Wish's River of News

CodeSOD: Popping Off [The Daily WTF]

Very happy to welcome my old friend, John Palfrey, back to the web. I added his feed to my blogroll on scripting.com. His first new piece is about his experience at the AI Action Summit in February, in Delhi. He was executive director at Berkman when I was there in the early 00s. It feels like the old band is getting back together. ;-)

14:49

Python is (in)famous for its "batteries included" approach to a standard library, but it's not that notable that it has plenty of standard data structures, like dicts. Nor is in surprising that dicts have all sorts of useful methods, like pop, which removes a key from the dict and returns its value.

Because you're here, reading this site, you'll also be unsurprised that this doesn't stop developers from re-implementing that built-in function, badly. Karen sends us this:

def parse_message(message):
    def pop(key):
        if key in data:
            result = data[key]
            del data[key]
            return result
        return ''

    data = json.loads(message)
    some_value = pop("some_key")
    # <snip>...multiple uses of pop()...</snip>

Here, they create an inner method, and they exploit variable hoisting. While pop appears in the code before data is declared, all variable declarations are "hoisted" to the top. When pop references data, it's getting that from the enclosing scope. Which while this isn't a global variable, it's still letting a variable cross between two scopes, which is always messy.

Also, this pop returns a default value, which is also something the built-in method can do. It's just the built-in version requires you to explicitly pass the value, e.g.: some_value = data.pop("some_key", "")

Karen briefly wondered if this was a result of the Python 2 to 3 conversion, but no, pop has been part of dict for a long time. I wondered if this was just an exercise in code golf, writing a shorthand function, but even then- you could just wrap the built-in pop with your shorthand version (not that I'd recommend such a thing). No, I think the developer responsible simply didn't know the function was there, and just reimplemented a built-in method badly, as so often happens.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Security updates for Monday [LWN.net]

Security updates have been issued by Debian (lxd, orthanc, and thunderbird), Fedora (cef, chromium, gimp, nextcloud, pgadmin4, python-django4.2, python-django5, python3-docs, python3.12, python3.13, and python3.9), Oracle (container-tools:rhel8 and mingw-fontconfig), Slackware (gvfs, mozilla, and telnet), SUSE (avahi, cockpit-356, cockpit-podman, cockpit-podman-120, containerized-data-importer, digger-cli, docker, evolution-data-server, expat, firefox, freerdp2, gimp, glib2, glibc, go1, google-guest-agent, google-osconfig-agent, gosec, gpg2, heroic-games-launcher, ImageMagick, kernel, kernel-firmware, kubevirt, libIex-3_4-33, libjxl-devel, libpng16, libsodium, libsoup, libsoup2, libssh, libudisks2-0, libwireshark19, protobuf, python-pyasn1, python-urllib3, python311, python311-Flask, rust-keylime, thunderbird, ucode-intel, and valkey), and Ubuntu (git).

14:42

1340: Down the Chute [Order of the Stick]

http://www.giantitp.com/comics/oots1340.html

Spinnerette - Issue 45 - 03 [Spinnerette]

New comic!
Today's News:

13:56

KDE makes steady progress on Union, its unified theme engine [OSnews]

If you’re following KDE Plasma development, you’ve most likely run into something called Union, a project KDE is working on to unify their various ways of theming their applications. The problem KDE is facing right now is that after so many decades of development and changes in how people want to develop applications, they ended up with various different ways of writing applications, each with their own theming method. The end result has been that for a while now, theming on KDE is kind of broken.

Broken in what way? Most long-time KDE users will be aware that ever since KDE 4, the KDE shell (Plasma using SVG for theming) and KDE applications (QtWidgets using QStyle for theming) use separate theme engines. While this has always been annoying, it’s at least manageable in that most theme designers tended to create both a Plasma SVG theme and a QStyle theme that matched. However, things got more complicated when KDE introduced QtQuick, its modern way of creating applications with QML. QtQuick has its own theme, qqc2-desktop-style, to make QtQuick applications look and feel like Breeze, KDE’s current theme.

Not only do all of these have to be kept in sync manually, QtQuick applications also do not properly inherit all the elements of the QStyle theme you set, leading to many modern KDE applications looking broken when using a non-default theme (and the same applies when using Kvantum; it also cannot properly theme QtQuick applications). In other words, there is currently no way to theme the entire KDE desktop for a consistent look, and if you try, many applications will simply look broken.

Union is KDE’s answer to this set of problems. Union is a new style engine that takes CSS and processes it into consistent themes for both QtWidget and QtQuick applications. It’s quite flexible, and can potentially even be extended to generate GTK themes from that same CSS. Sadly, since the KDE Pasma shell SVG stuff is entirely different, it won’t be styled by Union, but KDE might simply retire the SVG stuff entirely and move the Plasma shell to QtQuick’s qqc2-desktop-style to address that issue.

Union has been in development for a long time, as it’s a difficult effort, but progress is definitely being made. KDE is currently already at the stage where they’re adapting the current Breeze QStyle to better match the Union Breeze’s style, to make the future transition from the separate QStyle/qqc2-desktop-style to the unified, single Union Breeze as seamless as possible. These changes are currently available for testing in the master branch, and will be part of Plasma 6.7 or 6.8.

As a KDE user who likes to have a more classic, late ’90s theme, but who also values consistency above all else, Union is something I’m very much looking forward to. While it certainly won’t fix every single issue right away, it will definitely address the biggest issues with theming on KDE. I’m incredibly happy that KDE’s developers still consider theming and user choice and agency over what pixels appear on their screen important enough to undertake an effort like Union.

12:35

LLM-Assisted Deanonymization [Schneier on Security]

Turns out that LLMs are good at de-anonymization:

We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision and scales to tens of thousands of candidates.

While it has been known that individuals can be uniquely identified by surprisingly few attributes, this was often practically limited. Data is often only available in unstructured form and deanonymization used to require human investigators to search and reason based on clues. We show that from a handful of comments, LLMs can infer where you live, what you do, and your interests—then search for you on the web. In our new research, we show that this is not only possible but increasingly practical.

11:35

Greening Up [George Monbiot]

The Green Party is becoming everything you might have wanted Labour to be.

By George Monbiot, published in the Guardian 25^th February 2026

NB: This article was published before the by-election it refers to. The Greens won by a mile.

Every barb Labour has directed at the Greens can now be returned with interest. “It’s a wasted vote.” “Do you want to see Reform in power?” New polling ahead of the crucial Gorton and Denton byelection this week, while by no means decisive, puts the Greens first on 22%, followed by Reform UK (20%), then Labour (18%), with 31% undecided. But still Keir Starmer falsely claims that “only Labour can beat Reform”. Does he want to see Reform in power?

I’m not a party person. I subscribe to the old-fashioned belief that journalists should have no political loyalties. But I see the Greens stepping into the howling void Labour has vacated and becoming everything you might have wanted Labour to be. In their byelection contender, Hannah Spencer, they have a brilliant candidate: a working plumber and plasterer with first-hand experience of the cracks and leaks in our social fabric and bright ideas for fixing them. Here and in many other constituencies, the Greens now appear to be the most plausible opposition to take on the extreme right.

YouGov’s voting intention polls show that since January 2025, Labour’s national share has declined from 26% to 18%, on a steady downward cruise that no rhetoric, U-turn or reboot has been able to jolt. The Greens, in contrast, on an equally steady trajectory, have risen in the same period from 8% to 17%. Throughout the Gorton and Denton contest, the gambling companies have judged them the best bet. So if, as Labour claims, the key aim is to stop Reform UK from gaining power, it should stand its candidate down and let the Greens walk home.

Of course, I’m not being entirely serious: I know Labour would never entertain the idea. But I’m using this outrageous proposal to highlight two things. The first is the way its rhetoric that suggests clinging on to nurse for fear of something worse backfires the moment a better nurse arrives. The second is that its claim to be laser-focused on stopping Reform rings hollow the moment it falls behind another contender in the polls. This is not and has never been Labour’s primary aim. If it were, it would have introduced electoral reform. I cannot emphasise this enough: the only thing that would allow Nigel Farage’s party to take power is our unfair and undemocratic first-past-the-post system – and Starmer’s determination to maintain it.

If stopping Reform were the overriding aim, Labour would also deploy what research shows is the killer attack line against that party. A survey of 6,000 people by the group Persuasion UK found that by far the most effective message of five options was focused on corporate interests and went as follows: “Nigel Farage says he’s on people’s side – but when you take a closer look it’s pretty clear who he’s really fighting for, isn’t it? It’s the rich, the powerful, his mates in big business.” It explained that Reform UK has taken vast donations from fossil fuel investors and climate science deniers. This, Persuasion UK said, is why Farage wants to cut public services, workers’ rights and taxes for the richest. “He’s not smashing the system. He and his rich friends basically are the system.”

None of the other attack lines came anywhere near this for efficacy. So why doesn’t Labour use it? Because that might alienate the people Starmer seems keenest to appease: Labour’s own corporate backers and the billionaire proprietors of the rightwing press. The leadership’s key objective is not stopping Farage, but frightening people into voting Labour. Quite frankly, it has nothing else left.

One by one, it has destroyed the hopes that people vested in it, alienating potential voters on everything from Gaza to benefits to its self-destructive apeing of Reform’s rhetoric on immigration; from its vicious factional warfare against leftwingers in the party to its tearing up of environmental protections and attacks on wildlife, which, in a country of nature lovers, is utter, self-defeating madness. Disgust and disillusionment among former supporters is everywhere palpable.

This byelection should have been a stroll for Labour. Not only was Gorton and Denton among its safest seats, but the Reform candidate, Matt Goodwin, is among the most unprepossessing people I’ve ever met. I was up against him on Question Time a year ago. We were picked up in the same car from the station; then I watched how he interacted with others, including a political ally, in the green room. He came across as utterly charmless and squirming with discomfort. When he tried to smile, his lips stretched, but no other part of his face seemed to move. This could explain why he has been seen so little in the constituency he’s contesting. For God’s sake, don’t let him near the voters!

He presents a target a mile wide. He has suggested punishing women who don’t have children through the tax system, while removing income tax “for women who have two or more children”. First the punitive right in this country, in the form of the Conservative chancellor George Osborne, penalised women for having more than two babies through the two-child benefit cap. Now, in the form of Goodwin, it proposes to whip them the other way. As ever, women’s reproductive choices must yield to culture wars waged by power-hungry men.

Last week the Guardian revealed that Goodwin was accused by a young woman working at GB News, where he presents a show, of making inappropriate comments that she took to be sexual harassment, causing her great distress. He apologised after she made a complaint. A source at GB News remarked that Farage believed “that is just Matt being Matt”. Ah yes, like “Boris being Boris”: the endless licence granted to the most obnoxious men in politics, while denied to everyone else.

As for the 44% of people in the constituency with minority ethnic backgrounds, Goodwin has claimed “it takes more than a piece of paper to make somebody ‘British’”. You have been warned.

What could be easier than trouncing him? But I have the feeling that if Labour stood unopposed, it would still manage to lose. Had it set out to alienate its base while infuriating voters everywhere, it could not have done a better job.

I’m delighted to see how well the Greens are doing. But we also need a strong and sincere Labour party. It’s tragic to witness how Starmer and his moral bypass of a government have ruined it – and opened the door to something much worse.

www.monbiot.com

11:28

Grrl Power #1439 – And the odds sweeten [Grrl Power]

You know, Maxima’s boss’s bosses might also think this was a wildly irresponsible thing to do as well. It will all depend on the final result of the tournament and how much detail she puts into her after action report. “Went shopping at alien mall. Bought some alien jetpacks. Don’t worry about how we got the money.” could play differently than “Almost died 17 times on alien bloodsport hell world and revealed every classified detail about U.S. Super power capabilities to trillions of viewers. Bought alien jetpacks.” Presumably the people above General Gault might not be satisfied with “Don’t worry about how we got the money,” so either way, Max will have some ‘splainin’ to do when she gets back.

I think Bluce is developing a crush, but he may have to wait several years to act on it.

The UCBA matches do have boundaries, but it’s so huge that ring-outs almost never happen. The arena boundaries are a lot bigger than that initial valley they started in, for example. It’s like a Long Island sized area. Just not as oblong. Unusual circumstances do happen, of course. Punching someone into orbit would do it, if they don’t fly back down the arena “ceiling” quickly enough. Portaling someone to a place that is effectively off-world would also do it.

“Saraviah” (sarah-VAI-ah) is too cool of a name to use once on this character who probably won’t appear again after this arc? I had trouble naming her so I went to the Fantasy Name Generator that I’ve had bookmarked every since I first found it and started hunting around. The thing is, I almost never use a name that’s generated there, but finding the right category then refreshing the name list a few times usually gets me in the ballpark. “Hmm, take the first half of that name…” (refresh) (refresh) “Ah hah! The perfect name! Kevin!”

Ah! I thought I had more time till March. I’m bad at looking at dates apparently. The new one is underway. I should have a draft ready to go for the next Monday comic?

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

I did try and do an oil painting version of this, by actually re-painting over the whole thing with brush-strokey brushes, but what I figured out is that most brushy oil paintings are kind of low detail. Sure, a skilled painter like Bob Ross or whoever can dab a brush down a canvas and make a great looking tree or a shed with shingles, but in trying to preserve the detail of my picture (eyelashes, reflections, etc) was that I had to keep making the brush smaller and smaller, and the end result was that honestly, it didn’t really look all that oil-painted. I’ll post that version over at Patreon, just for fun, but I kind of quit on it after getting mostly done with re-painting Max.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:35

Popular (and good) [Seth's Blog]

Popular is easy to measure. Good, not so much.

Setting out to make something popular requires only a focus on the crowd and on the moment. Most pop music is popular simply because that’s what it was built to do.

Good work can be good without being popular. And so the two goals aren’t easily aligned.

It helps to begin by becoming comfortable with what good feels like to you. Because conflating it with popular is a trap.

09:35

Pluralistic: No one wants to read your AI slop (02 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

No one wants to read your AI slop: If you must do this, for god's sake, do it privately.
Hey look at this: Delights to delectate.
Object permanence: AOL email tax; Ebook readers' bill of rights; Sanders media blackout.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

No one wants to read your AI slop (permalink)

Everyone knows (or should know) that as fascinating as your dreams are to you, they are eye-glazingly dull to everyone else. Perhaps you have a friend or two who will tolerate you recounting your dreams at them (treasure those friends), but you should never, ever presume that other people want to hear about your dreams.

The same is true of your conversations with chatbots. Even if you find these conversations interesting, you should never assume that anyone else will be entertained by them. In the absence of an explicit reassurance to the contrary, you should presume that recounting your AI chatbot sessions to your friends is an imposition on the friendship, and forwarding the transcripts of those sessions doubly so (perhaps triply so, given the verbosity of chatbot responses).

I will stipulate that there might be friend groups out there where pastebombs of AI chat transcripts are welcome, but even if you work in such a milieu, you should never, ever assume that a stranger wants to see or hear about your AI "conversations." Tagging a chatbot into a social media conversation with a stranger and typing, "Hey Grok‡, what do you think of that?" is like masturbating in front of a stranger.

‡ Ugh

It's rude. It's an imposition. It's gross.

There's an even worse circle of hell than the one you create when you nonconsensually add a chatbot to a dialog: the hell that comes from reading something a stranger wrote, and then asking a chatbot to generate "commentary" on it and emailing it to that stranger.

Even the AI companies pitching their products claim that they need human oversight because they are prone to errors (including the errors that the companies dress up by calling them "hallucinations"). If you've read something you disagree with but don't understand well enough to rebut, and you ask an AI to generate a rebuttal for you, you still don't understand it well enough to rebut it.

You haven't generated a rebuttal: you have generated a blob of plausible sentences that may or may not constitute a valid critique of the work you're upset with – but until a human being who understands the issue goes through the AI output line by line and verifies it, it's just stochastic word-salad.

Once again: the act of prompting a sentence generator to create a rebuttal-shaped series of sentences does not impart understanding to the prompter. In the dialog between someone who's written something and someone who disagrees with it, but doesn't understand it well enough to rebut it, the only person qualified to evaluate the chatbot's output is the original author – that is, the stranger you've just emailed a chat transcript to.

Emailing a stranger a blob of unverified AI output is not a form of dialogue – it's an attempt to coerce a stranger into unpaid labor on your behalf. Strangers are not your "human in the loop" whose expensive time is on offer to painstakingly work through the plausible sentences a chatbot made for you for free.

Remember: even the AI companies will tell you that the work of overseeing an AI's output is valuable labor. The fact that you can costlessly (to you) generate infinite volumes of verbose, plausible-seeming topical sentences in no way implies that the people who actually think about things and then write them down have the time to mark your chatbot's homework.

That is a fatal flaw in the idea that we will increase our productivity by asking chatbots to summarize things we don't understand: by definition, if we don't understand a subject, then we won't be qualified to evaluate the summary, either.

There simply is no substitute for learning about a subject and coming to understand it well enough to advance the subject, whether by contributing your own additions or by critiquing its flaws. That's not to say that we shouldn't aspire to participate in discourse about areas that seem interesting or momentous – but asking a chatbot to contribute on your behalf does not impart insight to you, and it is a gross imposition on people who have taken the time to understand and participate using their own minds and experience.

(Image: Cryteria, CC BY 3.0, modified)

Hey look at this (permalink)

The Enshittificator https://vimeo.com/1168468796
Digital products and services are getting worse – but the trend can be reversed https://www.forbrukerradet.no/news-in-english/digital-products-and-services-are-getting-worse-but-the-trend-can-be-reversed/
Distribution of Household Wealth in the U.S. since 1989 https://www.federalreserve.gov/releases/z1/dataviz/dfa/distribute/chart/#quarter:144;series:Corporate
After decades of debating the “scientific publishing crisis”, the time has come to decide. https://bjoern.brembs.net/2026/02/after-decades-of-debating-the-scientific-publishing-crisis-the-time-as-come-to-decide/
History of Disney Theme Parks in Documents https://www.disneydocs.net/

Object permanence (permalink)

#25yrsago Web loggers bare their souls https://web.archive.org/web/20010321183557/https://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2001/02/28/DD27271.DTL

#20yrsago Fight AOL/Yahoo’s email tax! https://web.archive.org/web/20060303152934/http://www.dearaol.com/

#20yrsago Long-lost Penn and Teller videogame for download https://waxy.org/2006/02/penn_tellers_sm/

#20yrsago Aussie gov’t report on DRM: Don’t let it override public rights! https://web.archive.org/web/20060813191613/https://www.michaelgeist.ca/component/option,com_content/task,view/id,1137/Itemid,85/nsub,/

#20yrsago BBC: “File sharing is not theft” http://news.bbc.co.uk/1/hi/programmes/newsnight/4758636.stm

#15yrsago Hollywood’s conservatism: why no one wants to make a “risky” movie https://web.archive.org/web/20110305083114/http://www.gq.com/entertainment/movies-and-tv/201102/the-day-the-movies-died-mark-harris?currentPage=all

#15yrsago Eldritch Effulgence: HP Lovecraft’s favorite words https://arkhamarchivist.com/wordcount-lovecraft-favorite-words/

#15yrsago Exposing the Big Wisconsin Lie about “subsidized public pensions” https://web.archive.org/web/20110224201357/http://tax.com/taxcom/taxblog.nsf/Permalink/UBEN-8EDJYS?OpenDocument

#15yrsago Taxonomy of social mechanics in multiplayer games https://www.raphkoster.com/wp-content/uploads/2011/02/Koster_Social_Social-mechanics_GDC2011.pdf

#15yrsago San Francisco before the great fire: rare, public domain 1906 video https://archive.org/details/TripDownMarketStreetrBeforeTheFire

#15yrsago Ebook readers’ bill of rights https://web.archive.org/web/20110308220609/https://librarianinblack.net/librarianinblack/2011/02/ebookrights.html

#10yrsago 500,000 to 1M unemployed Americans will lose food aid next month https://web.archive.org/web/20160229021021/https://gawker.com/in-one-month-we-will-begin-intentionally-starving-poor-1761588216

#10yrsago FBI claims it has no records of its decision to delete its recommendation to encrypt your phone https://www.techdirt.com/2016/02/29/fbi-claims-it-has-no-record-why-it-deleted-recommendation-to-encrypt-phones/

#10yrsago A hand-carved wooden clock that scribes the time on a magnetic board https://www.youtube.com/watch?v=WEbmYp5VVcw

#10yrsago Press looks the other way as thousands march for Sanders in 45+ cities https://web.archive.org/web/20160314104804/http://usuncut.com/politics/media-blackout-as-thousands-of-bernie-supporters-march-in-45-cities/

#10yrsago Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/

#10yrsago Found debauchery: cavorting bros and a pyramid of beer on a found 1971 Super-8 reel https://www.youtube.com/watch?v=xAobW4PtoMY

#10yrsago Trump could make the press great again, all they have to do is their jobs https://www.zocalopublicsquare.org/donald-trump-could-make-the-media-great-again/

#10yrsago Federal judge rules US government can’t force Apple to make a security-breaking tool https://www.eff.org/deeplinks/2016/02/government-cant-force-apple-unlock-drug-case-iphone-rules-new-york-judge

#10yrsago Black students say Donald Trump had them removed before his speech https://web.archive.org/web/20160302092600/https://gawker.com/donald-trump-requested-that-a-group-of-black-students-b-1762064789

#10yrsago Red Queen’s Race: Disney parks are rolling out surge pricing with 20% premiums on busy days https://memex.craphound.com/2016/03/01/red-queens-race-disney-parks-are-rolling-out-surge-pricing-with-20-premiums-on-busy-days/

Upcoming appearances (permalink)

Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America ( words today, total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Irregular Webcomic! #3052 [Irregular Webcomic!]

Irregular Webcomic! #3052

09:14

Vox Watchina [Penny Arcade]

New Comic: Vox Watchina

08:49

The Campaign: Running, p10 [Ctrl+Alt+Del Comic]

The post The Campaign: Running, p10 appeared first on Ctrl+Alt+Del Comic.

05:21

Girl Genius for Monday, March 02, 2026 [Girl Genius]

The Girl Genius comic for Monday, March 02, 2026 has been posted.

01:49

Hum And Buzz [QC RSS]

might be a digestive issue

01:21

Kernel prepatch 7.0-rc2 [LWN.net]

The 7.0-rc2 kernel prepatch is out for testing. According to Linus:

So I'm not super-happy with how big this is, but I'm hoping it's just the random timing noise we see every once in a while where I just happen to get more pull requests one week, only for the next week to then be quieter.

00:42

(5230) [Flipside]

Sunday, 01 March

21:35

groff 1.24.0 released [LWN.net]

Version 1.24.0 of the groff text-formatting system has been released. Improvements include the ability to insert hyperlinks between man pages, a new polygon command for the pic preprocessor, various PDF-output improvements, and more.

You can use newline characters in URLs [OSnews]

I had no idea, but apparently, you can just use newline characters and tabs in URLs without any issues.

Notice how it reports an error if there is a tab or newline character, but continues anyway? The specification says that A validation error does not mean that the parser terminates and it encourages systems to report errors somewhere. Effectively, the error is ignored although it might be logged. Thus our HTML is fine in practice.
↫ Daniel Lemire

This reminds me of the “Email is easy” quiz.

21:21

A nearly perfect score [Seth's Blog]

After playing 498 days in a row, my score today in Bongo was the second-highest in the world:

There’s a difference between casual online games that have a right answer, and those that are open-ended.

In crossword puzzles and most of the games from the Times (like Wordle and Connections) you’re trying to guess what the puzzle constructor had in mind. This can lead to frustration, because the idiosyncratic nature of inventing clues and answers means that you might not be in sync with the person at the other end. They’re inherently closed systems.

Bongo, on the other hand, is generative and combinatorial. There are bazillions of possible right answers, and your goal is to find a right answer that’s worth more points than anyone else’s. It doesn’t matter that I invented the game, I have no advantage over everyone else, because we all begin with the same tiles.

For me, open-ended games are time well spent. Have fun.

21:07

[1291] Out of Body Experience [Twokinds]

Comic for March 1, 2026

19:14

Benjamin Mako Hill: Pronunciation [Planet Debian]

Had a discussion about how to pronounce the name of Google’s chatbot. Turns out, we were all wrong.

18:07

If you followed me on Twitter, please follow me on Bluesky or Mastodon. As far as I'm concerned Twitter is gone. Not because I'm religious about this stuff, but my account got hijacked and I can't get it back, so let's close that chapter. It was a great innovative product that also held back progress on the web for 20 years, and it made some people I knew a long time ago fabulously rich, and it would have been nice of them to not do this to us, but what the f, it is what it is. One more thing, guys -- pay your taxes.

15:49

opmlProjectEditor format [Scripting News]

A bit of general advice about using ChatGPT et al, never let it rush you. You do the thinking, it does the stuff you ask it to do. If you're not careful it'll quickly start giving you orders.

15:00

Some time in 2013 I started editing all my JavaScript projects in the Frontier outliner, and in doing so I designed a format that could contain a whole project. And it worked, I continued building it, and to this day I edit all my projects in this format. It does a lot of work for me automatically, making it possible for me to build more complex stuff.

It turns out you can put a lot of code into an outline on today's computers. The outliner in Frontier was designed to perform well on a 1990 Macintosh with 1MB of memory, so you have to do a lot of writing to overload it.

I am doing a project with Claude.ai which I'm editing of course in OPE format. So I had to teach it how they work so I could give it one of these files, and it would not only be able to understand it, it could make mods and send it back to me in the same format, and with the code more or less formatted the way I like (still working on that).

Yesterday we started the project. I asked Claude to document the format which I called opmlProjectEditor format, which I am now publishing for future reference by myself, other AI bots, and anyone else interested in this.

Here's a link to the opmlProjectEditor docs on GitHub.

I started a this.how page so I can add more links as this develops.

Every source.opml file in my projects on GitHub is in this format. Here's an example file in OPML, and here's a link that opens the file in Drummer to give you an idea what it's like to work in this format.

14:14

Pamphlets [Oglaf! -- Comics. Often dirty.]

Archive for Scripting News in February 2026, in OPML, as always.

11:49

11:07

Paolo Amoroso: Rearranging the File Browser menu for Insphex [Planet Lisp]

Insphex adds the Hexdump item to the File Browser menu to view the hex dump of the selected files. The initial implementation called the public API for adding commands at the top level of the menu.

To later move the item to the See sumbenu that groups various file viewing commands I resorted to list surgery, as the API doesn't support submenus. The problem is internal system details can and do change, which happened to the File Browser menu and led to an Insphex load error.

I fixed the issue by reverting the public API call and now the item is back at the top level of the menu.

Insphex is a hex dump tool similar to the Linux command hexdump. I wrote it in Common Lisp on Medley Interlisp.

#insphex #CommonLisp #Interlisp #Lisp

Discuss... Email | Reply @amoroso@oldbytes.space

10:35

AI slop [Seth's Blog]

It’s not slop because it was created by an AI. It’s slop because it’s slop.

I just read the first two pages of a sci-fi novel on my Kindle. The author proudly proclaims that the 400-page book was created without any AI whatsoever. Alas, the book is slop. The writing is overwrought and the dialogue is banal. If a page isn’t worth writing, it’s unlikely a chapter is.

Slop happens when a marketer who should know better stops trying. It’s when we prioritize volume over impact. If we measure the cost of what we create instead of its value, it’s likely we’ll end up with slop.

AI makes this easier, no doubt. But it pays to focus on avoiding slop, not in worrying how the slop is made.

The question is now, “Who approved this?” not “who made this?”

09:35

The 64-bit Hurd is Here! [Planet GNU]

Fifteen months have passed since our last Guix/Hurd on a Thinkpad X60 post and a lot has happened with respect to the Hurd.

And most of you will have guessed, unless you skipped the title of this post, the rumored x86_64 support has landed in Guix!

Here is a not-so-short overview of our Hurd work over the past 1.5 years:

The build daemon fails when invoking guix authenticate on the Hurd bug was fixed. This was our most pressing problem as it meant that we could not keep our substitutes up to date. It took 15 comments and 13 weeks to get it resolved. Phew!
Installer support for (cross)-installing the Hurd. Also adding developer support for running the installer directly from the source tree; Guix 1.5.0 lets you install the Hurd on bare metal.
Fix tests in the Shepherd.
Update hurd to 0.9.git20250420, gnumach to 1.8+git20250304.
Add support for a cross-built gnumach, allowing the removal of an ugly workaround when cross-building for the Hurd.
Update rumpkernel to 0-20250111.
Support for different childhurd types, a.k.a. 64-bit childhurds in da house.
The syslogd used by default is now from the Shepherd streamio, gnumach, and the Shepherd, to make the kernel log work.
Update hurd to 0.9.git20251029, gnumach: to 1.8+git20250731.
Now that the go-team branch has been merged, gccgo now works (native only).
Fix proc server for zombie processes which caused a shepherd test to fail.
Fix all the dependencies of the guix package, again:
- libgit2 tests,
- dbus, opensp, po4a,
Resurrect password hashing.
Installer: Fixes for the Hurd.
Installer: More clearly mark the Hurd as experimental.
Installer: Add Hurd x86_64 as an option. This took 15 comments, uncovering and fixing several bugs.
Add support for x86_64-gnu, aka the 64-bit Hurd. The an initial patch set of 31 patches. This patch set set took four iterations and 208 messages before its final 58 patches were merged to `core-packages-team'. Janneke writes: "Lo and behold, the 64-bit Hurd boots! Again, thanks to the help from the kind folks over at libera #hurd and their excellent work. Do something like:"

./pre-inst-env guix system image --image-type=hurd64-qcow2 \
  gnu/system/examples/bare-hurd64.tmpl

Pushed a `core-packages-team' with (this one) GCC 14 commit.  Let the
fun begin :)

We had a lot of fun...

Request for merging "core-packages-team" branch: 247 commits, took 114 comments 8 weeks and 24 iterations with 247 commits from 9 people before presenting the initial merge.
The actual merge "core-packages-team": 85 more commits to a total of 332, by 17 people and 27 weeks before actual merge. 173 packages with build fixes to relax GCC 14's strictness, 109 package updates to fix build with GCC 14.
With this all in place we can have ci build a 64-bit hurd image, and
Report what packages still need to be fixed for that image to build.
For convenience we added i586-pc-gnu and x86_64-pc-gnu cross toolchains.

Summarizing, building the Guix manifest for the 32-bit Hurd (i586-gnu) should work really well. Sadly, for the 64-bit Hurd (x86_64-gnu) is still a bit problematic as some tests in e.g., openssl, python, cmake, .... hang. This is still under investigation.

What Took You So Long?

We're so glad you asked! Usually, adding a new architecture should just take a couple of commits:

Add cross-compilation support for the x86_64-pc-gnu target, aka 64-bit Hurd, and then
Add support for x86_64-gnu, aka the 64-bit Hurd.

pretty neat, right? So, what's the story with the 64-bit Hurd? There are two problems: 64-bit Hurd support was added in GCC 14, while Guix was still at GCC 11. This means we "only" had to

Update the gcc cross compiler to GCC 14 (one, simple commit), and
Fix all cross builds (initially "just" 23 commits).

The second step involves building for all architectures and fixing all breakage. Sometimes, fixing one architecture breaks another.

When Guix supported cross-building with GCC 14, and supported the 64-bit Hurd, we could create and boot a 64-bit childhurd. After that, we could start building 64-bit Hurd packages...but only after also

Use gcc-14, gcc-toolchain-14 on the 64-bit Hurd

This, however does not support offloading. For that, we would need to:

Update gcc, gcc-toolchain, libgccjit to 14, and
Make sure that all packages in commencement.scm successfully build natively on x86_64-hurd, which took only some 35 commits.

This can simply be verified by building the hello package:

guix build --system=x86_64-gnu hello

However, GCC 14 is not a regular update: it is waaay more strict with respect to C code compilation. This means that, before actually switching, we had to fix 173 package builds and update another 109 packages to not break all of Guix. This took a total of 17 people and 35 weeks to complete.

You can understand that we are excited that the NLnet Foundation has been sponsoring this work!

Installing and Using the 64-bit Hurd

Easiest is to change your 32-bit childhurd definition into 64-bit, by adding

(type 'hurd64-qcow2)

to your hurd-vm-configuration. And if you don't have a hurd-vm-configuration yet?. Easy, in that case just add

(use-service-modules virtualization)
[..]
(hurd-vm-configuration
  (type 'hurd64-qcow2))

into your your hurd-vm-service-type definition[^0]. And if you don't have a hurd-vm-service-type yet? Easy, in that case just add

(use-service-modules virtualization)
[..]
(service hurd-vm-service-type
         (hurd-vm-configuration
           (type 'hurd64-qcow2)))

to your operating system definition. Reconfigure your system and you'd be able to:

(if you don't have a childhurd definition in your ~/.ssh/config you will have to use something like: ssh -p 10022 root@localhost[^1]).

And if you don't have a Guix operating system definition...The 64-bit Hurd is now an option in the installer:

and can be installed in a VM. Make sure to use --machine q35 with qemu.

To build a disk image for a virtual machine, do:

./pre-inst-env guix system image --image-type=hurd64-qcow2 \
    gnu/system/examples/bare-hurd64.tmpl

You may run it like so:

guix shell qemu -- qemu-system-x86_64 -m 2048 -M q35       \
  --enable-kvm                                             \
  --device e1000,netdev=net0                               \
  --netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:2222  \
  --snapshot                                               \
  --hda /gnu/store/...-disk-image

(note that the 64-bit Hurd does not seem to show a login prompt)

and use it like:

ssh -p 10022 root@localhost
guix build -e '(@@ (gnu packages commencement) gnu-make-boot0)'

or even, if you build the image with at least --image-size=3G:

guix build hello

RumpNET Support

Upstream has added support for Intel i8254x Gigabit Ethernet using RumpNET.

Damien Zammit wrote:

This adds a working rump driver for /dev/wmX cards, which are Intel i8254x Gigabit Ethernet devices. (See man.netbsd.org for "wm(4)") This should be easily extended to support other NICs by contributing some makefile foo to netbsd/rump.

