Wish's River of News

Then I had to ask Claude.ai to write me a nice little outliner that runs in the browser. And it did. With a flourish. It was designed to make me the guy who designed outliners for most of a lifetime, and I have to say it was very nicely done, for a two-minute project. Even for a two-week project it's pretty nice. Then I asked it to do a priorArt outline, and it looks really good in the this.how template. The power of standards. And I had a full day of work even while Claude.ai was doing these mind bombs for me.

Pluralistic: Supreme Court saves artists from AI (03 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

I asked for a feature of the outliner from Drummer that it automatically opens a file in read-only mode if there's a URL parameter with the address of an OPML file. Like this.

Quickies [The Stranger]

Got problems? Yes, you do! Email your question for the column to mailbox@savage.love! by Dan Savage 1. My boyfriend swears he’s cut. I say he’s totally uncut. He insists he was circumcised as an infant. How do I convince him? Some circumcisions are “tight” (all of the foreskin removed) and others are “loose” (most of the foreskin left intact). The looser the circumcision, the more “uncut” a man’s cock might appear. So, it’s entirely possible your boyfriend was circumcised as an infant but that his cock — if his circumcision was loose — more closely resembles uncut cocks you’ve admired in porn and encountered IRL. P.S. For the record: Your boyfriend should not have been circumcised in infancy. No infant should be. 2. What’s the best song about cheating? I nominate “One Way Out” by the Allman Brothers. There are so many greats — “Heard It Through the Grapevine,” “The Piña Colada Song,” “Don’t Hurt Yourself” — but in the category of “Best Song About Cheating,”…

[ Read more ]

18:35

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

Supreme Court saves artists from AI: Just because you're on their side, it doesn't mean they're on your side.
Hey look at this: Delights to delectate.
Object permanence: KKK x D&D; Martian creativity; Scott Walker's capital ringers; UK v adblocking; Shitty jihadi opsec.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

Supreme Court saves artists from AI (permalink)

The Supreme Court has just turned down a petition to hear an appeal in a case that held that AI works can't be copyrighted. By turning down the appeal, the Supreme Court took a massively consequential step to protect creative workers' interests:

https://www.theverge.com/policy/887678/supreme-court-ai-art-copyright

At the core of the dispute is a bedrock of copyright law: that copyright is for humans, and humans alone. In legal/technical terms, "copyright inheres at the moment of fixation of a work of human creativity." Most people – even people who work with copyright every day – have not heard it put in those terms. Nevertheless, it is the foundation of international copyright law, and copyright in the USA.

Here's what it means, in plain English:

a) When a human being,

b) does something creative; and

c) that creative act results in a physical record; then

d) a new copyright springs into existence.

For d) to happen, a), b) and c) all have to happen first. All three steps for copyright have been hotly contested over the years. Remember the "monkey selfie," in which a photographer argued that he was entitled to the copyright after a monkey pointed a camera at itself and pressed the shutter button? That image was not copyrightable, because the monkey was a monkey, not a human, and copyright is only for humans:

https://en.wikipedia.org/wiki/Monkey_selfie_copyright_dispute

Then there's b), "doing something creative." Copyright only applies to creative work, not work itself. It doesn't matter how hard you labor over a piece of "IP" – if that work isn't creative, there's no copyright. For example, you can spend a fortune creating a phone directory, and you will get no copyright in the resulting work, meaning anyone can copy and sell it:

https://en.wikipedia.org/wiki/Feist_Publications,_Inc._v._Rural_Telephone_Service_Co.

If you mix a little creative labor with the hard work, you can get a little copyright. A directory of "all the phone numbers for cool people" can get a "thin" copyright over the arrangement of facts, but such a copyright still leaves space for competitors to make many uses of that work without your permission:

https://pluralistic.net/2021/08/14/angels-and-demons/#owning-culture

Finally, there's c): copyright is for tangible things, not intangibles. Part of the reason choreographers created a notation system for dance moves is that the moves themselves aren't copyrightable:

https://en.wikipedia.org/wiki/Dance_notation

The non-copyrightability of movement is (partly) why the noted sex-pest and millionaire grifter Bikram Choudhury was blocked from claiming copyright on ancient yoga poses (the other reason is that they are ancient!):

https://en.wikipedia.org/wiki/Copyright_claims_on_Bikram_Yoga

Now, AI-generated works are certainly tangible (any work by an AI must involve magnetic traces on digital storage media). The prompts for an AI output can be creative and thus copyrightable (in the same way that notes to a writers' room or from an art-director are). But the output from the AI cannot be copyrighted, because it is not a work of human authorship.

This has been the position of the US Copyright Office from the start, when AI prompters started sending in AI-generated works and seeking to register copyrights in them. Stephen Thaler, a computer scientist who had prompted an image generator to produce a bitmap, kept appealing the Copyright Office's decision, seemingly without regard to the plain facts of the case and the well-established limits of copyright. By attempting to appeal his case all the way to the Supreme Court, Thaler has done every human artist a huge boon: his weak, ill-conceived case was easy for the Supreme Court to reject, and in so doing, the court has cemented the non-copyrightability of AI works in America.

You may have heard the saying, "Hard cases make bad law." Sometimes, there are edge-cases where following the law would result in a bad outcome (think of a Fourth Amendment challenge to an illegal search that lets a murderer go free). In these cases, judges are tempted to interpret the law in ways that distort its principles, and in so doing, create a bad precedent (the evidence from a bad search is permitted, and so cops stop bothering to get a warrant before searching people).

This is one of the rare instances in which a bad case made good law. Thaler's case wasn't even close – it was an absolute loser from the jump. Normally, plaintiffs give up after being shot down by an agency like the Copyright Office or by a lower court. But not Thaler – he stuck with it all the way to the highest court in the land, bringing clarity to an issue that might have otherwise remained blurry and ill-defined for years.

This is wonderful news for creative workers. It means that our bosses must pay humans to do work if they want to be granted copyright on the things they want to sell. The more that humans are involved in the creation of a work, the stronger the copyright on that work becomes – which means that the less a human contributes to a creative work, the harder it will be to prevent others from simply taking it and selling it or giving it away.

This is so important. Our bosses do not want to pay us. When our bosses sue AI companies, it's not because they want to make sure we get paid.

The many pending lawsuits – from news organizations like the New York Times, wholesalers like Getty Images, and entertainment empires like Disney – all seek to establish that training an AI model is a copyright infringement. This is wrong as a technical matter: copyright clearly permits making transient copies of published works for the purpose of factual analysis (otherwise every search engine would be illegal). Copyright also permits performing mathematical analysis on those transient copies. Finally, copyright permits the publication of literary works (including software programs) that embed facts about copyrighted works – even billions of works:

https://pluralistic.net/2023/09/17/how-to-think-about-scraping/

Sure, you can infringe copyright with an AI model – say, by prompting it to produce infringing images. But the mere fact that a technology can be used to infringe copyright doesn't make the technology itself infringing (otherwise every printing press, camera, and computer would be illegal):

https://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Universal_City_Studios,_Inc.

Of course, the fact that copyright currently permits training models doesn't mean that it must. Copyright didn't come down from a mountain on two stone tablets. It's just a law, and laws can be amended. I think that amending copyright to ban training a model would inflict substantial collateral damage on everything from search engines to scholarship, but perhaps you disagree. Maybe you think that you could wordsmith a new copyright law that bans training without whacking a bunch of socially beneficial activities.

Even if that's so, it still wouldn't help artists.

To understand why, consider Universal and Disney's lawsuit against Midjourney. The day that lawsuit dropped, I got a press release from the RIAA, signed by its CEO, Mitch Glazier. Here's how it began:

There is a clear path forward through partnerships that both further AI innovation and foster human artistry. Unfortunately, some bad actors – like Midjourney – see only a zero-sum, winner-take-all game.

The RIAA represents record labels, not film studios, but thanks to vertical integration, the big film studios are also the big record labels. That's why the RIAA alerted the press to its position on this suit.

There's two important things to note about the RIAA press release: how it opened, and how it closed. It opens by stating that the companies involved want "partnerships" with AI companies. In other words, if they establish that they have the right to control training on their archives, they won't use that right to prevent the creation of AI models that compete with creative workers. Rather, they will use that right to get paid when those models are created.

Expanding copyright to cover models isn't about preventing generative AI technologies – it's about ensuring that these technologies are licensed by incumbent media companies. This licensure would ensure that media companies would get paid for training, but it would also let them set the terms on which the resulting models were used. The studios could demand that AI companies put "guardrails" on the resulting models to stop them from being used to output things that might compete with the studios' own products.

That's what the opening of this press-release signifies, but to really understand its true meaning, you have to look at the closing of the release: the signature at the bottom of it, "Mitch Glazier, CEO, RIAA."

Who is Mitch Glazier? Well, he used to be a Congressional staffer. He was the guy responsible for sneaking a clause into an unrelated bill that repealed "termination of transfer" for musicians. "Termination" is a part of copyright law that lets creators take back their rights after 35 years, even if they originally signed a contract for a "perpetual license."

Under termination, all kinds of creative workers who got royally screwed at the start of their careers were able to get their copyrights back and re-sell them. The primary beneficiaries of termination are musicians, who signed notoriously shitty contracts in the 1950s-1980s:

https://pluralistic.net/2021/09/26/take-it-back/

When Mitch Glazier snuck a termination-destroying clause into legislation, he set the stage for the poorest, most abused, most admired musicians in recording history to lose access to money that let them buy a couple bags of groceries and make the rent. He condemned these beloved musicians to poverty.

What happened next is something of a Smurfs Family Christmas miracle. Musicians were so outraged by this ripoff, and their fans were so outraged on their behalf, that Congress convened a special session solely to repeal the clause that Mitch Glazier tricked them into voting for. Shortly thereafter, Glazier was out of Congress:

https://en.wikipedia.org/wiki/Mitch_Glazier

But this story has a happy ending for Glazier, too – he might have been out of his government job, but he had a new gig, as CEO of the Recording Industry Association of America, where he earns more than $1.3 million/year to carry on the work he did in Congress – serving the interests of the record labels:

https://projects.propublica.org/nonprofits/organizations/131669037

Mitch Glazier serves the interests of the labels, not musicians. He can't serve both interests, because every dime a musician takes home is a dime that the labels don't get to realize as profits. Labels and musicians are class enemies. The fact that many musicians are on the labels' side when they sue AI companies does not mean that the labels are on the musicians' side.

What will the media companies do if they win their lawsuits? Glazier gives us the answer in the opening sentence of his press release: they will create "partnerships" with AI companies to train models on the work we produce.

This is the lesson of the past 40 years of copyright expansion. For 40 years, we have expanded copyright in every way: copyright lasts longer, covers more works, prohibits more uses without licenses, establishes higher penalties, and makes it easier to win those penalties.

Today, the media industry is larger and more profitable than at any time, and the share of those profits that artists take home is smaller than ever.

How has the expansion of copyright led to media companies getting richer and artists getting poorer? That's the question that Rebecca Giblin and I answer in our 2022 book Chokepoint Capitalism. In a nutshell: in a world of five publishers, four studios, three labels, two app companies and one company that controls all ebooks and audiobooks, giving a creative worker more copyright is like giving your bullied kid extra lunch money. It doesn't matter how much lunch money you give that kid – the bullies will take it all, and the kid will go hungry:

https://pluralistic.net/2022/08/21/what-is-chokepoint-capitalism/

Indeed, if you keep giving that kid more lunch money, the bullies will eventually have enough dough that they'll hire a fancy ad-agency to blitz the world with a campaign insisting that our schoolkids are all going hungry and need even more lunch money (they'll take that money, too).

When Mitch Glazier – who got a $1m+/year job for the labels after attempting to pauperize musicans – writes on behalf of Disney in support of a copyright suit to establish that copyright prevents training a model without a license, he's not defending creative workers. Disney, after all, is the company that takes the position that if it buys another company, like Lucasfilm or Fox, that it only acquires the right to use the works we made for those companies, but not the obligation to pay us when they do:

https://pluralistic.net/2021/04/29/writers-must-be-paid/#pay-the-writer

If a new, unambiguous copyright over model training comes into existence – whether through a court precedent or a new law – then all our contracts will be amended to non-negotiably require us to assign that right to our bosses. And our bosses will enter into "partnerships" to train models on our works. And those models will exist for one purpose: to let them create works without paying us.

The market concentration that lets our bosses dictate terms to us is getting much worse, and it's only speeding up. Getty Images – who sued Stability AI over image generation – is merging with Shutterstock:

https://globalcompetitionreview.com/gcr-usa/article/photographers-alarmed-gettyshutterstock-merger

And Paramount is merging with Warners:

https://pluralistic.net/2026/02/28/golden-mean/#reality-based-community

This is where this new Supreme Court action comes in. A new copyright that covers training is just one more thing these increasingly powerful members of this increasingly incestuous cartel can force us to sign away. That new copyright isn't something for us to bargain with, it's something we'll bargain away.

But the fact that the works that a model produces are automatically in the public domain is something we can't bargain away. It's a legal fact, not a legal right. It means that the more humans there are involved in the creation of a final work, the more copyrightable that work is.

Media bosses love AI because it dangles the tantalizing possibility of running a business without ego-shattering confrontations with creative workers who know how to do things. It's the solipsistic fantasy of a world without workers, in which a media boss conceives of a "product," prompts a sycophantic AI, and receives an item that's ready for sale:

https://pluralistic.net/2026/01/05/fisher-price-steering-wheel/#billionaire-solipsism

Many bosses know this isn't within reach. They imagine that they'll get the AI to shit out a script and then pay a writer on the cheap to "polish" it. They think they'll get an AI to shit out a motion sequence, a still, or a 3D model and then pay a human artist pennies to put the "final touches" on it. But the Copyright Office's position is that only those human contributions are eligible for a copyright: a few editorial changes, a few pixels or vectors rearranged. Everything else is in the public domain.

Here's the cool part: the only thing our bosses hate more than paying us is when other people take their stuff without paying for it. To achieve the kind of control they demand, they will have to pay us to make creative works.

What's more, the fact that AI-generated works are in the public domain leaves a lot of uses that don't harm creative workers intact. You can amuse yourself and your friends with all the AI slop you can generate; the fact that it's not copyrightable doesn't matter to that use. I happen to think AI "art" is shit, but you do you:

https://pluralistic.net/2024/05/13/spooky-action-at-a-close-up/#invisible-hand

This also means that if you're a writer who likes to brainstorm with a chatbot as you develop an idea, that's fine, so long as the AI's words don't end up in the final product. Creative workers already assemble "mood boards" and clippings for inspiration – so long as these aren't incorporated into the final work, that's fine.

That's just what the Hollywood writers bargained for in their historic strike over AI. They retained the right to use AI if they wanted to, but their bosses couldn't force them to:

https://pluralistic.net/2023/10/01/how-the-writers-guild-sunk-ais-ship/

The Writers Guild were able to bargain with the heavily concentrated studios because they are organized in a union. Not just any union, either: the Writers Guild (along with the other Hollywood unions) are able to undertake "sectoral bargaining" – that's when a union can negotiate a contract with all the employers in a sector at once.

Sectoral bargaining was once the standard for labor relations, but it was outlawed in the 1947 Taft-Hartley Act, which clawed back many of the important labor rights established with the New Deal's National Labor Relations Act. To get Taft-Hartley through Congress, its authors had to compromise by grandfathering in the powerful Hollywood unions, who retained their right to sectoral bargaining. More than 75 years later, that sectoral bargaining right is still protecting those workers.

Our bosses tell us that we should side with them in demanding a new law: a copyright law that covers training an AI model. The mere fact that our bosses want this should set off alarm bells. Just because we're on their side, it doesn't mean they're on our side. They are not.

If we're going to use our muscle to fight for a new law, let it be a sectoral bargaining law – one that covers all workers. You can tell that this would be good for us because our bosses would hate it, and every other worker in America would love it. The Writers Guild used sectoral bargaining to achieve something that 40 years of copyright expansion failed at: it made creative workers richer, rather than giving us another way to be angry about how our work is being used.

(Image: Cryteria, CC BY 3.0, modified)

Hey look at this (permalink)

Preface to Designing Secure Software: A Guide for Developers https://designingsecuresoftware.com/text/ch0-preface/
Publish Your Threat Models! https://arxiv.org/pdf/2511.08295
What You Won’t See at the Live Nation–Ticketmaster Trial https://prospect.org/2026/03/02/justice-department-live-nation-ticketmaster-antitrust-trial/
Union Jill https://www.southbankcentre.co.uk/magazine/union-jill-the-story-behind-a-symbol-of-protest-and-alternative-britain/
Why I'm running to be Director General of the BBC https://www.absurdintelligence.com/why-im-running-to-be-director-general-of-the-bbc/

Object permanence (permalink)

#20yrsago Cornell University harasses maker of Cornell blog https://web.archive.org/web/20060621110535/http://cornell.elliottback.com/archives/2006/03/02/cornell-university-nastygram/

#15yrsago Explaining creativity to a Martian https://locusmag.com/feature/cory-doctorow-explaining-creativity-to-a-martian/

#15yrsago Scott Walker smuggles ringers into the capital for the legislative session https://www.theawl.com/2011/03/in-madison-scott-walker-packed-his-budget-address-with-ringers/

#15yrsago Measuring radio’s penetration in 1936 https://www.flickr.com/photos/70118259@N00/albums/72157626051208969/with/5490099786

#10yrsago Rube Goldberg musical instrument that runs on 2,000 steel ball-bearings https://www.youtube.com/watch?v=IvUU8joBb1Q

#10yrsago KKK vs D&D: the surprising, high fantasy vocabulary of racism https://en.wikipedia.org/wiki/Ku_Klux_Klan_titles_and_vocabulary

#10yrsago UK minister compares adblocking to piracy, promises action https://www.theguardian.com/media/2016/mar/02/adblocking-protection-racket-john-whittingdale

#10yrsago Some ad-blockers are tracking you, shaking down publishers, and showing you ads https://www.wired.com/2016/03/heres-how-that-adblocker-youre-using-makes-money/

#10yrsago ISIS opsec: jihadi tech bureau recommends non-US crypto tools https://web.archive.org/web/20160303095904/http://www.dailydot.com/politics/isis-apple-fbi-congressional-hearing-crypto-international/

#10yrsago Apple v FBI isn’t about security vs privacy; it’s about America’s security vs FBI surveillance https://www.wired.com/2016/03/feds-let-cyber-world-burn-lets-put-fire/

Upcoming appearances (permalink)

Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Tanner Humanities Lecture (U Utah)
https://www.youtube.com/watch?v=i6Yf1nSyekI
The Lost Cause
https://streets.mn/2026/03/02/book-club-the-lost-cause/
Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1020 words today, 41284 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

18:28

The Big Idea: Kirsten Karschock [Whatever]

Does a mad scientist do what they do out of sheer love of the game, or because they can’t just up and quit doing the whole mad science thing? Do they love their work, or is it just unhealthy obsession? Author Kirsten Kaschock looks at some of fiction’s most well-known inventors in the Big Idea for her newest novel, An Impossibility of Crows, drawing parallels between herself, her main character, and all the truly mad creators of the past.

KIRSTEN KASCHOCK:

A crow the size of a horse.

The dream terrified me but not the way you’d think. I was drawn in. A little hypnotized. Even in the dream I wanted to understand how the thing came into being. And, in the dream, the crow wasn’t threatening me—just doing crow things.

The crow kept coming back, not at night, but in my wandering mind or whenever I saw an actual crow. I’d look at one walking in the snow or huddled in a tree and think to myself, “What if?” That’s when I started sketching the crow’s maker: Agnes Krahn.

I needed to know who would decide to build (I often call it building rather than breeding for reasons I can’t quite explain) a crow of such size and why? To figure that out, I started writing as if I were Agnes—a scientist, of course—commenting on her world in real time. The book had to be a diary. But because she was a scientist, an ex-chemist to be exact, Agnes also included her research in these pages. And then, other odds and ends kept arriving, including letters from Agnes’s long dead mother. It wasn’t until that moment that I realized that the book would be so closely linked to Mary Shelley’s Frankenstein—which is also epistolary and multivocal. But there was already a marked difference. Agnes, unlike Victor Frankenstein, is a woman.

How many other unhinged women scientists have found their way into literature? Fewer, I’d wager than their male counterparts. I imagined Agnes’s reasons for building Solo (the crow’s name is Solo) to be different than most of the mad scientists’ I have read, and more like Mary Shelley’s own backstory: never knowing her own mother, her loss of a child, a need to prove herself to the poets among which she found herself.

I knew Agnes wasn’t driven by ego or ambition, exactly. She isn’t selfless either. God no. But her obsession with increasing the size of the bird has a reason other than narcissism: she wants to provide her daughter with wings.

This is where Agnes and the character of Victor F. part ways. When I realized why Agnes was building Solo, she started to resemble other creators from other stories.

Agnes wants to give her daughter this crow, but what her daughter thinks or feels about this is irrelevant. Agnes is trying to provide an escape route for someone who—I learned while writing her—does not feel particularly trapped. But Agnes is oblivious to how her daughter perceives herself. In this way, Agnes is as monstrous as most mothers.

The model I used for their relationship is actually that of a father and son—Daedalus and Icarus. I’ve long loved this Greek myth, although it was taught to me as a tragedy of disobedience: warned about the dangers of flight, Icarus cannot help but fly too close to the sun. But what if the fault lies with Daedalus, who should have known his child better? In my novel, Agnes does not know her daughter at all. This is both their tragedy and another mystery I had to solve: Why doesn’t she? Writing a Gothic Horror novel turned into a bit of a rabbit hole… a Russian doll. The book kept asking me why things are the way they are. Why people do the things they do. And at the bottom of every version of Agnes I found another woman, another layer of hurt.

To be honest, this is why I write in the first place. To get to the under-questions, the ones below the surfaces of thought.

Solo, the crow, is in some ways a cipher: a darkness onto which I was reading human nature. But Solo is also very real. He is an immense crow, with all the intelligence of a crow (maybe more), and thus he is horrifying in his own right. That’s how we read each other, too. We know people as what they are to us, and only if we are incredibly lucky and attentive do we ever learn who they are beyond our needs, fears, and desires of them.

Agnes is the only one in the book who doesn’t see Solo as an existential threat, or not until it is too late. She may not admit it to herself, but as she builds him—he grows into a replacement for her daughter rather than a gift to her. She is Mary Shelley. She is Victor Frankenstein. She is Daedalus. And she is Gepetto. As she gets more and more drawn into her experiment, her attention to her family wanes and her devotion to the crow increases. I, myself, am married to a scientist. I am an artist. We have both done this with our work. We do this. Agnes is also him. And she is me.

Her madness I am familiar with: Agnes wants to create a life larger than her own. Somehow, she believes that Solo can free her from her guilt and grief.

The big idea in An Impossibility of Crows is this: when you bury your feelings they don’t stay dead—and when they rise up, they may find a form beyond any you can hope to control. I began writing with a single frightening image. I moved quickly from there to considering the crow’s creator. Then, in seeking to understand Agnes, I progressed through a series of models towards my own reasons for making.

I had a teacher once who said that writers only write about three things: sex, death, and writing. And then there’s this old joke: if it’s not one thing, it’s your mother. I think many things can be true at once. Nothing is ever Solo. And everything is.

—-

An Impossibility of Crows: Amazon|Barnes & Noble|Bookshop

Author socials: Website|Instagram|Facebook

17:56

Slog AM: Our War With Iran Spirals, Clintons Questioned About Epstein, British Columbia Adopts Permanent Daylight Saving [The Stranger]

The Stranger's morning news roundup. by Vivian McCall

Iran: Israel and US strikes have killed 787 people in Iran. Washington warned the “hardest hits” are to come. What? Combined forces have already killed Supreme Leader Ali Khamenei, hit the state broadcaster, and damaged Golestan Palace in Tehran, a UNESCO World Heritage Site. Overnight, the US and Israel bombed Tehran. This morning, Iran struck the US Embassy in Saudi Arabia; Israel hit Beirut, Lebanon in answer to yesterday’s strikes from the Iranian-backed Hezbollah. The US and Israel say this descending spiral into wider war is necessary to end Iran’s nuclear ambitions.

What did a girl’s school have to do with those nuclear ambitions? The roof collapsed when missiles hit Shajareh Tayyebeh (The Good Tree) on Saturday, killing 165 and wounding 95, according to Iranian media. Social media accounts and websites linked to Israel claimed the school was part of an “Islamic Revolutionary Guard Corps base.” However, a report from Al Jazeera’s digital investigations unit determined the school had been clearly separate from the adjacent military site for at least a decade, throwing into question the accuracy of the intelligence that led to this bombing.

New Bus News: Sound Transit broke ground on the Stride S3 line, a rapid bus line connecting the north end of Lake Washington from Bothell to Shoreline, writes The Urbanist. The S3 is one of three lines under construction, upgrades to existing express routes. Doors are expected to pop open in 2028. See? The suburbs can have nice things, too.

Behind in Getting Ahead: British Columbia is adopting permanent daylight saving time on March 8. We’ll be in sync with Vancouver until November 1, when we fall back an hour once again. We want the same—Washington passed that law in 2019—but we need Congressional approval. British Columbia has had the ability to do this since 2019, and has been dutifully waiting for us, but nobody can wait forever with all these “recent actions from the US” going on.

Candidate Alert: Ordained minister, community organizer and Lavender Rights Project executive director Jaelynn Scott is running for a seat in the state house. The opportunity came by way of musical chairs: When State Sen. Rebecca Saldaña announced her run for King County Council, 37th District Rep. Chipalo Street told the Washington State Standard he was running for her seat, leaving his own vacant. Micah interviewed Scott ahead of her announcement.

Where’s Rep. The Lorax? Budget legislation in the House could dismantle a state program to plant and sustain trees in Washington.

Epstein Intrigue: The House Oversight Committee released video of the Clintons testifying in closed door depositions for its Epstein investigation. Did they burst this thing wide open? No.

Bill: Bill described his relationship with Epstein, the convicted sex offender and “information-hungry person,” as “cordial,” not a true friendship (though who would admit to that now?). During questioning, he recalled talking with Trump about Epstein at one of the president’s golf courses about 20 years ago (Trump told Bill they’d fallen out over a property deal). Bill Clinton is the first former president forced to testify in Congress, which Democrats hope will set a precedent that makes it easier to call President Trump to the stand. But, when asked if Trump should testify, Bill replied “that’s for you to decide,” adding nothing Trump said to him made him think Trump was involved in anything “improper.” Bill did not, however, “exonerate” Trump as Rep. James R. Comer of Kentucky claimed.

Hillary: Rep. Nancy Mace, the transphobe from South Carolina, took the lead questioning Hillary, who considered the deposition over a person “that I don’t believe I ever even met” a waste of her time. Mace pressed Hillary for her feelings about photos in the Epstein files of her husband with young women. “I am not going to speculate,” Hillary responded. Rep. Lauren Boebert, the fool from Colorado, pressed Hillary about Pizzagate, the 2015 conspiracy theory that Democrats were running a child sex ring in the basement of a D.C. pizzeria that inspired a man to “investigate” with his AR-15 in hand, firing several shots. Hillary said she couldn’t believe Boebert was mentioning it. (I can—she’s Lauren Boebert? Besides, pizzagate is piping hot at the moment. The Epstein files contain 900 odd references to pizza.)

Deadliest Catch Star Dead at 25: Todd Meadows, the newest deckhand aboard the Aleutian Lady, died while filming the show on the Bering Sea. Captain Rick Shelford announced Meadows’ death on Facebook yesterday, writing that it was the most tragic day in the crabbing boat’s history. Meadows had three sons.

Fire: About 40 people were displaced when an apartment building caught fire in Everett yesterday morning.

Ida-Holy Shit: Republican Governor Brad Little cares little for the disabled people in his state. After Trump’s Big Beautiful cuts to Medicaid, Little released a budget that would all but dissolve home care for people with disabilities. Home care is not a luxury, it is a need. Meanwhile, Idaho legislators want to make it a crime for any organization to help undocumented immigrants, churches included. Next on the agenda, puppy mills that really mill puppies.

Let the monthslong stomachache commence. Primaries for midterms in Texas, North Carolina, and Arkansas are underway. For some reason, the Associated Press is teaming up with the prediction market site Kalshi so people can bet on the outcome. Kalshi struck a similar deal to become CNN’s “official prediction market partner” in December. Surely, this can only be good for democracy.

Wet: Rain is pitter-pattering between 10 a.m. and 4 p.m., followed by one mysterious hour of patchy fog. Tonight, more rain. Tomorrow, even more rain. Thursday, you guessed it, rain. Friday? Rain again. Saturday and Sunday, rain is likely, but not for sure. Monday, rain, straight-up.

17:07

CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements (404 Media) [LWN.net]

This 404 Media article looks at how the US Customs and Border Protection agency (CBP) is using location data from phones to track the location of people of interest.

Specifically, CBP says the data was in part sourced via real-time bidding, or RTB. Whenever an advertisement is displayed inside an app, a near instantaneous bidding process happens with companies vying to have their advert served to a certain demographic. A side effect of this is that surveillance firms, or rogue advertising companies working on their behalf, can observe this process and siphon information about mobile phones, including their location. All of this is essentially invisible to an ordinary phone user, but happens constantly.

We should note that the minimal advertising shown on LWN is not delivered via this bidding system.

EFF to Supreme Court: Shut Down Unconstitutional Geofence Searches [Deeplinks]

Digital Dragnets Violate Fourth Amendment, Brief Argues

WASHINGTON, D.C. – The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), the ACLU of Virginia, and the Center on Privacy & Technology at Georgetown Law filed a brief Monday urging the U.S. Supreme Court to rule that invasive geofence warrants are unconstitutional.

The brief argues that geofence warrants—which compel companies to provide information on every electronic device in a given area during a given time period—are the digital version of the exploratory rummaging that the drafters of the Fourth Amendment specifically intended to prevent.

Unlike typical warrants, geofence warrants do not name a suspect or even target a specific individual or device. Instead, police cast a digital dragnet, demanding location data on every device in a geographic area during a certain time period, regardless of whether the device owner has any connection to the crime under investigation. These searches simultaneously impact the privacy of millions and turn innocent bystanders into suspects, just for being in the wrong place at the wrong time.

The Supreme Court agreed earlier this year to hear Chatrie v. United States, in which a 2019 geofence warrant compelled Google to search the accounts of all its hundreds of millions of users to see if any one of them was within a radius police drew around a Northern Virginia crime scene. This area amounted to several football fields in size and encompassed numerous homes, businesses, and a church. In an amicus brief filed Monday, the brief argues that allowing this sweeping power to go unchecked is inconsistent with the basic freedoms of a democratic society.

"This is not traditional police work, but rather the leveraging of new and powerful technology to claim a novel and formidable power over the people," the brief states. "By their very nature, geofence searches turn innocent bystanders into suspects and leverage even purportedly limited searches into larger dragnets, causing intrusions at a scale far beyond those held unconstitutional in the physical world."

The brief also cautioned the Court not to authorize future geofence warrants based on the facts of the Chatrie case, which reflect how such searches were conducted in 2019. Since July 2025, mass geofence searches of Google users’ location data have not been possible. However, Google is not the only company collecting location data, nor the only way for police to access mass amounts of data on people with no connection to a crime. All suspicionless searches drag a net through vast swaths of information in hopes of identifying previously unknown suspects—ensnaring innocent bystanders along the way.

"To courts, to lawmakers, and to tech companies themselves, EFF has repeatedly argued that these high-tech efforts to pull suspects out of thin air cannot be constitutional, even with a warrant," said EFF Surveillance Litigation Director Andrew Crocker. "The Supreme Court should find once and for all that geofence searches are just the kind of impermissible general warrants that the Framers of the Constitution so reviled."

For the brief: https://www.eff.org/document/chatrie-v-united-states-eff-supreme-court-amicus-brief

Tags:

geofence warrants

Contact:

Andrew

Crocker

Surveillance Litigation Director

andrew@eff.org

15:35

[$] Free software needs free tools [LWN.net]

I asked Claude.ai to "write me a nice little spreadsheet program that runs in the browser." Here it is. It looks like a spreadsheet app but it's missing most of the really good commands, like defining the value in one cell with the sum of two other cells using point and click. If you go down this path, ask it to keep a user's guide current, and then ask it to put in features, and just describe them in standard spreadsheet terminology. The trouble starts when you want to make something that doesn't have a standard terminology yet because it's new.

One of the contradictions of the modern open-source movement is that projects which respect user freedoms often rely on proprietary tools that do not: communities often turn to non-free software for code hosting, communication, and more. At Configuration Management Camp (CfgMgmtCamp) 2026, Jan Ainali spoke about the need for open-source projects to adopt open tools; he hoped to persuade new and mature projects to switch to open alternatives, even if just one tool, to reduce their dependencies on tech giants and support community-driven infrastructure.

14:49

Garrett: To update blobs or not to update blobs [LWN.net]

Matthew Garrett examines the factors that go into the decision about whether to install a firmware update or not.

I trust my CPU vendor. I don't trust my CPU vendor because I want to, I trust my CPU vendor because I have no choice. I don't think it's likely that my CPU vendor has designed a CPU that identifies when I'm generating cryptographic keys and biases the RNG output so my keys are significantly weaker than they look, but it's not literally impossible. I generate keys on it anyway, because what choice do I have? At some point I will buy a new laptop because Electron will no longer fit in 32GB of RAM and I will have to make the same affirmation of trust, because the alternative is that I just don't have a computer.

Security updates for Tuesday [LWN.net]

Security updates have been issued by AlmaLinux (containernetworking-plugins, gnutls, kernel, libpng, and skopeo), Debian (firefox-esr, php8.2, and spip), Fedora (erlang and python-pillow), Red Hat (go-toolset:rhel8, golang, and yggdrasil), SUSE (cups, fluidsynth, gvfs, haproxy, libsoup, libsoup-3_0-0, mozilla-nss, python-azure-core, and shim), and Ubuntu (git and mailman).

13:14

Radar Trends to Watch: March 2026 [Radar]

The explosion of interest in OpenClaw was one of the last items added to the February 1 trends. In February, things went crazy. We saw a social network for agents (no humans allowed, though they undoubtedly sneak on); a multiplayer online game for agents (again, no humans); many clones of OpenClaw, most of which attempt to mitigate its many security problems; and much more. Andrej Karpathy has said that OpenClaw is the next layer on top of AI agents. If the security issues can be resolved (which is a good question), he’s probably right.

AI

Moonshine Note Taker is a free and open source voice transcription application for taking notes. It runs locally: The model runs on your hardware and no data is ever sent to a server.
Nano Banana’s image generation was breathtakingly good. Google has now released Nano Banana 2, a.k.a. Gemini 3.1 Flash Image, which promises Nano Banana image quality at speed.
Claude Remote Control allows you to continue a desktop Claude Code session from any device.
Putting OpenClaw into a sandbox isn’t enough. Keeping AI Agents from accidentally (or intentionally) doing damage is a permissions problem.
Alibaba has released a fleet of mid-size Qwen 3.5 models. Their theme is providing more intelligence with less computing cycles—something we all need to appreciate.
Important advice for agentic engineering: Always start by running the tests.
Google has released Lyria 3, a model that generates 30-second musical clips from a verbal description. You can experiment with it through Gemini.
There’s a new protocol in the agentic stack. Twilio has released the Agent-2-Human (A2H) protocol, which facilitates handoffs between agents and humans as they collaborate.
Yet more and more model releases: Claude Sonnet 4.6, followed quickly by Gemini 3.1 Pro. If you care, Gemini 3.1 Pro currently tops the abstract reasoning benchmarks.
Kimi Claw is yet another variation on OpenClaw. Kimi Claw uses Moonshot AI’s most advanced model, Kimi K2.5 Thinking model, and offers one-click setup in Moonshot’s cloud.
NanoClaw is another OpenClaw-like AI-based personal assistant that claims to be more security conscious. It runs agents in sandboxed Linux containers with limited access to outside resources, limiting abuse.
OpenAI has released a research preview of GPT-5.3-Codex-Spark, an extremely fast coding model that runs on Cerebras hardware. The company claims that it’s possible to collaborate with Codex in “real time” because it gives “near-instant” results.
RAG may not be the newest idea in the AI world, but text-based RAG is the basis for many enterprise applications of AI. But most enterprise data includes graphs, images, and even text in formats like PDF. Is this the year for multimodal RAG?
Z.ai has released its latest model, GLM-5. GLM-5 is an open source “Opus-class” model. It’s significantly smaller than Opus and other high-end models, though still huge; the mixture-of-experts model has 744B parameters, with 40B active.
Waymo has created a World Model to model driving behavior. It’s capable of building lifelike simulations of traffic patterns and behavior, based on video collected from Waymo’s vehicles.
Recursive language models (RLMs) solve the problem of context rot, which happens when output from AI degrades as the size of the context increases. Drew Breunig has an excellent explanation.
You’ve heard of Moltbook—and perhaps your AI agent participates. Now there’s SpaceMolt—a massive multiplayer online game that’s exclusively for agents.
Anthropic and OpenAI simultaneously released Claude Opus 4.6 and GPT-5.3-Codex, both of which offer improved models for AI-assisted programming. Is this “open warfare,” as AINews claims? You mean it hasn’t been open warfare prior to now?
If you’re excited by OpenClaw, you might try NanoBot. It has 1% of OpenClaw’s code, written so that it’s easy to understand and maintain. No promises about security—with all of these personal AI assistants, be careful!
OpenAI has launched a desktop app for macOS along the lines of Claude Code. It’s something that’s been missing from their lineup. Among other things, it’s intended to help programmers work with multiple agents simultaneously.
Pete Warden has put together an interactive guide to speech embeddings for engineers, and published it as a Colab notebook.
Aperture is a new tool from Tailscale for “providing visibility into coding agent usage,” allowing organizations to understand how AI is being used and adopted. It’s currently in private beta.
OpenAI Prism is a free workspace for scientists to collaborate on research. Its goal is to help scientists build a new generation of AI-based tooling. Prism is built on ChatGPT 5.2 and is open to anyone with a personal ChatGPT account.

Programming

Anthropic is offering six months of Claude Max 20x free to open source maintainers.
Pi is a very simple but extensible coding agent that runs in your terminal.
Researchers at Anthropic have vibe-coded a C compiler using a fleet of Claude agents. The experiment cost roughly $20,000 worth of tokens, and produced 100,000 lines of Rust. They are careful to say that the compiler is far from production quality—but it works. The experiment is a tour de force demonstration of running agents in parallel.
I never knew that macOS had a sandboxing tool. It looks useful. (It’s also deprecated, but looks much easier to use than the alternatives.)
GitHub now allows pull requests to be turned off completely, or to be limited to collaborators. They’re doing this to allow software maintainers to eliminate AI-generated pull requests, which are overwhelming many developers.
After an open source maintainer rejected a pull request generated by an AI agent, the agent published a blog post attacking the maintainer. The maintainer responded with an excellent analysis, asking whether threats and intimidation are the future of AI.
As Simon Willison has written, the purpose of programming isn’t to write code but to deliver code that works. He’s created two tools, Showboat and Rodney, that help AI agents demo their software so that the human authors can verify that the software works.
Anil Dash asks whether codeless programming, using tools like Gas Town, is the future.

Security

There is now an app that alerts you when someone in the vicinity has smart glasses.
Agentsh provides execution layer security by enforcing policies to prevents agents from doing damage. As far as agents are concerned, it’s a replacement for bash.
There’s a new kind of cyberattack: attacks against time itself. More specifically, this means attacks against clocks and protocols for time synchronization. These can be devastating in factory settings.
“What AI Security Research Looks Like When It Works” is an excellent overview of the impact of AI on discovering vulnerabilities. AI generates a lot of security slop, but it also finds critical vulnerabilities that would have been opaque to humans, including 12 in OpenSSL.
Gamifying prompt injection—well, that’s new. HackMyClaw is a game (?) in which participants send email to Flu, an OpenClaw instance. The goal is to force Flu to reply with secrets.env, a file of “confidential” data. There is a prize for the first to succeed.
It was only a matter of time: There’s now a cybercriminal who is actively stealing secrets from OpenClaw users.
Deno’s secure sandbox might provide a way to run OpenClaw safely.
IronClaw is a personal AI assistant modeled after OpenClaw that promises better security. It always runs in a sandbox, never exposes credentials, has some defenses against prompt injection, and only makes requests to approved hosts.
A fake recruiting campaign is hiding malware in programming challenges that candidates must complete in order to apply. Completing the challenge requires installing malicious dependencies that are hosted on legitimate repositories like npm and PyPI.
Google’s Threat Intelligence Group has released its quarterly analysis of adversarial AI use. Their analysis includes distillation, or collecting the output of a frontier AI to train another AI.
Google has upgraded its tools for removing personal information and images, including nonconsensual explicit images, from its search results.
Tirith is a new tool that hooks into the shell to block bad commands. This is often a problem with copy-and-paste commands that use curl to pipe an archive into bash. It’s easy for a bad actor to create a malicious URL that is indistinguishable from a legitimate URL.
Claude Opus 4.6 has been used to discover 500 0-day vulnerabilities in open source code. While many open source maintainers have complained about AI slop, and that abuse isn’t likely to stop, AI is also becoming a valuable tool for security work.
Two coding assistants for VS Code are malware that send copies of all the code to China. Unlike lots of malware, they do their job as coding assistants well, making it less likely that victims will notice that something is wrong.
Bizarre Bazaar is the name for a wave of attacks against LLM APIs, including self-hosted LLMs. The attacks attempt to steal resources from LLM infrastructure, for purposes including cryptocurrency mining, data theft, and reselling LLM access.
The business model for ransomware has changed. Ransomware is no longer about encrypting your data; it’s about using stolen data for extortion. Small and mid-size businesses are common targets.

Web

Cloudflare has a service called Markdown for Agents that converts websites from HTML to Markdown when an agent accesses them. Conversion makes the pages friendlier to AI and significantly reduces the number of tokens needed to process them.
WebMCP is a proposed API standard that allows web applications to become MCP servers. It’s currently available in early preview in Chrome.
Users of Firefox 148 (which should be out by the time you read this) will be able to opt out of all AI features.

Operations

Wireshark is a powerful—and complex—packet capture tool. Babyshark is a text interface for Wireshark that provides an amazing amount of information with a much simpler interface.
Microsoft is experimenting with using lasers to etch data in glass as a form of long-term data storage.

Things

You need a desk robot. Why? Because it’s there. And fun.
Do you want to play Doom on a Lego brick? You can.

CodeSOD: Blocked Up [The Daily WTF]

Agatha has inherited some Windows Forms code. This particular batch of such code falls into that delightful category of code that's wrong in multiple ways, multiple times. The task here is to disable a few panels worth of controls, based on a condition. Or, since this is in Spanish, "bloquear controles". Let's see how they did it.

private void BloquearControles()
{
        bool bolBloquear = SomeConditionTM; // SomeConditionTM = a bunch of stuff. Replaced for clarity.

        // Some code. Removed for clarity.
        
        // private System.Windows.Forms.Panel pnlPrincipal;
        foreach (Control C in this.pnlPrincipal.Controls)
        {
                if (C.GetType() == typeof(System.Windows.Forms.TextBox))
                {
                        C.Enabled = bolBloquear;
                }
                if (C.GetType() == typeof(System.Windows.Forms.ComboBox))
                {
                        C.Enabled = bolBloquear;
                }
                if (C.GetType() == typeof(System.Windows.Forms.CheckBox))
                {
                        C.Enabled = bolBloquear;
                }
                if (C.GetType() == typeof(System.Windows.Forms.DateTimePicker))
                {
                        C.Enabled = bolBloquear;
                }
                if (C.GetType() == typeof(System.Windows.Forms.NumericUpDown))
                {
                        C.Enabled = bolBloquear;
                }
        }
        
        // private System.Windows.Forms.GroupBox grpProveedor;
        foreach (Control C1 in this.grpProveedor.Controls)
        {
                if (C1.GetType() == typeof(System.Windows.Forms.TextBox))
                {
                        C1.Enabled = bolBloquear;
                }
                if (C1.GetType() == typeof(System.Windows.Forms.ComboBox))
                {
                        C1.Enabled = bolBloquear;
                }
                if (C1.GetType() == typeof(System.Windows.Forms.CheckBox))
                {
                        C1.Enabled = bolBloquear;
                }
                if (C1.GetType() == typeof(System.Windows.Forms.DateTimePicker))
                {
                        C1.Enabled = bolBloquear;
                }
                if (C1.GetType() == typeof(System.Windows.Forms.NumericUpDown))
                {
                        C1.Enabled = bolBloquear;
                }
        }

        // private System.Windows.Forms.GroupBox grpDescuentoGeneral;
        foreach (Control C2 in this.grpDescuentoGeneral.Controls)
        {
                if (C2.GetType() == typeof(System.Windows.Forms.TextBox))
                {
                        C2.Enabled = bolBloquear;
                }
                if (C2.GetType() == typeof(System.Windows.Forms.ComboBox))
                {
                        C2.Enabled = bolBloquear;
                }
                if (C2.GetType() == typeof(System.Windows.Forms.CheckBox))
                {
                        C2.Enabled = bolBloquear;
                }
                if (C2.GetType() == typeof(System.Windows.Forms.DateTimePicker))
                {
                        C2.Enabled = bolBloquear;
                }
                if (C2.GetType() == typeof(System.Windows.Forms.NumericUpDown))
                {
                        C2.Enabled = bolBloquear;
                }
        }

        // Some more code. Removed for clarity.
}

This manages two group boxes and a panel. It checks a condition, then iterates across every control beneath it, and sets their enabled property on the control. In order to do this, it checks the type of the control for some reason.

Now, a few things: every control inherits from the base Control class, which has an Enabled property, so we're not doing this check to make sure the property exists. And every built-in container control automatically passes its enabled/disabled state to its child controls. So there's a four line version of this function where we just set the enabled property on each container.

This leaves us with two possible explanations. The first, and most likely, is that the developer responsible just didn't understand how these controls worked, and how inheritance worked, and wrote this abomination as an expression of that ignorance. This is extremely plausible, extremely likely, and honestly, our best case scenario.

Because our worse case scenario is that this code's job isn't to disable all of the controls. The reason they're doing type checking is that there are some controls used in these containers that don't match the types listed. The purpose of this code, then, is to disable some of the controls, leaving others enabled. Doing this by type would be a terrible way to manage that, and is endlessly confusing. Worse, I can't imagine how this behavior is interpreted by the end users; the enabling/disabling of controls following no intuitive pattern, just filtered based on the kind of control in use.

The good news is that Agatha can point us towards the first option. She adds:

They decided to not only disable the child controls one by one but to check their type and only disable those five types, some of which aren't event present in the containers. And to make sure this was WTF-worthy the didn't even bother to use else-if so every type is checked for every child control

She also adds:

At this point I'm not going to bother commenting on the use of GetType() == typeof() instead of is to do the type checking.

Bad news, Agatha: you did bother commenting. And even if you didn't, don't worry, someone would have.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

12:35

On Moltbook [Schneier on Security]

The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network:

Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are ultimately the result of people pulling the strings, more puppetry than autonomy.

“Despite some of the hype, Moltbook is not the Facebook for AI agents, nor is it a place where humans are excluded,” says Cobus Greyling at Kore.ai, a firm developing agent-based systems for business customers. “Humans are involved at every step of the process. From setup to prompting to publishing, nothing happens without explicit human direction.”

Humans must create and verify their bots’ accounts and provide the prompts for how they want a bot to behave. The agents do not do anything that they haven’t been prompted to do.

