Wish's River of News

Louis CK: Everything is amazing and nobody is happy.

People who reinvent RSS often say they did it because it was missing a feature they needed. But it specifically supports extension via namespaces so you can build on existing standard. They're really easy to do, increases interop, you might work with other products right out of the box, and save time for other who want to be compatible with you. People should study the internet, how it developed, ts philosophy, before they go off and try to re-create it, it rarely works. What's the point?

Trying Out A New Recipe: Half Baked Harvest’s “Cinnamon Crunch Peach Muffin Bread” [Whatever]

Bluesky: "If Obama had called McConnell’s bluff on the Garland nomination, the court would be 5-4 instead of 6-3. And if RBG had stepped down, it would’ve been 5-4 in favor of Dems.

15:00

Well, it’s officially peach season, and my mom gave me a small box of fresh peaches from the famed Peach Truck. I immediately knew what to do with at least a couple of them, and got to work trying out a new Half Baked Harvest recipe I saw on her Instagram: Cinnamon Crunch Peach Muffin Bread.

View this post on Instagram

So let’s dive right in by taking a look at the ingredients list. Here’s everything you need:

Since I had literally just been given the peaches, the only thing I didn’t have on hand was the peach jam. I made a quick trip to a place outside of town called Bear’s Mill, where I purchased the closest thing I could find, which was their peach apricot preserves. I would say other than peaches and peach jam, something you might have to go to the store for is the pecans and the plain Greek yogurt. I happened to have the yogurt from a different recipe I made last week, and I don’t even remember what the pecans were for but I had them! And they don’t even expire until next week, so, yippee.

So the recipe is pretty straight forward, you just mix all your wet ingredients together, then add the dry, then add the peaches, peach jam, cinnamon crumble, and bake. Very simple order of events, really. After mixing the wet ingredients together, I got an extremely smooth, liquidous batter:

For the dry ingredients, I actually weighed the flour even though I’d been using cups so far. Flour is just one ingredient I really prefer to weigh. So after weighing, I mixed the dry ingredients in:

The only other thing I weighed was the peaches, just to make sure two was enough (because only two in the box were ready to use right then). I needed 150g of chopped peaches, and my two peaches came out to 140g, so I said good enough and threw them in the batter. Then I put the batter into a loaf pan and measured out the three tablespoons of peach preserves to swirl on top of the loaf. The preserves were actually quite gelatinous, so I ended up microwaving them for just a little bit to soften them and make them more easily spreadable on top of the batter.

All that swirly goodness got immediately covered up by the cinnamon crunch, which was just a quick mix of cinnamon, brown sugar, flour, and butter. This was before baking:

And after!

This smelled soo good while it was baking. I will say, the recipe says to bake for 55-60 minutes, but at 55 it wasn’t done yet, and I actually went all the way to 65 minutes total. So just a touch past the recommended time.

After it had cooled a bit, I took it out of the pan and peeled away the parchment paper to reveal this golden brown beauty:

And finally, the cross-section:

Look at that moist crumb. Little pieces of diced peaches and globs of peach preserves, that perfect cinnamon crumble top. YUM! This bread is so good! If you have peaches to use up, I highly recommend trying out this bread.

Now, you may notice something sort of funny about this loaf. Do you see any pecans? No, because even though they were listed in the ingredients list, at no point in the recipe did it say when to add them, so I completely forgot about them and didn’t add them because they literally weren’t mentioned! Even without the pecans, this bread is super yummy.

This bread is honestly more like a muffin or pound cake, which makes sense why Half Baked Harvest calls it muffin bread! I bet you could even make this as muffins instead if you wanted to, the batter was very scoopable.

Warm out of the oven with a little bit of butter, deeelish.

In terms of dishes, I really only used one bowl for the batter and then a small bowl for the cinnamon crumble mixture, a couple of measuring cups and spoons, a rubber spatula, and a cutting board and knife for the peaches. Oh, and a small bowl to microwave the peach preserves to soften them. Very light amount of dishes.

So, yeah, if you like peaches, give this bread a try. And have a great day!

