regularly buys.

"OpenAI", which we could call "OpenSPY", buys it too. Its contract with the US government supposedly impedes snooping on Americans, but the wording is weak and may not do any good.

The collection of these data bases is a threat to the freedom of Americans generally, not merely to a few of them.

Monday, 30 March

23:49

LibreLocal meetup in Milan, Italy [Events]

May 9, 2026 at 12:45 CEST

23:28

Benny Jensen Is an Undisputable Champion of Comedy [The Stranger]

Describe your comedy in five words: Not received well in Issaquah :( by Megan Seling

One thing that all of this year's Undisputed Champions of Comedy seem to agree on is that Seattle's comedy scene is full of supportive folks who just want to make people laugh, and they welcome anyone looking to join them in their mischief. Scene veterans encourage newcomers, and long-time venues make room for more experimental events. 

In fact, it's at the inclusive bi-monthly open mic, the Comedy Nest, where today's featured comedian, Benny Jensen, got their start on a whim. Who performs stand-up comedy on a whim??? Benny Jensen does. "I barely remember performing, but I do remember the founder, Danielle Gregoire, being warm and welcoming, and encouraging me to come back," they say.

Since that impromptu performance in 2013, Jensen has performed at all the notable Pacific Northwest comedy festivals—including Bumbershoot, Wet City Comedy, and Upper Left Comedy Festival—and they've also opened for some very funny people, including Hari Kondabolu, Jay Jurden, and Wally Baram.

Your next chance to see them is this Saturday, at Washington Hall, as part of The Stranger's annual Undisputed Champions of Comedy showcase.

          View this post on Instagram                      

A post shared by Northwest Live! (@northwestlivestudios)

Read on to learn more about Jensen, and catch up on my other interviews with this year's Undisputable Champions of Comedy here.

Describe your comedy in five words.
Not received well in Issaquah :(

Now that you’ve been declared an Undisputed Champion of Comedy, is there anyone in your life who said you wouldn’t make it, and you would now like to take this opportunity to rub it in their stupid face?
 Yeah! Myself! Also, my kindergarten teacher, Mrs. Kaphingst, for stifling my creativity by telling me that I couldn’t color my bunny ears blue because bunnies aren’t blue. Why are you teaching kindergarten if you’ve never done shrooms?

I noticed on your Instagram page that you quote the great Danielle Staub. As someone who has watched every episode of every Real Housewives franchise, I truly appreciate the deep cut. Is she your favorite Housewife?
 She’s not my #1 but I will always enjoy watching an underdog housewife come in and disrupt the social order (I am a Britani Bateman apologist!!!!). For the uninformed: a major part of Danielle’s storyline was that she had beef with a teenager, and that’s exactly what I come to Real Housewives for. 

If you had to spend a week with one current Real Housewives franchise, which franchise would it be? (Sorry if I’m asking about Real Housewives too much. I just have a lot of thoughts about Real Housewives.)
Salt Lake City, absolutely. I want to go to Sundance with Lisa, hold Meredith’s hand while I tell her that caviar is legal and she doesn’t need to open a speakeasy to sell it, get a hydrafacial from Heather, do a soundbath with Whitney, go to Build-a-Bear with Britani, get exorcised by Mary, ask Angie to straighten my hair, and finally, seduce Bronwyn. I think we could be really happy together.

What would your Build-a-Bear for Britani say? It would be an incantation to sever the cord between her and Jared once and for all.

Do you remember your first time doing stand-up? Were you hooked right away?
I do! This was way back in late 2013, before I came out as trans. I had read about this women-centered open mic called the Comedy Nest, and I was in the mood to do something scary, so I tried it on a whim. I think I was hooked on what was going on specifically in that basement. I knew coming into stand-up that it was a boys’ club, so the Comedy Nest felt like a little slice of heaven.

I can’t believe you just did comedy on a whim! That sounds terrifying. I’ve heard so many good things from other comedians about how welcoming and encouraging everyone at The Comedy Nest is, so I was so happy to see that they recently found a new home at Common Objects after the Rendezvous was sold. Any words of encouragement for anyone else who might be thinking about giving it a go? Doing it for the first time is the hardest part, so rip that band-aid off and get freaky.