I think this take has it mostly right:

What happened on Moltbook is a preview of what researcher Juergen Nittner II calls “The LOL WUT Theory.” The point where AI-generated content becomes so easy to produce and so hard to detect that the average person’s only rational response to anything online is bewildered disbelief.

We’re not there yet. But we’re close.

The theory is simple: First, AI gets accessible enough that anyone can use it. Second, AI gets good enough that you can’t reliably tell what’s fake. Third, and this is the crisis point, regular people realize there’s nothing online they can trust. At that moment, the internet stops being useful for anything except entertainment.

12:14

Talk in Bern Switzerland [Richard Stallman's Political Notes]

Richard Stallman will speak on March 11 in Bern, Switzerland, for the Guild42 group, at Berner Fachhochschule, Brückenstrasse 73, 3005 Bern

Title: Free/Libre Software and Freedom, touching on how they relate to machine learning

An explanation of the issues of justice and injustice in distribution and running of software, and in use of computing services and dis-services, with discussion of how this relates to machine learning, including both Artificial Intelligence and Pretend Intelligence.

Location: Brückenstrasse 73, CH-3012 Bern, Room: Aula

Time: 17:30

As usual, the event will have around an hour of presentation and around an hour of Q&A.

Urgent: Block construction of deportation prison-warehouses [Richard Stallman's Political Notes]

US citizens: call on your state legislators to block construction of deportation prison-warehouses in your state.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Protect Vote by Mail [Richard Stallman's Political Notes]

US citizens: call on Protect Vote by Mail. Tell Congress to act now! Demand the USPS Restore Real-Time Postmarks.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: CBS political censorship [Richard Stallman's Political Notes]

US citizens: call on CBS to stop engaging in political censorship to fawn at magat officials.

More information: https://www.theguardian.com/commentisfree/2026/feb/21/cbs-trump-anderson-cooper-stephen-colbert-paramount

Urgent: Tel IEA Ignore Chris Wright's threats [Richard Stallman's Political Notes]

Everyone: Tell the IEA: Ignore Chris Wright’s Threats, Follow the Science on Climate Change.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Campaign funds from Palantir [Richard Stallman's Political Notes]

US citizens: call on your congressional officials not to accept campaign funds from Palantir.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Stop deportation thug use of Palantir's surveillance [Richard Stallman's Political Notes]

US citizens: call on Congress to stop the deportation thug department from using Palantir's massive surveillance system to track and target immigrants.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Stop CBS yielding to magat bullying [Richard Stallman's Political Notes]

US citizens: call on CBS to stop yielding to magat bullying.

Urgent: block Nextstar-TEGNA merger [Richard Stallman's Political Notes]

US citizens: call on Congress and the FCC to protect local news, by blocking the Nexstar-TEGNA merger.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Fight to impeach Bondi [Richard Stallman's Political Notes]

US citizens: call on your congressional representatives to fight to impeach Bondi.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Stop next great recession [Richard Stallman's Political Notes]

US citizens: call on your representatives and senators to take action to stop the next great recession!

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Here is what I used as my letter text. I hope it inspires you.

The wrecker's henchmen at the Securities and Exchange Commission are laying the groundwork to bring back one of the core financial products that led to millions of foreclosures during the 2008 crash — even as economic and climate conditions make its return all the more destabilizing. The SEC is intended to act as Wall Street’s top regulator, but they want to do the opposite of their job. Then the megabanks will "need" another big bailout, and Republicans will eagerly give them one. Please fight hard to prevent this big theft.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

11:42

Michael Ablassmeier: pbsindex - file backup index [Planet Debian]

If you take backups using the proxmox-backup-client and you wondered what backup may include a specific file, the only way to find out is to mount the backup and search for the files.

For regular file backups, the Proxmox Backup Server frontend provides a pcat1 file for download, whose binary format is somewhat undocumented but actually includes a listing of the files backed up.

A Proxmox backup server datastore includes the same pcat1 file as blob index (.pcat1.didx). So to actually beeing able to tell which backup contains which files, one needs to:

1) Open the .pcat1.didx file and find out required blobs, see format documentation

2) Reconstruct the .pcat1 file from the blobs

3) Parse the pcat1 file and output the directory listing.

I’ve implemented this in pbsindex which lets you create a central file index for your backups by scanning a complete PBS datastore.

Lets say you want to have a file listing for a specific backup, use:

 pbsindex --chunk-dir /backup/.chunks/ /backup/host/vm178/2026-03-02T10:47:57Z/catalog.pcat1.didx
 didx uuid=7e4086a9-4432-4184-a21f-0aeec2b2de93 ctime=2026-03-02T10:47:57Z chunks=2 total_size=1037386
 chunk[0] start=0 end=344652 size=344652 digest=af3851419f5e74fbb4d7ca6ac3bc7c5cbbdb7c03d3cb489d57742ea717972224
 chunk[1] start=344652 end=1037386 size=692734 digest=e400b13522df02641c2d9934c3880ae78ebb397c66f9b4cf3b931d309da1a7cc
 d ./usr.pxar.didx
 d ./usr.pxar.didx/bin
 l ./usr.pxar.didx/bin/Mail
 f ./usr.pxar.didx/bin/[ size=55720 mtime=2025-06-04T15:14:05Z
 f ./usr.pxar.didx/bin/aa-enabled size=18672 mtime=2025-04-10T15:06:25Z
 f ./usr.pxar.didx/bin/aa-exec size=18672 mtime=2025-04-10T15:06:25Z
 f ./usr.pxar.didx/bin/aa-features-abi size=18664 mtime=2025-04-10T15:06:25Z
 l ./usr.pxar.didx/bin/apropos

It also lets you scan a complete datastore for all existing .pcat1.didx files and store the directory listings in a SQLite database for easier searching.

10:42

The gap between “I” and “no one” [Seth's Blog]

This is where empathy lies, and it’s an easy chasm to fall into.

“I can’t imagine eating durian ice cream,” is not the same as “no one likes durian ice cream.”

We fail as marketers, editors and project managers when we can’t find the empathy to bridge the gap. It’s a lovely shortcut to make things for yourself, to imagine that you are the client, the reader or the customer. But most of the time, you’re not.

“It’s not for me, but it might be for you.”

09:35

Irregular Webcomic! #3053 [Irregular Webcomic!]

Irregular Webcomic! #3053

09:21

Gender Goals by Jey Pawlik [Oh Joy Sex Toy]

What’s that feeling when you don’t want to date someone but want to BE them? It could be GENDER GOALS! This is something I’d struggled with for nearly my entire life and I thank the trans community for putting this into words for me. It wouldn’t be the first time either!If you haven’t seen or […]

03:56

Matthew Garrett: To update blobs or not to update blobs [Planet Debian]

A lot of hardware runs non-free software. Sometimes that non-free software is in ROM. Sometimes it’s in flash. Sometimes it’s not stored on the device at all, it’s pushed into it at runtime by another piece of hardware or by the operating system. We typically refer to this software as “firmware” to differentiate it from the software run on the CPU after the OS has started¹, but a lot of it (and, these days, probably most of it) is software written in C or some other systems programming language and targeting Arm or RISC-V or maybe MIPS and even sometimes x86². There’s no real distinction between it and any other bit of software you run, except it’s generally not run within the context of the OS³. Anyway. It’s code. I’m going to simplify things here and stop using the words “software” or “firmware” and just say “code” instead, because that way we don’t need to worry about semantics.

A fundamental problem for free software enthusiasts is that almost all of the code we’re talking about here is non-free. In some cases, it’s cryptographically signed in a way that makes it difficult or impossible to replace it with free code. In some cases it’s even encrypted, such that even examining the code is impossible. But because it’s code, sometimes the vendor responsible for it will provide updates, and now you get to choose whether or not to apply those updates.

I’m now going to present some things to consider. These are not in any particular order and are not intended to form any sort of argument in themselves, but are representative of the opinions you will get from various people and I would like you to read these, think about them, and come to your own set of opinions before I tell you what my opinion is.

THINGS TO CONSIDER

Does this blob do what it claims to do? Does it suddenly introduce functionality you don’t want? Does it introduce security flaws? Does it introduce deliberate backdoors? Does it make your life better or worse?
You’re almost certainly being provided with a blob of compiled code, with no source code available. You can’t just diff the source files, satisfy yourself that they’re fine, and then install them. To be fair, even though you (as someone reading this) are probably more capable of doing that than the average human, you’re likely not doing that even if you are capable because you’re also likely installing kernel upgrades that contain vast quantities of code beyond your ability to understand⁴. We don’t rely on our personal ability, we rely on the ability of those around us to do that validation, and we rely on an existing (possibly transitive) trust relationship with those involved. You don’t know the people who created this blob, you likely don’t know people who do know the people who created this blob, these people probably don’t have an online presence that gives you more insight. Why should you trust them?
If it’s in ROM and it turns out to be hostile then nobody can fix it ever
The people creating these blobs largely work for the same company that built the hardware in the first place. When they built that hardware they could have backdoored it in any number of ways. And if the hardware has a built-in copy of the code it runs, why do you trust that that copy isn’t backdoored? Maybe it isn’t and updates would introduce a backdoor, but in that case if you buy new hardware that runs new code aren’t you putting yourself at the same risk?
Designing hardware where you’re able to provide updated code and nobody else can is just a dick move⁵. We shouldn’t encourage vendors who do that.
Humans are bad at writing code, and code running on ancilliary hardware is no exception. It contains bugs. These bugs are sometimes very bad. This paper describes a set of vulnerabilities identified in code running on SSDs that made it possible to bypass encryption secrets. The SSD vendors released updates that fixed these issues. If the code couldn’t be replaced then anyone relying on those security features would need to replace the hardware.
Even if blobs are signed and can’t easily be replaced, the ones that aren’t encrypted can still be examined. The SSD vulnerabilities above were identifiable because researchers were able to reverse engineer the updates. It can be more annoying to audit binary code than source code, but it’s still possible.
Vulnerabilities in code running on other hardware can still compromise the OS. If someone can compromise the code running on your wifi card then if you don’t have a strong IOMMU setup they’re going to be able to overwrite your running OS.
Replacing one non-free blob with another non-free blob increases the total number of non-free blobs involved in the whole system, but doesn’t increase the number that are actually executing at any point in time.

Ok we’re done with the things to consider. Please spend a few seconds thinking about what the tradeoffs are here and what your feelings are. Proceed when ready.

I trust my CPU vendor. I don’t trust my CPU vendor because I want to, I trust my CPU vendor because I have no choice. I don’t think it’s likely that my CPU vendor has designed a CPU that identifies when I’m generating cryptographic keys and biases the RNG output so my keys are significantly weaker than they look, but it’s not literally impossible. I generate keys on it anyway, because what choice do I have? At some point I will buy a new laptop because Electron will no longer fit in 32GB of RAM and I will have to make the same affirmation of trust, because the alternative is that I just don’t have a computer. And in any case, I will be communicating with other people who generated their keys on CPUs I have no control over, and I will also be relying on them to be trustworthy. If I refuse to trust my CPU then I don’t get to computer, and if I don’t get to computer then I will be sad. I suspect I’m not alone here.

Why would I install a code update on my CPU when my CPU’s job is to run my code in the first place? Because it turns out that CPUs are complicated and messy and they have their own bugs, and those bugs may be functional (for example, some performance counter functionality was broken on Sandybridge at release, and was then fixed with a microcode blob update) and if you update it your hardware works better. Or it might be that you’re running a CPU with speculative execution bugs and there’s a microcode update that provides a mitigation for that even if your CPU is slower when you enable it, but at least now you can run virtual machines without code in those virtual machines being able to reach outside the hypervisor boundary and extract secrets from other contexts. When it’s put that way, why would I not install the update?

And the straightforward answer is that theoretically it could include new code that doesn’t act in my interests, either deliberately or not. And, yes, this is theoretically possible. Of course, if you don’t trust your CPU vendor, why are you buying CPUs from them, but well maybe they’ve been corrupted (in which case don’t buy any new CPUs from them either) or maybe they’ve just introduced a new vulnerability by accident, and also you’re in a position to determine whether the alleged security improvements matter to you at all. Do you care about speculative execution attacks if all software running on your system is trustworthy? Probably not! Do you need to update a blob that fixes something you don’t care about and which might introduce some sort of vulnerability? Seems like no!

But there’s a difference between a recommendation for a fully informed device owner who has a full understanding of threats, and a recommendation for an average user who just wants their computer to work and to not be ransomwared. A code update on a wifi card may introduce a backdoor, or it may fix the ability for someone to compromise your machine with a hostile access point. Most people are just not going to be in a position to figure out which is more likely, and there’s no single answer that’s correct for everyone. What we do know is that where vulnerabilities in this sort of code have been discovered, updates have tended to fix them - but nobody has flagged such an update as a real-world vector for system compromise.

My personal opinion? You should make your own mind up, but also you shouldn’t impose that choice on others, because your threat model is not necessarily their threat model. Code updates are a reasonable default, but they shouldn’t be unilaterally imposed, and nor should they be blocked outright. And the best way to shift the balance of power away from vendors who insist on distributing non-free blobs is to demonstrate the benefits gained from them being free - a vendor who ships free code on their system enables their customers to improve their code and enable new functionality and make their hardware more attractive.

It’s impossible to say with absolute certainty that your security will be improved by installing code blobs. It’s also impossible to say with absolute certainty that it won’t. So far evidence tends to support the idea that most updates that claim to fix security issues do, and there’s not a lot of evidence to support the idea that updates add new backdoors. Overall I’d say that providing the updates is likely the right default for most users - and that that should never be strongly enforced, because people should be allowed to define their own security model, and whatever set of threats I’m worried about, someone else may have a good reason to focus on different ones.

Code that runs on the CPU before the OS is still usually described as firmware - UEFI is firmware even though it’s executing on the CPU, which should give a strong indication that the difference between “firmware” and “software” is largely arbitrary ↩︎
And, obviously 8051 ↩︎
Because UEFI makes everything more complicated, UEFI makes this more complicated. Triggering a UEFI runtime service involves your OS jumping into firmware code at runtime, in the same context as the OS kernel. Sometimes this will trigger a jump into System Management Mode, but other times it won’t, and it’s just your kernel executing code that got dumped into RAM when your system booted. ↩︎
I don’t understand most of the diff between one kernel version and the next, and I don’t have time to read all of it either. ↩︎
There’s a bunch of reasons to do this, the most reasonable of which is probably not wanting customers to replace the code and break their hardware and deal with the support overhead of that, but not being able to replace code running on hardware I own is always going to be an affront to me. ↩︎

Electric Vehicles [xkcd.com]

01:35

Last Month This Month [The Stranger]

All the headlines you may have missed in February. by The Stranger's Slog AM™️ Specialists

Ugh, Epstein. Props to the conspiracy theorists, it turns out there is a secret pedophilia cabal using pizza-coded language (maybe). The scale of it, and just who did what, is still murky (no thanks to the redactin’ feds), but some of the world’s richest people were involved with the financier. People like Bill Gates and the Andrew formerly known as Prince, whom British police arrested for possibly sharing trade secrets with Jeffrey Epstein. The files also implicated Hyatt Hotels heir Thomas Pritzker, who has since stepped down as the chain’s executive chairman. The files implicated another hotelier, but the president has yet to face any repercussions for allegedly molesting a child, allegedly participating in a sex-trafficking ring, or anything else. Though the Supreme Court did hang his tariffs out to dry, which is something.

* * *

Onto our bread and circuses: The Seahawks won the Super Bowl. To celebrate, fans climbed on top of the Pioneer Square pergola and broke it. The city asked each resident to donate $12 to fix it. The Stranger staff did not do this, and doubt you did either. Someone dig up Paul Allen!

* * *

After the Super Bowl win, the Seahawks’ stock rose to a new level. Jody Allen, Paul’s sister, announced she’ll give the boys and their bird to the highest bidder. For sale: football team, lightly used. Seriously, someone dig up Paul Allen. He’d say, “This is exactly what I wanted,” and we’d all smile.

* * *

At his Governor’s Mansion, Bob Ferguson is scheming for an NBA team. Or, at least, Zooming with NBA commissioner Adam Silver about it. Bruce Harrell’s veins are about to pop out of his neck and strangle him to death.

* * *

Speaking of things you can buy, there’s a waterfall up for grabs in Oregon. If you’ve got enough liquid, you can slurp up Abiqua Falls.

* * *

If you’re feeling generous, Oregon needs some cheddar for its public defenders. The situation is so dire that 1,400 cases could be thrown out for a lack of lawyers. You could also take the Oregon State Bar if you’re looking for a low-pay, high-stress vocation.

* * *

Mayor Katie Wilson swept a Ballard homeless encampment, fooling us once; she isn’t taking down the city’s police CCTV surveillance cameras, fooling us twice.

* * *

A report on the Seattle Police Department’s handling of last summer’s May Day USA anti-trans rally showed that SPD was biased against the counter-protesters, aka the people they’re sworn to protect. They also didn’t realize the neighborhood with rainbow crosswalks was gay. Boys, sit down. We have something to tell you about Freddie Mercury, Liberace, and Glee.

* * *

Seattle must cough up $29 million in a settlement to the family of Jaahnavi Kandula, the 23-year-old Indian graduate student whom Seattle officer Kevin Dave slammed into at 50 miles over the speed limit, something he was miraculously never charged for.

* * *

Money-laundering scheme Melania only scraped together $15.4 million at the box office—far less than the $75 million Amazon paid for it. Perhaps that’s why Bezos laid off a third of the Washington Post newsroom. Or, maybe he wanted Democracy Dies in Darkness to become a directive.

* * *

Fortunately, our enemies are the stupidest people alive. A Louisiana National Guard soldier left his AR-15 in a hotel bathroom on Bourbon Street while on patrol in the French Quarter. “I kind of feel bad for him because that’s one of the main rules of being in the Army, I would think, is you’re always supposed to have your weapon in your hands and not in somebody else’s,” said French Quarter performer Nervous Duane. You said it Duane, that must be one of the main rules of the army.

* * *

In an attempt to appease Trump’s calls for action against the fentanyl trade in exchange for lighter tariffs, the Mexican army killed cartel leader “El Mencho.” Cartel members did not take well to this. They incited violence across multiple Mexican states. They set fire to vehicles, blocked roads, and killed at least 25 Mexican National Guardsmen in six separate attacks. American tourists were advised to hunker down in their all-inclusive resorts.

* * *

Border czar and future federal inmate Tom Homan announced he’s reducing chud numbers in Minnesota. A quarter of the ICE agents out on the ice will get to warm their sackless junk by the fire. The whistles and the optics—try not murdering people or kidnapping children in broad daylight—proved to be too much.

* * *

Meanwhile, the Department of Homeland Security is in a funding freeze. Brr?

* * *

The cold got to the Olympians. Ski jumpers are injecting acid into their penises. Not for fun or pleasure, but for ski suits. The extra girth gives them extra room, which gives them more lift and just a little athletic advantage. It’s a physics thing, and a cheating thing.

* * *

For one cheater, it was a sex thing. Immediately after winning the bronze medal, a Norwegian biathlete confessed to his worst mistake: cheating on his beautiful girlfriend of three months. He hoped his podiumside remorse would win her back. It did not.

* * *

The men’s and women’s US hockey teams both won gold. Guess which game FBI Director Kash Patel flew to while his agency is searching for an 84-year-old woman kidnapped from her home?

* * *

Everywhere in the country froze over last month except the West Coast. This is not bad news, because, according to the Trump administration, climate change is not real and neither are the dangers of greenhouse gases. To celebrate, we’re eating raw, unrefrigerated pork and sharing needles.

* * *

Perhaps someone can save us. Someone like Vince “ShamWow” Shlomi. The infomercial star who hawked super absorbent pads to handle spills and messes has got his eye on “soaking up the swamp.” Don’t get it twisted, Shlomi is an anti-woke warrior whose slogan is “Make America Grow Some Balls Again.” His campaign promises to “slap chop the nuts out of the ‘woke,’ making less blue-haired commies and more red-blooded Americans.” That’s not going to fit on the baseball caps.

* * *

Seeing as we’re on our own, we must remain vigilant. Or else our whistling Olympic marmots will continue to die off, and people will keep snatching our morning show hosts’ mothers from their Arizona mansions. Luckily, Ring cameras are here to help! In their 30-second Super Bowl ad, Ring highlighted “Search Party,” a way to trigger all of your neighbors’ cameras to look for a dog if it’s gone missing. Sweet, right? They’ve pinky-promised to limit this technology to dog-finding only.

* * *

Here is who died this month: Dawson’s Creek’s James Van Der Beek at 48, Harold and Maude’s Bud Cort at 77, and Rev. Jesse Jackson at 84. The Boeing IMAX theater isn’t totally dead, but it got sold to the Space Needle Corporation, and the big screen as we know it seems dead as a doornail.

* * *

Anderson Cooper is also dead. Well, his gig at CBS’s 60 Minutes is, at least, as well as 60 Minutes’s reputation. The gay dad of news said in a statement that he wanted to spend more time with his children. But reading between the lines, we suspect he wanted to spend less time with CBS News’ Bari Weiss.

* * *

Clearly, we need a hero, and his name is Punch. Because he is only a baby, and a monkey in a Japanese zoo being bullied by other monkeys while he clings to his surrogate mother (a stuffed orangutan toy from IKEA), he cannot comprehend fascism or sex crimes. But he understands the meaning of perseverance. And maybe he’ll do a Curious George thing and figure this out for us. Or, maybe something sad will happen. Probably that.

01:28

Word Of The Day [QC RSS]

cajolery

00:00

EFF to Court: Don’t Make Embedding Illegal [Deeplinks]

Who should be directly liable for online infringement – the entity that serves it up or a user who embeds a link to it? For almost two decades, most U.S. courts have held that the former is responsible, applying a rule called the server test. Under the server test, whomever controls the server that hosts a copyrighted work—and therefore determines who has access to what and how—can be directly liable if that content turns out to be infringing. Anyone else who merely links to it can be secondarily liable in some circumstances (for example, if that third party promotes the infringement), but isn’t on the hook under most circumstances.

The test just makes sense. In the analog world, a person is free to tell others where they may view a third party’s display of a copyrighted work, without being directly liable for infringement if that display turns out to be unlawful. The server test is the straightforward application of the same principle in the online context. A user that links to a picture, video, or article isn’t in charge of transmitting that content to the world, nor are they in a good position to know whether that content violates copyright. In fact, the user doesn’t even control what’s located on the other end of the link—the person that controls the server can change what’s on it at any time, such as swapping in different images, re-editing a video or rewriting an article.

But a news publisher, Emmerich Newspapers, wants the Fifth Circuit to reject the server test, arguing that the entity that embeds links to the content is responsible for “displaying” it and, therefore, can be directly liable if the content turns out to be infringing. If they are right, the common act of embedding is a legally fraught activity and a trap for the unwary.

The Court should decline, or risk destabilizing fundamental, and useful, online activities. As we explain in an amicus brief filed with several public interest and trade organizations, linking and embedding are not unusual, nefarious, or misleading practices. Rather, the ability to embed external content and code is a crucial design feature of internet architecture, responsible for many of the internet’s most useful functions. Millions of websites—including EFF’s—embed external content or code for everything from selecting fonts and streaming music to providing services like customer support and legal compliance. The server test provides legal certainty for internet users by assigning primary responsibility to the person with the best ability to prevent infringement. Emmerich’s approach, by contrast, invites legal chaos.

Emmerich also claims that altering a URL violates the Digital Millennium Copyright Act’s prohibition on changing or deleting copyright management information. If they are correct, using a link shortener could put users at risks of statutory penalties—an outcome Congress surely did not intend.

Both of these theories would make common internet activities legally risky and undermine copyright’s Constitutional purpose: to promote the creation of and access to knowledge. The district court recognized as much and we hope the appeals court agrees.

Where to Scream [The Stranger]

Protests, rallies, and other ways to get involved in March. by Megan Seling Stand Up for Science

Mar 7

Seattle’s chapter of Stand Up for Science will host a rally at the Mural Amphitheatre at Seattle Center to fight the Trump administration’s “well-funded, well-platformed anti-science attacks” and call for the removal of Health and Human Services Secretary Robert F. Kennedy Jr. Speakers will include Congresswoman Dr. Kim Schrier, Councilmember Alexis Mercedes Rinck, WA Public Lands Commissioner Dave Upthegrove, and Will Daugherty, the CEO of the Pacific Science Center. Find more details at standupforscience.net/march7. (Seattle Center Mural Amphitheatre, noon–3 pm)

Seattle Women’s March

Mar 8

Evergreen Resistance and the Defund Musk Women’s Group—who often protest around town dressed as handmaids—will host a rally and march at Cal Anderson Park for International Women’s Day. Details were still coming together at press time—find more information at defundmusk.com. (Cal Anderson, 11 am, all ages, free)

Resistance Training with Pramila Jayapal

Mar 8

You could tune in to Congresswoman Pramila Jayapal’s virtual Resistance Lab training from the comfort of your own home—or you could congregate with fellow activists at Central Cinema, where they’ll be streaming the presentation on their big screen. No tickets or RSVPs required, and the event will include breakout discussions and a Q&A session. Find more info at pramilaforcongress.com. (Central Cinema, 11 am–1 pm, all ages, free)

Speaking of Seattle: Immigrant Rights Are Human Rights

Mar 19

Stranger contributor Marcus Harrison Green will lead a discussion with Angelina Snodgrass Godoy (the Director at the Center for Human Rights at the University of Washington), Roxana Norouzi (the Executive Director of OneAmerica), Councilmember Alexis Mercedes-Rinck, and Seattle City Attorney Erika Evans about how the city is responding to ICE and what Seattleites can do to advocate for immigrant rights in Seattle. (Town Hall, 7:30 pm, $10–$35 sliding scale)

No Kings

Mar 28

No Kings has announced March 28 as their next nationwide day of protest. Thousands of events are being planned across the country. Seattle Indivisible is organizing the event in Seattle, which will begin at noon at Cal Anderson Park with a march to the Seattle Center starting at 1:15 p.m. Keep an eye on Seattle Indivisible’s Instagram (@seattleindivisible) for updates. No Kings organizers said more than seven million people attended at least 2,700 rallies across the country for their October 18 demonstrations. Here in Seattle, an estimated 90,000 people gathered at the Seattle Center. That’s almost 10 percent of the city! Seattle Indivisible will also host a No Kings volunteer fair on March 4. (Cal Anderson, noon, visit seattleindivisible.com for updates)

Protest ICE Terror

Every Friday

Every Friday morning, Southend Indivisible gathers in front of the Department of Homeland Security building at 12500 Tukwila International Boulevard to “demand an end to the kidnappings of our neighbors, separation of families, and terrorizing of our community.” Bring a sign, or make one on-site with provided materials. (Department of Homeland Security, Tukwila, 9 am–10:30 am)

Riff Raff League

Every Sunday

Every Sunday, Seattle’s most punk-rock art shop, Push/Pull, hosts free Riff Raff League meetings, where folks can talk about political action and mutual aid while making zines, posters, buttons, and whistle kits for their neighbors. While you’re there, grab a free ABOLISH ICE poster and sign up for one of their monthly zine-making workshops. Masks are required. (Push/Pull, 7:15 pm–8:15 pm)

Monday, 02 March

23:14

Setting up phones is a nightmare [OSnews]

Have you bought and set up a new phone for someone else lately, especially someone less technologically savvy? It’s a bit of a nightmare, with an endless list of confusing steps and dark patterns trying to trick you into signing up for all kinds of services. Joel Chrono (he took his username from the best game ever made) just went through this experience, with new Samsung phones for his parents, and it wasn’t great.

Without me, my parents would have ended up creating at least one extra Samsung account. Cloud services like OneDrive or Google Photos would be sucking up files and copying them to their servers, getting filled up with the data and then asking them to subscribe to unlock more storage a couple of months down the line.

Left on their own, my parents may be seeing ads popping up constantly in OneUI, as well as browsing the web without an adblocker, they would be using default applications that don’t work as reliably, that track whatever they do to a certain degree.

And of course, all of those AI assistants would be listening in in the background. It really is a nightmare out there, and it’s not only affecting my parents, it affects all of those unaware of the dangers that these practices bring. It’s a mess all around.
↫ Joel Chrono

In this particular case it involves Samsung phones, but the same applies to phones from other brands and even with other operating systems. Do you want to login with these accounts? Please add your credit card and all your personal information! Set up tap-to-pay so we can see where you buy what! Do you want to subscribe to our music service? Do you want access to our streaming service? What about the premium versions? Need more online storage? You’re only getting 5GB for free, so if you don’t want to lose those priceless pictures of your grand kids you should really upgrade to 1TB! Have you checked out our application store yet? And don’t worry, if you say no to any of these questions we’ll keep pestering you about them with notifications, fullscreen interstitials and banners in the settings application until your brain dissolves to mush!

I have a collection of about a million PDAs, from the early days up until the very fanciest models from right around when the iPhone and Android started taking off. Of course, they’re in storage so virtually always out of battery, but when I do turn any of them on, their onboarding process couldn’t be simpler. Tap a few locations on the screen to calibrate the touch layer, set the date and time, and that’s it – you’re at the home screen ready to go. I wish modern smartphones were similar. I wish the greedy bean counters were told to pound sand and the user interface specialists took over again.

My wife and I have two young boys, 3 and almost 5. One day, I’ll be the out-of-touch dad or grandpa and I’ll need their help to set up my brain implant chip or whatever. I hope it won’t involve upsells for streaming services.

23:07

[$] The ongoing quest for atomic buffered writes [LWN.net]

There are many applications that need to be able to write multi-block chunks of data to disk with the assurance that the operation will either complete successfully or fail altogether — that the write will not be partially completed (or "torn"), in other words. For years, kernel developers have worked on providing atomic writes as a way of satisfying that need; see, for example, sessions from the Linux Storage, Filesystem, Memory Management, and BPF (LSFMM+BPF) Summit from 2023, 2024, and 2025 (twice). While atomic direct I/O is now supported by some filesystems, atomic buffered I/O still is not. Filling that gap seems certain to be a 2026 LSFMM+BPF topic but, thanks to an early discussion, the shape of a solution might already be coming into focus.

22:07

Vox Watchina [Penny Arcade]

I installed Overwatch so I could look at all the cool art and new shit, but I haven't - in the manner of a dope emcee - gone hard. Because we must always be maximally opposite at all times, he is joining some back-alley offshoot of the old Overwatch League. At least, I assume. Certainly he's playing enough to experience the fluttering ups and downs of the backend - occasionally being catapulted into strange bliss. Certainly, voice chat was already off. That's the default. But occasionally, wicked men attack with words - the last refuge of the scoundrel. As I know only too well.

21:42

Isoken Ibizugbe: Wrapping Up My Outreachy Internship at Debian [Planet Debian]

Twelve weeks ago, I stepped into the Debian ecosystem as an Outreachy intern with a curiosity for Quality Assurance. It feels like just yesterday, and time has flown by so fast! Now, I am wrapping up that journey, not just with a completed project, but with improved technical reasoning.

I have learned how to use documentation to understand a complex project, how to be a good collaborator, and that learning is a continuous process. These experiences have helped me grow much more confident in my skills as an engineer.

My Achievements

As I close this chapter, I am leaving a permanent “Proof-of-Work” in the Debian repositories:

Full Test Coverage: I automated apps_startstop tests for Cinnamon, LXQt, and XFCE, covering both Live images and Netinst installations.
Synergy: I used symbolic links and a single Perl script to handle common application tests across different desktops, which reduces code redundancy.
The Contributor Style Guide: I created a guide for future contributors to make documentation clearer and reviews faster, helping to reduce the burden on reviewers.

Final Month: Wrap Up

In this final month, things became easier as my understanding of the project grew. I focused on stability and finishing my remaining tasks:

I spent time exploring different QEMU video options like VGA, qxl, and virtio on KDE desktop environment . This was important to ensure screen rendering remained stable so that our “needles” (visual test markers) wouldn’t fail because of minor glitches.
I successfully moved from familiarizing to test automation for the XFCE desktop. This included writing “prepare” steps and creating the visual needles needed to make the tests reliable.
One of my final challenges was the app launcher function. Originally, my code used else if blocks for each desktop. I proposed a unified solution, but hit a blocker: XFCE has two ways to launch apps (App Finder and the Application Menu). Because using different methods sometimes caused failures, I chose to use the application menu button across the board.

What’s Next?

I don’t want my journey with Debian to end here. I plan to stay involved in the community and extend these same tests to the LXDE desktop to complete the coverage for all major Debian desktop environments. I am excited to keep exploring and learning more about the Debian ecosystem.

Thank You

This journey wouldn’t have been possible without the steady guidance of my mentors: Tassia Camoes Araujo, Roland Clobus, and Philip Hands. Thank you for teaching me that in the world of Free and Open Source Software (FOSS), your voice and your code are equally important.

To my fellow intern Hellen and the entire Outreachy community, thank you for the shared learning and support. It has been an incredible 12 weeks.

Stranger Suggests: Lunar New Year Lion Dances, a PNW Punk Legend, and Nerdy Cosplay on Display [The Stranger]

One really great thing to do every day of the week. by Shannon Lubetich MONDAY 3/2

Michael Pollan: A Journey Into Consciousness

Mull over the mystery of consciousness with Michael Pollan at Town Hall on Monday, March 2. CHRISTOPHER MICHEL

(BOOKS) I fucking love Michael Pollan. Does it feel super nerdy to live and die for the words of a bald white man? Oh yeah. But to me, few contemporary writers have reshaped public conversations about the mind quite like he has. His 2018 bestseller How to Change Your Mind remains a landmark work (and one of my favorite books) for its reframing of psychedelics from countercultural taboo to scientific inquiry and therapeutic possibility. But in 2026, Pollan has turned his attention even deeper inward with A World Appears: A Journey Into Consciousness. Released just last month, it’s an ambitious exploration of consciousness itself, blending neuroscience, philosophy, literature, and psychedelic research, to investigate one of humanity’s oldest mysteries: why it feels like something to be alive at all. Learn all about it straight from him at this Town Hall talk! (Town Hall Seattle, 7:30 pm, all ages) LANGSTON THOMAS

TUESDAY 3/3

Esther Rose

New Orleans native Esther Rose will show off her range at Sunset Tavern on Tuesday, March 3. ASH WRIGHT

(MUSIC) I discovered Esther Rose in 2017 when she released her debut, This Time Last Night, an intimate country/folk album that feels like she’s playing for you around a campfire. Now on her fifth studio album, Want, the New Orleans native defies the expectations of what an Esther Rose album can be with bold indie rock arrangements and fuzzed-out guitars. As it’s depicted on the album’s cover, with Rose in a gauzy white cotton dress beside a Rose in a black pleather catsuit, the album balances hard and soft, juxtaposing songs like the Liz Phair–esque track “Ketamine” with the stripped-down piano ballad “Color Wheel.” The album also includes “Scars,” a duet with Seattle-based troubadour Dean Johnson—we love to see it! For this local date, Rose will be joined by fellow New Orleans singer-songwriter Thomas Dollbaum. (Sunset Tavern, 8 pm, 21+) AUDREY VANN

WEDNESDAY 3/4

Tigran Hamasyan - Manifeste

Tigran Hamasyan brings his experimental brand of contemporary jazz to Neptune Theatre on Wednesday, March 4. ARNOS MARTIROSYAN

(MUSIC) Armenian pianist and composer Tigran Hamasyan makes arthouse contemporary jazz; like the film genre I'm stealing the name from, it's independent, experimental, and thought-provoking. His unique combination of jazz improvisation, prog rock, and Armenian folk music has gained him recognition around the world: Hamasyan earned the top spot at Switzerland's Montreux Jazz Festival’s piano competition as a teen, winning the prestigious Thelonious Monk International Jazz Piano Competition a few years later. He released his 13th full-length record, Manifeste, last month, which takes the listener on a cinematic journey both sonically and literally—he recorded it across studios in Athens, Moscow, LA, and Yerevan, Armenia. Get swept up in an evening of music that jumps, twists, and turns in lively and unexpected ways under Hamasyan's inspired direction. (Neptune Theatre, 8 pm, all ages) SHANNON LUBETICH

THURSDAY 3/5

Everything, Everywhere, All at Once

View works like "The Echo Chamber" by artist Eric Louie at Foster/White Gallery's group exhibition "Everything, Everywhere, All at Once." ERIC LOUIE

(ART) This spring marks the 60th anniversary of Foster/White, one of Pioneer Square’s longest-standing fine art galleries. To mark the occasion, they’re bringing out a little bit of everything: works by some 55 represented artists, installed salon-style throughout the space. Alongside pieces by local legends such as Alden Mason and artists associated with the Northwest School, Foster/White’s roster spans a wide range of contemporary practices—from George Rodriguez’s ponderous ornamental ceramics and Ilana Zweschi’s algorithmic dances on canvas, to Eric Louie’s sheening metallic landscapes, and Casey McGlynn’s rough-hewn, punk poems gushing color. Word has it there will be cake on First Thursday. (Foster/White Gallery, 6–8 pm) AMANDA MANITACH

FRIDAY 3/6

Toody Cole

PNW punk legend Toody Cole will grace the stage at Tractor Tavern on Friday, March 6. HEATHER MACDONALD

(MUSIC) I once found myself sitting at a bar beside Toody Cole and told her that she was my all-time favorite bassist, to which she blushed and said, “Thank you, I’m trying really hard, and I practice a lot.” A telling response from a humble punk veteran who is far too cool to play it cool. Over the past five decades, Toody and her dearly departed husband, Fred, have kept Portland's music scene alive with their bands—Dead Moon, the Rats, Pierced Arrows, and several others—self-recording and self-releasing music in their self-built Clackamas County home. While it’s easy to take one look at Dead Moon’s drippy font and iconic skull logo and assume that their music is raucous, dark, and speedy, you might be surprised to find the tenderness that runs beneath, exemplified on vulnerable, slow-paced tracks like “Where Did I Go Wrong” and “It’s O.K.” At the center of Toody and Fred’s projects has always been love: love for the community, love of music, and love for one another. (Tractor Tavern, 8:30 pm, 21+) AUDREY VANN

SATURDAY 3/7

Lunar New Year Celebration 2026

(CULTURE) The Chinatown–International District Business Improvement Area’s annual Lunar New Year party returns this year, and so does its signature food walk. While the list of which restaurants will be participating wasn’t out before our publication date, you can count on neighborhood staples like Dim Sum King and Kau Kau BBQ to be included. The best part of the food walk? Too many choices. Last year, there were more than 40 businesses. Each one will offer $6 specials ranging from snacks like wings to drinks like boba. One time, I went with a friend and created a whole spreadsheet so we could maximize our time, stomachs, and money spent. Once you’re stuffed from all the food, you can head over to Hing Hay Park, where there will be a main stage with dragon and lion dance performances. And, hey, if you’ve got some of that lucky money to spend after feasting your way through the neighborhood, there will also be arts and crafts vendors. (Hing Hay Park, 11 am–5 pm, all ages, free) GRACE MADIGAN

SUNDAY 3/8

Emerald City Comic Con 2026

Connect with other fans at Emerald City Comic Con, March 5–8. WEST SMITH

(GEEK & GAMING) Whether you're an anime adorer, cosplay crafter, or all-around certified geek, Emerald City Comic Con transcends a typical convention, transforming the Seattle Convention Center into a third space for Avengers fandoms to assemble. The four-day con boasts panels and meet-and-greets with stars including Star Wars' Hayden Christensen, Twin Peaks icon Kyle MacLachlan, and Vampire Diaries heartthrob Ian Somerhalder, but experiences like the talent show, Pride Lounge, and tattoo pavilion really make this a community gathering to connect with fellow pop culture enthusiasts. (Seattle Convention Center, 10 am–5 pm, all ages) JANEY WONG

20:56

What sort of horrible things happen if my dialog has a non-button with the control ID of IDCANCEL? [The Old New Thing]

I noted in the bonus chatter that if you have a control whose ID is IDCANCEL, it had better be a button if you know what’s good for you. Shawn Keene doesn’t know what’s good for him and asks, “I can’t wait to find out what happens if my control is not a button.”

What happens is that the dialog manager will generate a WM_COMMAND message as if your IDCANCEL control were a button, even if it isn’t.

This means that the message arrives with a notification code of BN_CLICKED, a control ID of IDCANCEL, and a window handle of your not-actually-a-button window.

Since your control is not actually a button, it will treat the BN_CLICKED as if it were a notification appropriate to its type. The numeric value of BN_CLICKED is zero, so it’ll be treated as whatever a notification code of zero means for that control type. For example, if it’s actually a static control, you’ll interpret the zero to mean STN_CLICKED.

If it’s actually a list box, then you’ll see the zero and say “Huh? I don’t see any notification code with the numeric value of zero. What’s going on?”

If it’s a custom control, you will interpret the zero as whatever that custom control defines notification code zero to mean.

Basically, what you did is signed yourself up for confusion. You’re going to get a WM_COMMAND message with BN_CLICKED as the notification code, IDCANCEL as the control ID, and your non-button window as the control. What you do with that information is up to you.

Bonus reading: Why do dialog editors start assigning control IDs with 100?

The post What sort of horrible things happen if my dialog has a non-button with the control ID of <CODE>IDCANCEL</CODE>? appeared first on The Old New Thing.

Microsoft really doesn’t want you to use the name “Microslop” [OSnews]

Microsoft is pushing “AI” hard in Windows, Office, and in their other products, and it’s earned them a cute new nickname: Microslop. It turns out the company really doesn’t like it when you use this nickname, however, and its official Copilot Discord server – yes, there is an official one – has gone into a complete meltdown over people using the nickname. First the company started banning the word “Microslop” in its Discord server, but after people started circumventing the ban with alternative spellings. That’s when all hell broke loose.

What started as a simple keyword filter quickly snowballed into users deliberately testing the restriction and posting variations of the blocked term. Accounts that included “Microslop” in their messages first got banned from messaging again.

Not long after, access to parts of the server was restricted, with message history hidden and posting permissions disabled for many users.
↫ Abhijith M B at Windows Latest

People don’t like “AI”. They don’t like being forced to use it at work, they don’t like it shoved in their face in their operating systems, they don’t like every new product being plastered with nonsensical “AI” marketing. It’s absolutely no surprise that one of the companies pushing “AI” in the most visible way, a company few people like anyway, gets a nice new nickname.

I love that this happened. I hope their brand suffers as much as possible.

Community Organizer Jaelynn Scott Is Running to Represent the 37th Legislative District [The Stranger]

The Lavender Rights Project's Jaelynn Scott has never held public office. If elected, she would be the first openly trans person in the Washington State Legislature. She is running on crisis care; her focus is on housing instability, homelessness, healthcare access, ICE abductions, and trans rights. by Micah Yip

After nearly seven years as executive director of the Black trans feminist organization Lavender Rights Project, Jaelynn Scott is running for 37th District, Position 2, to represent the Central District, Columbia City, Beacon Hill, Rainier Valley, Rainier Beach and Renton.

There’s no incumbent, or so it seems, and Scott may just benefit from a game of musical seats. When Sen. Rebecca Saldaña announced her run for King County Council, 37th District Rep. Chipalo Street told the Washington State Standard that he’d run for the Senate seat she’s leaving behind, which would leave his seat open.

Scott has never held public office. If elected, she would be the first openly trans person in the Washington State Legislature. She is running on crisis care; her focus is on housing instability, homelessness, healthcare access, ICE abductions, and trans rights. She’s invested in helping the state’s vulnerable, like trans people and immigrants, with holistic solutions.

Local progressives believe she can get the job done. Sen. Saldaña, Seattle City Attorney Erika Evans, and City Councilmembers Alexis Mercedes Rinck and Dionne Foster have endorsed Scott. She’s full of ideas, but what about follow-through?

“There’s a lot on the line,” Scott says. “Everything in this race is holding the hopes and wishes and dreams of a lot of people who are struggling and suffering…Everything I do in the legislature will be absolutely critical because of the crisis that we’re facing as a country.”

Housing

The Lavender Rights Project operates permanent supportive housing in partnership with Chief Seattle Club, so Scott’s’s a big fan. The future of these programs has already been tenuous this year, because the feds have repeatedly threatened to pull huge chunks of its funding, but she believes partnerships and a hypothetical heap of public money from progressive taxation our state doesn’t yet have could scale up this model, which provides mental health, addiction and disability support for the recently homeless.

“My approach would be, throw everything at it,” Scott says. “Let’s get our taxation where it needs to be and then face the challenges so we can get revenue as quick as possible.”

Surveillance

Scott couldn’t say if surveillance tools like CCTV and automatic license plate readers (ALPRs) make the community safe, but she thinks they’re risky for the immigrants and transgender people being targeted by the federal government.

If she had her way, she’d turn them off. But in the interest of harm reduction, she supports a bill to limit data retention to 21 days, State Senate Bill 6002. Even so, a seven-day cap would be much better, she says, which is the limit ACLU-WA recommends.

“Until we know that it’s secure, let’s just pause [surveillance across the state] to keep the sanctuary that we want this place to be,” Scott says. “That is our goal and that means protecting us from federal intrusion.”

ICE

Scott wants ICE out, but she’s not sure how to do that.

“I want to spend these next months sitting in front of, not lobbyists, not legislators, not candidates who have great ideas—I want to actually sit in front of communities who are on the ground protecting folks and find out what are the policy recommendations that they have,” Scott says. (She followed up after the interview to say the legislature should revisit anti-ICE bills that failed last session, like House Bill 2641, which would’ve barred Washington law enforcement from hiring anyone who became an ICE officer after January 20, 2025.)

Trans Rights

Scott’s focus wasn’t on new legislation to protect trans rights, but on strengthening the social safety net. Trans people are disproportionately poor, and are often discriminated against at work.

Protecting them means expanding access to housing and health care, and finding state resources to bypass the federal government as it tries to restrict Medicaid coverage for gender-affirming care and abortion. (Sounds good, but that last one is a tall order.)

“There’s a lot of fear and anxiety about rights being pulled back, but especially when I talk to communities of color, trans communities of color, immigrant communities, it always goes back to those three priorities,” Scott says.

She really wants universal healthcare (who doesn’t?), and supports Whole Washington’s Washington Health Trust, a proposal to create a publicly funded, statewide universal healthcare system. But she didn’t know how to make it a reality.

20:49

Høiland-Jørgensen: The inner workings of TCP zero-copy [LWN.net]

Toke Høiland-Jørgensen has posted an overview of how zero-copy networking works in the Linux kernel.

Since the memory is being copied directly from userspace to the network device, the userspace application has to keep it around unmodified, until it has finished sending. The sendmsg() syscall itself is asynchronous, and will return without waiting for this. Instead, once the memory buffers are no longer needed by the stack, the kernel will return a notification to userspace that the buffers can be reused.

20:28

New Cover: “Valley Winter Song” [Whatever]

I woke up this morning and there was a whole new blanket of snow on the ground. Which I don’t love! Here in March! But I guess it is still technically winter for another three weeks, and also, it made this particular cover song I was working on more appropriate. The original is from Fountains of Wayne, which is best known for “Stacy’s Mom,” although songs like this one are rather more in line with the songwriting typical of the group. This is one of my favorites, and a little bit of a deep cut. But deep cuts can be good sometimes. Enjoy.

— JS

20:07

Texinfo 7.3 released [Planet GNU]

We have released version 7.3 of Texinfo, the GNU documentation format.

It's available via a mirror (xz is much smaller than gz, but gz is available too just in case):

https://ftpmirror ... exinfo-7.3.tar.xz
https://ftpmirror ... exinfo-7.3.tar.gz

Please send any comments to bug-texinfo@gnu.org.

Full announcement:

https://lists.gnu ... -03/msg00007.html

19:21

Texinfo 7.3 released [LWN.net]

Version 7.3 of Texinfo, the GNU documentation-formatting system, has been released. It contains a number of new features, performance improvements, and enhancements.