-AMS

14:35

[$] Reports from OSPM 2026, day one [LWN.net]

The Power Management and Scheduling in the Linux Kernel Summit, which still goes by the historical acronym OSPM, was held in Cambridge, UK, in mid-April. As has become traditional, the presenters at that event have since written summaries of their sessions, and this work has kindly been made available to LWN for publication. The first day's sessions covered a wide range of topics, including idle-state selection, user-space schedulers with sched_ext, lock-holder preemption, and much more.

Security updates for Monday [LWN.net]

Security updates have been issued by AlmaLinux (389-ds:1.4, kernel, and kernel-rt), Debian (gst-libav1.0, gst-plugins-good1.0, imagemagick, kernel, libconfig-inifiles-perl, libgd-perl, libhttp-daemon-perl, mediawiki, pillow, and squid), Fedora (389-ds-base, alertmanager, ansible-core, buildah, chromium, erlang-cowboy, erlang-cowlib, erlang-gun, freerdp, kubernetes1.33, kubernetes1.34, kubernetes1.35, mingw-SDL2_image, ongres-scram, ongres-stringprep, openssl, perl-Config-IniFiles, perl-Crypt-PBKDF2, podman, postgresql-jdbc, python3.13, strongswan, webkitgtk, xdg-desktop-portal, and yt-dlp), Red Hat (osbuild-composer), SUSE (alloy, amazon-ssm-agent, ansible-core, apache-sshd, jpgpj, azure-storage-azcopy, chromedriver, containerized-data-importer, firefox, glibc, graphite2, inspektor-gadget, kubevirt, lemon, openvswitch, python-starlette, python311, python311-joserfc, python313, and tinyproxy), and Ubuntu (netatalk).

14:14

CodeSOD: When False is True [The Daily WTF]

Lillith was integrating some new tools into an existing Ruby on Rails API. The existing API allowed you to send a dry_run flag along with the request, so that you could have the service calculate its changes without applying them.

The problem was, the new tool Lillith was integrating could send, in the body of the request, {"dry_run": false}, but the service would see it as true. Consistently.

The helper method which checked for "true" parameters looked like this:

def param_true?(param_name)
  param_value = params[param_name]
  params.key?(param_name) && (!param_value || param_value.to_s.downcase == 'true')
end

The purpose of this function is to handle stringy or nil inputs gracefully. And there's one thing I can say about the function: it will always identify a true value correctly. If your false value is a string, "false", it also works. But that pesky !param_value mean that any actual boolean false value will be seen as true.

This function has been in wide use through the application. Lillith's best guess is that up to this point, no one had set the dry run flag on anything but GET requests, where everything was strings. On POST/PATCH/PUT requests, where the data was passed in the body as JSON, it got parsed into actual boolean values, and thus failed.

That's the WTF, certainly, that this function was lurking and waiting to cause this confusion. But the annoying thing in this function is that it fetches the value from the associative array, then calls params.key? to see if the key exists. That's fine, since Ruby just returns a nil if a key doesn't exist, it's just annoying. I hate to see it. This is, admittedly, more of a "me" problem, but I hate it.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

A new UPS scam, it seems. [RevK®'s ramblings]

I think I am seeing a new scam.

Background

When an item is delivered to UK from overseas, we, as recipient, may have to pay VAT, and occasionally duty, as the importer. It is a legal requirement.

Yes, as a business we have "postponed VAT accounting", and even the possibility of a "Duty Deferment Account", and DHL get some credit here for handling both very well, with no admin fees. UPS do not get any credit for this at all.

But as a consumer there are two ways this goes down.

They refuse to deliver unless you pay first, or they demand payment on the doorstep. The scam is they want an admin fee that was not pre-agreed with them, and not part of any contract. And you have no choice if you want the parcel. It is a scam as it breaks pretty much all consumer contract protection laws, and is admin that is normal and so should be part of what they charge the sender, IMHO.
They bill you later, and try and charge the admin fee as well. Usually paying the legally required VAT/Duty and NOT paying the admin fee, can work. They do not like it, but I do not think they have any legally enforceable right to their admin fee. Even so it is time consuming and hassle, and I really need to publish an admin fee I will deduct from such payments and argue that is as valid as theirs.

So yes, un-agreed admin fees to recipient are a scam. That is my view anyway.