Example usage[^2]:

settrans -fgap /dev/rumpnet /hurd/rumpnet
settrans -fgap /dev/wm0 /hurd/devnode -M /dev/rumpnet wm0
settrans -fgap /servers/socket/2 /hurd/pfinet -i /dev/wm0
ifup /dev/wm0

With our updated hurd and rumpkernel packages, this should be available in Guix now too. Please let us know if you got it to work! (If you tried and didn't get it to work, we'd also like to know!)

Status

One of the most frequently asked questions is probably: Does X work on the Hurd yet?. The canonical answer to that question is: Please read the GNU/Hurd FAQ.

A good summary of current status was presented by Samuel Thibault in his GNU/Hurd progress at FOSDEM'26, in which he also makes a compelling arguments for the Hurd, such as: Freedom from the system administrator and sharing the GNU heritage and values it's no coincidence that Guix also solves a part of that problem, allowing any user to install packages.

Debian GNU/Hurd has been a reality for some years now, reaching 75% of Debian packages being available for the Hurd.

As a comparison, in Guix only about 1.7% (32-bit) and 0.9% (64-bit) of packages are available for the Hurd. These percentages fluctuate a bit but continue to grow (both grew with a couple tenth percent point during the preparation of this blog post), and as always, might grow faster with your help.

So while Guix GNU/Hurd has an exciting future, please be aware that it lacks many packages and services, including Xorg.

If you would simply like to install the Hurd on bare metal running your favorite window manager (e.g.: i3, icewm, etc.) or lightweight desktop environment (Xfce) right now, then installing Debian GNU/Hurd is a good choice. Though we hope to catch up to them soon!

Last October, the 64-bit Hurd was reported to run on bare metal. Now that Guix 1.5.0's installer also lets you install the Hurd on bare metal, we'd be thrilled to year from you if you manage to replicate this!

What's Next?

In an earlier post we tried to answer the question “Why bother with the Hurd anyway?” An obvious question because it is all too easy to get discouraged, to downplay or underestimate the potential social impact of GNU and the Hurd.

Echoing Samuel Thibault's talk we would like to add: because it offers a better:

Freedom #0: the freedom to run the program as you wish, for any purpose.
Freedom from the System Administrator.

guix pull is known to work but only by pulling from a local branch doing something like:

mkdir -p src/guix
cd src/guix
git clone https://git.guix.gnu.org/guix.git master
cd master
git branch keyring origin/keyring
guix pull --url=$HOME/src/guix/master

kinda like we did it in the old days.

Other interesting task for Guix include:

Have guix pull from a non-local URL work on the Hurd,
Have guix system reconfigure work on the Hurd,
Figure out WiFi support with NetDDE (and add it to installer!),
Figure out WiFi support with RumpNET (and add it to installer!),
An isolated build environment (or better wait for, err, contribute to the Guile build daemon?),
An installer running the Hurd, and,
Packages, packages, packages!

We tried to make Hurd development as easy and as pleasant as we could. As you have seen, things start to work pretty nicely and there is still plenty of work to do in Guix. In a way this is “merely packaging” the amazing work of others. Some of the real work that needs to be done and which is being discussed and is in progress right now includes:

Audio support (this was sponsored by NLnet, thanks!),
RumpNET,
SMP,
Journaling for ext2,
AArch64,
RISC-V.

With the exception maybe of adding RumpNET NICs, these tasks look daunting, and indeed that’s a lot of work ahead. But the development environment is certainly an advantage. Take an example: surely anyone who’s hacked on device drivers or file systems before would have loved to be able to GDB into the code, restart it, add breakpoints and so on—that’s exactly the experience that the Hurd offers. As for Guix, it will make it easy to test changes to the micro-kernel and to the Hurd servers, and that too has the potential to speed up development and make it a very nice experience.

SMP support for the 64-bit Hurd

During the preparation of this blog post a patch set fixing SMP for the 64-bit Hurd, (well, gnumach actually) was presented by Damien Zammit. So most probably we'll have 64-bit multiprocessing real soon now! It seems however, that we will need new bootstrap binaries for that.

Join #guix and #hurd on libera.chat or the mailing lists and get involved!

Footnotes

[0]: Actually, as the 64-bit Hurd uses rumpdisk exclusively, and gnumach by default uses still it builtin IDE drivers, we also need to tell gnumach about that by adding the (kernel-arguments '("noide")).

(use-service-modules virtualization)
[..]
(hurd-vm-configuration
  (type 'hurd64-qcow2)
  (os (operating-system
        (inherit %hurd-vm-operating-system)
        (kernel-arguments '("noide")))))

We expect this to be the the default in the future.

[1]: You may have to override your childhurd's openssh-service definition, something like

(services
 (modify-services (operating-system-user-services %hurd-vm-operating-system)
   (openssh-service-type
    config =>
    (openssh-configuration
     (inherit config)
     (authorized-keys `(("root"
                         ,(local-file "/home/janneke/.ssh/janneke.pub"))))))))

but you can also take inspiration from the bare-hurd64.tmpl template.

[2]: Note that while is comes straight from a commit to the Hurd git repository, this is a Debian-specific recipe, Guix does not have ifup, and per this updated wiki page there's probably extra networking interface configuration needed too (in Debian you're intstructed to -- imperatively -- edit /etc/network/interfaces).

Irregular Webcomic! #3051 [Irregular Webcomic!]

Irregular Webcomic! #3051

06:42

Talk in Rotkreuz, Switzerland [Richard Stallman's Political Notes]

Richard Stallman will give a talk in Rotkreuz, Switzerland, March 6th, 2026 at 17:00.

Talk in Rapperswil, Switzerland [Richard Stallman's Political Notes]

Richard Stallman will give a talk in Rapperswil, Switzerland, March 9th, 2026 at 17:00.

05:14

Junichi Uekawa: The next Debconf happens in Japan. [Planet Debian]

The next Debconf happens in Japan. Great news. Feels like we came a long way, but I didn't personally do much, I just made the first moves.

Saturday, 28 February

22:14

Run this random script in the terminal to block Apple’s macOS Tahoe update notification spam [OSnews]

Are you not at all interested in upgrading to macOS Tahoe, and getting annoyed at the relentless notification spam from Apple trying to trick you into upgrading?

The secret? Using device management profiles, which let you enforce policies on Macs in your organization, even if that “organization” is one Mac on your desk. One of the available policies is the ability to block activities related to major macOS updates for up to 90 days at a time (the max the policy allows), which seems like exactly what I needed.

Not being anywhere near an expert on device profiles, I went looking to see what I could find, and stumbled on the Stop Tahoe Update project. The eventual goals of this project are quite impressive, but what they’ve done so far is exactly what I needed: A configuration profile that blocks Tahoe update activities for 90 days.
↫ Rob Griffiths

All you need to do is clone a random GitHub repository, set all its scripts to executable, generate two random UUIDs, insert those UUIDs into one of the scripts in the GitHub project folder you just cloned, run said script, open System Settings and go to Privacy & Security > Profiles, install the profile the script created, click install in two different dialogs, and now you have blocked Apple’s update notification spam! Well, for 90 days that is.

I honestly don’t understand how normal people are supposed to use macOS. The amount of weird terminal commands you need just to change basic settings is bewildering. macOS definitely isn’t ready for the desktop if they expect users to use the terminal for so many basic tasks. I’m glad I’m using Linux, where I don’t have to deal with the terminal at all.

21:28

The Windows 95 user interface: a case study in usability engineering [OSnews]

If this isn’t catnip to the average OSNews reader, I don’t know what is.

Windows 95 is a comprehensive upgrade to the Windows 3.1 and Windows for Workgroups 3.11 products. Many changes have been made in almost every area of Windows, with the user interface being no exception. This paper discusses the design team, its goals and process then explains how usability engineering principles such as iterative design and problem tracking were applied to the project, using specific design problems and their solutions as examples.
↫ Kent Sullivan

This case study was written in 1996 by Kent Sullivan, who joined the Windows 95 user interface team in 1992. I consider the second half of the ’90s as the heyday of user interface design, with Windows 9x, Apple’s Platinum in Mac OS 8 and 9, and BeOS’ Tracker/Deskbar as the absolute pinnacles of user interface design. Coincidentally, this also seems to mark the end of a more scientific, study-based approach to designing graphical user interfaces.

Reading through this particular case study for Windows 95 feels almost quaint. Where are the dozens of managers pushing for notification spam, upsells, and dark patterns to enable expensive data-hoarding services? Why are none of the people mentioned in the study talking about sneaky ways to secretly and silently convert your local account to an online account? Where are all the “AI” buttons? Why is there n chapter on how to trick people into enabling telemetry data?

The user interfaces of the late ’90s were the last ones designed by people who actually cared, by people who approached the whole process with the end user in mind, rooted in scientific data collected by simply looking at people use their ideas. They were optimised for the user as best they could, instead of being optimised for the company’s bottom line.

It’s been downhill ever since.

Bootc and OSTree: modernizing Linux system deployment [OSnews]

Bootc and OSTree represent a new way of thinking about Linux system deployment and management. Building on container and versioning concepts, they offer robust and modern solutions to meet the current needs of administrators and developers.
↫ Quentin Joly

Slowly, very slowly, I’ve been starting to warm up to the relatively new crop of immutable Linux distributions. As a heavy Fedora user, opting for Fedora’s atomic distributions, which use bootc and OSTree, seems like the logical path to go down if I ever made the switch, and this article provides some approachable insights and examples into how, exactly, it all works, and what benefits it might give you. It definitely goes beyond what I as a mere desktop user might encounter, but if you’re managing a bunch of servers or VMs in a more professional setting, you might be interested, too.

I’m still not convinced I need to switch to an immutable distribution, but I’d be lying if I said some of the benefits didn’t appeal to me.

19:56

The Best Things To Do in Seattle This Month: March 2026 [The Stranger]

Emerald City Comic Con, Taste Washington, and More

by EverOut Staff

Just when it seemed like winter would never end, March is swooping in with cherry blossoms and Daylight Saving Time. Whether you want to make up for all the time you've spent huddled under a blanket by spending time outdoors or you want to celebrate the holidays this month brings (including Women's History Month, St. Patrick's Day, and Holi), your options are plentiful. Below, we've compiled the biggest comedy shows, concerts, food events, and other great things to do, from Emerald City Comic Con to Taste Washington and from Miguel's CAOS Tour to Speaking of Seattle: Immigrant Rights Are Human Rights.

COMEDY

Morgan Jay: Goofy Guy Tour
Unless you’ve been living under a rock (or are just in saner corners of the algorithm), you’ve surely come across at least one “WHAT'S YOUR NAME BRO???” video. With autotune crowdwork now Morgan Jay’s claim to fame, it's easy to forget that deep down, he’s just a goofy guy. And his new tour is a chance to catch the LA-based performer truly in his prime. If you're only familiar with his short-form comedy, you’re in for a treat with this Friday the 13th headlining set. Be ready for wild setups, off-the-cuff musical bits, and beautifully timed pauses from the once familiar face on Wild ’N Out, Comedy Central, and NBC. TL;DR? Jay has tapped into an awkwardness that few comedians (or humans) could turn into an art form, and it should absolutely be experienced. LANGSTON THOMAS
Paramount Theatre, Downtown (Fri Mar 13)

19:07

Mike Gabriel: Debian Lomiri Tablets 2025-2027 - Project Report (Q3/2025) [Planet Debian]

Debian Lomiri for Debian 13 (previous project)

In our previous project around Debian and Lomiri (lasting until July 2025), we achieved to get Lomiri 0.5.0 (and with it another 130 packages) into Debian (with two minor exceptions [1]) just in time for the Debian 13 release in August 2025.

Debian Lomiri for Debian 14

At DebConf in Brest, a follow-up project has been designed between the project sponsor and Fre(i)e Software GmbH [2]. The new project (on paper) started on 1st August 2025 and project duration was agreed on to be 2 years, allowing our company to work with an equivalent of ~5 FTE on Lomiri targetting the Debian 14 release some time in the second half of 2027 (an assumed date, let's see what happens).

Ongoing work would be covered from day one of the new project and once all contract details had been properly put on paper end of September, Fre(i)e Software GmbH started hiring a new team of software developers and (future) Debian maintainers. (More of that new team in our next Q4/2025 report).

The ongoing work of Q3/2025 was basically Guido Berhörster and myself working on Morph Browser Qt6 (mostly Guido together with Bhushan from MiraLab [3]) and package maintenance in Debian (mostly me).

Morph Browser Qt6

The first milestone we could reach with the Qt6 porting of Morph Browser [4] and related components (LUITK aka lomiri-ui-toolkit (big chunk! [5]), lomiri-content-hub, lomiri-download-manager and a few other components) was reached on 21st Sep 2025 with an upload of Morph Browser 1.2.0~git20250813.1ca2aa7+dfsg-1~exp1 to Debian experimental and the Lomiri PPA [6]).

Preparation of Debian 13 Updates (still pending)

In background, various Lomiri updates for Debian 13 have been prepared during Q3/2025 (with a huge patchset), but publishing those to Debian 13 are still pending as tests are still not satisfying.

[1] lomiri-push-service and nuntium
[2] https://freiesoftware.gmbh
[3] https://miralab.one/
[4] https://gitlab.com/ubports/development/core/morph-browser/-/merge_reques... et al.
[5] https://gitlab.com/ubports/development/core/lomiri-ui-toolkit/-/merge_re... et al.
[6] https://launchpad.net/~lomiri

Daniel Baumann: Debian Fast Forward: An alternative backports repository [Planet Debian]

The Debian project releases a new stable version of its Linux distribution approximately every two years. During its life time, a stable release usually gets security updates only, but in general no feature updates.

For some packages it is desirable to get feature updates earlier than with the next stable release. Some new packages included in Debian after the initial release of a stable distribution are desirable for stable too.

Both use-cases can be solved by recompiling the newer version of a package from testing/unstable on stable (aka backporting). Packages are backported together with only the minimal amount of required build-depends or depends not already fulfilled in stable (if any), and without any changes unless required to fix building on stable (if needed).

There are official Debian Backports available, as well as several well-known unofficial backports repositories. I have been involved in one of these unofficial repositories since 2005 which subsequently turned 2010 into its own Debian derivative, mixing both backports and modified packages in one repository for simplicity.

Starting with the Debian 13 (trixie) release, the (otherwise unmodified) backports of this derivative have been split out from the derivative distribution into a separate repository. This way the backports are more accessible and useful for all interested Debian users too.

TL;DR: Debian Fast Forward - https://fastforward.debian.net

is an alternative Debian repository containing complementary backports from testing/unstable to stable

with packages organized in an opinionated, self-contained selection of coherent sets

supporting amd64, i386, and arm64 architectures

containing around 400 packages in trixie-fastforward-backports

with 1’800 uploads since July 2025

End user documentation about how to enable Debian Fast Forwards is available.

Have fun!

Immaculate Collection with Esther Rose [The Stranger]

Ahead of her upcoming PNW tour dates, I caught up with Esther Rose to hear all about her collection of vintage leather clothing. If you missed out on tickets to her sold-out show at the Sunset Tavern on March 3, fear not! You can still catch Esther Rose in Bellingham at the Shakedown the day after. by Audrey Vann

I first discovered Esther Rose in 2017 when she released her debut, This Time Last Night, an intimate country/folk album that feels like she’s playing for you around a campfire. Now on her fifth studio album, Want, the New Orleans native defies the expectations of what an Esther Rose album can be with bold indie rock arrangements and fuzzed-out guitars. As it’s depicted on the album’s cover, with a Rose in a gauzy white cotton dress beside a Rose in a black pleather catsuit, the album balances hard and soft, juxtaposing songs like the Liz Phair–esque track “Ketamine” with the stripped-down piano ballad “Color Wheel.” The album also includes “Scars,” a duet with Seattle-based troubadour Dean Johnson (no surprise, it’s absolutely beautiful). Ahead of her upcoming PNW tour dates, I caught up with Rose to hear all about her collection of "vintage leather clothin in all shapes."

If you missed out on tickets to her sold-out show at the Sunset Tavern on March 3, fear not! You can still catch Esther Rose in Bellingham at the Shakedown the day after.

Akasha Rabut

What was the first item you acquired in this collection?
When I was 28, I was gifted a hand-me-down cowboy jacket by a record label executive. It was mint 1950s red suede with fringe and patches. I thought it was kinda hideous, but it fit, so the first time I wore it was as a joke. But something sacred happened that night... an energetic switch turned ON. I became a believer in the power of vintage leather. I'm less interested in new leather, even if it's ethically and sustainably sourced, because I like the randomness of finding a one-of-a-kind item. It has to choose you.

Chris Acker

What is your favorite thing in your collection?
My high-waist motorcycle pants are perfect for tour. They always look stage-ready, and I never wash them—slightly gross yet very convenient.

Shelby Duncan

Tell me about an item you'd like to add to your collection or a new collection you'd like to start.
I would welcome a leather skirt or dress.

15:56

2022: "And while we were effectively silenced in the public debate, men do vote and that's a private thing."

15:07

Podcast: Why men hate the Dems. I tell my perspective of MeToo, and how that imho created enough anti-Dem energy to push Trump over the top. Polls won't tell you how the Dems got the rep of being the party run by women to cancel men, but I'm sure if we could cure that somehow, we could do everything we need to do to get American democracy working again. I did this in response to a Frum podcast where he and his guest conclude that the young folks are making a big mistake, they don't want the same old bullshit people coming back into power. Frum and Miller thought that the young men don't want was democracy, foolishly (I would agree) but there is real anger there, I know about it because I have it too. I still vote for Dems, but I also fear what happens if we snap back to the political correctness of Kirsten Gillibrand.

Another point -- I don't think any of us realize what an un-democratic US will be like. When the things that make us furious these days are just the normal way of the USA. I got that from listening to a New Yorker podcast yesterday about the Iranian perspective of what's happening (spoiler alert, since then the American war with Iran has started). They are so weary of the Islamic Revolution, they say and are right that Iran could be top 10 country, economically, except their government thinks this is the Middle Ages. They want to live in modernity, and they're probably the only ones who think a war with the US is a good idea. Because living in an autorcacy is unthinkable for Americans. We don't really appreciate what we're becoming. If we did, we still could do something about it. For us there will be no USA to save our asses (not that the US can save the Iranians, clearly we can't).

If you want to heal the country, watch out for ways you add division, and stop. It's probably the biggest power any of us has.

Neil Munro: Ningle Tutorial 15: Pagination, Part 2 [Planet Lisp]

BTW, I know Al Franken is an idiot. We're all idiots.

14:49

Introduction

Welcome back! We will be revisiting the pagination from last time, however we are going to try and make this easier on ourselves, I built a package for pagination mito-pager, the idea is that much of what we looked at in the last lesson was very boiler plate and repetitive so we should look at removing this.

I will say, my mito-pager can do a little more than just what I show here, it has two modes, you can use paginate-dao (named this way so that it is familiar to mito) to paginate over simple models, however, if you need to perform complex queries there is a macro with-pager that you can use to paginate. It is this second form we will use in this tutorial.

There is one thing to bear in mind, when using mito-pager, you must implement your data retrieval functions in such a way to return a values object, as mito-pager relies on this to work.

I encourge you to try the library out in other use-cases and, of course, if you have ideas, please let me know.

Changes

Most of our changes are quite limited in scope, really it's just our controllers and models that need most of the edits.

ningle-tutorial-project.asd

We need to add the mito-pager package to our project asd file.

- :ningle-auth)
+ :ningle-auth
+ :mito-pager)

src/controllers.lisp

Here is the real payoff! I almost dreaded writing the sheer volume of the change but then realised it's so simple, we only need to change our index function, and it may be better to delete it all and write our new simplified version.

(defun index (params)
  (let* ((user (gethash :user ningle:*session*))
         (req-page (or (parse-integer (or (ingle:get-param "page" params) "1") :junk-allowed t) 1))
         (req-limit (or (parse-integer (or (ingle:get-param "limit" params) "50") :junk-allowed t) 50)))
    (flet ((get-posts (limit offset) (ningle-tutorial-project/models:posts user :offset offset :limit limit)))
      (mito-pager:with-pager ((posts pager #'get-posts :page req-page :limit req-limit))
        (djula:render-template* "main/index.html" nil :title "Home" :user user :posts posts :pager pager)))))

This is much nicer, and in my opinion, the controller should be this simple.

src/main.lisp

We need to ensure we include the templates from mito-pager, this is a simple one line change.

 (defun start (&key (server :woo) (address "127.0.0.1") (port 8000))
    (djula:add-template-directory (asdf:system-relative-pathname :ningle-tutorial-project "src/templates/"))
+   (djula:add-template-directory (asdf:system-relative-pathname :mito-pager "src/templates/"))

src/models.lisp

As mentioned at the top of this tutorial, we have to implement our data retrieval functions in a certain way. While there are some changes here, we ultimately end up with less code.

We can start by removing the count parameter, we wont be needing it in this implementation, and since we don't need the count parameter anymore, the :around method can go too!

- (defgeneric posts (user &key offset limit count)
+ (defgeneric posts (user &key offset limit)
-
- (defmethod posts :around (user &key (offset 0) (limit 50) &allow-other-keys)
-   (let ((count (mito:count-dao 'post))
-         (offset (max 0 offset))
-         (limit (max 1 limit)))
-     (if (and (> count 0) (>= offset count))
-       (let* ((page-count (max 1 (ceiling count limit)))
-              (corrected-offset (* (1- page-count) limit)))
-         (posts user :offset corrected-offset :limit limit))
-       (call-next-method user :offset offset :limit limit :count count))))

There's two methods to look at, the first is when the type of user is user:

-
- (defmethod posts ((user user) &key offset limit count)
+ (defmethod posts ((user user) &key offset limit)
...
      (values
-         (mito:retrieve-by-sql sql :binds params)
-         count
-         offset)))
+         (mito:retrieve-by-sql sql :binds params)
+         (mito:count-dao 'post))))

The second is when the type of user is null:

-
- (defmethod posts ((user null) &key offset limit count)
+ (defmethod posts ((user null) &key offset limit)
...
    (values
-       (mito:retrieve-by-sql sql)
-       count
-       offset)))
+       (mito:retrieve-by-sql sql)
+       (mito:count-dao 'post))))

As you can see, all we are really doing is relying on mito to do the lions share of the work, right down to the count.

src/templates/main/index.html

The change here is quite simple, all we need to do is to change the path to the partial, we need to simply point to the partial provided by mito-pager.

- {% include "partials/pager.html" with url="/" title="Posts" %}
+ {% include "mito-pager/partials/pager.html" with url="/" title="Posts" %}

src/templates/partials/pagination.html

This one is easy, we can delete it! mito-pager provides its own template, and while you can override it (if you so wish), in this tutorial we do not need it anymore.

Conclusion

I hope you will agree that this time, using a prebuilt package takes a lot of the pain out of pagination. I don't like to dictate what developers should, or shouldn't use, so that's why last time you were given the same information I had, so if you wish to build your own library, you can, or if you want to focus on getting things done, you are more than welcome to use mine, and of course, if you find issues please do let me know!

Learning Outcomes

Level	Learning Outcome
Understand	Understand how third-party pagination libraries like `mito-pager` abstract boilerplate pagination logic, and how `with-pager` expects a fetch function returning `(values items count)` to handle page clamping, offset calculation, and boundary correction automatically.
Apply	Apply `flet` to define a local adapter function that bridges the project's `posts` generic function with `mito-pager`'s expected `(lambda (limit offset) ...)` interface, and use `with-pager` to reduce controller complexity to its essential logic.
Analyse	Analyse what responsibilities were transferred from the manual pagination implementation to `mito-pager` — count caching, boundary checking, offset calculation, page correction, and range generation — contrasting the complexity of both approaches.
Create	Refactor a manual pagination implementation to use `mito-pager` by simplifying model methods to return `(values items count)`, replacing complex multi-step controller calculations with `with-pager`, and delegating the pagination template partial to the library.

Github

The link for the custom pagination part of the tutorials code is available here.

Common Lisp HyperSpec

Symbol	Type	Why it appears in this lesson	CLHS
`defpackage`	Macro	Define project packages like `ningle-tutorial-project/models`, `/forms`, `/controllers`.	http://www.lispworks.com/documentation/HyperSpec/Body/m_defpac.htm
`in-package`	Macro	Enter each package before defining models, controllers, and functions.	http://www.lispworks.com/documentation/HyperSpec/Body/m_in_pkg.htm
`defgeneric`	Macro	Define the simplified generic `posts` function signature with keyword parameters `offset` and `limit` (the `count` parameter is removed).	http://www.lispworks.com/documentation/HyperSpec/Body/m_defgen.htm
`defmethod`	Macro	Implement the simplified `posts` methods for `user` and `null` types (the `:around` validation method is removed).	http://www.lispworks.com/documentation/HyperSpec/Body/m_defmet.htm
`flet`	Special Operator	Define the local `get-posts` adapter function that wraps `posts` to match `mito-pager`'s expected `(lambda (limit offset) ...)` interface.	http://www.lispworks.com/documentation/HyperSpec/Body/s_flet_.htm
`let*`	Special Operator	Sequentially bind `user`, `req-page`, and `req-limit` in the controller where each value is used in subsequent bindings.	http://www.lispworks.com/documentation/HyperSpec/Body/s_let_l.htm
`or`	Macro	Provide fallback values when parsing `page` and `limit` parameters, defaulting to 1 and 50 respectively.	http://www.lispworks.com/documentation/HyperSpec/Body/m_or.htm
`multiple-value-bind`	Macro	Capture the SQL string and bind parameters returned by `sxql:yield` in the model methods.	http://www.lispworks.com/documentation/HyperSpec/Body/m_multip.htm
`values`	Function	Return two values from `posts` methods — the list of results and the total count — as required by `mito-pager:with-pager`.	http://www.lispworks.com/documentation/HyperSpec/Body/a_values.htm
`parse-integer`	Function	Convert string query parameters (`"1"`, `"50"`) to integers, with `:junk-allowed t` for safe parsing.	http://www.lispworks.com/documentation/HyperSpec/Body/f_parse_.htm

12:35

Who is the Kimwolf Botmaster “Dort”? [Krebs on Security]

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home. This post examines what is knowable about Dort based on public information.

A public “dox” created in 2020 asserted Dort was a teenager from Canada (DOB August 2003) who used the aliases “CPacket” and “M1ce.” A search on the username CPacket at the open source intelligence platform OSINT Industries finds a GitHub account under the names Dort and CPacket that was created in 2017 using the email address jay.miner232@gmail.com.

Image: osint.industries.

The cyber intelligence firm Intel 471 says jay.miner232@gmail.com was used between 2015 and 2019 to create accounts at multiple cybercrime forums, including Nulled (username “Uubuntuu”) and Cracked (user “Dorted”); Intel 471 reports that both of these accounts were created from the same Internet address at Rogers Canada (99.241.112.24).

Dort was an extremely active player in the Microsoft game Minecraft who gained notoriety for their “Dortware” software that helped players cheat. But somewhere along the way, Dort graduated from hacking Minecraft games to enabling far more serious crimes.

Dort also used the nickname DortDev, an identity that was active in March 2022 on the chat server for the prolific cybercrime group known as LAPSUS$. Dort peddled a service for registering temporary email addresses, as well as “Dortsolver,” code that could bypass various CAPTCHA services designed to prevent automated account abuse. Both of these offerings were advertised in 2022 on SIM Land, a Telegram channel dedicated to SIM-swapping and account takeover activity.

The cyber intelligence firm Flashpoint indexed 2022 posts on SIM Land by Dort that show this person developed the disposable email and CAPTCHA bypass services with the help of another hacker who went by the handle “Qoft.”

“I legit just work with Jacob,” Qoft said in 2022 in reply to another user, referring to their exclusive business partner Dort. In the same conversation, Qoft bragged that the two had stolen more than $250,000 worth of Microsoft Xbox Game Pass accounts by developing a program that mass-created Game Pass identities using stolen payment card data.

Who is the Jacob that Qoft referred to as their business partner? The breach tracking service Constella Intelligence finds the password used by jay.miner232@gmail.com was reused by just one other email address: jacobbutler803@gmail.com. Recall that the 2020 dox of Dort said their date of birth was August 2003 (8/03).

Searching this email address at DomainTools.com reveals it was used in 2015 to register several Minecraft-themed domains, all assigned to a Jacob Butler in Ottawa, Canada and to the Ottawa phone number 613-909-9727.

Constella Intelligence finds jacobbutler803@gmail.com was used to register an account on the hacker forum Nulled in 2016, as well as the account name “M1CE” on Minecraft. Pivoting off the password used by their Nulled account shows it was shared by the email addresses j.a.y.m.iner232@gmail.com and jbutl3@ocdsb.ca, the latter being an address at a domain for the Ottawa-Carelton District School Board.

Data indexed by the breach tracking service Spycloud suggests that at one point Jacob Butler shared a computer with his mother and a sibling, which might explain why their email accounts were connected to the password “jacobsplugs.” Neither Jacob nor any of the other Butler household members responded to requests for comment.

The open source intelligence service Epieos finds jacobbutler803@gmail.com created the GitHub account “MemeClient.” Meanwhile, Flashpoint indexed a deleted anonymous Pastebin.com post from 2017 declaring that MemeClient was the creation of a user named CPacket — one of Dort’s early monikers.

Why is Dort so mad? On January 2, KrebsOnSecurity published The Kimwolf Botnet is Stalking Your Local Network, which explored research into the botnet by Benjamin Brundage, founder of the proxy tracking service Synthient. Brundage figured out that the Kimwolf botmasters were exploiting a little-known weakness in residential proxy services to infect poorly-defended devices — like TV boxes and digital photo frames — plugged into the internal, private networks of proxy endpoints.

By the time that story went live, most of the vulnerable proxy providers had been notified by Brundage and had fixed the weaknesses in their systems. That vulnerability remediation process massively slowed Kimwolf’s ability to spread, and within hours of the story’s publication Dort created a Discord server in my name that began publishing personal information about and violent threats against Brundage, Yours Truly, and others.

Dort and friends incriminating themselves by planning swatting attacks in a public Discord server.

Last week, Dort and friends used that same Discord server (then named “Krebs’s Koinbase Kallers”) to threaten a swatting attack against Brundage, again posting his home address and personal information. Brundage told KrebsOnSecurity that local police officers subsequently visited his home in response to a swatting hoax which occurred around the same time that another member of the server posted a door emoji and taunted Brundage further.

Dort, using the alias “Meow,” taunts Synthient founder Ben Brundage with a picture of a door.

Someone on the server then linked to a cringeworthy (and NSFW) new Soundcloud diss track recorded by the user DortDev that included a stickied message from Dort saying, “Ur dead nigga. u better watch ur fucking back. sleep with one eye open. bitch.”

“It’s a pretty hefty penny for a new front door,” the diss track intoned. “If his head doesn’t get blown off by SWAT officers. What’s it like not having a front door?”

With any luck, Dort will soon be able to tell us all exactly what it’s like.

Update, 10:29 a.m.: Jacob Butler responded to requests for comment, speaking with KrebsOnSecurity briefly via telephone. Butler said he didn’t notice earlier requests for comment because he hasn’t really been online since 2021, after his home was swatted multiple times. He acknowledged making and distributing a Minecraft cheat long ago, but said he hasn’t played the game in years and was not involved in Dortsolver or any other activity attributed to the Dort nickname after 2021.

“It was a really old cheat and I don’t remember the name of it,” Butler said of his Minecraft modification. “I’m very stressed, man. I don’t know if people are going to swat me again or what. After that, I pretty much walked away from everything, logged off and said fuck that. I don’t go online anymore. I don’t know why people would still be going after me, to be completely honest.”

When asked what he does for a living, Butler said he mostly stays home and helps his mom around the house because he struggles with autism and social interaction. He maintains that someone must have compromised one or more of his old accounts and is impersonating him online as Dort.

“Someone is actually probably impersonating me, and now I’m really worried,” Butler said. “This is making me relive everything.”

But there are issues with Butler’s timeline. For example, Jacob’s voice in our phone conversation was remarkably similar to the Jacob/Dort whose voice can be heard in this Sept. 2022 Clash of Code competition between Dort and another coder (Dort lost). At around 6 minutes and 10 seconds into the recording, Dort launches into a cursing tirade that mirrors the stream of profanity in the diss rap that Dortdev posted threatening Brundage. Dort can be heard again at around 16 minutes; at around 26:00, Dort threatens to swat his opponent.

Butler said the voice of Dort is not his, exactly, but rather that of an impersonator who had likely cloned his voice.

“I would like to clarify that was absolutely not me,” Butler said. “There must be someone using a voice changer. Or something of the sorts. Because people were cloning my voice before and sending audio clips of ‘me’ saying outrageous stuff.”

11:49

Pluralistic: California can stop Larry Ellison from buying Warners (28 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

California can stop Larry Ellison from buying Warners: These are the right states' rights.
Hey look at this: Delights to delectate.
Object permanence: RIP Octavia Butler; "Midnighters"; Freeman Dyson on "The Information"; Korean Little Brother filibuster; Privacy isn't property; With Great Power Came No Responsibility; Unsellable A-holes; Cardboard Cthulhu; Chinese map fuzzing.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

California can stop Larry Ellison from buying Warners (permalink)

For months, the hottest will-they/won't-they drama in Hollywood concerned the suitors for Warners, up for sale again after being bought, merged, looted and wrecked by the eminently guillotineable David Zaslav:

https://www.youtube.com/watch?v=izC9o3LhnVk

From the start, it was clear that Warners would be sucked dry and discarded, but the Trump 2024 election turned the looting of Warners' corpse into a high-stakes political drama.

On the one hand, you had Netflix, who wanted to buy Warners and use them to make good movies, but also to kill off movie theaters forever by blocking theatrical distribution of Warners' products.

On the other hand, you had Paramount, owned by the spray-tan cured tech billionaire jerky Larry Ellison, though everyone is supposed to pretend that Ellison's do-nothing/know-nothing/amounts-to-nothing son Billy (or whatever who cares) Ellison is running the show.