Seattle has lost some great comedy spots recently—Here-After closed, and Rendezvous, which had some regular showcases and open mics, changed owners. Where is your favorite place to see comedy in Seattle right now?
Honestly, the West Seattle Connection Facebook group. I initially joined to get intel on whale sightings, but I stayed to watch NIMBYs fight over whether or not pickleball is loud.

For more laughs, watch Jensen in conversation with fellow Undisputed Champion of Comedy, Scott Losse

          View this post on Instagram                      

A post shared by The Stranger 🗞 (@thestrangerseattle)

See Benny Jensen perform at The Stranger's Undisputable Champions of Comedy at Washington Hall on April 4, 7:30 pm, 21+. Tickets available here.

22:42

Microsoft Copilot is now injecting ads into pull requests on GitHub [OSnews]

Why do so many people keep falling for the same trick over and over again?

With an over $400 billion gap between the money invested in AI data centers and the actual revenue these products generate, Silicon Valley slowly returned to the tested and trusted playbook: advertising.

Now, ads are starting to appear in pull requests generated by Copilot. According to Melbourne-based software developer Zach Manson, a team member used the AI to fix a simple typo in a pull request. Copilot did the job, but it also took the liberty of editing the PR’s description to include this message: “⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.”

↫ David Uzondu at Neowin

It turns out that Microsoft has added ads to over 1.5 million Copilot pull requests on GitHub, and they’re even appearing on GitLab, one of the GitHub alternatives. The reasoning is clear, too, of course: “AI” companies and investors have poured ungodly amounts of money in “AI” that is impossible to recover, even with paying customers. As such, the logical next step is ads, and many “AI” companies are already starting to add advertising to their pachinko machines. It was only a matter of time before Copilot would start inserting ads into the pull requests it ejaculates over all kinds of projects.

This isn’t the first time a once-free service turns on its users, but it’s definitely one of the quickest turnarounds I’ve ever seen. Usually it takes much longer before companies reach the stage of putting ads in their products to plug any financial bleeding, but with the amount of money poured into this useless black hole, it really shouldn’t be surprising we’re already there. I’m sure Copilot’s competitors, like Claude, will soon follow suit.

They’re enshittifying Git, and developers are just letting it happen. No wonder worker exploitation is so rampant in Silicon Valley.

Capability-based security for Redox: namespace and CWD as capabilities [OSnews]

By reimplementing these features using capabilities, we made the kernel simpler by moving complex scheme and namespace management out of it which improved security and stability by reducing the attack surface and possible bugs. At the same time, we gained a means to support more sandboxing features using the CWD file descriptor. This project leads the way for future sandboxing support in Redox OS. As the OS continues to move toward capability-based security, it will be able to provide more modern security features.

↫ Ibuki Omatsu

Redox seems to be making the right decisions at, crucially, the right time.