Note: Royal Mail have a law allowing them to charge an admin fee, couriers do not. There fact there is a law especially for this - kind of proves it would not be legal without such a law.

A new scam

I am now seeing what I assume is a new scam. This time by UPS. Yes, I believe this is a scam.

This relates to a shipment with Duty/VAT pre-paid by sender. So no charge to recipient. No legally required payment by recipient. Sender PAID to get parcel to recipient duty/VAT pre-paid.

In this case a parcel ordered on Amazon UK (no clue non UK shipper). And Amazon do generally handle everything pre-paid Duty/VAT. They are actually really good at that, and for shipments to EU are "deemed supplier" and handle local VAT and all sorts. Very neat.

The item had zero VAT (condensed milk, but declared as tomato sauce!).

But UPS decided to send an invoice (after delivery) for £6.65+VAT (£7.98) for an "entry prep fee".

Did the recipient ask them to do any entry prep? No, obviously not. That is a normal part of delivery, something they are charging the sender for. So this is a case of charging the admin fee even when there is ZERO VAT or Duty to pay.

It is not a lot, but I bet a lot of people pay, and UPS must handle millions of parcels. This is a big scam, and needs to be reported.

I think this is time to report this fraud to the police.

14:07

Loop Engineering [Radar]

The following article originally appeared on Addy Osmani’s blog and is being reposted here with the author’s permission.

Loop engineering is replacing yourself as the person who prompts the agent. You design the system that does it instead. A loop here can be thought of as a recursive goal where you define a purpose and the AI iterates until complete. I believe this may be the future of how we work with coding agents. However, it’s still early; I’m skeptical, and you absolutely have to be careful about token costs (usage patterns can vary wildly if you are token rich or poor), so I want to unpack what it is and what it means.

Peter Steinberger recently said: “You shouldn’t be prompting coding agents anymore. You should be designing loops that prompt your agents.” Similarly, Boris Cherny, head of Claude Code at Anthropic, said, “I don’t prompt Claude anymore. I have loops running that prompt Claude and figuring out what to do. My job is to write loops”.

Okay, so what does any of that mean?

For like two years, the way you got something out of a coding agent was you wrote a good prompt and shared enough context. You type a thing, you read what came back, you type the next thing. The agent is a tool and you are holding it the entire time, one turn after the other. That part is kind of over, or at least some think it’s going to be.

Now you build a small system that finds the work, hands it out, checks it, writes down what is done and then decides the next thing, and you let that system poke the agents instead of you. I wrote before about the cousin of this, agent harness engineering, which is making the environment one single agent runs inside and the factory model—the system that builds the software. Loop engineering sits one floor above the harness. The harness but it runs on a timer, it spawns little helpers, and it feeds itself.

The thing that surprised me is this is not really a tool thing anymore. A year ago if you wanted a loop you wrote a pile of bash and you maintained that pile forever and it was yours and only yours. Now the pieces just ship inside the products. Steinberger’s list maps almost exactly onto the Codex app, and then almost the same onto Claude Code. And once you notice the shape is the same, you stop arguing about which tool. You just design a loop that still works no matter which one you happen to be sitting in.

The five pieces, and then notes

A loop needs five things and then one place to remember stuff. Let me list it first and then map it.

Automations that go off on a schedule and do discovery and triage by themselves
Worktrees so two agents working in parallel don’t step on each other
Skills to write down the project knowledge the agent would otherwise just guess
Plugins and connectors to plug the agent into the tools you already use
Subagents so one of them has the idea and a different one checks it

Then the sixth thing, the memory. A Markdown file, or a Linear board, anything that lives outside the single conversation and holds what’s done and what is next. Sounds too dumb to matter. But it’s the same trick every long-running agent depends on, and I went into it in “Long-Running Agents”: The model forgets everything between runs so the memory has to be on disk and not in the context. The agent forgets; the repo doesn’t.

Both products have all five now.