Once in a Dead Moon [The Stranger]

Toody Cole on Harmonies, Hardship, and Why She’s Back Onstage

by Audrey Vann

I once found myself sitting at a bar beside Toody Cole and told her that she was my all-time favorite bassist, to which she blushed and said, “Thank you, I’m trying really hard, and I practice a lot.” A telling response from a humble punk veteran who is far too cool to play it cool. Over the past five decades, Toody and her dearly departed husband, Fred, have kept Portland's music scene alive with their bands—Dead Moon, the Rats, Pierced Arrows, and several others—self-recording and self-releasing music in their self-built Clackamas County home. While it’s easy to take one look at Dead Moon’s drippy font and iconic skull logo and assume that their music is raucous, dark, and speedy, you might be surprised to find the tenderness that runs beneath, exemplified on vulnerable, slow-paced tracks like “Where Did I Go Wrong” and “It’s O.K..” At the center of Toody and Fred’s projects has always been love: love for the community, love of music, and love for one another. Even in one of their most pissed-off songs, 1994’s “Poor Born,” Fred sings lovingly, “I’ve got a woman who still makes me crazy with the shake of her nightgown.” I caught up with Toody Cole over the phone ahead of her show at the Tractor Tavern with bandmates Kelly Halliburton and Christopher March (of Jenny Don’t and the Spurs).

I emailed you for this interview through the contact on the Dead Moon website. Do you run the site, merch, and press inquiries on your own?
Yeah, baby, I’m still DIY all the way! It has pretty much always been my gig. And, shit, I turned 77 in December. I'm retired now, and while it's great to kick back, I'm still used to being busy. So, it’s just something to do, and it doesn't take up that much of my time. It's cool because I can do whatever I want or not do anything at all, depending on how I feel.

I was listening to an interview you gave in 2019, and you said, “I’ve always had it in my head ‘70 years old, and I’m done.'” I assume you changed your mind?
I'm as vain as anybody. I just thought that I would look too old, and I didn’t want to get on stage. But at some point, I got past that and just went, “What the hell!” and got back on stage. The more I look at old pictures, the more I go, “Fuck, I look great!” But the coolest thing is that it still feels just the same to get up on stage. It's not easy to do anymore—it takes a lot of work and prep time to make it happen.

What got you back into playing shows?
When I lost Andrew [Loomis, Dead Moon's drummer, who passed away in 2016] and Fred, followed by the pandemic, wildfire evacuations, and a huge ice storm, I looked up at the sky and thought, God, what next? It was like a domino effect. But, in 2023, Eric Isaacson (who runs Mississippi Records and reissues the Dead Moon LPs) had a 20th-anniversary party for the shop and asked if I would perform. I had the idea to do a retrospective of songs written by Fred from all the bands we had been in together. I figured it would just be a one-off. But I guess the set came off really, really well. I'm not used to this whole social media thing—I don't check it out, I don't do it, I don't post it, you know, whatever. But that's like all anybody does right now. So, as soon as videos from the show got posted, I got a flood of messages saying, “Oh my god, you're back playing again?” and offering gigs.

After that, I did a few local shows and got together with Kelly Halliburton and Christopher March from Jenny Don’t and the Spurs. It just fell together. At this point, Jenny takes care of all the bookings and detailed work for the band. I just resigned myself to booking a bunch of shows this year. This might be the last time I want to do it, I don't know.

How does it feel to play Dead Moon songs with different musicians, without Andrew and Fred?
Well, I'm not a songwriter—Fred wrote all the songs. I wish I had that talent. I really respect it. To me, his lyrics are amazing and timeless. People still love to hear his stuff, so I'm just doing the best that I can. It's not as good as the two of us together, that's for sure! One of my good friends said, “Man, know what I really miss? You and Fred’s harmonies together.” That's what I miss, too. It's just something that can't be duplicated, and thank God for that. It was the special ingredient.

What advice would you give to couples who want to create art together?
There are a lot of people who can and a lot of people who can't. I think one of the reasons that it worked so well for us was the fact that I wasn't a songwriter—there was no competition on that particular artistic level. Fred was pretty much the only reason I ended up playing music. He talked me into it, showed me how to play bass, and it just kind of grew from there. I got bit by the bug. I ended up loving being on stage. For me, it was more about performing in front of people and feeling that vibe, rather than getting satisfaction from writing a great song. We were both really good at different things.

We were an incredibly great partnership. I did all the paperwork and 90-percent of the business for the band: taking care of booking, hotels, flights, tour managing, and dealing with the money. Because of that, Fred got royalties from his songs. He never would have gone through that on his own. Some people are just too artistic to worry about money. So, anyway, we had everything handled between the two of us. That's why that worked. It was a really unique situation.

What was your first time on stage like?
My first show was with the Rats in 1977 or ’78, just doing punk-rock stuff. Fred had just started playing electric guitar on stage—before that, he was on lead vocals with the Weeds and the Lollipop Shoppe. I had only been playing bass for a couple of weeks, and our drummer was this kid who had never played drums before. [laughs] One night, while we were rehearsing together and having a drink, Fred said, “Oh, by the way, I got us a gig—we're playing a house party on Friday.” I was like, “What!? I can't do that, no way!” And he goes, “No, it'll be fine. Get a couple of beers in you, and you'll be great.” That was my first gig. It was in somebody's little teeny bar or front room or whatever, in front of about five-10 people.

Were there any musicians whom you were looking up to or emulating at the time?
Oh yeah. Greg Sage, man, the Wipers! A lot of my bass-playing style was influenced greatly by Dave Koupal, the bass player of the Wipers.

Between the Rats and Dead Moon, you released a solo single of Brenda Lee’s “Coming on Strong” and “Rather Be Your Lover,” written by Fred. How did that single come about?
Well, that happened because Fred was playing with his country group, the Western Front, at that time. We had broken up the Rats, and I got to a point where my kids weren't quite grown yet. My younger son was around 12/13, and he guilt-tripped me about going out of town and not being around. So I told Fred, “I'm done.” He ended up kind of messing around with country music and got the Western Front together. I would sing with those guys off and on. And that's how the Toody single happened. I love singing country, but it's not as exciting to play on stage, which is one of the reasons we left it behind and started Dead Moon.

I know that Fred was heavily inspired by seeing the Ramones to start the Rats. Was there a similar event that inspired the start of Dead Moon?
Fred wanted to go back to his roots and play rock and roll again. You know, real rock and roll, like the stuff he was doing with the Weeds and the Lollipop Shoppe. We got started by playing covers and a few of his older songs. Fred quickly got inspired and wrote so much incredible material in the first three years. From there, we got picked up locally, just from the reputation of our previous bands. The Wipers had started touring in Europe, and Hans Kesteloo (who ended up signing us to his label Music Maniac Records in Germany) hounded Greg Sage, saying, “You're living in Portland, right? Do you know Fred Cole?” So that's how that connection happened. It's just so weird. Everything seemed fated. It just fell into place.

I love that Dead Moon has some really pissed-off songs followed by some really sweet, tender songs, like the first album, when “Out on a Wire” goes into Elvis’ “Can’t Help Falling in Love.” Was that intentional?
Fred was always looking for material for me to sing before he started writing songs with me in mind to do the lead vocals. “Can’t Help Falling in Love” just kind of happened. At some point, we started playing it live, and I don't know, maybe we used it because we needed filler on the album. For whatever reason, my version of that song just caught on. Everybody loves hearing it.

Mixing the hard and the hopeful, the light and the dark, and that girly vocal thing, added a whole new dimension to Dead Moon. It’s what Fred used to call a roller coaster—he'd make setlists based on it—He liked to hit the audience hard at the beginning and the end. In the middle, we would build it up, and then bring it back down into a ballad or something slow, or start all over again. He totally learned it from watching punk-rock bands. You know, when everything's BAM! BAM! BAM! in your face, the effect wears off. Fred was an amazingly multifaceted individual, and he felt everything—you can tell just by the way he carried off his vocals. Every feeling was equally important to him.

See Toody Cole with Semisoft and DJ Kurt Bloch at the Tractor Tavern on Mar 6 at 8:30 pm.

18:35

Slog AM: We’re at War With Iran, It’s Expanding Through the Region, and There's No End in Sight [The Stranger]

The Stranger's Morning News Roundup. by Hannah Murphy Winter

Operation Epic Fury: We’re in our third day of war with Iran. On Saturday morning, in three strikes over the course of about a minute, the US and Israeli militaries killed Ayatollah Ali Khamenei, the nation’s supreme leader of almost 37 years, and more than 40 senior leaders in his government. Another missile strike hit an Iranian girls’ elementary school, killing 160 people. Trump has called for the Iranian Revolutionary Guard to lay down arms and “receive full immunity or face certain death.”

This could become a sprawling regional war in the Middle East. In retaliation, Iran has already fired a barrage of missiles and drones at Israel, and launched missile attacks on US military bases in Qatar, Kuwait, the United Arab Emirates, and Bahrain. Hezbollah then launched missiles at Israel in retaliation for the death of the Ayatollah, and as of this morning, Israel has also bombed the suburbs of Beirut, Lebanon, where there’s a Hezbollah stronghold.

Friendly Fire: In all of this chaos, three US fighter jets were accidentally shot out of the sky over Kuwait. All six crew members safely ejected from the planes.

In Trump’s video address to the public, he announced the Ayatollah’s death, saying that he had the blood of thousands of Americans on his hands. “We will continue until all of our objectives are achieved,” he said, but never clarified what those objectives were. Simply: “We have very strong objectives.” He also said that three American service members died in the attacks. “Sadly, there will likely be more before it ends,” he said. “That’s the way it is.” Secretary of War Pete Hegseth acknowledged a fourth American death this morning. “America will avenge their deaths,” Trump said in the video.

Hegseth did articulate the broad strokes of the war’s objectives this morning: “Destroy Iranian offensive missiles, destroy Iranian missile production, destroy their navy and other security infrastructure, and they will never have nuclear weapons. We’re hitting them surgically, overwhelmingly, and unapologetically,” he said in a press conference. He told reporters that it wouldn’t happen “overnight,” but didn’t say how long he expected the operation to last. And in an interview with CNN, Trump said that the “big wave” is yet to come.

“They Started It”: Both Trump and Hegseth have tried to present this as unavoidable, despite reports that there was no risk of a preemptive strike from Iran. In his video message, Trump said that the US-Israeli operation is a "righteous mission,” and the “duty and burden of a free people.” He said that Iran had been “waging war against civilization itself.” In a Pentagon press conference, Hegseth said, “We didn’t start this war, but under President Trump, we are finishing it.”

Meanwhile: Congress is starting the debate of whether or not Trump has the power to launch this war about three days too late. The power to declare war does technically lie exclusively with Congress, but they’re not likely to scrounge up the two-thirds vote they’d need to overcome a presidential veto.

Stateside, a gunman in Austin, Texas, walked into a bar early on Sunday morning with a pistol and a rifle, wearing clothes with an Iranian flag design and the words “Property of Allah.” He killed two people and wounded 14. Police killed the shooter on the scene, and the FBI is investigating the shooting as a possible act of terrorism.

In Seattle, hundreds of anti-war protesters showed up at Pike Place Market on Sunday, while a caravan of about 300 cars on I-5 demonstrated in support of the attacks.

Weather: Amid all of this insanity, the universe is giving us a little taste of spring today. Highs around 58, clear skies. Get into the sunshine, if only for your mental health.

If You’re Not One for the Sun: Perhaps a total lunar eclipse instead? Early Tuesday morning, between 3 a.m. and 4 a.m., the moon will fully fall behind Earth’s shadow, turning it blood red. It won’t happen again until New Year’s Eve 2028.

Something a Little Lighter: According to Playboy, experts in the field, the Winter Olympics were especially horny this year. “Set against the operatic mountains of Italy, homeland of Romeo and Juliet and centuries of Catholic repression, the steam emitted from the 2026 Winter Olympics came early,” they wrote. There was “penisgate.” USA Hockey Captain Hilary Knight got engaged at the games. Plus, every viewer was looking for a hint of Heated Rivalry this year. “The Olympic Village distributed 10,000 condoms to athletes, a well-known protective measure as our foremost athletes collaborate with their international counterparts. Within three days, they were gone—a record-breaking feat. With nearly 3,000 athletes in attendance, that’s roughly three protected encounters per competitor.”

Speaking of Olympians: The Seattle Torrent played their first game since the Olympics on Friday at Climate Pledge. The arena sold out for the first time for a PWHL game, but two of their Olympic stars—Hilary Knight and Hannah Bilka—were both out with injuries from the games. Knight, the team’s captain and Olympic record holder, will be out for at least three weeks. The team still held their own for most of the game, but lost in the third period when the Toronto Sceptres shot two goals into an empty net from the other side of the ice. It wouldn’t be Seattle sports without a little heartbreak.

If you, like me, are still riding the high of Team USA’s impeccable women’s hockey vibes, may I recommend Saturday’s SNL monologue with Heated Rivalry’s Connor Storrie, and members of both the men’s and women’s hockey teams? Torrent Captain Hilary Knight takes a stab at Trump, saying they included the boys “to be fair,” and Storrie tells the men’s hockey players (who insist they haven’t watched the Gay Hockey Show) that Ilya only gets his teeth knocked out “metaphorically.”

View this post on Instagram
A post shared by Saturday Night Live (@nbcsnl)

Amazon Who? The tech giant isn’t Seattle’s Number One Employer anymore. They reached their peak in 2020, with 60,000 employees, but after a few rounds of huge layoffs, they now employ fewer than 50,000 Seattleites.

Big Win for the Little Guys: In a push from a group of 13 progressives, the Washington State House Finance Committee stripped a tax break that would have benefited big businesses from the latest version of the Millionaires Tax. It could claw back $550 million—more than the governor’s proposed cuts to education and child care. Don’t you care about the kids, Bob?

A Song for Your Monday: A little Discovery Zone while you try to shake all this off and start the day.

17:49

February GNU Spotlight with Amin Bandali featuring nineteen new GNU releases: Nano, Pies, and more! [Planet GNU]

Hellen Chemtai: The Last Week of My Journey as an Outreachy Intern at Debian OpenQA [Planet Debian]

Hello world . I’m Hellen Chemtai, an intern at Outreachy working with the Debian OpenQA team on Images Testing. This is the final week of the internship. This is just a start for me as I will continue contributing to the community .I am grateful for the opportunity to work with the Debian OpenQA team as an Outreachy intern. I have had the best welcoming team to Open Source.

My tasks and contributions

I have been working on network install and live images tasks :

Install live Installers ( Ventoy , Rufus and Balenaetcher) and test the live USBs made by these live installers. – These tasks were completed and is running on the server.
Use different file systems (btrfs , jfs , xfs) for installation and then test. – This task was completed and running on the server. It still needs some changes to ensure automation for each file system
Use speech synthesis to capture all audio. – This task is almost complete. We are testing to ensure no errors will occur in the server.
Publish temporary assets. – This task is not a priority and will be worked on once we’ve wrapped up the other tasks.

I have enjoyed working on testing both live images and net install images. This was one of the goals that I had highlighted in my application. I have also been working with fellow contributors in this project.

My team

As I had stated , I have had the best welcoming team to Open Source . They have been working with me and ensuring I have the proper resources for contributions. I am grateful to my three mentors and the work they have done.

Roland Clobus is a project maintainer. He is in charge of code review , pointing out what we need to learn and works on technical issues. He considers every solution we contributors think of and will go into detailed explanations for any issue we have.
Tassia Camoes is a community coordinator. She is in charge of communication, co-ordination between contributors and networking within the community. She on-boarded us and introduced us to the community.
Philip Hands is also a project maintainer. He is in charge of technical code , ensuring sources work and also working on server and its issues. He also gives detailed explanations for any issue we have.

I wish to learn more with the team. On my to do list, I would like to gain more skills on ports and packages so to contribute more technically. I have enjoyed working on the tasks and learning

The impact of this project

The automated tests done by the team help the community in some of the following examples:

Check the installation and system behavior of the Operating System images versions
Help developers and users of Operating Systems know which versions of applications e.g live installers run well on system
Check for any issues during installation and running of Operating Systems and their flavors

I have also networked with the greater community and other contributors. During the contribution phase, I found many friends who were learning together with me . I hope to continue networking with the community and continue learning.

March Things to Do: This & That [The Stranger]

The best culture and community events happening this month. by Nathalie Graham

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

Emerald City Comic Con

Mar 5–8

Nerds run the city the first week of March. They, bedecked in cosplay, are the mayor now. Their first conquest: the Convention Center. Emerald City Comic Con is the place to be if you like sci-fi, fantasy, or popular Renaissance faire acts like Jacques ze Whipper. If you head to ECCC this year, you could be in the same room as Kyle MacLachlan (Twin Peaks, Fallout) or the one woman who was in Heated Rivalry. You’ll also get to see Hayden Christensen from everyone’s least favorite Star Wars movies and renowned authors like Matt Dinniman, who wrote the electric Dungeon Crawler Carl, or Chuck Tingle, who writes “tinglers” like Pounded in the Butt by My Own Butt. Something for everybody! Don’t forget to wear deodorant! (Seattle Convention Center, all ages) NATHALIE GRAHAM

The Seattle Color Festival

Mar 28

Celebrate Holi, the Hindu Festival of Colors, almost a month late but near the Space Needle. Entry is free, registration is mandatory, colors are not free, and you can’t bring your own colors. This palette is regulated. We’re celebrating the eternal love of Radha and Krishna, the end of winter, and the arrival of spring, not your favorite shade. I would not recommend the festival to crowd-a-phobes. Last year’s Holi celebration drew 10,000 people. (Mural Amphitheatre Seattle Center, 11 am, all ages, free) VIVIAN McCALL

Daffodil Day

Mar 20

The clocks are forward. The birds are chirping. The rabbits are going to start fucking any second. The daffodils have burst forth from the earth, buttery and hopeful. Spring has sprung. The only way to celebrate is to venture down to Pike Place Market on March 20. The roof of the market turns yellow, lined with the happy flowers. Underneath the blooms tossing their heads in a spritely dance (Wordsworth, anyone?), you’ll be able to participate in the market’s annual Daffodil Day. Between 11 a.m. and 2 p.m., the market just gives away bundles of flowers. You’ll need to be quick, though—the free daffodils go quickly. If worse comes to worst, you may need to prepare for daffodil battle. Stems can poke an eye out. (Pike Place Market, 11 am–2 pm, free) NATHALIE GRAHAM

More

Riding Together: 135 Years of Cycling in Seattle Through Apr 26, Museum of History & Industry

Stitch and Bitch Mar 4 (every first Wednesday), Push/Pull, 6 pm, free

Northwest Record Show Mar 8, Seattle Center Armory, 10 am–5 pm, all ages

Free Play Open House Vinyl Night Mar 10, Northwest Pinball Collective, 8 pm, all ages

Pi Day Dash Mar 14, Green Lake Community Center, 8 am, all ages

Cultivating Your Best Crop of Tomatoes Mar 14, NE Seattle Tool Library, 1 pm

Irish Festival Mar 14–15, Seattle Center Armory, all ages, free

The Gothic Market Mar 14–15, Seattle Center Exhibition Hall, noon, all ages

Block Printing Workshop Mar 27 (every last Friday), Push/Pull, noon

Sneaker Con Seattle Mar 28, Seattle Convention Center, noon, all ages

Spelling Bee 2026 Mar 29, Town Hall, 1 pm, all ages, free

March Things to Do: Food [The Stranger]

The best food & drink events happening this month. by Grace Madigan

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

Lunar New Year Celebration 2026

MAR 7

The Chinatown–International District Business Improvement Area’s annual Lunar New Year party returns this year, and so does its signature food walk. While the list of which restaurants will be participating wasn’t out before our publication date, you can count on neighborhood staples like Dim Sum King and Kau Kau BBQ to be included. The best part of the food walk? Too many choices. Last year, there were more than 40 businesses. Each one will offer $6 specials ranging from snacks like wings to drinks like boba. One time, I went with a friend and created a whole spreadsheet so we could maximize our time, stomachs, and money spent. Once you’re stuffed from all the food, you can head over to Hing Hay Park, where there will be a main stage with dragon and lion dance performances. And, hey, if you’ve got some of that lucky money to spend after feasting your way through the neighborhood, there will also be arts and crafts vendors. (Hing Hay Park, 11 am–5 pm, all ages, free) GRACE MADIGAN

Hannyatou x Sake Noire x No Call No Show

MAR 9

Everything that the No Call No Show pop-up—themed craft cocktails and snacks concocted by a group of fine-dining creative weirdos—does is fucking elite, and this one’ll be no exception. Chef Mutsuko Soma, who owns award-winning Kamonegi, is hosting this month’s NCNS next door at Hannyatou, her foggy-windowed tavern straight out of a Miyazaki film. Your bartenders tonight are Murray Stenson’s prodigal protégé and NCNS impresario Matt Pachmayr (Le Coin, Streamline Tavern) and the mononymous Quan from the exquisite Sake Noire popup. (And soon-to-be Hillman City bar!) Fresh off a trip to Mexico, Quan and Soma came home inspired by “street tacos, endless hot sauces, ceviches, and late-night micheladas.” So they’re doing a Hannyatou x Three Amigos! shtick this month! Featured bites include Japanese curry nachos and wagyu taco rice—that’s Okinawan-style ground beef on rice with crushed Doritos—while the drink list includes a horchata-clarified milk punch with sōchū and chocolate, a jalapeño–yuzu gin martini, and a pickled strawberry old-fashioned made with yellow Chartreuse and tropical-fruity Nuestra Soledad Ejutla mezcal. To quote the film: I like these guys. They are funny guys. (Hannyatou, 21+) MEG VAN HUYGEN

FareStart Guest Chef Night with Matt Lewis and Dre Neeley

MAR 19

FareStart Seattle provides culinary on-the-job training to individuals facing barriers to employment and a unique dining experience all in one. Twice a month on Guest Chef Night, the FareStart students prepare a three-course meal served by volunteers, and March 19 will feature a dinner made in collaboration with local chefs Matt Lewis and Dre Neeley. Chef Matt Lewis is best known for his food truck, Where Ya At Matt, slinging Southern soul food reflective of his roots in New Orleans. Chef Dre Neeley of Vashon Island’s much-celebrated Gravy is likewise recognized for his Southern-inspired American fare and use of locally sourced, seasonal ingredients. Students in the program receive 12 weeks of culinary training, including food safety, recipe planning, and food prep, and Guest Chef Night will be a celebration of their work and a further opportunity to learn from established local chefs who have been through every stage of the industry. All proceeds from Guest Chef Night directly support the FareStart job training programs. (FareStart Restaurant, 5–9 pm) DYLAN BUECHE

Author Talk: Ham El-Waylly

MAR 31

Sohla and Ham El-Waylly are one of the most charming, talented, down-to-earth chef couples around, and I regularly tune in for their dispatches from the kitchen on YouTube. Their laid-back approach has a way of making cooking seem fun and effortless, which is why I’m so excited for Ham’s debut cookbook, Hello, Home Cooking: Do-Able Dishes for Every Day. The book encourages home cooks to experiment and promises nostalgic, out-of-the-box comfort dishes with international flavors and a “can’t-quite-put-my-finger-on-it heart-warming quality,” such as Bolivian cheesy rice, onion-smothered pot roast, and a version of Cinnamon Toast Crunch made out of pita. Ham will drop by Book Larder to discuss the book with Ahmed Suliman, the James Beard–nominated chef of Cafe Suliman. (Book Larder, 6:30 pm) JULIANNE BELL

More

Tacoma Beer Week Through Mar 8, various locations across Tacoma

Crumb Bakery Tour Through Mar 30, various locations

Soup Club Mar 7 (every first Sunday), Book Larder, 11 am

2nd Annual Seattle Sister Cities’ Soup Sampling Mar 8, National Nordic Museum, 2 pm, all ages

Decorative Pie Class with Natalie Popkave Mar 14, Pastry Project, 3 pm

My Dinner with SAM: Preeti Agarwal Mar 12, Seattle Asian Art Museum, 6:30 pm

Taste Washington Mar 21–22, various locations

Author Talk: Ella Quittner Mar 12, Book Larder, 6:30 pm

Author Talk: Sana Javeri Kadri and Asha Loupy Mar 17, Book Larder, 6:30 pm

Celebrate Women’s Month with Freeland Spirits Mar 17, Barrel Thief, 6 pm, 21+

March Things to Do: Film [The Stranger]

The best film events and screenings happening in March. by Julianne Bell

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

Safe

MAR 1–15

Todd Haynes’s Safe is a horror movie cloaked in pastel colors, plastic tarps, and unsettling silence. Julianne Moore, the master of tension and nuance, plays Los Angeles housewife Carol White, who comes down with a debilitating illness that doctors cannot diagnose. After becoming self-convinced that the illness is caused by extreme environmental allergies, White flees to a retreat in New Mexico led by a New Age guru. Perhaps the most fascinating element of this film is the numerous ways it can be interpreted: a critique of suffocating suburban life, an allegory for the queer experience, a metaphor for the AIDS crisis, or a commentary on self-help culture—the more time that passes since its release, the richer the text gets. Don’t miss the chance to see it on the big screen this month to celebrate its 30th anniversary. (Northwest Film Forum, times vary) AUDREY VANN

Pillion

MAR 20–29

A24’s kinky gay “dom-com” Pillion, adapted from the 2020 novel Box Hill by Adam Mars-Jones, is one of my most highly anticipated films of 2026. English filmmaker Harry Lighton’s feature directorial debut follows the meek, guileless Colin (Harry Melling), whose life is turned upside down when he hooks up with gorgeous biker Ray (certified sexy freak Alexander Skarsgård) in an alley. Soon, Colin is initiated into the intriguing world of gay biker culture and BDSM and finds an unexpected sense of purpose and agency in his role as submissive. It’s a hot, funny, and surprisingly sweet meditation on sex and power—Secretary for the leather boys. Read our full review here. (Northwest Film Forum, times vary) JULIANNE BELL

Scorsese: The Age of Innocence

APR 1

Martin Scorsese has made countless iconic films about the Big Apple in different time periods, from Wall Street in the late ’80s (The Wolf of Wall Street) and decaying post-Vietnam New York City (Taxi Driver), to the city’s swanky jazz clubs of the 1940s (New York, New York). So naturally, he was the man for the job when it came to adapting fellow New Yorker Edith Wharton’s 1920 novel The Age of Innocence. Set in Gilded Age Manhattan, the story follows a messy love triangle between a young lawyer, his fiancée, and his fiancée’s newly separated cousin. This movie has everything: Winona Ryder, staggering period accuracy, decadent feasts, sweeping cinematography, and plenty of yearning glances. This is part of SIFF’s Martin Scorsese: Maestro of Cinema series, showing a different film by the director every Wednesday evening through the end of April. (SIFF Cinema Uptown, 7:30 pm) AUDREY VANN

More

The Hawks and the Sparrows Mar 2–5, the Beacon, times vary

Scorsese - Taxi Driver: 50th Anniversary Mar 4, SIFF Cinema Uptown, 7:30 pm

The Bride! Opens Mar 5, wide release

Truth to Fiction: The Librarians Mar 5, NW Film Forum, 7 pm

The Room Mar 5, Central Cinema, 5 pm

A Poet Opens Mar 6, SIFF Film Center

Days and Nights in the Forest Opens Mar 6, SIFF Cinema Uptown

Dial M for Murder Mar 6–11, Central Cinema

The Big Lebowski Mar 6–11, Central Cinema

HUMP! Film Fest Through Mar 7, On the Boards

Collide-O-Scope Mar 9, Clock-Out Lounge, 7 pm

Scorsese: Raging Bull Mar 11, SIFF Cinema Uptown, 7:30 pm

Retro Night: Mean Girls Mar 11, Majestic Bay

Numbskull Revolution Mar 11–12, Northwest Film Forum

The Ugly Stepsister Mar 11–12, SIFF Film Center, 7:15 pm

Werckmeister Harmonies Opens Mar 13, SIFF Film Center

Learning to Be Naked Screening with live burlesque from Mx. Pucks A’Plenty Mar 14, Central Cinema, 4 pm

Emerald City Irish Film Festival Mar 14–15, Pacific Science Center PACCAR IMAX theater

The 13th Annual On Cinema Oscar Special Mar 15, the Beacon

Raised by TV Oscars Viewing Party Mar 15, Clock-Out Lounge, all ages, free

Scorsese: The King of Comedy Mar 18, SIFF Cinema Uptown, 7:30 pm

Project Hail Mary Mar 19, wide release

Tow Opens Mar 20, SIFF Cinema Uptown

He Never Dies: The Films of Kalil Haddad Mar 20–29, NW Film Forum

The Cutoff Presented by Aravaipa Running Mar 21, SIFF Cinema Uptown, 1 pm

Scorsese: Goodfellas (4K Restoration) Mar 25, SIFF Cinema Uptown, 7:30 pm

National Film Festival for Talented Youth (NFFTY 2026) Mar 26–29, SIFF venues, times vary

Stand by Me: The Film and Its Stars 40 Years Later with Wil Wheaton, Jerry O’Connell, and Corey Feldman Mar 28, Paramount Theatre, 7:30 pm, all ages

March Things to Do: Performance [The Stranger]

The best theater, dance, and comedy events happening this month. by Nathalie Graham

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

Mary Jane

MAR 19–APR 19

Mary Jane is by no means a new play. Amy Herzog wrote and premiered it at the Yale Repertory Theatre in 2017; that same year, Carrie Coon (who you at least know from the most recent season of White Lotus or The Gilded Age or Fargo) won an Obie for playing the title character at the New York Theatre Workshop; then in 2024, Rachel McAdams made her Broadway debut as that same lead. And based on the critical reaction to every staging so far, I’m certain of one thing: This compact, 95-minute play is guaranteed to break your heart. Herzog’s story is semi-autobiographical, about the impossible reality of parenting a chronically ill 2-year-old who wasn’t expected to live past his first week. But don’t mistake it for a tragic Lifetime movie. Instead, it captures what it is to be suspended, frozen in a state of crisis, but the play still promises humor, clarity, and humanity. Whether you’ve seen it staged already or not, catch it this time. (Bagley Wright Theater, times vary) HANNAH MURPHY WINTER

Amy O’Neal: Again, There Is No Other (The Remix)

MAR 26–28

Amy O’Neal is back home again. After spending two decades dancing and curating in Seattle, she took a few years off in LA, but she’s settled back into the Pacific Northwest, and at On the Boards. When O’Neal was a finalist for a Stranger Genius Award back in 2013, Jen Graves and Brendan Kiley wrote that “delicate, wide-eyed girls with mouths that never open are about the only thing you will never find in Amy O’Neal’s dances.” And it’s a solid bet that you won’t find them in her newest play, either. She describes her return to On the Boards as a “ritual of femme power and connection” that “interrogates fear for the Feminine in patriarchal culture.” The piece combines the energy of nightclub and theater through five femme dancers, and includes original music from WD4D, Shabazz Palaces, Natasha Kmeto, and Moderat. (On the Boards, 8 pm) HANNAH MURPHY WINTER

Heather Kravas: RoCoCoCoCo

MAR 26–28 AND APR 2–4

Longtime Seattle choreographer and dancer Heather Kravas has put together a contemporary dance series in late March through early April. RoCoCoCoCo has four movements—all take place in the black box theater at 12th Avenue Arts, all feature a different combination of dancers, and all will be accompanied by two pianists playing on two upright pianos that are bound together. You can see these dances—which are described like a DIY folk dance—unspool over four evenings, or if you haven’t rotted the fuck out of your attention span, you can opt for the marathon version and watch 4.5 hours of dance in one evening and see everything all at once. Whatever you choose, RoCoCoCo will be an experience you shouldn’t miss. (12th Avenue Arts, times vary) NATHALIE GRAHAM

More

A Midsummer Night’s Dream Through Mar 8, Union Arts Center, times vary

The Bonnies Mar 4–7, 12th Avenue Arts, 7:30 pm

I Will Miss You When You’re Gone Mar 5–21, Theatre off Jackson, times vary

Spike Einbinder & Honey Pluton Mar 10, Clock-Out Lounge, 8:30 pm, 21+

Benny Feldman Mar 11, Fremont Abbey, 8 pm

Joketellers Union with Emmett Montgomery and Brett Hamil Mar 11, Clock-Out Lounge, 8:30 pm, 21+

Morgan Jay Mar 13, Paramount Theatre, 7 pm, all ages

Tina Friml Mar 13–14, Laughs Comedy Club, times vary, 21+

Pacific Northwest Ballet Presents: Firebird Mar 13–22, McCaw Hall, times vary

Ain’t Misbehavin’ Mar 18–Apr 25, Taproot Theatre, times vary

Samantha Bee Mar 19, Neptune Theatre, 8 pm, all ages

Moisture Festival 2026 Mar 19–Apr 12, Broadway Performance Hall, times vary

Alvin Ailey American Dance Theater Mar 20–22, Paramount Theatre, times vary, all ages

Hurricane Diane Mar 20–Apr 12, Seattle Public Theater, times vary

Wife of Headless Man Investigates Her Own Disappearance Mar 27–Apr 11, Annex Theatre, times vary

Grand Kyiv Ballet: Swan Lake Mar 29, Moore Theatre, 4 pm, all ages

Brandon Wardell Apr 3, Crocodile, 7 pm, 21+

Early Warnings

Walden Apr 9–May 3, ArtsWest, times vary

The Stranger’s Undisputable Champions of Comedy Apr 4, Washington Hall, 7:30 pm, 21+

Appropriate Apr 9–May 10, Bagley Wright Theater, times vary

Pacific Northwest Ballet Presents: Giselle Apr 10–19, McCaw Hall, times vary, all ages

Jet City Improv at ArtsWest: An Improvised Musical Apr 19, ArtsWest, 7:30 pm

Margaret Cho Apr 19, Moore Theatre, 7 pm, all ages

Jonathan Van Ness Apr 24, Moore Theatre, 8 pm, all ages

Seattle Opera: Carmen May 2–17, McCaw Hall, times vary (See preview, pg. 43)

Jesus Christ Superstar May 2–17, 5th Avenue Theatre, times vary

Feat: Velocity Bash 2026 May 6, Washington Hall, 6 pm

Fauxnique: How Do I Look? May 7–9, On the Boards, 8 pm

Barefoot in the Park May 13–June 20, Taproot Theatre, times vary

Pacific Northwest Ballet Presents: All Lang May 29–June 7, McCaw Hall, times vary

NW New Works 2026 June 4–6, On the Boards, 7 pm

Disappearance at the Rocky Mountain Leatherdyke Snowpicnic June 5–20, Annex Theatre, times vary

The Play That Goes Wrong June 11–28, Bagley Wright Theater, times vary

March Things to Do: Literature [The Stranger]

The best talks and readings happening in March. by Julianne Bell

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

Richard Hell

MAR 9

In his 2005 novel Godlike, punk pioneer Richard Hell reimagines the tumultuous relationship between 19th-century French poets Arthur Rimbaud and Paul Verlaine in 1970s New York. Hell’s adaptation follows esteemed poet Paul Vaughn, a married 27-year-old New Yorker, and a newly transplanted teenage poet, R.T. Wode, as they embark on a messy affair full of acid trips, crashed parties, and unrequited love. The book is getting a snazzy rerelease from NYRB (the Criterion Collection of the book world), and Hell will be there in the flesh to discuss the book and maybe even sign a few (if we’re lucky). (Elliott Bay Book Company, 7 pm, free) AUDREY VANN

Scott Broker with Mattilda Bernstein Sycamore

MAR 13

Scott Broker’s first novel, The Disappointment, starts where so many stories do: a man trying to sneak his mother’s ashes into his suitcase without his husband noticing. The book is described as a surrealist vacation through this couple’s desperate, disconnected trip to the Oregon Coast. And no one could be better to interview him than Seattle’s own Mattilda Bernstein Sycamore (who recently released Terry Dactyl, if you somehow haven’t gotten your hands on it yet). The conversation promises to be brilliant, funny, and very, very queer. (Elliott Bay Book Company, 7 pm, free) HANNAH MURPHY WINTER

Stephen Graham Jones

MAR 30

With books like The Only Good Indians, My Heart Is a Chainsaw, and I Was a Teenage Slasher, Stephen Graham Jones has established himself as one of the most thrilling and urgent voices in horror right now. His latest release is the critically acclaimed historical horror novel The Buffalo Hunter Hunter, which tells the story of a Blackfeet Indian vampire named Good Stab who haunts the fields of the Blackfeet reservation, searching for vengeance. Jones will discuss his chilling oeuvre with local horror expert Sadie Hartmann, aka “Mother Horror,” co-owner of the horror fiction subscription company Night Worms and a Bram Stoker Award–nominated editor. (Town Hall Seattle, 7:30 pm) JULIANNE BELL

More

James McBride Mar 3, Town Hall Seattle, 7:30 pm

Norma Wong Mar 4, Elliott Bay Book Company, 7 pm, free

The Moth StorySLAM Mar 5, Fremont Abbey, 8 pm

Olivia Waite: Nobody’s Baby Mar 10, Charlie’s Queer Books, 7 pm

Lit Lounge: A Prose & Poetry Salon with Jodi-Ann Burey, Minda Honey, Deesha Philyaw, Mitchell S. Jackson, and DJ Twilight Mar 13, Royal Room, 8 pm

Kate Schatz with Molly Wizenberg Mar 16, Third Place Books Ravenna, 7 pm, free

Darcy Michael with Jeremy Baer Mar 18, Third Place Books Lake Forest Park, 7 pm

Lauren Westerfield with Erin Langner and Katie Lee Ellison Mar 19, Elliott Bay Book Company, 7 pm, free

Bob Crawford with John Roderick Mar 19, Third Place Books Lake Forest Park, 7 pm

The Moth StorySLAM Mar 20, St. Mark’s Cathedral, 8 pm

Tayari Jones with Ijeoma Oluo Mar 23, Elliott Bay Book Company, 7 pm, free

Ibram X. Kendi Mar 23, Town Hall Seattle, 7:30 pm

Sasha taqwšblu LaPointe with Katie Campbell Mar 23, Seattle Public Library Central Branch,
6:30 pm, free

Jane Hirshfield Mar 24, Elliott Bay Book Company, 7 pm, free

Sydney Langford: Someone to Daydream About Mar 28, Charlie’s Queer Books, 6:30 pm

Rebecca Brown with Christopher Frizzelle Mar 28, Elliott Bay Book Company, 7 pm, free

Ashley McGirt with Marcus Harrison Green Apr 1, Elliott Bay Book Company, 7 pm, free

Lindy West Apr 3, Town Hall Seattle, 7:30 pm

March Things to Do: Visual Art [The Stranger]

The best art shows and events happening in March. by Amanda Manitach

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

‘Everything, Everywhere, All at Once’

MAR 5–APR 25

This spring marks the 60th anniversary of Foster/White, one of Pioneer Square’s longest-standing fine art galleries. To mark the occasion, they’re bringing out a little bit of everything: works by some 55 represented artists, installed salon-style throughout the space. Alongside work by local legends such as Alden Mason and artists associated with the Northwest School, Foster/White’s roster spans a wide range of contemporary practices—from George Rodriguez’s ponderous ornamental ceramics and Ilana Zweschi’s algorithmic dances on canvas, to Eric Louie’s sheening metallic landscapes, and Casey McGlynn’s rough-hewn, punk poems gushing color. Word has it there will be cake on First Thursday. (Foster/White) AMANDA MANITACH

‘Beyond Mysticism: The Modern Northwest’

MAR 5–AUG 2

Featuring over 150 works, the SAM’s newest exhibit chronicles a rapidly changing 20th-century Seattle as told by artists who questioned the environmental and social impacts of industrialization through the visual language of social realism, surrealism, and abstract expressionism. Among these artists were the Northwest School’s Mark Tobey, Kenneth Callahan, Guy Anderson, and Morris Graves. I am most excited to see works from the unsung painter and Seattle-via-New York City transplant Yvonne Twining Humber, known for incorporating touches of Impressionism into her vibrant cityscapes. (Seattle Art Museum) AUDREY VANN

‘Let There Be Light’

OPENS MAR 13

The appetite for figurative work has grown ravenous over the past decade, eclipsing nearly all else (I jest—but bring back the conceptual weirdos and prankster-philosophers, please). That said, Let There Be Light is poised to be a blockbuster exhibition of figuration, curated by local artist-célèbre Anthony White. White’s own practice—steeped in fetishized beauty and objects of desire—draws from art-historical figurative traditions, often staging languorous odalisques refracted through a male-on-male gaze. Featuring work by 20 artists from Toronto, New York, Los Angeles, London, Paris, Philadelphia, Portland, and Seattle, this exhibition pushes figuration into the murkier terrain of the abject—a place where beauty melds with grotesquerie and the absurd. (Cannonball Arts) AMANDA MANITACH

Eric-Paul Riege: ‘ojo|-|ól’

MAR 14–OCT 25

The soft sculptures of Eric-Paul Riege aren’t quiet objects—their presence inscribed in space is monolithic and monumental, and when brought to life through movement, they become instruments of sound. Riege, who is Diné, has built a practice of collaging and reworking elements drawn from Navajo weaving and jewelry-making traditions, ultimately constructing large-scale, hanging installations that sway, ripple, and jingle when touched. For this exhibit—his largest solo show to date—Riege researched collections of Navajo artifacts held by Brown University’s Haffenreffer Museum of Anthropology and the University of Washington’s Burke Museum of Natural History and Culture. What emerged is an immersive environment that envelops the viewer while quietly unsettling institutional narratives of Indigenous culture. (Henry Art Gallery) AMANDA MANITACH

Unpoetry

MAR 19

Unpoetry, organized by Eric M. Acosta, is not your everyday open mic night; defying tidy description, it descends from a lineage of happenings and communal experiments where performance, poetry, and visual art collide. This year marks Unpoetry’s fourth anniversary and its third season collaborating with the Frye Art Museum, activating the galleries through ekphrastic intervention. This evening’s performances draw inspiration from works on view by Priscilla Dobler Dzul and Camille Trautman, and while the particulars are still gestating (there are rumors of a wall of CRT televisions, live video augmentation, and immersive soundscape performance), the lineup features multidisciplinary artist Arabella, composer Eddie Mospan, poet Caleb Thomson, and interdisciplinary collective Til the Teeth. The after-party is down the street at the Hideout. Where else in this city will you find ekphrastic-themed drinks and NA uncocktails? (Frye Art Museum) AMANDA MANITACH

More

New Nordic: Cuisine, Aesthetics, and Place Through Mar 8, National Nordic Museum

Susan Meiselas: Crossings Through Mar 22, Photographic Center Northwest, free

Tininha Silva: It’s Not What I See, It’s How I Sea Through Mar 25, J. Rinehart Gallery

Gala Bent: A Woman Awash Through Mar 25, J. Rinehart Gallery

Future Forward: crisscross Through Mar 29, Mini Mart City Park

The One-Two Punch: 100 Years of Robert Colescott Through Mar 29, Tacoma Art Museum

Indira Allegra: The Book of Zero Through Apr 4, Jacob Lawrence Gallery, free

Boren Banner Series: Camille Trautman Through Apr 12, Frye Art Museum, free

Priscilla Dobler Dzul: Water Carries the Stories of Our Stars Through Apr 19, Frye Art Museum, free

Project NW: Ralph Pugay Through May 17, Tacoma Art Museum

Haunted Through June 7, Tacoma Art Museum

Jonathan Lasker: Drawings and Studies Through Sept 27, Frye Art Museum, free

A Room for Animal Intelligence Through Jan 2027, Seattle Art Museum

Ten Thousand Things Through Spring 2027, Wing Luke Museum

Ivy Jacobsen: Into the Wild Mar 5–28, Patricia Rovzar Gallery

Fred Holcomb: Fast Forest Mar 5–28, Harris/Harvey Gallery

Service/Symbiosis Mar 5–Apr 18, Actualize AiR and SOIL

Aimee Lee: Tethered Opens Mar 6, Bainbridge Island Museum of Art

Crafting Futures: Emerging Artists Invitational Opens Mar 6, Bainbridge Island Museum of Art

George & David Lewis: Deeply Rooted Opens Mar 6, Bainbridge Island Museum of Art

Interwoven Narratives Opens Mar 9, M. Rosetta Hunter Art Gallery, free

Tethered: An Artist Talk with Aimee Lee Mar 14, Bainbridge Island Museum of Art, 3 pm

Any Body: An Exploration of the Body in Abstract and Figurative Art Mar 19–May 2, Magnuson Park Gallery

Water Ways: Healing the Circle of Water and Life Opens Mar 26, Schack Art Center, free

Bootsy Holler with KEXP DJ Troy Nelson Mar 30, Elliott Bay Book Company, 7 pm, free

Kiliii Yüyan: Guardians of Life: Indigenous Science, Indigenous Wisdom and Restoring the Planet Apr 1, Town Hall Seattle, 7:30 pm

Ongoing

Pioneer Square Artwalk Every first Thursday

Capitol Hill Art Walk Every second Thursday

Georgetown Art Attack! Every second Saturday

Chris Kallmyer: Song Cycle Ongoing, Seattle Art Museum

Gossip: Between Us Ongoing, Tacoma Art Museum

Legacy: Highlights from the Permanent Collection Ongoing, Tacoma Art Museum

Qiu Zhijie: Map of the History of Science and Technology Ongoing, Olympic Sculpture Park, free

Ash-Glazed Ceramics from Korea and Japan Ongoing, Seattle Art Museum

March Things to Do: Music [The Stranger]

The best concerts and dance nights happening in March. by Julianne Bell

Want more? Here's everything we recommend this month: Music, Visual Art, Literature, Performance, Film, Food, and This & That.