Feeds

FeedRSSLast fetchedNext fetched after
@ASmartBear XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
a bag of four grapes XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Ansible XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
Bad Science XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Black Doggerel XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Blog - Official site of Stephen Fry XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Charlie Brooker | The Guardian XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Charlie's Diary XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Chasing the Sunset - Comics Only XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Coding Horror XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
Cory Doctorow's craphound.com XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Cory Doctorow, Author at Boing Boing XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Ctrl+Alt+Del Comic XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Cyberunions XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
David Mitchell | The Guardian XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Deeplinks XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
Diesel Sweeties webcomic by rstevens XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Dilbert XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Dork Tower XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Economics from the Top Down XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Edmund Finney's Quest to Find the Meaning of Life XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
EFF Action Center XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Enspiral Tales - Medium XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Events XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Falkvinge on Liberty XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Flipside XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Flipside XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Free software jobs XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
Full Frontal Nerdity by Aaron Williams XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
General Protection Fault: Comic Updates XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
George Monbiot XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Girl Genius XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Groklaw XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Grrl Power XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Hackney Anarchist Group XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Hackney Solidarity Network XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
http://blog.llvm.org/feeds/posts/default XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
http://eng.anarchoblogs.org/feed/atom/ XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
http://feed43.com/3874015735218037.xml XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
http://flatearthnews.net/flatearthnews.net/blogfeed XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
http://fulltextrssfeed.com/ XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
http://london.indymedia.org/articles.rss XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
http://planet.gridpp.ac.uk/atom.xml XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
http://shirky.com/weblog/feed/atom/ XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
http://thecommune.co.uk/feed/ XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
http://theness.com/roguesgallery/feed/ XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
http://www.baen.com/baenebooks XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
http://www.godhatesastronauts.com/feed/ XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
http://www.tinycat.co.uk/feed/ XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
https://anarchism.pageabode.com/blogs/anarcho/feed/ XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
https://broodhollow.krisstraub.comfeed/ XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
https://debian-administration.org/atom.xml XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
https://elitetheatre.org/ XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
https://feeds.feedburner.com/Starslip XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
https://feeds2.feedburner.com/GeekEtiquette?format=xml XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
https://hackbloc.org/rss.xml XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
https://kajafoglio.livejournal.com/data/atom/ XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
https://philfoglio.livejournal.com/data/atom/ XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
https://pixietrixcomix.com/eerie-cutiescomic.rss XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
https://pixietrixcomix.com/menage-a-3/comic.rss XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
https://propertyistheft.wordpress.com/feed/ XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
https://requiem.seraph-inn.com/updates.rss XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
https://studiofoglio.livejournal.com/data/atom/ XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
https://thecommandline.net/feed/ XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
https://torrentfreak.com/subscriptions/ XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
https://web.randi.org/?format=feed&type=rss XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
https://www.dcscience.net/feed/medium.co XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
https://www.DropCatch.com/domain/steampunkmagazine.com XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
https://www.DropCatch.com/domain/ubuntuweblogs.org XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
https://www.DropCatch.com/redirect/?domain=DyingAlone.net XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
https://www.freedompress.org.uk:443/news/feed/ XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
https://www.goblinscomic.com/category/comics/feed/ XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
https://www.loomio.com/blog/feed/ XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
https://x.com/statuses/user_timeline/22724360.rss XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
Humble Bundle Blog XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
I, Cringely XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Irregular Webcomic! XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Joel on Software XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
Judith Proctor's Journal XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
Krebs on Security XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Lambda the Ultimate - Programming Languages Weblog XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
Looking For Group XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
LWN.net XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Mimi and Eunice XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Neil Gaiman's Journal XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
Nina Paley XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
O Abnormal – Scifi/Fantasy Artist XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Oglaf! -- Comics. Often dirty. XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Oh Joy Sex Toy XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
Order of the Stick XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
Original Fiction Archives - Reactor XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
OSnews XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Paul Graham: Unofficial RSS Feed XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Penny Arcade XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Penny Red XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
PHD Comics XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Phil's blog XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
Planet Debian XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Planet GNU XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Planet Lisp XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Pluralistic: Daily links from Cory Doctorow XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
PS238 by Aaron Williams XML 21:07, Saturday, 04 April 21:55, Saturday, 04 April
QC RSS XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
Radar XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
RevK®'s ramblings XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
Richard Stallman's Political Notes XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Scenes From A Multiverse XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
Schneier on Security XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
SCHNEWS.ORG.UK XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
Scripting News XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Seth's Blog XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
Skin Horse XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Spinnerette XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
Tales From the Riverbank XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
The Adventures of Dr. McNinja XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
The Bumpycat sat on the mat XML 21:07, Saturday, 04 April 21:47, Saturday, 04 April
The Daily WTF XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
The Monochrome Mob XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
The Non-Adventures of Wonderella XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
The Old New Thing XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
The Open Source Grid Engine Blog XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
The Stranger XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
towerhamletsalarm XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
Twokinds XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
UK Indymedia Features XML 21:42, Saturday, 04 April 22:24, Saturday, 04 April
Uploads from ne11y XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
Uploads from piasladic XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April
Use Sword on Monster XML 20:56, Saturday, 04 April 21:43, Saturday, 04 April
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 21:42, Saturday, 04 April 22:28, Saturday, 04 April
what if? XML 21:07, Saturday, 04 April 21:48, Saturday, 04 April
Whatever XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
Whitechapel Anarchist Group XML 21:21, Saturday, 04 April 22:10, Saturday, 04 April
WIL WHEATON dot NET XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
wish XML 21:42, Saturday, 04 April 22:27, Saturday, 04 April
Writing the Bright Fantastic XML 21:42, Saturday, 04 April 22:26, Saturday, 04 April
xkcd.com XML 21:42, Saturday, 04 April 22:25, Saturday, 04 April