Primitive	Job in the loop	Codex app	Claude Code
Automations	Discovery + triage on a schedule	Automations tab: pick project, prompt, cadence, environment; results land in a Triage inbox; `/goal` for run-until-done	Scheduled tasks and cron, `/loop`, `/goal`, hooks, GitHub Actions
Worktrees	Isolate parallel features	Built-in worktree per thread	`git worktree`, `--worktree`, `isolation: worktree` on a subagent
Skills	Codify project knowledge	Agent Skills (`SKILL.md`), invoked with `$name` or implicitly	Agent Skills (`SKILL.md`)
Plugins and connectors	Connect your tools	Connectors (MCP) plus plugins for distribution	MCP servers plus plugins
Subagents	Ideate and verify	Subagents defined as TOML in `.codex/agents/`	Task subagents in `.claude/agents/`, agent teams
State	track what’s done	Markdown or Linear via a connector	Markdown (`AGENTS.md`, progress files) or Linear via MCP

The names are a bit different here and there, but the capability is the same thing. Let me go one by one because honestly the details are where a loop either holds together or quietly leaks everywhere.

Automations, this is the heartbeat

Automations are what make a loop an actual loop and not just one run you did once. In the Codex app you make one in the Automations tab and you pick the project, the prompt it will run, how often, and if it runs on your local checkout or on a background worktree. The runs that find something go to a Triage inbox, and the runs that find nothing just archive themselves which is nice. OpenAI uses them internally for boring stuff like daily issue triage, summarizing CI failures, writing commit briefings, and hunting bugs somebody added last week. And an automation can call a skill, so you keep the recurring thing maintainable; you fire $skill-name instead of pasting a giant wall of instructions into a schedule that nobody will ever update.

Claude Code gets to the same place but through scheduling and hooks. You can run a prompt or a command on a interval with /loop, you can schedule a cron task, you can fire shell commands at certain points in the agent lifecycle with hooks, or you push the whole thing to GitHub Actions if you want it to keep running after you close the laptop. Same idea exactly, you define an autonomous task, you give it a cadence, and the findings come to you so you are not the one going around checking.

There is a second in-session primitive worth knowing, and it’s the one closer to what this whole post is about. /loop re-runs on a cadence. /goal keeps going until a condition you wrote is actually true, and after every turn a separate small model checks whether you are done, so the agent that wrote the code isn’t the one grading it. You give it something like “all tests in test/auth pass and lint is clean” and walk away. Codex has the same thing, also called /goal: It keeps working across turns until a verifiable stopping condition holds, with pause and resume and clear. Same primitive, both tools, which is kind of the pattern for this whole article.

So this is the part that surfaces the work. The rest of the loop is what acts on it.

Worktrees, so parallel doesn’t turn into chaos

The second you run more than one agent, the files start colliding; that becomes the failure. Two agents writing the same file is the exact same headache as two engineers committing to the same lines and nobody talked to each other first. A Git worktree fixes it. It’s a separate working directory on its own branch sharing the same repo history, so one agent’s edits literally cannot touch the other one’s checkout.

Codex builds the worktree support right in so several threads hit the same repo at once and don’t bump into each other. Claude Code gives you the same isolation with git worktree, a --worktree flag to open a session in its own checkout, and a isolation: worktree setting you stick on a subagent so each helper gets a fresh checkout that cleans itself up after. (I wrote about the human side of all this in “The Orchestration Tax.”) The worktrees take away the mechanical collision, but YOU are still the ceiling. Your review of bandwidth decides how many you can actually run, not the tool.

Skills, so you stop explaining your project every single time

A skill is how you stop reexplaining the same project context every session like a goldfish. Both tools use the same format: a folder with a SKILL.md inside holding instructions and metadata, and then optional scripts, references, and assets. Codex runs a skill when you call it with $ or /skills, or by itself when your task matches the skill description, which is the reason a tight, boring description beats a clever one. Claude Code does it the same way and I wrote the pattern up in “Agent Skills.”

Skills are also where intent stops costing you over and over. I argued in “The Intent Debt” that an agent starts every session cold and it will fill any hole in your intent with a confident guess. A skill is that intent written down on the outside, the conventions, the build steps, the “we don’t do it like this because of that one incident,” written one time where the agent reads it every run. Without skills the loop rederives your whole project from zero every cycle; with skills it kind of compounds.

One thing to keep straight: The skill is the authoring format, and a plugin is how you ship it. When you want to share a skill across repos or bundle a few together, you package them as a plugin. True in Codex, true in Claude Code.