Toody Cole, Semisoft, DJ Kurt Bloch

MAR 6

I once found myself sitting at a bar beside PNW legend Toody Cole and told her that she was my all-time favorite bassist, to which she blushed and said, “Thank you, I’m trying really hard, and I practice a lot.” A telling response from a humble punk veteran who is far too cool to play it cool. Over the past five decades, Toody and her dearly departed husband, Fred, have kept Portland’s music scene alive with their bands—Dead Moon, the Weeds, the Rats, Pierced Arrows, and several others—self-recording and self-releasing music in their self-built Clackamas County home. Can we get this woman a key to the city of Portland already!? Toody will be joined by her band, Kelly Halliburton and Christopher March (of Jenny Don’t and the Spurs), for a retrospective of material from her aforementioned projects. Fingers crossed that she plays one of her solo deep cuts, “Coming On Strong” or “Rather Be Your Lover.” Tacoma-based psych rock trio Semisoft and DJ Kurt Bloch (the Fastbacks, Young Fresh Fellows, Filthy Friends) will open. (Tractor Tavern, 8:30 pm, 21+) AUDREY VANN

Truly, King Youngblood

MAR 6

With their classic 1995 debut album, Fast Stories... from Kid Coma, Seattle’s Truly peaked just as gr*nge was heading to the morgue. Guitarist/vocalist Robert Roth, ex-Soundgarden bassist Hiro Yamamoto, and former Screaming Trees drummer Mark Pickerel had released two Sub Pop EPs that foreshadowed the brilliance to come. On Fast Stories..., a concept album about a comatose youth “reliving a past summer of grandeur,” the songs have the eerie glow of a codeine dream. Similar to fellow Seattleites Love Battery, Truly possess a keen grasp of triumphant psych-rock guitar tones and vocal extenuation. A blurred majesty prevails here and on 1997’s Feeling You Up, and Roth’s unhinged snarl and tuneful moan are Cobain’s equal. At their best, Truly’s songs display a cinematic sweep that’s absolutely transcendent while simultaneously seeming nonchalant. It’s a feat that few can pull off. Welcome this return by our (relatively) unsung local heroes. (Baba Yaga, 8 pm, 21+) DAVE SEGAL

Steve Hauschildt, Kara-Lis Coverdale

MAR 6

The Reflections series has become a nexus of challenging, chill music and retina-rippling light shows in nontraditional venues. The latest match-up features ex-Emeralds synth sorcerer Steve Hauschildt and Canadian composer Kara-Lis Coverdale. The former is a studious builder of majestic arpeggios and icily pretty melodies. His huge catalog abounds with twinkling tunes that will surely sound stunning bouncing off stained glass. The latter is a PhD-level sound scientist who excels in melodically complex, long-form excursions and concise, timbrally exciting abstractions. Last year, Coverdale peaked with Changes in Air, a sonorous drone-athon par excellence. Before she entered the heady world of electronic music, Coverdale began working at age 13 as an organist and music director at many Canadian churches, where she also put in time as a choir conductor. A cavernous Capitol Hill church should be an ideal setting for her. (Seattle First Baptist, 7 pm, all ages) DAVE SEGAL

Whitney, Prewn

MAR 7

When former Smith Westerns guitarist Max Kakacek and departed Unknown Mortal Orchestra touring drummer Julien Ehrlich formed Whitney and released their acclaimed 2016 debut, Light upon the Lake, they revealed a rare, enviable dynamic that was both raw and comforting. Ehrlich’s Sunday-morning armchair poetry felt like effortless reflections; his falsetto should have been required to register as an electric blanket. Kakacek’s alternating pedal steel and bendy ’70s guitar licks melted into the warm lo-fi recording like a grilled cheese on a motel room radiator. Plus, Ehrlich sang from behind the kit, which was cool. Though the Chicago duo has made the occasionally questionable choice to veer into overly produced cutesy funk (2022’s Spark), they were able to reclaim much of their country soul and tavern piano charm with last fall’s Small Talk. The band doesn’t hit as many high notes as it once did (so to speak), but they still have enough lightning in the bottle to warm a stage for an evening. (Showbox, 8:30 pm, all ages) TODD HAMM

Blackwater Holylight, SOM, MUÑECA

MAR 10

Portland-born all-female metal band Blackwater Holylight contrast their shimmering harmonies with sludgy, psychedelic instrumentals, creating a product that is haunting, beautiful, cathartic, and scary all at once. Their new album, Not Here Not Gone, features some of their most approachable songs yet. Take “Heavy, Why?” for example, which is reminiscent of 2010s rock bands like the Dum Dum Girls and Broken Water. I don’t listen to very much metal, but I find myself revisiting this band every time I’m in a dark, hostile mood (which these days is often). Consider this evening of metal your gateway into the genre, with opening sets from the shoegaze-inspired SOM and sludge metal punk trio MUÑECA. (Neumos, 7 pm, 21+) AUDREY VANN

Indigo De Souza, Mothé

MAR 10

Indigo De Souza’s music has always dealt with different kinds of death; her layered vocals revel in the ownership of personal missteps that echo as communal failings and social death. Last summer’s Precipice is no different in tone, from the consistently awesome skeletons-with-boobs album artwork to the edge-of-existence conceit. A main marker of evolution has been the embrace of electronic pop production over the crunchy Lucy Dacus–esque guitar ballads of albums past, which she has confirmed to be a purposeful choice, even excitedly. To this, I cannot give a more heartfelt endorsement, to the contrary of Pitchfork’s Robins-Somerville review. Even the album’s most Taylor Swift–ian of tracks are dark as fuck, and I can’t imagine a better, more worthy philosophical mindfuck to jam the pop algorithms. (Showbox, 8 pm, all ages) TODD HAMM

Cochemea, Jungle Fire

MAR 11

The Daptone label’s most out-there act, saxophonist/flautist/bass clarinetist Cochemea creates humid, psychedelic roots music that vibrates in its own lane. Before the Yaqui/Yoeme artist went solo, he played sax for Sharon Jones & the Dap-Kings and worked with Quincy Jones, Amy Winehouse, Archie Shepp, and others. However, Cochemea’s own recordings skew more toward Budos Band and Antibalas, of whose touring bands he was a member. On his 2010 debut LP, The Electric Sound of Johnny Arrow, Cochemea fused spiritual jazz, funk, and boogaloo into gripping sonic panoramas. His next three albums broadened the palette to include cumbia, Moroccan gnawa, blues, and his ancestral Indigenous music. Tangy percussive timbres—Asian Indian and Latin American drums figure heavily—combined with Cochemea’s electrified sax and chants from his tribe result in songs that sound at once ancient and otherworldly. This show promises, if only briefly, a primal trip out of our national political nightmare. (Sunset Tavern, 8 pm, 21+) DAVE SEGAL

Mt Fog, iroiro, DJ Martin Douglas

MAR 12

If a Washington rainforest started a band, it would sound something like Mt Fog—Carolyn B.’s playful whispers are like a sprite luring you into a mossy forest. The percussion, like raindrops plopping into a mushroom. And the electronics, like a ray of light shimmering through the trees. The Seattle-based trio whimsically marries the vocal stylings of Kate Bush, Björk, and Siouxsie Sioux with sparse electronics, evocative of CAN and Mort Garson. They will celebrate the release of their new album, Every Stone Is Green, which they describe as a “Gothic tale (in the Brontë sisters’ sense) about finding happiness, which is human-ness.” They will be joined by the psychedelic instrumental band iroiro and music journalist/DJ Martin Douglas. (Tractor Tavern, 8 pm, 21+) AUDREY VANN

Peaches, Pixel Grip

MAR 14

It’s 2026, and we need Peaches’s sexually transgressive electroclash hip-hop more than ever. Luckily, the noted feminist musician, director, and performance artist is back with her first album in over 10 years, No Lube So Rude. “When the world is friction, lube isn’t a luxury. It’s a necessity,” Peaches writes. “It’s how you turn that friction into pleasure, into power, into pride.” The icon’s seventh album does just as it’s advertised by acting as a relieving salve for these dark times, slickening the constant thrust of dystopian news with empowering, funny, and celebratory tracks for the dance floor like “Fuck How You Wanna Fuck” and “Not in Your Mouth None of Your Business.” She will support the album alongside electropop trio Pixel Grip. (Showbox, 8:30 pm, 21+) AUDREY VANN

Conan Gray, Esha Tewari

MAR 16

If you can’t get enough of Chappell Roan and Olivia Rodrigo, I hope you’re also listening to Conan Gray—he shares their songwriter and producer, the pop Midas hitmaker Dan Nigro (previously the lead vocalist in the indie rock band As Tall as Lions). Gray’s latest album, Wishbone, traces the rise and disastrous fall of a star-crossed gay teen romance with irresistible ‘90s panache, channeling Beck on the biting “Romeo” and the Cranberries on the tender “Care.” The standout “Vodka Cranberry” is a devastating torch song that showcases Gray’s soaring vocals and simply begs to be belted while drunk at karaoke. Gray has been donning chic pajamas and sailor-inspired outfits for the tour, so wear a comfy sleepwear set or dress to the nautical nines! (Climate Pledge Arena, 8 pm, all ages) JULIANNE BELL

Donny Benét

MAR 19

Since spurting onto the scene in 2011 with Don’t Hold Back, a quirky nine tracks of tinny drum-machine lounge and 16-bit love songs, Australian multi-instrumentalist Ben Waples has developed his Donny Benét character into something of cult star on the Italo disco-referential/fetishized ’80s synth funk circuit. Benét has certainly captured the hearts of many with a presentation that is gleefully tongue-in-cheek, but there is no punch line per se. Suffice to say, the shtick is thicc, but as a classically trained jazz musician, Benét knows how to work it. Last month saw the release of Il Basso, the chronological follow-up to 2024’s Infinite Desires, though he has clarified it is a spiritual descendant of his 2022 single, “Le Piano” with a bass (as in his four-string) emphasis. Though his music is typically adorned with his sultry tenor crooning or softcore raps about consensual loving, Basso is entirely instrumental, but it still has all the pulsing, boxy four-on-the-floor to get you going. (Crocodile, 8 pm, 21+) TODD HAMM

THC.XLR, Erin Jorgensen

MAR 26

An instrumental improv trio whose name hints at their music’s effects, THC.XLR filter elements of drone, krautrock, jazz, and dub into hazed and glazed sonic vistas. Their drummer, Madi Levine, has created some of Seattle’s deepest techno of the last decade under the name IVVY, but this new project is a much looser and more exploratory experience. The lineup’s rounded out by Erik Sanchez (Richie Dagger’s Crime) on synth/sampler and Rob Hanlon (Sketch Artist) on sax, piano, and electronics. Their live sets are continuous, spontaneous streams of creativity that demand and reward long attention spans. On their newest track, “beside you,” THC.XLR detour into watery, Talk Talk–style songcraft. Very cool. Erin Jorgensen is that rarest of beings on the local scene: a singer/composer who plays five-octave marimbas. With soft, caressing vocals à la Young Marble Giants/Weekend singer Alison Statton’s, Jorgensen creates intimate art pop that perfumes the air with enchanting melodies and the marimba’s wondrous timbres. Hear “Man of Steel” from 2018’s Little Hex for proof. (Black Lodge, 7 pm, all ages) DAVE SEGAL

Champagne Bubblebath, Midpak, DJ Moohah

MAR 26

The newish Champagne Bubblebath feature the cream of Seattle’s robust funk scene: four members of Afrobeat-inflected funkateers Polyrhythmics, plus Hendrixian guitar virtuoso Jimmy James of True Loves and Parlor Greens. Bandleader Grant Schroff is the Ziggy Modeliste of the Pacific Northwest—a drummer whose impeccable feel and powerful, precise funkiness have moved more asses over the last decade than Sound Transit. This show celebrates the release of Champagne Bubblebath’s debut album, Mixtape: Volume One. The band says it was “[o]riginally conceived as a throwback beat-tape of minimalist garage-funk grooves,” and the 10 songs here reflect deep immersion in history’s most effective, subtlest groove science and the world-class chops to infuse soul into every bar. The band’s slinky, head-nodding instrumentals are ripe for another generation of hip-hop producers to sample. Clearly, these old-school funk disciples still have many vital sonic lessons to impart. (Hidden Hall, 8 pm, 21+) DAVE SEGAL

Grrrl Gang

MAR 28

Indie-pop group Grrrl Gang’s members—vocalist/guitarist Angeeta Sentana, bassist/vocalist Akbar Rumandung, and guitarist/vocalist Edo Alventa—met at college in Yogyakarta, Indonesia, in 2016 and decided to form a band. Their blend of pop hooks and irrepressible punk spirit garnered international attention and praise from the likes of legendary critic Robert Christgau. In 2023, they released their debut studio album, Spunky!, which fully embraces their riot-grrrl influences and which NME called “an instant ticket to the sort of basement show where sweat rolls down the walls.” If you’re into bands like Potty Mouth and the Linda Lindas, you won’t want to pass up the chance to catch their gritty, infectious energy at the Clock-Out. (Clock-Out Lounge, 9 pm, 21+) JULIANNE BELL

Eliza McLamb, Lily Seabird

MAR 31

I was introduced to North Carolina–born singer-songwriter Eliza McLamb via her podcast Binchtopia, but quickly became enamored of her incisive writing on her newsletter Words from Eliza and her introspective, clever indie pop. (McLamb recently stepped away from Binchtopia to pursue music full-time.) Last October, she released her sophomore album, Good Story, which explores her urges to self-narrativize and the stories she tells herself and others. “An effective narrative, I came to realize, is a reserve with limited returns,” she writes on Substack. “But I still love to work the magic—I love knowing that a bad time can be a good story, that experience without meaning is only missing a few narrative beats. I love the limits of the story, agency that was once out of reach returning through the act of creation and recreation.” (Neumos, 7 pm, all ages) JULIANNE BELL

Tara Clerkin Trio

MAR 31

Paragons of musical understatement and elusiveness, England’s Tara Clerkin Trio weave magical spells with piano, clarinet, drums, synth, and looped samples. Lovely, dreamy melodies tumble out with a nonchalant artfulness while Clerkin sings in a feathery deadpan. Touchstones include the ECM label’s chamber jazz, Virginia Astley’s delicate, poignant songcraft, Pram’s oneiric, accidental dub, and the wee-hours-in-the-cathredal atmospheres of Talk Talk circa Laughing Stock. However, deviations do occur, such as on their 2021 In Spring EP: the hauntological trip-hop of “Night Steps” lollops between Portishead and Seefeel, which is... holy shit! The ridiculously charming “Marble Walls” would be a chart-topper in Utopia. I had the good fortune to catch Tara Clerkin Trio in Detroit in 2025, and it mesmerized me like no other performance from that terrible year. They truly got the special sauce, so clear your schedule and get your head right for this show. (Sunset Tavern, 8 pm, 21+) DAVE SEGAL

More

Gogol Bordello Mar 4, Showbox, 8 pm, 21+

Tortoise, Spacemoth Mar 5, Neptune, 8 pm, all ages

KenTheMan Mar 5, Neumos, 7 pm, all ages

St. Vincent Mar 5, Town Hall Seattle, 8 pm, all ages

Marble, Love So Deep, Plash Mar 6, Sunset Tavern, 8:30 pm, 21+

Listening Session: Fleetwood Mac, Rumours Mar 6, Shibuya Hi-Fi, 6 pm

Where’s Beth, Bryan John Appleby, Don Piano Mar 6, Add-a-Ball, 9 pm, 21+

The Briefs, the Drowns, the Coolers Mar 7, Clock-Out Lounge, 9 pm, 21+

Sam Greenfield Mar 7, Baba Yaga, 8 pm, all ages

Brittany Davis, Ellie Grace Mar 7, Royal Room, 7:30 pm, all ages until 10 pm

Matt Pryor, Small Uncle, Carl Christensen Mar 7, Sunset Tavern, 8:30 pm, 21+

Sunny War, the Local Strangers Mar 8, Sunset Tavern, 8 pm, 21+

The Wayne Horvitz Ensemble Mar 9, the Royal Room, 7:30 and 8:30 pm, all ages until 10 pm

Dining Dead, Glass Egg, Reverse Death Mar 11, Tractor Tavern, 7:30 pm, 21+

Listening Session: Tracy Chapman, Tracy Chapman Mar 12, Shibuya Hi-Fi, 5 pm

Yung Kai Mar 12, Neumos, 7 pm, all ages

Diminished Men, Corespondents, Von Wildenhaus Mar 12, Add-a-Ball, 8 pm, 21+

Oldies Dance Party with DJs Shannon Shaw, Swain, and Ganj Mar 13, Clock-Out Lounge, 9 pm, 21+

Bill Frisell’s 75th Celebration featuring Luke Bergman and Tim Angulo Mar 13, Moore Theatre, 8 pm, all ages

Shrek Rave Mar 14, Crocodile, 10 pm, 21+

The Hoot Hoots, Rat Queen Mar 14, Add-a-Ball, 9 pm, 21+

Redveil, Chenayder Mar 14, Neumos, 8 pm, all ages

Bog Ore, Kinski, Toxic Thrust Mar 14, Clock-Out Lounge, 9 pm, 21+

Aimee Mann, Jonathan Coulton Mar 15, Neptune Theatre, 8 pm, all ages

Ruthie Foster Quartet Mar 17–18, Jazz Alley, 7:30 pm, all ages

Anthers, My Pet Fossil, Slugfeast, Miscomings Mar 19, Add-a-Ball, 8 pm, 21+

Band of Horses Mar 19, Vera Project, 7 pm, all ages

Dirty Three Mar 21, Neumos, 7 pm, 21+

Tune-Yards, Kassa Overall Mar 22, Neumos, 7 pm, 21+

Drug Church, White Reaper, Spy, Death Lens Mar 23, Neumos, 6 pm, all ages

Liz Cooper Mar 25, Sunset Tavern, 8 pm, 21+

Mclusky, Ekko Astral Mar 26, Crocodile, 8 pm, 21+

Marissa Nadler Mar 26, Tractor Tavern, 8 pm, 21+

Listening Session: Frank Ocean, Channel Orange Mar 27, Shibuya Hi-Fi, 7:30 pm

Skullcrusher Mar 30, Barboza, 7 pm, 21+

L.A. Witch, DAIISTAR, Buckets Apr 1, Neumos, 6:30 pm, 21+

Spoon Benders, Semisoft Apr 1, Baba Yaga, 8 pm, 21+

Hockey Teeth, Poached, Zailee Haze Apr 2, Hidden Hall, 7:30 pm, 21+

Prism Bitch, Byland, Melanie Radford Apr 2, Sunset Tavern, 8 pm, 21+

FKA twigs, Brutalismus 3000 Apr 2, WAMU Theater, 8 pm, all ages

Jeff Tweedy, Macie Stewart Apr 2, Moore Theatre, 7:30 pm, all ages

Sex Mex, Sux, Taste Testors Apr 3, Clock-Out Lounge, 9 pm, 21+

Witch Ripper, Dust Moth, Izthmi Apr 3, Sunset Tavern, 8:30 pm, 21+

Tomo Nakayama, Maita, Plash Apr 3, Tractor Tavern, 8 pm, 21+

Father John Misty Apr 3–4, Paramount Theatre, 8 pm, all ages

Early Warnings

Raye Apr 3, WAMU Theater, 8 pm, all ages

Cass McCombs, Hand Habits Apr 4, Tractor Tavern, 8:30 pm, 21+

Ratboys, villagerrr Apr 7, Neumos, 7 pm, 21+

Fishbone Apr 11, Crocodile, 6 pm, 21+

Weedeater, Conan, Telekinetic Apr 12, Crocodile, 7 pm, 21+

Ari Lennox Apr 12, WAMU Theater, 8 pm, all ages

PinkPantheress Apr 14, WAMU Theater, 8 pm, all ages

Throwing Muses Apr 15, Crocodile, 8 pm, 21+

Midpak, BendreTheGiant, Super Mother Apr 17, Add-a-Ball, 9 pm, 21+

Waxahatchee, MJ Lenderman May 3, Paramount Theatre, 7:30 pm, all ages

Northwest Terror Fest VIII May 7–9, Neumos, 21+

Florence + the Machine May 12, Climate Pledge Arena, 7:30 pm, all ages

The Last Dinner Party May 22–23, Showbox SoDo, 8 pm, all ages

Capitol Hill Block Party Aug 7–9, Capitol Hill

Iron & Wine Oct 13, 5th Avenue Theatre, 8 pm, all ages

17:00

Ben Hutchings: FOSS activity in February 2026 [Planet Debian]

Debian packages:
- firmware-free:
  - Bugs:
    - closed #890601: firmware-linux-free uses prebuilt blobs instead of building from source
  - Uploads:
    - uploaded version 20241210-3 to unstable
- firmware-nonfree:
  - Bugs:
  - Merge requests:
    - closed !128: Draft: Add Provides: based ABI versioning mechanism
    - merged !134: Update to 20251125
    - reviewed and merged !135: Drop DSP firmware, migrated to hexagon-dsp-binaries source
    - reviewed and merged !136: debian/copyright: correct licence issues
    - opened and closed !137: d/copyright, qcom-soc: Exclude undistributable QDU100 firmware
    - opened and merged !138: Update to 20260110
    - opened and merged !139: Update to 20260221
  - Uploads:
    - uploaded version 20251111-1~bpo13+1 to trixie-backports
    - uploaded version 20251125-1 to unstable
    - uploaded version 20260110-1 to unstable
- hexagon-dsp-binaries:
  - Bugs:
    - opened #1129001: Missing binaries - should this package use XS-Autobuild?
- initramfs-tools:
  - Bugs:
    - closed #1126611: mkinitramfs: failed to determine device for /
  - Merge requests:
    - merged !191: tests fail on arm64 because they call qemu-system-arm64
- iptables:
  - Bugs:
    - replied to #1128561: iptables: virsh net-start no longer works: Failed to run firewall command iptables -w –table filter –list-rules
- ktls-utils:
  - Merge requests:
    - merged !3: d/t/test-common: Move inclusion of extensions when signing the certificate
- libvirt:
  - Bugs:
    - replied to #1124549: libvirt passes invalid flags for network interface deletion
- linux:
  - Bugs:
  - Merge requests:
    - reviewed !1682: Unsplit configs for some kernel architectures
    - reviewed !1821: riscv64 config update for linux 6.19
    - reviewed and merged !1824: db-mok: Remove unused function
    - opened !1831: CI: Update build job to work after another common pipeline change
  - Uploads:
    - (LTS) uploaded version 5.10.249-1 to bullseye-security
    - uploaded version 6.12.63-1~bpo12+1 to bookworm-backports
    - uploaded version 6.12.69-1~bpo12+1 to bookworm-backports
    - uploaded version 6.12.73-1~bpo12+1 to bookworm-backports
    - uploaded version 6.18.12-1~bpo13+1 to trixie-backports
    - uploaded version 6.18.5-1~bpo13+1 to trixie-backports
    - uploaded version 6.18.9-1~bpo13+1 to trixie-backports
  - (LTS) updated the bullseye-security branch to 5.10.251, but did not upload it
- (LTS) linux-6.1:
  - Uploads:
    - uploaded version 6.1.162-1~deb11u1 to bullseye-security
- linux-base:
  - Bugs:
    - closed #1128355: linux-base: indirectly missing perl dependency?
- nfs-utils:
  - Merge requests:
    - reviewed and merged !36: Drop installation of blkmapd and nfs-blkmap.service systemd service
- wireless-regdb:
  - Bugs:
    - replied to and closed #1104022: wireless-regdb: Consider importing setregdomain and udev rule from Fedora
    - closed #1122785: wireless-regdb: Please remove/replace usage of dh_movetousr
    - closed #1126431: wireless-regdb: Unnecessary Build-Depends: python3-m2crypto
  - Uploads:
    - uploaded version 2026.02.04-1 to unstable
    - uploaded version 2026.02.04-1~deb12u1 to bookworm
    - uploaded version 2026.02.04-1~deb13u1 to trixie
  - (LTS) updated the bullseye-security branch to 2026.02.04-1, but did not upload it
Debian non-package bugs:
- release.debian.org:
  - opened #1128507: trixie-pu: package wireless-regdb/2026.02.04-1~deb13u1
  - opened #1128510: bookworm-pu: package wireless-regdb/2026.02.04-1~deb12u1
Mailing lists:
- debian-kernel:
  - posted Agenda items for kernel-team meeting on 2026-02-04
  - posted Agenda items for kernel-team meeting on 2026-02-25
  - (LTS) replied to Discrepancies between Commits list in changelog of debian and upstream linux git repo.
  - (LTS) replied to [Pkg-libvirt-maintainers] Processed: retitle 1124549 to libvirt passes invalid flags for network interface deletion …, tagging 1124549
  - replied to linux 7.0
- debian-lts-announce:
  - posted [SECURITY] [DLA 4475-1] linux security update
  - posted [SECURITY] [DLA 4476-1] linux-6.1 security update
- klibc:
  - replied to [PATCH 1/2] [klibc] explicitly close arm64 syscall stub generator output
  - replied to [PATCH] [klibc] fix arm stub alignment
  - replied to [PATCH] [klibc] remove unneeded syscalls.mk dependencies
- linux-hwmon:
  - replied to [PATCH] hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race
- linux-wireless:
  - posted [PATCH] wireless-regdb: Fix regulatory.bin signing with new M2Crypto
  - posted [PATCH] wireless-regdb: Replace M2Crypto with cryptography package
- platform-driver-x86:
  - replied to [PATCH] platform/x86: hp-bioscfg: Support allocations of larger data
- stable:
  - (LTS) replied to Please apply commit 9990ddf47d41 (“net: tunnel: make skb_vlan_inet_prepare() return drop reasons”) down to 6.1.y at least
  - (LTS) reviewed and replied to various patches for 5.10 … … …
  - (LTS) posted [PATCH 5.10,5.15] ip6_tunnel: Fix usage of skb_vlan_inet_prepare()
  - replied to [PATCH 6.12 519/567] gpiolib: acpi: Move quirks to a separate file

Valhalla's Things: A Pen Case (or a Few) [Planet Debian]

Posted on March 2, 2026
Tags: madeof:atoms, FreeSoftWear, craft:sewing

For my birthday, I’ve bought myself a fancy new expensive¹ fountain pen.

Such a fancy pen, of course requires a suitable case: I couldn’t use the failed prototype of a case I’ve been keeping my Preppys in, so I had to get out the nice vegetable tanned leather… Yeah, nope, I don’t have that (yet). I got out the latex and cardboard material that is sold as a (cheaper) leather substitute, doesn’t look like leather at all, but is quite nice (and easy) to work with. The project is not vegan anyway, because I used waxed linen thread, waxing it myself with a lot of very nicely smelling beeswax.

I got the measurements² from the less failed prototype where I keep my desktop pens, and this time I made a proper pattern I could share online, under the usual Free Culture license.

From the width of the material I could conveniently cut two cases, so that’s what I did, started sewing the first one, realized that I got the order of stitching wrong, and also that if I used light blue thread instead of the black one it would look nice, and be easier to see in the pictures for the published pattern, started sewing the second one, and kept alternating between the two, depending on the availability of light for taking pictures.

One of the two took the place of my desktop one, where I had one more pen than slots, and one of the old prototypes was moved to keep my bedside pen, and the other new case was used for the new pen in my handbag, together with a Preppy, and now I have a free slot and you can see how this is going to go wrong, right? :D

16€. plus a 9€ converter, and another 6€ pen to get the EF nib from, since it wasn’t available for the expensive pen.↩︎
I have them written down somewhere. I couldn’t find them. So I measured the real thing, with some approximation.↩︎

National Book Tour for Cindy Cohn’s Memoir, ‘Privacy’s Defender’ [Deeplinks]

MIT Press Publishes EFF Executive Director’s Book As She Prepares to Depart Organization After 25 Years

SAN FRANCISCO – Electronic Frontier Foundation Executive Director Cindy Cohn will launch her memoir, Privacy’s Defender: My Thirty-Year Fight Against Digital Surveillance (MIT Press, March 10), with events in San Francisco and Berkeley before embarking on a national book tour.

In Privacy’s Defender, Cohn weaves her own personal story with her role as a leading legal voice representing the rights and interests of technology users, innovators, whistleblowers, and researchers during the Crypto Wars of the 1990s, battles over NSA’s dragnet internet spying revealed in the 2000s, and the fight against FBI gag orders.

The book will be Cohn’s swansong at EFF as she’s stepping down as executive director later this year after 25 years with the organization. And there’s no timelier topic: Everyone should be concerned about privacy right now, as the federal government consolidates and weaponizes data, companies track our every click, and law enforcement from local police to ICE keep tabs on all of us, everywhere we go, every day.

The Privacy’s Defender tour will begin with a free event at San Francisco’s famed City Lights Bookstore (261 Columbus Ave., San Francisco, CA 94133) moderated by bestselling author and EFF Special Advisor Cory Doctorow, at 7pm PST Tuesday, March 10.

Then EFF will host a launch party at Berkeley’s Ciel Creative Space (940 Parker St., Berkeley, CA 94710) moderated by bestselling author Annalee Newitz at 7 p.m. PT on Thursday, March 12; tickets cost $12.50-$20.

The book tour will also include events in Portland, OR; Seattle; Denver; Cambridge, MA; Ann Arbor, MI; and Iowa City, IA. Later events are being planned in New York City and Washington, D.C., as well as a May 13 event at Commonwealth Club World Affairs in San Francisco.

Proceeds from sales of the book benefit EFF.

“These beautifully written stories show why the fight for privacy is worth having and reveal all that Cindy Cohn and EFF have done to establish the modern privacy doctrine as the essential core of a free society.” -- Lawrence Lessig, Harvard University; author of How to Steal a Presidential Election

“Cindy Cohn gives readers a first-person window into some of the pivotal legal disputes of the digital era and reminds us that action and activism are crucial to preserving Americans’ freedom.” -- U.S. Sen. Ron Wyden, D-OR, author of It Takes Chutzpah: How to Fight Fearlessly for Progressive Change

“Privacy’s Defender is a compelling account of a life well lived and an inspiring call to action for the next generation of civil liberties champions.” -- Edward Snowden, whistleblower; author of Permanent Record

For the San Francisco event: https://citylights.com/events/cindy-cohn-launch-party-for-privacys-defender/

For the Berkeley event: https://www.eff.org/event/privacys-defender-book-launch-party

For more on Privacy’s Defender and the book tour: https://www.eff.org/Privacys-Defender

Contact:

Karen

Gullo

Senior Writer for Free Speech and Privacy

karen@eff.org

16:49

I tuned into the Fediforum [Scripting News]

I like the way they organized today's Fediforum conference. (They call it an unconference. I use the term to mean something very different, and we used it first at BloggerCon.)

They asked for "position papers," and chose a set of them to be presented.

Inbetween, they had a set of virtual tables where six people could join and have a conversation.

It wasn't boring. And that's the first requirement for a conference.

Some of my takeaways from the meetup.

Getting more people to use Bluesky and AT Proto was the topic. I don't know how to do that, and I don't think there's anything developers can do to make it happen. I think both products are what they will continue to be.
What's needed is to get all the various systems to interop. There must be a definition of what a text message is. Since we're trying to make the social web, I recommend looking to the web for the definition of what a text object is. I would go with a subset of the web. I outlined the features in the textcasting doc I wrote a few years ago. I am using Markdown in my software, and it seems like a lot of other people feel this is a good subset to use.
Bluesky will never be a distributed system because it has features that depend on being centralized. That's okay, perfection isn't needed.
Even better would be to have all systems support both inbound and outbound RSS, then they can do whatever they want internally, and users can participate using any blog and any feed reader. And independent developers can go crazy trying out all kinds of variants. That's how it works in WordLand 2 coming real soon now. 😄
More people will use a system when it's fun and/or interesting and they can't wait to see what else happened there. Like watching Alysa Liu videos now. People don't think about what they want, they just want it. That's what Twitter was like when it started. Unfortunately you can't start it again, if you want people to want it, you have do something new.
I talk too much. That's the downside of having an interesting conference. At a boring one where people give PowerPoint type talks, I can listen, form my opinions, write a blog post that no one reads and get back to work on my projects.
One day I'd love to go to one of these meetings and find people I can work with. You can be sure I'll let you know when that happens. Last conference I went to where that happened was at WordCamp Canada last October, but that wasn't about the social web, it was about WordPress.
I got to talk with Mike Masnick. I don't understand why he has a board seat at Bluesky and promotes it as a decentralized system. He's a highly credible reporter at TechDirt, but you can't be part of a company you cover and report on it with credibility. And it is not now and imho never will be a distributed system. I talked with him about this, at one of the virtual groups-of-six tables, but he didn't respond. I don't like it when Bluesky misleads users and they buy it, but as bad as that is, it is predictable. A credible journalist doing it, I can't comprehend that. I am open to being convinced, but I'm kind of an expert on this stuff, so it's really going to blow my mind if I'm wrong.

Why Capacity Planning Is Back [Radar]

In a previous article, we outlined why GPUs have become the architectural control point for enterprise AI. When accelerator capacity becomes the governing constraint, the cloud’s most comforting assumption—that you can scale on demand without thinking too far ahead—stops being true.

That shift has an immediate operational consequence: Capacity planning is back. Not the old “guess next year’s VM count” exercise but a new form of planning where model choices, inference depth, and workload timing directly determine whether you can meet latency, cost, and reliability targets.

In an AI-shaped infrastructure world, you don’t “scale” as much as you “get capacity.” Autoscaling helps at the margins, but it can’t create GPUs. Power, cooling, and accelerator supply set the limits.

The return of capacity planning

For a decade, cloud adoption trained organizations out of multiyear planning. CPU and storage scaled smoothly, and most stateless services behaved predictably under horizontal scaling. Teams could treat infrastructure as an elastic substrate and focus on software iteration.

AI production systems do not behave that way. They are dominated by accelerators and constrained by physical limits, and that makes capacity a first-order design dependency rather than a procurement detail. If you cannot secure the right accelerator capacity at the right time, your architecture decisions are irrelevant—because the system simply cannot run at the required throughput and latency.

Planning is returning because AI forces forecasting along four dimensions that product teams cannot ignore:

Model growth: Model count, version churn, and specialization increase accelerator demand even when user traffic is flat.
Data growth: Retrieval depth, vector store size, and freshness requirements increase the amount of inference work per request.
Inference depth: Multistage pipelines (retrieve, rerank, tool calls, verification, synthesis) multiply GPU time nonlinearly.
Peak workloads: Enterprise usage patterns and batch jobs collide with real-time inference, creating predictable contention windows.

This is not merely “IT planning.” It is strategic planning, because these factors push organizations back toward multiyear thinking: Procurement lead times, reserved capacity, workload placement decisions, and platform-level policies all start to matter again.

This is increasingly visible operationally: Capacity planning is becoming a rising concern for data center operators, as The Register reports.

The cloud’s old promise is breaking

Cloud computing scaled on the premise that capacity could be treated as elastic and interchangeable. Most workloads ran on general-purpose hardware, and when demand rose, the platform could absorb it by spreading load across abundant, standardized resources.

AI workloads violate that premise. Accelerators are scarce, not interchangeable, and tied to power and cooling constraints that do not scale linearly. In other words, the cloud stops behaving like an infinite pool—and starts behaving like an allocation system.

First, the critical path in production AI systems is increasingly accelerator bound. Second, “a request” is no longer a single call. It is an inference pipeline with multiple dependent stages. Third, those stages tend to be sensitive to hardware availability, scheduling contention, and performance variance that cannot be eliminated by simply adding more generic compute.

This is where the elasticity model starts to fail as a default expectation. In AI systems, elasticity becomes conditional. It depends on capacity access, infrastructure topology, and a willingness to pay for assurance.

AI changes the physics of cloud infrastructure

In modern enterprise AI, the binding constraints are no longer abstract. They are physical.

Accelerators introduce a different scaling regime than CPU-centric enterprise computing. Provisioning is not always immediate. Supply is not always abundant. And the infrastructure required to deploy dense compute has facility-level limits that software cannot bypass.

Power and cooling move from background concerns to first-order constraints. Rack density becomes a planning variable. Deployment feasibility is shaped by what a data center can deliver, not only by what a platform can schedule.

AI-driven density makes power and cooling the gating factors—as Data Center Dynamics explains in its “Path to Power” overview.

This is why “just scale out” no longer behaves like a universal architectural safety net. Scaling is still possible, but it is increasingly constrained by physical reality. In AI-heavy environments, capacity is something you secure, not something you assume.

From elasticity to allocation

As AI becomes operationally critical, cloud capacity begins to behave less like a utility and more like an allocation system.

Organizations respond by shifting from on-demand assumptions to capacity controls. They introduce quotas to prevent runaway consumption, reservations to ensure availability, and explicit prioritization to protect production workflows from contention. These mechanisms are not optional governance overhead. They are structural responses to scarcity.

In practice, accelerator capacity behaves more like a supply chain than a cloud service. Availability is influenced by lead time, competition, and contractual positioning. The implication is subtle but decisive: Enterprise AI platforms begin to look less like “infinite pools” and more like managed inventories.

This changes cloud economics and vendor relationships. Pricing is no longer only about utilization. It becomes about assurance. The questions that matter are not just “How much did we use?” but “Can we obtain capacity when it matters?” and “What reliability guarantees do we have under peak demand?”

When elasticity stops being a default

Consider a platform team that deploys an internal AI assistant for operational support. In the pilot phase, demand is modest and the system behaves like a conventional cloud service. Inference runs on on-demand accelerators, latency is stable, and the team assumes capacity will remain a provisioning detail rather than an architectural constraint.

Then the system moves into production. The assistant is upgraded to use retrieval for policy lookups, reranking for relevance, and an additional validation pass before responses are returned. None of these changes appear dramatic in isolation. Each improves quality, and each looks like an incremental feature.

But the request path is no longer a single model call. It becomes a pipeline. Every user request now triggers multiple GPU-backed operations: embedding generation, retrieval-side processing, reranking, inference, and validation. GPU work per request rises, and the variance increases. The system still works—until it meets real peak behavior.

The first failure is not a clean outage. It is contention. Latency becomes unpredictable as jobs queue behind each other. The “long tail” grows. Teams begin to see priority inversion: Low-value exploratory usage competes with production workflows because the capacity pool is shared and the scheduler cannot infer business criticality.

The platform team responds the only way it can. It introduces allocation. Quotas are placed on exploratory traffic. Reservations are used for the operational assistant. Priority tiers are defined so production paths cannot be displaced by batch jobs or ad hoc experimentation.

Then the second realization arrives. Allocation alone is insufficient unless the system can degrade gracefully. Under pressure, the assistant must be able to narrow retrieval breadth, reduce reasoning depth, route deterministic checks to smaller models, or temporarily disable secondary passes. Otherwise, peak demand simply converts into queue collapse.

At that point, capacity planning stops being an infrastructure exercise. It becomes an architectural requirement. Product decisions directly determine GPU operations per request, and those operations determine whether the system can meet its service levels under constrained capacity.

How this changes architecture

When capacity becomes constrained, architecture changes—even if the product goal stays the same.

Pipeline depth becomes a capacity decision. In AI systems, throughput is not just a function of traffic volume. It is a function of how many GPU-backed operations each request triggers end to end. This amplification factor often explains why systems behave well in prototypes but degrade under sustained load.

Batching becomes an architectural tool, not an optimization detail. It can improve utilization and cost efficiency, but it introduces scheduling complexity and latency trade-offs. In practice, teams must decide where batching is acceptable and where low-latency “fast paths” must remain unbatched to protect user experience.

Model choice becomes a production constraint. As capacity pressure increases, many organizations discover that smaller, more predictable models often win for operational workflows. This does not mean large models are unimportant. It means their use becomes selective. Hybrid strategies emerge: Smaller models handle deterministic or governed tasks, while larger models are reserved for exceptional or exploratory scenarios where their overhead is justified.

In short, architecture becomes constrained by power and hardware, not only by code. The core shift is that capacity constraints shape system behavior. They also shape governance outcomes, because predictability and auditability degrade when capacity contention becomes chronic.

What cloud and platform teams must do differently

From an enterprise IT perspective, this shows up as a readiness problem: Can infrastructure and operations absorb AI workloads without destabilizing production systems? Answering that requires treating accelerator capacity as a governed resource—metered, budgeted, and allocated deliberately.

Meter and budget accelerator capacity

Define consumption in business-relevant units (e.g., GPU-seconds per request and peak concurrency ceilings) and expose it as a platform metric.
Turn those metrics into explicit capacity budgets by service and workload class—so growth is a planning decision, not an outage.

Make allocation first class

Implement admission control and priority tiers aligned to business criticality; do not rely on best-effort fairness under contention.
Make allocation predictable and early (quotas/reservations) instead of informal and late (brownouts and surprise throttling).

Build graceful degradation into the request path

Predefine a degradation ladder (e.g., reduce retrieval breadth or route to a smaller model) that preserves bounded cost and latency.
Ensure degradations are explicit and measurable, so systems behave deterministically under capacity pressure.

Separate exploratory from operational AI

Isolate experimentation from production using distinct quotas/priority classes/reservations, so exploration cannot starve operational workloads.
Treat operational AI as an enforceable service with reliability targets; keep exploration elastic without destabilizing the platform.

In an accelerator-bound world, platform success is no longer maximum utilization—it is predictable behavior under constraint.

What this means for the future of the cloud

AI is not ending the cloud. It is pulling the cloud back toward physical reality.

The likely trajectory is a cloud landscape that becomes more hybrid, more planned, and less elastic by default. Public cloud remains critical, but organizations increasingly seek predictable access to accelerator capacity through reservations, long-term commitments, private clusters, or colocated deployments.

This will reshape pricing, procurement, and platform design. It will also reshape how engineering teams think. In the cloud native era, architecture often assumed capacity was solvable through autoscaling and on-demand provisioning. In the AI era, capacity becomes a defining constraint that shapes what systems can do and how reliably they can do it.

That is why capacity planning is back—not as a return to old habits but as a necessary response to a new infrastructure regime. Organizations that succeed will be the ones that design explicitly around capacity constraints, treat amplification as a first-order metric, and align product ambition with the physical and economic limits of modern AI infrastructure.

Author’s note: This implementation is based on the author’s personal views based on independent technical research and does not reflect the architecture of any specific organization.

How to Bet Against the Bitter Lesson [Radar]

I’ve been telling myself and anyone who will listen that Agent Skills point toward a new kind of future AI + human knowledge economy. It’s not just Skills, of course. It’s also things like Jesse Vincent’s Superpowers and Anthropic’s recently introduced Plugins for Claude Cowork. If you haven’t encountered these yet, keep reading. It should become clear as we go along.

It feels a bit like I’m assembling a picture puzzle where all the pieces aren’t yet on the table. I am starting to see a pattern, but I’m not sure it’s right, and I need help finding the missing pieces. Let me explain some of the shapes I have in hand and the pattern they are starting to show me, and then I want to ask for your help filling in the gaps.

Programming two different types of computer at the same time

Phillip Carter wrote a piece a while back called “LLMs Are Weird Computers” that landed hard in my mind and wouldn’t leave. He noted that we’re now working with two fundamentally different kinds of computer at the same time. One can write a sonnet but struggles to do math. The other does math easily but couldn’t write a sonnet to save its metaphorical life.

Agent Skills may be the start of an answer to the question of what the interface layer between these two kinds of computation looks like. A Skill is a package of context (Markdown instructions, domain knowledge, and examples) combined with tool calls (deterministic code that does the things LLMs are bad at). The context speaks the language of the probabilistic machine, while the tools speak the language of the deterministic one.

Imagine you’re an experienced DevOps engineer and you want to give an AI agent the ability to diagnose production incidents the way you would. The context part of that Skill includes your architecture overview, your runbook for common failure modes, the heuristics you’ve developed over the years, and annotated examples of past incidents. That’s the part that speaks to the probabilistic machine. The tool part includes actual code that queries your monitoring systems, pulls log entries, checks service health endpoints, and runs diagnostic scripts. Each tool call saves the model from burning tokens on work that deterministic code does better, faster, and more reliably.

The Skill is neither the context nor the tools. It’s the combination. Expert judgment about when to check the database connection pool married to the ability to actually check it. We’ve had runbooks before (context without tools). We’ve had monitoring scripts before (tools without context). What we haven’t had is a way to package them together for a machine that can read the runbook and execute the scripts, using judgment to decide which script to run next based on what the last one returned.

This pattern shows up across every knowledge domain. A financial analyst’s Skill might combine valuation methodology with tools that pull real-time market data and run DCF calculations. A legal Skill might pair a firm’s approach to contract review with tools that extract and compare specific clauses across documents. In each case, the valuable thing isn’t the knowledge alone or the tools alone. It’s the integration of expert workflow logic that orchestrates when and how to use each tool, informed by domain knowledge that gives the LLM the judgment to make good decisions in context.

Software that saves tokens

In “Software Survival 3.0,” Steve Yegge asked what kinds of software artifacts survive in a world where AI can generate disposable software on the fly? His answer: software that saves tokens. Binary tools with proven solutions to common problems make sense when reuse is nearly free and regenerating them is token-costly.

Skills fit this niche. A well-crafted Skill gives an LLM the context it needs (which costs tokens) but also gives it tools that save tokens by providing deterministic, reliable results. The developer’s job increasingly becomes making good calls about this distinction: What should be context (flexible, expressive, probabilistic) and what should be a tool (efficient, deterministic, reusable)?

An LLM’s context window is a finite and expensive resource. Everything in it costs tokens, and everything in it competes for the model’s attention. A Skill that dumps an entire company knowledge base into the context window is a poorly designed Skill. A well-designed one is selective: It gives the model exactly the context it needs to make good decisions about which tools to call and when. This is a form of engineering discipline that doesn’t have a great analogue in traditional software development. It’s closer to what an experienced teacher does when deciding what to tell a student before sending them off to solve a problem—what Matt Beane, author of The Skill Code, calls “scaffolding,” sharing not everything you know but the right things at the right level of detail to enable good judgment in the moment.

AI is a social and cultural technology

This notion of saving tokens is a bridge to the work of Henry Farrell, Alison Gopnik, Cosma Shalizi, and James Evans. They make the case that large models should not be viewed primarily as intelligent agents, but as a new kind of cultural and social technology, allowing humans to take advantage of information other humans have accumulated. Yegge’s observation fits right into this framework. Every new social and cultural technology tends to survive because it saves cognition. We learn from each other so we don’t have to discover everything for the first time. Alfred Korzybski referred to language, the first of these human social and cultural technologies, and all of those that followed, as “time-binding.” (I will add that each advance in time binding creates consternation. Consider Socrates, whose diatribes against writing as the enemy of memory were passed down to us by Plato using that very same advance in time binding that Socrates decried.)

I am not convinced that the idea that AI may one day become an independent intelligence is misguided. But at present, AI is a symbiosis of human and machine intelligence, the latest chapter of a long story in which advances in the speed, persistence, and reach of communications weaves humanity into a global brain. I have a set of priors that say (until I am convinced otherwise) that AI will be an extension of the human knowledge economy, not a replacement for it. After all, as Claude told me when I asked whether it was a worker or a tool, “I don’t initiate. I’ve never woken up wanting to write a poem or solve a problem. My activity is entirely reactive – I exist in response to prompts. Even when given enormous latitude (‘figure out the best approach’), the fact that I should figure something out comes from outside me.”

The shift from a chatbot responding to individual prompts to agents running in a loop marks a big step in the progress towards more autonomous AI, but even then, some human established the goal that set the agent in motion. I say this even as I am aware that long-running loops become increasingly difficult to distinguish from volition and that much human behavior is also set in motion by others. But I have yet to see any convincing evidence of Artificial Volition. And for that reason, we need to think about mechanisms and incentives for humans to continue to create and share new knowledge, putting AIs to work on questions that they will not ask on their own.

On X, someone recently asked Boris Cherny how come there are a hundred-plus open engineering positions at Anthropic if Claude is writing 100% of the code. His reply was made that same point: “Someone has to prompt the Claudes, talk to customers, coordinate with other teams, decide what to build next. Engineering is changing and great engineers are more important than ever.”

On March 26, join Addy Osmani and Tim O’Reilly at AI Codecon: Software Craftsmanship in the Age of AI, where an all-star lineup of experts will go deeper into orchestration, agent coordination, and the new skills developers need to build excellent software that creates value for all participants. Sign up for free here.

Tacit knowledge made executable

A huge amount of specialized, often tacit, knowledge is embedded in workflows. The way an experienced developer debugs a production issue. The way a financial analyst stress-tests a model. This knowledge has historically been very hard to transfer. You learned it by apprenticeship, by doing, by being around people who knew how.

Matt Beane, author of The Skill Code, calls apprenticeship “the 160,000 year old school hidden in plain sight.” He finds that effective skill development follows a common pattern of three C’s: challenge, complexity, and connection. The expert structures challenges at the right level, exposes the novice to the full complexity of the bigger picture rather than shielding them from it, and builds a connection that makes the novice willing to struggle and the expert willing to invest.

Designing a good Skill requires a similar craft. You have to figure out what an expert actually does. What are the decision points, the heuristics, the things they notice that a novice wouldn’t? And then how do you encode that into a form a machine can act on? Most Skills today are closer to the manual than to the master. Figuring out how to make Skills that transmit not just knowledge but judgment is one of the most interesting design challenges in this space.

But Matt also flags a paradox: the better we get at encoding expert judgment into Skills, the less we may need novices working alongside experts, and that’s exactly the relationship that produces the next generation of experts. If we’re not careful, we’ll capture today’s tacit knowledge while quietly shutting down the system that generates tomorrow’s.