Ellison's plan was to buy Warners and fold it into the oligarchic media capture project that's seen Ellison replace the head of CBS with the tedious mediocrity Bari Weiss:

https://www.wnycstudios.org/podcasts/otm/articles/the-centurylong-capture-of-us-media

This is a multi-pronged media takeover that includes Jeff Bezos neutering the Washington Post, Elon Musk turning Twitter into a Nazi bar, and Trump stealing Tiktok and giving it to Larry Ellison. If Ellison gains control over Warners, you can add CNN to the nonsense factory.

But for a while there, it looked like the Ellisons would lose the bidding. Little Timmy (or whatever who cares) Ellison only has whatever money his dad parks in his bank account for tax purposes, and Larry Ellison is so mired in debt that one margin call could cost him his company, his fighter jet, and his Hawaiian version of Little St James Island.

Warners' board may not give a shit about making good media or telling the truth or staving off fascism, but they do want to get paid, and Netflix has money in the bank, whereas Ellison only has the bank's money (for now).

But last week, the dam broke: Warners' board indicated they'd take Paramount's offer, and Netflix withdrew their offer, and so that's that, right? It's not like Trump's FTC is going to actually block this radioactively illegal merger, despite the catastrophic corporate consolidation that would result, with terrible consequences for workers, audiences, theaters, cable operators and the entire supply chain.

Not so fast! The Clayton Act – which bars this kind of merger – is designed to be enforced by the feds, state governments, and private parties. That means that California AG Rob Bonta can step in to block this merger, which he's getting ready to do:

https://prospect.org/2026/02/27/states-can-block-paramount-warner-deal/

As David Dayen writes in The American Prospect, state AGs block mergers all the time, even when the feds decline to step in – just a couple years ago, Washington state killed the Kroger/Albertsons merger.

The fact that antitrust laws can be enforced at the state level is a genius piece of policy design. As the old joke goes, "AG" stands for "aspiring governor," and the fact that state AGs can step in to rescue their voters from do-nothing political hacks in Washington is catnip for our nation's attorneys general.

Bonta is definitely feeling his oats: he's also going after Amazon for price-fixing, picking up a cause that Trump dropped after Jeff Bezos ordered the Washington Post to cancel its endorsement of Kamala Harris, paid a million bucks to sit on the inaugural dais, millions more to fund the White House Epstein Memorial Ballroom and $40m more to make an unwatchable turkey of a movie about Melania Trump.

Can you imagine how stupid Bezos is going to feel when all of his bribes to Trump cash out to nothing after Rob Bonta publishes Amazon's damning internal memos and then fines the company a gazillion dollars?

It's a testament to the power of designing laws so they can be enforced by multiple parties. And as cool as it is to have a law that state AGs can enforce, it's way cooler to have a law that can be enforced by members of the public.

This is called a "private right of action" – the thing that lets impact litigation shops like Planned Parenthood, EFF, and the ACLU sue over violations of the public's rights. The business lobby hates the private right of action, because they think (correctly) that they can buy off enough regulators and enforcers to let them get away with murder (often literally), but they know they can't buy off every impact litigation shop and every member of the no-win/no-fee bar.

For decades, corporate America has tried to abolish the public's right to sue companies under any circumstances. That's why so many terms of service now feature "binding arbitration waivers" that deny you access to the courts, no matter how badly you are injured:

https://pluralistic.net/2025/10/27/shit-shack/#binding-arbitration

But long before Antonin Scalia made it legal to cram binding arbitration down your throat, corporate America was pumping out propaganda for "tort reform," spreading the story that greedy lawyers were ginning up baseless legal threats to extort settlements from hardworking entrepreneurs. These stories are 99.9% bullshit, including urban legends like the "McDonald's hot coffee" lawsuit:

https://pluralistic.net/2022/06/12/hot-coffee/#mcgeico

Ever since Reagan, corporate America has been on a 45-year winning streak. Nothing epitomizes the arrogance of these monsters more than the GW Bush administration's sneering references to "the reality-based community":

We're an empire now, and when we act, we create our own reality. And while you're studying that reality – judiciously, as you will – we'll act again, creating other new realities, which you can study too, and that's how things will sort out. We're history's actors…and you, all of you, will be left to just study what we do.

https://en.wikipedia.org/wiki/Reality-based_community

Giving Ellison, Bezos and Musk control over our media seems like the triumph of billionaires' efforts to "create their own reality," and indeed, for years, they've been able to gin up national panics over nothingburgers like "trans ideology," "woke" and "the immigration crisis."

But just lately, that reality-creation machine has started to break down. Despite taking over the press, locking every reality-based reporter out of the White House, and getting Musk, Zuck and Ellison to paint their algorithms spray-tan orange, people just fucking hate Trump. He is underwater on every single issue:

https://www.gelliottmorris.com/p/ahead-of-state-of-the-union-address

Despite the full-court press – from both the Dem and the GOP establishment – to deny the genocide in Gaza and paint anyone (especially Jews like me) who condemn the slaughter as "antisemites," Americans condemn Israel and are fully in the tank for Palestinians:

https://news.gallup.com/poll/702440/israelis-no-longer-ahead-americans-middle-east-sympathies.aspx

Despite throwing massive subsidies at coal and tying every available millstone around renewables' ankles before throwing all the solar panels and windmills into the sea, renewables are growing and – to Trump's great chagrin – oil companies can't find anyone to loan them the money they need to steal Venezuela's oil:

https://kschroeder.substack.com/p/earning-optimism-in-2026

Reality turns out to be surprisingly stubborn, and what's more, it has a pronounced left-wing bias. Putting little Huey (or whatever who cares) Ellison in charge of Warners will be bad news for the news, for media, for movies and TV, and for my neighbors in Burbank. But when it comes to shaping the media, Freddy (or whatever who cares) Ellison will continue to eat shit.

Hey look at this (permalink)

Newspapers Did Not Kill Themselves https://prospect.org/2026/02/26/newspapers-did-not-kill-themselves-jeffrey-epstein-mort-zuckerman-daily-news/
Democrats Should Launch a “Nuremberg Caucus” to Investigate the Crimes of the Trump Regime https://www.thenation.com/article/politics/democrats-nuremberg-caucus-trump-administration-crimes/
Two-thirds of Americans want term limits for Supreme Court justices https://www.gelliottmorris.com/p/two-thirds-of-americans-want-term
On the Democratic Party Style https://coreyrobin.com/2026/02/26/on-the-democratic-party-style/
Hannah Spencer gives DEFIANT victory speech as she wins Gorton & Denton for the Greens https://www.youtube.com/watch?v=KrzLQ294guI&t=473s

Object permanence (permalink)

#25yrsago Mormon guide to overcoming masturbation https://web.archive.org/web/20071011023731/http://www.qrd.org/qrd/religion/judeochristian/protestantism/mormon/mormon-masturbation

#20yrsago Midnighters: YA horror trilogy mixes Lovecraft with adventure https://memex.craphound.com/2006/02/26/midnighters-ya-horror-trilogy-mixes-lovecraft-with-adventure/

#20yrsago RIP, Octavia Butler https://darkush.blogspot.com/2006/02/octavia-butler-died-saturday.html

#20yrsago Disney hiring “Intelligence Analyst” to review “open source media” https://web.archive.org/web/20060303165009/http://www.defensetech.org/archives/002199.html

#20yrsago MPAA exec can’t sell A-hole proposal to tech companies https://web.archive.org/web/20060325013506/http://lawgeek.typepad.com/lawgeek/2006/02/variety_mpaa_ca.html

#15yrsago Why are America’s largest corporations paying no tax? https://web.archive.org/web/20110226160552/https://thinkprogress.org/2011/02/26/main-street-tax-cheats/

#15yrsago Articulated cardboard Cthulhu https://web.archive.org/web/20110522204427/http://www.strode-college.ac.uk/teaching_teams/cardboard_catwalk/285

#15yrsago Freeman Dyson reviews Gleick’s book on information theory https://www.nybooks.com/articles/2011/03/10/how-we-know/?pagination=false

#15yrsago 3D printing with mashed potatatoes https://www.fabbaloo.com/2011/02/3d-printing-potatoes-with-the-rapman-html

#15yrsago TVOntario’s online archive, including Prisoners of Gravity! https://web.archive.org/web/20110226021403/https://archive.tvo.org/

#10yrsago _applyChinaLocationShift: In China, national security means that all the maps are wrong https://web.archive.org/web/20160227145529/http://www.travelandleisure.com/articles/digital-maps-skewed-china

#10yrsago Teaching kids about copyright: schools and fair use https://www.youtube.com/watch?v=hzqNKQbWTWc

#10yrsago Ghostwriter: Trump didn’t write “Art of the Deal,” he read it https://web.archive.org/web/20160229034618/http://www.deathandtaxesmag.com/264591/donald-trump-didnt-write-art-deal-tony-schwartz/

#10yrsago The biggest abortion lie of all: “They do it for the money” https://www.bloomberg.com/features/2016-abortion-business/

#10yrsago NHS junior doctors show kids what they do, kids demand better of Jeremy Hunt https://juniorjuniordoctors.tumblr.com/

#10yrsago Nissan yanks remote-access Leaf app — 4+ weeks after researchers report critical flaw https://www.theverge.com/2016/2/25/11116724/nissan-nissanconnect-app-hack-offline

#10yrsago Think you’re entitled to compensation after being wrongfully imprisoned in California? Nope. https://web.archive.org/web/20160229013042/http://modernluxury.com/san-francisco/story/the-crazy-injustice-of-denying-exonerated-prisoners-compensation

#10yrsago BC town votes to install imaginary GPS trackers in criminals https://web.archive.org/web/20160227114334/https://motherboard.vice.com/read/canadian-city-plans-to-track-offenders-with-technology-that-doesnt-even-exist-gps-implant-williams-lake

#10yrsago New Zealand’s Prime Minister: I’ll stay in TPP’s economic suicide-pact even if the USA pulls out https://www.techdirt.com/2016/02/26/new-zealand-says-laws-to-implement-tpp-will-be-passed-now-despite-us-uncertainties-wont-be-rolled-back-even-if-tpp-fails/

#10yrsago South Korean lawmakers stage filibuster to protest “anti-terror” bill, read from Little Brother https://memex.craphound.com/2016/02/26/south-korean-lawmakers-stage-filibuster-to-protest-anti-terror-bill-read-from-little-brother/

#5yrsago Privacy is not property https://pluralistic.net/2021/02/26/meaningful-zombies/#luxury-goods

#1yrago With Great Power Came No Responsibility https://pluralistic.net/2025/02/26/ursula-franklin/#franklinite

Upcoming appearances (permalink)

Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1022 words today, 40256 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

11:21

CURRENT Events [The Non-Adventures of Wonderella]

There's a Bitcoin joke here if I knew enough about Bitcoin to make one.

10:21

How to win a bidding war [Seth's Blog]

Pundits are saying that Netflix “lost” the bidding for Warner.

Actually, they won. They didn’t just win because they got a nearly $3 billion breakup fee.

They won because in just about every contentious public auction, the winner is the one who is willing to overpay the most.

The best way to win a bidding war is to not bid.

09:35

Irregular Webcomic! #3050 [Irregular Webcomic!]

Irregular Webcomic! #3050

02:49

Pop Loser: This Week in Music News [The Stranger]

This week's music news. by Audrey Vann

The 2026 Capitol Hill Block Party lineup is here. This year’s lineup dives back into the pop sphere with gems like MUNA, Magdalena Bay, Wet Leg, and Parcels, plus DJ sets from Trixie Mattel and Tinashe. The festival will once again be 21+ in an effort, according to Daydream State, to “[optimize] the footprint across the Pike/Pine corridor to deliver an elevated fan experience while supporting neighborhood flow and local businesses,” aka hopefully avoid Chappell Roan–sized crowds. (I was there, and I was afraid for my life—can someone please make commemorative shirts that say “I Survived Chappell Roan at CHBP 2024?”)

The ZooTunes lineup has also dropped, and it’s really good this year. Highlights include Pavement, the Breeders (with Team Dresch!), and Belle and Sebastian, celebrating the 30th anniversary of If You’re Feeling Sinister with Quasi. See the full lineup over on the ZooTunes website.

Pioneering French electronic musician Éliane Radigue has died at 94. Known for reinventing the synthesizer through “meditative and feedback-drenched sonic explorations” (the Guardian), Radigue released over two dozen albums in her lifetime that pushed the boundaries of what music can be. The best way I could describe her sound is like holding your ear up to a seashell (which there happens to be a beautiful image of her doing). Her 1986 ambient composition, Jetsun Mila, remains one of my favorite things to listen to while I write.

RIP Willie Colón and Lil Poppa. On Saturday, family confirmed that pioneering salsa trombonist Willie Colón died at the age of 75. Along with his 40-plus-album discography, he was also known for musical partnerships with artists ranging from Celia Cruz to David Byrne. Jacksonville rapper Lil Poppa died by suicide on Thursday at 25. The young artist began making music at 7 years old, writing religious raps for his church before pivoting to secular music, which led to his breakthrough single “Purple Hearts” at just 18.

LEAVE LIZA ALONE! While promoting her new memoir, Kids, Wait Till You Hear This!, legend, icon, and my president Liza Minnelli has claimed that the Academy “inexplicably ordered” her to sit in a wheelchair at her 2022 Oscars appearance with Lady Gaga. She told Variety, “I was told it was because of my age, and for safety reasons, because I might slip out of the director’s chair, which was bullshit. I will not be treated this way, I said. I was heartbroken. I was much lower down than I would have been in the director’s chair. Now I couldn’t easily read the teleprompter above me.”

Bad Bunny represents the USA better than the president, survey finds. A recent poll, conducted by Yahoo! and YouGov after the Super Bowl, found that more Americans feel better represented by the Puerto Rican star than the president. What is surprising is that slightly more participants identified themselves as Republicans than Democrats.

Did you watch Alysa Liu’s free skate!? I have watched it at least 15 times with tears streaming down my face. The 20-year-old team USA figure skater won a gold medal with her joyful performance to Donna Summer’s “MacArthur Park.”

00:28

Erasing Gates [The Stranger]

In light of the Epstein files, should Bill Gates' name be on a building at University of Washington? by Marcus Harrison Green

There's a specific kind of lie that powerful men tell when the walls start closing in: the minimizing lie, the "it wasn't what it looked like" lie, the "I was barely there" lie. Bill Gates tried that last one earlier this month, insisting his relationship with convicted child sex offender Jeffrey Epstein was limited to dinners.

"It's factually true that I was only at dinners," Gates said. He claimed he "never met any women." The Epstein Files just proved otherwise—young women were present, and there are photos. According to some, no amount of philanthropic goodwill should erase that.

But in Seattle, philanthropic goodwill has erased a lot. A name on a building is a command: suspend memory, smooth the sharp edges, turn biography into infrastructure, and controversy into cornerstone. It dares you to forget that the name above the door still belongs to someone who breathes, errs, and benefits from the power that placed it there.

For years at the University of Washington, the Gates name has been exactly that: civic wallpaper. It crowns the Bill and Melinda Gates Center for Computer Science and Engineering in large letters, like a title for the simple story this city tells itself. Local boy becomes tech titan, tech titan becomes global humanitarian, city becomes beneficiary. Clean. Uncomplicated. Unquestioned. In the wake of the Epstein files, one 22-year-old journalism student couldn't let that story go unchallenged.

Last week, UW student Jaya Parsons published an op-ed in The Daily, the university's student newspaper, calling for Gates' name to be removed from campus buildings. The headline was unambiguous—Bill Gates is in the Epstein files. UW should take his name off its buildings in response—and the message pointed.

Gates' repeated appearances in the files, coupled with his admitted meetings with Epstein after Epstein's 2008 conviction for soliciting a minor, were "more than enough to make anyone uncomfortable to see Gates' name on their way to class." Parsons walked by the Bill and Melinda Gates Center everyday.

The column landed like a match in dry grass because it named something that has been hovering at the edge of Seattle's civic life for years: the quiet bargain institutions make when a benefactor becomes too big to criticize.

"I definitely did not expect as many people to see it as people did," Parsons told me over Zoom.

Classmates and professors thanked her for saying what they had been thinking, a surprise.

"I hadn’t really heard people talk about it," she said. "So I wanted to at least let people know that this is something that could be happening and maybe we should pay attention to it."

UW did not respond to her two requests for comment.

She wasn't expecting demolition orders, just acknowledgement. "I mostly just wanted to hear why these buildings are named after him, and what we think about seeing his name every day."

The university didn’t respond to The Stranger either.

Silence, in moments like this, becomes its own posture.

Gates has not been accused of criminal conduct by any of Epstein's victims. But his explanations have shifted, narrowed, and widened again under pressure. Gates has buckled, if only a little. This week, in a town hall with Gates Foundation staff, he called his relationship with Epstein a "huge mistake," and apologized to employees for bringing foundation executives into contact with Epstein. But still he insisted "I did nothing illicit. I saw nothing illicit."

The problem is not that Gates has been charged with a crime. It’s that new disclosures are overtaking his lies: meetings around the globe, flights on Epstein's plane, the presence of young women at gatherings, and evolving acknowledgments about the scope of their contact. What was once framed as peripheral now appears more sustained, like a relationship between two fabulously wealthy men. What was described as trivial now reads as misjudged at best.

"If these buildings around campus were called the 'Jeffrey Epstein Library,'" Parsons wrote in The Daily, "they'd have hopefully been changed long ago."

But we treat proximity to harm differently when the proximity comes with billions attached. Money is like duct tape over the mouth.

As of 2017, the Bill & Melinda Gates Foundation had awarded UW more than 250 grants totaling nearly $1.25 billion. This philanthropy has been woven so deeply into the institution's financial and research infrastructure that the prospect of removing Gates' name is not simply a reputational concern. It is a reckoning with dependency.

It is easier to leave the letters in place when Trump is a threat to higher education funding and the university has already faced layoffs tied to budget shortfalls. Staying in the good graces of a “good billionaire” is security.

Tim Schwab, author of The Bill Gates Problem: Reckoning with the Myth of the Good Billionaire, has long argued that Gates’ philanthropy has discouraged scrutiny.

If this were only a matter of reputation, it would be confined to op-eds and campus debates. But the Gates Foundation is not merely a personal vehicle for his generosity; it is an $86 billion institution operating under a tax-advantaged status that effectively subsidizes its power with public dollars. That scale alone raises regulatory questions, precisely because philanthropy, as currently structured, enjoys massive public subsidy with comparatively minimal democratic oversight. But they’re not actually above scrutiny, legal or otherwise.

So the question becomes: does anyone actually have the authority to hold it accountable? When I asked Washington Attorney General Nick Brown's office, Deputy Communications Director Mike Faulk responded bluntly:

“We don’t speculate about our decision-making regarding any potential investigatory matters… If the question is just whether we have the authority to investigate nonprofits and charities, the answer is yes, state law does give us that kind of authority.”

At UW, naming decisions sit with the Board of Regents, and policy allows for reconsideration in certain circumstances. Parsons doesn’t believe they’ll do anything.

But she rejects the idea that raising the question is trivial or performative. "I think there's nothing wrong with caring about something like this. That's not some waste of time."

For her, the point is not immediate victory; it is civic muscle. Universities are places where people are supposed to question power, not rehearse deference to it. Even if the name never comes down, she argues, asking why it’s there, and whether it still reflects the institution’s values, is exactly the kind of scrutiny higher education claims to teach.

Friday, 27 February

23:42

Windows Server Insider builds can now boot from ReFS [OSnews]

The file system of the Windows operating system is NTFS, whether you’re running it on a desktop/laptop or server. It’s the only file system Windows can run on and boot from, at least officially, so you’re not even given a choice of file systems for the boot volume like you are on, say, desktop Linux. That’s about to change, though: Microsoft has finally announced that Windows Server will be able to boot from ReFS.

We’re excited to announce that Resilient File System (ReFS) boot support is now available for Windows Server Insiders in Insider Preview builds. For the first time, you can install and boot Windows Server on an ReFS-formatted boot volume directly through the setup UI. With ReFS boot, you can finally bring modern resilience, scalability, and performance to your server’s most critical volume — the OS boot volume.
↫ chcurlet-msft at Microsoft’s Tech Community

Without diving too much into the weeds, ReFS can roughly be seen as Microsoft’s answer to modern file systems like ZFS and Btrfs, with comparable design goals and feature sets. It’s been around since 2012, but only for Windows Server, and with every Windows Server release since, the company has improved performance, added new features, and fixed bugs. Now, in 2026, it seems Microsoft thinks ReFS is ready to be used as a bootable file system for Windows Server.

If you want to try this for yourself, you need to be a Windows Insider and make sure you have Windows Server build 29531.1000.260206-1841 or newer. During installation, the Windows installer will ask you to choose between NTFS and ReFS; the rest of the installation process will be pretty much the same as before. Now all we need is to wait for ReFS to become an option on client versions of Windows too, which would mark – arguably – only the second time in history Windows transitioned from one default filesystem to the another.

Councilmember Kettle Insists Surveillance Tech Is Safe [The Stranger]

Let’s set the record straight on Mr. Kettle's claims. by Micah Yip

Councilmember Bob Kettle wanted to dispel “misconceptions” about Seattle’s surveillance program. Ahead of Tuesday’s Public Safety Committee meeting, which he chairs, Kettle issued a press release arguing that tools like CCTV cameras, automatic license plate readers (ALPRs) and the Real-Time Crime Center (RTCC) are an effective crime deterrent that doesn’t jeopardize vulnerable populations as severely as has been reported.

In his release, he argued that the “implementation of ALPR, CCTV and RTCC technology in Seattle is not a choice between public safety and personal privacy—it is a smart and responsive commitment to both.” His argument was a bizarre combination of misdirects (claiming we’re safe because we don’t use Flock-brand cameras for our license plate readers), irrelevant details (assuring Seattleites that cops aren’t watching all of the cameras at all times) and anecdotal evidence (arguing that CCTV cameras reduce crime, based on vibes).

This stunt comes amid public outcry against surveillance technology. Community members and advocacy groups worry that surveillance data can leave marginalized communities vulnerable to federal tracking. And their concerns aren’t theoretical—in Washington state and across the country, federal authorities have accessed local surveillance data, raising questions about how much protections local guardrails actually provide.

So let’s set the record straight on his four claims.

Deterring Violent Crime

When we talk about CCTV cameras, researchers most commonly cite a 40-year systematic review by CUNY that found no evidence that CCTV cameras reduce violent crime. But in his press release, Kettle wanted his constituents to focus on another line in the study, which said the results support the use of cameras to deter (non-violent) crime. “It can help address property crime and has always been intended to help with a variety of crimes beyond violent crime,” he wrote.”

However, at the Tuesday press conference, Kettle doubled down on the idea that the program could still deter violent crime. He gave an example of a recent shooting at Second Avenue and James Street. Using surveillance footage, police were able to quickly identify and apprehend a suspect, said Kettle.

You may notice that that’s an example of footage used in solving a crime, not deterring it.

But according to Kettle’s logic, being able to rapidly identify and arrest suspects prevents future crimes by removing repeat offenders from the streets. “If somebody is so blatant to shoot someone in the back of the head, they may have done some other crimes,” he said.

When asked again what evidence Kettle has that Seattle’s CCTV deters violent crime before it happens, Kettle acknowledged the city hasn’t yet completed its formal evaluation, which is currently in progress by the University of Pennsylvania. But he still doubled down on his argument that the cameras are a deterrent, because if bad actors know they’re being watched, their operations will be disrupted and delayed, allowing local authorities more time to investigate and apprehend. What evidence does Kettle have of that? “I believe it to be true based on anecdotal,” he said.

But It’s Not Flock!

He’s right. Seattle doesn’t contract with Flock, the notoriously fed-friendly tech vendor. But we do have our own automatic license plate readers (ALPRs), provided by a surveillance company called Axon. And according to Tee Sannon, ACLU of Washington’s technology policy program director, there are no laws in Washington state that govern ALPRs.

The State Senate is currently considering Senate Bill 6002, which would regulate how jurisdictions in Washington handle ALPR data. It would create a 21 day retention period, meaning after 21 days, the data would be deleted, unless it had been pulled within that time frame for an investigation. The 21-day-retention schedule isn’t much of a reform, as jurisdictions in Washington generally stick to a 30 day time limit. Seattle’s is much longer—the Seattle Police Department keeps ALPR data for 90 days. “Thirty days is a very long time to keep basically a database of almost entirely [data of] people that are not associated with wrongdoing,” Sannon says.

ACLU-WA (and Kettle) both support the bill.

Surveillance Data Isn’t Safe From the Feds

In his press release, Kettle specifically focused on the argument that surveillance data might be insecure because it’s stored out-of-state, and therefore outside of Washington’s protective laws. “DHS has no access to SPD data regarding civil matters (such as immigration) unless the federal government subpoenas footage from the vendor. SPD owns this data, regardless of where it is stored,” he wrote.

Requiring a subpoena doesn’t eliminate the potential for federal access—it formalizes it. He also pointed to the guardrail added by Councilmember Alexis Mercedes Rinck, which triggers a 60-day shutdown of the CCTV program if the feds subpoena any data—which still allows data to get into their grubby hands before it’s paused.

“Is it perfect? Probably not,” Kettle said at his press conference. “I’m not making that claim that we’re 100 percent intact.”

Translation: Our surveillance data isn’t safe.

Seattle Police Officers aren’t constantly monitoring cameras at the RTCC.

His final note in his press release ensured Seattleites that there isn’t a desk monkey watching your every move through the city’s CCTV program. No one thinks they are. Thanks, Bob.

22:56

US lawmakers push for age verification at the operating system level [OSnews]

Encryption backdoors, social media bans for children, creepy age verification for applications – what will they think of next? The latest brilliant idea by US lawmakers sure is a hell of a doozy: legally mandated age verification in every single operating system.

Colorado’s SB26-051, introduced last month, would require operating systems to register the owner’s age, which third-party apps can then leverage to determine if the user is an adult. The bill calls for the device owner to register their birthdate or age, but for the purposes of creating an “age bracket,” which can then be shared to an app developer through an API to learn their age range, according to BiometricUpdate.com.
[…]
Ball also said the legislation was based on California’s bill AB 1043, which was passed last year. It too requires OS makers to create a way for the device owner to register their age bracket, which can then be shared to app developers over an API. The California law starts to take effect January 1, 2027.
↫ Michael Kan at PCMag

Age verification to protect children sounds innocent enough, but if you have more than two brain cells to rub together it’s crystal clear that what we’re really looking at is the true end of privacy and online anonymity. If age verification is only used by certain applications, it’s easy enough to avoid them, but if it becomes part of Windows, desktop Linux, Android, it’s truly game over. Nobody will be anonymous online ever again, and nobody will have any sense of privacy left when opening up their computer.

Worse yet, if you do end up using an operating system that doesn’t adhere to this law, or you hack out or circumvent the age verification nonsense, you’ll automatically become an easy target for law enforcement. Clearly, if you circumvent age verification, you must be up to no good, right? Of course, as we’ve seen in countries with heavily deteriorating democracies and freedoms, like the US or Hungary, even merely opposing the government will be classified as “up to no good”, and let’s not even get started about the various minorities these countries are actively trying to eradicate.

If something like this is enshrined in law in your country, you’re fucked.

22:21

Friday Squid Blogging: Squid Fishing in Peru [Schneier on Security]

Peru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

22:07

Petter Reinholdtsen: Free software toolchain for the simplest RISC-V CPU in a small FPGA? [Planet Debian]

On Wednesday I had the pleasure of attending a presentation organized by the Norwegian Unix Users Group on implementing RISC-V using a small FPGA. This project is the result of a university teacher wanting to teach students assembly programming using a real instruction set, while still providing a simple and transparent CPU environment. The CPU in question implements the smallest set of opcodes needed to still call the CPU a RISC-V CPU, the RV32I base set. The author and presenter, Kristoffer Robin Stokke, demonstrated how to build both the FPGA setup and a small startup code providing a "Hello World" message over both serial port and a small LCD display. The FPGA is programmed using VHDL, the entire source code is available from github, but unfortunately the target FPGA setup is compiled using the proprietary tool Quartus. It is such a pity that such a cool little piece of free software should be chained down by non-free software, so my friend Jon Nordby set out to see if we can liberate this small RISC-V CPU. After all, it would be unforgivable sin to force students to use non-free software to study at the University of Oslo.

The VHDL code for the CPU instructions itself is only 1138 lines, if I am to believe wc -l lib/riscv_common/* lib/rv32i/*. On the small FPGA used during the talk, the entire CPU, ROM, display and serial port driver only used up half the capacity. These days, there exists a free software toolchain for FPGA programming not only in Verilog but also in VHDL, and we hope the support in yosys, ghdl, and yosys-plugin-ghdl (sadly and strangely enough, removed from Debian unstable) is complete enough to at least build this small and simple project with some minor portability fixes. Or perhaps there are other approaches that work better? The first patches are already floating on github, to make the VHDL code more portable and to test out the build. If you are interested in running your own little RISC-V CPU on a FPGA chip, please get in touch.

At the moment we sadly have hit a GHDL bug, which we do not quite know how to work around or fix:

******************** GHDL Bug occurred ***************************
Please report this bug on https://github.com/ghdl/ghdl/issues
GHDL release: 5.0.1 (Debian 5.0.1+dfsg-1+b1) [Dunoon edition]
Compiled with unknown compiler version
Target: x86_64-linux-gnu
/scratch/pere/src/fpga/memstick-fpga-riscv-upstream/
Command line:

Exception CONSTRAINT_ERROR raised
Exception information:
raised CONSTRAINT_ERROR : synth-vhdl_expr.adb:1763 discriminant check failed
******************************************************************

Thus more work is needed. For me, this simple project is the first stepping stone for a larger dream I have of converting the MESA machine controller system to build its firmware using a free software toolchain. I just need to learn more FPGA programming first. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Jails for NetBSD [OSnews]

FreeBSD has its jails technology, and it seems NetBSD might be getting something similar soon.

Jails for NetBSD aims to bring lightweight, kernel-enforced isolation to NetBSD.
[…]
The system is intended to remain fully NetBSD-native. Isolation and policy enforcement are integrated into the kernel’s security framework rather than implemented in a separate runtime layer.

It does not aim to become a container platform. It does not aim to provide virtualization.
↫ Matthias Petermann

It has all the usual features you have come to expect from jails, like resource quota, security profiles, logging, and so on. Processes inside jails have no clue they’re in a jail, and using supervisor mode, jails are descendent from a single process and remain visible in the host process table. Of course, there’s many more features listed in the linked article.

It’s in development and not a default part of NetBSD at this time. The project, led by Matthias Petermann, is developed out of tree, with an unofficial NetBSD 10.1 ISO with the jails feature included available as well.

Dental Formulas [xkcd.com]

21:21

Intercepting messages inside IsDialogMessage, fine-tuning the message filter [The Old New Thing]

Last time, we used a MSGF_DIALOGBOX message filter to hook into the IsDialogMessage so that we had the option to grab the ESC before it gets turned into an IDCANCEL. There are some problems with our initial foray.

One is the problem of recursive dialogs. If the first dialog shows another copy of itself (for example, a certificate dialog showing a dialog for its parent certificate), then the thread-local variable gets overwritten, and the first dialog’s information is lost.

We could solve that by having each dialog remember the original value and restore it when the dialog dismisses. Alternatively, we could maintain an explicit stack of dialogs, pushing when a new dialog is created and popping when it is destroyed.

However, this fails to handle the case where the dialog is modeless. In that case, the two dialogs could be running concurrently rather than recursively. Instead of a stack, we really need a per-thread set of active dialogs.

Another thing to worry about is that if this code is put into a static library, and two components in the same thread both use that static library, then you have to be careful that the two copies of the library don’t conflict with each other.

I came up with this initial idea:

#define DIALOG_WANTS_ESC_PROP TEXT("DialogWantsEsc")

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUint(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage &&
                !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                             msg->wParam, lParam) &
                         (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))) {
                return SendMessage(hdlg, customMessage, 0, lParam);
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

The idea here is that instead of having to manage a table of per-thread registrations, we just let dialogs self-register by setting the DIALOG_WANTS_ESC_PROP property to the message number they want to receive when the user presses ESC.

If there are two copies of this hook installed, then the DialogEscHookProc is called twice. The first one sends the custom message and gets the dialog’s response, and returns it; it never passes the message down the hook chain. Therefore, the second and subsequent hooks never get to run, so we don’t have a problem of the custom message getting sent multiple times for the same call to IsDialogMessage.

This design has the advantage that multiple DLLs using this pattern can coexist because the first hook (whichever it is) does all the work for everybody.

An alternate, more complex, design would pass the call down the chain if the dialog box declined to handle the ESC key, in case some other hook wanted to do something special. The catch is that if there are multiple copies of this hook installed, each one will send the custom message to the dialog, which would be bad if the handler for the custom message had side effects like showing a confirmation dialog.

So we can add the rule that the custom message must be safe to call multiple times if it returns FALSE. This means that if it wants to display a confirmation dialog, it should always return TRUE even if the user cancels.

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUInt(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage &&
                !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                             msg->wParam, msg) &
                         (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE)) &&
                 SendMessage(hdlg, customMessage, 0, lParam)) {
                 return TRUE;                                  
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

Or we can have the first hook leave a note for the other hooks that the message has already been handled and that they shouldn’t try to handle it again.

#define DIALOG_WANTS_ESC_PROP TEXT("DialogWantsEsc")
#define CURRENT_MESSAGE_PROP TEXT("DialogWantsEscCurrentMessage")

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUInt(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage) {
                auto previous = GetProp(hdlg, CURRENT_MESSAGE_PROP);
                if (previous != msg &&                              
                    !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                                 msg->wParam, msg) &
                             (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))) {
                    return SendMessage(hdlg, customMessage, 0, lParam);
                }
                SetProp(hdlg, CURRENT_MESSAGE_PROP, msg);                     
                auto result = CallNextHookEx(nullptr, nCode, wParam, lParam); 
                SetProp(hdlg, CURRENT_MESSAGE_PROP, previous);                
                return result;                                                
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

The first hook will send the message to the dialog. and if the dialog declines to handle it, it passes the messages to the other hooks, but setes the “current message” property to the message that was already handled, so that other hooks won’t try to handle it again.