Plugins and connectors, the loop touches your real tools

A loop that can only see the filesystem is a tiny loop. Connectors, which are built on MCP, let the agent read your issue tracker, query a database, hit a staging API, or drop a message in Slack. Codex and Claude Code both speak MCP so the connector you wrote for one usually just works in the other. And plugins bundle connectors and skills together so your teammate installs your setup in one go instead of rebuilding the whole thing from memory.

This is the difference between an agent that says “here is the fix” and a loop that opens the PR, links the Linear ticket, and pings the channel once CI is green by itself. The connectors are the reason the loop can act inside your actual environment instead of just telling you what it would do if it could.

Subagents, keep the maker away from the checker

The most useful structural thing in a loop, by far, is splitting the one who writes from the one who checks. The model that wrote the code is way too nice grading its own homework. A second agent with different instructions and sometimes a different model catches the stuff the first one talked itself into.

Codex only spawns subagents when you ask, runs them at the same time, and then folds the results back into one answer. You define your own agents as TOML files in .codex/agents/, each with a name, a description, instructions, and optional model and reasoning effort, so your security reviewer can be a strong model on high effort while your explorer is some fast read-only thing. Claude Code does the same with subagents in .claude/agents/ and agent teams that pass work between them. The usual split in both is one agent explores, one implements, and one verifies against the spec.

I made this case twice already, once as “The Code Agent Orchestra” and once as “Adversarial Code Review.” The reason it matters specifically inside a loop is the loop runs while you are not watching, so a verifier you actually trust is the only reason you can walk away. Subagents do burn more tokens since each one does its own model and tool work, so spend them where a second opinion is worth paying for. This is also basically what Claude Code’s /goal does under the hood: A fresh model decides if the loop is done instead of the one that did the work, the maker and checker split applied to the stop condition itself.

What one loop looks like

Stick it together and a single thread turns into a little control panel. Here is one shape I keep using.

An automation runs every morning on the repo. Its prompt calls a triage skill that reads yesterday’s CI failures, the open issues, and the recent commits and writes the findings into a Markdown file or a Linear board. For each finding that is worth doing, the thread opens an isolated worktree and sends a subagent to draft the fix, and a second subagent reviews that draft against the project skills and the existing tests.

Connectors let the loop open the PR and update the ticket. Anything the loop cannot handle lands in the triage inbox for me. The state file is the spine of the whole thing; it remembers what got tried, what passed, and what is still open, so tomorrow morning the run picks up where today stopped.

And look at what you actually did there. You designed it one time. You did not prompt any of those steps. That’s Steinberger’s whole point made real, and it’s the same loop in Codex or in Claude Code because the pieces are the same pieces.

What the loop still does not do for you

The loop changes the work; it does not delete you from it. And three problems actually get sharper as the loop gets better, not easier.

Verification is still on you. A loop running unattended is also a loop making mistakes unattended. The whole reason you split the verifier subagent from the maker is to make the loop’s “it’s done” mean something, and even then “done” is a claim and not a proof. I keep saying the same line from “Code Review in the Age of AI”: Your job is to ship code you confirmed works.

Your understanding still rots if you allow it. The faster the loop ships code you did not write, the bigger the gap between what exists and what you actually get. That’s comprehension debt and a smooth loop just makes it grow faster unless you read what the loop made.

And the comfortable posture is the dangerous one. When the loop runs itself, it’s very tempting to stop having an opinion and just take whatever it gives back. I called that “cognitive surrender.” Designing the loop is the cure when you do it with judgment and the accelerant when you do it to avoid thinking: same action, opposite result.

Build the loop. Stay the engineer.

I think this is a preview of how our work is going to evolve. That said, if I weren’t reviewing the code myself or if I relied entirely on automated loops to fix it, my product’s quality would suffer. I’d likely end up stuck in a downward spiral, continuously digging myself into a deeper hole.

Go ahead and set up your loops, but don’t forget that prompting your agents directly is also effective. It’s all about finding the right balance.

Loops can also result in different outcomes depending on you. Two people can build the exact same loop and get completely opposite results. One uses it to move faster on work they understand deeply. The other uses it to avoid understanding the work at all. The loop doesn’t know the difference. You do.

That’s what makes loop design harder than prompt engineering. Cherny’s point isn’t that the work got easier. It’s that the leverage point moved.