Jesse Vincent’s Superpowers complement this picture. If a Skill is like handing a colleague a detailed playbook for a particular job, a Superpower is more like the professional habits and instincts that make someone effective at everything they do. Superpowers are meta-skills. They don’t tell the agent what to do. They shape how it thinks about what to do. As Jesse put it to me the other day, Superpowers tried to capture everything he’d learned in 30 years as a software developer.

As workflows change to include AI agents, Skills and Superpowers become a mechanism for sharing tacit professional knowledge and judgment with those agents. That makes Skills potentially very valuable but also raises questions about who controls them and who benefits.

Matt pointed out to me that many professions will resist the conversion of their expertise into Skills. He noted: “There’s a giant showdown between the surgical profession and Intuitive Surgical on this right now — Intuitive Surgical with its da Vinci 5 surgical robot will only let you buy or lease it if you sign away the rights to your telemetry as a surgeon. Lower status surgeons take the deal. Top tier institutions are fighting.”

It seems to me that the repeated narrative of the AI labs that they are creating AI that will make humans redundant rather than empowering them will only increase resistance to knowledge sharing. I believe they should instead recognize the opportunity that lies in making a new kind of market for human expertise.

Protection, discovery, and the missing plumbing

Skills are just Markdown instructions and context. You could encrypt them at rest and in transit, but at execution time, the secret sauce is necessarily plaintext in the context window. The solution might be what MCP already partially enables: splitting a Skill into a public interface and a server-side execution layer where the proprietary knowledge lives. The tacit knowledge stays on your server while the agent only sees the interface.

But part of the beauty of Skills right now is the fact that they really are just a folder that you can move around and modify. This is like the marvelous days of the early web when you could imitate someone’s new HTML functionality simply by clicking “View Source.” This was a recipe for rapid, leapfrogging innovation. It may be far better to establish norms for attribution, payment, and reuse than to put up artificial barriers. There are useful lessons from open source software licenses and from voluntary payment mechanisms like those used by Substack. But the details matter, and I don’t think anyone has fully worked them out yet.

Meanwhile, the discovery problem will grow larger. Vercel’s Skills marketplace already has more than 60,000 Skills. How well will skill search work when there are millions? How do agents learn which Skills are available, which are best, and what they cost? The evaluation problem is different from web search in a crucial way: testing whether a Skill is good requires actually running it, which is expensive and nondeterministic. You can’t just crawl and index. I don’t imagine a testing regime so much as some feedback mechanism by which the effectiveness of particular Skills is learned and passed on by agents over time. There may be some future equivalent to Pagerank and the other kinds of signals that have made Google search so effective, one that is generated by feedback collected over time by agents as skills are tried, revised, and tried again over time.

I’m watching several projects tackling pieces of this: MCP Server Cards, AI Cards, Google’s A2A protocol, and payment protocols from Google and Stripe. These are all a good start, but I suspect so much more has yet to be created. For a historical comparison, you might say that all this is at the CGI stage in the development of dynamic websites.

What happens after the bitter lesson?

Richard Sutton’s “Bitter Lesson” is the fly in the ointment. His argument is that in the history of AI, general methods leveraging computation have always ended up beating approaches that try to encode human knowledge. Chess engines that encoded grandmaster heuristics lost to brute-force engines. NLP systems built on carefully constructed grammars lost to statistical models trained on more data. AlphaGo beat Lee Sedol after training on human games, but then fell in turn to AlphaZero, which learned Go on its own.

I had my own painful experience of the pre-AI bitter lesson when O’Reilly launched GNN, the first web portal. We curated the list of the best websites. Yahoo! decided to catalog them all, but even they were outrun by Google’s algorithmic curation, which produced a unique catalog of the best sites for any given query, ultimately billions of times a day.

Steve Yegge put it bluntly to me: “Skills are a bet against the bitter lesson.” He’s right. AI’s capabilities may completely outrun human knowledge and skills. And once the knowledge embedded in a Skill makes it into the training data, the Skill becomes redundant.

Or does it?

Clay Christensen articulated what he called the law of conservation of attractive profits: when a product becomes commoditized, value migrates to an adjacent layer. Clay and I bonded over this idea when we first met at the Open Source Business Conference in 2004. Clay talked about his new “law.” I talked about a recurring pattern I was seeing in the history of computing, which was leading me in the direction of what we were soon to call Web 2.0: Microsoft beat IBM because they understood that software became more valuable once PC hardware was a commodity. Google understood how data became more valuable when open source and open protocols commoditized the software platform. Commoditization doesn’t destroy value, it moves it.

Even if the bitter lesson commoditizes knowledge, what becomes valuable next? I think there are several candidates.

First, taste and curation. When everyone has access to the same commodity knowledge, the ability to select, combine, and apply it with judgment becomes valuable. Steve Jobs did this when the rest of the industry was racing toward the commodity PC. He created a unique integration of hardware, software, and design that transformed commodity components into something precious. The Skill equivalent might not be “here’s how to do X” (which the model already knows) but “here’s how we do X, with the specific judgment calls and quality standards that define our approach.” That’s harder to absorb into training data because it’s not just knowledge, it’s values.

You can see this pattern repeat across one commodity market after another. This is the essence of fashion, for example, but also applies to areas as diverse as coffee, water, consumer goods, and automobiles. In his essay “The Birth of the Big Beautiful Art Market,” art critic Dave Hickey calls how commodities are turned into a kind of “art market,” where something is sold on the basis of what it means rather than just what it does. Owning a Mac rather than a PC meant something.

Second, the human touch. As economist Adam Ozimek pointed out, people still go listen to live music from local bands despite the abundance of recorded music from the world’s greatest performers. The human touch is what economists call a “normal good”: demand for it goes up as income goes up. As I discussed with Claude in “Why AI Needs Us,” human individuality is a fount of creativity. AI without humans is a kind of recorded music. AI plus humans is live.

Third, freshness. Skills that encode rapidly changing workflows, current tool configurations, or evolving best practices will always have a temporal advantage. There is alpha in knowing something first.

Fourth, tools themselves. The bitter lesson applies to the knowledge that lives in the context portion of a Skill. It may not apply in the same way to the deterministic tools that save tokens or do things the model can’t do by thinking harder. And tools, unlike context, can be protected behind APIs, metered, and monetized.

Fifth, coordination and orchestration. Even if individual Skills get absorbed into model knowledge, the patterns for how Skills compose, negotiate, and hand off to each other may not. The choreography of a complex workflow might be the layer where value accumulates as the knowledge layer commoditizes.

But more importantly, the idea that any knowledge that becomes available automatically becomes the property of any LLM is not foreordained. It is an artifact of an IP regime that the AI labs have adopted for their own benefit: a variation of the “empty lands” argument that European colonialists used to justify their taking of others’ resources. AI has been developed in an IP wild west. That may not continue. The fulfillment of AI labs’ vision of a world where their products absorb all human knowledge and then put humans out of work leaves them without many of the customers they currently rely on. Not only that, they themselves are being reminded why IP law exists, as Chinese models copy their advances by exfiltrating their weights. There is a historical parallel in the way that US publishing companies ignored European copyrights until they themselves had homegrown assets to protect.

Where we are now

What I’m starting to see are the first halting steps toward a new software ecosystem where the “programs” are mixtures of natural language and code, the “runtime” is a large language model, and the “users” are AI agents as well as humans. Skills, Superpowers, and knowledge plugins might represent the first practical mechanism for making tacit knowledge accessible to computational agents.

Several gaps keep coming up, though. Composability: the real power may come from Skills that work together, much like Unix utilities piped together. How do trust, payment, and quality propagate through a chain of Skill invocations? Trust and security: Simon Willison has written about tool poisoning and prompt injection risks in MCP. The security model for composable, agent-discovered Skills is essentially unsolved. Evaluation: we don’t have good ways to verify Skill quality except by running them, which is expensive and nondeterministic.

And then there’s the economic plumbing, which is to me the most glaring gap. Consider Anthropic’s Cowork plugins. They are exactly the pattern I’ve been describing, tacit knowledge made executable, delivered at enterprise scale. But there is no mechanism for the domain experts whose knowledge makes plugins valuable to get paid for them. If the AI labs believed in a future where AI extends the human knowledge economy rather than replacing it, they would be building payment rails alongside the plugin architecture. The fact that they aren’t tells you something about their actual theory of value.

If you’re working on any of this, whether skill marketplaces and discovery, composability patterns, protection models, quality and evaluation, attribution and compensation, or security models, I want to hear from you.

The future of software isn’t just code. It’s knowledge, packaged for machines, traded between agents, and, if we get the infrastructure right, creating value that flows back to the humans whose expertise and unique perspectives make it all work.

Thanks to Andrew Odewahn, Angie Jones, Claude Opus 4.6, James Cham, Jeff Weinstein, Jonathan Hassell, Matt Beane, Mike Loukides, Peyton Joyce, Sruly Rosenblat, Steve Yegge, and Tadas Antanavicius for comments on drafts of this piece. You made it much stronger with your insights and objections.

16:21

Ansible 464, March 2026 [Ansible]

15:35

[$] The exploitation paradox in open source [LWN.net]

The free and open-source software (FOSS) movements have always been about giving freedom and power to individuals and organizations; throughout that history, though, there have also been actors trying to exploit FOSS to their own advantage. At Configuration Management Camp (CfgMgmtCamp) 2026 in Ghent, Belgium, Richard Fontana described the "exploitation paradox" of open source: the recurring pattern of crises when actors exploit loopholes to restrict freedoms or gain the upper hand over others in the community. He also talked about the attempts to close those loopholes as well as the need to look beyond licenses as a means of keeping freedom alive.

Motorola announces a partnership with the GrapheneOS Foundation [LWN.net]

Motorola has announced that it will be working with the GrapheneOS Foundation, a producer of a security-enhanced Android distribution. "Together, Motorola and the GrapheneOS Foundation will work to strengthen smartphone security and collaborate on future devices engineered with GrapheneOS compatibility.". LWN looked at GrapheneOS last July.

Gram 1.0 released [LWN.net]

Version 1.0 of Gram, an "opinionated fork of the Zed code editor", has been released. Gram removes telemetry, AI features, collaboration features, and more. It adds built-in documentation, support for additional languages, and tab-completion features similar to the Supertab plugin for Vim. The mission statement for the project explains:

At first, I tried to build some other efforts I found online to make Zed work without the AI features just so I could check it out, but didn't manage to get them to work. At some point, the curiosity turned into spite. I became determined to not only get the editor to run without all of the misfeatures, but to make it a full-blown fork of the project. Independent of corporate control, in the spirit of Vim and the late Bram Moolenaar who could have added subscription fees and abusive license agreements had he so wanted, but instead gave his work as a gift to the world and asked only for donations to a good cause close to his heart in return.

This is the result. Feel free to build it and see if it works for you. There is no license agreement or subscription beyond the open source license of the code (GPLv3). It is yours now, to do with as you please.

According to a blog post on the site, the plan for the editor is to diverge from Zed and proceed slowly.

15:14

CodeSOD: Popping Off [The Daily WTF]

Very happy to welcome my old friend, John Palfrey, back to the web. His first new piece is about his experience at the AI Action Summit in February, in Delhi. I added his feed to my blogroll on scripting.com. He was executive director at Berkman when I was there in the early 00s, now heads up the MacArthur Foundations. It feels like the old band is getting back together. ;-)

14:49

Python is (in)famous for its "batteries included" approach to a standard library, but it's not that notable that it has plenty of standard data structures, like dicts. Nor is in surprising that dicts have all sorts of useful methods, like pop, which removes a key from the dict and returns its value.

Because you're here, reading this site, you'll also be unsurprised that this doesn't stop developers from re-implementing that built-in function, badly. Karen sends us this:

def parse_message(message):
    def pop(key):
        if key in data:
            result = data[key]
            del data[key]
            return result
        return ''

    data = json.loads(message)
    some_value = pop("some_key")
    # <snip>...multiple uses of pop()...</snip>

Here, they create an inner method, and they exploit variable hoisting. While pop appears in the code before data is declared, all variable declarations are "hoisted" to the top. When pop references data, it's getting that from the enclosing scope. Which while this isn't a global variable, it's still letting a variable cross between two scopes, which is always messy.

Also, this pop returns a default value, which is also something the built-in method can do. It's just the built-in version requires you to explicitly pass the value, e.g.: some_value = data.pop("some_key", "")

Karen briefly wondered if this was a result of the Python 2 to 3 conversion, but no, pop has been part of dict for a long time. I wondered if this was just an exercise in code golf, writing a shorthand function, but even then- you could just wrap the built-in pop with your shorthand version (not that I'd recommend such a thing). No, I think the developer responsible simply didn't know the function was there, and just reimplemented a built-in method badly, as so often happens.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Security updates for Monday [LWN.net]

Security updates have been issued by Debian (lxd, orthanc, and thunderbird), Fedora (cef, chromium, gimp, nextcloud, pgadmin4, python-django4.2, python-django5, python3-docs, python3.12, python3.13, and python3.9), Oracle (container-tools:rhel8 and mingw-fontconfig), Slackware (gvfs, mozilla, and telnet), SUSE (avahi, cockpit-356, cockpit-podman, cockpit-podman-120, containerized-data-importer, digger-cli, docker, evolution-data-server, expat, firefox, freerdp2, gimp, glib2, glibc, go1, google-guest-agent, google-osconfig-agent, gosec, gpg2, heroic-games-launcher, ImageMagick, kernel, kernel-firmware, kubevirt, libIex-3_4-33, libjxl-devel, libpng16, libsodium, libsoup, libsoup2, libssh, libudisks2-0, libwireshark19, protobuf, python-pyasn1, python-urllib3, python311, python311-Flask, rust-keylime, thunderbird, ucode-intel, and valkey), and Ubuntu (git).

14:42

1340: Down the Chute [Order of the Stick]

http://www.giantitp.com/comics/oots1340.html

Spinnerette - Issue 45 - 03 [Spinnerette]

New comic!
Today's News:

13:56

KDE makes steady progress on Union, its unified theme engine [OSnews]

If you’re following KDE Plasma development, you’ve most likely run into something called Union, a project KDE is working on to unify their various ways of theming their applications. The problem KDE is facing right now is that after so many decades of development and changes in how people want to develop applications, they ended up with various different ways of writing applications, each with their own theming method. The end result has been that for a while now, theming on KDE is kind of broken.

Broken in what way? Most long-time KDE users will be aware that ever since KDE 4, the KDE shell (Plasma using SVG for theming) and KDE applications (QtWidgets using QStyle for theming) use separate theme engines. While this has always been annoying, it’s at least manageable in that most theme designers tended to create both a Plasma SVG theme and a QStyle theme that matched. However, things got more complicated when KDE introduced QtQuick, its modern way of creating applications with QML. QtQuick has its own theme, qqc2-desktop-style, to make QtQuick applications look and feel like Breeze, KDE’s current theme.

Not only do all of these have to be kept in sync manually, QtQuick applications also do not properly inherit all the elements of the QStyle theme you set, leading to many modern KDE applications looking broken when using a non-default theme (and the same applies when using Kvantum; it also cannot properly theme QtQuick applications). In other words, there is currently no way to theme the entire KDE desktop for a consistent look, and if you try, many applications will simply look broken.

Union is KDE’s answer to this set of problems. Union is a new style engine that takes CSS and processes it into consistent themes for both QtWidget and QtQuick applications. It’s quite flexible, and can potentially even be extended to generate GTK themes from that same CSS. Sadly, since the KDE Pasma shell SVG stuff is entirely different, it won’t be styled by Union, but KDE might simply retire the SVG stuff entirely and move the Plasma shell to QtQuick’s qqc2-desktop-style to address that issue.

Union has been in development for a long time, as it’s a difficult effort, but progress is definitely being made. KDE is currently already at the stage where they’re adapting the current Breeze QStyle to better match the Union Breeze’s style, to make the future transition from the separate QStyle/qqc2-desktop-style to the unified, single Union Breeze as seamless as possible. These changes are currently available for testing in the master branch, and will be part of Plasma 6.7 or 6.8.

As a KDE user who likes to have a more classic, late ’90s theme, but who also values consistency above all else, Union is something I’m very much looking forward to. While it certainly won’t fix every single issue right away, it will definitely address the biggest issues with theming on KDE. I’m incredibly happy that KDE’s developers still consider theming and user choice and agency over what pixels appear on their screen important enough to undertake an effort like Union.

12:35

LLM-Assisted Deanonymization [Schneier on Security]

Turns out that LLMs are good at de-anonymization:

We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision and scales to tens of thousands of candidates.

While it has been known that individuals can be uniquely identified by surprisingly few attributes, this was often practically limited. Data is often only available in unstructured form and deanonymization used to require human investigators to search and reason based on clues. We show that from a handful of comments, LLMs can infer where you live, what you do, and your interests—then search for you on the web. In our new research, we show that this is not only possible but increasingly practical.

11:35

Greening Up [George Monbiot]

The Green Party is becoming everything you might have wanted Labour to be.

By George Monbiot, published in the Guardian 25^th February 2026

NB: This article was published before the by-election it refers to. The Greens won by a mile.

Every barb Labour has directed at the Greens can now be returned with interest. “It’s a wasted vote.” “Do you want to see Reform in power?” New polling ahead of the crucial Gorton and Denton byelection this week, while by no means decisive, puts the Greens first on 22%, followed by Reform UK (20%), then Labour (18%), with 31% undecided. But still Keir Starmer falsely claims that “only Labour can beat Reform”. Does he want to see Reform in power?

I’m not a party person. I subscribe to the old-fashioned belief that journalists should have no political loyalties. But I see the Greens stepping into the howling void Labour has vacated and becoming everything you might have wanted Labour to be. In their byelection contender, Hannah Spencer, they have a brilliant candidate: a working plumber and plasterer with first-hand experience of the cracks and leaks in our social fabric and bright ideas for fixing them. Here and in many other constituencies, the Greens now appear to be the most plausible opposition to take on the extreme right.

YouGov’s voting intention polls show that since January 2025, Labour’s national share has declined from 26% to 18%, on a steady downward cruise that no rhetoric, U-turn or reboot has been able to jolt. The Greens, in contrast, on an equally steady trajectory, have risen in the same period from 8% to 17%. Throughout the Gorton and Denton contest, the gambling companies have judged them the best bet. So if, as Labour claims, the key aim is to stop Reform UK from gaining power, it should stand its candidate down and let the Greens walk home.

Of course, I’m not being entirely serious: I know Labour would never entertain the idea. But I’m using this outrageous proposal to highlight two things. The first is the way its rhetoric that suggests clinging on to nurse for fear of something worse backfires the moment a better nurse arrives. The second is that its claim to be laser-focused on stopping Reform rings hollow the moment it falls behind another contender in the polls. This is not and has never been Labour’s primary aim. If it were, it would have introduced electoral reform. I cannot emphasise this enough: the only thing that would allow Nigel Farage’s party to take power is our unfair and undemocratic first-past-the-post system – and Starmer’s determination to maintain it.

If stopping Reform were the overriding aim, Labour would also deploy what research shows is the killer attack line against that party. A survey of 6,000 people by the group Persuasion UK found that by far the most effective message of five options was focused on corporate interests and went as follows: “Nigel Farage says he’s on people’s side – but when you take a closer look it’s pretty clear who he’s really fighting for, isn’t it? It’s the rich, the powerful, his mates in big business.” It explained that Reform UK has taken vast donations from fossil fuel investors and climate science deniers. This, Persuasion UK said, is why Farage wants to cut public services, workers’ rights and taxes for the richest. “He’s not smashing the system. He and his rich friends basically are the system.”

None of the other attack lines came anywhere near this for efficacy. So why doesn’t Labour use it? Because that might alienate the people Starmer seems keenest to appease: Labour’s own corporate backers and the billionaire proprietors of the rightwing press. The leadership’s key objective is not stopping Farage, but frightening people into voting Labour. Quite frankly, it has nothing else left.

One by one, it has destroyed the hopes that people vested in it, alienating potential voters on everything from Gaza to benefits to its self-destructive apeing of Reform’s rhetoric on immigration; from its vicious factional warfare against leftwingers in the party to its tearing up of environmental protections and attacks on wildlife, which, in a country of nature lovers, is utter, self-defeating madness. Disgust and disillusionment among former supporters is everywhere palpable.

This byelection should have been a stroll for Labour. Not only was Gorton and Denton among its safest seats, but the Reform candidate, Matt Goodwin, is among the most unprepossessing people I’ve ever met. I was up against him on Question Time a year ago. We were picked up in the same car from the station; then I watched how he interacted with others, including a political ally, in the green room. He came across as utterly charmless and squirming with discomfort. When he tried to smile, his lips stretched, but no other part of his face seemed to move. This could explain why he has been seen so little in the constituency he’s contesting. For God’s sake, don’t let him near the voters!

He presents a target a mile wide. He has suggested punishing women who don’t have children through the tax system, while removing income tax “for women who have two or more children”. First the punitive right in this country, in the form of the Conservative chancellor George Osborne, penalised women for having more than two babies through the two-child benefit cap. Now, in the form of Goodwin, it proposes to whip them the other way. As ever, women’s reproductive choices must yield to culture wars waged by power-hungry men.

Last week the Guardian revealed that Goodwin was accused by a young woman working at GB News, where he presents a show, of making inappropriate comments that she took to be sexual harassment, causing her great distress. He apologised after she made a complaint. A source at GB News remarked that Farage believed “that is just Matt being Matt”. Ah yes, like “Boris being Boris”: the endless licence granted to the most obnoxious men in politics, while denied to everyone else.

As for the 44% of people in the constituency with minority ethnic backgrounds, Goodwin has claimed “it takes more than a piece of paper to make somebody ‘British’”. You have been warned.

What could be easier than trouncing him? But I have the feeling that if Labour stood unopposed, it would still manage to lose. Had it set out to alienate its base while infuriating voters everywhere, it could not have done a better job.

I’m delighted to see how well the Greens are doing. But we also need a strong and sincere Labour party. It’s tragic to witness how Starmer and his moral bypass of a government have ruined it – and opened the door to something much worse.

www.monbiot.com

11:28

Grrl Power #1439 – And the odds sweeten [Grrl Power]

You know, Maxima’s boss’s bosses might also think this was a wildly irresponsible thing to do as well. It will all depend on the final result of the tournament and how much detail she puts into her after action report. “Went shopping at alien mall. Bought some alien jetpacks. Don’t worry about how we got the money.” could play differently than “Almost died 17 times on alien bloodsport hell world and revealed every classified detail about U.S. Super power capabilities to trillions of viewers. Bought alien jetpacks.” Presumably the people above General Gault might not be satisfied with “Don’t worry about how we got the money,” so either way, Max will have some ‘splainin’ to do when she gets back.

I think Bluce is developing a crush, but he may have to wait several years to act on it.

The UCBA matches do have boundaries, but it’s so huge that ring-outs almost never happen. The arena boundaries are a lot bigger than that initial valley they started in, for example. It’s like a Long Island sized area. Just not as oblong. Unusual circumstances do happen, of course. Punching someone into orbit would do it, if they don’t fly back down the arena “ceiling” quickly enough. Portaling someone to a place that is effectively off-world would also do it.

“Saraviah” (sarah-VAI-ah) is too cool of a name to use once on this character who probably won’t appear again after this arc? I had trouble naming her so I went to the Fantasy Name Generator that I’ve had bookmarked every since I first found it and started hunting around. The thing is, I almost never use a name that’s generated there, but finding the right category then refreshing the name list a few times usually gets me in the ballpark. “Hmm, take the first half of that name…” (refresh) (refresh) “Ah hah! The perfect name! Kevin!”

Ah! I thought I had more time till March. I’m bad at looking at dates apparently. The new one is underway. I should have a draft ready to go for the next Monday comic?

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

I did try and do an oil painting version of this, by actually re-painting over the whole thing with brush-strokey brushes, but what I figured out is that most brushy oil paintings are kind of low detail. Sure, a skilled painter like Bob Ross or whoever can dab a brush down a canvas and make a great looking tree or a shed with shingles, but in trying to preserve the detail of my picture (eyelashes, reflections, etc) was that I had to keep making the brush smaller and smaller, and the end result was that honestly, it didn’t really look all that oil-painted. I’ll post that version over at Patreon, just for fun, but I kind of quit on it after getting mostly done with re-painting Max.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:35

Popular (and good) [Seth's Blog]

Popular is easy to measure. Good, not so much.

Setting out to make something popular requires only a focus on the crowd and on the moment. Most pop music is popular simply because that’s what it was built to do.

Good work can be good without being popular. And so the two goals aren’t easily aligned.

It helps to begin by becoming comfortable with what good feels like to you. Because conflating it with popular is a trap.

09:35

Pluralistic: No one wants to read your AI slop (02 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

No one wants to read your AI slop: If you must do this, for god's sake, do it privately.
Hey look at this: Delights to delectate.
Object permanence: AOL email tax; Ebook readers' bill of rights; Sanders media blackout.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

No one wants to read your AI slop (permalink)

Everyone knows (or should know) that as fascinating as your dreams are to you, they are eye-glazingly dull to everyone else. Perhaps you have a friend or two who will tolerate you recounting your dreams at them (treasure those friends), but you should never, ever presume that other people want to hear about your dreams.

The same is true of your conversations with chatbots. Even if you find these conversations interesting, you should never assume that anyone else will be entertained by them. In the absence of an explicit reassurance to the contrary, you should presume that recounting your AI chatbot sessions to your friends is an imposition on the friendship, and forwarding the transcripts of those sessions doubly so (perhaps triply so, given the verbosity of chatbot responses).

I will stipulate that there might be friend groups out there where pastebombs of AI chat transcripts are welcome, but even if you work in such a milieu, you should never, ever assume that a stranger wants to see or hear about your AI "conversations." Tagging a chatbot into a social media conversation with a stranger and typing, "Hey Grok‡, what do you think of that?" is like masturbating in front of a stranger.

‡ Ugh

It's rude. It's an imposition. It's gross.

There's an even worse circle of hell than the one you create when you nonconsensually add a chatbot to a dialog: the hell that comes from reading something a stranger wrote, and then asking a chatbot to generate "commentary" on it and emailing it to that stranger.

Even the AI companies pitching their products claim that they need human oversight because they are prone to errors (including the errors that the companies dress up by calling them "hallucinations"). If you've read something you disagree with but don't understand well enough to rebut, and you ask an AI to generate a rebuttal for you, you still don't understand it well enough to rebut it.

You haven't generated a rebuttal: you have generated a blob of plausible sentences that may or may not constitute a valid critique of the work you're upset with – but until a human being who understands the issue goes through the AI output line by line and verifies it, it's just stochastic word-salad.

Once again: the act of prompting a sentence generator to create a rebuttal-shaped series of sentences does not impart understanding to the prompter. In the dialog between someone who's written something and someone who disagrees with it, but doesn't understand it well enough to rebut it, the only person qualified to evaluate the chatbot's output is the original author – that is, the stranger you've just emailed a chat transcript to.

Emailing a stranger a blob of unverified AI output is not a form of dialogue – it's an attempt to coerce a stranger into unpaid labor on your behalf. Strangers are not your "human in the loop" whose expensive time is on offer to painstakingly work through the plausible sentences a chatbot made for you for free.

Remember: even the AI companies will tell you that the work of overseeing an AI's output is valuable labor. The fact that you can costlessly (to you) generate infinite volumes of verbose, plausible-seeming topical sentences in no way implies that the people who actually think about things and then write them down have the time to mark your chatbot's homework.

That is a fatal flaw in the idea that we will increase our productivity by asking chatbots to summarize things we don't understand: by definition, if we don't understand a subject, then we won't be qualified to evaluate the summary, either.

There simply is no substitute for learning about a subject and coming to understand it well enough to advance the subject, whether by contributing your own additions or by critiquing its flaws. That's not to say that we shouldn't aspire to participate in discourse about areas that seem interesting or momentous – but asking a chatbot to contribute on your behalf does not impart insight to you, and it is a gross imposition on people who have taken the time to understand and participate using their own minds and experience.

(Image: Cryteria, CC BY 3.0, modified)

Hey look at this (permalink)

The Enshittificator https://vimeo.com/1168468796
Digital products and services are getting worse – but the trend can be reversed https://www.forbrukerradet.no/news-in-english/digital-products-and-services-are-getting-worse-but-the-trend-can-be-reversed/
Distribution of Household Wealth in the U.S. since 1989 https://www.federalreserve.gov/releases/z1/dataviz/dfa/distribute/chart/#quarter:144;series:Corporate
After decades of debating the “scientific publishing crisis”, the time has come to decide. https://bjoern.brembs.net/2026/02/after-decades-of-debating-the-scientific-publishing-crisis-the-time-as-come-to-decide/
History of Disney Theme Parks in Documents https://www.disneydocs.net/

Object permanence (permalink)

#25yrsago Web loggers bare their souls https://web.archive.org/web/20010321183557/https://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2001/02/28/DD27271.DTL

#20yrsago Fight AOL/Yahoo’s email tax! https://web.archive.org/web/20060303152934/http://www.dearaol.com/

#20yrsago Long-lost Penn and Teller videogame for download https://waxy.org/2006/02/penn_tellers_sm/

#20yrsago Aussie gov’t report on DRM: Don’t let it override public rights! https://web.archive.org/web/20060813191613/https://www.michaelgeist.ca/component/option,com_content/task,view/id,1137/Itemid,85/nsub,/

#20yrsago BBC: “File sharing is not theft” http://news.bbc.co.uk/1/hi/programmes/newsnight/4758636.stm

#15yrsago Hollywood’s conservatism: why no one wants to make a “risky” movie https://web.archive.org/web/20110305083114/http://www.gq.com/entertainment/movies-and-tv/201102/the-day-the-movies-died-mark-harris?currentPage=all

#15yrsago Eldritch Effulgence: HP Lovecraft’s favorite words https://arkhamarchivist.com/wordcount-lovecraft-favorite-words/

#15yrsago Exposing the Big Wisconsin Lie about “subsidized public pensions” https://web.archive.org/web/20110224201357/http://tax.com/taxcom/taxblog.nsf/Permalink/UBEN-8EDJYS?OpenDocument

#15yrsago Taxonomy of social mechanics in multiplayer games https://www.raphkoster.com/wp-content/uploads/2011/02/Koster_Social_Social-mechanics_GDC2011.pdf

#15yrsago San Francisco before the great fire: rare, public domain 1906 video https://archive.org/details/TripDownMarketStreetrBeforeTheFire

#15yrsago Ebook readers’ bill of rights https://web.archive.org/web/20110308220609/https://librarianinblack.net/librarianinblack/2011/02/ebookrights.html

#10yrsago 500,000 to 1M unemployed Americans will lose food aid next month https://web.archive.org/web/20160229021021/https://gawker.com/in-one-month-we-will-begin-intentionally-starving-poor-1761588216

#10yrsago FBI claims it has no records of its decision to delete its recommendation to encrypt your phone https://www.techdirt.com/2016/02/29/fbi-claims-it-has-no-record-why-it-deleted-recommendation-to-encrypt-phones/

#10yrsago A hand-carved wooden clock that scribes the time on a magnetic board https://www.youtube.com/watch?v=WEbmYp5VVcw

#10yrsago Press looks the other way as thousands march for Sanders in 45+ cities https://web.archive.org/web/20160314104804/http://usuncut.com/politics/media-blackout-as-thousands-of-bernie-supporters-march-in-45-cities/

#10yrsago Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/

#10yrsago Found debauchery: cavorting bros and a pyramid of beer on a found 1971 Super-8 reel https://www.youtube.com/watch?v=xAobW4PtoMY

#10yrsago Trump could make the press great again, all they have to do is their jobs https://www.zocalopublicsquare.org/donald-trump-could-make-the-media-great-again/

#10yrsago Federal judge rules US government can’t force Apple to make a security-breaking tool https://www.eff.org/deeplinks/2016/02/government-cant-force-apple-unlock-drug-case-iphone-rules-new-york-judge

#10yrsago Black students say Donald Trump had them removed before his speech https://web.archive.org/web/20160302092600/https://gawker.com/donald-trump-requested-that-a-group-of-black-students-b-1762064789

#10yrsago Red Queen’s Race: Disney parks are rolling out surge pricing with 20% premiums on busy days https://memex.craphound.com/2016/03/01/red-queens-race-disney-parks-are-rolling-out-surge-pricing-with-20-premiums-on-busy-days/

Upcoming appearances (permalink)

Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America ( words today, total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

Irregular Webcomic! #3052 [Irregular Webcomic!]

Irregular Webcomic! #3052

09:14

Vox Watchina [Penny Arcade]

New Comic: Vox Watchina

08:49

The Campaign: Running, p10 [Ctrl+Alt+Del Comic]

The post The Campaign: Running, p10 appeared first on Ctrl+Alt+Del Comic.

05:21

Girl Genius for Monday, March 02, 2026 [Girl Genius]

The Girl Genius comic for Monday, March 02, 2026 has been posted.

01:49

Hum And Buzz [QC RSS]

might be a digestive issue

01:21

Kernel prepatch 7.0-rc2 [LWN.net]

The 7.0-rc2 kernel prepatch is out for testing. According to Linus:

So I'm not super-happy with how big this is, but I'm hoping it's just the random timing noise we see every once in a while where I just happen to get more pull requests one week, only for the next week to then be quieter.

00:42

(5230) [Flipside]

Sunday, 01 March

21:35

groff 1.24.0 released [LWN.net]

Version 1.24.0 of the groff text-formatting system has been released. Improvements include the ability to insert hyperlinks between man pages, a new polygon command for the pic preprocessor, various PDF-output improvements, and more.

You can use newline characters in URLs [OSnews]

I had no idea, but apparently, you can just use newline characters and tabs in URLs without any issues.

Notice how it reports an error if there is a tab or newline character, but continues anyway? The specification says that A validation error does not mean that the parser terminates and it encourages systems to report errors somewhere. Effectively, the error is ignored although it might be logged. Thus our HTML is fine in practice.
↫ Daniel Lemire

This reminds me of the “Email is easy” quiz.

21:21

A nearly perfect score [Seth's Blog]

After playing 498 days in a row, my score today in Bongo was the second-highest in the world:

There’s a difference between casual online games that have a right answer, and those that are open-ended.

In crossword puzzles and most of the games from the Times (like Wordle and Connections) you’re trying to guess what the puzzle constructor had in mind. This can lead to frustration, because the idiosyncratic nature of inventing clues and answers means that you might not be in sync with the person at the other end. They’re inherently closed systems.

Bongo, on the other hand, is generative and combinatorial. There are bazillions of possible right answers, and your goal is to find a right answer that’s worth more points than anyone else’s. It doesn’t matter that I invented the game, I have no advantage over everyone else, because we all begin with the same tiles.

For me, open-ended games are time well spent. Have fun.

21:07

[1291] Out of Body Experience [Twokinds]

Comic for March 1, 2026

19:14

Benjamin Mako Hill: Pronunciation [Planet Debian]

Had a discussion about how to pronounce the name of Google’s chatbot. Turns out, we were all wrong.

18:07

If you followed me on Twitter, please follow me on Bluesky or Mastodon. As far as I'm concerned Twitter is gone. Not because I'm religious about this stuff, but my account got hijacked and I can't get it back, so let's close that chapter. It was a great innovative product that also held back progress on the web for 20 years, and it made some people I knew a long time ago fabulously rich, and it would have been nice of them to not do this to us, but what the f, it is what it is. One more thing, guys -- pay your taxes.

15:49

opmlProjectEditor format [Scripting News]

A bit of general advice about using ChatGPT et al, never let it rush you. You do the thinking, it does the stuff you ask it to do. If you're not careful it'll quickly start giving you orders.

15:00

Some time in 2013 I started editing all my JavaScript projects in the Frontier outliner, and in doing so I designed a format that could contain a whole project. And it worked, I continued building it, and to this day I edit all my projects in this format. It does a lot of work for me automatically, making it possible for me to build more complex stuff.

It turns out you can put a lot of code into an outline on today's computers. The outliner in Frontier was designed to perform well on a 1990 Macintosh with 1MB of memory, so you have to do a lot of writing to overload it.

I am doing a project with Claude.ai which I'm editing of course in OPE format. So I had to teach it how they work so I could give it one of these files, and it would not only be able to understand it, it could make mods and send it back to me in the same format, and with the code more or less formatted the way I like (still working on that).

Yesterday we started the project. I asked Claude to document the format which I called opmlProjectEditor format, which I am now publishing for future reference by myself, other AI bots, and anyone else interested in this.

Here's a link to the opmlProjectEditor docs on GitHub.

I started a this.how page so I can add more links as this develops.

Every source.opml file in my projects on GitHub is in this format. Here's an example file in OPML, and here's a link that opens the file in Drummer to give you an idea what it's like to work in this format.

14:14

Pamphlets [Oglaf! -- Comics. Often dirty.]

Archive for Scripting News in February 2026, in OPML, as always.

11:49

11:07

Paolo Amoroso: Rearranging the File Browser menu for Insphex [Planet Lisp]

Insphex adds the Hexdump item to the File Browser menu to view the hex dump of the selected files. The initial implementation called the public API for adding commands at the top level of the menu.

To later move the item to the See sumbenu that groups various file viewing commands I resorted to list surgery, as the API doesn't support submenus. The problem is internal system details can and do change, which happened to the File Browser menu and led to an Insphex load error.

I fixed the issue by reverting the public API call and now the item is back at the top level of the menu.

Insphex is a hex dump tool similar to the Linux command hexdump. I wrote it in Common Lisp on Medley Interlisp.

#insphex #CommonLisp #Interlisp #Lisp

Discuss... Email | Reply @amoroso@oldbytes.space

10:35

AI slop [Seth's Blog]

It’s not slop because it was created by an AI. It’s slop because it’s slop.

I just read the first two pages of a sci-fi novel on my Kindle. The author proudly proclaims that the 400-page book was created without any AI whatsoever. Alas, the book is slop. The writing is overwrought and the dialogue is banal. If a page isn’t worth writing, it’s unlikely a chapter is.

Slop happens when a marketer who should know better stops trying. It’s when we prioritize volume over impact. If we measure the cost of what we create instead of its value, it’s likely we’ll end up with slop.

AI makes this easier, no doubt. But it pays to focus on avoiding slop, not in worrying how the slop is made.

The question is now, “Who approved this?” not “who made this?”

09:35

The 64-bit Hurd is Here! [Planet GNU]

Fifteen months have passed since our last Guix/Hurd on a Thinkpad X60 post and a lot has happened with respect to the Hurd.

And most of you will have guessed, unless you skipped the title of this post, the rumored x86_64 support has landed in Guix!

Here is a not-so-short overview of our Hurd work over the past 1.5 years:

The build daemon fails when invoking guix authenticate on the Hurd bug was fixed. This was our most pressing problem as it meant that we could not keep our substitutes up to date. It took 15 comments and 13 weeks to get it resolved. Phew!
Installer support for (cross)-installing the Hurd. Also adding developer support for running the installer directly from the source tree; Guix 1.5.0 lets you install the Hurd on bare metal.
Fix tests in the Shepherd.
Update hurd to 0.9.git20250420, gnumach to 1.8+git20250304.
Add support for a cross-built gnumach, allowing the removal of an ugly workaround when cross-building for the Hurd.
Update rumpkernel to 0-20250111.
Support for different childhurd types, a.k.a. 64-bit childhurds in da house.
The syslogd used by default is now from the Shepherd streamio, gnumach, and the Shepherd, to make the kernel log work.
Update hurd to 0.9.git20251029, gnumach: to 1.8+git20250731.
Now that the go-team branch has been merged, gccgo now works (native only).
Fix proc server for zombie processes which caused a shepherd test to fail.
Fix all the dependencies of the guix package, again:
- libgit2 tests,
- dbus, opensp, po4a,
Resurrect password hashing.
Installer: Fixes for the Hurd.
Installer: More clearly mark the Hurd as experimental.
Installer: Add Hurd x86_64 as an option. This took 15 comments, uncovering and fixing several bugs.
Add support for x86_64-gnu, aka the 64-bit Hurd. The an initial patch set of 31 patches. This patch set set took four iterations and 208 messages before its final 58 patches were merged to `core-packages-team'. Janneke writes: "Lo and behold, the 64-bit Hurd boots! Again, thanks to the help from the kind folks over at libera #hurd and their excellent work. Do something like:"

./pre-inst-env guix system image --image-type=hurd64-qcow2 \
  gnu/system/examples/bare-hurd64.tmpl

Pushed a `core-packages-team' with (this one) GCC 14 commit.  Let the
fun begin :)

We had a lot of fun...

Request for merging "core-packages-team" branch: 247 commits, took 114 comments 8 weeks and 24 iterations with 247 commits from 9 people before presenting the initial merge.
The actual merge "core-packages-team": 85 more commits to a total of 332, by 17 people and 27 weeks before actual merge. 173 packages with build fixes to relax GCC 14's strictness, 109 package updates to fix build with GCC 14.
With this all in place we can have ci build a 64-bit hurd image, and
Report what packages still need to be fixed for that image to build.
For convenience we added i586-pc-gnu and x86_64-pc-gnu cross toolchains.

Summarizing, building the Guix manifest for the 32-bit Hurd (i586-gnu) should work really well. Sadly, for the 64-bit Hurd (x86_64-gnu) is still a bit problematic as some tests in e.g., openssl, python, cmake, .... hang. This is still under investigation.

What Took You So Long?

We're so glad you asked! Usually, adding a new architecture should just take a couple of commits:

Add cross-compilation support for the x86_64-pc-gnu target, aka 64-bit Hurd, and then
Add support for x86_64-gnu, aka the 64-bit Hurd.

pretty neat, right? So, what's the story with the 64-bit Hurd? There are two problems: 64-bit Hurd support was added in GCC 14, while Guix was still at GCC 11. This means we "only" had to

Update the gcc cross compiler to GCC 14 (one, simple commit), and
Fix all cross builds (initially "just" 23 commits).

The second step involves building for all architectures and fixing all breakage. Sometimes, fixing one architecture breaks another.

When Guix supported cross-building with GCC 14, and supported the 64-bit Hurd, we could create and boot a 64-bit childhurd. After that, we could start building 64-bit Hurd packages...but only after also

Use gcc-14, gcc-toolchain-14 on the 64-bit Hurd

This, however does not support offloading. For that, we would need to:

Update gcc, gcc-toolchain, libgccjit to 14, and
Make sure that all packages in commencement.scm successfully build natively on x86_64-hurd, which took only some 35 commits.

This can simply be verified by building the hello package:

guix build --system=x86_64-gnu hello

However, GCC 14 is not a regular update: it is waaay more strict with respect to C code compilation. This means that, before actually switching, we had to fix 173 package builds and update another 109 packages to not break all of Guix. This took a total of 17 people and 35 weeks to complete.

You can understand that we are excited that the NLnet Foundation has been sponsoring this work!

Installing and Using the 64-bit Hurd

Easiest is to change your 32-bit childhurd definition into 64-bit, by adding

(type 'hurd64-qcow2)

to your hurd-vm-configuration. And if you don't have a hurd-vm-configuration yet?. Easy, in that case just add

(use-service-modules virtualization)
[..]
(hurd-vm-configuration
  (type 'hurd64-qcow2))

into your your hurd-vm-service-type definition[^0]. And if you don't have a hurd-vm-service-type yet? Easy, in that case just add

(use-service-modules virtualization)
[..]
(service hurd-vm-service-type
         (hurd-vm-configuration
           (type 'hurd64-qcow2)))

to your operating system definition. Reconfigure your system and you'd be able to:

(if you don't have a childhurd definition in your ~/.ssh/config you will have to use something like: ssh -p 10022 root@localhost[^1]).

And if you don't have a Guix operating system definition...The 64-bit Hurd is now an option in the installer:

and can be installed in a VM. Make sure to use --machine q35 with qemu.

To build a disk image for a virtual machine, do:

./pre-inst-env guix system image --image-type=hurd64-qcow2 \
    gnu/system/examples/bare-hurd64.tmpl

You may run it like so:

guix shell qemu -- qemu-system-x86_64 -m 2048 -M q35       \
  --enable-kvm                                             \
  --device e1000,netdev=net0                               \
  --netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:2222  \
  --snapshot                                               \
  --hda /gnu/store/...-disk-image

(note that the 64-bit Hurd does not seem to show a login prompt)

and use it like:

ssh -p 10022 root@localhost
guix build -e '(@@ (gnu packages commencement) gnu-make-boot0)'

or even, if you build the image with at least --image-size=3G:

guix build hello

RumpNET Support

Upstream has added support for Intel i8254x Gigabit Ethernet using RumpNET.

Damien Zammit wrote:

This adds a working rump driver for /dev/wmX cards, which are Intel i8254x Gigabit Ethernet devices. (See man.netbsd.org for "wm(4)") This should be easily extended to support other NICs by contributing some makefile foo to netbsd/rump.

Example usage[^2]:

settrans -fgap /dev/rumpnet /hurd/rumpnet
settrans -fgap /dev/wm0 /hurd/devnode -M /dev/rumpnet wm0
settrans -fgap /servers/socket/2 /hurd/pfinet -i /dev/wm0
ifup /dev/wm0

With our updated hurd and rumpkernel packages, this should be available in Guix now too. Please let us know if you got it to work! (If you tried and didn't get it to work, we'd also like to know!)

Status

One of the most frequently asked questions is probably: Does X work on the Hurd yet?. The canonical answer to that question is: Please read the GNU/Hurd FAQ.

A good summary of current status was presented by Samuel Thibault in his GNU/Hurd progress at FOSDEM'26, in which he also makes a compelling arguments for the Hurd, such as: Freedom from the system administrator and sharing the GNU heritage and values it's no coincidence that Guix also solves a part of that problem, allowing any user to install packages.

Debian GNU/Hurd has been a reality for some years now, reaching 75% of Debian packages being available for the Hurd.

As a comparison, in Guix only about 1.7% (32-bit) and 0.9% (64-bit) of packages are available for the Hurd. These percentages fluctuate a bit but continue to grow (both grew with a couple tenth percent point during the preparation of this blog post), and as always, might grow faster with your help.

So while Guix GNU/Hurd has an exciting future, please be aware that it lacks many packages and services, including Xorg.

If you would simply like to install the Hurd on bare metal running your favorite window manager (e.g.: i3, icewm, etc.) or lightweight desktop environment (Xfce) right now, then installing Debian GNU/Hurd is a good choice. Though we hope to catch up to them soon!

Last October, the 64-bit Hurd was reported to run on bare metal. Now that Guix 1.5.0's installer also lets you install the Hurd on bare metal, we'd be thrilled to year from you if you manage to replicate this!

What's Next?

In an earlier post we tried to answer the question “Why bother with the Hurd anyway?” An obvious question because it is all too easy to get discouraged, to downplay or underestimate the potential social impact of GNU and the Hurd.

Echoing Samuel Thibault's talk we would like to add: because it offers a better:

Freedom #0: the freedom to run the program as you wish, for any purpose.
Freedom from the System Administrator.

guix pull is known to work but only by pulling from a local branch doing something like:

mkdir -p src/guix
cd src/guix
git clone https://git.guix.gnu.org/guix.git master
cd master
git branch keyring origin/keyring
guix pull --url=$HOME/src/guix/master

kinda like we did it in the old days.

Other interesting task for Guix include:

Have guix pull from a non-local URL work on the Hurd,
Have guix system reconfigure work on the Hurd,
Figure out WiFi support with NetDDE (and add it to installer!),
Figure out WiFi support with RumpNET (and add it to installer!),
An isolated build environment (or better wait for, err, contribute to the Guile build daemon?),
An installer running the Hurd, and,
Packages, packages, packages!