The last part of the puzzle is installing the hook. Since we are assuming that we cannot alter the dialog loop, the hook has to be installed by the dialog itself.

Let’s assume that this dialog box already allocates other dialog state, so we can add the hook handle to the state structure.

struct DIALOGSTATE
{
    wil::unique_hhook escapeHook;
    ⟦ other stuff ⟧
};

// each dialog can choose its own custom message
#define DM_ESCPRESSED (WM_USER+1000)

INT_PTR CALLBACK DialogProc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) {
    case WM_INITDIALOG:
        {
            DIALOGSTATE* state = new(std:nothrow) DIALOGSTATE();
            if (!state) { EndDialog(hdlg, -1); return FALSE; }
            SetWindowLongPtr(hdlg, DWLP_USER, (LONG_PTR)state);
            state->escapeHook.reset(SetWindowsHookEx(WM_MSGFILTER,     
                             DialogEscHookProc,                        
                             nullptr, GetCurrentThreadId()));          
            SetProp(hdlg, DIALOG_WANTS_ESC_PROP,                       
                    IntToPtr(DM_ESCPRESSED));                          
            ⟦ other dialog initialization as before ⟧
            ⟦ ending with "return (whatever)" ⟧
        }

    case DM_ESCPRESSED:
        if (⟦ we want to process the ESC key ourselves ⟧) {
            ⟦ do custom ESC key processing ⟧
            SetWindowLongPtr(hdlg, DWLP_MSGRESULT, TRUE);
            return TRUE;
        }
        break;

    case WM_DESTROY:
        {
            auto state = (DLGSTATE*)GetWindowLongPtr(hdlg, DWLP_USER);
            delete state;
        }
        break;

    ⟦ handle other messages ⟧
    }
    return FALSE;
}

The dialog installs the hook when it is created and removes it when it is destroyed. The hook has become an implementation detail of the dialog.

Now, I don’t recommend doing all this. Better is to just treat with the ESC like any other press of the (possibly imaginary) Cancel button. One of the few scenarios I can think of where this could be useful is if you want to display an extra confimation for the Close button (since its meaning is potentially ambiguous). This is still nonstandard, but at least it’s not too nonstandard. And for that, you can just intercept WM_CLOSE instead of trying to intercept the ESC. Intercepting the ESC was really just an excuse to show off message filters, which tend to be unappreciated.

The post Intercepting messages inside <CODE>IsDialogMessage</CODE>, fine-tuning the message filter appeared first on The Old New Thing.

20:00

10,000x [Penny Arcade]

I had sent Murgh an image on his phone, which... I mean, I guess I can just show it to you. It's gonna make a lot of sense when you see the strip:

19:49

The Best Bang for Your Buck Events in Seattle This Weekend: Feb 27–Mar 1, 2026 [The Stranger]

Shunpike Storefronts & Artist Residencies, Travessias Brazilian Film Festival, and More Cheap & Easy Events Under $20

by EverOut Staff

The weekend starts now. There's no time to waste, so dive in with our cheap and easy guide, pointing you to events from the Shunpike Storefronts & Artist Residencies Grand Opening to the Official Seattle Sounders FC Watch Party with Sammy the Orca and from the Travessias Brazilian Film Festival to the 50th Annual Kalevala Lecture. For more, check out our top picks of the week.

FRIDAY PERFORMANCE

So You Do Drag?! Kremwerk's Premiere Drag/Burlesque Competition
Oh, you do drag? Don’t be shy! Prove it at Kremwerk’s So You Do Drag?! It’s a new one-off competition dedicated to spotlighting the next generation of Seattle drag and burlesque performers. And not just by putting them on stage, but by giving Seattle’s rising stars a chance to prove “WHO they are and WHY they deserve stardom” in front of established icons like Clara Voyance and Pupusa. For this inaugural event, contestants Kimme Kash, Lizzie McHigher, and Nadia Nuff will strut, lip sync, and seduce their way through performances designed to show audiences exactly what they’ve got tucked deep down inside. Don’t overthink showing up, it’s gonna be a great time. LANGSTON THOMAS
(Cherry Nightclub, Downtown, $15)

19:21

Sampling Some Smackin’ Sunflower Seeds [Whatever]

I used to eat sunflower seeds when I played softball as a kid, and I can’t say I’ve ever eaten them since. For some reason, I was getting advertisements for Smackin’ Sunflower Seeds on Instagram. In that moment, I thought, you know what, sunflower seeds sound kind of good to snack on right now.

I would say in my life I’ve only had regular sunflower seeds, ranch, and BBQ flavored, so when I saw Smackin’s array of flavors, I was certainly intrigued. I am someone who believes variety is the spice of life, so of course I couldn’t choose just one flavor. I went ahead and bought a variety pack that included all their flavors (except the OG Original), and my dad and I gave them all a try.

I let my dad pick the first flavor we tried, and he chose “lemon pepper.” These definitely had a strong flavor, as advertised, and the taste actually reminded me a lot of a steakhouse. The peppery-ness wasn’t overwhelming, and my dad and I gave these ones a 6.5/10.

Up next, we went for a classic: Ranch. The ranch flavor reminded me a lot of a Hidden Valley Ranch seasoning packet, like the kind you mix into dips or salad dressings. Surprisingly, the ranch flavor was very subtle, which is certainly something that ranch never is. You get a Cool Ranch Dorito and that shit is RANCHED UP. In the case of these seeds, I could’ve used more ranch flavor. They were kind of weak, but the flavor that was present was good. These were a 6/10 from both of us.

We switched to a sweet flavor, their Cinnamon Churro. This flavor was actually really nice, it wasn’t just straight cinnamon, it had that nice churro-vanilla sort of flavor. I will say that the flavor wasn’t very long lasting, though. Like it wore off very quickly. The taste, while it lasted, was very nice and not too sweet, with just a little bit of saltiness to have a nice sweet-and-salty factor. This was a 7.5/10 from my dad and a 7/10 from me.

My dad wanted to get the Cheddar Jalapeno out of the way, since he feared it would be really hot and we’re not exactly known for loving spicy stuff. I’m happy to report that while these ones do have a real kick with a heat that lingers just a touch, it has a really nice actual jalapeno flavor and isn’t just hot to be hot. While there’s not so much of the cheddar flavor present, if you’re someone who likes a little bite in their snack, this one would be a great pick for you. I wouldn’t eat a whole bag, but they were pretty tasty. These were a 7/10 from both of us.

Onto Dill Pickle, which was one I was very excited for. Lemme just say, these bad boys were picklelicious. These had a super solid, bold pickle flavor that was very enjoyable and not too acidic, just had that nice dilly briny taste. These ended up being in my top two favorites overall, and we both gave them an 8.5/10.

Over to the Cracked Pepper, I was curious how this would compare to the Lemon Pepper. If you are someone who puts so much pepper on their steak or eggs that people around you are sneezing to high heaven, then this is the flavor for you. These were so peppery, like pretty overwhelmingly so. I honestly didn’t care for them, and gave them a 4/10, but my dad gave them a 6/10.

Next up was the Backyard BBQ. I do love barbecue chips, so I was looking forward to see how these compared flavor-wise. The BBQ was super bold! Just one seed was absolutely packed with BBQ flavor, and it was very tasty! More long-lasting flavor and very strong, these were super good and ended up being another favorite. My dad gave them an 8/10 and I gave them an 8.5/10.

Back to the sweet ones, we tried the Maple Brown Sugar. Like the Cinnamon Churro, they were really nice but not long-lived. They’re a bit subtle, like not a huge amount of maple flavor or anything, but still pretty good. My dad gave them a 7/10 and I went with a 6.5/10. The rating would be a lot higher if the flavor lasted longer or was stronger.

Starting to wrap up our sunflower adventure, Sour Cream and Onion was next. These tasted so classic and recognizable, like if you enjoy sour cream and onion chips, these are for you because they taste absolutely spot on. They honestly reminded me a lot of Philadelphia Cream Cheese Chive and Onion flavor. These were a 7.5/10 from both of us.

The final flavor before trying the mystery flavor was Garlic Parmesan. These were super garlicky, but didn’t offer up a whole lot of parmesan flavor. The garlic really stole the spotlight here, but it was still a tasty flavor, earning it a 7/10 from both of us.

Finally, the mystery flavor! I truly had no idea what to expect. Do you know how DumDums make their mystery flavors? Well, I can only assume that Smackin’ does the same thing, because the mystery flavor tasted exactly like the Cheddar Jalapeno and Ranch mixed together. It was like the Cheddar Jalapeno but less hot, and somehow even better! The mystery flavor earned an 8/10 from both of us.

Well, there you have it! Eleven flavors of sunflower seeds. The only one I didn’t get to try that I would’ve loved to is Cheeseburger! Honestly, these were pretty solid sunflower seeds. It felt kind of nostalgic to eat them, even if they are kind of tedious to get through. I felt like one of those dogs that has a “slow down” bowl because you can’t just plow through them like chips or crackers.

Anyways, if you’re interested in trying some for yourself, I have a 10% off code for you! Yippee!

Which flavor sounds the best to you? Do you eat sunflower seeds often? Let me know in the comments, and have a great day!

-AMS

18:14

Slog AM: More Seattle Budget Woes, Drunk of the Week Is House Majority Leader, White House Staffer is Johnny MAGA [The Stranger]

by Nathalie Graham

Another Bad Budget: The forecast for the city of Seattle's budget is grim. The analysts have looked into their cursed crystal ball and given Seattle its fortune (or, lack thereof): We'll be dealing with a $140 million deficit this year. Damn, those soothsaying nerds! In response, Mayor Katie Wilson asked city departments to prepare for the worst and issue plans for shaving off between 5 and 10 percent of their budgets. That's not a guarantee anything will happen—Bruce Harrell did the same thing last year before he pulled enough money out of a hat (read: the JumpStart Seattle tax's coffers) to balance the budget.

All of this was expected. For the last couple of years, the city's budget has been similarly cratered. A pandemic and a fascist president will do that to a liberal city. And, Harrell didn't do anything to find new revenue, he just pickpocketed the JumpStart tax to solve the problem in front of him. It will be very interesting to see if Wilson, who helped create the JumpStart tax to primarily fund the creation of affordable housing, will do what every other mayor has done and raid JumpStart to keep the city afloat.

Speaking of Forecasts: It'll be borderline pleasant in Seattle today. There will be sun. It will still be chilly, though. Don't plan a beach day just yet.

Spritzgibbon: House Majority Leader Rep. Joe Fitzgibbon apparently tied one on before Wednesday evening’s House Appropriations Committee meeting where legislators were passing the supplemental operating budget. Fitzgibbon's speech was “slurred and halting” and an unnamed Republican said Fitzgibbon appeared to be sleeping during parts of the night-time meeting. Fitzgibbon has apologized for having a little tipple before his important job. "Being impaired in that situation was harmful to my work and to my co-workers," he said in an apology.

Gig Harbor Stabbing: On Tuesday, a 32-year-old man stabbed and killed his mother and three of her neighbors outside her suburban home near Gig Harbor. According to KING 5, he lived in his younger sister's garage and suffered from bipolar disorder. His sister said he stopped taking his medication three days before the attack. His mother filed a protection order against her son in 2020 that lasted through 2022. In 2025, she petitioned for another one, which a court granted, but failed to serve him with the order. Therefore, it was not enforceable. The police didn't respond quickly because the order wasn't in effect.

Hey, Cut That Out: Someone shot a harbor seal in the face in Quilcene Bay near Hood Canal. Apparently, this is the second harbor seal that's been shot in the face in a matter of months. The law enforcement arm of the National Oceanic and Atmospheric Administration is investigating. Yeah, I am also surprised to hear there's a cop division in NOAA.

Good News: Capitol Hill's Seven Hills Park has been freed from prison. The Bruce Harrell administration locked up the park—and three other small parks across the city—six months ago to stop homeless people from camping there.

A Touch of TB: Someone at Rainier Beach High School was diagnosed with tuberculosis. According to Public Health, around 130 people in connection with RBHS may have been exposed to the airborne disease and will need to be tested. While this is serious, TB takes "repeated and prolonged exposure" to really spread. Tuberculosis remains the leading infectious cause of death around the world. But in wealthy countries, the risk and prevalence is low. Except, TB has been making a resurgence in the US.

War: Pakistan and Afghanistan are at war. Pakistan has bombed Afghanistan’s capital Kabul, and both countries claim to have inflicted substantial losses on the other.

I Did Not Have Sex-Offender Relations With That Man: In a closed-door deposition with members of Congress in Chappaqua, New York, former President Bill Clinton is testifying in the House’s Epstein investigation. A former sitting president has never been compelled to testify to Congress before. Hillary Clinton sat with lawmakers for her deposition yesterday.

I’m Just Chillin’ in Chappaqua: Hillary spent more than six hours with the House Oversight Committee. In a short press conference afterward, she told reporters she wished the proceedings had been public and that her attorneys have asked for transcripts and video to be available as soon as possible.

But Where Will We Watch It? Probably not on any of Warner Bros. Discovery’s subsidiaries. Netflix walked away from a deal to buy the company after David Ellison’s Paramount launched a hostile takeover. The deal may, in the words of WBD’s CEO David Zaslav, create “tremendous value for shareholders,” but it’s also putting a tremendous media empire in Ellison’s flag-waving, Trump-loving hands. It’s an antitrust nightmare, Democrats say.

Big Brother Burger: Burger King is testing new Open AI-powered headsets to assist employees and track if they’re saying “please” and “thank you.” Data on restaurant operations is shared with “Patty,” an AI that will speak to employees through their headsets. Patty can tell them if a drink machine is low on Diet Coke, or when a customer reports a bathroom disaster. Employees can ask Patty for instructions or ask it to remove out-of-stock items from the store’s digital menus. It sounds like torture.

Trump Staffer Runs X Account Johnny MAGA: By day, Garrett Wade is a rapid response manager for the Trump administration. Also by day, he runs a massive X account devoted to kissing his bosses’ feet. Wade tweets as Johnny MAGA and helps run the White House account that boosts Johnny MAGAs tweets. And when he tweets as Johnny MAGA, he tweets things like how great the administration is. OR how it was obvious Trump didn’t watch the entire video showing the Obamas as apes. If Trump had, he would’ve posted the entire thing. “It was a masterpiece,” wrote Johnny MAGA.

17:42

When I write a comment on someone else's blog I want it to automatically be on my blog. It should just appear to be on theirs, the original and only copy of the writing appears on mine. A truly distributed system.

Me as a comp sci grad student [Scripting News]

I bet Jeopardy champions would make great software developers. Their intelligence, ability to stay calm and their incredible memory, all are needed to squeeze the last bits of performance from software.

It's nice having Facebook around to show you your old posts. This one just came up and I thought it would be good to remind you all that I was once a young nerd creating Unix apps at UW-Madison.

Me as a grad student, doing more or less the same I do as an old coot.

17:07

[$] The troubles with Boolean inversion in Python [LWN.net]

The Python bitwise-inversion (or complement) operator, "~", behaves pretty much as expected when it is applied to integers—it toggles every bit, from one to zero and vice versa. It might be expected that applying the operator to a non-integer, a bool for example, would raise a TypeError, but, because the bool type is really an int in disguise, the complement operator is allowed, at least for now. For nearly 15 years (and perhaps longer), there have been discussions about the oddity of that behavior and whether it should be changed. Eventually, that resulted in the "feature" being deprecated, producing a warning, with removal slated for Python 3.16 (due October 2027). That has led to some reconsideration and the deprecation may itself be deprecated.

16:14

Maybe it's time to give awards for most our admired standards-makers. I would start with Jon Postel and Steve Wozniak.

15:28

Two new stable kernels, possible regression [LWN.net]

One of the items in Rules for Standards-makers is don't design the format before you make the app. Instead, make an app, and when you're ready, make the file format public so people can interop (ie compete) so as not to lock users to in your software. If you do that you can say you are "of the web." If we all do that always, voila! -- no more silos. Another rule is that you must use an existing format if it exists, because then you will interop with apps that support that format. Gratuitous incompatibility is a sign of a silo-seeker. So, look first, if there are no usable formats, make your app and make your format public.

14:49

Greg Kroah-Hartman has announced the 6.19.4 and 6.18.14 stable kernels. Shortly after 6.19.4 was released Kris Karas reported "getting a repeatable Oops right when networking is initialized, likely when nft is loading its ruleset"; the problem did not appear to be present in 6.18.14. Users of nftables may wish to hold off on upgrades to 6.19.4 for now. We will provide updates as they are available.

Update: Kroah-Hartman has released the 6.19.5 and 6.18.15 kernels with a fix for the regression in 6.19.4 and 6.18.14. All users of netfilter are advised to upgrade to those versions.

14:21

Dirk Eddelbuettel: x13binary 1.1.61.2 on CRAN: Micro Maintenance [Planet Debian]

The x13binary team is happy to share the availability of Release 1.1.61.2 of the x13binary package providing the X-13ARIMA-SEATS program by the US Census Bureau which arrived on CRAN earlier today, and has already been built for r2u.

This release responds to a CRAN request to display the compiler version when building. x13binary, just like three other packages there, creates and ships a local binary it interfaces with. So our build was a little outside of R CMD INSTALL ... but now signals build versions like R does. We also modernized and simplified our continuous intgegration script based on r-ci.

Courtesy of my CRANberries, there is also a diffstat report for this release showing changes to the previous release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

14:07

Security updates for Friday [LWN.net]

Security updates have been issued by AlmaLinux (389-ds-base, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana-pcp, kernel, libpng15, munge, nodejs:20, nodejs:22, podman, protobuf, python-pyasn1, runc, and skopeo), Debian (chromium, nss, and python-django), Fedora (firefox, freerdp, gh, libmaxminddb, nss, python3.15, and udisks2), Oracle (buildah, firefox, freerdp, kernel, libpng, podman, python-pyasn1, skopeo, and valkey), Red Hat (container-tools:rhel8), SUSE (autogen, chromium, cockpit, cockpit-machines-348, cockpit-packages, cockpit-repos, cockpit-subscriptions, crun, docker, docker-compose, docker-stable, erlang, freerdp, frr, glib2, gpg2, kernel, kernel-firmware, libsodium, libsoup, libsoup2, openvswitch, python, python-pyasn1, python-urllib3, python-urllib3_1, python3, qemu, redis7, regclient, and ucode-intel), and Ubuntu (linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx, python-authlib, and ruby-rack).

12:49

Error'd: Perverse Perseveration [The Daily WTF]

Pike pike pike pike Pike pike pike.

Lincoln KC repeated "I never knew Bank of America Bank of America Bank of America was among the major partners of Bank of America."

"Extra tokens, or just a stutter?" asks Joel "An errant alt-tab caused a needless google search, but thankfully Gemini's AI summary got straight-to-the-point(less) info. It is nice to see the world's supply of Oxford commas all in once place. "

Alessandro M. isn't the first one to call us out on our WTFs. "It’s adorable how the site proudly supports GitHub OAuth right up until the moment you actually try to use it. It’s like a door with a ‘Welcome’ sign that opens onto a brick wall." Meep meep.

Float follies found Daniel W. doubly-precise. "Had to go check on something in M365 Admin Center, and when I was on the OneDrive tab, I noticed Microsoft was calculating back past the bit. We're in quantum space at this point."

Weinliebhaber Michael R. sagt "Our German linguists here will spot the WTF immediately where my local wine shop has not. Weiẞer != WEIBER. Those words mean really different things." Is that 20 euro per kilo, or per the piece?

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Spinnerette - Issue 45 - 02 [Spinnerette]

New comic!
Today's News:

12:35

Why Tehran’s Two-Tiered Internet Is So Dangerous [Schneier on Security]

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of internet censorship. This was not merely blocking social media or foreign websites; it was a total communications shutdown.

Unlike previous Iranian internet shutdowns where Iran’s domestic intranet—the National Information Network (NIN)—remained functional to keep the banking and administrative sectors running, the 2026 blackout disrupted local infrastructure as well. Mobile networks, text messaging services, and landlines were disabled—even Starlink was blocked. And when a few domestic services became available, the state surgically removed social features, such as comment sections on news sites and chat boxes in online marketplaces. The objective seems clear. The Iranian government aimed to atomize the population, preventing not just the flow of information out of the country but the coordination of any activity within it.

This escalation marks a strategic shift from the shutdown observed during the “12-Day War” with Israel in mid-2025. Then, the government primarily blocked particular types of traffic while leaving the underlying internet remaining available. The regime’s actions this year entailed a more brute-force approach to internet censorship, where both the physical and logical layers of connectivity were dismantled.

The ability to disconnect a population is a feature of modern authoritarian network design. When a government treats connectivity as a faucet it can turn off at will, it asserts that the right to speak, assemble, and access information is revocable. The human right to the internet is not just about bandwidth; it is about the right to exist within the modern public square. Iran’s actions deny its citizens this existence, reducing them to subjects who can be silenced—and authoritarian governments elsewhere are taking note.

The current blackout is not an isolated panic reaction but a stress test for a long-term strategy, say advocacy groups—a two-tiered or “class-based” internet known as Internet-e-Tabaqati. Iran’s Supreme Council of Cyberspace, the country’s highest internet policy body, has been laying the legal and technical groundwork for this since 2009.

In July 2025, the council passed a regulation formally institutionalizing a two-tiered hierarchy. Under this system, access to the global internet is no longer a default for citizens, but instead a privilege granted based on loyalty and professional necessity. The implementation includes such things as “white SIM cards“: special mobile lines issued to government officials, security forces, and approved journalists that bypass the state’s filtering apparatus entirely.

While ordinary Iranians are forced to navigate a maze of unstable VPNs and blocked ports, holders of white SIMs enjoy unrestricted access to Instagram, Telegram, and WhatsApp. This tiered access is further enforced through whitelisting at the data center level, creating a digital apartheid where connectivity is a reward for compliance. The regime’s goal is to make the cost of a general shutdown manageable by ensuring that the state and its loyalists remain connected while plunging the public into darkness. (In the latest shutdown, for instance, white SIM holders regained connectivity earlier than the general population.)

The technical architecture of Iran’s shutdown reveals its primary purpose: social control through isolation. Over the years, the regime has learned that simple censorship—blocking specific URLs—is insufficient against a tech-savvy population armed with circumvention tools. The answer instead has been to build a “sovereign” network structure that allows for granular control.

By disabling local communication channels, the state prevents the “swarm” dynamics of modern unrest, where small protests coalesce into large movements through real-time coordination. In this way, the shutdown breaks the psychological momentum of the protests. The blocking of chat functions in nonpolitical apps (like ridesharing or shopping platforms) illustrates the regime’s paranoia: Any channel that allows two people to exchange text is seen as a threat.

The United Nations and various international bodies have increasingly recognized internet access as an enabler of other fundamental human rights. In the context of Iran, the internet is the only independent witness to history. By severing it, the regime creates a zone of impunity where atrocities can be committed without immediate consequence.

Iran’s digital repression model is distinct from, and in some ways more dangerous than, China’s “Great Firewall.” China built its digital ecosystem from the ground up with sovereignty in mind, creating domestic alternatives like WeChat and Weibo that it fully controls. Iran, by contrast, is building its controls on top of the standard global internet infrastructure.

Unlike China’s censorship regime, Iran’s overlay model is highly exportable. It demonstrates to other authoritarian regimes that they can still achieve high levels of control by retrofitting their existing networks. We are already seeing signs of “authoritarian learning,” where techniques tested in Tehran are being studied by regimes in unstable democracies and dictatorships alike. The most recent shutdown in Afghanistan, for example, was more sophisticated than previous ones. If Iran succeeds in normalizing tiered access to the internet, we can expect to see similar white SIM policies and tiered access models proliferate globally.

The international community must move beyond condemnation and treat connectivity as a humanitarian imperative. A coalition of civil society organizations has already launched a campaign calling for “direct-to-cell” (D2C) satellite connectivity. Unlike traditional satellite internet, which requires conspicuous and expensive dishes such as Starlink terminals, D2C technology connects directly to standard smartphones and is much more resilient to infrastructure shutdowns. The technology works; all it requires is implementation.

This is a technological measure, but it has a strong policy component as well. Regulators should require satellite providers to include humanitarian access protocols in their licensing, ensuring that services can be activated for civilians in designated crisis zones. Governments, particularly the United States, should ensure that technology sanctions do not inadvertently block the hardware and software needed to circumvent censorship. General licenses should be expanded to cover satellite connectivity explicitly. And funding should be directed toward technologies that are harder to whitelist or block, such as mesh networks and D2C solutions that bypass the choke points of state-controlled ISPs.

Deliberate internet shutdowns are commonplace throughout the world. The 2026 shutdown in Iran is a glimpse into a fractured internet. If we are to end countries’ ability to limit access to the rest of the world for their populations, we need to build resolute architectures. They don’t solve the problem, but they do give people in repressive countries a fighting chance.

This essay originally appeared in Foreign Policy.

Phishing Attacks Against People Seeking Programming Jobs [Schneier on Security]

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system.

News article.

10:21

Justice and luck [Seth's Blog]

Orson Welles may have said, “Nobody gets justice. People only get good luck or bad luck.”

I think it’s more productive to imagine that “Justice is how society deals with luck.”

Good and bad.

Irregular Webcomic! #3049 [Irregular Webcomic!]

Irregular Webcomic! #3049

09:28

10,000x [Penny Arcade]

New Comic: 10,000x

08:14

The Campaign: Running, p09 [Ctrl+Alt+Del Comic]

The post The Campaign: Running, p09 appeared first on Ctrl+Alt+Del Comic.

07:21

Victory! Tenth Circuit Finds Fourth Amendment Doesn’t Support Broad Search of Protesters’ Devices and Digital Data [Deeplinks]

In a big win for protesters’ rights, the U.S. Court of Appeals for the Tenth Circuit overturned a lower court’s dismissal of a challenge to sweeping warrants to search a protester’s devices and digital data and a nonprofit’s social media data.

The case, Armendariz v. City of Colorado Springs, arose after a housing protest in 2021, during which Colorado Springs police arrested protesters for obstructing a roadway. After the demonstration, police also obtained warrants to seize and search through the devices and data of Jacqueline Armendariz Unzueta, who they claimed threw a bike at them during the protest. The warrants included a search through all of her photos, videos, emails, text messages, and location data over a two-month period, as well as a time-unlimited search for 26 keywords, including words as broad as “bike,” “assault,” “celebration,” and “right,” that allowed police to comb through years of Armendariz’s private and sensitive data—all supposedly to look for evidence related to the alleged simple assault. Police further obtained a warrant to search the Facebook page of the Chinook Center, the organization that spearheaded the protest, despite the Chinook Center never having been accused of a crime.

The district court dismissed the civil rights lawsuit brought by Armendariz and the Chinook Center, holding that the searches were justified and that, in any case, the officers were entitled to qualified immunity. The plaintiffs, represented by the ACLU of Colorado, appealed. EFF—joined by the Center for Democracy and Technology, the Electronic Privacy Information Center, and the Knight First Amendment Institute at Columbia University—wrote an amicus brief in support of that appeal.

In a 2-1 opinion, the Tenth Circuit reversed the district court’s dismissal of the lawsuit’s Fourth Amendment search and seizure claims. The court painstakingly picked apart each of the three warrants and found them to be overbroad and lacking in particularity as to the scope and duration of the searches. The court further held that in furnishing such facially deficient warrants, the officers violated “clearly established” law and thus were not entitled to qualified immunity. Although the court did not explicitly address the First Amendment concerns raised by the lawsuit, it did note the backdrop against how these searches were carried out, including animus by Colorado Springs police leading up to the housing protest.

It is rare for appellate courts to call into question any search warrants. It’s even rarer for them to deny qualified immunity defenses. The Tenth Circuit’s decision should be celebrated as a big win for protesters and anyone concerned about police immunity for violating people’s constitutional rights. The case is now remanded back to the district court to proceed—and hopefully further vindicate the privacy rights we all have in our devices and digital data.

05:49

Girl Genius for Friday, February 27, 2026 [Girl Genius]

The Girl Genius comic for Friday, February 27, 2026 has been posted.

02:07

Incoming [QC RSS]

01:56

Quit Your Job, Ice [The Stranger]

Do you need to get something off your chest? by Anonymous

Dear ICE and CBP Agents,

Resign. Quit. Retire. Think about it. If you quit now, you can at least say you got out when the shit got crazy. If you continue to work for ICE or CBP, however, you will fuck yourself over in multiple ways.

You are probably not very bright, so I’ll try to make this simple: Nobody likes you.

Nobody.

At all.

Forever.

No real employers will want to hire you in the future if they see ICE or CBP on your resume. No one will be your friend. No one will fuck you. Your food will be spit on, or worse. If you have children, they will hate you. You will be subject to mockery, ridicule, and loathing forever. And you hopefully will get criminally prosecuted.

But if you resign now, there is a glimmer of hope. You can say that you got out when you realized that ICE and CBP are Nazis. You can say, “I’m one of the good ones who did what was right when my country depended on it.” Sure, it was significantly later than any rational, sane person would come to the same realization, but at least you got to the right place eventually.

If you resign, you will still be a douchebag, but you won’t be a fascist douchebag. And regular, non-fascist douchebags are incrementally better. They are far more likely to get a job and get paid. Or laid.

But if you stay? After the shootings? The beatings? The tear gas? The intimidation of protesters and observers? The detainment of 5-year-olds? The Nazi coats?

If you stay, you’re a Dick with a capital D for the rest of your sorry, lonely, pathetic life. So grow a pair of balls and resign already. Get a real job. Ice Out.

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! Send your unsigned rant, love letter, confession, or accusation to ianonymous@thestranger.com. Please remember to change the names of the innocent and the guilty.

00:21

(5229) [Flipside]

Thursday, 26 February

23:35

Genode OS Framework 26.02 released [OSnews]

The Genode OS Framework 26.02 has been released, and its tentpole improvement is the completion of moving configuration from XML to the new human-inclined data syntax, as we talked about a few months ago. The project has been working on this for years, and now that the tooling, documentation, and so on have been added this release cycle, they’re ready to make the switch. On top of that, they also made the move from GitHub to Codeberg, but that’s certainly not all.

The technical topics of the release revolve around the progressive update of our Linux device-driver environment (DDE-Linux) to kernel version 6.18, usability improvements of the Goa SDK, input-event processing, and code rigidity.

Feature-wise, version 26.02 further cultivates the genode-world repository as designated place for ported 3rd-party software, adding the port of Git as stepping stone on our way towards self-hosted development on Sculpt OS.
↫ Genode OS Framework 26.02 release notes

Be sure to read the entire release notes for much more detailed information, as well as a ton of things not mentioned yet.

22:49

Ticket Alert: ZooTunes, Queens Of The Stone Age, and More Seattle Events Going On Sale This Week [The Stranger]

Plus, Ali Wong and More Event Updates for February 26

by EverOut Staff

Start making summer plans: The 2026 BECU ZooTunes concert series will bring acts including Courtney Barnett, Suki Waterhouse, and Pavement to Woodland Park Zoo’s meadow. Seattle-formed alt-rock band Queens Of The Stone Age return to their old stomping grounds on the Catacombs Tour. Plus, Emmy Award-winning actress and comedian Ali Wong brings her brash humor to McCaw Hall. Read on for details on those and other newly announced events, plus some news you can use.

ON SALE FRIDAY, FEBRUARY 27

MUSIC

A.J. Croce Presents Croce Plays Croce
Moore Theatre (Wed Sept 30)

BECU ZooTunes
Woodland Park Zoo (June 4–Aug 20)

Blitzen Trapper - Two Nights
Tractor Tavern (June 5–6)

22:00

“Linuxulator on FreeBSD feels like magic” [OSnews]

You may not be aware that FreeBSD has a pretty robust set of tools to run Linux binaries, unmodified.

The result? A fast, smooth, fully-featured remote development experience on FreeBSD running Linux binaries transparently via the Linuxulator.

It genuinely feels like magic.

More importantly, it’s a testament to how stable the Linux ABI itself is and how well FreeBSD’s Linuxulator implements it. This setup completely changed how I work with FreeBSD, and it finally removed one of the biggest friction points in my workflow.
↫ Hayzam Sherif

FreeBSD’s Linux compatibility does kind of feel like magic. There’s people running Steam and Steam games on FreeBSD using these very same technologies, and while it’s far from perfect, it works for quite a few games without any issues. It’d be great is Steam ever made it to FreeBSD natively, but sine that’s probably not going to happen any time soon, it’s great to see that those of us using FreeBSD can still play at least some Steam games just fine.

US orders diplomats in the EU to fight data sovereignty initiatives [OSnews]

It seems the widespread efforts in Europe to drastically reduce its dependency on US technology companies is starting to worry some people.

President Donald Trump’s administration has ordered U.S. diplomats to lobby against attempts to regulate U.S. tech companies’ handling of foreigners’ data, saying in an internal diplomatic cable seen by Reuters that such efforts could interfere with artificial intelligence-related services.

Experts say the move signals the Trump administration is reverting to a more confrontational approach as some foreign countries seek limits around how Silicon Valley firms process and store their citizens’ personal information – initiatives often described as “data sovereignty” or “data localization.”
↫ Raphael Satter and Alexandra Alper at Reuters

It’s going to take time, but untangling the EU from the US – especially technologically and militarily – is worth the effort. I’ll gladly pay more taxes to make this happen.

21:21

The Big Idea: Bernie Jean Schiebeling [Whatever]

Like blue eyes, height, or left-handedness, how much of our temper and ill manners can we contribute to our genetics? Author Bernie Jean Schiebeling explores the breakage of inherited anger, and what it’s like to fall victim to the temperament our parents passed unto us in the Big Idea for their newest novel, House, Body, Bird.

BERNIE JEAN SCHIEBELING:

My great-grandfather was not a good man.