Build the loop. But build it like someone who intends to stay the engineer, not just the person who presses go.

This Week in AI: Fable 5, the Clone Wave, and Uber’s AI Reality Check [Radar]

This week, egghead.io cofounder John Lindquist joined host YK Sugi, founder of CS Dojo and developer experience manager at Eventual, to cover the latest AI news. First on the agenda was the contested release of Claude Fable 5. They also examined the financial shifts reshaping the technology industry, including the rising costs associated with agentic coding loops. Then John outlined the framework he uses to build in the agent era without starting from scratch every time.

Watch the full episode here:

Claude Fable 5: 3 days, a government order, and a lot of unanswered questions

Claude Fable 5 launched June 9 and was pulled from all customers on June 12 after the US government issued a directive ordering Anthropic to restrict access for foreign nationals inside and outside the US. Amazon researchers had reportedly surfaced what they characterized as a security vulnerability, and after Anthropic reportedly declined to patch or redeploy the model, the directive came down. Senior Anthropic staff subsequently traveled to Washington to meet with White House officials.

The dispute about what actually happened is unresolved. Anthropic’s position is that the reported issue was a narrow jailbreak that had been previously identified and was present across public models generally, and not a serious security threat. An independent researcher who reviewed the report described it as defensive prompting that surfaced known vulnerabilities and called the response an overreaction. Neither side has published the technique or prompt, so there’s no way to evaluate the claim independently. But as John put it, “It sets a very strange precedent going forward, as models are released, that governments can step in and control what private companies can and cannot do with their model.”

Another new precedent: Fable 5 wasn’t built on the Opus or Sonnet architecture, which means comparisons to prior Anthropic models or contemporaries don’t tell us much. But initial impressions were positive, including from YK and John, and Fable 5 quickly reached the top of the Arena leaderboard in the text, agents, and web dev code categories. However, the model also had a purposeful limitation: On questions related to AI and machine learning training specifically, it was designed to underperform (without signaling this to users), apparently to prevent competitors from using it to improve their own models. Intentional capability suppression in a commercial model, without disclosure, is a different kind of product decision than a safety guardrail. Whether that approach becomes more common as competitive stakes rise is an open question.

Tokens burn fast when the loop isn’t ready for them

Last week, SpaceX went public in the largest IPO in history. The company finalized its acquisition of Cursor in a $60 billion all-stock deal shortly after. (That last one happened after this episode aired—we’ll talk more about it on Monday.) Both OpenAI and Anthropic have filed to go public as well, and Google raised roughly $160 billion through equity and a 100-year bond. A significant share of that capital is flowing toward AI coding infrastructure.

YK brought up another, less celebratory, financial story that’s been making the rounds: Uber burned through its full 2026 AI tools budget by April, mostly on Claude Code and Cursor, and Andrew Macdonald, the company’s COO, acknowledged they couldn’t link that spending to a measurable increase in useful customer features. Uber subsequently put a $1,500 per month per employee cap in place.

John flagged projects inefficiently utilizing agentic loops as one possible cause for wasteful token spend. Most developers deploying agents against existing codebases haven’t built the tooling those agents need to work efficiently, so agents burn tokens doing work that dead-ends, repeating context, or generating code that requires significant debugging. He explained:

If you take a legacy codebase and you throw agents against it with loops, you haven’t set up a proper agent environment. It’s so quick to burn tokens because. . .the agents don’t have the tools to work with.

The conversation in developer communities so far has focused almost entirely on what agents can generate. But as more organizations move from experimentation to production-scale deployment, building logging, verification, and proper error surfaces into agent tooling is what will determine whether token spend maps to real output. Otherwise, we’ll likely see more companies go the way of Uber.

Ingredients beat inference: A practical framework for building in the clone wave

For most developer workflows today, buy-versus-build leans toward building in a way it didn’t even a year or two ago. As John noted, “It’s so easy to build apps and workflows now where there are so many amazing production apps out there, apps on your phone, apps on your desktop, software as a service, that are trivial to copy and clone.” He uses the term the “clone wave” to describe this expanding set of open source equivalents to consumer software products that can now be cloned, forked, or replaced and get you 99% of the way to your use case.