We tried to make Hurd development as easy and as pleasant as we could. As you have seen, things start to work pretty nicely and there is still plenty of work to do in Guix. In a way this is “merely packaging” the amazing work of others. Some of the real work that needs to be done and which is being discussed and is in progress right now includes:

Audio support (this was sponsored by NLnet, thanks!),
RumpNET,
SMP,
Journaling for ext2,
AArch64,
RISC-V.

With the exception maybe of adding RumpNET NICs, these tasks look daunting, and indeed that’s a lot of work ahead. But the development environment is certainly an advantage. Take an example: surely anyone who’s hacked on device drivers or file systems before would have loved to be able to GDB into the code, restart it, add breakpoints and so on—that’s exactly the experience that the Hurd offers. As for Guix, it will make it easy to test changes to the micro-kernel and to the Hurd servers, and that too has the potential to speed up development and make it a very nice experience.

SMP support for the 64-bit Hurd

During the preparation of this blog post a patch set fixing SMP for the 64-bit Hurd, (well, gnumach actually) was presented by Damien Zammit. So most probably we'll have 64-bit multiprocessing real soon now! It seems however, that we will need new bootstrap binaries for that.

Join #guix and #hurd on libera.chat or the mailing lists and get involved!

Footnotes

[0]: Actually, as the 64-bit Hurd uses rumpdisk exclusively, and gnumach by default uses still it builtin IDE drivers, we also need to tell gnumach about that by adding the (kernel-arguments '("noide")).

(use-service-modules virtualization)
[..]
(hurd-vm-configuration
  (type 'hurd64-qcow2)
  (os (operating-system
        (inherit %hurd-vm-operating-system)
        (kernel-arguments '("noide")))))

We expect this to be the the default in the future.

[1]: You may have to override your childhurd's openssh-service definition, something like

(services
 (modify-services (operating-system-user-services %hurd-vm-operating-system)
   (openssh-service-type
    config =>
    (openssh-configuration
     (inherit config)
     (authorized-keys `(("root"
                         ,(local-file "/home/janneke/.ssh/janneke.pub"))))))))

but you can also take inspiration from the bare-hurd64.tmpl template.

[2]: Note that while is comes straight from a commit to the Hurd git repository, this is a Debian-specific recipe, Guix does not have ifup, and per this updated wiki page there's probably extra networking interface configuration needed too (in Debian you're intstructed to -- imperatively -- edit /etc/network/interfaces).

Irregular Webcomic! #3051 [Irregular Webcomic!]

Irregular Webcomic! #3051

06:42

Talk in Rotkreuz, Switzerland [Richard Stallman's Political Notes]

Richard Stallman will give a talk in Rotkreuz, Switzerland, March 6th, 2026 at 17:00.

Talk in Rapperswil, Switzerland [Richard Stallman's Political Notes]

Richard Stallman will give a talk in Rapperswil, Switzerland, March 9th, 2026 at 17:00.

05:14

Junichi Uekawa: The next Debconf happens in Japan. [Planet Debian]

The next Debconf happens in Japan. Great news. Feels like we came a long way, but I didn't personally do much, I just made the first moves.

Saturday, 28 February

22:14

Run this random script in the terminal to block Apple’s macOS Tahoe update notification spam [OSnews]

Are you not at all interested in upgrading to macOS Tahoe, and getting annoyed at the relentless notification spam from Apple trying to trick you into upgrading?

The secret? Using device management profiles, which let you enforce policies on Macs in your organization, even if that “organization” is one Mac on your desk. One of the available policies is the ability to block activities related to major macOS updates for up to 90 days at a time (the max the policy allows), which seems like exactly what I needed.

Not being anywhere near an expert on device profiles, I went looking to see what I could find, and stumbled on the Stop Tahoe Update project. The eventual goals of this project are quite impressive, but what they’ve done so far is exactly what I needed: A configuration profile that blocks Tahoe update activities for 90 days.
↫ Rob Griffiths

All you need to do is clone a random GitHub repository, set all its scripts to executable, generate two random UUIDs, insert those UUIDs into one of the scripts in the GitHub project folder you just cloned, run said script, open System Settings and go to Privacy & Security > Profiles, install the profile the script created, click install in two different dialogs, and now you have blocked Apple’s update notification spam! Well, for 90 days that is.

I honestly don’t understand how normal people are supposed to use macOS. The amount of weird terminal commands you need just to change basic settings is bewildering. macOS definitely isn’t ready for the desktop if they expect users to use the terminal for so many basic tasks. I’m glad I’m using Linux, where I don’t have to deal with the terminal at all.

21:28

The Windows 95 user interface: a case study in usability engineering [OSnews]

If this isn’t catnip to the average OSNews reader, I don’t know what is.

Windows 95 is a comprehensive upgrade to the Windows 3.1 and Windows for Workgroups 3.11 products. Many changes have been made in almost every area of Windows, with the user interface being no exception. This paper discusses the design team, its goals and process then explains how usability engineering principles such as iterative design and problem tracking were applied to the project, using specific design problems and their solutions as examples.
↫ Kent Sullivan

This case study was written in 1996 by Kent Sullivan, who joined the Windows 95 user interface team in 1992. I consider the second half of the ’90s as the heyday of user interface design, with Windows 9x, Apple’s Platinum in Mac OS 8 and 9, and BeOS’ Tracker/Deskbar as the absolute pinnacles of user interface design. Coincidentally, this also seems to mark the end of a more scientific, study-based approach to designing graphical user interfaces.

Reading through this particular case study for Windows 95 feels almost quaint. Where are the dozens of managers pushing for notification spam, upsells, and dark patterns to enable expensive data-hoarding services? Why are none of the people mentioned in the study talking about sneaky ways to secretly and silently convert your local account to an online account? Where are all the “AI” buttons? Why is there n chapter on how to trick people into enabling telemetry data?

The user interfaces of the late ’90s were the last ones designed by people who actually cared, by people who approached the whole process with the end user in mind, rooted in scientific data collected by simply looking at people use their ideas. They were optimised for the user as best they could, instead of being optimised for the company’s bottom line.

It’s been downhill ever since.

Bootc and OSTree: modernizing Linux system deployment [OSnews]

Bootc and OSTree represent a new way of thinking about Linux system deployment and management. Building on container and versioning concepts, they offer robust and modern solutions to meet the current needs of administrators and developers.
↫ Quentin Joly

Slowly, very slowly, I’ve been starting to warm up to the relatively new crop of immutable Linux distributions. As a heavy Fedora user, opting for Fedora’s atomic distributions, which use bootc and OSTree, seems like the logical path to go down if I ever made the switch, and this article provides some approachable insights and examples into how, exactly, it all works, and what benefits it might give you. It definitely goes beyond what I as a mere desktop user might encounter, but if you’re managing a bunch of servers or VMs in a more professional setting, you might be interested, too.

I’m still not convinced I need to switch to an immutable distribution, but I’d be lying if I said some of the benefits didn’t appeal to me.

19:56

The Best Things To Do in Seattle This Month: March 2026 [The Stranger]

Emerald City Comic Con, Taste Washington, and More

by EverOut Staff

Just when it seemed like winter would never end, March is swooping in with cherry blossoms and Daylight Saving Time. Whether you want to make up for all the time you've spent huddled under a blanket by spending time outdoors or you want to celebrate the holidays this month brings (including Women's History Month, St. Patrick's Day, and Holi), your options are plentiful. Below, we've compiled the biggest comedy shows, concerts, food events, and other great things to do, from Emerald City Comic Con to Taste Washington and from Miguel's CAOS Tour to Speaking of Seattle: Immigrant Rights Are Human Rights.

COMEDY

Morgan Jay: Goofy Guy Tour
Unless you’ve been living under a rock (or are just in saner corners of the algorithm), you’ve surely come across at least one “WHAT'S YOUR NAME BRO???” video. With autotune crowdwork now Morgan Jay’s claim to fame, it's easy to forget that deep down, he’s just a goofy guy. And his new tour is a chance to catch the LA-based performer truly in his prime. If you're only familiar with his short-form comedy, you’re in for a treat with this Friday the 13th headlining set. Be ready for wild setups, off-the-cuff musical bits, and beautifully timed pauses from the once familiar face on Wild ’N Out, Comedy Central, and NBC. TL;DR? Jay has tapped into an awkwardness that few comedians (or humans) could turn into an art form, and it should absolutely be experienced. LANGSTON THOMAS
Paramount Theatre, Downtown (Fri Mar 13)

19:07

Mike Gabriel: Debian Lomiri Tablets 2025-2027 - Project Report (Q3/2025) [Planet Debian]

Debian Lomiri for Debian 13 (previous project)

In our previous project around Debian and Lomiri (lasting until July 2025), we achieved to get Lomiri 0.5.0 (and with it another 130 packages) into Debian (with two minor exceptions [1]) just in time for the Debian 13 release in August 2025.

Debian Lomiri for Debian 14

At DebConf in Brest, a follow-up project has been designed between the project sponsor and Fre(i)e Software GmbH [2]. The new project (on paper) started on 1st August 2025 and project duration was agreed on to be 2 years, allowing our company to work with an equivalent of ~5 FTE on Lomiri targetting the Debian 14 release some time in the second half of 2027 (an assumed date, let's see what happens).

Ongoing work would be covered from day one of the new project and once all contract details had been properly put on paper end of September, Fre(i)e Software GmbH started hiring a new team of software developers and (future) Debian maintainers. (More of that new team in our next Q4/2025 report).

The ongoing work of Q3/2025 was basically Guido Berhörster and myself working on Morph Browser Qt6 (mostly Guido together with Bhushan from MiraLab [3]) and package maintenance in Debian (mostly me).

Morph Browser Qt6

The first milestone we could reach with the Qt6 porting of Morph Browser [4] and related components (LUITK aka lomiri-ui-toolkit (big chunk! [5]), lomiri-content-hub, lomiri-download-manager and a few other components) was reached on 21st Sep 2025 with an upload of Morph Browser 1.2.0~git20250813.1ca2aa7+dfsg-1~exp1 to Debian experimental and the Lomiri PPA [6]).

Preparation of Debian 13 Updates (still pending)

In background, various Lomiri updates for Debian 13 have been prepared during Q3/2025 (with a huge patchset), but publishing those to Debian 13 are still pending as tests are still not satisfying.

[1] lomiri-push-service and nuntium
[2] https://freiesoftware.gmbh
[3] https://miralab.one/
[4] https://gitlab.com/ubports/development/core/morph-browser/-/merge_reques... et al.
[5] https://gitlab.com/ubports/development/core/lomiri-ui-toolkit/-/merge_re... et al.
[6] https://launchpad.net/~lomiri

Daniel Baumann: Debian Fast Forward: An alternative backports repository [Planet Debian]

The Debian project releases a new stable version of its Linux distribution approximately every two years. During its life time, a stable release usually gets security updates only, but in general no feature updates.

For some packages it is desirable to get feature updates earlier than with the next stable release. Some new packages included in Debian after the initial release of a stable distribution are desirable for stable too.

Both use-cases can be solved by recompiling the newer version of a package from testing/unstable on stable (aka backporting). Packages are backported together with only the minimal amount of required build-depends or depends not already fulfilled in stable (if any), and without any changes unless required to fix building on stable (if needed).

There are official Debian Backports available, as well as several well-known unofficial backports repositories. I have been involved in one of these unofficial repositories since 2005 which subsequently turned 2010 into its own Debian derivative, mixing both backports and modified packages in one repository for simplicity.

Starting with the Debian 13 (trixie) release, the (otherwise unmodified) backports of this derivative have been split out from the derivative distribution into a separate repository. This way the backports are more accessible and useful for all interested Debian users too.

TL;DR: Debian Fast Forward - https://fastforward.debian.net

is an alternative Debian repository containing complementary backports from testing/unstable to stable

with packages organized in an opinionated, self-contained selection of coherent sets

supporting amd64, i386, and arm64 architectures

containing around 400 packages in trixie-fastforward-backports

with 1’800 uploads since July 2025

End user documentation about how to enable Debian Fast Forwards is available.

Have fun!

Immaculate Collection with Esther Rose [The Stranger]

Ahead of her upcoming PNW tour dates, I caught up with Esther Rose to hear all about her collection of vintage leather clothing. If you missed out on tickets to her sold-out show at the Sunset Tavern on March 3, fear not! You can still catch Esther Rose in Bellingham at the Shakedown the day after. by Audrey Vann

I first discovered Esther Rose in 2017 when she released her debut, This Time Last Night, an intimate country/folk album that feels like she’s playing for you around a campfire. Now on her fifth studio album, Want, the New Orleans native defies the expectations of what an Esther Rose album can be with bold indie rock arrangements and fuzzed-out guitars. As it’s depicted on the album’s cover, with a Rose in a gauzy white cotton dress beside a Rose in a black pleather catsuit, the album balances hard and soft, juxtaposing songs like the Liz Phair–esque track “Ketamine” with the stripped-down piano ballad “Color Wheel.” The album also includes “Scars,” a duet with Seattle-based troubadour Dean Johnson (no surprise, it’s absolutely beautiful). Ahead of her upcoming PNW tour dates, I caught up with Rose to hear all about her collection of "vintage leather clothin in all shapes."

If you missed out on tickets to her sold-out show at the Sunset Tavern on March 3, fear not! You can still catch Esther Rose in Bellingham at the Shakedown the day after.

Akasha Rabut

What was the first item you acquired in this collection?
When I was 28, I was gifted a hand-me-down cowboy jacket by a record label executive. It was mint 1950s red suede with fringe and patches. I thought it was kinda hideous, but it fit, so the first time I wore it was as a joke. But something sacred happened that night... an energetic switch turned ON. I became a believer in the power of vintage leather. I'm less interested in new leather, even if it's ethically and sustainably sourced, because I like the randomness of finding a one-of-a-kind item. It has to choose you.

Chris Acker

What is your favorite thing in your collection?
My high-waist motorcycle pants are perfect for tour. They always look stage-ready, and I never wash them—slightly gross yet very convenient.

Shelby Duncan

Tell me about an item you'd like to add to your collection or a new collection you'd like to start.
I would welcome a leather skirt or dress.

15:56

2022: "And while we were effectively silenced in the public debate, men do vote and that's a private thing."

15:07

Podcast: Why men hate the Dems. I tell my perspective of MeToo, and how that imho created enough anti-Dem energy to push Trump over the top. Polls won't tell you how the Dems got the rep of being the party run by women to cancel men, but I'm sure if we could cure that somehow, we could do everything we need to do to get American democracy working again. I did this in response to a Frum podcast where he and his guest conclude that the young folks are making a big mistake, they don't want the same old bullshit people coming back into power. Frum and Miller thought that the young men don't want was democracy, foolishly (I would agree) but there is real anger there, I know about it because I have it too. I still vote for Dems, but I also fear what happens if we snap back to the political correctness of Kirsten Gillibrand.

Another point -- I don't think any of us realize what an un-democratic US will be like. When the things that make us furious these days are just the normal way of the USA. I got that from listening to a New Yorker podcast yesterday about the Iranian perspective of what's happening (spoiler alert, since then the American war with Iran has started). They are so weary of the Islamic Revolution, they say and are right that Iran could be top 10 country, economically, except their government thinks this is the Middle Ages. They want to live in modernity, and they're probably the only ones who think a war with the US is a good idea. Because living in an autorcacy is unthinkable for Americans. We don't really appreciate what we're becoming. If we did, we still could do something about it. For us there will be no USA to save our asses (not that the US can save the Iranians, clearly we can't).

If you want to heal the country, watch out for ways you add division, and stop. It's probably the biggest power any of us has.

Neil Munro: Ningle Tutorial 15: Pagination, Part 2 [Planet Lisp]

BTW, I know Al Franken is an idiot. We're all idiots.

14:49

Introduction

Welcome back! We will be revisiting the pagination from last time, however we are going to try and make this easier on ourselves, I built a package for pagination mito-pager, the idea is that much of what we looked at in the last lesson was very boiler plate and repetitive so we should look at removing this.

I will say, my mito-pager can do a little more than just what I show here, it has two modes, you can use paginate-dao (named this way so that it is familiar to mito) to paginate over simple models, however, if you need to perform complex queries there is a macro with-pager that you can use to paginate. It is this second form we will use in this tutorial.

There is one thing to bear in mind, when using mito-pager, you must implement your data retrieval functions in such a way to return a values object, as mito-pager relies on this to work.

I encourge you to try the library out in other use-cases and, of course, if you have ideas, please let me know.

Changes

Most of our changes are quite limited in scope, really it's just our controllers and models that need most of the edits.

ningle-tutorial-project.asd

We need to add the mito-pager package to our project asd file.

- :ningle-auth)
+ :ningle-auth
+ :mito-pager)

src/controllers.lisp

Here is the real payoff! I almost dreaded writing the sheer volume of the change but then realised it's so simple, we only need to change our index function, and it may be better to delete it all and write our new simplified version.

(defun index (params)
  (let* ((user (gethash :user ningle:*session*))
         (req-page (or (parse-integer (or (ingle:get-param "page" params) "1") :junk-allowed t) 1))
         (req-limit (or (parse-integer (or (ingle:get-param "limit" params) "50") :junk-allowed t) 50)))
    (flet ((get-posts (limit offset) (ningle-tutorial-project/models:posts user :offset offset :limit limit)))
      (mito-pager:with-pager ((posts pager #'get-posts :page req-page :limit req-limit))
        (djula:render-template* "main/index.html" nil :title "Home" :user user :posts posts :pager pager)))))

This is much nicer, and in my opinion, the controller should be this simple.

src/main.lisp

We need to ensure we include the templates from mito-pager, this is a simple one line change.

 (defun start (&key (server :woo) (address "127.0.0.1") (port 8000))
    (djula:add-template-directory (asdf:system-relative-pathname :ningle-tutorial-project "src/templates/"))
+   (djula:add-template-directory (asdf:system-relative-pathname :mito-pager "src/templates/"))

src/models.lisp

As mentioned at the top of this tutorial, we have to implement our data retrieval functions in a certain way. While there are some changes here, we ultimately end up with less code.

We can start by removing the count parameter, we wont be needing it in this implementation, and since we don't need the count parameter anymore, the :around method can go too!

- (defgeneric posts (user &key offset limit count)
+ (defgeneric posts (user &key offset limit)
-
- (defmethod posts :around (user &key (offset 0) (limit 50) &allow-other-keys)
-   (let ((count (mito:count-dao 'post))
-         (offset (max 0 offset))
-         (limit (max 1 limit)))
-     (if (and (> count 0) (>= offset count))
-       (let* ((page-count (max 1 (ceiling count limit)))
-              (corrected-offset (* (1- page-count) limit)))
-         (posts user :offset corrected-offset :limit limit))
-       (call-next-method user :offset offset :limit limit :count count))))

There's two methods to look at, the first is when the type of user is user:

-
- (defmethod posts ((user user) &key offset limit count)
+ (defmethod posts ((user user) &key offset limit)
...
      (values
-         (mito:retrieve-by-sql sql :binds params)
-         count
-         offset)))
+         (mito:retrieve-by-sql sql :binds params)
+         (mito:count-dao 'post))))

The second is when the type of user is null:

-
- (defmethod posts ((user null) &key offset limit count)
+ (defmethod posts ((user null) &key offset limit)
...
    (values
-       (mito:retrieve-by-sql sql)
-       count
-       offset)))
+       (mito:retrieve-by-sql sql)
+       (mito:count-dao 'post))))

As you can see, all we are really doing is relying on mito to do the lions share of the work, right down to the count.

src/templates/main/index.html

The change here is quite simple, all we need to do is to change the path to the partial, we need to simply point to the partial provided by mito-pager.

- {% include "partials/pager.html" with url="/" title="Posts" %}
+ {% include "mito-pager/partials/pager.html" with url="/" title="Posts" %}

src/templates/partials/pagination.html

This one is easy, we can delete it! mito-pager provides its own template, and while you can override it (if you so wish), in this tutorial we do not need it anymore.

Conclusion

I hope you will agree that this time, using a prebuilt package takes a lot of the pain out of pagination. I don't like to dictate what developers should, or shouldn't use, so that's why last time you were given the same information I had, so if you wish to build your own library, you can, or if you want to focus on getting things done, you are more than welcome to use mine, and of course, if you find issues please do let me know!

Learning Outcomes

Level	Learning Outcome
Understand	Understand how third-party pagination libraries like `mito-pager` abstract boilerplate pagination logic, and how `with-pager` expects a fetch function returning `(values items count)` to handle page clamping, offset calculation, and boundary correction automatically.
Apply	Apply `flet` to define a local adapter function that bridges the project's `posts` generic function with `mito-pager`'s expected `(lambda (limit offset) ...)` interface, and use `with-pager` to reduce controller complexity to its essential logic.
Analyse	Analyse what responsibilities were transferred from the manual pagination implementation to `mito-pager` — count caching, boundary checking, offset calculation, page correction, and range generation — contrasting the complexity of both approaches.
Create	Refactor a manual pagination implementation to use `mito-pager` by simplifying model methods to return `(values items count)`, replacing complex multi-step controller calculations with `with-pager`, and delegating the pagination template partial to the library.

Github

The link for the custom pagination part of the tutorials code is available here.

Common Lisp HyperSpec

Symbol	Type	Why it appears in this lesson	CLHS
`defpackage`	Macro	Define project packages like `ningle-tutorial-project/models`, `/forms`, `/controllers`.	http://www.lispworks.com/documentation/HyperSpec/Body/m_defpac.htm
`in-package`	Macro	Enter each package before defining models, controllers, and functions.	http://www.lispworks.com/documentation/HyperSpec/Body/m_in_pkg.htm
`defgeneric`	Macro	Define the simplified generic `posts` function signature with keyword parameters `offset` and `limit` (the `count` parameter is removed).	http://www.lispworks.com/documentation/HyperSpec/Body/m_defgen.htm
`defmethod`	Macro	Implement the simplified `posts` methods for `user` and `null` types (the `:around` validation method is removed).	http://www.lispworks.com/documentation/HyperSpec/Body/m_defmet.htm
`flet`	Special Operator	Define the local `get-posts` adapter function that wraps `posts` to match `mito-pager`'s expected `(lambda (limit offset) ...)` interface.	http://www.lispworks.com/documentation/HyperSpec/Body/s_flet_.htm
`let*`	Special Operator	Sequentially bind `user`, `req-page`, and `req-limit` in the controller where each value is used in subsequent bindings.	http://www.lispworks.com/documentation/HyperSpec/Body/s_let_l.htm
`or`	Macro	Provide fallback values when parsing `page` and `limit` parameters, defaulting to 1 and 50 respectively.	http://www.lispworks.com/documentation/HyperSpec/Body/m_or.htm
`multiple-value-bind`	Macro	Capture the SQL string and bind parameters returned by `sxql:yield` in the model methods.	http://www.lispworks.com/documentation/HyperSpec/Body/m_multip.htm
`values`	Function	Return two values from `posts` methods — the list of results and the total count — as required by `mito-pager:with-pager`.	http://www.lispworks.com/documentation/HyperSpec/Body/a_values.htm
`parse-integer`	Function	Convert string query parameters (`"1"`, `"50"`) to integers, with `:junk-allowed t` for safe parsing.	http://www.lispworks.com/documentation/HyperSpec/Body/f_parse_.htm

12:35

Who is the Kimwolf Botmaster “Dort”? [Krebs on Security]

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home. This post examines what is knowable about Dort based on public information.

A public “dox” created in 2020 asserted Dort was a teenager from Canada (DOB August 2003) who used the aliases “CPacket” and “M1ce.” A search on the username CPacket at the open source intelligence platform OSINT Industries finds a GitHub account under the names Dort and CPacket that was created in 2017 using the email address jay.miner232@gmail.com.

Image: osint.industries.

The cyber intelligence firm Intel 471 says jay.miner232@gmail.com was used between 2015 and 2019 to create accounts at multiple cybercrime forums, including Nulled (username “Uubuntuu”) and Cracked (user “Dorted”); Intel 471 reports that both of these accounts were created from the same Internet address at Rogers Canada (99.241.112.24).

Dort was an extremely active player in the Microsoft game Minecraft who gained notoriety for their “Dortware” software that helped players cheat. But somewhere along the way, Dort graduated from hacking Minecraft games to enabling far more serious crimes.

Dort also used the nickname DortDev, an identity that was active in March 2022 on the chat server for the prolific cybercrime group known as LAPSUS$. Dort peddled a service for registering temporary email addresses, as well as “Dortsolver,” code that could bypass various CAPTCHA services designed to prevent automated account abuse. Both of these offerings were advertised in 2022 on SIM Land, a Telegram channel dedicated to SIM-swapping and account takeover activity.

The cyber intelligence firm Flashpoint indexed 2022 posts on SIM Land by Dort that show this person developed the disposable email and CAPTCHA bypass services with the help of another hacker who went by the handle “Qoft.”

“I legit just work with Jacob,” Qoft said in 2022 in reply to another user, referring to their exclusive business partner Dort. In the same conversation, Qoft bragged that the two had stolen more than $250,000 worth of Microsoft Xbox Game Pass accounts by developing a program that mass-created Game Pass identities using stolen payment card data.

Who is the Jacob that Qoft referred to as their business partner? The breach tracking service Constella Intelligence finds the password used by jay.miner232@gmail.com was reused by just one other email address: jacobbutler803@gmail.com. Recall that the 2020 dox of Dort said their date of birth was August 2003 (8/03).

Searching this email address at DomainTools.com reveals it was used in 2015 to register several Minecraft-themed domains, all assigned to a Jacob Butler in Ottawa, Canada and to the Ottawa phone number 613-909-9727.

Constella Intelligence finds jacobbutler803@gmail.com was used to register an account on the hacker forum Nulled in 2016, as well as the account name “M1CE” on Minecraft. Pivoting off the password used by their Nulled account shows it was shared by the email addresses j.a.y.m.iner232@gmail.com and jbutl3@ocdsb.ca, the latter being an address at a domain for the Ottawa-Carelton District School Board.

Data indexed by the breach tracking service Spycloud suggests that at one point Jacob Butler shared a computer with his mother and a sibling, which might explain why their email accounts were connected to the password “jacobsplugs.” Neither Jacob nor any of the other Butler household members responded to requests for comment.

The open source intelligence service Epieos finds jacobbutler803@gmail.com created the GitHub account “MemeClient.” Meanwhile, Flashpoint indexed a deleted anonymous Pastebin.com post from 2017 declaring that MemeClient was the creation of a user named CPacket — one of Dort’s early monikers.

Why is Dort so mad? On January 2, KrebsOnSecurity published The Kimwolf Botnet is Stalking Your Local Network, which explored research into the botnet by Benjamin Brundage, founder of the proxy tracking service Synthient. Brundage figured out that the Kimwolf botmasters were exploiting a little-known weakness in residential proxy services to infect poorly-defended devices — like TV boxes and digital photo frames — plugged into the internal, private networks of proxy endpoints.

By the time that story went live, most of the vulnerable proxy providers had been notified by Brundage and had fixed the weaknesses in their systems. That vulnerability remediation process massively slowed Kimwolf’s ability to spread, and within hours of the story’s publication Dort created a Discord server in my name that began publishing personal information about and violent threats against Brundage, Yours Truly, and others.

Dort and friends incriminating themselves by planning swatting attacks in a public Discord server.

Last week, Dort and friends used that same Discord server (then named “Krebs’s Koinbase Kallers”) to threaten a swatting attack against Brundage, again posting his home address and personal information. Brundage told KrebsOnSecurity that local police officers subsequently visited his home in response to a swatting hoax which occurred around the same time that another member of the server posted a door emoji and taunted Brundage further.

Dort, using the alias “Meow,” taunts Synthient founder Ben Brundage with a picture of a door.

Someone on the server then linked to a cringeworthy (and NSFW) new Soundcloud diss track recorded by the user DortDev that included a stickied message from Dort saying, “Ur dead nigga. u better watch ur fucking back. sleep with one eye open. bitch.”

“It’s a pretty hefty penny for a new front door,” the diss track intoned. “If his head doesn’t get blown off by SWAT officers. What’s it like not having a front door?”

With any luck, Dort will soon be able to tell us all exactly what it’s like.

Update, 10:29 a.m.: Jacob Butler responded to requests for comment, speaking with KrebsOnSecurity briefly via telephone. Butler said he didn’t notice earlier requests for comment because he hasn’t really been online since 2021, after his home was swatted multiple times. He acknowledged making and distributing a Minecraft cheat long ago, but said he hasn’t played the game in years and was not involved in Dortsolver or any other activity attributed to the Dort nickname after 2021.

“It was a really old cheat and I don’t remember the name of it,” Butler said of his Minecraft modification. “I’m very stressed, man. I don’t know if people are going to swat me again or what. After that, I pretty much walked away from everything, logged off and said fuck that. I don’t go online anymore. I don’t know why people would still be going after me, to be completely honest.”

When asked what he does for a living, Butler said he mostly stays home and helps his mom around the house because he struggles with autism and social interaction. He maintains that someone must have compromised one or more of his old accounts and is impersonating him online as Dort.

“Someone is actually probably impersonating me, and now I’m really worried,” Butler said. “This is making me relive everything.”

But there are issues with Butler’s timeline. For example, Jacob’s voice in our phone conversation was remarkably similar to the Jacob/Dort whose voice can be heard in this Sept. 2022 Clash of Code competition between Dort and another coder (Dort lost). At around 6 minutes and 10 seconds into the recording, Dort launches into a cursing tirade that mirrors the stream of profanity in the diss rap that Dortdev posted threatening Brundage. Dort can be heard again at around 16 minutes; at around 26:00, Dort threatens to swat his opponent.

Butler said the voice of Dort is not his, exactly, but rather that of an impersonator who had likely cloned his voice.

“I would like to clarify that was absolutely not me,” Butler said. “There must be someone using a voice changer. Or something of the sorts. Because people were cloning my voice before and sending audio clips of ‘me’ saying outrageous stuff.”

11:49

Pluralistic: California can stop Larry Ellison from buying Warners (28 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

California can stop Larry Ellison from buying Warners: These are the right states' rights.
Hey look at this: Delights to delectate.
Object permanence: RIP Octavia Butler; "Midnighters"; Freeman Dyson on "The Information"; Korean Little Brother filibuster; Privacy isn't property; With Great Power Came No Responsibility; Unsellable A-holes; Cardboard Cthulhu; Chinese map fuzzing.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

California can stop Larry Ellison from buying Warners (permalink)

For months, the hottest will-they/won't-they drama in Hollywood concerned the suitors for Warners, up for sale again after being bought, merged, looted and wrecked by the eminently guillotineable David Zaslav:

https://www.youtube.com/watch?v=izC9o3LhnVk

From the start, it was clear that Warners would be sucked dry and discarded, but the Trump 2024 election turned the looting of Warners' corpse into a high-stakes political drama.

On the one hand, you had Netflix, who wanted to buy Warners and use them to make good movies, but also to kill off movie theaters forever by blocking theatrical distribution of Warners' products.

On the other hand, you had Paramount, owned by the spray-tan cured tech billionaire jerky Larry Ellison, though everyone is supposed to pretend that Ellison's do-nothing/know-nothing/amounts-to-nothing son Billy (or whatever who cares) Ellison is running the show.

Ellison's plan was to buy Warners and fold it into the oligarchic media capture project that's seen Ellison replace the head of CBS with the tedious mediocrity Bari Weiss:

https://www.wnycstudios.org/podcasts/otm/articles/the-centurylong-capture-of-us-media

This is a multi-pronged media takeover that includes Jeff Bezos neutering the Washington Post, Elon Musk turning Twitter into a Nazi bar, and Trump stealing Tiktok and giving it to Larry Ellison. If Ellison gains control over Warners, you can add CNN to the nonsense factory.

But for a while there, it looked like the Ellisons would lose the bidding. Little Timmy (or whatever who cares) Ellison only has whatever money his dad parks in his bank account for tax purposes, and Larry Ellison is so mired in debt that one margin call could cost him his company, his fighter jet, and his Hawaiian version of Little St James Island.

Warners' board may not give a shit about making good media or telling the truth or staving off fascism, but they do want to get paid, and Netflix has money in the bank, whereas Ellison only has the bank's money (for now).

But last week, the dam broke: Warners' board indicated they'd take Paramount's offer, and Netflix withdrew their offer, and so that's that, right? It's not like Trump's FTC is going to actually block this radioactively illegal merger, despite the catastrophic corporate consolidation that would result, with terrible consequences for workers, audiences, theaters, cable operators and the entire supply chain.

Not so fast! The Clayton Act – which bars this kind of merger – is designed to be enforced by the feds, state governments, and private parties. That means that California AG Rob Bonta can step in to block this merger, which he's getting ready to do:

https://prospect.org/2026/02/27/states-can-block-paramount-warner-deal/

As David Dayen writes in The American Prospect, state AGs block mergers all the time, even when the feds decline to step in – just a couple years ago, Washington state killed the Kroger/Albertsons merger.

The fact that antitrust laws can be enforced at the state level is a genius piece of policy design. As the old joke goes, "AG" stands for "aspiring governor," and the fact that state AGs can step in to rescue their voters from do-nothing political hacks in Washington is catnip for our nation's attorneys general.

Bonta is definitely feeling his oats: he's also going after Amazon for price-fixing, picking up a cause that Trump dropped after Jeff Bezos ordered the Washington Post to cancel its endorsement of Kamala Harris, paid a million bucks to sit on the inaugural dais, millions more to fund the White House Epstein Memorial Ballroom and $40m more to make an unwatchable turkey of a movie about Melania Trump.

Can you imagine how stupid Bezos is going to feel when all of his bribes to Trump cash out to nothing after Rob Bonta publishes Amazon's damning internal memos and then fines the company a gazillion dollars?

It's a testament to the power of designing laws so they can be enforced by multiple parties. And as cool as it is to have a law that state AGs can enforce, it's way cooler to have a law that can be enforced by members of the public.

This is called a "private right of action" – the thing that lets impact litigation shops like Planned Parenthood, EFF, and the ACLU sue over violations of the public's rights. The business lobby hates the private right of action, because they think (correctly) that they can buy off enough regulators and enforcers to let them get away with murder (often literally), but they know they can't buy off every impact litigation shop and every member of the no-win/no-fee bar.

For decades, corporate America has tried to abolish the public's right to sue companies under any circumstances. That's why so many terms of service now feature "binding arbitration waivers" that deny you access to the courts, no matter how badly you are injured:

https://pluralistic.net/2025/10/27/shit-shack/#binding-arbitration

But long before Antonin Scalia made it legal to cram binding arbitration down your throat, corporate America was pumping out propaganda for "tort reform," spreading the story that greedy lawyers were ginning up baseless legal threats to extort settlements from hardworking entrepreneurs. These stories are 99.9% bullshit, including urban legends like the "McDonald's hot coffee" lawsuit:

https://pluralistic.net/2022/06/12/hot-coffee/#mcgeico

Ever since Reagan, corporate America has been on a 45-year winning streak. Nothing epitomizes the arrogance of these monsters more than the GW Bush administration's sneering references to "the reality-based community":

We're an empire now, and when we act, we create our own reality. And while you're studying that reality – judiciously, as you will – we'll act again, creating other new realities, which you can study too, and that's how things will sort out. We're history's actors…and you, all of you, will be left to just study what we do.

https://en.wikipedia.org/wiki/Reality-based_community

Giving Ellison, Bezos and Musk control over our media seems like the triumph of billionaires' efforts to "create their own reality," and indeed, for years, they've been able to gin up national panics over nothingburgers like "trans ideology," "woke" and "the immigration crisis."

But just lately, that reality-creation machine has started to break down. Despite taking over the press, locking every reality-based reporter out of the White House, and getting Musk, Zuck and Ellison to paint their algorithms spray-tan orange, people just fucking hate Trump. He is underwater on every single issue:

https://www.gelliottmorris.com/p/ahead-of-state-of-the-union-address

Despite the full-court press – from both the Dem and the GOP establishment – to deny the genocide in Gaza and paint anyone (especially Jews like me) who condemn the slaughter as "antisemites," Americans condemn Israel and are fully in the tank for Palestinians:

https://news.gallup.com/poll/702440/israelis-no-longer-ahead-americans-middle-east-sympathies.aspx

Despite throwing massive subsidies at coal and tying every available millstone around renewables' ankles before throwing all the solar panels and windmills into the sea, renewables are growing and – to Trump's great chagrin – oil companies can't find anyone to loan them the money they need to steal Venezuela's oil:

https://kschroeder.substack.com/p/earning-optimism-in-2026

Reality turns out to be surprisingly stubborn, and what's more, it has a pronounced left-wing bias. Putting little Huey (or whatever who cares) Ellison in charge of Warners will be bad news for the news, for media, for movies and TV, and for my neighbors in Burbank. But when it comes to shaping the media, Freddy (or whatever who cares) Ellison will continue to eat shit.

Hey look at this (permalink)

Newspapers Did Not Kill Themselves https://prospect.org/2026/02/26/newspapers-did-not-kill-themselves-jeffrey-epstein-mort-zuckerman-daily-news/
Democrats Should Launch a “Nuremberg Caucus” to Investigate the Crimes of the Trump Regime https://www.thenation.com/article/politics/democrats-nuremberg-caucus-trump-administration-crimes/
Two-thirds of Americans want term limits for Supreme Court justices https://www.gelliottmorris.com/p/two-thirds-of-americans-want-term
On the Democratic Party Style https://coreyrobin.com/2026/02/26/on-the-democratic-party-style/
Hannah Spencer gives DEFIANT victory speech as she wins Gorton & Denton for the Greens https://www.youtube.com/watch?v=KrzLQ294guI&t=473s

Object permanence (permalink)

#25yrsago Mormon guide to overcoming masturbation https://web.archive.org/web/20071011023731/http://www.qrd.org/qrd/religion/judeochristian/protestantism/mormon/mormon-masturbation

#20yrsago Midnighters: YA horror trilogy mixes Lovecraft with adventure https://memex.craphound.com/2006/02/26/midnighters-ya-horror-trilogy-mixes-lovecraft-with-adventure/

#20yrsago RIP, Octavia Butler https://darkush.blogspot.com/2006/02/octavia-butler-died-saturday.html

#20yrsago Disney hiring “Intelligence Analyst” to review “open source media” https://web.archive.org/web/20060303165009/http://www.defensetech.org/archives/002199.html

#20yrsago MPAA exec can’t sell A-hole proposal to tech companies https://web.archive.org/web/20060325013506/http://lawgeek.typepad.com/lawgeek/2006/02/variety_mpaa_ca.html

#15yrsago Why are America’s largest corporations paying no tax? https://web.archive.org/web/20110226160552/https://thinkprogress.org/2011/02/26/main-street-tax-cheats/

#15yrsago Articulated cardboard Cthulhu https://web.archive.org/web/20110522204427/http://www.strode-college.ac.uk/teaching_teams/cardboard_catwalk/285

#15yrsago Freeman Dyson reviews Gleick’s book on information theory https://www.nybooks.com/articles/2011/03/10/how-we-know/?pagination=false

#15yrsago 3D printing with mashed potatatoes https://www.fabbaloo.com/2011/02/3d-printing-potatoes-with-the-rapman-html

#15yrsago TVOntario’s online archive, including Prisoners of Gravity! https://web.archive.org/web/20110226021403/https://archive.tvo.org/

#10yrsago _applyChinaLocationShift: In China, national security means that all the maps are wrong https://web.archive.org/web/20160227145529/http://www.travelandleisure.com/articles/digital-maps-skewed-china

#10yrsago Teaching kids about copyright: schools and fair use https://www.youtube.com/watch?v=hzqNKQbWTWc

#10yrsago Ghostwriter: Trump didn’t write “Art of the Deal,” he read it https://web.archive.org/web/20160229034618/http://www.deathandtaxesmag.com/264591/donald-trump-didnt-write-art-deal-tony-schwartz/

#10yrsago The biggest abortion lie of all: “They do it for the money” https://www.bloomberg.com/features/2016-abortion-business/

#10yrsago NHS junior doctors show kids what they do, kids demand better of Jeremy Hunt https://juniorjuniordoctors.tumblr.com/

#10yrsago Nissan yanks remote-access Leaf app — 4+ weeks after researchers report critical flaw https://www.theverge.com/2016/2/25/11116724/nissan-nissanconnect-app-hack-offline

#10yrsago Think you’re entitled to compensation after being wrongfully imprisoned in California? Nope. https://web.archive.org/web/20160229013042/http://modernluxury.com/san-francisco/story/the-crazy-injustice-of-denying-exonerated-prisoners-compensation

#10yrsago BC town votes to install imaginary GPS trackers in criminals https://web.archive.org/web/20160227114334/https://motherboard.vice.com/read/canadian-city-plans-to-track-offenders-with-technology-that-doesnt-even-exist-gps-implant-williams-lake

#10yrsago New Zealand’s Prime Minister: I’ll stay in TPP’s economic suicide-pact even if the USA pulls out https://www.techdirt.com/2016/02/26/new-zealand-says-laws-to-implement-tpp-will-be-passed-now-despite-us-uncertainties-wont-be-rolled-back-even-if-tpp-fails/

#10yrsago South Korean lawmakers stage filibuster to protest “anti-terror” bill, read from Little Brother https://memex.craphound.com/2016/02/26/south-korean-lawmakers-stage-filibuster-to-protest-anti-terror-bill-read-from-little-brother/

#5yrsago Privacy is not property https://pluralistic.net/2021/02/26/meaningful-zombies/#luxury-goods

#1yrago With Great Power Came No Responsibility https://pluralistic.net/2025/02/26/ursula-franklin/#franklinite

Upcoming appearances (permalink)

Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1022 words today, 40256 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

11:21

CURRENT Events [The Non-Adventures of Wonderella]

There's a Bitcoin joke here if I knew enough about Bitcoin to make one.

10:21

How to win a bidding war [Seth's Blog]

Pundits are saying that Netflix “lost” the bidding for Warner.

Actually, they won. They didn’t just win because they got a nearly $3 billion breakup fee.

They won because in just about every contentious public auction, the winner is the one who is willing to overpay the most.

The best way to win a bidding war is to not bid.

09:35

Irregular Webcomic! #3050 [Irregular Webcomic!]

Irregular Webcomic! #3050

02:49

Pop Loser: This Week in Music News [The Stranger]

This week's music news. by Audrey Vann

The 2026 Capitol Hill Block Party lineup is here. This year’s lineup dives back into the pop sphere with gems like MUNA, Magdalena Bay, Wet Leg, and Parcels, plus DJ sets from Trixie Mattel and Tinashe. The festival will once again be 21+ in an effort, according to Daydream State, to “[optimize] the footprint across the Pike/Pine corridor to deliver an elevated fan experience while supporting neighborhood flow and local businesses,” aka hopefully avoid Chappell Roan–sized crowds. (I was there, and I was afraid for my life—can someone please make commemorative shirts that say “I Survived Chappell Roan at CHBP 2024?”)

The ZooTunes lineup has also dropped, and it’s really good this year. Highlights include Pavement, the Breeders (with Team Dresch!), and Belle and Sebastian, celebrating the 30th anniversary of If You’re Feeling Sinister with Quasi. See the full lineup over on the ZooTunes website.

Pioneering French electronic musician Éliane Radigue has died at 94. Known for reinventing the synthesizer through “meditative and feedback-drenched sonic explorations” (the Guardian), Radigue released over two dozen albums in her lifetime that pushed the boundaries of what music can be. The best way I could describe her sound is like holding your ear up to a seashell (which there happens to be a beautiful image of her doing). Her 1986 ambient composition, Jetsun Mila, remains one of my favorite things to listen to while I write.

RIP Willie Colón and Lil Poppa. On Saturday, family confirmed that pioneering salsa trombonist Willie Colón died at the age of 75. Along with his 40-plus-album discography, he was also known for musical partnerships with artists ranging from Celia Cruz to David Byrne. Jacksonville rapper Lil Poppa died by suicide on Thursday at 25. The young artist began making music at 7 years old, writing religious raps for his church before pivoting to secular music, which led to his breakthrough single “Purple Hearts” at just 18.

LEAVE LIZA ALONE! While promoting her new memoir, Kids, Wait Till You Hear This!, legend, icon, and my president Liza Minnelli has claimed that the Academy “inexplicably ordered” her to sit in a wheelchair at her 2022 Oscars appearance with Lady Gaga. She told Variety, “I was told it was because of my age, and for safety reasons, because I might slip out of the director’s chair, which was bullshit. I will not be treated this way, I said. I was heartbroken. I was much lower down than I would have been in the director’s chair. Now I couldn’t easily read the teleprompter above me.”

Bad Bunny represents the USA better than the president, survey finds. A recent poll, conducted by Yahoo! and YouGov after the Super Bowl, found that more Americans feel better represented by the Puerto Rican star than the president. What is surprising is that slightly more participants identified themselves as Republicans than Democrats.

Did you watch Alysa Liu’s free skate!? I have watched it at least 15 times with tears streaming down my face. The 20-year-old team USA figure skater won a gold medal with her joyful performance to Donna Summer’s “MacArthur Park.”

00:28

Erasing Gates [The Stranger]

In light of the Epstein files, should Bill Gates' name be on a building at University of Washington? by Marcus Harrison Green

There's a specific kind of lie that powerful men tell when the walls start closing in: the minimizing lie, the "it wasn't what it looked like" lie, the "I was barely there" lie. Bill Gates tried that last one earlier this month, insisting his relationship with convicted child sex offender Jeffrey Epstein was limited to dinners.

"It's factually true that I was only at dinners," Gates said. He claimed he "never met any women." The Epstein Files just proved otherwise—young women were present, and there are photos. According to some, no amount of philanthropic goodwill should erase that.

But in Seattle, philanthropic goodwill has erased a lot. A name on a building is a command: suspend memory, smooth the sharp edges, turn biography into infrastructure, and controversy into cornerstone. It dares you to forget that the name above the door still belongs to someone who breathes, errs, and benefits from the power that placed it there.

For years at the University of Washington, the Gates name has been exactly that: civic wallpaper. It crowns the Bill and Melinda Gates Center for Computer Science and Engineering in large letters, like a title for the simple story this city tells itself. Local boy becomes tech titan, tech titan becomes global humanitarian, city becomes beneficiary. Clean. Uncomplicated. Unquestioned. In the wake of the Epstein files, one 22-year-old journalism student couldn't let that story go unchallenged.

Last week, UW student Jaya Parsons published an op-ed in The Daily, the university's student newspaper, calling for Gates' name to be removed from campus buildings. The headline was unambiguous—Bill Gates is in the Epstein files. UW should take his name off its buildings in response—and the message pointed.

Gates' repeated appearances in the files, coupled with his admitted meetings with Epstein after Epstein's 2008 conviction for soliciting a minor, were "more than enough to make anyone uncomfortable to see Gates' name on their way to class." Parsons walked by the Bill and Melinda Gates Center everyday.

The column landed like a match in dry grass because it named something that has been hovering at the edge of Seattle's civic life for years: the quiet bargain institutions make when a benefactor becomes too big to criticize.

"I definitely did not expect as many people to see it as people did," Parsons told me over Zoom.

Classmates and professors thanked her for saying what they had been thinking, a surprise.

"I hadn’t really heard people talk about it," she said. "So I wanted to at least let people know that this is something that could be happening and maybe we should pay attention to it."

UW did not respond to her two requests for comment.

She wasn't expecting demolition orders, just acknowledgement. "I mostly just wanted to hear why these buildings are named after him, and what we think about seeing his name every day."

The university didn’t respond to The Stranger either.