Without getting into too many details, he was angry and abusive, so much so that my great-grandmother was able to divorce him in the late 1920s without too much trouble. After the divorce, my great-grandfather left—possibly fled—and then committed a string of burglaries across Kentucky and Tennessee while working as a door-to-door salesman. Many years later, my father met one of his ex-colleagues, who said the man had been incredible at sales. Less so at stealing, since he kept getting caught. “And,” he said, pointing at my dad’s breakfast plate, “I can tell you that you take your scrambled eggs the same way. So much pepper.”

Dad never met my great-grandfather (even Grandpa hardly knew him, since he was just a toddler during the divorce). But they both liked peppery eggs, and so do I.

Other echoes persisted too. Anger sometimes exploded from my grandfather, though less than the previous generation. My dad is calmer than his father, and I am calmer than him. Still, rage sometimes rises in me with the inevitable force of a king tide. I hear the ocean rushing in my ears—

—And I breathe through the impulse. I don’t have to do this. I don’t have to continue this tradition that—I hope—none of us wanted.

Inheritance is never clean. We gather too much over the course of a life, too many objects imbued with too many memories, to ever pass on an uncomplicated story to our descendants. In most cases, this is a gift, the last we give to our loved ones. Sometimes, however, it is a weapon, sharp-edged and dangerous to hold, and we have to figure out how to carry it anyway, or how to put it down in a way that hurts no one else. This is the big idea of House, Body, Bird.

The idea was larger than I expected. I didn’t mean for this to be a novella; I thought it would be a short story too long to sell to most markets, like most of the work I have in my drafts folder. I was about 15,000 words deep by the time I realized I was writing a book.

In retrospect, I shouldn’t have been that surprised. Stories find their ideal length through their subject matter, and the more I thought about House, Body, Bird’s family and their home-slash-haunted-dollhouse-museum, the more I realized that the sheer amount of stuff in main character Birdie Goodbain’s inheritance—both dollhouses and the history behind those dollhouses—needed to show up on the page. I started including imagery wherever I could: descriptions of dolls, of difficult memories, of how haunted the body becomes from those memories. In the story’s earlier scenes, I wanted to crowd Birdie, make her tuck her elbows in as she navigated the rambling, watchful house.

Of course, this is only the first half of the difficult-inheritance-problem, the “Someone has willed me a weapon” half. I still had to find a good way to explore the second half of “Thanks, I hate it.” Birdie couldn’t stay scared. Thankfully, I had a solution; I just needed to reorganize some clutter.

When I first started writing the would-be short story, I had alternated between two point-of-views for Birdie, third-person limited and first-person. This created emotional whiplash as Birdie went from a meek third-person POV ruminating on the house’s creepiness to a furious first-person POV bashing through the walls with a meat tenderizer. By grouping all the third-person scenes together and following them with the first-person ones, Birdie had much cleaner character development. It’s relevant that the switch in perspective happens once Birdie commits to escaping and seizing her freedom. In that moment, she moves from third-person, where an unseen narrator observes and objectifies her (like a doll!), to first-person, where she narrates her experiences. While imagery had pushed up against the margins in the third-person section, Birdie’s opinions, observations, and memories pepper her own telling of the story. She gets space to breathe.

In keeping with the novella’s spirit of excess, Birdie’s sections are interspersed with ones from the haunted house’s point of view. Originally, this was useful because it allowed me to reference the previous Goodbain generations with a level of detail that wouldn’t have been possible for Birdie, but the house eventually became the story’s second emotional heart. Although I worried about overwriting throughout the drafting process, a maximalist approach to storytelling was what I needed for House, Body, Bird.

It’s funny—early on in the story, Birdie’s messed-up dad tells her, “We build, and build, and build.” The Goodbain family built and built and built their house as a way to create a family narrative worth passing on, as an attempt to build livelihoods and lives and love, and I did the same thing. I built and built and built the story to understand how Birdie’s family history loomed over her, and how she could create a new, more loving life in response to it.

House, Body, Bird: Amazon|Barnes & Noble|Books-A-Million

Author socials: Website|Instagram|Bluesky

19:42

Pillion, the Feel-Good Gay BDSM Christmas Movie for Spring [The Stranger]

Defying popular, negative perceptions of BDSM—especially gay BDSM—Colin’s submissive role transforms him into a more assertive person, free to pursue his desires on his own non-negotiable terms and proudly advertise his “aptitude for devotion.” by Julianne Bell

In Harry Lighton’s debut feature based on Adam Mars-Jones' 2020 novel Box Hill, the life of a sheltered twenty something named Colin (Harry Melling, Harry Potter) is forever changed the moment biker Ray (Alexander Skarsgård, The Northman, Infinity Pool) unzips his leather pants in a dark alley on Christmas Day, freeing a massive, pierced, dangling cock.

The two quickly enter into an all-consuming, 24/7 dominant/submissive relationship. Colin follows Ray’s rules, becomes his devoted pet. But when the relationship begins to unravel, the power dynamics are not to blame. Like any other relationship, it’s bad communication. Apart from all the kinky sex, Pillion is almost family friendly and it is easily one of my favorite queer films of the last several years.

It’s interesting to see Melling, best-known for playing Harry Potter’s greedy, idiotic cousin Dudley Dursley, as the sensitive object of Skarsgård’s cold affection. Though the characters share a similar background (doting parents, an upbringing in the southeast London suburbs), Melling is no longer the butt of an eight-movie-long fat joke but a character with agency, allowed to explore his sexuality and to be considered desirable. Unlike Dudley, Melling tugs heartstrings as the naïve Colin, who you can’t help but want to hug. His face is an open book; his puppy eyes widen in simultaneous fear and delight.

With Melling’s Colin as a guileless vehicle, BDSM is shown as sweet rather than debased. The sex scenes aren’t soft-focused, porny fantasies, but genuine and even endearingly awkward, like when Colin and Ray grapple in spandex to Tiffany’s version of “I Think We’re Alone Now.” (The scene was the first that Melling and Skarsgård shot together, so the awkwardness might be authentic.) In Pillion, tenderness is found in birthday orgies and beautifully shot late-night, windblown motorcycle rides showing freedom can be found in submission.

BDSM in Hollywood is often played for laughs and scares, or portrayed as exotic and perverse, as in the case of Fifty Shades of Grey. Lighton cited Secretary and The Duke of Burgundy as films he had in mind while making Pillion, but went for a more relatable route. “I always wanted Pillion to have enough of a foot in realism, that you weren’t, as a viewer, able to distance yourself from the character in the way I think that I personally do in those films, by dint of the tone,” he told Letterboxd.

Pillion doesn’t exploit gayness either, or make sexuality the friction in these men’s lives. Colin’s parents are enthusiastically supportive of his queerness, but just want to see their son treated right outside the bedroom. In that way, they’re a stand-in for viewers who might not know boot-blacking from anal beads, but can read the conventional love story between the lines of this unconventional relationship.

I’d bet a reasonably open-minded family could watch it together. Alexander Skarsgård could do it: He watched it with his dad Stellan Skarsgård (Girl with the Dragon Tattoo, Dune) at Telluride Film Festival. As Stellan succinctly put it, “I have no problem seeing him do BDSM, that’s not a problem. If he acts badly, I have big problems.”

18:56

Slog AM: Speedboat Gunfight, Murder Charge in Capitol Hill Shooting, Gatesgate [The Stranger]

The Stranger's morning news roundup. by Micah Yip

US Speedboat Boat Shot By Cuba: A shootout between a Florida-registered speedboat and a Cuban border patrol vessel left six people dead and four injured. The Cuban government accused the heavily-armed “Cuban residents of the United States” in the speedboat of trying to infiltrate the island for “terrorist purposes.” They were carrying guns, Molotov cocktails, bulletproof vests, and camouflage, the Cuban government said.

Gatesgate: At an internal Gates Foundation town hall Tuesday, Bill Gates apologized to staff for endangering the foundation with his yearslong connection to convicted sex offender Jeffrey Epstein. Gates acknowledged first meeting Epstein in 2011 to raise money for global health, three years after the financier was convicted for soliciting a minor for prostitution. Gates continued to see the financier until 2014. Gates also admitted to two affairs, which Epstein tried to use as leverage over him, he said. Gates never got his money for global health.

Will They, Won’t They: Normally, Super Bowl winners are invited to the White House. But Seahawks coach Mike Macdonald said the team hasn’t gotten an invite, though he expects one. The White House has indicated they will invite the Seahawks. But will the team accept? Macdonald wouldn’t commit, but a league source told the Seattle Times the team was initially inclined to accept. The Super Bowl was weeks ago.

Murder Charge in Capitol Hill Shooting: Daniel John Carlee, 41, was charged with murder for allegedly shooting 38-year-old Solomon Thompson in Friday night’s Capitol Hill shooting. King County prosecutors said Carlee instigated the fight. Before shooting Thompson, he told a witness, “I’m going to shoot him.”

Another Teen Shooting: Police arrested two teens with a handgun after a shooting in Mount Baker that put Franklin High School on lockdown. As a precaution, students at John Muir Elementary sheltered-in-place. Police are still looking for two more suspects.

Temu Sesame Street: A 27-year-old man in Ohio has been dubbed “Oscar the Grouch” after a sanitation worker found him hiding from police in a trash can. It was caught on tape. Now, I’m no fan of surveillance, but…this was entertaining.

Weather: Partly sunny with a high near 51 and a chance of on and off rain. Wind gusts will be as high as 25 miles per hour. Tonight will be mostly cloudy with a low around 42 and a 30 percent chance of rain.

What Are the House and Senate Doing with Our Money? The Seattle Times compiled key takeaways from the state Senate and House budget proposals, including how lawmakers are accounting for the not-yet-passed millionaires’ tax, how they’ll use Climate Commitment Act money, what’ll happen with House’s proposal to eliminate occupational, speech and physical therapy coverage and instead provide a limited, one-time rate boost for certain long-term care facilities, and more.

Jeff Galloway: Galloway, the 1972 U.S. Olympic runner who inspired amateurs and pros alike with his “run-walk-run” strategy, died yesterday from a hemorrhagic stroke. He was 80.

Nobody Likes Newsom: California Gov. Gavin Newsom is offending everybody. He’s on a book tour right now—another effort to cast off his reputation as a liberal elitist to position himself as the Democratic frontrunner in 2028. But he’s just pissing everyone off. Conservatives accused Newsom of suggesting that Black people weren’t smart while talking to the Black mayor of Atlanta, Andre Dickens. Liberals are mad about Newsom’s CNN interview, where he said Democrats should be “more culturally normal” and stop spending “a disproportionate amount of time on pronouns, identity.”

LA Superintendent Investigation: The FBI raided the home of Los Angeles Unified School District Superintendent Alberto Carvalho and the district’s headquarters. A source told the Associated Press that the warrants were served as part of an “ongoing investigation.” The district hasn’t provided further information, but said it is cooperating with the investigation.

Bummer: A state bill to lower the legal driving limit from 0.08 blood alcohol content to 0.05 blood alcohol content died in the House yesterday. The bill, sponsored by Sen. John Lovick, would’ve been a good idea, given that drunk driving kills people.

18:07

Intercepting messages inside IsDialogMessage, installing the message filter [The Old New Thing]

Last time, we saw that one way to intercept the ESC in the standard dialog message loop is to use your own dialog message loop. However, you might not be able to do this, say, because the dialog procedure uses EndDialog(), and the dialog exit code is not retrievable from a custom message loop.

The IsDialogMessage includes an extensibility point that lets you hook into the message processing. You can register a message filter hook and listen for MSGF_DIALOGBOX.

Before processing a message, the IsDialogMessage function does a CallMsgFilter with the message that it is about to process and the filter code MSGF_DIALOGBOX. If the filter result is nonzero (indicating that one of the hooks wanted to block default processing), then the IsDialogMessage returns without doing anything. This lets us grab the ESC from IsDialogMessage before it turns into an IDCANCEL.

Here’s our first attempt. (There will be more than one.)

HWND hdlgHook;
#define DM_ESCPRESSED (WM_USER + 100)

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (IsDialogESC(hdlgHook, msg)) {
            return SendMessage(hdlg, DM_ESCPRESSED, 0, lParam);
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

Our hook procedure first checks that it’s being called by IsDialogMessage. if so, and the message is a press of the ESC key destined for our dialog box (or a control on that dialog box), then send the dialog box a DM_ESCPRESSED message to ask it what it thinks. The dialog procedure can return TRUE to block default processing or FALSE to allow default processing to continue.

Here is the handler in the dialog procedure itself:

INT_PTR CALLBACK DialogProc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) {
    case WM_INITDIALOG:
        hdlgHook = hdlg;
        ⟦ other dialog initialization as before ⟧
        ⟦ ending with "return (whatever)" ⟧

    case DM_ESCPRESSED:
        if (⟦ we want to process the ESC key ourselves ⟧) {
            ⟦ do custom ESC key processing ⟧
            SetWindowLongPtr(hdlg, DWLP_MSGRESULT, TRUE);
            return TRUE;
        }
        break;
    ⟦ handle other messages ⟧
    }
    return FALSE;
}

When the dialog initializes, remember its handle as the dialog for which the DialogEscHookProc is operating.

When the dialog is informed that the ESC key was pressed, we decide whether we want to process the ESC key ourselves. If so, then we do that custom processing and set up to return TRUE from the window procedure. For dialog procedures, this is done by setting the message result to the desired window procedure result and then returning TRUE to block default dialog box message processing and instead return the value we set (which is TRUE) from the window procedure.

Finally, we install the message hook before we create the dialog box and remove it when the dialog box dismisses.

auto hook = SetWindowsHookEx(WM_MSGFILTER, DialogEscHookProc,
                             nullptr, GetCurrentThreadId());
auto result = DialogBox(hinst, MAKEINTRESOURCE(IDD_WHATEVER),
                        hwndOwner, DialogProc);
UnhookWindowsHookEx(hook);

This is the basic idea, but we see that there are a few problems.

One is that we are communicating the dialog box handle through a global variable. This means that we can’t have multiple threads using this hook at the same time. Fortunately, that can be fixed by changing the variable to be thread_local, although this does drag in the cost of thread-local variables.

But even if we do that, we have a problem if two copies of this dialog box are shown by the same thread. For example, one of the controls in the dialog might launch another copy of this dialog, but with different parameters. For example, a “View certificate” dialog might have a button called “View parent certificate”.

We’ll take up these issues (and others) next time.

The post Intercepting messages inside <CODE>IsDialogMessage</CODE>, installing the message filter appeared first on The Old New Thing.

17:42

If you want to heal the country, watch out for ways you add division, and stop. It's probably the biggest power any of us has.

17:00

Joachim Breitner: Vibe-coding a debugger for a DSL [Planet Debian]

Also: New Yorker interview of Conan O'Brien. I love that both O'Brien and Remnick agree that podcasting liberated them as artists. That was the point! When you think about decentralization, the most successful protocol we have is podcasting. By design it was hard for silos to usurp. Now think about how you would repeat that pattern with text. I've been working on that for almost three years, and it works now. We'll be testing it soon on my blog, and then everyone's. This should be the grand slam home run of my career. That's how it feels to me now. And O'Brien tells some great stories including one about his father, who noted that Conan had found a way to get paid for his insanity.

15:49

Earlier this week a colleague of mine, Emilio Jesús Gallego Arias, shared a demo of something he built as an experiment, and I felt the desire to share this and add a bit of reflection. (Not keen on watching a 5 min video? Read on below.)

What was that?

So what did you just see (or skipped watching)? You could see Emilio’s screen, running VSCode and editing a Lean file. He designed a small programming language that he embedded into Lean, including an evaluator. So far, so standard, but a few things stick out already:

Using Lean’s very extensible syntax this embedding is rather elegant and pretty.
Furthermore, he can run this DSL code right there, in the source code, using commands like #eval. This is a bit like the interpreter found in Haskell or Python, but without needing a separate process, or like using a Jupyter notebook, but without the stateful cell management.

This is already a nice demonstration of Lean’s abilities and strength, as we know them. But what blew my mind the first time was what happened next: He had a visual debugger that allowed him to debug his DSL program. It appeared on the right, in Lean’s “Info View”, where various Lean tools can hook into, show information and allow the user to interact.

But it did not stop there, and my mind was blown a second time: Emilio opened VSCode’s „Debugger“ pane on the left, and was able to properly use VSCode’s full-fledged debugger frontend for his own little embedded programming language! Complete with highlighting the executed line, with the ability to set breakpoints there, and showing the state of local variables in the debugger.

Having a good debugger is not to be taken for granted even for serious, practical programming languages. Having it for a small embedded language that you just built yourself? I wouldn’t have even considered that.

Did it take long?

If I were Emilio’s manager I would applaud the demo and then would have to ask how many weeks he spent on that. Coming up with the language, getting the syntax extension right, writing the evaluator and especially learning how the debugger integration into VSCode (using the DAP protocol) works, and then instrumenting his evaluator to speak that protocol – that is a sizeable project!

It turns out the answer isn’t measured in weeks: it took just one day of coding together with GPT-Codex 5.3. My mind was blown a third time.

Why does Lean make a difference?

I am sure this post is just one of many stories you have read in recent weeks about how new models like Claude Opus 4.6 and GPT-Codex 5.3 built impressive things in hours that would have taken days or more before. But have you seen something like this? Agentic coding is powerful, but limited by what the underlying platform exposes. I claim that Lean is a particularly well-suited platform to unleash the agents’ versatility.

Here we are using Lean as a programming language, not as a theorem prover (which brings other immediate benefits when using agents, e.g. the produced code can be verified rather than merely plausible, but that’s a story to be told elsewhere.)

But arguably because Lean is also a theorem prover, and because of the requirements that stem from that, its architecture is different from that of a conventional programming language implementation:

As a theorem prover, it needs extensible syntax to allow formalizing mathematics in an ergonomic way, but it can also be used for embedding syntax.
As a theorem prover, it needs the ability to run “tactics” written by the user, hence the ability to evaluate the code right there in the editor.
As a theorem prover, it needs to give access to information such as tactic state, and such introspection abilities unlock many other features – such as a debugger for an embedded language.
As a theorem prover, it has to allow tools to present information like the tactic state, so it has the concept of interactive “Widgets”.

So Lean’s design has always made such a feat possible. But it was no easy feat. The Lean API is large, and documentation never ceases to be improvable. In the past, it would take an expert (or someone willing to become one) to pull off that stunt. These days, coding assistants have no issue digesting, understanding and using the API, as Emilio’s demo shows.

The combination of Lean’s extensibility and the ability of coding agents to make use of that is a game changer to how we can develop software, with rich, deep, flexible and bespoke ways to interact with our code, created on demand.

Where does that lead us?

Emilio actually shared more such demos (Github repository). A visual explorer for the compiler output (have a look at the screenshot. A browser-devtool-like inspection tool for Lean’s “InfoTree”. Any of these provide a significant productivity boost. Any of these would have been a sizeable project half a year ago. Now it’s just a few hours of chatting with the agent.

So allow me to try and extrapolate into a future where coding agents have continued to advance at the current pace, and are used ubiquitously. Is there then even a point in polishing these tools, shipping them to our users, documenting them? Why build a compiler explorer for our users, if our users can just ask their agent to build one for them, right then when they need it, tailored to precisely the use case they have, with no unnecessary or confusing feature. The code would be single use, as the next time the user needs something like that the agent can just re-create it, maybe slightly different because every use case is different.

If that comes to pass then Lean may no longer get praise for its nice out-of-the-box user experience, but instead because it is such a powerful framework for ad-hoc UX improvements.

And Emilio wouldn’t post demos about his debugger. He’d just use it.

15:35

[$] IIIF: images and visual presentations for the web [LWN.net]

The International Image Interoperability Framework, or IIIF ("triple-eye eff"), is a small set of standards that form a basis for serving, displaying, and reusing image data on the web. It consists of a number of API definitions that compose with each other to achieve a standard for providing, for example, presentations of high-resolution images at multiple zoom levels, as well as bundling multiple images together. Presentations may include metadata about details like authorship, dates, references to other representations of the same work, copyright information, bibliographic identifiers, etc. Presentations can be further grouped into collections, and metadata can be added in the form of transcriptions, annotations, or captions. IIIF is most popular with cultural-heritage organizations, such as libraries, universities, and archives.

15:14

Oh, Look, an Airport [Whatever]

Strange how I keep ending up at one.

This time, however, not on business. Visiting friends because now that the novel is in I can do that. I’ll be traveling on business very soon, however, first to San Antonio and then to Tucson. The life of an author is strangely itinerant.

— JS

14:07

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (freerdp), Debian (firefox-esr and libstb), Fedora (389-ds-base, chromium, firefox, munge, opentofu, python3-docs, python3.14, and vim), Oracle (buildah, containernetworking-plugins, gimp, grafana, grafana-pcp, kernel, podman, runc, and skopeo), Red Hat (go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, mariadb:10.11, podman, and skopeo), SUSE (cacti, docker-stable, expat, firefox-esr, freerdp, freerdp2, libjxl, libsoup-2_4-1, python-tornado, python-urllib3_1, python3, python311-Django4, python312, python313, python39, and redis), and Ubuntu (ceph, mongodb, protobuf, and rlottie).

13:56

Semantic Layers in the Wild: Lessons from Early Adopters [Radar]

My first post made the case for what a semantic layer can bring to the modern enterprise: a single source of truth accessible to everyone who needs it—BI teams in Tableau and Power BI, Excel-loving analysts, application integrations via API, and the AI agents now proliferating across organizations—all pulling from the same governed, performant metric layer. The promise is compelling. But what happens when organizations actually build and deploy one? To find out, I interviewed several early adopters who’ve moved semantic layers from concept to production. Four themes emerged from those conversations: some surprising, some predictable, and a few that will sound familiar to anyone who’s ever shipped data infrastructure.

The first theme: Semantic layers are showing up in unexpected places. Most discussion positions them as enterprise-level infrastructure—a single location capturing all company metrics for centralized access and governance. That’s still the primary use case. But practitioners are also deploying semantic layers for narrower purposes. One organization, for example, built their semantic layer specifically to power a targeted chatbot application—letting users query data conversationally without any traditional BI tools in the mix. No Power BI, no Excel, just an AI interface pulling from governed metrics. The rationale for these smaller deployments is straightforward: Semantic layers deliver high accuracy on structured data, even with lightweight models. The core value drivers remain speed, accuracy, and access—but organizations are finding more ways to extract that value than the enterprise-wide vision suggests.

The second theme: AI is the reason organizations are moving now. The other benefits still matter—single source of truth, multitool compatibility, true self-serve access, cost reduction in cloud environments—but when I asked practitioners why they prioritized a semantic layer today rather than two years ago, the answer was consistent: AI. Whether it was a specific chatbot project or enabling AI-driven analytics at scale, AI requirements were the catalyst. This tracks with what I discussed in my first post: Structured data alone isn’t enough for reliable AI analytics. Adding semantic context—field descriptions, model definitions, object relationships—dramatically improves accuracy. The data industry has noticed. Semantic layers have moved from niche infrastructure to strategic priority: Snowflake, Databricks, dbt Labs, and Microsoft have all made significant investments in the past year.

The third theme: Semantic layers reduce work for developers while making trusted data easier to access. Multiple practitioners cited the value of maintaining metrics and business logic in a single location. Any analyst knows the pain of metric sprawl—leadership requests a change to a core KPI, and you discover it’s been defined a dozen different ways across databases, BI tools, and spreadsheets scattered through the organization. The semantic layer eliminates the chase. One engineering lead described a financial metric that had accumulated over 60 versions across the company. After deploying the semantic layer, there was one.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

Access simplifies too. Instead of provisioning controls across warehouses, BI workspaces, individual dashboards, and cloud storage locations, users connect directly to the semantic layer and pull data into the tool of their choice. One organization was surprised to find that after deployment, the most common access point was Excel. But with the semantic layer, that wasn’t a problem: The data served in Excel was identical to what powered their AI tools, Power BI dashboards, and application integrations via API.

The fourth theme will sound familiar to anyone who’s shipped data infrastructure: The biggest challenge isn’t the technology—it’s the data itself. Every practitioner I spoke with identified the same bottleneck: consistency, availability, and accuracy of the underlying data. Engineers and analysts can build the semantic layer, but they can’t will clean data into existence. Success requires close collaboration with business stakeholders, clear ownership of metrics, and leadership alignment to prioritize the work. None of that is new. But despite these challenges, everyone I interviewed reached the same conclusion: The semantic layer is worth the effort.

Semantic layer technology is still early. The tools, vendors, and best practices are evolving fast—what works today may look different in a year. But these conversations revealed a clear signal beneath the noise: semantic layers are becoming critical AI infrastructure. The practitioners I spoke with aren’t experimenting anymore. They’re operationalizing. And despite the expected challenges around data quality and organizational alignment, they’re seeing real returns: fewer metric versions to maintain, simpler access controls, and AI tools that actually produce trusted answers.

My first article made the case for what a semantic layer could be. This one asked what happens when organizations actually build them. The answer: It’s hard, it’s worth it, and for companies serious about AI-driven analytics, the semantic layer is no longer a nice-to-have. It’s the foundation.

12:56

CodeSOD: The Counting Machine [The Daily WTF]

Industrial machines are generally accompanied by "Human Machine Interfaces", HMIs. This is industrial slang for a little computerized box you use to control the industrial machine. All the key logic and core functionality and especially the safety functionality is handled at a deeper computer layer in the system. The HMI is just buttons users can push to interact with the machine.

Purchasers of those pieces of industrial equipment often want to customize that user interface. They want to guide users away from functions they don't need, or make their specific workflow clear, or even just brand the UI. This means that the vendor needs to publish an API for their HMI.

Which brings us to Wendy. She works for a manufacturing company which wants to customize the HMI on a piece of industrial equipment in a factory. That means Wendy has been reading the docs and poking at the open-sourced portions of the code, and these raise more questions than they answer.

For example, the HMI's API provides its own set of collection types, in C#. We can wonder why they'd do such a thing, which is certainly a WTF in itself, but this representative line raises even more questions than that:

Int32 Count { get; set; }

What happens if you use the public set operation on the count of items in a collection? I don't know. Wendy doesn't either, as she writes:

I'm really tempted to set the count but I fear the consequences.

All I can hear in my head when I think about "setting the Count" is: "One! One null reference exception! Two! TWO null reference exceptions! HA HA HA HA!"

By http://muppet.wikia.com/wiki/Count_von_Count

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

12:35

LLMs Generate Predictable Passwords [Schneier on Security]

LLMs are bad at generating passwords:

There are strong noticeable patterns among these 50 passwords that can be seen easily:

All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7.

Character choices are highly uneven for example, L , 9, m, 2, $ and # appeared in all 50 passwords, but 5 and @ only appeared in one password each, and most of the letters in the alphabet never appeared at all.

There are no repeating characters within any password. Probabilistically, this would be very unlikely if the passwords were truly random but Claude preferred to avoid repeating characters, possibly because it “looks like it’s less random”.

Claude avoided the symbol *. This could be because Claude’s output format is Markdown, where * has a special meaning.

Even entire passwords repeat: In the above 50 attempts, there are actually only 30 unique passwords. The most common password was G7$kL9#mQ2&xP4!w, which repeated 18 times, giving this specific password a 36% probability in our test set; far higher than the expected probability 2-100 if this were truly a 100-bit password.

This result is not surprising. Password generation seems precisely the thing that LLMs shouldn’t be good at. But if AI agents are doing things autonomously, they will be creating accounts. So this is a problem.

Actually, the whole process of authenticating an autonomous agent has all sorts of deep problems.

News article.

Slashdot story

11:42

Grrl Power #1438 – Pop goes the Gralien [Grrl Power]

The UCBA Party Barge and Recovery ship is large enough and custom built to pull even something/one the size of U.M.B.Rage off the surface. The ship is roughly the size of the Fhloston Paradise, with slightly fewer pools and more space dedicated to kaiju sized med-bays. But it still is a party barge, and is generally considered a premier location to view the battles.

Sydney’s still wearing a bra, by the way. You can see part of the strap under Frix’s fingers if you look close enough. I drew her, then added him because I have a bad habit of drawing only the people talking in a scene, since each character I draw adds to the time to pencil, ink and color. But I figured I’d just be drawing neck to waist, and how hard can that be – oh right, even after all this time I don’t know what humanoid bodies look like, so naturally it took me like 30 minutes to pencil his torso, cause the arm position and the inside of the elbow joint looked weird and I finally had to go looking for reference, but of course, there are no pictures of really muscular guys on the internet standing in that position. They’re always flexing. Or maybe standing casually, but try to find a picture of a muscular man or woman lounging, or talking on a phone or resting their cheek on their hand and now you’ve got a challenge.

You know, sometimes I complain about my job, but then I remember that I have never once had to use Excel or sit in a Zoom meeting that should have been an email or had to sit through an embarrassingly outdated HR video. I mean, not at this job. I’ve done that stuff at other jobs. Well, Zoom didn’t exist back then. It was probably Skype, and there was never a point at which Skype didn’t suck a to a surprising degree.

Also, I should mention that Sydney is still sporting holo-boobs. Even still, she’s self conscious about exposing fake boobs so long as they’re attached to her.

Do you realize it’s 02-26-2026? If you reverse the order of the month numerals, you get 20262026! And if you’re a numerologist… that means you’re stupid! It has nothing to do with the date. I’m just throwing shade at one of the saddest pseudosciences just cause the date is almost a meaningless repeating number if you change the numbers so that they repeat how you want. I dunno what’s up with the drive by. Just feeling sassy tonight.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

11:07

Pluralistic: If you build it (and it works), Trump will come (and take it) (26 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

If you build it (and it works), Trump will come (and take it): Trump wants Big Tech to win, not to play fair.
Hey look at this: Delights to delectate.
Object permanence: Harpercollins v libraries; Rothfuss x Firefly; Bookseller seethings; If magazine; HBR v executive pay; Apple caves on encryption.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

If you build it (and it works), Trump will come (and take it) (permalink)

Crises precipitate change: Trump's incontinent belligerence spurred the world to long-overdue action on "digital sovereignty," as people woke up to the stark realization that a handful of Trump-aligned giant tech firms could shut down their governments, companies and households at the click of a mouse.

This has been a long, long time coming. Long before Trump, the Snowden revelations made it clear that the US government had weaponized its position as the world's IT export powerhouse and the interchange hub for the world's transoceanic fiber links, and was actively spying on everyone – allies and foes, presidents and plebs – to attain geopolitical and commercial advantages for America. Even after that stark reminder, the world continued to putter along, knowing that the US had planted demolition charges in its digital infrastructure, but praying that the "rules-based international order" would stop America from pushing the button.

Now, more than a decade into the Trump era, the world is finally confronting the reality that they need to get the hell off of American IT, and transition to open, transparent and verifiable alternatives for their administrative tools, telecoms infrastructure and embedded systems for agriculture, industry and transportation. And not a moment too soon:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

But building the post-American internet is easier said than done. There remain huge, unresolved questions about the best way to proceed.

One thing is clear: we will need new systems: the aforementioned open, transparent, verifiable code and hardware. That's a huge project, but the good news is that it benefits tremendously from scale, which means that as countries, businesses and households switch to the post-American internet, there will be ever more resources to devote to building, maintaining and improving this project. That's how scientific endeavors work: they're global collaborations that allow multiple parties to simultaneously attack the problems from many angles at once. Think of the global effort to sequence, understand, and produce vaccines for Covid 19.

Developing the code and hardware for the post-American internet scales beautifully, making it unique among the many tasks posed by the post-American world. Other untrustworthy US platforms – such as the dollar, or the fiber links that make interconnection in the USA – are hampered by scale. The fact that hundreds of countries use the dollar and rely on US fiber connections makes replacing them harder, not easier:

https://pluralistic.net/2025/11/26/difficult-multipolarism/#eurostack

Building the post-American internet isn't easy, but there's a clear set of construction plans. What's far less clear is how we transition to the post-American internet. How do people, organizations and governments that currently have their data locked up in US Big Tech silos get it off their platforms and onto new, open, transparent, verifiable successors? Literally: how do you move the data from the old system to the new one, preserving things like edit/view permissions, edit histories, and other complex data-structures that often have high-stakes attached to them (for example, many organizations and governments are legally required to maintain strict view/edit permissions for sensitive data, and must preserve the histories of their documents).

On top of that, there's all the systems that we use to talk to one another: media services from Instagram to Tiktok to Youtube; chat services from iMessage to Discord. It's easy enough to build alternatives to these services – indeed, they already exist, though they may require additional engineering to scale them up for hundreds of millions or billions of users – but that's only half the battle. What do we do about the literal billions of people who are already using the American systems?

This is where the big divisions appear. In one camp, you have the "if you build it, they will come" school, who say that all we need to do is make our services so obviously superior to the legacy services that America has exported around the world and people will just switch. This is a very seductive argument. After all, the American systems are visibly, painfully defective: riddled with surveillance and ads, powered by terrible algorithms, plagued by moderation failures.

But waiting for people to recognize the superiority of your alternatives and jumping ship is a dead end. It completely misapprehends the reason that users are still on legacy social media and other platforms. People don't use Instagram because they love Mark Zuckerberg; they use it because they love their friends more than they hate Mark Zuckerberg:

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

What's more, Zuckerberg knows this. He knows that users of his service are hamstrung by the "collective action problem" of getting the people who matter to you to agree on when it's time to leave a service, and on which service is a safe haven to flee to:

https://pluralistic.net/2022/10/29/how-to-leave-dying-social-media-platforms/

The reason Zuckerberg knows this is that he had to contend with it at the dawn of Facebook, when the majority of social media users were locked into an obviously inferior legacy platform called Myspace. Zuckerberg promised Myspace users a superior social media experience where they wouldn't be spied on or bombarded with ads:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362

Zuckerberg knew that wouldn't be enough. No one was going to leave Myspace for Facebook and hang out in splendid isolation, smugly re-reading Facebook's world-beating privacy policy while waiting for their dopey friends to wise up and leave Myspace to come and join them.

No: Zuckerberg gave the Myspace refugees a bot, which would accept your Myspace login and password and then impersonate you to Myspace's servers several times per day, scraping all the content waiting for you in your Myspace feed and flowing it into your Facebook feed. You could reply to it there and the bot would push it out to Myspace. You could eat your cake and have it too: use Facebook, but communicate with the people who were still on Myspace.

This is called "adversarial interoperability" and it was once the norm, but the companies that rose to power by "moving fast and breaking things" went on to secure legal protections to prevent anyone from doing unto them as they had done unto their own predecessors:

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

The harder it is for people to leave a platform, the worse the platform can treat them without paying the penalty of losing users. This is the source of enshittification: when a company can move value from its users and customers to itself without risking their departure, it does.

People stay on bad platforms because the value they provide to one another is greater than the costs the platform extracts from them. That means that when you see people stuck on a very bad platform – like Twitter, Instagram or Facebook – you should infer that what they get there from the people that matter to them is really important to them. They stick to platforms because that's where they meet with people who share their rare disease, because that's where they find the customers or audiences that they rely on to make rent; because that's the only place they can find the people they left behind when they emigrated.

Now, it's entirely possible – likely, even – that legacy social media platforms will grow so terrible that people will leave and jettison those social connections that mean so much to them. This is not a good outcome. Those communities, once shattered, will likely never re-form. There will be permanent, irretrievable losses incurred by their members:

https://pluralistic.net/2023/07/23/when-the-town-square-shatters/

The platforms are sinking ships. We need to evacuate them:

https://pluralistic.net/2024/03/23/evacuate-the-platforms/#let-the-platforms-burn

"If you build it, they will come" is a trap. Technologists and their users who don't understand the pernicious nature of the collective active problem trap themselves. They build obviously superior technical platforms and then gnash their teeth as the rest of the world fails to make the leap.

All too often, users' frustration at the failure of new services to slay the inferior legacy services curdles, and users and designers of new technologies decide that the people who won't join them are somehow themselves defective. It doesn't take long to find a corner of the Fediverse or Bluesky where Facebook and Twitter users are being condemned as morally suspect for staying on zuckermuskian media. They are damned for loving Zuckerberg and Musk, rather than empathized with for loving each other more than they hate the oligarchs who've trapped them. They're condemned as emotionally stunted "attention whores" who hang out on big platforms to get "dopamine" (or some other pseudoscientific reward), which is easier than grappling with the fact that legacy social media pays their bills, and tolerating Zuckerberg or Musk is preferable to getting evicted.

Worst of all, condemning users of legacy technology as moral failures leads you to oppose efforts to get those users out of harm's way and onto modern platforms. Think of the outcry at Meta's Threads taking steps to federate with Mastodon. There are good reasons to worry about this – the best one being that it might allow Meta to (illegally) suck up Mastodon users' data and store and process it. But the majority of the opposition to Threads integration with Mastodon wasn't about Threads' management – it was about Threads' users. It posited a certain kind of moral defective who would use a Zuckerberg-controlled platform in the 2020s and insisted that those people would ruin Mastodon by bringing over their illegitimate social practices.

I've made no secret of where I come down in this debate: the owners of legacy social media are my enemy, but the users of those platforms are my comrades, and I want to help them get shut of legacy social media as quickly and painlessly as possible.

What's more, there's a way to make this happen! The same adversarial interoperability that served Zuckerberg so well when he was draining users off of Myspace could be used today to evacuate all of Meta's platforms. We could use a combination of on-device bridging, scraping and other guerrilla tactics to create "alt clients" that let you interact with people on Mastodon and the legacy platforms in one context, so that you can leave the bad services but keep the good people in your life.

The major barrier to this isn't technological. Despite the boasts of these companies to world-beating engineering prowess, the reality is that people (often teenagers) keep successfully finding and exploiting vulnerabilities in the "impregnable" platforms, in order to build successful alt clients:

https://pluralistic.net/2023/12/07/blue-bubbles-for-all/#never-underestimate-the-determination-of-a-kid-who-is-time-rich-and-cash-poor

The thing that eventually sees off these alt clients isn't Big Tech's technical countermeasures – it's legal risk. A global system of "anticircumvention" laws makes the kinds of basic reverse-engineering associated with building using adversarial interoperability radioactively illegal. These laws didn't appear out of thin air, either: the US Trade Representative pressured all of America's trading partners into passing them:

https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest

Which brings me back to crises precipitating change. Trump has staged an unscheduled, sudden, midair disassembly of the global system of trade, whacking tariffs on every country in the world, even in defiance of the Supreme Court:

https://www.bbc.co.uk/news/articles/cd6zn3ly22yo

Ironically, this has only helped make the case for adversarial interoperability. Trump is using tech companies to attack his geopolitical rivals, ordering Microsoft to shut down both the International Criminal Court and a Brazilian high court in retaliation for their pursuit of the criminal dictators Benjamin Netanyahu and Jair Bolsonaro. This means that Trump has violated the quid pro quo deal for keeping anticircumvention law on your statute books, and he has made the case for killing anticircumvention as quickly as possible in order to escape American tech platforms before they are weaponized against you:

https://pluralistic.net/2026/01/29/post-american-canada/#ottawa

I've been talking about this for more than a year now, and I must say, the reception has been better than I dared dream. I think that – for the first time in my adult life – we are on the verge of creating a new, good, billionaire-proof internet:

https://pluralistic.net/2026/01/15/how-the-light-gets-in/

But there's one objection that keeps coming up: "What if this makes Trump mad?" Or, more specifically, "What if this makes Trump more mad, so instead of hitting us with a 10% tariff, it's a 1,000% tariff?

This came up earlier this week, when I gave a remote keynote for the Fedimtl conference, and an audience member said that he thought we should just focus on building good new platforms, rather than risking Trump's ire. In my response, I recited the arguments I've raised in this piece.

But yesterday, I saw a news item that made me realize there was one more argument I should have made, but missed. It was a Reuters story about Trump ordering American diplomats to fight against "data sovereignty" policies around the world:

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

The news comes from a leaked diplomatic cable, and it's a reminder that Trump's goal is to maintain American dominance of the world's technology and to prevent the formation of a post-American internet altogether. Worrying that Trump will hit you with more tariffs if you legalize jailbreaking assumes that the thing that would upset Trump is that you broke the rules.

That's not what makes Trump angry.

What makes Trump angry is losing.

Say you focus exclusively on building superior platforms. Say by some miracle that everyone you care about somehow overcomes the collective action problems and high switching costs and leaves behind US Big Tech services and comes to your new, federated, cleantech, post-American alternative.

Do you think that Trump will observe this collapse in the fortunes of the most important corporations in his coalition and shrug and say, "Well, I guess I lost fair and square; better luck next time?"

Hell, no. We already know what Trump does when his corporate allies lose to a superior foreign rival – Trump steals the rival's service and gives it to one of his cronies. That's literally what he did last month, to Tiktok:

https://www.democracynow.org/2026/1/23/headlines/larry_ellisons_oracle_part_of_new_deal_to_own_us_version_of_tiktok

The fear of harsh retaliation for any country that dares to be a Disenshittification Nation is based on the premise that Trump is motivated by a commitment to fairness. He's not: Trump is motivated by a desire to dominate. Anything that threatens the dominance of the companies that take his orders is fair game, and he will retaliate in any way he can.

Hey look at this (permalink)

Organized Labor Took a Huge Step Forward When GM Workers Sat Down in Unison in 1937 https://www.smithsonianmag.com/history/organized-labor-took-huge-step-forward-when-GM-workers-sat-down-unison-1937-180988089/
How to Tax Billionaires https://prospect.org/2026/02/24/tax-billionaires-california-income-inequality-trump-billionaires-trillionaires/
“Battered, bedraggled, inexplicably enthusiastic about a bargain flight to Bermuda” https://unsung.aresluna.org/battered-bedraggled-inexplicably-enthusiastic-about-a-bargain-flight-to-bermuda/
Understanding the L L M Bubble https://img1.wsimg.com/blobby/go/76c5f9c0-d1a4-4493-b204-bbbdd68fd910/downloads/89583079-d8c1-483f-8988-3c9f5d813d89/HoranAAJ2026LLMbubble.pdf?ver=1771954468213
Actually, the left is winning the AI debate https://www.bloodinthemachine.com/p/actually-the-left-is-winning-the

Object permanence (permalink)

#20yrsago Florida cops threaten people who ask for complaint forms https://web.archive.org/web/20060218125443/http://cbs4.com/topstories/local_story_033170755.html

#20yrsago SF editor: watermarks hurt artists and reward megacorps https://web.archive.org/web/20060307172130/http://www.kathryncramer.com/kathryn_cramer/2006/02/watermarking_as.html

#15yrsago HarperCollins to libraries: we will nuke your ebooks after 26 checkouts https://memex.craphound.com/2011/02/25/harpercollins-to-libraries-we-will-nuke-your-ebooks-after-26-checkouts/

#15yrsago Slowly fuming used bookstore clerk seethings https://web.archive.org/web/20110224180817/http://blogs.sfweekly.com/exhibitionist/2011/02/this_is_why_your_used_bookstor.php

#15yrsago Rothfuss pledges to buy Firefly from Fox and give it away https://blog.patrickrothfuss.com/2011/02/an-open-letter-to-nathan-fillion/

#10yrsago Disney offers to deduct contributions to its PAC from employees’ paychecks, to lobby for TPP https://arstechnica.com/tech-policy/2016/02/disney-ceo-asks-employees-to-chip-in-to-pay-copyright-lobbyists/

#10yrsago Read: The full run of If magazine, scanned at the Internet Archive https://archive.org/details/ifmagazine

#10yrsago Rosa Parks’s papers and photos online at the Library of Congress https://www.youtube.com/watch?v=266gn07TUYw

#10yrsago Harvard Business Review: Stop paying executives for performance https://hbr.org/2016/02/stop-paying-executives-for-performance

#5yrsago Saving the planet is illegal https://pluralistic.net/2021/02/25/ring-down-the-curtain/#ect

#5yrsago Against hygiene theater https://pluralistic.net/2021/02/25/ring-down-the-curtain/#hygiene-theater

#1yrago Apple's encryption capitulation https://pluralistic.net/2025/02/25/sneak-and-peek/#pavel-chekov

Upcoming appearances (permalink)

Oslo (remote): Seminar og lansering av rapport om «enshittification», Feb 27
https://www.forbrukerradet.no/siste-nytt/digital/seminar-og-lansering-av-rapport-om-enshittification/
Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html
How the Internet Got Worse (Masters in Business)
https://www.youtube.com/watch?v=auXlkuVhxMo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1055 words today, 38245 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

10:21

No. [Seth's Blog]

Is a complete sentence.

So is, “yes.”

09:35

Irregular Webcomic! #3048 [Irregular Webcomic!]

Irregular Webcomic! #3048

07:14

Urgent: Repeal qualified immunity for federal officers [Richard Stallman's Political Notes]

US citizens: call on Congress to repeal qualified immunity for federal officers.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Tennessee Valley Authority coal plants [Richard Stallman's Political Notes]

US citizens: call on the Tennessee Valley Authority to keep its promise to retire coal plants.

Urgent: News coverage of bully's action on Department of Justice [Richard Stallman's Political Notes]

US citizens: call on major news organizations to cover the bully's action on the Department of Justice as a system of lobbying, revolving-door influence, and regulatory capture — examining financial ties, past clients, and enforcement outcomes.

Urgent: Qualified Immunity Abolition Act [Richard Stallman's Political Notes]

US citizens: Call on Congress to pass the Qualified Immunity Abolition Act, to end qualified immunity for federal officers, including deportation thugs. This will give the victims of their violence a real chance of winning lawsuits about said violence.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Veterans facing arrests over protests [Richard Stallman's Political Notes]

From October: *Growing number of US veterans face arrest over protests [against deportation thugs].*

An ordinary perjurer lies about facts and expects there will be no proof that perse lied. These federal prosecutors did blatant blackwhiting about basic notions of right and wrong.

The epitome of an arrogant, dishonest bully punches you, then accuses you of "Hitting my fist with your face." Prosecutors did essentially that when they knocked over Briggs and then charged him with having "made physical contact with an agent's arm."

Teaching prosecutors to blackwhite on command is moral damage that many will not recover from. If we ever regain control, we will need to disbar them and replace them. Justice requires prosecutors who will prosecute thugs for documented attacks on protesters and other innocent people, not the thugs' victims.

With luck there will be former a pool of prosecutors who resigned rather than do such things, whom we could reappoint.

Microplastics in the wilderness [Richard Stallman's Political Notes]

*Merrily we bring microplastics into the wilderness with our hiking shoes.*

Starmer's plans for prohibiting protests [Richard Stallman's Political Notes]

Starmer's plans for prohibiting protests would have prohibited the creation of the Labour Party, if they had been in effect at that time.

Incomplete embryos cloned from adult humans [Richard Stallman's Political Notes]

Scientists can create incomplete embryos cloned from an adult human. They lack the beginnings of a brain, but develop plenty of important parts that could, if they can develop far enough, be transplanted into that human to save per life.

Antibiotic resistance in disease bacteria [Richard Stallman's Political Notes]

Antibiotic resistance in disease bacteria is reaching a tipping point leading to danger for everyone, but governments are still not addressing the danger strongly or systematically.

Australian tropical rainforest trees [Richard Stallman's Political Notes]

*Australian tropical rainforest trees [have changed] from carbon sink to emissions source.*

Banning of Palestine Action is illegal [Richard Stallman's Political Notes]

A court found the UK's banning of Palestine Action to be illegal because it was a major interference with the right to protest.

But this has not yet translated into the lifting of the ban.

Roses coated in a fine chemical cocktail [Richard Stallman's Political Notes]

*Nothing says love like roses coated in a fine chemical cocktail.* Especially when many of the pesticides on it are banned in your country for reasons of toxicity.

Accusations of domestic violence against Australian thug [Richard Stallman's Political Notes]

An Australian police force decided to disregard accusations of domestic violence against one of its thugs because he had already been fired. This left his wife still in danger from him.

inJustice Department persecuting because of political opinions [Richard Stallman's Political Notes]

The inJustice Department keeps on persecuting people chosen solely because of their political opinions. Leakers keep on proving this by revealing the raw data that the department has.

New York City patients' data given to Palantir [Richard Stallman's Political Notes]

New York City must stop giving patients' medical data to Palantir, since Palantir can't be trusted not to use it against them.

Bully returned to bullying Ukraine [Richard Stallman's Political Notes]

The bully has returned to bullying Ukraine to offer Putin quasi-surrender.

This demonstrates once again that if he seems to have accepted some sort of reasonable compromise deal with you, he will break it later and demand servitude.

Palestine Action ruling [Richard Stallman's Political Notes]

*The Palestine Action ruling vindicates the courageous – and shames the complicit.*

The ruling, if sustained by the appeals court, will put an end to the ban on the organization.

The article compares Palestine Action to the suffragettes and finds that their tactics were similar.

Retired British couple of activists for Palestine [Richard Stallman's Political Notes]

A British bank closed the personal savings account of a retired British couple of activists for Palestine, and refuses to give them any justification for this. They believe it must be political repression.

T-Mobile to pass calls through powerful computer system [Richard Stallman's Political Notes]

T-Mobile will implement the feature of passing everything said in a phone call to a powerful computer system.

The advertised feature is to translate between languages using "Artificial Intelligence", though it might really be mere Pretend Intelligence.

But if it can do that, with millions of conversations at once, what else can it do to everyone at once?

It can try to recognize you from your voice. It can convert your conversation into text, with a scattering of errors, and save that for Big Brother.

How many Jeffrey Epstein’s do you think there are?

02:07

MediaGoblin 0.15.0 [Planet GNU]

We're pleased to announce the release of GNU MediaGoblin 0.15.0. See the release notes for full details and upgrading instructions.

This is a relatively small release to resolve installation issues on Debian Trixie and Bookworm.

This version has been tested on Debian Bookworm (12), Debian Trixie (13), Ubuntu 22.04, Ubuntu 24.04 and Fedora 43. This release drops support for Debian Bullseye (11) and Ubuntu 20.04.

To join us and help improve MediaGoblin, please visit our getting involved page.

00:35

[$] LWN.net Weekly Edition for February 26, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

Front: New flags for clone3(); Discord replacements; virtual swap spaces; BPF memory protection keys; PostgreSQL's lessons in attracting contributors; 7.0 merge window; Network Time Security.
Briefs: OpenSUSE governance; Firefox 148.0; GNU Awk 5.4.0; GNU Octave 11.1.0; Rust in Ladybird; LibreOffice Online; Weston 15.0; RIP Robert Kaye; Quotes; ...
Announcements: Newsletters, conferences, security updates, patches, and more.

00:14

seven mary three come back [WIL WHEATON dot NET]

This last weekend, I was in Pensacola, Florida. When I told my friend that, he said “what are you doing in Florida?” I said, “Trying to get out.” But I was actually there for Pensacon. It’s a convention that has invited me year after year, but hasn’t ever fit into my schedule until this year, so it was my first time.

Florida deserves the jokes we make about it, but my experience when I was there was quite lovely. Every person I interacted with was kind, friendly, helpful. I had an incredible piece of blackened gulf red snapper for dinner one night, my bed was comfy, and I did not have a single awkward or uncomfortable encounter with anyone at the show.

None of that is why this will be one of the most memorable conventions of my life, and I will now tell you why.

Holy. Shit.

I turned to my friend, Leah, who works with me at conventions to keep things running smoothly. “Dude, I have to come do this tomorrow.”

“Okay, we’ll take care of it,” she said.

So Saturday comes around, and I’m signing autographs at my table. Leah taps me on the shoulder and says, “it’s time to go downstairs.”

The excitement that surged inside of me threatened to explode out of my chest like Alien. I told the people who were in the line that I would be right back, I was going to fulfill a childhood dream.

We went downstairs to the photo-op area, and I apologized to the line I was cutting. They seemed to understand, my fellow fans of CHiPs, who also could not believe this was actually happening.

I bounced on the balls of my feet while I waited, and oh shit here comes Larry Wilcox. And he’s wearing a CHP uniform shirt with a name tag that says JOHN! I tried so hard to control my bouncing, but I’m pretty sure I failed.

We made eye contact and I said, “Hi, I’m Wil. I’m a huge fan and I am so excited to take a picture with you.”

“It’s so nice to meet you, I’m Larry.” We shook hands, and I didn’t keep shaking it like I did when I met Henry Rollins thank god.

There was a commotion around the corner, which could only mean one thing. Here comes Erik Estrada, much taller than I expected, and he is wearing a uniform shirt with a name tag that says PONCH.

Dude, it’s totally Ponch. Like, right there, right in front of me, are Ponch and John and I’m so excited I can’t tell if I’m going to burst into tears or throw up or what.

They take their positions on their marks, which are the same marks I had been using just a little bit earlier, and the photographer tells me that they are ready.

This is my chance. This is the one time I get to say this. I take a deep breath, and I say, “I don’t want to take up a ton of your time, so I’ll say this quickly. I grew up in Sunland-Tujunga, and you guys used to film in my neighborhood all the time.”

They looked at each other. “Sunland-Tujunga!” Larry Wilcox said. “We love Sunland-Tujunga!”

“Yeah, it was a great place to grow up. So I loved watching CHiPs, and I loved that I could see streets I recognized when I watched it.

“One day when you were filming, in like 1979, I think, my babysitter went to the set and came back with your autographs for me. I cherished them, until they were lost in a move probably 40 years ago.”

Erik Estrada’s eyes lit up and he flashed me that classic Ponch smile. I took a steadying breath.

“But this is really what I wanted to tell you: I had a rough childhood, with a lot of abuse an exploitation. I was sad and scared most of the time. But whenever you were on my TV, I was happy and I was safe. I loved CHiPs so much. You were the adults I wished I’d had in my life. You guys protected people, you stood up to bullies, and the whole cast felt like a group of people who were always there for each other. I desperately wanted that in my life, and watching CHiPs got me as close to it as I could get. So I really just want to say thank you for your work and for the joyful memories you gave me.”

“Oh, buddy,” Erick Estrada said, “thank you. Come here,” and he pulled me into a warm and loving hug.

“Thank you,” I said, “you have no idea.”

“I think maybe we do,” Larry Wilcox said, very kindly, with a warm smile. Maybe I’m not the first person to share a story like mine with them.

“Let’s take a great picture,” Erik Estrada said.

“Thank you. I’d love that,” I said.

I stood between them, they put their arms around me, and a dream came true for 9 year-old Wil.

They were such kind men. I felt seen and I felt special. All these years later, Ponch and John can still make this weird, sad, scared, little kid feel safe.

I will cherish this memory for the rest of my life.

Slugs Not Slop [The Stranger]

The Sea Slug Animation Festival is making clear what was true its first year: only art made by passionate craftspeople is allowed. AI hacks, please dispose of your slop in the nearest trash can. by Chase Hutchinson

The Sea Slug Animation Festival is making clear what was true its first year: only art made by passionate craftspeople is allowed. AI hacks, please dispose of your slop in the nearest trash can.

This line in the sand is a matter of self-preservation. AI is an “existential threat” to animators. Though there is much uncertainty about what its impact will be in the future, the Animation Guild — a union that represents more than 5,000 artists, writers, technicians and production workers—estimate that 29 percent of jobs will be “disrupted,” whether through layoffs, loss of work, or other impacts. DreamWorks founder Jeffrey Katzenberg pessimistically predicts up to 90 percent of animation jobs could be cut. While the festival won’t save the animation industry on its own, Sea Slug is doing its part to push back against this technological nightmare.

“Sea Slug remains a platform for artists who are creating art themselves to show their independent work,” co-founder Hannah Baek said, noting all the “awesome analog-made animation” screening during this weekend’s (Feb. 27 through Mar. 1) festival at the SIFF Cinema Uptown (511 Queen Anne Ave N).

Baek and co-founder Rhys Iliakis run the festival together. They started it last year with the guiding philosophy of spotlighting animation in all its forms and providing a space for local PNW animators to connect about their work.

They’ve curated the festival’s second run with equal care, showcasing a variety of shorts and features that consist of animation on celluloid, hand-drawn with pencil, copper relief carving, oil on glass, pinscreen, collage, and stop motion with paper/puppets/clay, as well as 2D and 3D digital animation. The festival has also gained additional support since last year in the form of a grant from 4Culture. On top of that, they’ve got a new fiscal sponsor in Shunpike. This has allowed them to reach non-profit status and accept donations—if anyone feels like supporting humans in their fight for art against slop. Thus, with all that and the programming to support another day, they’ve expanded the festival in year two.

The highlights this year range from a rare restoration screening to inventive shorts that all use a variety of techniques. Specifically, there is Son of the White Mare, a masterful 1981 Hungarian film about a divine white mare who gives birth to three heroes that must go on a quest to save the universe. There is also the outstanding Oscar-shortlisted short The Night Boots, which is made entirely via the meticulous process of pinscreen animation, an animation style that makes use of a screen filled with movable pins. Then, there is the mesmerizing Weeds, which is animated by painting on glass. To close it out, there is the spectacularly silly film No Room, a short set in a wacky world where cars have legs for wheels.

The closer is then a mystery film and—without giving anything away on what it is—it’s one that absolutely rips in a way AI could never. Just like the rest of the festival.

Sea Slug Animation Festival takes place Feb. 27-Mar. 1 at the SIFF Cinema Uptown. Tickets are available at https://seasluganimation.com/

Correction: The festival ends March 1, not March 3. We regret the error.

Wednesday, 25 February

23:28

“Never buy a .online domain” [OSnews]

I’ve been a .com purist for over two decades of building. Once, I broke that rule and bought a .online TLD for a small project. This is the story of how it went up in flames.
↫ Tony S.

An absolute horror story about Google’s dominance over the web, in places nobody really talks about. Scary.

You can add a menu bar to KDE title bars with this tool, for some reason [OSnews]

Only a few days ago we talked about the concept of client-side decorations, and how more and more desktop environments and operating systems – specifically GNOME and macOS – are putting more and more buttons, menus, and other widgets inside title bars. How about we take this concept a step further?

This hides the AppMenu icon button and draws the menu in the title bar. It also includes a search button to find actions. It works on both X11 and Wayland. On Wayland, GTK apps don’t export the menu in a KDE-friendly way. You need to start them with GDK_BACKEND=x11 environment variable or you can try the experimental appmenu-gtk-module-wayland (GTK3 only).
↫ material-decoration’s GitHub page

So this little tool allows you to add an application’s menu bar (file, edit, view, etc.) to the titlebar of a KDE application. The way it works is that it adds an optional widget to KDE’s System Settings > Colors & Themes > Window Decorations > Configure Titlebar Buttons…, alongside regular staples like close, minimise, maximise, etc. You can then freely add said “menu bar” to the title bar of your applications. There’s some configuration options, too. For instance, you can disable the search button, or turn the entire menu bar into a hamburger menu instead.

It looks weird, and I’m definitely not the target audience for this, but I do find it intriguing. I’ve never seen anything like this before, and I doubt many people will like it since it takes up so much space if you don’t opt to use the hamburger menu option. That being said, I’m fairly sure KDE and Kwin allow you to edit the titlebars of specific applications and specific windows, which does open some interesting possibilities for, say, applications or windows which you always have maximised or whatever.

There’s an AUR package for Arch users, but everyone else will have to build it themselves.

Anti-Drunk Driving Bill Crashes and Burns in the Legislature [The Stranger]

The bill to lower the legal blood alcohol content limit died in the House, even in spite of The Stranger's flawed-science experiment last summer. by Nathalie Graham

Congrats you lushes, winos, drunkards, sots, and tipplers. A bill to lower the legal driving limit from a 0.08 percent blood alcohol limit to a 0.05 blood alcohol limit (BAC) has failed for the fourth year in a row. Despite passing the Senate, it floundered in the House Committee on Community Safety.

It’s not such a wild idea, even if the only US state with a 0.05 percent BAC limit is buttoned-up, prudish Utah. From a global point of view, we’re way outside the norm—eighty four of the world’s countries have a 0.05 BAC limit or lower. The unholy union of Big Alcohol and Big Automobile in the US of A has kept reform efforts in check across the country, driving something we like to call vehicular manslaughter. In 2023, Washington saw 800 driving deaths—a 30-year high. Over half of those deaths were linked to impaired driving.

Sure, we at The Stranger are known to partake in potent potables. We can put ’em away just like the rest of you. Yet, after a bit of science last summer, we were radicalized. The bill’s prime sponsor, Sen. John Lovick, a former state trooper who’s been advocating for years to lower the BAC, is right.

In an experiment, we combined alcohol and Mario Kart to see how drinking impaired our driving without tearing up these streets. Most of us came away shocked at just how drunk we felt with a BAC at 0.05, let alone 0.08 percent. We were also shocked at how bad we were at Mario Kart. Except Vivian, who got drunker than anyone. Oh, how the mighty fall.

The experiment had flaws, like how it wasn't real science. Or how Charles Mudede, who does not have a license and has never driven, could not comprehend how to use a Nintendo 64 controller. His BAC also mysteriously dipped down toward the end of the test. Regardless, it was enough to assure us that a 0.05 percent BAC was plenty drunk.

There’s always next year, Sen. Lovick!

22:35

Lynx Club (For Child's Play!) [Penny Arcade]

We are occasionally exposed to Mysterious Benefactors, ones who materialize out of a vapour or maybe get dressed up all fancy-like and come to a Child's Play Dinner. People can purchase an appearance in a strip, which is funny, because generally speaking - given the era - people would have spent money to not appear in one, especially around launch. Weirdly, that's essentially what today's cool man did. But these luminous beings, hybrid creatures fashioned from a medieval patron and God's own angels, they want to support the mission of Child's Play Charity. Here's an example of what they looks like today:

21:56

New Windows update adds Sysmon to Windows [OSnews]

Microsoft released an optional cumulative update for Windows 11, and for once, it actually includes something many of you might actually like: it adds Sysmon from Sysinternals to Windows natively, so you no longer have to install it manually. Here’s a refresher on what, exactly, Sysmon does.

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. The service runs as a protected process, thus disallowing a wide range of user mode interactions.
↫ Mark Russinovich and Thomas Garnier

After installing the optional cumulative update in question, KB5077241, you can install Sysmon as an optional Windows component. Of course, this is Microsoft we’re talking about, so it’s not quite as straightforward as you’d think. In Windows 11, there’s two places to add optional Windows features, and in the case of Sysmon, you have to go to the old Windows features dialog instead of the new View or edit optional features one. And also, don’t forget to first remove the old Sysmon from Sysinternals in case you have it installed. After installation, run sysmon -i as an administrator to enable the feature.

21:49

[1290] Maren Awakens [Twokinds]

Comic for February 25, 2026

20:21

15 Years of Humble and Child’s Play Charity [Humble Bundle Blog]

Ever since the very first Humble Indie Bundle back in May of 2010, Humble and Child’s Play have been intrinsically linked. Over the last 15 years, the Humble community has raised over 15 million dollars for the Seattle based charity organization. But what do all those funds do? In addition into supplying consoles, controllers, and devices that ease the anxiety of a a hospital stay, …

The post 15 Years of Humble and Child’s Play Charity appeared first on Humble Bundle Blog.

20:07

Support period lengthened for the 6.6, 6.12, and 6.18 kernels [LWN.net]

The stated support periods for the 6.6, 6.12, and 6.18 kernels has been extended. The 6.6 kernel will be supported with stable updates through the end of 2027 (for four years of support total), while 6.12 and 6.18 will get updates through the end of 2028, for four and three years of support.

18:49

☺️ Trust Us With Your Face | EFFector 38.4 [Deeplinks]

Do you remember the last time you were carded at a bar or restaurant? It was probably such a quick and normal experience, that you barely remember it. But have you ever been carded to use the internet? Being required to present your ID to access content online is becoming a growing reality for many. We're explaining the dangers of age verification laws, and the latest in the fight for privacy and free speech online, with our EFFector newsletter.

For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This issue covers Discord's controversial rollout of mandatory age verification, a leaked Meta memo on face-scanning smart glasses, and a Super Bowl surveillance ad that said the quiet part out loud.

Prefer to listen in? In our audio companion, EFF Associate Director of State Affairs Rin Alajaji explains how online age verification hurts free expression for all users. Find the conversation on YouTube or the Internet Archive.

LISTEN TO EFFECTOR

EFFECTOR 38.4 - ☺️ Trust Us With Your Face

Want to stay in the fight for privacy and free speech online? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight against mandatory age verification laws when you support EFF today!

Slog AM: Trump Played Game Show Host During the State of the Union, Nurses Are Fleeing the Country, and the Heated Rivalry Cottage Is on Airbnb [The Stranger]

The Stranger's morning news roundup. by Megan Seling

Last night, Trump delivered the State of the Union, in which he spoke for 1 hour and 40 minutes. Thankfully, Stranger editor Hannah Murphy Winter watched the whole thing and is here to summarize:

Unsurprisingly, Trump’s State of the Union wasn’t a speech, it was a show. Like Bob Barker telling contestants to “come on down!” he trotted people through Congress like props: the Team USA men’s hockey team, military vets, victims of violence that he claims was done by undocumented immigrants. The Republican side of the chamber were a willing studio audience. They repeatedly broke into chants of “U-S-A,” stood up and cheered when he told them to, and made sure to make a clear contrast between them and the Democrats, so Trump could tisk and tut at how shameful it was that Democrats didn’t back his common sense agenda.

But did he say anything? The SOTU is usually used to unveil important new agendas from the executive, but the speech itself was extremely light on actual policy. He stared down the Supreme Court justices at the front and told them he’d be using his presidential power to restore his tariff program. He called Venezuela our “new friend and partner” after bombing them and capturing their president. He celebrated the “end of DEI in America.” He claimed that we were a “dead country” before he took over, and once again claimed that this should be his third term in office. All things we’ve heard before, and all things that shouldn’t feel normal on a national stage. (Or any stage, really.)

Clap Backs: A lot of Dems boycotted the speech, and at least one walked out in the middle of it, but there were a few that stayed to protest. Rep. Al Green was kicked out of the chamber for holding a sign that read “Black People Aren’t Apes!” And Rep. Ilhan Omar appeared to actually get a rise out of him for shouting “you have killed Americans” over and over again while he talked about immigration enforcement.

View this post on Instagram
A post shared by CNN (@cnn)

Now, the rest of the news! I don’t know why I excitedly put an exclamation point there. It’s not like it’s good news.

My Hockey State of the Union: As a long-time hockey fan who has struggled to remain a hockey fan in the face of, you know, the NHL consistently being full of misogynistic bootlickers, I had some thoughts about the current state of the sport. TLDR: Men bad, women good.

Amazon’s Moving Out: In May, Amazon will vacate the seven-story, 251,000-square-foot building on Terry Avenue that it has occupied since 2014. Good! Maybe there will finally be room on the 8 during rush hour! But don’t assume it’s due to staff shortage after the company laid off 2,300 Washington employees in October and another 2,200 in January. Amazon is still building new offices out in Bellevue.

Nurses Are Moving Out, Too: Hundreds of nurses are leaving the US to work in Canada, citing Trump’s politics as an impetus, according to NPR. Last year, the Trump Administration said it would reclassify nursing as a nonprofessional degree. This isn’t gonna help our national healthcare worker shortage.

CARE Says Cops Don’t Care: Yesterday, Amy Barden, the head of Seattle’s Community Assisted Response and Engagement (CARE), said that the contract the City signed with the police officers’ union is getting in the way of her team helping people in need. According to the Seattle Times, “Alison Holcomb, Mayor Katie Wilson’s chief public safety adviser, said they’re consulting with the city attorney’s office on how to interpret the contract.”

Will Ferguson Get His Ferries? The Washington State Ferry system is in a bad way. Boats are old and broken and in dire need of updates. But the new transportation spending proposal doesn’t include the $1 billion Gov. Bob Ferguson wants to borrow to modernize the fleet. I have an idea of how to solve this, actually. I can’t be the only one who would watch the fuck out of a Below Deck-style reality show centered around the ferries, right? Think of the drama! Someone call Andy Cohen.