Silence, in moments like this, becomes its own posture.

Gates has not been accused of criminal conduct by any of Epstein's victims. But his explanations have shifted, narrowed, and widened again under pressure. Gates has buckled, if only a little. This week, in a town hall with Gates Foundation staff, he called his relationship with Epstein a "huge mistake," and apologized to employees for bringing foundation executives into contact with Epstein. But still he insisted "I did nothing illicit. I saw nothing illicit."

The problem is not that Gates has been charged with a crime. It’s that new disclosures are overtaking his lies: meetings around the globe, flights on Epstein's plane, the presence of young women at gatherings, and evolving acknowledgments about the scope of their contact. What was once framed as peripheral now appears more sustained, like a relationship between two fabulously wealthy men. What was described as trivial now reads as misjudged at best.

"If these buildings around campus were called the 'Jeffrey Epstein Library,'" Parsons wrote in The Daily, "they'd have hopefully been changed long ago."

But we treat proximity to harm differently when the proximity comes with billions attached. Money is like duct tape over the mouth.

As of 2017, the Bill & Melinda Gates Foundation had awarded UW more than 250 grants totaling nearly $1.25 billion. This philanthropy has been woven so deeply into the institution's financial and research infrastructure that the prospect of removing Gates' name is not simply a reputational concern. It is a reckoning with dependency.

It is easier to leave the letters in place when Trump is a threat to higher education funding and the university has already faced layoffs tied to budget shortfalls. Staying in the good graces of a “good billionaire” is security.

Tim Schwab, author of The Bill Gates Problem: Reckoning with the Myth of the Good Billionaire, has long argued that Gates’ philanthropy has discouraged scrutiny.

If this were only a matter of reputation, it would be confined to op-eds and campus debates. But the Gates Foundation is not merely a personal vehicle for his generosity; it is an $86 billion institution operating under a tax-advantaged status that effectively subsidizes its power with public dollars. That scale alone raises regulatory questions, precisely because philanthropy, as currently structured, enjoys massive public subsidy with comparatively minimal democratic oversight. But they’re not actually above scrutiny, legal or otherwise.

So the question becomes: does anyone actually have the authority to hold it accountable? When I asked Washington Attorney General Nick Brown's office, Deputy Communications Director Mike Faulk responded bluntly:

“We don’t speculate about our decision-making regarding any potential investigatory matters… If the question is just whether we have the authority to investigate nonprofits and charities, the answer is yes, state law does give us that kind of authority.”

At UW, naming decisions sit with the Board of Regents, and policy allows for reconsideration in certain circumstances. Parsons doesn’t believe they’ll do anything.

But she rejects the idea that raising the question is trivial or performative. "I think there's nothing wrong with caring about something like this. That's not some waste of time."

For her, the point is not immediate victory; it is civic muscle. Universities are places where people are supposed to question power, not rehearse deference to it. Even if the name never comes down, she argues, asking why it’s there, and whether it still reflects the institution’s values, is exactly the kind of scrutiny higher education claims to teach.

Friday, 27 February

23:42

Windows Server Insider builds can now boot from ReFS [OSnews]

The file system of the Windows operating system is NTFS, whether you’re running it on a desktop/laptop or server. It’s the only file system Windows can run on and boot from, at least officially, so you’re not even given a choice of file systems for the boot volume like you are on, say, desktop Linux. That’s about to change, though: Microsoft has finally announced that Windows Server will be able to boot from ReFS.

We’re excited to announce that Resilient File System (ReFS) boot support is now available for Windows Server Insiders in Insider Preview builds. For the first time, you can install and boot Windows Server on an ReFS-formatted boot volume directly through the setup UI. With ReFS boot, you can finally bring modern resilience, scalability, and performance to your server’s most critical volume — the OS boot volume.
↫ chcurlet-msft at Microsoft’s Tech Community

Without diving too much into the weeds, ReFS can roughly be seen as Microsoft’s answer to modern file systems like ZFS and Btrfs, with comparable design goals and feature sets. It’s been around since 2012, but only for Windows Server, and with every Windows Server release since, the company has improved performance, added new features, and fixed bugs. Now, in 2026, it seems Microsoft thinks ReFS is ready to be used as a bootable file system for Windows Server.

If you want to try this for yourself, you need to be a Windows Insider and make sure you have Windows Server build 29531.1000.260206-1841 or newer. During installation, the Windows installer will ask you to choose between NTFS and ReFS; the rest of the installation process will be pretty much the same as before. Now all we need is to wait for ReFS to become an option on client versions of Windows too, which would mark – arguably – only the second time in history Windows transitioned from one default filesystem to the another.

Councilmember Kettle Insists Surveillance Tech Is Safe [The Stranger]

Let’s set the record straight on Mr. Kettle's claims. by Micah Yip

Councilmember Bob Kettle wanted to dispel “misconceptions” about Seattle’s surveillance program. Ahead of Tuesday’s Public Safety Committee meeting, which he chairs, Kettle issued a press release arguing that tools like CCTV cameras, automatic license plate readers (ALPRs) and the Real-Time Crime Center (RTCC) are an effective crime deterrent that doesn’t jeopardize vulnerable populations as severely as has been reported.

In his release, he argued that the “implementation of ALPR, CCTV and RTCC technology in Seattle is not a choice between public safety and personal privacy—it is a smart and responsive commitment to both.” His argument was a bizarre combination of misdirects (claiming we’re safe because we don’t use Flock-brand cameras for our license plate readers), irrelevant details (assuring Seattleites that cops aren’t watching all of the cameras at all times) and anecdotal evidence (arguing that CCTV cameras reduce crime, based on vibes).

This stunt comes amid public outcry against surveillance technology. Community members and advocacy groups worry that surveillance data can leave marginalized communities vulnerable to federal tracking. And their concerns aren’t theoretical—in Washington state and across the country, federal authorities have accessed local surveillance data, raising questions about how much protections local guardrails actually provide.

So let’s set the record straight on his four claims.

Deterring Violent Crime

When we talk about CCTV cameras, researchers most commonly cite a 40-year systematic review by CUNY that found no evidence that CCTV cameras reduce violent crime. But in his press release, Kettle wanted his constituents to focus on another line in the study, which said the results support the use of cameras to deter (non-violent) crime. “It can help address property crime and has always been intended to help with a variety of crimes beyond violent crime,” he wrote.”

However, at the Tuesday press conference, Kettle doubled down on the idea that the program could still deter violent crime. He gave an example of a recent shooting at Second Avenue and James Street. Using surveillance footage, police were able to quickly identify and apprehend a suspect, said Kettle.

You may notice that that’s an example of footage used in solving a crime, not deterring it.

But according to Kettle’s logic, being able to rapidly identify and arrest suspects prevents future crimes by removing repeat offenders from the streets. “If somebody is so blatant to shoot someone in the back of the head, they may have done some other crimes,” he said.

When asked again what evidence Kettle has that Seattle’s CCTV deters violent crime before it happens, Kettle acknowledged the city hasn’t yet completed its formal evaluation, which is currently in progress by the University of Pennsylvania. But he still doubled down on his argument that the cameras are a deterrent, because if bad actors know they’re being watched, their operations will be disrupted and delayed, allowing local authorities more time to investigate and apprehend. What evidence does Kettle have of that? “I believe it to be true based on anecdotal,” he said.

But It’s Not Flock!

He’s right. Seattle doesn’t contract with Flock, the notoriously fed-friendly tech vendor. But we do have our own automatic license plate readers (ALPRs), provided by a surveillance company called Axon. And according to Tee Sannon, ACLU of Washington’s technology policy program director, there are no laws in Washington state that govern ALPRs.

The State Senate is currently considering Senate Bill 6002, which would regulate how jurisdictions in Washington handle ALPR data. It would create a 21 day retention period, meaning after 21 days, the data would be deleted, unless it had been pulled within that time frame for an investigation. The 21-day-retention schedule isn’t much of a reform, as jurisdictions in Washington generally stick to a 30 day time limit. Seattle’s is much longer—the Seattle Police Department keeps ALPR data for 90 days. “Thirty days is a very long time to keep basically a database of almost entirely [data of] people that are not associated with wrongdoing,” Sannon says.

ACLU-WA (and Kettle) both support the bill.

Surveillance Data Isn’t Safe From the Feds

In his press release, Kettle specifically focused on the argument that surveillance data might be insecure because it’s stored out-of-state, and therefore outside of Washington’s protective laws. “DHS has no access to SPD data regarding civil matters (such as immigration) unless the federal government subpoenas footage from the vendor. SPD owns this data, regardless of where it is stored,” he wrote.

Requiring a subpoena doesn’t eliminate the potential for federal access—it formalizes it. He also pointed to the guardrail added by Councilmember Alexis Mercedes Rinck, which triggers a 60-day shutdown of the CCTV program if the feds subpoena any data—which still allows data to get into their grubby hands before it’s paused.

“Is it perfect? Probably not,” Kettle said at his press conference. “I’m not making that claim that we’re 100 percent intact.”

Translation: Our surveillance data isn’t safe.

Seattle Police Officers aren’t constantly monitoring cameras at the RTCC.

His final note in his press release ensured Seattleites that there isn’t a desk monkey watching your every move through the city’s CCTV program. No one thinks they are. Thanks, Bob.

22:56

US lawmakers push for age verification at the operating system level [OSnews]

Encryption backdoors, social media bans for children, creepy age verification for applications – what will they think of next? The latest brilliant idea by US lawmakers sure is a hell of a doozy: legally mandated age verification in every single operating system.

Colorado’s SB26-051, introduced last month, would require operating systems to register the owner’s age, which third-party apps can then leverage to determine if the user is an adult. The bill calls for the device owner to register their birthdate or age, but for the purposes of creating an “age bracket,” which can then be shared to an app developer through an API to learn their age range, according to BiometricUpdate.com.
[…]
Ball also said the legislation was based on California’s bill AB 1043, which was passed last year. It too requires OS makers to create a way for the device owner to register their age bracket, which can then be shared to app developers over an API. The California law starts to take effect January 1, 2027.
↫ Michael Kan at PCMag

Age verification to protect children sounds innocent enough, but if you have more than two brain cells to rub together it’s crystal clear that what we’re really looking at is the true end of privacy and online anonymity. If age verification is only used by certain applications, it’s easy enough to avoid them, but if it becomes part of Windows, desktop Linux, Android, it’s truly game over. Nobody will be anonymous online ever again, and nobody will have any sense of privacy left when opening up their computer.

Worse yet, if you do end up using an operating system that doesn’t adhere to this law, or you hack out or circumvent the age verification nonsense, you’ll automatically become an easy target for law enforcement. Clearly, if you circumvent age verification, you must be up to no good, right? Of course, as we’ve seen in countries with heavily deteriorating democracies and freedoms, like the US or Hungary, even merely opposing the government will be classified as “up to no good”, and let’s not even get started about the various minorities these countries are actively trying to eradicate.

If something like this is enshrined in law in your country, you’re fucked.

22:21

Friday Squid Blogging: Squid Fishing in Peru [Schneier on Security]

Peru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

22:07

Petter Reinholdtsen: Free software toolchain for the simplest RISC-V CPU in a small FPGA? [Planet Debian]

On Wednesday I had the pleasure of attending a presentation organized by the Norwegian Unix Users Group on implementing RISC-V using a small FPGA. This project is the result of a university teacher wanting to teach students assembly programming using a real instruction set, while still providing a simple and transparent CPU environment. The CPU in question implements the smallest set of opcodes needed to still call the CPU a RISC-V CPU, the RV32I base set. The author and presenter, Kristoffer Robin Stokke, demonstrated how to build both the FPGA setup and a small startup code providing a "Hello World" message over both serial port and a small LCD display. The FPGA is programmed using VHDL, the entire source code is available from github, but unfortunately the target FPGA setup is compiled using the proprietary tool Quartus. It is such a pity that such a cool little piece of free software should be chained down by non-free software, so my friend Jon Nordby set out to see if we can liberate this small RISC-V CPU. After all, it would be unforgivable sin to force students to use non-free software to study at the University of Oslo.

The VHDL code for the CPU instructions itself is only 1138 lines, if I am to believe wc -l lib/riscv_common/* lib/rv32i/*. On the small FPGA used during the talk, the entire CPU, ROM, display and serial port driver only used up half the capacity. These days, there exists a free software toolchain for FPGA programming not only in Verilog but also in VHDL, and we hope the support in yosys, ghdl, and yosys-plugin-ghdl (sadly and strangely enough, removed from Debian unstable) is complete enough to at least build this small and simple project with some minor portability fixes. Or perhaps there are other approaches that work better? The first patches are already floating on github, to make the VHDL code more portable and to test out the build. If you are interested in running your own little RISC-V CPU on a FPGA chip, please get in touch.

At the moment we sadly have hit a GHDL bug, which we do not quite know how to work around or fix:

******************** GHDL Bug occurred ***************************
Please report this bug on https://github.com/ghdl/ghdl/issues
GHDL release: 5.0.1 (Debian 5.0.1+dfsg-1+b1) [Dunoon edition]
Compiled with unknown compiler version
Target: x86_64-linux-gnu
/scratch/pere/src/fpga/memstick-fpga-riscv-upstream/
Command line:

Exception CONSTRAINT_ERROR raised
Exception information:
raised CONSTRAINT_ERROR : synth-vhdl_expr.adb:1763 discriminant check failed
******************************************************************

Thus more work is needed. For me, this simple project is the first stepping stone for a larger dream I have of converting the MESA machine controller system to build its firmware using a free software toolchain. I just need to learn more FPGA programming first. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Jails for NetBSD [OSnews]

FreeBSD has its jails technology, and it seems NetBSD might be getting something similar soon.

Jails for NetBSD aims to bring lightweight, kernel-enforced isolation to NetBSD.
[…]
The system is intended to remain fully NetBSD-native. Isolation and policy enforcement are integrated into the kernel’s security framework rather than implemented in a separate runtime layer.

It does not aim to become a container platform. It does not aim to provide virtualization.
↫ Matthias Petermann

It has all the usual features you have come to expect from jails, like resource quota, security profiles, logging, and so on. Processes inside jails have no clue they’re in a jail, and using supervisor mode, jails are descendent from a single process and remain visible in the host process table. Of course, there’s many more features listed in the linked article.

It’s in development and not a default part of NetBSD at this time. The project, led by Matthias Petermann, is developed out of tree, with an unofficial NetBSD 10.1 ISO with the jails feature included available as well.

Dental Formulas [xkcd.com]

21:21

Intercepting messages inside IsDialogMessage, fine-tuning the message filter [The Old New Thing]

Last time, we used a MSGF_DIALOGBOX message filter to hook into the IsDialogMessage so that we had the option to grab the ESC before it gets turned into an IDCANCEL. There are some problems with our initial foray.

One is the problem of recursive dialogs. If the first dialog shows another copy of itself (for example, a certificate dialog showing a dialog for its parent certificate), then the thread-local variable gets overwritten, and the first dialog’s information is lost.

We could solve that by having each dialog remember the original value and restore it when the dialog dismisses. Alternatively, we could maintain an explicit stack of dialogs, pushing when a new dialog is created and popping when it is destroyed.

However, this fails to handle the case where the dialog is modeless. In that case, the two dialogs could be running concurrently rather than recursively. Instead of a stack, we really need a per-thread set of active dialogs.

Another thing to worry about is that if this code is put into a static library, and two components in the same thread both use that static library, then you have to be careful that the two copies of the library don’t conflict with each other.

I came up with this initial idea:

#define DIALOG_WANTS_ESC_PROP TEXT("DialogWantsEsc")

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUint(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage &&
                !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                             msg->wParam, lParam) &
                         (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))) {
                return SendMessage(hdlg, customMessage, 0, lParam);
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

The idea here is that instead of having to manage a table of per-thread registrations, we just let dialogs self-register by setting the DIALOG_WANTS_ESC_PROP property to the message number they want to receive when the user presses ESC.

If there are two copies of this hook installed, then the DialogEscHookProc is called twice. The first one sends the custom message and gets the dialog’s response, and returns it; it never passes the message down the hook chain. Therefore, the second and subsequent hooks never get to run, so we don’t have a problem of the custom message getting sent multiple times for the same call to IsDialogMessage.

This design has the advantage that multiple DLLs using this pattern can coexist because the first hook (whichever it is) does all the work for everybody.

An alternate, more complex, design would pass the call down the chain if the dialog box declined to handle the ESC key, in case some other hook wanted to do something special. The catch is that if there are multiple copies of this hook installed, each one will send the custom message to the dialog, which would be bad if the handler for the custom message had side effects like showing a confirmation dialog.

So we can add the rule that the custom message must be safe to call multiple times if it returns FALSE. This means that if it wants to display a confirmation dialog, it should always return TRUE even if the user cancels.

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUInt(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage &&
                !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                             msg->wParam, msg) &
                         (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE)) &&
                 SendMessage(hdlg, customMessage, 0, lParam)) {
                 return TRUE;                                  
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

Or we can have the first hook leave a note for the other hooks that the message has already been handled and that they shouldn’t try to handle it again.

#define DIALOG_WANTS_ESC_PROP TEXT("DialogWantsEsc")
#define CURRENT_MESSAGE_PROP TEXT("DialogWantsEscCurrentMessage")

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUInt(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage) {
                auto previous = GetProp(hdlg, CURRENT_MESSAGE_PROP);
                if (previous != msg &&                              
                    !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                                 msg->wParam, msg) &
                             (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))) {
                    return SendMessage(hdlg, customMessage, 0, lParam);
                }
                SetProp(hdlg, CURRENT_MESSAGE_PROP, msg);                     
                auto result = CallNextHookEx(nullptr, nCode, wParam, lParam); 
                SetProp(hdlg, CURRENT_MESSAGE_PROP, previous);                
                return result;                                                
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

The first hook will send the message to the dialog. and if the dialog declines to handle it, it passes the messages to the other hooks, but setes the “current message” property to the message that was already handled, so that other hooks won’t try to handle it again.

The last part of the puzzle is installing the hook. Since we are assuming that we cannot alter the dialog loop, the hook has to be installed by the dialog itself.

Let’s assume that this dialog box already allocates other dialog state, so we can add the hook handle to the state structure.

struct DIALOGSTATE
{
    wil::unique_hhook escapeHook;
    ⟦ other stuff ⟧
};

// each dialog can choose its own custom message
#define DM_ESCPRESSED (WM_USER+1000)

INT_PTR CALLBACK DialogProc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) {
    case WM_INITDIALOG:
        {
            DIALOGSTATE* state = new(std:nothrow) DIALOGSTATE();
            if (!state) { EndDialog(hdlg, -1); return FALSE; }
            SetWindowLongPtr(hdlg, DWLP_USER, (LONG_PTR)state);
            state->escapeHook.reset(SetWindowsHookEx(WM_MSGFILTER,     
                             DialogEscHookProc,                        
                             nullptr, GetCurrentThreadId()));          
            SetProp(hdlg, DIALOG_WANTS_ESC_PROP,                       
                    IntToPtr(DM_ESCPRESSED));                          
            ⟦ other dialog initialization as before ⟧
            ⟦ ending with "return (whatever)" ⟧
        }

    case DM_ESCPRESSED:
        if (⟦ we want to process the ESC key ourselves ⟧) {
            ⟦ do custom ESC key processing ⟧
            SetWindowLongPtr(hdlg, DWLP_MSGRESULT, TRUE);
            return TRUE;
        }
        break;

    case WM_DESTROY:
        {
            auto state = (DLGSTATE*)GetWindowLongPtr(hdlg, DWLP_USER);
            delete state;
        }
        break;

    ⟦ handle other messages ⟧
    }
    return FALSE;
}

The dialog installs the hook when it is created and removes it when it is destroyed. The hook has become an implementation detail of the dialog.

Now, I don’t recommend doing all this. Better is to just treat with the ESC like any other press of the (possibly imaginary) Cancel button. One of the few scenarios I can think of where this could be useful is if you want to display an extra confimation for the Close button (since its meaning is potentially ambiguous). This is still nonstandard, but at least it’s not too nonstandard. And for that, you can just intercept WM_CLOSE instead of trying to intercept the ESC. Intercepting the ESC was really just an excuse to show off message filters, which tend to be unappreciated.

The post Intercepting messages inside <CODE>IsDialogMessage</CODE>, fine-tuning the message filter appeared first on The Old New Thing.

20:00

10,000x [Penny Arcade]

I had sent Murgh an image on his phone, which... I mean, I guess I can just show it to you. It's gonna make a lot of sense when you see the strip:

19:49

The Best Bang for Your Buck Events in Seattle This Weekend: Feb 27–Mar 1, 2026 [The Stranger]

Shunpike Storefronts & Artist Residencies, Travessias Brazilian Film Festival, and More Cheap & Easy Events Under $20

by EverOut Staff

The weekend starts now. There's no time to waste, so dive in with our cheap and easy guide, pointing you to events from the Shunpike Storefronts & Artist Residencies Grand Opening to the Official Seattle Sounders FC Watch Party with Sammy the Orca and from the Travessias Brazilian Film Festival to the 50th Annual Kalevala Lecture. For more, check out our top picks of the week.

FRIDAY PERFORMANCE

So You Do Drag?! Kremwerk's Premiere Drag/Burlesque Competition
Oh, you do drag? Don’t be shy! Prove it at Kremwerk’s So You Do Drag?! It’s a new one-off competition dedicated to spotlighting the next generation of Seattle drag and burlesque performers. And not just by putting them on stage, but by giving Seattle’s rising stars a chance to prove “WHO they are and WHY they deserve stardom” in front of established icons like Clara Voyance and Pupusa. For this inaugural event, contestants Kimme Kash, Lizzie McHigher, and Nadia Nuff will strut, lip sync, and seduce their way through performances designed to show audiences exactly what they’ve got tucked deep down inside. Don’t overthink showing up, it’s gonna be a great time. LANGSTON THOMAS
(Cherry Nightclub, Downtown, $15)

19:21

Sampling Some Smackin’ Sunflower Seeds [Whatever]

I used to eat sunflower seeds when I played softball as a kid, and I can’t say I’ve ever eaten them since. For some reason, I was getting advertisements for Smackin’ Sunflower Seeds on Instagram. In that moment, I thought, you know what, sunflower seeds sound kind of good to snack on right now.

I would say in my life I’ve only had regular sunflower seeds, ranch, and BBQ flavored, so when I saw Smackin’s array of flavors, I was certainly intrigued. I am someone who believes variety is the spice of life, so of course I couldn’t choose just one flavor. I went ahead and bought a variety pack that included all their flavors (except the OG Original), and my dad and I gave them all a try.

I let my dad pick the first flavor we tried, and he chose “lemon pepper.” These definitely had a strong flavor, as advertised, and the taste actually reminded me a lot of a steakhouse. The peppery-ness wasn’t overwhelming, and my dad and I gave these ones a 6.5/10.

Up next, we went for a classic: Ranch. The ranch flavor reminded me a lot of a Hidden Valley Ranch seasoning packet, like the kind you mix into dips or salad dressings. Surprisingly, the ranch flavor was very subtle, which is certainly something that ranch never is. You get a Cool Ranch Dorito and that shit is RANCHED UP. In the case of these seeds, I could’ve used more ranch flavor. They were kind of weak, but the flavor that was present was good. These were a 6/10 from both of us.

We switched to a sweet flavor, their Cinnamon Churro. This flavor was actually really nice, it wasn’t just straight cinnamon, it had that nice churro-vanilla sort of flavor. I will say that the flavor wasn’t very long lasting, though. Like it wore off very quickly. The taste, while it lasted, was very nice and not too sweet, with just a little bit of saltiness to have a nice sweet-and-salty factor. This was a 7.5/10 from my dad and a 7/10 from me.

My dad wanted to get the Cheddar Jalapeno out of the way, since he feared it would be really hot and we’re not exactly known for loving spicy stuff. I’m happy to report that while these ones do have a real kick with a heat that lingers just a touch, it has a really nice actual jalapeno flavor and isn’t just hot to be hot. While there’s not so much of the cheddar flavor present, if you’re someone who likes a little bite in their snack, this one would be a great pick for you. I wouldn’t eat a whole bag, but they were pretty tasty. These were a 7/10 from both of us.

Onto Dill Pickle, which was one I was very excited for. Lemme just say, these bad boys were picklelicious. These had a super solid, bold pickle flavor that was very enjoyable and not too acidic, just had that nice dilly briny taste. These ended up being in my top two favorites overall, and we both gave them an 8.5/10.

Over to the Cracked Pepper, I was curious how this would compare to the Lemon Pepper. If you are someone who puts so much pepper on their steak or eggs that people around you are sneezing to high heaven, then this is the flavor for you. These were so peppery, like pretty overwhelmingly so. I honestly didn’t care for them, and gave them a 4/10, but my dad gave them a 6/10.

Next up was the Backyard BBQ. I do love barbecue chips, so I was looking forward to see how these compared flavor-wise. The BBQ was super bold! Just one seed was absolutely packed with BBQ flavor, and it was very tasty! More long-lasting flavor and very strong, these were super good and ended up being another favorite. My dad gave them an 8/10 and I gave them an 8.5/10.

Back to the sweet ones, we tried the Maple Brown Sugar. Like the Cinnamon Churro, they were really nice but not long-lived. They’re a bit subtle, like not a huge amount of maple flavor or anything, but still pretty good. My dad gave them a 7/10 and I went with a 6.5/10. The rating would be a lot higher if the flavor lasted longer or was stronger.

Starting to wrap up our sunflower adventure, Sour Cream and Onion was next. These tasted so classic and recognizable, like if you enjoy sour cream and onion chips, these are for you because they taste absolutely spot on. They honestly reminded me a lot of Philadelphia Cream Cheese Chive and Onion flavor. These were a 7.5/10 from both of us.

The final flavor before trying the mystery flavor was Garlic Parmesan. These were super garlicky, but didn’t offer up a whole lot of parmesan flavor. The garlic really stole the spotlight here, but it was still a tasty flavor, earning it a 7/10 from both of us.

Finally, the mystery flavor! I truly had no idea what to expect. Do you know how DumDums make their mystery flavors? Well, I can only assume that Smackin’ does the same thing, because the mystery flavor tasted exactly like the Cheddar Jalapeno and Ranch mixed together. It was like the Cheddar Jalapeno but less hot, and somehow even better! The mystery flavor earned an 8/10 from both of us.

Well, there you have it! Eleven flavors of sunflower seeds. The only one I didn’t get to try that I would’ve loved to is Cheeseburger! Honestly, these were pretty solid sunflower seeds. It felt kind of nostalgic to eat them, even if they are kind of tedious to get through. I felt like one of those dogs that has a “slow down” bowl because you can’t just plow through them like chips or crackers.

Anyways, if you’re interested in trying some for yourself, I have a 10% off code for you! Yippee!

Which flavor sounds the best to you? Do you eat sunflower seeds often? Let me know in the comments, and have a great day!

-AMS

18:14

Slog AM: More Seattle Budget Woes, Drunk of the Week Is House Majority Leader, White House Staffer is Johnny MAGA [The Stranger]

by Nathalie Graham

Another Bad Budget: The forecast for the city of Seattle's budget is grim. The analysts have looked into their cursed crystal ball and given Seattle its fortune (or, lack thereof): We'll be dealing with a $140 million deficit this year. Damn, those soothsaying nerds! In response, Mayor Katie Wilson asked city departments to prepare for the worst and issue plans for shaving off between 5 and 10 percent of their budgets. That's not a guarantee anything will happen—Bruce Harrell did the same thing last year before he pulled enough money out of a hat (read: the JumpStart Seattle tax's coffers) to balance the budget.

All of this was expected. For the last couple of years, the city's budget has been similarly cratered. A pandemic and a fascist president will do that to a liberal city. And, Harrell didn't do anything to find new revenue, he just pickpocketed the JumpStart tax to solve the problem in front of him. It will be very interesting to see if Wilson, who helped create the JumpStart tax to primarily fund the creation of affordable housing, will do what every other mayor has done and raid JumpStart to keep the city afloat.

Speaking of Forecasts: It'll be borderline pleasant in Seattle today. There will be sun. It will still be chilly, though. Don't plan a beach day just yet.

Spritzgibbon: House Majority Leader Rep. Joe Fitzgibbon apparently tied one on before Wednesday evening’s House Appropriations Committee meeting where legislators were passing the supplemental operating budget. Fitzgibbon's speech was “slurred and halting” and an unnamed Republican said Fitzgibbon appeared to be sleeping during parts of the night-time meeting. Fitzgibbon has apologized for having a little tipple before his important job. "Being impaired in that situation was harmful to my work and to my co-workers," he said in an apology.

Gig Harbor Stabbing: On Tuesday, a 32-year-old man stabbed and killed his mother and three of her neighbors outside her suburban home near Gig Harbor. According to KING 5, he lived in his younger sister's garage and suffered from bipolar disorder. His sister said he stopped taking his medication three days before the attack. His mother filed a protection order against her son in 2020 that lasted through 2022. In 2025, she petitioned for another one, which a court granted, but failed to serve him with the order. Therefore, it was not enforceable. The police didn't respond quickly because the order wasn't in effect.

Hey, Cut That Out: Someone shot a harbor seal in the face in Quilcene Bay near Hood Canal. Apparently, this is the second harbor seal that's been shot in the face in a matter of months. The law enforcement arm of the National Oceanic and Atmospheric Administration is investigating. Yeah, I am also surprised to hear there's a cop division in NOAA.

Good News: Capitol Hill's Seven Hills Park has been freed from prison. The Bruce Harrell administration locked up the park—and three other small parks across the city—six months ago to stop homeless people from camping there.

A Touch of TB: Someone at Rainier Beach High School was diagnosed with tuberculosis. According to Public Health, around 130 people in connection with RBHS may have been exposed to the airborne disease and will need to be tested. While this is serious, TB takes "repeated and prolonged exposure" to really spread. Tuberculosis remains the leading infectious cause of death around the world. But in wealthy countries, the risk and prevalence is low. Except, TB has been making a resurgence in the US.

War: Pakistan and Afghanistan are at war. Pakistan has bombed Afghanistan’s capital Kabul, and both countries claim to have inflicted substantial losses on the other.

I Did Not Have Sex-Offender Relations With That Man: In a closed-door deposition with members of Congress in Chappaqua, New York, former President Bill Clinton is testifying in the House’s Epstein investigation. A former sitting president has never been compelled to testify to Congress before. Hillary Clinton sat with lawmakers for her deposition yesterday.

I’m Just Chillin’ in Chappaqua: Hillary spent more than six hours with the House Oversight Committee. In a short press conference afterward, she told reporters she wished the proceedings had been public and that her attorneys have asked for transcripts and video to be available as soon as possible.

But Where Will We Watch It? Probably not on any of Warner Bros. Discovery’s subsidiaries. Netflix walked away from a deal to buy the company after David Ellison’s Paramount launched a hostile takeover. The deal may, in the words of WBD’s CEO David Zaslav, create “tremendous value for shareholders,” but it’s also putting a tremendous media empire in Ellison’s flag-waving, Trump-loving hands. It’s an antitrust nightmare, Democrats say.

Big Brother Burger: Burger King is testing new Open AI-powered headsets to assist employees and track if they’re saying “please” and “thank you.” Data on restaurant operations is shared with “Patty,” an AI that will speak to employees through their headsets. Patty can tell them if a drink machine is low on Diet Coke, or when a customer reports a bathroom disaster. Employees can ask Patty for instructions or ask it to remove out-of-stock items from the store’s digital menus. It sounds like torture.

Trump Staffer Runs X Account Johnny MAGA: By day, Garrett Wade is a rapid response manager for the Trump administration. Also by day, he runs a massive X account devoted to kissing his bosses’ feet. Wade tweets as Johnny MAGA and helps run the White House account that boosts Johnny MAGAs tweets. And when he tweets as Johnny MAGA, he tweets things like how great the administration is. OR how it was obvious Trump didn’t watch the entire video showing the Obamas as apes. If Trump had, he would’ve posted the entire thing. “It was a masterpiece,” wrote Johnny MAGA.

17:42

When I write a comment on someone else's blog I want it to automatically be on my blog. It should just appear to be on theirs, the original and only copy of the writing appears on mine. A truly distributed system.

Me as a comp sci grad student [Scripting News]

I bet Jeopardy champions would make great software developers. Their intelligence, ability to stay calm and their incredible memory, all are needed to squeeze the last bits of performance from software.

It's nice having Facebook around to show you your old posts. This one just came up and I thought it would be good to remind you all that I was once a young nerd creating Unix apps at UW-Madison.

Me as a grad student, doing more or less the same I do as an old coot.

17:07

[$] The troubles with Boolean inversion in Python [LWN.net]

The Python bitwise-inversion (or complement) operator, "~", behaves pretty much as expected when it is applied to integers—it toggles every bit, from one to zero and vice versa. It might be expected that applying the operator to a non-integer, a bool for example, would raise a TypeError, but, because the bool type is really an int in disguise, the complement operator is allowed, at least for now. For nearly 15 years (and perhaps longer), there have been discussions about the oddity of that behavior and whether it should be changed. Eventually, that resulted in the "feature" being deprecated, producing a warning, with removal slated for Python 3.16 (due October 2027). That has led to some reconsideration and the deprecation may itself be deprecated.

16:14

Maybe it's time to give awards for most our admired standards-makers. I would start with Jon Postel and Steve Wozniak.

15:28

Two new stable kernels, possible regression [LWN.net]

One of the items in Rules for Standards-makers is don't design the format before you make the app. Instead, make an app, and when you're ready, make the file format public so people can interop (ie compete) so as not to lock users to in your software. If you do that you can say you are "of the web." If we all do that always, voila! -- no more silos. Another rule is that you must use an existing format if it exists, because then you will interop with apps that support that format. Gratuitous incompatibility is a sign of a silo-seeker. So, look first, if there are no usable formats, make your app and make your format public.

14:49

Greg Kroah-Hartman has announced the 6.19.4 and 6.18.14 stable kernels. Shortly after 6.19.4 was released Kris Karas reported "getting a repeatable Oops right when networking is initialized, likely when nft is loading its ruleset"; the problem did not appear to be present in 6.18.14. Users of nftables may wish to hold off on upgrades to 6.19.4 for now. We will provide updates as they are available.

Update: Kroah-Hartman has released the 6.19.5 and 6.18.15 kernels with a fix for the regression in 6.19.4 and 6.18.14. All users of netfilter are advised to upgrade to those versions.

14:21

Dirk Eddelbuettel: x13binary 1.1.61.2 on CRAN: Micro Maintenance [Planet Debian]

The x13binary team is happy to share the availability of Release 1.1.61.2 of the x13binary package providing the X-13ARIMA-SEATS program by the US Census Bureau which arrived on CRAN earlier today, and has already been built for r2u.

This release responds to a CRAN request to display the compiler version when building. x13binary, just like three other packages there, creates and ships a local binary it interfaces with. So our build was a little outside of R CMD INSTALL ... but now signals build versions like R does. We also modernized and simplified our continuous intgegration script based on r-ci.

Courtesy of my CRANberries, there is also a diffstat report for this release showing changes to the previous release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

14:07

Security updates for Friday [LWN.net]

Security updates have been issued by AlmaLinux (389-ds-base, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana-pcp, kernel, libpng15, munge, nodejs:20, nodejs:22, podman, protobuf, python-pyasn1, runc, and skopeo), Debian (chromium, nss, and python-django), Fedora (firefox, freerdp, gh, libmaxminddb, nss, python3.15, and udisks2), Oracle (buildah, firefox, freerdp, kernel, libpng, podman, python-pyasn1, skopeo, and valkey), Red Hat (container-tools:rhel8), SUSE (autogen, chromium, cockpit, cockpit-machines-348, cockpit-packages, cockpit-repos, cockpit-subscriptions, crun, docker, docker-compose, docker-stable, erlang, freerdp, frr, glib2, gpg2, kernel, kernel-firmware, libsodium, libsoup, libsoup2, openvswitch, python, python-pyasn1, python-urllib3, python-urllib3_1, python3, qemu, redis7, regclient, and ucode-intel), and Ubuntu (linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx, python-authlib, and ruby-rack).

12:49

Error'd: Perverse Perseveration [The Daily WTF]

Pike pike pike pike Pike pike pike.

Lincoln KC repeated "I never knew Bank of America Bank of America Bank of America was among the major partners of Bank of America."

"Extra tokens, or just a stutter?" asks Joel "An errant alt-tab caused a needless google search, but thankfully Gemini's AI summary got straight-to-the-point(less) info. It is nice to see the world's supply of Oxford commas all in once place. "

Alessandro M. isn't the first one to call us out on our WTFs. "It’s adorable how the site proudly supports GitHub OAuth right up until the moment you actually try to use it. It’s like a door with a ‘Welcome’ sign that opens onto a brick wall." Meep meep.

Float follies found Daniel W. doubly-precise. "Had to go check on something in M365 Admin Center, and when I was on the OneDrive tab, I noticed Microsoft was calculating back past the bit. We're in quantum space at this point."

Weinliebhaber Michael R. sagt "Our German linguists here will spot the WTF immediately where my local wine shop has not. Weiẞer != WEIBER. Those words mean really different things." Is that 20 euro per kilo, or per the piece?

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Spinnerette - Issue 45 - 02 [Spinnerette]

New comic!
Today's News:

12:35

Why Tehran’s Two-Tiered Internet Is So Dangerous [Schneier on Security]

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of internet censorship. This was not merely blocking social media or foreign websites; it was a total communications shutdown.

Unlike previous Iranian internet shutdowns where Iran’s domestic intranet—the National Information Network (NIN)—remained functional to keep the banking and administrative sectors running, the 2026 blackout disrupted local infrastructure as well. Mobile networks, text messaging services, and landlines were disabled—even Starlink was blocked. And when a few domestic services became available, the state surgically removed social features, such as comment sections on news sites and chat boxes in online marketplaces. The objective seems clear. The Iranian government aimed to atomize the population, preventing not just the flow of information out of the country but the coordination of any activity within it.

This escalation marks a strategic shift from the shutdown observed during the “12-Day War” with Israel in mid-2025. Then, the government primarily blocked particular types of traffic while leaving the underlying internet remaining available. The regime’s actions this year entailed a more brute-force approach to internet censorship, where both the physical and logical layers of connectivity were dismantled.

The ability to disconnect a population is a feature of modern authoritarian network design. When a government treats connectivity as a faucet it can turn off at will, it asserts that the right to speak, assemble, and access information is revocable. The human right to the internet is not just about bandwidth; it is about the right to exist within the modern public square. Iran’s actions deny its citizens this existence, reducing them to subjects who can be silenced—and authoritarian governments elsewhere are taking note.

The current blackout is not an isolated panic reaction but a stress test for a long-term strategy, say advocacy groups—a two-tiered or “class-based” internet known as Internet-e-Tabaqati. Iran’s Supreme Council of Cyberspace, the country’s highest internet policy body, has been laying the legal and technical groundwork for this since 2009.

In July 2025, the council passed a regulation formally institutionalizing a two-tiered hierarchy. Under this system, access to the global internet is no longer a default for citizens, but instead a privilege granted based on loyalty and professional necessity. The implementation includes such things as “white SIM cards“: special mobile lines issued to government officials, security forces, and approved journalists that bypass the state’s filtering apparatus entirely.

While ordinary Iranians are forced to navigate a maze of unstable VPNs and blocked ports, holders of white SIMs enjoy unrestricted access to Instagram, Telegram, and WhatsApp. This tiered access is further enforced through whitelisting at the data center level, creating a digital apartheid where connectivity is a reward for compliance. The regime’s goal is to make the cost of a general shutdown manageable by ensuring that the state and its loyalists remain connected while plunging the public into darkness. (In the latest shutdown, for instance, white SIM holders regained connectivity earlier than the general population.)

The technical architecture of Iran’s shutdown reveals its primary purpose: social control through isolation. Over the years, the regime has learned that simple censorship—blocking specific URLs—is insufficient against a tech-savvy population armed with circumvention tools. The answer instead has been to build a “sovereign” network structure that allows for granular control.

By disabling local communication channels, the state prevents the “swarm” dynamics of modern unrest, where small protests coalesce into large movements through real-time coordination. In this way, the shutdown breaks the psychological momentum of the protests. The blocking of chat functions in nonpolitical apps (like ridesharing or shopping platforms) illustrates the regime’s paranoia: Any channel that allows two people to exchange text is seen as a threat.

The United Nations and various international bodies have increasingly recognized internet access as an enabler of other fundamental human rights. In the context of Iran, the internet is the only independent witness to history. By severing it, the regime creates a zone of impunity where atrocities can be committed without immediate consequence.

Iran’s digital repression model is distinct from, and in some ways more dangerous than, China’s “Great Firewall.” China built its digital ecosystem from the ground up with sovereignty in mind, creating domestic alternatives like WeChat and Weibo that it fully controls. Iran, by contrast, is building its controls on top of the standard global internet infrastructure.

Unlike China’s censorship regime, Iran’s overlay model is highly exportable. It demonstrates to other authoritarian regimes that they can still achieve high levels of control by retrofitting their existing networks. We are already seeing signs of “authoritarian learning,” where techniques tested in Tehran are being studied by regimes in unstable democracies and dictatorships alike. The most recent shutdown in Afghanistan, for example, was more sophisticated than previous ones. If Iran succeeds in normalizing tiered access to the internet, we can expect to see similar white SIM policies and tiered access models proliferate globally.

The international community must move beyond condemnation and treat connectivity as a humanitarian imperative. A coalition of civil society organizations has already launched a campaign calling for “direct-to-cell” (D2C) satellite connectivity. Unlike traditional satellite internet, which requires conspicuous and expensive dishes such as Starlink terminals, D2C technology connects directly to standard smartphones and is much more resilient to infrastructure shutdowns. The technology works; all it requires is implementation.

This is a technological measure, but it has a strong policy component as well. Regulators should require satellite providers to include humanitarian access protocols in their licensing, ensuring that services can be activated for civilians in designated crisis zones. Governments, particularly the United States, should ensure that technology sanctions do not inadvertently block the hardware and software needed to circumvent censorship. General licenses should be expanded to cover satellite connectivity explicitly. And funding should be directed toward technologies that are harder to whitelist or block, such as mesh networks and D2C solutions that bypass the choke points of state-controlled ISPs.

Deliberate internet shutdowns are commonplace throughout the world. The 2026 shutdown in Iran is a glimpse into a fractured internet. If we are to end countries’ ability to limit access to the rest of the world for their populations, we need to build resolute architectures. They don’t solve the problem, but they do give people in repressive countries a fighting chance.

This essay originally appeared in Foreign Policy.

Phishing Attacks Against People Seeking Programming Jobs [Schneier on Security]

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system.

News article.

10:21

Justice and luck [Seth's Blog]

Orson Welles may have said, “Nobody gets justice. People only get good luck or bad luck.”

I think it’s more productive to imagine that “Justice is how society deals with luck.”

Good and bad.

Irregular Webcomic! #3049 [Irregular Webcomic!]

Irregular Webcomic! #3049

09:28

10,000x [Penny Arcade]

New Comic: 10,000x

08:14

The Campaign: Running, p09 [Ctrl+Alt+Del Comic]

The post The Campaign: Running, p09 appeared first on Ctrl+Alt+Del Comic.

07:21

Victory! Tenth Circuit Finds Fourth Amendment Doesn’t Support Broad Search of Protesters’ Devices and Digital Data [Deeplinks]

In a big win for protesters’ rights, the U.S. Court of Appeals for the Tenth Circuit overturned a lower court’s dismissal of a challenge to sweeping warrants to search a protester’s devices and digital data and a nonprofit’s social media data.

The case, Armendariz v. City of Colorado Springs, arose after a housing protest in 2021, during which Colorado Springs police arrested protesters for obstructing a roadway. After the demonstration, police also obtained warrants to seize and search through the devices and data of Jacqueline Armendariz Unzueta, who they claimed threw a bike at them during the protest. The warrants included a search through all of her photos, videos, emails, text messages, and location data over a two-month period, as well as a time-unlimited search for 26 keywords, including words as broad as “bike,” “assault,” “celebration,” and “right,” that allowed police to comb through years of Armendariz’s private and sensitive data—all supposedly to look for evidence related to the alleged simple assault. Police further obtained a warrant to search the Facebook page of the Chinook Center, the organization that spearheaded the protest, despite the Chinook Center never having been accused of a crime.

The district court dismissed the civil rights lawsuit brought by Armendariz and the Chinook Center, holding that the searches were justified and that, in any case, the officers were entitled to qualified immunity. The plaintiffs, represented by the ACLU of Colorado, appealed. EFF—joined by the Center for Democracy and Technology, the Electronic Privacy Information Center, and the Knight First Amendment Institute at Columbia University—wrote an amicus brief in support of that appeal.

In a 2-1 opinion, the Tenth Circuit reversed the district court’s dismissal of the lawsuit’s Fourth Amendment search and seizure claims. The court painstakingly picked apart each of the three warrants and found them to be overbroad and lacking in particularity as to the scope and duration of the searches. The court further held that in furnishing such facially deficient warrants, the officers violated “clearly established” law and thus were not entitled to qualified immunity. Although the court did not explicitly address the First Amendment concerns raised by the lawsuit, it did note the backdrop against how these searches were carried out, including animus by Colorado Springs police leading up to the housing protest.

It is rare for appellate courts to call into question any search warrants. It’s even rarer for them to deny qualified immunity defenses. The Tenth Circuit’s decision should be celebrated as a big win for protesters and anyone concerned about police immunity for violating people’s constitutional rights. The case is now remanded back to the district court to proceed—and hopefully further vindicate the privacy rights we all have in our devices and digital data.

05:49

Girl Genius for Friday, February 27, 2026 [Girl Genius]

The Girl Genius comic for Friday, February 27, 2026 has been posted.

02:07

Incoming [QC RSS]

01:56

Quit Your Job, Ice [The Stranger]

Do you need to get something off your chest? by Anonymous

Dear ICE and CBP Agents,

Resign. Quit. Retire. Think about it. If you quit now, you can at least say you got out when the shit got crazy. If you continue to work for ICE or CBP, however, you will fuck yourself over in multiple ways.

You are probably not very bright, so I’ll try to make this simple: Nobody likes you.

Nobody.

At all.

Forever.

No real employers will want to hire you in the future if they see ICE or CBP on your resume. No one will be your friend. No one will fuck you. Your food will be spit on, or worse. If you have children, they will hate you. You will be subject to mockery, ridicule, and loathing forever. And you hopefully will get criminally prosecuted.

But if you resign now, there is a glimmer of hope. You can say that you got out when you realized that ICE and CBP are Nazis. You can say, “I’m one of the good ones who did what was right when my country depended on it.” Sure, it was significantly later than any rational, sane person would come to the same realization, but at least you got to the right place eventually.

If you resign, you will still be a douchebag, but you won’t be a fascist douchebag. And regular, non-fascist douchebags are incrementally better. They are far more likely to get a job and get paid. Or laid.

But if you stay? After the shootings? The beatings? The tear gas? The intimidation of protesters and observers? The detainment of 5-year-olds? The Nazi coats?

If you stay, you’re a Dick with a capital D for the rest of your sorry, lonely, pathetic life. So grow a pair of balls and resign already. Get a real job. Ice Out.

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! Send your unsigned rant, love letter, confession, or accusation to ianonymous@thestranger.com. Please remember to change the names of the innocent and the guilty.

00:21

(5229) [Flipside]

Thursday, 26 February

23:35

Genode OS Framework 26.02 released [OSnews]

The Genode OS Framework 26.02 has been released, and its tentpole improvement is the completion of moving configuration from XML to the new human-inclined data syntax, as we talked about a few months ago. The project has been working on this for years, and now that the tooling, documentation, and so on have been added this release cycle, they’re ready to make the switch. On top of that, they also made the move from GitHub to Codeberg, but that’s certainly not all.