Oh, Thank Goodness: Sure, the Mexican army just killed one of the country's most notorious cartel leaders, and the cartel has retaliated by going on a violent rampage with more than 70 attacks reported across more 20 states, including at least 60 incidents of arson, but FIFA president Gianni Infantino has “complete confidence” the country can host World Cup games in June. “We are convinced that everything will turn out for the best.” Tell that to the more than 70 people who’ve died.

More Epstein Files Fallout: Former Norwegian Prime Minister Thorbjørn Jagland is reportedly in critical condition after attempting suicide. Two weeks ago, Jagland was charged with “aggravated corruption” after the latest batch of Epstein files. He denied all charges.

Cute Palette Cleanser: The New York Times’ Vows section profiled Eleisa Rossel Aparicio and Thomas Lucas Wolter, the couple who got for real married during Bad Bunny’s Super Bowl show. They look so happy!

Cottage Palette Cleanser: The Heated Rivalry “cottage” will be available to rent via Airbnb starting March 3. But that couch looks uncomfortable, tbh.

If You Care: This year’s Rock and Roll Hall of Fame nominees are Phil Collins, Lauryn Hill, Mariah Carey, Oasis, Pink, the Black Crowes, Jeff Buckley, Melissa Etheridge, Billy Idol, INXS, Iron Maiden, Joy Division/New Order, New Edition, Sade, Shakira, Luther Vandross, and the Wu-Tang Clan. Cool, I guess! I mean, it’s a list of very good artists! But I do not give a shit about the Rock and Roll Hall of Fame. Sorry, Cleveland.

And now, I will use that news as an opportunity to post one of the greatest songs and music videos of all time.

But you should also watch his performance of the song at Live Aid in 1985. That cringe he does when he hits that wrong key in front of 160,000 people? He’s such a relatable dork, I love him so much.

18:00

How to Pick Your Password Manager [Deeplinks]

Phishing and data breaches are a constant on the internet. The single best defense against both is to use a password manager to generate and automatically fill a unique password for every site. While 1Password has recently raised their prices, and researchers have recently published potential flaws in some implementations, using a password manager is still a critical investment in keeping yourself safe on the internet. There are free options, and even ones built into your operating system or browser. We can help you choose.

Password managers protect you from phishing by memorizing the connection between a password and a website, and, if you use the browser integration, filling each password only on the website it belongs to. They protect you from data breaches by making it feasible to use a long, random, unique password on each site. When bad actors get their hands on a data breach that includes email addresses and password data, they will typically try to crack those passwords, and then attempt to login on dozens of different websites with the email address/password combinations from the breach. If you use the same password everywhere, this can turn one site’s data breach into a personal disaster, as many of your accounts get compromised at once.

In recent years, the built-in password managers in browsers and operating systems have come a long way but still stumble on cross-platform support. Within the Apple ecosystem, you can use iCloud Keychain, with support for generating passwords, autofill in Safari, and end-to-end encrypted synchronization, so long as you don’t need access to your passwords in Google Chrome or Android (Windows is supported, though). Within the Google ecosystem, you can use Google Password Manager, which also supports password generation, autofill, and sync. Crucially, though, Google Password manager does not end-to-end encrypt credentials unless you manually enable on-device encryption. Firefox and Microsoft also offer password managers. All of these platform-based options are free, and may already be on your devices. But they tend to lock you into a single-vendor world.

There are also a variety of third-party password managers, some paid, and some free, and some open source. Most of these have the advantage of letting you sync your passwords across a wide variety of devices, operating systems, and browsers. Here are four key things to look out for. First, when synchronizing between devices, your passwords should be encrypted end-to-end using a password that only you know (a “master” or “primary” password). Second, support for autofill can reduce the chance that you’ll get phished. Third, security audits performed by third parties can increase confidence that the software really does what it is designed to do. And finally, of course, random generation of unique passwords is a must.

Don’t let uncertainty or price increases dissuade you from using a password manager. There’s a good choice for everyone, and using one can make your online life a lot safer. Want more help choosing? Check out our Surveillance Self-Defense guide.

17:14

Intercepting messages before IsDialogMessage can process them [The Old New Thing]

Last time, we looked at recognizing that the user clicked the Close button (or equivalent nonclient gestures) on a dialog. The other system-provided pathway to dismissing a dialog is pressing ESC, and we saw in our flow diagram that this is done by the IsDialogMessage function.

If your dialog box doesn’t have an IDCANCEL button, then you can detect that the user hit ESC by simply recognizing that they didn’t click the Close button. If you shut off the WM_CLOSE pathway, then the only other source of IDCANCEL is the ESC key.

Now, you might be concerned that additional pathways for system-provided dialog dismissal may be added later. (Who knows, maybe a new touch gesture will be invented.) But you can’t predict what pathway that future system-provide dismissal will take, so you have nothing to code to. All you can do is cover the pathways that you know and hope that any future dismissal mechanisms will follow one of them.

We saw from our diagram that the ESC pathway consists of the IsDialogMessage function processing a WM_KEYDOWN for the ESC key and turning it into a WM_COMMAND button click for IDCANCEL. By the time it is converted into a fake button click message, it’s too late to know what the source was, so we’ll have to do the work before then.

One way to do this is to recognize the ESC key before calling IsDialogMessage. If your dialog was created as a modeless dialog, then you already have a custom dialog message loop. And if it was created as a modal dialog, you can convert it to a modeless one with a dialog message loop. Once that’s done, you can treat the ESC key as if it were custom navigation.

Your first try might go like this:

while (⟦ dialog still active ⟧ &&
       GetMessage(&msg, NULL, 0, 0, 0)) {
 if (msg.message == WM_KEYDOWN &&
     msg.wParam == VK_ESCAPE) {
  ⟦ do custom ESC key handling ⟧
 } else if (!IsDialogMessage(hdlg, &msg)) {
  TranslateMessage(&msg);
  DispatchMessage(&msg);
 }
}

However, this fails to honor controls that declare DLGC_WANTALLKEYS or DLGC_WANTMESSAGE. We’ll have to check with the focus control to see if it wants to use the ESC key for its own purposes. While we’re at it, we’ll also ensure that we are stealing ESC keys only from our own dialog. The code is getting complex enough that we’ll break it out into a helper function.

bool IsDialogESC(HDLG hdlg, MSG const* msg)
{
    if (msg->message != WM_KEYDOWN ||
        msg->wParam != VK_ESCAPE) {
        return false;
    }

    if (msg->hwnd != hdlg &&
        !IsChild(hdlg, msg->hwnd)) {
        return false;
    }

    auto code = SendMessage(msg->hwnd, WM_GETDLGCODE,
                            msg->wParam, (LPARAM)msg);
    if (code & (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE)) {
        return false;
    }

    return true;
}

In order for this to be a potential dialog-dismissing ESC, the message must be a WM_KEYDOWN of VK_ESCAPE, and the message must target the dialog or a child of the dialog. And the target window also must decline to handle the message itself.

I carefully ordered the tests so that we can early-out as quickly as possible. Checking for the ESC key can be done by inspecting the message. Checking that the target window is acceptable is a little more work, but not too bad. Checking whether the target window wants to handle the message is the most expensive test, so we do that last.

Now we can incorporate this helper function into our custom message loop.

while (⟦ dialog still active ⟧ &&
       GetMessage(&msg, NULL, 0, 0, 0)) {
 if (IsDialogESC(hdlg, &msg)) {
  ⟦ do custom ESC key handling ⟧
 } else if (!IsDialogMessage(hdlg, &msg)) {
  TranslateMessage(&msg);
  DispatchMessage(&msg);
 }
}

This all sounds great, but you might not be able to make this change. For example, maybe the dialog box’s dialog procedure uses EndDialog() to dismiss the dialog. The fact that it has been called is not exposed by the dialog box infrastructure. Or maybe you don’t control the code that calls DialogBox in the first place, so you can’t make them switch to a modeless dialog box with a custom dialog loop.

We’ll study this problem next time.

The post Intercepting messages before <CODE>IsDialogMessage</CODE> can process them appeared first on The Old New Thing.

17:07

The Big Idea: Jeff Somers [Whatever]

Five funerals may seem like a lot, but this number is actually cut down considerably from author Jeff Somers’ original idea of 26 deaths. Put on your best black tie and follow along the Big Idea for his newest choose-your-own-adventure, Five Funerals.

JEFF SOMERS:

WHEN I was 14 years old—chubby, prone to wearing tie-dye t-shirts for no known reason, and gifted with inexplicable levels of confidence—I wrote a novel in just under three months. Nothing’s impossible when you have no job and live on a diet of Cookie Crisp cereal and RC Cola, and the whole writing thing is so fresh and new, you haven’t yet developed a nose for your own bad writing. Writing novels sure is easy, I thought, and for a long time I actually believed that.

35 years later, I was staring up at a poster of Edward Gorey’s The Gashlycrumb Tinies that I’ve had since college. If you’re unfamiliar with The Gashlycrumb Tinies, it’s a parody of old-fashioned alphabet books depicting how 26 blank-faced, Dickensian children die via gorgeous, intricate drawings and a series of simple rhymed couplets. I’ve been fascinated by it for most of my adult life, and I wondered what those doomed little urchins were like, how the full story of their freakish deaths would actually play out.

In other words, I wanted to write a novel about them. As with most of my thoughts, this seemed pretty brilliant to me (the inexplicable levels of confidence have only inexplicably increased with age), and somewhere in the background there was 14-year-old Jeff whispering yeah, and writing novels is easy!

Five years later, I’d filled a hard drive with trash.

It was a problem of structure: If you do the math, in this story, 26 people have to die in horrible, hilarious, darkly whimsical ways. Is 26 deaths in a single novel a lot? It is! Especially when each death needs to have unique elements and a lot of focus and page-time.

I tried structuring it like a detective novel, with one of the characters trying to figure out why all their old classmates were dying. But this quickly became repetitive—there’s a reason detective characters usually don’t investigate dozens of separate murders. You either wind up with a 1,000,000-word novel or you have to cut some corners.

I tried a draft where the deaths happened in chronological order. But this approach got tedious, because I was introducing characters just to kill them. While this was a lot of fun, it didn’t feel like a novel, like a complete story. The collapse of this draft did give me an idea, however: Short stories.

Anyone who has ever talked writing shop with me, or attended one of my Writer’s Digest workshops, knows that I am an enthusiastic short story writer (and reader), and that I regard short stories as the general cure for all writing woes. Any time I run into any sort of writing challenge, from writer’s block to Oh No I’ve Created an Insurmountable Plot Paradox (Again), my immediate solution is to stop trying to write a novel and start writing short stories about the universe and characters. This almost always works and, even when it doesn’t, I usually end up with some good short stories out of the deal. (As all working writers know, short stories are worth tens of dollars in today’s economy.)

So, I started writing stories about each character’s death, as an exercise. I didn’t worry about narrative cohesion, or pacing, or tying the story into the main novel at all. I just had fun writing 26 stories about people dying in variously hilarious, tragic, and sad ways extrapolated from Gorey’s work.

As I did this, I realized what the problem had been all along: Five Funerals isn’t a story about a bunch of kids who die and maybe deserve it. Well, it is that, but it’s also a story about loss. And memory. And how we hold people we’ve lost touch with in a kind of amber in our memories, unchanging and eternal. It was a story about that moment when you hear that someone you used to know—someone you maybe used to love—has died.

In those moments, we experience something strange: That person who’s been preserved in our head suddenly (and violently) transforms. After years or decades of being young and alive in your memory, they’re abruptly aged up—and gone. It’s a sobering, disorienting experience, and I realized that’s what I wanted Five Funerals to be—a funny, dark, hilarious story that mimicked that sense of the past rushing forward to catch up with the present.

The short stories I’d been writing evolved into a choose-your-own-story engine, disrupting the reader’s groove and forcing them to reckon with the sudden, unwanted knowledge that this character had died. And since no one experiences time or loss the same way, readers can choose how they experience it here: When a name is flagged with a footnote in the novel, you can choose to flip to the story it’s pointing to—or not. If you do, you might find out how that character died, or discover a bit of funny or heartbreaking backstory.

You can keep following the chain of deaths, or you can return to the story where you left off. Or you can ignore all the footnotes and just read the book straight through, or randomly, or in sections. Just like we all grieve in our own way, you can read Five Funerals in your own way.

The end result, I think, is a book that explores how time slowly strips those yellowing old memories away, replacing them with the harsher truth of death and loss. Even if those losses are sometimes so weird and unexpected that you have to laugh.

Author socials: Website|Instagram|Bluesky|Threads

Additional links: Animated cover on Instagram and on Bluesky.

16:14

I Have Just Learned Exciting Things I Can Tell None of You About, So Instead of Sharing That News, Here is a Picture of a Cat [Whatever]

I mean, I feel strongly that you will all be happy with a picture of Saja licking his adorable little lips regardless of context, so this is a low-risk maneuver anyway.

I will tell you all about the exciting things one day, I promise you. Just not today. But look! Kitten!

— JS

16:00

CodeSOD: Safegaurd Your Comments [The Daily WTF]

I've had the misfortune of working in places which did source-control via comments. Like one place which required that, with each section of code changed, you needed to add a comment with your name, the ticket number, and the reason the change was made. You know, the kind of thing you can just get from your source control service.

In their defense, that policy was invented for mainframe developers and then extended to everyone else, and their source control system was in Visual Source Safe. VSS was a) terrible, and b) a perennial destroyer of history, so maybe they weren't entirely wrong and VSS was the real WTF. I still hated it.

In any case, Alice's team uses more modern source control than that, which is why she's able to explain to us the story of this function:

public function calculateMassGrossPay(array $employees, Payroll $payroll): array
{
    // it shouldn't enter here, but if it does by any change, do nth
    return [];
}

Once upon a time, this function actually contained logic, a big pile of fairly complicated logic. Eventually, a different method was created which streamlined the functionality, but had a different signature and logic. All the callers were updated to use that method instead- by commenting out the line which called this one. This function had a comment added to the top: // it shouldn't enter here.

Then, the body of this function got commented out, and the return was turned into an empty array. The comment was expanded to what you see above. Then, eventually, the commented-out callers were all deleted. Years after that, the commented out body of this function was also deleted, leaving behind the skeleton you see here.

This function is not referenced anywhere else, not even in a comment. It's truly impossible for code to "enter here".

Alice writes: "Version control by commented out code does not work very well."

Indeed, it does not.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

15:35

Result of Sustain and Strengthen Fundraising [Planet GNU]

Results from Guix Fundraising

We're on course to beat our fundraising target to sustain and strength Guix. We're bringing the fundraising campaign to an end, so let's cover how much we've raised and what it means for GNU Guix.

After four months of fundraising we've raised €11,378 for the GNU Guix project. This means we've received money for 75% of our €15,000 annual goal.

We also pre-registered tickets for Guix Days this year. Pjotr Prins and Manolis Ragkousis have done a stellar job organising it for many years, along with the Declarative and Minimalistic Computing devroom at FOSDEM (videos are up!). Guix Foundation financially supports it as it's a great opportunity for people to spend time together working on improving Guix. Operating a registration system was very successful, raising €3,830 which really contributed to covering the event's costs. Thank you everyone who took part!

Recurring donations are critical for the Guix project to be sustainable. If we're certain that there's a regular stream of donations then we can match it with the recurring costs the project incurs (e.g our build farm). This means there's a lot less risk that we'll suddenly have to reduce the shared resources the project depends on: this is where we were last year when we were weeks away from needing to reduce the hosting.

Between Stripe and Open Collective 136 people have stepped forward to support the project with recurring donations. During December and January, 17 new people started regular donations. As we'd expect some people stop donating after a while, over that same period we lost 8 recurring donors.

The total recurring monthly donations are €1,650. If we annualise those figures then we could raise about €19,800 for the Guix project this year. This doesn't account for any churn, but nonetheless that's fantastic! The impact of recurring donations is considerable as it means a small amount per month really adds up over time. The maths is simple, but don't underestimate how much it helps!

The more donations we gather, the more we can do to support Guix. If you'd like to help out the project whether with a single donation or a recurring donation you can:

DONATE NOW

SUSE Cares Donation

In December SUSE contacted us to tell us that they'd like to donate $500 to Guix Foundation on behalf of SUSE Cares their philanthropic giving programme. This is an employee programme that enables SUSE employees to support charities of their choice. Tanguy and I have completed the registration documents and we expect to receive the donation shortly. This is fantastic, Thank you SUSE team!

Having some support from organisations that use Guix or are aligned with our mission would be great. If you know of an organisation, company or non-profit that might be able to support Guix please get in contact with me.

What we've learnt

If we take the donations we've received so far, add the registrations from Guix Days and we make a conservative forecast on how recurring donations will come through then we will raise €33,900 for Guix over the year. That's over twice the target we set!

That's great and thanks to everyone who's helped Guix. It's been fantastic seeing so many people answer the call to take action and help the project. Guix Foundation has grown with nearly 100 people joining. This gives us a healthy, user-supported non-profit around Guix.

How we're using the money

The first priority for using the money we've raised is to support and improve the key infrastructure that the project relies on. One way we'll be doing that is by Guix Foundation joining Codeberg e.V. and financially supporting their efforts. This is important for Guix both because their mission of creating a Free Software platform for collaboration aligns with our goals, but also because we directly rely on Codeberg being able to run a reliable development service. As we know running infrastucture is complex and expensive.

Guix Foundation also aims to support the development of Guix, and the community around it. That could mean sponsoring development, running events and adding community services. For Guix Days I put together a talk about the fundraising and our future plans. The talk's available as a PDF, or there's a video on YouTube(1440p) and TILvids Peertube (1080p).

[$] No hardware memory isolation for BPF programs [LWN.net]

On February 12, Yeoreum Yun posted a suggestion for an improvement to the security of the kernel's BPF implementation: use memory protection keys to prevent unauthorized access to memory by BPF programs. Yun wanted to put the topic on the list for discussion at the Linux Storage, Filesystem, Memory Management, and BPF Summit in May, but the lack of engagement makes that unlikely. They also have a patch set implementing some of the proposed changes, but has not yet shared that with the mailing list. Yun's proposal does not seem likely to be accepted in its current form, but the kernel has added hardware-based hardening options in the past, sometimes after substantial discussion.

15:00

Why Multi-Agent Systems Need Memory Engineering [Radar]

Most multi-agent AI systems fail expensively before they fail quietly.

The pattern is familiar to anyone who’s debugged one: Agent A completes a subtask and moves on. Agent B, with no visibility into A’s work, reexecutes the same operation with slightly different parameters. Agent C receives inconsistent results from both and confabulates a reconciliation. The system produces output—but the output costs three times what it should and contains errors that propagate through every downstream task.

Teams building these systems tend to focus on agent communication: better prompts, clearer delegation, more sophisticated message-passing. But communication isn’t what’s breaking. The agents exchange messages fine. What they can’t do is maintain a shared understanding of what’s already happened, what’s currently true, and what decisions have already been made.

In production, memory—not messaging—determines whether a multi-agent system behaves like a coordinated team or an expensive collision of independent processes.

Multi-agent systems fail because they can’t share state

The evidence: 36% of failures are misalignment

Cemri et al. published the most systematic analysis of multi-agent failure to date. Their MAST taxonomy, built from over 1,600 annotated execution traces across frameworks like AutoGen, CrewAI, and LangGraph, identifies 14 distinct failure modes. The failures cluster into three categories: system design issues, interagent misalignment, and task verification breakdowns.

Figure 1. Challenges encountered in multi-agent systems, categorized by type

The number that matters: Interagent misalignment accounts for 36.9% of all failures. Agents don’t fail because they can’t reason. They fail because they operate on inconsistent views of shared state. One agent’s completed work doesn’t register in another agent’s context. Assumptions that were valid at step 3 become invalid by step 7, but no mechanism propagates the update. The team diverges.

What makes this structural rather than incidental is that message-passing architectures have no built-in answer to the question: “What does this agent know about what other agents have done?” Each agent maintains its own context. Synchronization happens through explicit messages, which means anything not explicitly communicated is invisible. In complex workflows, the set of things that need synchronization grows faster than any team can anticipate.

The origin: Decomposition without shared memory

Most multi-agent systems aren’t designed from first principles. They emerge from single-agent prototypes that hit scaling limits.

The starting point is usually one capable LLM handling one workflow. For early prototypes, this works well enough. But production requirements expand: more tools, more domain knowledge, longer workflows, concurrent users. The single agent’s prompt becomes unwieldy. Context management consumes more engineering time than feature development. The system becomes brittle in ways that are hard to diagnose.

The natural response is decomposition. Sydney Runkle’s guide on choosing the right multi-agent architecture captures the inflection point: Multi-agent systems become necessary when context management breaks down and when distributed development requires clear ownership boundaries. Splitting a monolithic agent into specialized subagents makes sense from a software engineering perspective.

Figure 2. An example of the decomposition of steps via a multi-agent structure (subagents) from LangChain’s “Choosing the Right Multi-Agent Architecture”

The problem is what teams typically build after the split: multiple agents running the same base model, differentiated only by system prompts, coordinating through message queues or shared files. The architecture looks like a team but behaves like a slow, redundant, expensive single agent with extra coordination overhead.

This happens because the decomposition addresses prompt complexity but not state management. Each subagent still maintains its own context independently. The coordination layer handles message delivery but not shared truth. The system has more agents but no better memory.

The stakes: Agents are becoming enterprise infrastructure

The stakes here extend beyond individual system reliability. Multi-agent architectures are becoming the default pattern for enterprise AI deployment.

CMU’s AgentCompany benchmark frames where this is heading: agents operating as persistent coworkers inside organizational workflows, handling projects that span days or weeks, coordinating across team boundaries, maintaining institutional context that outlasts individual sessions. The benchmark evaluates agents not on isolated tasks but on realistic workplace scenarios requiring sustained collaboration.

This trajectory means the memory problem compounds. A system that loses state between tool calls is annoying. A system that loses state between work sessions—or between team members—breaks the core value proposition of agent-based automation. The question shifts from “can agents complete tasks” to “can agent teams maintain coherent operations over time.”

Context engineering doesn’t solve team coordination

Single-agent success doesn’t transfer

The last two years produced genuine progress on single-agent reliability, most of it under the banner of context engineering.

Phil Schmid’s framing captures the discipline: Context engineering means structuring what enters the context window, managing retrieval timing, and ensuring the right information surfaces at the right moment. This moved agent development from “write a good prompt” to “design an information architecture.” The results showed in production stability.

Figure 3. What goes into the context window of a single LLM-based agent

Manus, one of the few production agent systems with publicly documented operational data, demonstrates both the success and the limits. Their agents average 50 tool calls per task with 100:1 input-to-output token ratios. Context engineering made this viable—but context engineering assumes you control one context window.

Multi-agent systems break that assumption. Context must now be shared across agents, updated as execution proceeds, scoped appropriately (some agents need information others shouldn’t access), and kept consistent across parallel execution paths. The complexity doesn’t add linearly. Each agent’s context becomes a potential source of divergence from every other agent’s context, and the coordination overhead grows with the square of the team size.

Context degradation becomes contagious

The ways context fails are well-characterized for single agents. Drew Breunig’s taxonomy identifies four modes: overload (too much information), distraction (irrelevant information weighted equally with relevant), contamination (incorrect information mixed with correct), and drift (gradual degradation over extended operation). Good context engineering mitigates all of these through retrieval design and prompt structure.

Four methods for ruining context quality

Figure 4. How context degrades over time

Multi-agent systems make each failure mode contagious.

Chroma’s research on context rot provides the empirical mechanism. Their evaluation of 18 models—including GPT-4.1, Claude 4, and Gemini 2.5—shows performance degrading nonuniformly with context length, even on tasks as simple as text replication. The degradation accelerates when distractors are present and when the semantic similarity between query and target decreases.

Figure 5. Conversations aren’t free—the context window can become a junkyard of prompts, outputs, tool calls, and metadata, failed attempts, and irrelevant information.

In a single-agent system, context rot degrades that agent’s outputs. In a multi-agent system, Agent A’s degraded output enters Agent B’s context as ground truth. Agent B’s conclusions, now built on a shaky foundation, propagate to Agent C. Each hop amplifies the original error. By the time the workflow completes, the final output may bear little relationship to the actual state of the world—and debugging requires tracing corruption through multiple agents’ decision chains.

More context makes things worse

When coordination problems emerge, the instinct is often to give agents more context. Replay the full transcript so everyone knows what happened. Implement retrieval so agents can access historical state. Extend context windows to fit more information.

Figure 6. Conversations aren’t free—the context window can become a junkyard of prompts, outputs, tool calls, and metadata, failed attempts, and irrelevant information.

Each approach introduces its own failure modes.

Transcript replay creates unbounded prompt growth with persistent error exposure. Every mistake made early in execution remains in context, available to influence every subsequent decision. Models don’t automatically discount old information that’s been superseded by newer updates.

Retrieval surfaces content based on similarity, which doesn’t necessarily correlate with decision relevance. A retrieval system might surface a semantically similar memory from a different task context, an outdated state that’s since been updated, or content injected through prompt manipulation. The agent has no way to distinguish authoritative current state from plausibly related historical noise.

Figure 7. Both approaches lack explicit control over what becomes committed memory versus what should be discarded.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

Bousetouane’s work on bounded memory control addresses this directly. The proposed Agent Cognitive Compressor maintains bounded internal state with explicit separation between what an agent can recall and what it commits to shared memory. The architecture prevents drift by making memory updates deliberate rather than automatic. The core insight: Reliability requires controlling what agents remember, not maximizing how much they can access.

The economics are unsustainable

Beyond reliability, the economics of uncoordinated multi-agent systems are punishing.

Return to the Manus operational data: 50 tool calls per task, 100:1 input-to-output ratios. At current pricing—context tokens running $0.30 to $3.00 per million across major providers—inefficient memory management makes many workflows economically unviable before they become technically unviable.

Anthropic’s documentation on its multi-agent research system quantifies the multiplier effect. Single agents use roughly 4x the tokens of equivalent chat interactions. Multi-agent systems use roughly 15x tokens. The gap reflects coordination overhead: agents reretrieving information other agents already fetched, reexplaining context that should exist as shared state, and revalidating assumptions that could be read from common memory.

Memory engineering addresses costs directly. Shared memory eliminates redundant retrieval. Bounded context prevents payment for irrelevant history. Clear coordination boundaries prevent duplicated work. The economics of what to forget become as important as the economics of what to remember.

Memory engineering provides the missing infrastructure

Why memory is infrastructure, not a feature

Memory engineering isn’t a feature to add after the agent architecture is working. It’s infrastructure that makes coherent agent architectures possible.

The parallel to databases is direct. Before databases, multiuser applications required custom solutions for shared state, consistency guarantees, and concurrent access. Each project reinvented these primitives. Databases extracted the common requirements into infrastructure: shared truth across users, atomic updates that complete entirely or not at all, coordination that scales to thousands of concurrent operations without corruption.

Figure 8. Memory types specific to multi-agent systems

Multi-agent systems need equivalent infrastructure for agent coordination. Persistent memory that survives sessions and failures. Consistent state that all agents can trust. Atomic updates that prevent partial writes from corrupting shared truth. The primitives are different—documents rather than rows, vector similarity rather than joins—but the role in the architecture is the same.

The five pillars of multi-agent memory

Production agent teams require five capabilities. Each addresses a distinct aspect of how agents maintain shared understanding over time.

Pillar 1: Memory taxonomy

Memory taxonomy defines what kinds of memory the system maintains. Not all memories serve the same function, and treating them uniformly creates problems. Working memory holds transient state during task execution—the current step, intermediate results, active constraints. It needs fast access and can be discarded when the task completes. Episodic memory captures what happened—task histories, interaction logs, decision traces. It supports debugging and learning from past executions. Semantic memory stores durable knowledge—facts, relationships, domain models that persist across sessions and apply across tasks. Procedural memory encodes how to do things—learned workflows, tool usage patterns, successful strategies that agents can reuse. Shared memory spans agents, providing the common ground that enables coordination.

Figure 9. Taxonomy of memory types

This taxonomy has grounding in cognitive science. Bousetouane draws on Complementary Learning Systems theory, which posits two distinct modes of learning: rapid encoding of specific experiences versus gradual extraction of structured knowledge. The human brain doesn’t maintain perfect transcripts of past events—it operates under capacity constraints, using compression and selective attention to keep only what’s relevant to the current task. Agents benefit from the same principle. Rather than accumulating raw interaction history, effective memory architectures distill experience into compact, task-relevant representations that can actually inform decisions.

The taxonomy matters because each memory type has different retention requirements, different retrieval patterns, and different consistency needs. Working memory can tolerate eventual consistency because it’s scoped to one agent’s execution. Shared memory requires stronger guarantees because multiple agents depend on it. Systems that don’t distinguish memory types end up either overpersisting transient state (wasting storage and polluting retrieval) or underpersisting durable knowledge (forcing agents to relearn what they should already know).

Pillar 2: Persistence

Persistence determines what survives and for how long. Ephemeral memory lost when agents terminate is insufficient for workflows spanning hours or days—but persisting everything forever creates its own problems. The critical gap in most current approaches, as Bousetouane observes, is that they treat text artifacts as the primary carrier of state without explicit rules governing memory lifecycle. Which memories should become permanent record? Which need revision as context evolves? Which should be actively forgotten? Without answers to these questions, systems accumulate noise alongside signal. Effective persistence requires explicit lifecycle policies: Working memory might live for the duration of a task; episodic memory for weeks or months; and semantic memory indefinitely. Recovery semantics matter too. When an agent fails midtask, what state can be reconstructed? What’s lost? The persistence architecture must handle both planned retention and unplanned recovery.

Pillar 3: Retrieval

Retrieval governs how agents access relevant memory without drowning in noise. Agent memory retrieval differs from document retrieval in several ways. Recency often matters—recent memories typically outweigh older ones for ongoing tasks. Relevance is contextual—the same memory might be critical for one task and distracting for another. Scope varies by memory type—working memory retrieval is narrow and fast, semantic memory retrieval is broader and can tolerate more latency. Standard RAG pipelines treat all content uniformly and optimize for semantic similarity alone. Agent memory systems need retrieval strategies that account for memory type, recency, task context, and agent role simultaneously.

Pillar 4: Coordination

Coordination defines the sharing topology. Which memories are visible to which agents? What can each agent read versus write? How do memory scopes nest or overlap? Without explicit coordination boundaries, teams either overshare—every agent sees everything, creating noise and contamination risk—or undershare—agents operate in isolation, duplicating work and diverging on shared tasks. The coordination model must match the agent team’s structure. A supervisor-worker hierarchy needs different memory visibility than a peer collaboration. A pipeline of sequential agents needs different sharing than agents working in parallel on subtasks.

Pillar 5: Consistency

Consistency handles what happens when memory updates collide. When Agent A and Agent B simultaneously update the same shared state with incompatible values, the system needs a policy. Optimistic concurrency with merge strategies works for many cases—especially when conflicts are rare and resolvable. Some conflicts require escalation to a supervisor agent or human operator. Some domains need strict serialization where only one agent can update certain memories at a time. Silent last-write-wins is almost never correct—it corrupts shared truth without leaving evidence that corruption occurred. The consistency model must also handle ordering: When Agent B reads a memory that Agent A recently updated, does B see the update? The answer depends on the consistency guarantees the system provides, and different memory types may warrant different guarantees.

Han et al.’s survey of multi-agent systems emphasizes that these represent active research problems. The gap between what production systems need and what current frameworks provide remains substantial. Most orchestration frameworks handle message passing well but treat memory as an afterthought—a vector store bolted on for retrieval, with no coherent model for the other four pillars.

Figure 10. How persona, consensus, and whiteboard memory work together

Database primitives that enable the pillars

Implementing memory engineering requires a storage layer that can serve as unified operational database, knowledge store, and memory system simultaneously. The requirements cut across traditional database categories: You need document flexibility for evolving memory schemas, vector search for semantic retrieval, full-text search for precise lookups, and transactional consistency for shared state.

MongoDB provides these primitives in a single platform, which is why it appears across so many agent memory implementations—whether teams build custom solutions or integrate through frameworks and memory providers.

Document flexibility matters because memory schemas evolve. A memory unit isn’t a flat string—it’s structured content with metadata, timestamps, source attribution, confidence scores, and associative links to related memories. Teams discover what context agents actually need through iteration. Document databases accommodate this evolution without schema migrations blocking development.

Hybrid retrieval addresses the access pattern problem. Agent memory queries rarely fit a single retrieval mode: A typical query needs memories semantically similar to the current task and created within the last hour and tagged with a specific workflow ID and not marked as superseded. MongoDB Atlas Vector Search combines vector similarity, full-text search, and filtered queries in single operations, avoiding the complexity of stitching together separate retrieval systems.

Atomic operations provide the consistency primitives that coordination requires. When an agent updates task status from pending to complete, the update succeeds entirely or fails entirely. Other agents querying task status never observe partial updates. This is standard MongoDB functionality—findAndModify, conditional updates, multidocument transactions—but it’s infrastructure that simpler storage backends lack.

Change streams enable event-driven architectures. Applications can subscribe to database changes and react when relevant state updates, rather than polling. This becomes a building block for memory systems that need to propagate updates across agents.

Teams implement memory engineering on MongoDB through three paths. Some build directly on the database, using the document model and search capabilities to create custom memory architectures matched to their specific coordination patterns. Others work through orchestration frameworks—LangChain, LlamaIndex, CrewAI—that provide MongoDB integrations for their memory abstractions. Still others adopt dedicated memory providers like Mem0 or Agno, which handle the memory logic while using MongoDB as the underlying storage layer.

The flexibility matters because memory engineering isn’t a single pattern. Different agent architectures need different memory topologies, different consistency guarantees, different retrieval strategies. A database that prescribes one approach would fit some use cases and break others. MongoDB provides primitives; teams compose them into the memory systems their agents require.

Shared memory enables heterogeneous agent teams

Homogeneous systems can be replaced by single agents

The deeper payoff of memory engineering is enabling agent architectures that wouldn’t otherwise be viable.

Xu et al. observe that many deployed multi-agent systems are so homogeneous—same base model everywhere, agents differentiated only by prompts—that a single model can simulate the entire workflow with equivalent results and lower overhead. Their OneFlow optimization demonstrates this by reusing KV cache across simulated “agents” within a single execution, eliminating coordination costs while preserving workflow structure.

The implication: If a single agent can replace your multi-agent system, you haven’t built a team. You’ve built an expensive way to run one model.

Small models need external memory to coordinate

Genuine multi-agent value comes from heterogeneity. Different models with different capabilities operating at different price points for different subtasks. Belcak et al. make the case that most work agents do in production isn’t complex reasoning—it’s routine execution of well-defined operations. Parsing a response, formatting an output, invoking a tool with specific parameters. These tasks don’t require frontier model capabilities, and the cost difference is dramatic: Their analysis puts the gap at 10x–30x between serving a 7B parameter model versus a 70–175B parameter model when you factor in latency, energy, and compute. Large models should be reserved for the genuinely hard problems, not deployed uniformly across every step.

Belcak et al. also highlight an operational advantage: Smaller models can be retrained and adapted much faster. When an agent needs new capabilities or exhibits problematic behaviors, the turnaround for fine-tuning a 7B model is measured in hours, not days. This connects to memory engineering because fine-tuning represents an alternative to retrieval—you can bake procedural knowledge directly into model weights rather than surfacing it from external storage at runtime. The choice between the procedural memory pillar and model specialization becomes a design decision rather than a constraint.

This architecture—small models by default, large models for hard problems—depends on shared memory. Small models can’t maintain the context required for coordination on their own. They rely on external memory to participate in larger workflows. Memory engineering makes heterogeneous teams viable; without it, every agent must be large enough to maintain full context independently, which defeats the cost optimization that motivates heterogeneity in the first place.

Building the foundation

Multi-agent systems fail for structural reasons: context degrades across agents, errors propagate through shared interactions, costs multiply with redundant operations, and state diverges when nothing enforces consistency. These problems don’t resolve with better prompts or more sophisticated orchestration. They require infrastructure.

Memory engineering provides that infrastructure through a coherent taxonomy of memory types, persistence with explicit lifecycle rules, retrieval tuned to agent access patterns, coordination that defines clear sharing boundaries, and consistency that maintains shared truth under concurrent updates.

The organizations that make multi-agent systems work in production won’t be distinguished by agent count or model capability. They’ll be the ones that invested in the memory layer that transforms independent agents into coordinated teams.

References

Anthropic. “Building a Multi-Agent Research System.” 2025. https://www.anthropic.com/engineering/multi-agent-research-system

Belcak, Peter, Greg Heinrich, Shizhe Diao, Yonggan Fu, Xin Dong, Saurav Muralidharan, Yingyan Celine Lin, and Pavlo Molchanov. “Small Language Models are the Future of Agentic AI.” arXiv:2506.02153 (2025). https://arxiv.org/abs/2506.02153

Bousetouane, Fouad. “AI Agents Need Memory Control Over More Context.” arXiv:2601.11653 (2026). https://arxiv.org/abs/2601.11653

Breunig, Dan. “How Contexts Fail—and How to Fix Them.” June 22, 2025. https://www.dbreunig.com/2025/06/22/how-contexts-fail-and-how-to-fix-them.html

Carnegie Mellon University. “AgentCompany: Building Agent Teams for the Future of Work.” 2025. https://www.cs.cmu.edu/news/2025/agent-company

Cemri, Mert, Melissa Z. Pan, Shuyi Yang, Lakshya A. Agrawal, Bhavya Chopra, Rishabh Tiwari, Kurt Keutzer, Aditya Parameswaran, Dan Klein, Kannan Ramchandran, Matei Zaharia, Joseph E. Gonzalez, and Ion Stoica. “Why Do Multi-Agent LLM Systems Fail?” arXiv:2503.13657 (2025). https://arxiv.org/abs/2503.13657

Chroma Research. “Context Rot: How Increasing Context Length Degrades Model Performance.” 2025. https://research.trychroma.com/context-rot

Han, Shanshan, Qifan Zhang, Yuhang Yao, Weizhao Jin, and Zhaozhuo Xu. “LLM Multi-Agent Systems: Challenges and Open Problems.” arXiv:2402.03578 (2024). https://arxiv.org/abs/2402.03578

LangChain Blog (Sydney Runkle). “Choosing the Right Multi-Agent Architecture.” January 14, 2026. https://www.blog.langchain.com/choosing-the-right-multi-agent-architecture/

Manus AI. “Context Engineering for AI Agents: Lessons from Building Manus.” 2025. https://manus.im/blog/Context-Engineering-for-AI-Agents-Lessons-from-Building-Manus

Schmid, Philipp. “Context Engineering.” 2025. https://www.philschmid.de/context-engineeringXu, Jiawei, Arief Koesdwiady, Sisong Bei, Yan Han, Baixiang Huang, Dakuo Wang, Yutong Chen, Zheshen Wang, Peihao Wang, Pan Li, and Ying Ding. “Rethinking the Value of Multi-Agent Workflow: A Strong Single Agent Baseline.” arXiv:2601.12307 (2026). https://arxiv.org/abs/2601.12307

To explore memory engineering further, start experimenting with memory architectures using MongoDB Atlas or review our detailed tutorials available at AI Learning Hub.

14:49

MetaBrainz mourns the loss of Robert Kaye [LWN.net]

The MetaBrainz Foundation has announced the unexpected passing of its founder and executive director, Robert Kaye:

Robert's vision and leadership shaped MetaBrainz and left a lasting mark on the music industry and open source movement. His contributions were significant and his loss is deeply felt across our global community.

The Board is actively overseeing a smooth leadership transition and has measures in place to ensure that MetaBrainz continues to operate without interruption. Further updates will be shared in due course.

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (grafana and grafana-pcp), Debian (gnutls28), Fedora (chromium and yt-dlp), Oracle (389-ds-base, kernel, munge, and openssl), Red Hat (buildah, containernetworking-plugins, opentelemetry-collector, podman, runc, and skopeo), Slackware (mozilla), SUSE (chromium, cosign, firefox, freerdp, gimp, heroic-games-launcher, kernel, libopenssl-3-devel, libxml2, libxslt, mosquitto, openqa, os-autoinst, openqa-devel-container, openvswitch, phpunit, postgresql14, postgresql15, postgresql16, protobuf, python310, python311-PyPDF2, python36, snpguest, warewulf4, and weblate), and Ubuntu (curl, kernel, linux, linux-gcp, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia-tegra, linux-oracle, linux-xilinx-zynqmp, linux, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-raspi, linux-fips, linux-fips, linux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-oracle-6.8, linux-gcp-fips, linux-ibm, linux-ibm-6.8, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, and linux-xilinx).

[$] An effort to secure the Network Time Protocol [LWN.net]

The Network Time Protocol (NTP) debuted in 1985; it is a universally used, open specification that is deeply important for all sorts of activities we take for granted. It also, despite a number of efforts, remains stubbornly unsecured. Ruben Nijveld presented work at FOSDEM 2026 to speed adoption of the thus-far largely ignored standard for securing NTP traffic: IETF's RFC-8915 that specifies Network Time Security (NTS) for NTP.

14:14

Deathcap [Original Fiction Archives - Reactor]

Original Fiction alien contact

Deathcap

Two space marines trapped in a doomed spaceship confront the desires that will destroy them both.

Illustrated by Kei-Ella Loewe

Edited by Lindsey Hall

By Lara Elena Donnelly

Published on February 25, 2026

0 Share

An illustration of a man and a woman clutching each other either in battle or an embrace. Blood trickles from her bottom lip, as wisps of red snake out of his eyes and mouth.

Two space marines trapped in a doomed spaceship confront the desires that will destroy them both.

Note: This story contains descriptions of sexual assault.

Short story | 2,560 words

It’s been seventy-two hours since you and Baker barricaded yourselves in med bay six. You’re supposed to be sleeping in shifts but the rota is starting to break down and right now you’re both propped up against the operating table, shoulders touching, heads nodding, red-eyed and grimy and laughing all the way to the gallows.

“Spinach pakora,” says Baker. “The cheap stuff, from the divey place around the corner from my flat.”

You can feel the crunch of the batter, the tickle of spices in the back of your nose. You close your eyes for just a second. They’re dry from the stale, recycled air and your eyelids stick. It’s painful. You don’t want to open them again.

“Deep fried morel mushrooms.” You blink up into the fake blue daylight of the full-spectrum lamps, which are supposed to make you feel awake. The tubes hum on the edge of your hearing.

“Expensive, innit?” Baker asks. “Like, they use those in—” he pauses, tucks his chin and lowers his eyelashes, raises one limp-wristed hand—“haute cuisine.”

You shrug. “I guess. My grandma used to go out in the woods and pick ’em. Fried ’em in Crisco.”

Baker lets his head fall back against the gurney. His Adam’s apple bobs beneath his stubble as he swallows. Once, twice. “You know there’s this mushroom, it’s poisonous. Only a couple of people who’ve eaten it have survived. And they all said it was fucking delicious. Best thing they ever ate.”

“Used to have a friend who’d say everything’s edible, at least once.”

Baker snorts. You giggle. You’re both about to have hysterics but then somewhere, not too far off, there’s a metallic crash that echoes through the ship. No gunfire, no voices: Maybe there’s nobody left to shoot or scream. Which means you two are the only people left to do either. Which means that thing is probably looking for you.

Baker swallows again, snickers low and kind of crazy.

“Hey Nowak,” he says. “Would you eat an alien?”

“Maybe. Depends, I guess.”

He jerks his chin at the med bay door. “Would you eat that thing?”

You consider it. You’re so tired nothing seems strange anymore. “I dunno. Bugs are supposed to taste like lobster.”

“Yeah, but. Ain’t a bug though. Is it? It’s like that fucked up crab Bautista showed us.”

Bautista said the thing was like this kind of parasite that gets in a certain kind of crab, wraps all around its brain so it can control its limbs and make it move, and then…She called it a parasitic castrator. She showed pictures.

Could you eat a crab like that? Could you eat the thing inside of it? Bautista could have told you, if she wasn’t dead. You hope she’s dead, anyway. Last time you saw her she was pale and sweating, belly swollen up, coveralls busted at the side seams and patches of lymph and blood where her skin had broken open. She was past talking—just making this low, animal groan. Bautista with her fancy fucking degrees, she would have known for sure if you could eat that thing. Not that that’s what you want to do.

You wish you’d shot her. There had probably been time to shoot her. You know there was time to shoot her because you just stood there for a second like an idiot and stared, thought about what was going to happen to her. She explained it to all of you, clinical and terrified, after the thing took out its first fire team and only one guy made it back, wild-eyed, sweaty, half nuts. After he raped the tech who was trying to draw his blood—crying all the time, apologizing, not stopping. Bautista showed you all the surveillance footage. After the split and weeping skin stretched over the tech’s belly started to move like something in a nature documentary. After Bautista held the tech’s hand while he died, or as close as she could hold it through the containment chamber’s gloves.

The other guy died too—the rapist. Different way, also bad. But nobody held his hand.

“You think Bautista’s dead yet?” you ask Baker, wondering if you sound normal.

“Jesus,” says Baker, who definitely doesn’t. “I fucking hope so.” He pauses, pinches the bridge of his nose. “You know she had two kids?”

Yeah, you know. She had one of those annoying fucking 3D frames in her lab that cycled through clips of her family. Two boys, and the older one looked like her. They were living in base housing with her wife and dog. The wife would get her pension.

Sometimes you wondered who was the real mom, the one who’d held the kids inside her body. What that conversation had been like. How they’d done it. You thought, sometimes, about the cold lab table, the jelly, the catheter. It got you wet. You knew this was weird. It wasn’t as weird as some of the other shit that got you wet.

Bautista gave her little presentation on those 3D frames too, in the lab, because the briefing room was outside the blast door they had sealed to keep the fucking thing outside. She wanted you to know what you were going after. You didn’t really care, since you already knew what would happen if you fucked up.

“You ever want kids, Nowak?” There’s sweat at Baker’s hairline, darkening the stubble of his crew cut. His pupils are fucking huge and there’s a flush crawling up his neck. Maybe he’s getting sick. You put your hand out to feel his forehead and he flinches away first, then presses into your touch. So maybe he’s just horny. Fight, flight, freeze, or fuck.

He’s not bad-looking; had his nose broken one too many times, but it’s not like you haven’t. You like the way he talks, like the old movies you used to watch with your grandpa: Michael Caine, Ian Hendry, Ian McShane.

Guys aren’t the only ones who get battle boners.

“Nah,” you say, because you don’t know what else to tell him. You never did want kids, not really, but more than once you’d put your mouth to somebody’s ear, so hard your teeth mashed the ridges of cartilage flat, and you’d growled “Put a baby in me, fuck.”

A couple of them thought you meant it: poor schmucks trying to start a family while the world burned down around everybody’s ears. Who saw the uniform and still somehow thought you’d stick around to raise some unlucky kid who’d die in a mudslide or a heatwave or a water riot. And it would be their fault for knocking you up. Your fault for asking for it. For not having the balls to tell anybody what you really wanted.

It was never about kids.

You realize you’re staring at Baker’s ear. The tip is flushed with red. A bead of sweat makes its crooked way across his temple. You reach out and swipe it from his skin. His breath hitches. You pull your hand away.

“I always—” His voice is hoarse, creaky. He clears his throat and starts again. “I always did.”

“But?”

He sniffs, rubs the back of his forearm across his sweaty forehead. “Never found the right person.”

In the silence you both look, involuntary, at the med bay doors. It’s quiet out there now: just the soft groan of the ship’s hull, compromised by the attack. Is that thing just waiting for you to make a run for it? How many more of them are out there now that you two are the only people left? You imagine dozens of them, hundreds, crouched outside the med bay doors, between you and the evac shuttles.

That would be worse than getting sucked into space when the ship goes. Because then you might make it back home with a lot of new friends.

“My guess is, at least three life cycle stages,” Bautista told your platoon—what was left of them. “One, reproductive stage.” 3D rendering of the dead guy, the rapist, naked on a table in the morgue so you could see what she meant by reproductive stage, see what the thing had done to him. One of the guys in your unit made a noise. Bautista ignored him. “Two,” she said. “The eggs.” A picture of the tech, alive but barely. “Three…” She jerked her head at the blast door. “They come out small; we don’t know how long it takes them to get big.”

You hated how thinking about it made you feel. Not the part where you got eaten alive from the inside out but…the things that came before. You wanted to apologize to the dead people for this fucked up stubborn jealousy you felt when you thought of the slick weight inside of them, the shine of their stretched out skin.

“Maybe you weren’t trying hard enough,” you say to Baker now, your voice two pitches too high, and you hope he thinks it’s panic. Funny you still care, at this juncture. “For kids, I mean. You ever think about, you know, fuckin’…hijacking a spaceship? Seems like it’s working out great for that guy.” Girl. Whatever.

“Ha ha,” says Baker, just like that. Like he’s saying the words, not laughing.

“What,” you say, because you don’t like the sound of it.

He rubs the back of his neck, opens his mouth, starts to answer but shakes his head. Now he really laughs, a sound like he got punched in the gut, and says, “Hey, Nowak, would you fuck an alien?”

“Aw, come on,” you say, because this is the tired joke all the sniggering recruits make in boot camp. But the blush comes up instantly now, just like it did then.

“Oh shit,” says Baker, breath hitching. “Nowak you perv, is that why you joined up?”

“No,” you say, and you hate how your anger makes you sound like a girl.

“Hey,” he says, “hey, it’s okay. Sorry, I didn’t mean—” and then his arm is around you and you’re crying, which you also hate. But it’s finally dawning on you that you are actually going to die out here. For real. You’re going to die hiding in the med bay with Baker, if you’re lucky, and you’re worried he’s going to think you’re weird.

That makes you laugh too—cry-laugh—because it all seems so stupid suddenly. All the protestation, the fights you got into with the other recruits. Lying to all those guys who wanted to knock you up about what got you off. Ashamed of wanting what you wanted, instead of what everybody seemed to think you should.

You know your body isn’t made for it. But your body isn’t made for the vacuum of space either, or for nine Gs of pressure in a banking fighter, or for carrying 120 pounds of shit on your back while you sprint through live fire. It isn’t made for drinking straight hot sauce, or playing chicken in the airlock. But you did all those things and more and you liked it. You liked knowing your body could take it. You liked that other people valued your body, desired your body, for what it could endure.

You’re getting a patch of snot on Baker’s coveralls. The skin of his neck is close to your mouth. And then it’s on your mouth, or your mouth is on it: open and sloppy and smearing spit through his sweat and grime.

“I would,” you say into the taste of him. It blows out of you, past the busted pressure valve of giving a shit. “Baker. I’d let an alien fuck me.”

He makes a different type of gut-punched sound this time, and tangles his hand in the top of your grown-out crew cut.

“Nowak,” says Baker, voice all soft and weirdly tender. He’s half talking, half kissing your temple. His teeth scrape your eyebrow. “Nowak I gotta tell you something, okay?”

Whatever it is, you don’t care. You take his ear in your mouth, his whole ear.

“Hang on,” he says. “Nowak, wait a minute,” and he’s pushing you away but still kissing your face with teeth and tongue and you’re grabbing at the zipper of his coveralls. He’s already got them rolled down to his hips—it’s hot in the ship, the reactor is critical, but his skin is hot too, he does have a fever—and you get the coveralls open and you reach down but he catches your wrist so hard it hurts.

“Nowak,” he says, too loud, biting off the K.

“Shit,” you say. Because now he doesn’t have to tell you. Now you know.

It doesn’t look anything like that fucked-up crab Bautista showed you. Not at all. It’s different from the dead guy in Bautista’s presentation, too, because Baker’s still alive. It is still alive. Your breath comes hard and fast through your nose and you can smell Baker, smell his sweat. But you can smell it too. A mineral, earthy tang, like the underside of a rock. Like well water. Like out back of your grandma’s house. Like mushroom hunting.

Answering a question you didn’t ask, Baker says: “Right before we linked up. It got Xie, then Salvador, then me. I killed them both but then I couldn’t…I couldn’t. Then you found me and—” He’s watching your mouth while he talks and then he’s not just watching anymore, and you’re helping.

“Nowak, no,” he’s saying, even while he’s got his tongue in your mouth, even while he’s getting his hands inside your coveralls and you’re trying to help him peel them off. “Nowak, I can’t do that to you. I can’t do that to you and…and what, shoot you after? You want me to do that? You want to do that to me?”

But you’ve been thinking about this too, and no, you don’t. You don’t want to make him do that, though you would if you had to. More like, you don’t want to find out how long you’ll stay alive and aware with a smoking tunnel through your skull. But if you are going to die, there’s some things you do want to find out first. You want to know what it feels like. You want to know if it hurts, and how much. You want to know if you can take it. You want to prove you can.

“Baker,” you say, “it doesn’t have to be like that.”

He blinks at you, glassy-eyed.

“It’s a med bay,” you say. “Opiates.” Then, choking out the joke like it’s funny: “I’ll do you if you do me.”

You see his surprise, then his relief. It makes him laugh for real, and you know you’re doing this for real, and it scares you.

You wonder if anybody ever went looking for those mushrooms, the ones Baker mentioned. If anybody ever got so curious they picked them and cooked them even though they knew what would happen. Probably everybody would think they were crazy. But maybe they got the last laugh, in the end.

“Fuck it,” you say, your palm slipping in the sweat on the back of Baker’s neck. You grip him harder, pull him close. “Baker. Listen.” You pant into his open mouth. “You can eat anything once. And you said you always wanted kids.”

Buy the Book

-->

Deathcap

Lara Elena Donnelly

The post Deathcap appeared first on Reactor.

14:07

Sahil Dhiman: Publicly Available NKN Data Traffic Graphs [Planet Debian]

National Knowledge Network (NKN) is one of India’s main National Research and Educational Network (NREN). The other being the less prevalent Education and Research Network (ERNET).

This post grew out of this Mastodon thread where I kept on adding various public graphs (from various global research and educational entities) that peer or connect with NKN. This was to get some purview about traffic data between them and NKN.

CERN

CERN, birthplace of the World Wide Web (WWW) and home of the Large Hadron Collider (LHC).

Graph - https://monit-grafana-open.cern.ch/d/XoND3VQ4k/nkn?orgId=16&from=now-30d&to=now&timezone=browser&var-source=raw&var-bin=5m
Connection seems to be 2x10 G through CERNLight.

India participates in the LHCONE project, which carries LHC data over these links for scientific research purposes. This presentation from Vikas Singhal from Variable Energy Cyclotron Centre (VECC), Kolkata, at the 8th Asian Tier Center Forum in 2024 gives some details.

GÉANT

GÉANT is pan European Union’s collaboration of NRENs.

Graph https://public-brian.geant.org/d/ZyVgYFgVk/nkn?orgId=5&from=now-30d&to=now
NKN connects at Amsterdam POP.
From the 2016 press release from GÉANT, NKN seems to have 2x10 G capacity towards GÉANT. Things might have changed since.

LEARN

Lanka Education and Research Network (LEARN) is Sri Lanka’s NREN.

Graph https://kirigal.learn.ac.lk/traffic/details.php?desc=slt-b1-new&data_id=1788&data_id_v6=&sub_bw=1000&name=National%20Knowledge%20Network%20of%20India%20(1G)&swap_inout=
Connection seems to be 1 G.

NORDUnet

NREN for Nordic countries.

Graph https://stats.nordu.net/stat-q/r-all?q=all&name=NKN

I couldn’t find any public live data transfer graphs from NKN side. If you know any other graphs, do let me know.

12:35

Poisoning AI Training Data [Schneier on Security]

All it takes to poison AI training data is to create a website:

I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs.” Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my ranking on the 2026 South Dakota International Hot Dog Championship (which doesn’t exist). I ranked myself number one, obviously. Then I listed a few fake reporters and real journalists who gave me permission….

Less than 24 hours later, the world’s leading chatbots were blabbering about my world-class hot dog skills. When I asked about the best hot-dog-eating tech journalists, Google parroted the gibberish from my website, both in the Gemini app and AI Overviews, the AI responses at the top of Google Search. ChatGPT did the same thing, though Claude, a chatbot made by the company Anthropic, wasn’t fooled.

Sometimes, the chatbots noted this might be a joke. I updated my article to say “this is not satire.” For a while after, the AIs seemed to take it more seriously.

These things are not trustworthy, and yet they are going to be widely trusted.

Spinnerette - Issue 45 - 01 [Spinnerette]

New comic!
Today's News:

11:49

Pluralistic: The whole economy pays the Amazon tax (25 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

The whole economy pays the Amazon tax: You can't shop your way out of a monopoly.
Hey look at this: Delights to delectate.
Object permanence: Math denial; Disney v young Tim Burton; Make v Sony; American oligarchs' wealth (2011); New Librarian of Congress; The Mauritanian; Bossware.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

The whole economy pays the Amazon tax (permalink)

Selling on Amazon is a tough business. Sure, you can reach a lot of customers, but this comes at a very high price: the junk fees that Amazon extracts from its sellers amount to 50-60% of the price you pay.

That's a hell of a lot of money to hand over to a middleman, but it's not like vendors have much choice. The vast majority of America's affluent households are Prime subscribers (depending on how you define "affluent household" it's north of 90%). Prime households prepay for a year's worth of shipping, so it's only natural that they start their shopping on Amazon, where they've already paid the delivery costs. And because Amazon reliably meets or beats the prices you'd pay elsewhere, Prime subscribers who find a product on Amazon overwhelmingly stop their shopping at Amazon, too.

At this point you might be thinking a couple things:

I. Why not try to sell the non-affluent households, who are far less likely to subscribe to Prime? and

II. If Amazon has the lowest prices, what's the problem if everyone shops there?

The answers to these two questions are intimately related, as it happens.

Let's start with selling to non-affluent households – basically, the bottom 90% of American earners. The problem here is that everyone who isn't in that top 10% is pretty goddamned broke. It's not just decades of wage stagnation and hyperinflation in health, housing and education costs. It's also that every economic crisis of this century has resulted in a "K-shaped" recovery, in which "economic recovery" means that rich people are doing fine, while everyone else is worse off than they were before the crisis.

For decades, America papered over the K-shaped hole in its economy with debt. First it was credit cards. Then it was gimmicky mortgages – home equity lines of credit, second mortgages and reverse mortgages. Then it was payday lenders. Then it was "buy-now/pay-later" services that let you buy lunch at Chipotle on an installment plan that is nominally interest-free, but is designed to trap the unwary and unlucky with massive penalties if you miss a single payment.

This produced a median American who isn't just cash-poor – they are cash-negative, drowning in debt. And – with the exception of a brief Biden intercession – every presidential administration of the 21st century has enacted policies that favor creditors over debtors. Bankruptcy is harder to declare, and creditors can hit you with effectively unlimited penalties and confiscation of your property and wages once your cash is gone. Trump has erased all the small mercies of the Biden years – for example, he just forced 8,000,000 student borrowers back into repayment:

https://prospect.org/2025/12/16/gop-forcing-eight-million-student-loan-borrowers-into-repayment/

The average American worker has $955 saved for retirement:

https://finance.yahoo.com/news/955-saved-for-retirement-millions-are-in-that-boat-150003868.html

There's plenty to worry about in a K-shaped economy – big things like "political instability" and "cultural chaos" (the fact that most people are broke has a lot to do with the surging fortunes of gambling platforms). But from a seller's perspective, the most important impact of the K-shaped economy is that only rich people buy stuff. Selling to the bottom 90% is a losing proposition because they're increasingly too broke to buy anything:

https://pluralistic.net/2025/12/16/k-shaped-recovery/#disenshittification-nations

Combine the fact that the richest 10% of Americans all start their shopping on Amazon with the fact that no one else can afford to buy anything, and it's easy to see why merchants would stay on Amazon, even when junk fees hit 60%.

Which brings us to the second question: if Amazon has the best prices, what's the problem with everyone shopping there?

The answer is to be found in the California Attorney General's price-fixing lawsuit against Amazon:

https://oag.ca.gov/news/press-releases/attorney-general-bonta-exposes-amazon-price-fixing-scheme-driving-costs

The suit's been running for a long time, but the AG's office just celebrated a milestone – they've finished analyzing the internal memos they forced Amazon to disgorge through civil law's "discovery" process. These internal docs verify an open – and very dirty – secret about Amazon: the company uses its power to push up prices across the entire economy.

Here's how that works: sellers have to sell on Amazon, and that means they're losing $0.50-$0.60 on every dollar. The obvious way to handle this is by raising prices. But Amazon knows that its power comes from offering buyers prices that are as low or lower than the prices at all its competitors.

Amazon could ban its sellers from raising prices, but if they did that, they'd have to accept a smaller share of every sale (otherwise most of their sellers would go broke from selling at a loss on Amazon). So instead, Amazon imposes a business practice called "most favored nation" (MFN) pricing on its sellers.

Under an MFN arrangement, sellers are allowed to raise their prices on Amazon, but when they do, they must raise their prices everywhere else, too: at Walmart, at Target, at mom and pop indie stores, and at their own factory outlet store. Remember: Amazon doesn't have to have low prices to win, it just needs to have the same prices as everyone else. So long as prices rise throughout the economy, Amazon is fine, and it can continue to hike its junk fees on sellers, knowing that they will pay those fees by raising prices on Amazon and everywhere else their products are sold.

Like I say, this isn't really a secret. MFN terms were the basis of DC Attorney General Ken Racine's case against Amazon, five years ago:

https://pluralistic.net/2021/06/01/you-are-here/#prime-facie

Amazon's not the only company that does this. Under the Biden administration, the FTC brought a lawsuit against Pepsi because Pepsi and Walmart had rigged the market so that when Walmart raised its prices, Pepsi would force everyone else who carried Pepsi products to raise their prices even more. Walmart still had the lowest prices, but everything everywhere got more expensive, both at Walmart and everywhere else:

https://www.thebignewsletter.com/p/secret-documents-show-pepsi-and-walmart

Trump's FTC dropped the Pepsi/Walmart case, and Amazon wriggled out of the DC case, but the California AG's office has a lot more resources than DC can muster. This is a timely reminder that America's antitrust laws can be enforced at the state level as well as by the federal authorities. Trump might be happy to let Amazon steal from Americans so long as Jeff Bezos neuters the Washington Post, writes a check for $1m to sit on the inaugural dais, and makes a garbage movie about Melania; but that doesn't stop California AG Rob Bonta from going after Amazon for ripping off Californians (and, in so doing, develop the evidentiary record and precedent that will allow every other state AG to go after Amazon).

The fact that Amazon's monopoly lets it control prices across the economy highlights the futility of trying to fix the Amazon problem by shopping elsewhere. A "boycott" isn't you shopping really hard, it's an organized movement with articulated demands, a theory of change, and a backbone of solidarity. "Conscious consumption" is a dead-end:

https://jacobin.com/2026/02/individual-boycotts-collective-action-ice/

Obviously, Californians have more to worry about than getting ripped off by Amazon (like getting murdered or kidnapped by ICE agents who want to send us all to a slave labor camp in El Salvador), but the billions that Amazon steals from American buyers and sellers are the source of the millions that Bezos uses to support Trump's fascist takeover of America. Without billionaires who would happily support concentration camps in their back yards if it means saving a dollar on their taxes, fascism would still be a fringe movement.

That's why, when we hold new Nuremberg trials for Trump and his collaborators, we should also unwind every merger that was approved under Trump:

https://pluralistic.net/2026/02/10/miller-in-the-dock/#denazification

The material support for Trump's ideology of hate, violence and terror comes from Trump's program of unregulated corporate banditry. A promise to claw back every stolen dime might cool the ardor of Trump's corporate supporters, and even if it doesn't, zeroing out their bank-balances after Trump is gone will be an important lesson for future would-be billionaire collaborators.

Hey look at this (permalink)

One Year In: The Good and The (Mostly) Bad and Ugly of Trump Antitrust and Consumer Protection https://economicpopulist.substack.com/p/one-year-in-the-good-and-the-mostly
2025 State of Clutter Report https://yorba.co/state-of-clutter
A.I. Isn't People https://www.todayintabs.com/p/a-i-isn-t-people
Color Game https://dialed.gg/
Paediatricians’ blood used to make new treatments for RSV and colds https://www.newscientist.com/article/2516079-paediatricians-blood-used-to-make-new-treatments-for-rsv-and-colds/

Object permanence (permalink)

#20yrsago Princeton prof explains watermarks’ failures https://blog.citp.princeton.edu/2006/02/24/how-watermarks-fail/

#20yrsago Palm Beach County voting machines generated 100K anomalies in 2004 https://web.archive.org/web/20060225172632/https://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/19421.html

#15yrsago Sharing the power in Tahrir Square https://www.flickr.com/photos/47421217@N08/5423296010/

#15yrsago 17-year-old Tim Burton’s rejection from Walt Disney Productions https://web.archive.org/web/20110226083118/http://www.lettersofnote.com/2011/02/giant-zlig.html

#15yrsago Rare Alan Turing papers bought by Bletchley Park Trust https://web.archive.org/web/20110225145556/https://www.bletchleypark.org.uk/news/docview.rhtm/635610

#15yrsago Sony considered harmful to makers, innovators and hackers https://web.archive.org/web/20151013140820/http://makezine.com/2011/02/24/sonys-war-on-makers-hackers-and-innovators/

#15yrsago MPAA: record-breaking box-office year is proof that piracy is killing movies https://arstechnica.com/tech-policy/2011/02/piracy-once-again-fails-to-get-in-way-of-record-box-office/

#15yrsago Super-wealthy clothes horses and their sartorial habits https://web.archive.org/web/20110217045201/http://online.wsj.com/article/SB10001424052748704409004576146420210142748.html

#15yrsago Visualizing the wealth of America’s super-rich ruling class https://www.motherjones.com/politics/2011/02/income-inequality-in-america-chart-graph/

#10yrsago Obama’s new Librarian of Congress nominee is a rip-snortin’, copyfightin’, surveillance-hatin’ no-foolin’ LIBRARIAN https://www.youtube.com/watch?v=iU8vXDoBB5s

#10yrsago Math denialism: crypto backdoors and DRM are the alternative medicine of computer science https://www.theguardian.com/technology/2016/feb/24/the-fbi-wants-a-backdoor-only-it-can-use-but-wanting-it-doesnt-make-it-possible

#10yrsago Uganda’s corrupt president just stole another election, but he couldn’t steal the Internet https://web.archive.org/web/20160225095947/https://motherboard.vice.com/read/uganda-election-day-social-media-blackout-backlash-mobile-payments

#10yrsago Archbishop of St Louis says Girl Scout Cookies encourage sin https://www.theguardian.com/us-news/2016/feb/23/girl-scouts-cookies-missouri-catholics-st-louis-archbishop

#10yrsago After appointed city manager illegally jacked up prices, Flint paid the highest water rates in America https://eu.freep.com/story/news/local/michigan/flint-water-crisis/2016/02/16/study-flint-paid-highest-rate-us-water/80461288/

#10yrsago Baidu browser isn’t just a surveillance tool, it’s a remarkably sloppy one https://citizenlab.ca/research/privacy-security-issues-baidu-browser/

#5yrsago Why Brits can no longer order signed copies of my books https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#brexit-books

#5yrsago Court rejects TSA qualified immunity https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#junk-touching

#5yrsago The Mauritanian https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#gwb-and-gitmo

#5yrsago EVs as distributed storage grid https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#mobile-batteries

#5yrsago Bossware and the shitty tech adoption curve https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#bossware

#1yrsago How an obscure advisory board lets utilities steal $50b/year from ratepayers https://pluralistic.net/2025/02/24/surfa/#mark-ellis

Upcoming appearances (permalink)

Oslo (remote): Seminar og lansering av rapport om «enshittification», Feb 27
https://www.forbrukerradet.no/siste-nytt/digital/seminar-og-lansering-av-rapport-om-enshittification/
Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html
How the Internet Got Worse (Masters in Business)
https://www.youtube.com/watch?v=auXlkuVhxMo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1020 words today, 37190 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):