The technical topics of the release revolve around the progressive update of our Linux device-driver environment (DDE-Linux) to kernel version 6.18, usability improvements of the Goa SDK, input-event processing, and code rigidity.

Feature-wise, version 26.02 further cultivates the genode-world repository as designated place for ported 3rd-party software, adding the port of Git as stepping stone on our way towards self-hosted development on Sculpt OS.
↫ Genode OS Framework 26.02 release notes

Be sure to read the entire release notes for much more detailed information, as well as a ton of things not mentioned yet.

22:49

Ticket Alert: ZooTunes, Queens Of The Stone Age, and More Seattle Events Going On Sale This Week [The Stranger]

Plus, Ali Wong and More Event Updates for February 26

by EverOut Staff

Start making summer plans: The 2026 BECU ZooTunes concert series will bring acts including Courtney Barnett, Suki Waterhouse, and Pavement to Woodland Park Zoo’s meadow. Seattle-formed alt-rock band Queens Of The Stone Age return to their old stomping grounds on the Catacombs Tour. Plus, Emmy Award-winning actress and comedian Ali Wong brings her brash humor to McCaw Hall. Read on for details on those and other newly announced events, plus some news you can use.

ON SALE FRIDAY, FEBRUARY 27

MUSIC

A.J. Croce Presents Croce Plays Croce
Moore Theatre (Wed Sept 30)

BECU ZooTunes
Woodland Park Zoo (June 4–Aug 20)

Blitzen Trapper - Two Nights
Tractor Tavern (June 5–6)

22:00

“Linuxulator on FreeBSD feels like magic” [OSnews]

You may not be aware that FreeBSD has a pretty robust set of tools to run Linux binaries, unmodified.

The result? A fast, smooth, fully-featured remote development experience on FreeBSD running Linux binaries transparently via the Linuxulator.

It genuinely feels like magic.

More importantly, it’s a testament to how stable the Linux ABI itself is and how well FreeBSD’s Linuxulator implements it. This setup completely changed how I work with FreeBSD, and it finally removed one of the biggest friction points in my workflow.
↫ Hayzam Sherif

FreeBSD’s Linux compatibility does kind of feel like magic. There’s people running Steam and Steam games on FreeBSD using these very same technologies, and while it’s far from perfect, it works for quite a few games without any issues. It’d be great is Steam ever made it to FreeBSD natively, but sine that’s probably not going to happen any time soon, it’s great to see that those of us using FreeBSD can still play at least some Steam games just fine.

US orders diplomats in the EU to fight data sovereignty initiatives [OSnews]

It seems the widespread efforts in Europe to drastically reduce its dependency on US technology companies is starting to worry some people.

President Donald Trump’s administration has ordered U.S. diplomats to lobby against attempts to regulate U.S. tech companies’ handling of foreigners’ data, saying in an internal diplomatic cable seen by Reuters that such efforts could interfere with artificial intelligence-related services.

Experts say the move signals the Trump administration is reverting to a more confrontational approach as some foreign countries seek limits around how Silicon Valley firms process and store their citizens’ personal information – initiatives often described as “data sovereignty” or “data localization.”
↫ Raphael Satter and Alexandra Alper at Reuters

It’s going to take time, but untangling the EU from the US – especially technologically and militarily – is worth the effort. I’ll gladly pay more taxes to make this happen.

21:21

The Big Idea: Bernie Jean Schiebeling [Whatever]

Like blue eyes, height, or left-handedness, how much of our temper and ill manners can we contribute to our genetics? Author Bernie Jean Schiebeling explores the breakage of inherited anger, and what it’s like to fall victim to the temperament our parents passed unto us in the Big Idea for their newest novel, House, Body, Bird.

BERNIE JEAN SCHIEBELING:

My great-grandfather was not a good man.

Without getting into too many details, he was angry and abusive, so much so that my great-grandmother was able to divorce him in the late 1920s without too much trouble. After the divorce, my great-grandfather left—possibly fled—and then committed a string of burglaries across Kentucky and Tennessee while working as a door-to-door salesman. Many years later, my father met one of his ex-colleagues, who said the man had been incredible at sales. Less so at stealing, since he kept getting caught. “And,” he said, pointing at my dad’s breakfast plate, “I can tell you that you take your scrambled eggs the same way. So much pepper.”

Dad never met my great-grandfather (even Grandpa hardly knew him, since he was just a toddler during the divorce). But they both liked peppery eggs, and so do I.

Other echoes persisted too. Anger sometimes exploded from my grandfather, though less than the previous generation. My dad is calmer than his father, and I am calmer than him. Still, rage sometimes rises in me with the inevitable force of a king tide. I hear the ocean rushing in my ears—

—And I breathe through the impulse. I don’t have to do this. I don’t have to continue this tradition that—I hope—none of us wanted.

Inheritance is never clean. We gather too much over the course of a life, too many objects imbued with too many memories, to ever pass on an uncomplicated story to our descendants. In most cases, this is a gift, the last we give to our loved ones. Sometimes, however, it is a weapon, sharp-edged and dangerous to hold, and we have to figure out how to carry it anyway, or how to put it down in a way that hurts no one else. This is the big idea of House, Body, Bird.

The idea was larger than I expected. I didn’t mean for this to be a novella; I thought it would be a short story too long to sell to most markets, like most of the work I have in my drafts folder. I was about 15,000 words deep by the time I realized I was writing a book.

In retrospect, I shouldn’t have been that surprised. Stories find their ideal length through their subject matter, and the more I thought about House, Body, Bird’s family and their home-slash-haunted-dollhouse-museum, the more I realized that the sheer amount of stuff in main character Birdie Goodbain’s inheritance—both dollhouses and the history behind those dollhouses—needed to show up on the page. I started including imagery wherever I could: descriptions of dolls, of difficult memories, of how haunted the body becomes from those memories. In the story’s earlier scenes, I wanted to crowd Birdie, make her tuck her elbows in as she navigated the rambling, watchful house.

Of course, this is only the first half of the difficult-inheritance-problem, the “Someone has willed me a weapon” half. I still had to find a good way to explore the second half of “Thanks, I hate it.” Birdie couldn’t stay scared. Thankfully, I had a solution; I just needed to reorganize some clutter.

When I first started writing the would-be short story, I had alternated between two point-of-views for Birdie, third-person limited and first-person. This created emotional whiplash as Birdie went from a meek third-person POV ruminating on the house’s creepiness to a furious first-person POV bashing through the walls with a meat tenderizer. By grouping all the third-person scenes together and following them with the first-person ones, Birdie had much cleaner character development. It’s relevant that the switch in perspective happens once Birdie commits to escaping and seizing her freedom. In that moment, she moves from third-person, where an unseen narrator observes and objectifies her (like a doll!), to first-person, where she narrates her experiences. While imagery had pushed up against the margins in the third-person section, Birdie’s opinions, observations, and memories pepper her own telling of the story. She gets space to breathe.

In keeping with the novella’s spirit of excess, Birdie’s sections are interspersed with ones from the haunted house’s point of view. Originally, this was useful because it allowed me to reference the previous Goodbain generations with a level of detail that wouldn’t have been possible for Birdie, but the house eventually became the story’s second emotional heart. Although I worried about overwriting throughout the drafting process, a maximalist approach to storytelling was what I needed for House, Body, Bird.

It’s funny—early on in the story, Birdie’s messed-up dad tells her, “We build, and build, and build.” The Goodbain family built and built and built their house as a way to create a family narrative worth passing on, as an attempt to build livelihoods and lives and love, and I did the same thing. I built and built and built the story to understand how Birdie’s family history loomed over her, and how she could create a new, more loving life in response to it.

House, Body, Bird: Amazon|Barnes & Noble|Books-A-Million

Author socials: Website|Instagram|Bluesky

19:42

Pillion, the Feel-Good Gay BDSM Christmas Movie for Spring [The Stranger]

Defying popular, negative perceptions of BDSM—especially gay BDSM—Colin’s submissive role transforms him into a more assertive person, free to pursue his desires on his own non-negotiable terms and proudly advertise his “aptitude for devotion.” by Julianne Bell

In Harry Lighton’s debut feature based on Adam Mars-Jones' 2020 novel Box Hill, the life of a sheltered twenty something named Colin (Harry Melling, Harry Potter) is forever changed the moment biker Ray (Alexander Skarsgård, The Northman, Infinity Pool) unzips his leather pants in a dark alley on Christmas Day, freeing a massive, pierced, dangling cock.

The two quickly enter into an all-consuming, 24/7 dominant/submissive relationship. Colin follows Ray’s rules, becomes his devoted pet. But when the relationship begins to unravel, the power dynamics are not to blame. Like any other relationship, it’s bad communication. Apart from all the kinky sex, Pillion is almost family friendly and it is easily one of my favorite queer films of the last several years.

It’s interesting to see Melling, best-known for playing Harry Potter’s greedy, idiotic cousin Dudley Dursley, as the sensitive object of Skarsgård’s cold affection. Though the characters share a similar background (doting parents, an upbringing in the southeast London suburbs), Melling is no longer the butt of an eight-movie-long fat joke but a character with agency, allowed to explore his sexuality and to be considered desirable. Unlike Dudley, Melling tugs heartstrings as the naïve Colin, who you can’t help but want to hug. His face is an open book; his puppy eyes widen in simultaneous fear and delight.

With Melling’s Colin as a guileless vehicle, BDSM is shown as sweet rather than debased. The sex scenes aren’t soft-focused, porny fantasies, but genuine and even endearingly awkward, like when Colin and Ray grapple in spandex to Tiffany’s version of “I Think We’re Alone Now.” (The scene was the first that Melling and Skarsgård shot together, so the awkwardness might be authentic.) In Pillion, tenderness is found in birthday orgies and beautifully shot late-night, windblown motorcycle rides showing freedom can be found in submission.

BDSM in Hollywood is often played for laughs and scares, or portrayed as exotic and perverse, as in the case of Fifty Shades of Grey. Lighton cited Secretary and The Duke of Burgundy as films he had in mind while making Pillion, but went for a more relatable route. “I always wanted Pillion to have enough of a foot in realism, that you weren’t, as a viewer, able to distance yourself from the character in the way I think that I personally do in those films, by dint of the tone,” he told Letterboxd.

Pillion doesn’t exploit gayness either, or make sexuality the friction in these men’s lives. Colin’s parents are enthusiastically supportive of his queerness, but just want to see their son treated right outside the bedroom. In that way, they’re a stand-in for viewers who might not know boot-blacking from anal beads, but can read the conventional love story between the lines of this unconventional relationship.

I’d bet a reasonably open-minded family could watch it together. Alexander Skarsgård could do it: He watched it with his dad Stellan Skarsgård (Girl with the Dragon Tattoo, Dune) at Telluride Film Festival. As Stellan succinctly put it, “I have no problem seeing him do BDSM, that’s not a problem. If he acts badly, I have big problems.”

18:56

Slog AM: Speedboat Gunfight, Murder Charge in Capitol Hill Shooting, Gatesgate [The Stranger]

The Stranger's morning news roundup. by Micah Yip

US Speedboat Boat Shot By Cuba: A shootout between a Florida-registered speedboat and a Cuban border patrol vessel left six people dead and four injured. The Cuban government accused the heavily-armed “Cuban residents of the United States” in the speedboat of trying to infiltrate the island for “terrorist purposes.” They were carrying guns, Molotov cocktails, bulletproof vests, and camouflage, the Cuban government said.

Gatesgate: At an internal Gates Foundation town hall Tuesday, Bill Gates apologized to staff for endangering the foundation with his yearslong connection to convicted sex offender Jeffrey Epstein. Gates acknowledged first meeting Epstein in 2011 to raise money for global health, three years after the financier was convicted for soliciting a minor for prostitution. Gates continued to see the financier until 2014. Gates also admitted to two affairs, which Epstein tried to use as leverage over him, he said. Gates never got his money for global health.

Will They, Won’t They: Normally, Super Bowl winners are invited to the White House. But Seahawks coach Mike Macdonald said the team hasn’t gotten an invite, though he expects one. The White House has indicated they will invite the Seahawks. But will the team accept? Macdonald wouldn’t commit, but a league source told the Seattle Times the team was initially inclined to accept. The Super Bowl was weeks ago.

Murder Charge in Capitol Hill Shooting: Daniel John Carlee, 41, was charged with murder for allegedly shooting 38-year-old Solomon Thompson in Friday night’s Capitol Hill shooting. King County prosecutors said Carlee instigated the fight. Before shooting Thompson, he told a witness, “I’m going to shoot him.”

Another Teen Shooting: Police arrested two teens with a handgun after a shooting in Mount Baker that put Franklin High School on lockdown. As a precaution, students at John Muir Elementary sheltered-in-place. Police are still looking for two more suspects.

Temu Sesame Street: A 27-year-old man in Ohio has been dubbed “Oscar the Grouch” after a sanitation worker found him hiding from police in a trash can. It was caught on tape. Now, I’m no fan of surveillance, but…this was entertaining.

Weather: Partly sunny with a high near 51 and a chance of on and off rain. Wind gusts will be as high as 25 miles per hour. Tonight will be mostly cloudy with a low around 42 and a 30 percent chance of rain.

What Are the House and Senate Doing with Our Money? The Seattle Times compiled key takeaways from the state Senate and House budget proposals, including how lawmakers are accounting for the not-yet-passed millionaires’ tax, how they’ll use Climate Commitment Act money, what’ll happen with House’s proposal to eliminate occupational, speech and physical therapy coverage and instead provide a limited, one-time rate boost for certain long-term care facilities, and more.

Jeff Galloway: Galloway, the 1972 U.S. Olympic runner who inspired amateurs and pros alike with his “run-walk-run” strategy, died yesterday from a hemorrhagic stroke. He was 80.

Nobody Likes Newsom: California Gov. Gavin Newsom is offending everybody. He’s on a book tour right now—another effort to cast off his reputation as a liberal elitist to position himself as the Democratic frontrunner in 2028. But he’s just pissing everyone off. Conservatives accused Newsom of suggesting that Black people weren’t smart while talking to the Black mayor of Atlanta, Andre Dickens. Liberals are mad about Newsom’s CNN interview, where he said Democrats should be “more culturally normal” and stop spending “a disproportionate amount of time on pronouns, identity.”

LA Superintendent Investigation: The FBI raided the home of Los Angeles Unified School District Superintendent Alberto Carvalho and the district’s headquarters. A source told the Associated Press that the warrants were served as part of an “ongoing investigation.” The district hasn’t provided further information, but said it is cooperating with the investigation.

Bummer: A state bill to lower the legal driving limit from 0.08 blood alcohol content to 0.05 blood alcohol content died in the House yesterday. The bill, sponsored by Sen. John Lovick, would’ve been a good idea, given that drunk driving kills people.

18:07

Intercepting messages inside IsDialogMessage, installing the message filter [The Old New Thing]

Last time, we saw that one way to intercept the ESC in the standard dialog message loop is to use your own dialog message loop. However, you might not be able to do this, say, because the dialog procedure uses EndDialog(), and the dialog exit code is not retrievable from a custom message loop.

The IsDialogMessage includes an extensibility point that lets you hook into the message processing. You can register a message filter hook and listen for MSGF_DIALOGBOX.

Before processing a message, the IsDialogMessage function does a CallMsgFilter with the message that it is about to process and the filter code MSGF_DIALOGBOX. If the filter result is nonzero (indicating that one of the hooks wanted to block default processing), then the IsDialogMessage returns without doing anything. This lets us grab the ESC from IsDialogMessage before it turns into an IDCANCEL.

Here’s our first attempt. (There will be more than one.)

HWND hdlgHook;
#define DM_ESCPRESSED (WM_USER + 100)

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (IsDialogESC(hdlgHook, msg)) {
            return SendMessage(hdlg, DM_ESCPRESSED, 0, lParam);
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

Our hook procedure first checks that it’s being called by IsDialogMessage. if so, and the message is a press of the ESC key destined for our dialog box (or a control on that dialog box), then send the dialog box a DM_ESCPRESSED message to ask it what it thinks. The dialog procedure can return TRUE to block default processing or FALSE to allow default processing to continue.

Here is the handler in the dialog procedure itself:

INT_PTR CALLBACK DialogProc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) {
    case WM_INITDIALOG:
        hdlgHook = hdlg;
        ⟦ other dialog initialization as before ⟧
        ⟦ ending with "return (whatever)" ⟧

    case DM_ESCPRESSED:
        if (⟦ we want to process the ESC key ourselves ⟧) {
            ⟦ do custom ESC key processing ⟧
            SetWindowLongPtr(hdlg, DWLP_MSGRESULT, TRUE);
            return TRUE;
        }
        break;
    ⟦ handle other messages ⟧
    }
    return FALSE;
}

When the dialog initializes, remember its handle as the dialog for which the DialogEscHookProc is operating.

When the dialog is informed that the ESC key was pressed, we decide whether we want to process the ESC key ourselves. If so, then we do that custom processing and set up to return TRUE from the window procedure. For dialog procedures, this is done by setting the message result to the desired window procedure result and then returning TRUE to block default dialog box message processing and instead return the value we set (which is TRUE) from the window procedure.

Finally, we install the message hook before we create the dialog box and remove it when the dialog box dismisses.

auto hook = SetWindowsHookEx(WM_MSGFILTER, DialogEscHookProc,
                             nullptr, GetCurrentThreadId());
auto result = DialogBox(hinst, MAKEINTRESOURCE(IDD_WHATEVER),
                        hwndOwner, DialogProc);
UnhookWindowsHookEx(hook);

This is the basic idea, but we see that there are a few problems.

One is that we are communicating the dialog box handle through a global variable. This means that we can’t have multiple threads using this hook at the same time. Fortunately, that can be fixed by changing the variable to be thread_local, although this does drag in the cost of thread-local variables.

But even if we do that, we have a problem if two copies of this dialog box are shown by the same thread. For example, one of the controls in the dialog might launch another copy of this dialog, but with different parameters. For example, a “View certificate” dialog might have a button called “View parent certificate”.

We’ll take up these issues (and others) next time.

The post Intercepting messages inside <CODE>IsDialogMessage</CODE>, installing the message filter appeared first on The Old New Thing.

15:49

Joachim Breitner: Vibe-coding a debugger for a DSL [Planet Debian]

Earlier this week a colleague of mine, Emilio Jesús Gallego Arias, shared a demo of something he built as an experiment, and I felt the desire to share this and add a bit of reflection. (Not keen on watching a 5 min video? Read on below.)

What was that?

So what did you just see (or skipped watching)? You could see Emilio’s screen, running VSCode and editing a Lean file. He designed a small programming language that he embedded into Lean, including an evaluator. So far, so standard, but a few things stick out already:

Using Lean’s very extensible syntax this embedding is rather elegant and pretty.
Furthermore, he can run this DSL code right there, in the source code, using commands like #eval. This is a bit like the interpreter found in Haskell or Python, but without needing a separate process, or like using a Jupyter notebook, but without the stateful cell management.

This is already a nice demonstration of Lean’s abilities and strength, as we know them. But what blew my mind the first time was what happened next: He had a visual debugger that allowed him to debug his DSL program. It appeared on the right, in Lean’s “Info View”, where various Lean tools can hook into, show information and allow the user to interact.

But it did not stop there, and my mind was blown a second time: Emilio opened VSCode’s „Debugger“ pane on the left, and was able to properly use VSCode’s full-fledged debugger frontend for his own little embedded programming language! Complete with highlighting the executed line, with the ability to set breakpoints there, and showing the state of local variables in the debugger.

Having a good debugger is not to be taken for granted even for serious, practical programming languages. Having it for a small embedded language that you just built yourself? I wouldn’t have even considered that.

Did it take long?

If I were Emilio’s manager I would applaud the demo and then would have to ask how many weeks he spent on that. Coming up with the language, getting the syntax extension right, writing the evaluator and especially learning how the debugger integration into VSCode (using the DAP protocol) works, and then instrumenting his evaluator to speak that protocol – that is a sizeable project!

It turns out the answer isn’t measured in weeks: it took just one day of coding together with GPT-Codex 5.3. My mind was blown a third time.

Why does Lean make a difference?

I am sure this post is just one of many stories you have read in recent weeks about how new models like Claude Opus 4.6 and GPT-Codex 5.3 built impressive things in hours that would have taken days or more before. But have you seen something like this? Agentic coding is powerful, but limited by what the underlying platform exposes. I claim that Lean is a particularly well-suited platform to unleash the agents’ versatility.

Here we are using Lean as a programming language, not as a theorem prover (which brings other immediate benefits when using agents, e.g. the produced code can be verified rather than merely plausible, but that’s a story to be told elsewhere.)

But arguably because Lean is also a theorem prover, and because of the requirements that stem from that, its architecture is different from that of a conventional programming language implementation:

As a theorem prover, it needs extensible syntax to allow formalizing mathematics in an ergonomic way, but it can also be used for embedding syntax.
As a theorem prover, it needs the ability to run “tactics” written by the user, hence the ability to evaluate the code right there in the editor.
As a theorem prover, it needs to give access to information such as tactic state, and such introspection abilities unlock many other features – such as a debugger for an embedded language.
As a theorem prover, it has to allow tools to present information like the tactic state, so it has the concept of interactive “Widgets”.

So Lean’s design has always made such a feat possible. But it was no easy feat. The Lean API is large, and documentation never ceases to be improvable. In the past, it would take an expert (or someone willing to become one) to pull off that stunt. These days, coding assistants have no issue digesting, understanding and using the API, as Emilio’s demo shows.

The combination of Lean’s extensibility and the ability of coding agents to make use of that is a game changer to how we can develop software, with rich, deep, flexible and bespoke ways to interact with our code, created on demand.

Where does that lead us?

Emilio actually shared more such demos (Github repository). A visual explorer for the compiler output (have a look at the screenshot. A browser-devtool-like inspection tool for Lean’s “InfoTree”. Any of these provide a significant productivity boost. Any of these would have been a sizeable project half a year ago. Now it’s just a few hours of chatting with the agent.

So allow me to try and extrapolate into a future where coding agents have continued to advance at the current pace, and are used ubiquitously. Is there then even a point in polishing these tools, shipping them to our users, documenting them? Why build a compiler explorer for our users, if our users can just ask their agent to build one for them, right then when they need it, tailored to precisely the use case they have, with no unnecessary or confusing feature. The code would be single use, as the next time the user needs something like that the agent can just re-create it, maybe slightly different because every use case is different.

If that comes to pass then Lean may no longer get praise for its nice out-of-the-box user experience, but instead because it is such a powerful framework for ad-hoc UX improvements.

And Emilio wouldn’t post demos about his debugger. He’d just use it.

15:35

[$] IIIF: images and visual presentations for the web [LWN.net]

The International Image Interoperability Framework, or IIIF ("triple-eye eff"), is a small set of standards that form a basis for serving, displaying, and reusing image data on the web. It consists of a number of API definitions that compose with each other to achieve a standard for providing, for example, presentations of high-resolution images at multiple zoom levels, as well as bundling multiple images together. Presentations may include metadata about details like authorship, dates, references to other representations of the same work, copyright information, bibliographic identifiers, etc. Presentations can be further grouped into collections, and metadata can be added in the form of transcriptions, annotations, or captions. IIIF is most popular with cultural-heritage organizations, such as libraries, universities, and archives.

15:14

Oh, Look, an Airport [Whatever]

Strange how I keep ending up at one.

This time, however, not on business. Visiting friends because now that the novel is in I can do that. I’ll be traveling on business very soon, however, first to San Antonio and then to Tucson. The life of an author is strangely itinerant.

— JS

14:07

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (freerdp), Debian (firefox-esr and libstb), Fedora (389-ds-base, chromium, firefox, munge, opentofu, python3-docs, python3.14, and vim), Oracle (buildah, containernetworking-plugins, gimp, grafana, grafana-pcp, kernel, podman, runc, and skopeo), Red Hat (go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, mariadb:10.11, podman, and skopeo), SUSE (cacti, docker-stable, expat, firefox-esr, freerdp, freerdp2, libjxl, libsoup-2_4-1, python-tornado, python-urllib3_1, python3, python311-Django4, python312, python313, python39, and redis), and Ubuntu (ceph, mongodb, protobuf, and rlottie).

13:56

Semantic Layers in the Wild: Lessons from Early Adopters [Radar]

My first post made the case for what a semantic layer can bring to the modern enterprise: a single source of truth accessible to everyone who needs it—BI teams in Tableau and Power BI, Excel-loving analysts, application integrations via API, and the AI agents now proliferating across organizations—all pulling from the same governed, performant metric layer. The promise is compelling. But what happens when organizations actually build and deploy one? To find out, I interviewed several early adopters who’ve moved semantic layers from concept to production. Four themes emerged from those conversations: some surprising, some predictable, and a few that will sound familiar to anyone who’s ever shipped data infrastructure.

The first theme: Semantic layers are showing up in unexpected places. Most discussion positions them as enterprise-level infrastructure—a single location capturing all company metrics for centralized access and governance. That’s still the primary use case. But practitioners are also deploying semantic layers for narrower purposes. One organization, for example, built their semantic layer specifically to power a targeted chatbot application—letting users query data conversationally without any traditional BI tools in the mix. No Power BI, no Excel, just an AI interface pulling from governed metrics. The rationale for these smaller deployments is straightforward: Semantic layers deliver high accuracy on structured data, even with lightweight models. The core value drivers remain speed, accuracy, and access—but organizations are finding more ways to extract that value than the enterprise-wide vision suggests.

The second theme: AI is the reason organizations are moving now. The other benefits still matter—single source of truth, multitool compatibility, true self-serve access, cost reduction in cloud environments—but when I asked practitioners why they prioritized a semantic layer today rather than two years ago, the answer was consistent: AI. Whether it was a specific chatbot project or enabling AI-driven analytics at scale, AI requirements were the catalyst. This tracks with what I discussed in my first post: Structured data alone isn’t enough for reliable AI analytics. Adding semantic context—field descriptions, model definitions, object relationships—dramatically improves accuracy. The data industry has noticed. Semantic layers have moved from niche infrastructure to strategic priority: Snowflake, Databricks, dbt Labs, and Microsoft have all made significant investments in the past year.

The third theme: Semantic layers reduce work for developers while making trusted data easier to access. Multiple practitioners cited the value of maintaining metrics and business logic in a single location. Any analyst knows the pain of metric sprawl—leadership requests a change to a core KPI, and you discover it’s been defined a dozen different ways across databases, BI tools, and spreadsheets scattered through the organization. The semantic layer eliminates the chase. One engineering lead described a financial metric that had accumulated over 60 versions across the company. After deploying the semantic layer, there was one.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

Access simplifies too. Instead of provisioning controls across warehouses, BI workspaces, individual dashboards, and cloud storage locations, users connect directly to the semantic layer and pull data into the tool of their choice. One organization was surprised to find that after deployment, the most common access point was Excel. But with the semantic layer, that wasn’t a problem: The data served in Excel was identical to what powered their AI tools, Power BI dashboards, and application integrations via API.

The fourth theme will sound familiar to anyone who’s shipped data infrastructure: The biggest challenge isn’t the technology—it’s the data itself. Every practitioner I spoke with identified the same bottleneck: consistency, availability, and accuracy of the underlying data. Engineers and analysts can build the semantic layer, but they can’t will clean data into existence. Success requires close collaboration with business stakeholders, clear ownership of metrics, and leadership alignment to prioritize the work. None of that is new. But despite these challenges, everyone I interviewed reached the same conclusion: The semantic layer is worth the effort.

Semantic layer technology is still early. The tools, vendors, and best practices are evolving fast—what works today may look different in a year. But these conversations revealed a clear signal beneath the noise: semantic layers are becoming critical AI infrastructure. The practitioners I spoke with aren’t experimenting anymore. They’re operationalizing. And despite the expected challenges around data quality and organizational alignment, they’re seeing real returns: fewer metric versions to maintain, simpler access controls, and AI tools that actually produce trusted answers.

My first article made the case for what a semantic layer could be. This one asked what happens when organizations actually build them. The answer: It’s hard, it’s worth it, and for companies serious about AI-driven analytics, the semantic layer is no longer a nice-to-have. It’s the foundation.

12:56

CodeSOD: The Counting Machine [The Daily WTF]

Industrial machines are generally accompanied by "Human Machine Interfaces", HMIs. This is industrial slang for a little computerized box you use to control the industrial machine. All the key logic and core functionality and especially the safety functionality is handled at a deeper computer layer in the system. The HMI is just buttons users can push to interact with the machine.

Purchasers of those pieces of industrial equipment often want to customize that user interface. They want to guide users away from functions they don't need, or make their specific workflow clear, or even just brand the UI. This means that the vendor needs to publish an API for their HMI.

Which brings us to Wendy. She works for a manufacturing company which wants to customize the HMI on a piece of industrial equipment in a factory. That means Wendy has been reading the docs and poking at the open-sourced portions of the code, and these raise more questions than they answer.

For example, the HMI's API provides its own set of collection types, in C#. We can wonder why they'd do such a thing, which is certainly a WTF in itself, but this representative line raises even more questions than that:

Int32 Count { get; set; }

What happens if you use the public set operation on the count of items in a collection? I don't know. Wendy doesn't either, as she writes:

I'm really tempted to set the count but I fear the consequences.

All I can hear in my head when I think about "setting the Count" is: "One! One null reference exception! Two! TWO null reference exceptions! HA HA HA HA!"

By http://muppet.wikia.com/wiki/Count_von_Count

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

12:35

LLMs Generate Predictable Passwords [Schneier on Security]

LLMs are bad at generating passwords:

There are strong noticeable patterns among these 50 passwords that can be seen easily:

All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7.

Character choices are highly uneven for example, L , 9, m, 2, $ and # appeared in all 50 passwords, but 5 and @ only appeared in one password each, and most of the letters in the alphabet never appeared at all.

There are no repeating characters within any password. Probabilistically, this would be very unlikely if the passwords were truly random but Claude preferred to avoid repeating characters, possibly because it “looks like it’s less random”.

Claude avoided the symbol *. This could be because Claude’s output format is Markdown, where * has a special meaning.

Even entire passwords repeat: In the above 50 attempts, there are actually only 30 unique passwords. The most common password was G7$kL9#mQ2&xP4!w, which repeated 18 times, giving this specific password a 36% probability in our test set; far higher than the expected probability 2-100 if this were truly a 100-bit password.

This result is not surprising. Password generation seems precisely the thing that LLMs shouldn’t be good at. But if AI agents are doing things autonomously, they will be creating accounts. So this is a problem.

Actually, the whole process of authenticating an autonomous agent has all sorts of deep problems.

News article.

Slashdot story

11:42

Grrl Power #1438 – Pop goes the Gralien [Grrl Power]

The UCBA Party Barge and Recovery ship is large enough and custom built to pull even something/one the size of U.M.B.Rage off the surface. The ship is roughly the size of the Fhloston Paradise, with slightly fewer pools and more space dedicated to kaiju sized med-bays. But it still is a party barge, and is generally considered a premier location to view the battles.

Sydney’s still wearing a bra, by the way. You can see part of the strap under Frix’s fingers if you look close enough. I drew her, then added him because I have a bad habit of drawing only the people talking in a scene, since each character I draw adds to the time to pencil, ink and color. But I figured I’d just be drawing neck to waist, and how hard can that be – oh right, even after all this time I don’t know what humanoid bodies look like, so naturally it took me like 30 minutes to pencil his torso, cause the arm position and the inside of the elbow joint looked weird and I finally had to go looking for reference, but of course, there are no pictures of really muscular guys on the internet standing in that position. They’re always flexing. Or maybe standing casually, but try to find a picture of a muscular man or woman lounging, or talking on a phone or resting their cheek on their hand and now you’ve got a challenge.

You know, sometimes I complain about my job, but then I remember that I have never once had to use Excel or sit in a Zoom meeting that should have been an email or had to sit through an embarrassingly outdated HR video. I mean, not at this job. I’ve done that stuff at other jobs. Well, Zoom didn’t exist back then. It was probably Skype, and there was never a point at which Skype didn’t suck a to a surprising degree.

Also, I should mention that Sydney is still sporting holo-boobs. Even still, she’s self conscious about exposing fake boobs so long as they’re attached to her.

Do you realize it’s 02-26-2026? If you reverse the order of the month numerals, you get 20262026! And if you’re a numerologist… that means you’re stupid! It has nothing to do with the date. I’m just throwing shade at one of the saddest pseudosciences just cause the date is almost a meaningless repeating number if you change the numbers so that they repeat how you want. I dunno what’s up with the drive by. Just feeling sassy tonight.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

11:07

Pluralistic: If you build it (and it works), Trump will come (and take it) (26 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

If you build it (and it works), Trump will come (and take it): Trump wants Big Tech to win, not to play fair.
Hey look at this: Delights to delectate.
Object permanence: Harpercollins v libraries; Rothfuss x Firefly; Bookseller seethings; If magazine; HBR v executive pay; Apple caves on encryption.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

If you build it (and it works), Trump will come (and take it) (permalink)

Crises precipitate change: Trump's incontinent belligerence spurred the world to long-overdue action on "digital sovereignty," as people woke up to the stark realization that a handful of Trump-aligned giant tech firms could shut down their governments, companies and households at the click of a mouse.

This has been a long, long time coming. Long before Trump, the Snowden revelations made it clear that the US government had weaponized its position as the world's IT export powerhouse and the interchange hub for the world's transoceanic fiber links, and was actively spying on everyone – allies and foes, presidents and plebs – to attain geopolitical and commercial advantages for America. Even after that stark reminder, the world continued to putter along, knowing that the US had planted demolition charges in its digital infrastructure, but praying that the "rules-based international order" would stop America from pushing the button.

Now, more than a decade into the Trump era, the world is finally confronting the reality that they need to get the hell off of American IT, and transition to open, transparent and verifiable alternatives for their administrative tools, telecoms infrastructure and embedded systems for agriculture, industry and transportation. And not a moment too soon:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

But building the post-American internet is easier said than done. There remain huge, unresolved questions about the best way to proceed.

One thing is clear: we will need new systems: the aforementioned open, transparent, verifiable code and hardware. That's a huge project, but the good news is that it benefits tremendously from scale, which means that as countries, businesses and households switch to the post-American internet, there will be ever more resources to devote to building, maintaining and improving this project. That's how scientific endeavors work: they're global collaborations that allow multiple parties to simultaneously attack the problems from many angles at once. Think of the global effort to sequence, understand, and produce vaccines for Covid 19.

Developing the code and hardware for the post-American internet scales beautifully, making it unique among the many tasks posed by the post-American world. Other untrustworthy US platforms – such as the dollar, or the fiber links that make interconnection in the USA – are hampered by scale. The fact that hundreds of countries use the dollar and rely on US fiber connections makes replacing them harder, not easier:

https://pluralistic.net/2025/11/26/difficult-multipolarism/#eurostack

Building the post-American internet isn't easy, but there's a clear set of construction plans. What's far less clear is how we transition to the post-American internet. How do people, organizations and governments that currently have their data locked up in US Big Tech silos get it off their platforms and onto new, open, transparent, verifiable successors? Literally: how do you move the data from the old system to the new one, preserving things like edit/view permissions, edit histories, and other complex data-structures that often have high-stakes attached to them (for example, many organizations and governments are legally required to maintain strict view/edit permissions for sensitive data, and must preserve the histories of their documents).

On top of that, there's all the systems that we use to talk to one another: media services from Instagram to Tiktok to Youtube; chat services from iMessage to Discord. It's easy enough to build alternatives to these services – indeed, they already exist, though they may require additional engineering to scale them up for hundreds of millions or billions of users – but that's only half the battle. What do we do about the literal billions of people who are already using the American systems?

This is where the big divisions appear. In one camp, you have the "if you build it, they will come" school, who say that all we need to do is make our services so obviously superior to the legacy services that America has exported around the world and people will just switch. This is a very seductive argument. After all, the American systems are visibly, painfully defective: riddled with surveillance and ads, powered by terrible algorithms, plagued by moderation failures.

But waiting for people to recognize the superiority of your alternatives and jumping ship is a dead end. It completely misapprehends the reason that users are still on legacy social media and other platforms. People don't use Instagram because they love Mark Zuckerberg; they use it because they love their friends more than they hate Mark Zuckerberg:

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

What's more, Zuckerberg knows this. He knows that users of his service are hamstrung by the "collective action problem" of getting the people who matter to you to agree on when it's time to leave a service, and on which service is a safe haven to flee to:

https://pluralistic.net/2022/10/29/how-to-leave-dying-social-media-platforms/

The reason Zuckerberg knows this is that he had to contend with it at the dawn of Facebook, when the majority of social media users were locked into an obviously inferior legacy platform called Myspace. Zuckerberg promised Myspace users a superior social media experience where they wouldn't be spied on or bombarded with ads:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362

Zuckerberg knew that wouldn't be enough. No one was going to leave Myspace for Facebook and hang out in splendid isolation, smugly re-reading Facebook's world-beating privacy policy while waiting for their dopey friends to wise up and leave Myspace to come and join them.

No: Zuckerberg gave the Myspace refugees a bot, which would accept your Myspace login and password and then impersonate you to Myspace's servers several times per day, scraping all the content waiting for you in your Myspace feed and flowing it into your Facebook feed. You could reply to it there and the bot would push it out to Myspace. You could eat your cake and have it too: use Facebook, but communicate with the people who were still on Myspace.

This is called "adversarial interoperability" and it was once the norm, but the companies that rose to power by "moving fast and breaking things" went on to secure legal protections to prevent anyone from doing unto them as they had done unto their own predecessors:

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

The harder it is for people to leave a platform, the worse the platform can treat them without paying the penalty of losing users. This is the source of enshittification: when a company can move value from its users and customers to itself without risking their departure, it does.

People stay on bad platforms because the value they provide to one another is greater than the costs the platform extracts from them. That means that when you see people stuck on a very bad platform – like Twitter, Instagram or Facebook – you should infer that what they get there from the people that matter to them is really important to them. They stick to platforms because that's where they meet with people who share their rare disease, because that's where they find the customers or audiences that they rely on to make rent; because that's the only place they can find the people they left behind when they emigrated.

Now, it's entirely possible – likely, even – that legacy social media platforms will grow so terrible that people will leave and jettison those social connections that mean so much to them. This is not a good outcome. Those communities, once shattered, will likely never re-form. There will be permanent, irretrievable losses incurred by their members:

https://pluralistic.net/2023/07/23/when-the-town-square-shatters/

The platforms are sinking ships. We need to evacuate them:

https://pluralistic.net/2024/03/23/evacuate-the-platforms/#let-the-platforms-burn

"If you build it, they will come" is a trap. Technologists and their users who don't understand the pernicious nature of the collective active problem trap themselves. They build obviously superior technical platforms and then gnash their teeth as the rest of the world fails to make the leap.

All too often, users' frustration at the failure of new services to slay the inferior legacy services curdles, and users and designers of new technologies decide that the people who won't join them are somehow themselves defective. It doesn't take long to find a corner of the Fediverse or Bluesky where Facebook and Twitter users are being condemned as morally suspect for staying on zuckermuskian media. They are damned for loving Zuckerberg and Musk, rather than empathized with for loving each other more than they hate the oligarchs who've trapped them. They're condemned as emotionally stunted "attention whores" who hang out on big platforms to get "dopamine" (or some other pseudoscientific reward), which is easier than grappling with the fact that legacy social media pays their bills, and tolerating Zuckerberg or Musk is preferable to getting evicted.

Worst of all, condemning users of legacy technology as moral failures leads you to oppose efforts to get those users out of harm's way and onto modern platforms. Think of the outcry at Meta's Threads taking steps to federate with Mastodon. There are good reasons to worry about this – the best one being that it might allow Meta to (illegally) suck up Mastodon users' data and store and process it. But the majority of the opposition to Threads integration with Mastodon wasn't about Threads' management – it was about Threads' users. It posited a certain kind of moral defective who would use a Zuckerberg-controlled platform in the 2020s and insisted that those people would ruin Mastodon by bringing over their illegitimate social practices.

I've made no secret of where I come down in this debate: the owners of legacy social media are my enemy, but the users of those platforms are my comrades, and I want to help them get shut of legacy social media as quickly and painlessly as possible.

What's more, there's a way to make this happen! The same adversarial interoperability that served Zuckerberg so well when he was draining users off of Myspace could be used today to evacuate all of Meta's platforms. We could use a combination of on-device bridging, scraping and other guerrilla tactics to create "alt clients" that let you interact with people on Mastodon and the legacy platforms in one context, so that you can leave the bad services but keep the good people in your life.

The major barrier to this isn't technological. Despite the boasts of these companies to world-beating engineering prowess, the reality is that people (often teenagers) keep successfully finding and exploiting vulnerabilities in the "impregnable" platforms, in order to build successful alt clients:

https://pluralistic.net/2023/12/07/blue-bubbles-for-all/#never-underestimate-the-determination-of-a-kid-who-is-time-rich-and-cash-poor

The thing that eventually sees off these alt clients isn't Big Tech's technical countermeasures – it's legal risk. A global system of "anticircumvention" laws makes the kinds of basic reverse-engineering associated with building using adversarial interoperability radioactively illegal. These laws didn't appear out of thin air, either: the US Trade Representative pressured all of America's trading partners into passing them:

https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest

Which brings me back to crises precipitating change. Trump has staged an unscheduled, sudden, midair disassembly of the global system of trade, whacking tariffs on every country in the world, even in defiance of the Supreme Court:

https://www.bbc.co.uk/news/articles/cd6zn3ly22yo

Ironically, this has only helped make the case for adversarial interoperability. Trump is using tech companies to attack his geopolitical rivals, ordering Microsoft to shut down both the International Criminal Court and a Brazilian high court in retaliation for their pursuit of the criminal dictators Benjamin Netanyahu and Jair Bolsonaro. This means that Trump has violated the quid pro quo deal for keeping anticircumvention law on your statute books, and he has made the case for killing anticircumvention as quickly as possible in order to escape American tech platforms before they are weaponized against you:

https://pluralistic.net/2026/01/29/post-american-canada/#ottawa

I've been talking about this for more than a year now, and I must say, the reception has been better than I dared dream. I think that – for the first time in my adult life – we are on the verge of creating a new, good, billionaire-proof internet:

https://pluralistic.net/2026/01/15/how-the-light-gets-in/

But there's one objection that keeps coming up: "What if this makes Trump mad?" Or, more specifically, "What if this makes Trump more mad, so instead of hitting us with a 10% tariff, it's a 1,000% tariff?

This came up earlier this week, when I gave a remote keynote for the Fedimtl conference, and an audience member said that he thought we should just focus on building good new platforms, rather than risking Trump's ire. In my response, I recited the arguments I've raised in this piece.

But yesterday, I saw a news item that made me realize there was one more argument I should have made, but missed. It was a Reuters story about Trump ordering American diplomats to fight against "data sovereignty" policies around the world:

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

The news comes from a leaked diplomatic cable, and it's a reminder that Trump's goal is to maintain American dominance of the world's technology and to prevent the formation of a post-American internet altogether. Worrying that Trump will hit you with more tariffs if you legalize jailbreaking assumes that the thing that would upset Trump is that you broke the rules.

That's not what makes Trump angry.

What makes Trump angry is losing.

Say you focus exclusively on building superior platforms. Say by some miracle that everyone you care about somehow overcomes the collective action problems and high switching costs and leaves behind US Big Tech services and comes to your new, federated, cleantech, post-American alternative.

Do you think that Trump will observe this collapse in the fortunes of the most important corporations in his coalition and shrug and say, "Well, I guess I lost fair and square; better luck next time?"

Hell, no. We already know what Trump does when his corporate allies lose to a superior foreign rival – Trump steals the rival's service and gives it to one of his cronies. That's literally what he did last month, to Tiktok:

https://www.democracynow.org/2026/1/23/headlines/larry_ellisons_oracle_part_of_new_deal_to_own_us_version_of_tiktok

The fear of harsh retaliation for any country that dares to be a Disenshittification Nation is based on the premise that Trump is motivated by a commitment to fairness. He's not: Trump is motivated by a desire to dominate. Anything that threatens the dominance of the companies that take his orders is fair game, and he will retaliate in any way he can.

Hey look at this (permalink)

Organized Labor Took a Huge Step Forward When GM Workers Sat Down in Unison in 1937 https://www.smithsonianmag.com/history/organized-labor-took-huge-step-forward-when-GM-workers-sat-down-unison-1937-180988089/
How to Tax Billionaires https://prospect.org/2026/02/24/tax-billionaires-california-income-inequality-trump-billionaires-trillionaires/
“Battered, bedraggled, inexplicably enthusiastic about a bargain flight to Bermuda” https://unsung.aresluna.org/battered-bedraggled-inexplicably-enthusiastic-about-a-bargain-flight-to-bermuda/
Understanding the L L M Bubble https://img1.wsimg.com/blobby/go/76c5f9c0-d1a4-4493-b204-bbbdd68fd910/downloads/89583079-d8c1-483f-8988-3c9f5d813d89/HoranAAJ2026LLMbubble.pdf?ver=1771954468213
Actually, the left is winning the AI debate https://www.bloodinthemachine.com/p/actually-the-left-is-winning-the

Object permanence (permalink)

#20yrsago Florida cops threaten people who ask for complaint forms https://web.archive.org/web/20060218125443/http://cbs4.com/topstories/local_story_033170755.html

#20yrsago SF editor: watermarks hurt artists and reward megacorps https://web.archive.org/web/20060307172130/http://www.kathryncramer.com/kathryn_cramer/2006/02/watermarking_as.html

#15yrsago HarperCollins to libraries: we will nuke your ebooks after 26 checkouts https://memex.craphound.com/2011/02/25/harpercollins-to-libraries-we-will-nuke-your-ebooks-after-26-checkouts/

#15yrsago Slowly fuming used bookstore clerk seethings https://web.archive.org/web/20110224180817/http://blogs.sfweekly.com/exhibitionist/2011/02/this_is_why_your_used_bookstor.php

#15yrsago Rothfuss pledges to buy Firefly from Fox and give it away https://blog.patrickrothfuss.com/2011/02/an-open-letter-to-nathan-fillion/

#10yrsago Disney offers to deduct contributions to its PAC from employees’ paychecks, to lobby for TPP https://arstechnica.com/tech-policy/2016/02/disney-ceo-asks-employees-to-chip-in-to-pay-copyright-lobbyists/

#10yrsago Read: The full run of If magazine, scanned at the Internet Archive https://archive.org/details/ifmagazine

#10yrsago Rosa Parks’s papers and photos online at the Library of Congress https://www.youtube.com/watch?v=266gn07TUYw

#10yrsago Harvard Business Review: Stop paying executives for performance https://hbr.org/2016/02/stop-paying-executives-for-performance

#5yrsago Saving the planet is illegal https://pluralistic.net/2021/02/25/ring-down-the-curtain/#ect

#5yrsago Against hygiene theater https://pluralistic.net/2021/02/25/ring-down-the-curtain/#hygiene-theater

#1yrago Apple's encryption capitulation https://pluralistic.net/2025/02/25/sneak-and-peek/#pavel-chekov

Upcoming appearances (permalink)

Oslo (remote): Seminar og lansering av rapport om «enshittification», Feb 27
https://www.forbrukerradet.no/siste-nytt/digital/seminar-og-lansering-av-rapport-om-enshittification/
Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html
How the Internet Got Worse (Masters in Business)
https://www.youtube.com/watch?v=auXlkuVhxMo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1055 words today, 38245 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):