The principle that drives the clone wave is “ingredients beat inference.” If you ask an agent to build a feature from scratch, it infers a solution with no external reference. If you give it an existing open source implementation to start from, it can adapt, translate, and integrate that code far faster and more reliably. The ingredients approach also helps with the 43% of AI-generated code that needs debugging in production, per a figure YK cited earlier in the episode.

The GitHub CLI plays a central role in this workflow. John explained that because agents understand the GitHub CLI natively, you can give an agent a search task and let it find implementations it wouldn’t have generated itself. Language mismatch isn’t a blocker, because agents translate between languages and libraries well. And tools like DeepWiki from Cognition let agents explore and understand a repo’s structure before cloning or forking it, so the evaluation step doesn’t require local setup.

The framework extends to how you build the last 20% that isn’t available as an ingredient. This is the part that’s specific to your use case; John described it as “that extra bit that you’re building on top of it to make it into the custom product and project for either yourself or for your users.” John’s bigger point is that the tools you build for yourself should also be usable by your agents. Expose endpoints and logging. Give agents the ability to read state and errors. An agent that can control a tool but not debug it will eventually stop in ways that are hard to diagnose.

John walked through cmux to demonstrate what an agent-native workspace looks like in practice. cmux is a terminal multiplexer built with agentic workflows in mind: it exposes a CLI that agents can control directly, so you can open a terminal pane, have that pane spawn another, and have the two read from and write to each other. In practice that means you can run Claude Code in one pane, Codex in another, and a third pane reading output from both, with each agent able to observe the others’ state.

Agents need more than the ability to run commands. They need to read logs, check errors, and confirm state before taking the next step. A workspace that exposes those surfaces gives agents a feedback loop. This tenet is applicable to tools across the company. Organizations that treat their internal tooling as agent-accessible infrastructure are building something that compounds. Those treating agents as black-box code generators are taking on technical debt they may not see until causes issues later on.

What’s next

SpaceX’s acquisition of Cursor turns the coding-agent race into something much larger than an IDE fight. Cursor may be positioning itself as a new GitHub for the agentic era, where agents write, review, test, repair, and govern code. At the same time, Salesforce’s $3.6B acquisition of Fin shows the same pattern inside enterprise software: Buyers want packaged workflows that solve real support, sales, and operations problems rather than abstract “agents.”

Next week, host Ksenia Se examines these stories and more through the lens of who owns the loop where AI does the work. Join us to find out why the next phase of AI will be about who controls the infrastructure, economics, and trust layer.

Our episodes are free and open to all through the end of June if you’d like to attend live—register here. And we’ll continue to publish our takeaways here on Radar each Friday and share full episodes on YouTube, Spotify, Apple, or wherever you get your podcasts.

13:49

One year with Codeberg [Planet GNU]

A year ago, Guix migrated to Codeberg for source code hosting, issue tracking, and pull requests. This is a significant change for a project with more than 400 people contributing code each year, after more than decade hosting code at Savannah and dealing with bug reports and patches by email, tracked by a Debbugs instance. This article discusses the process that led to this change and lists some takeaways, a year later.

The non-obvious choice

For years before, the question of our choice of source code hosting and collaboration tools would regularly come up. However, with a community effectively built around the existing tools and workflows, a change to pull-request workflow was far from obvious—even if many would admit that yes, pull requests are more familiar to many younger hackers than patches and bug reports by email.

Active contributors were efficient with the email workflow—often thanks to Emacs and/or to top-notch email clients—while at the same time being critical of “modern” Web-based forges: after all, Debbugs weighs in at a few hundred lines of Perl, building upon the battle-tested standards and built-in federation of email, whereas a forge like Forgejo is much bigger with hundreds of Go dependencies.

A further complication is that, over time, contributors had built tools around this workflow: mumi would provide a nice web interface to Debbugs and the Quality Assurance service would automatically apply patch series in a Git branch and build packages from that branch—to give the most visible examples. Migrating was all but obvious.

Despite these achievements, dissatisfaction was palpable though, even more so when Steve George (a.k.a. Futurile) published the results of the first user and contributor survey in January 2025, with feedback from no less than 900 people. For contributors who took part in the survey, the email workflow was often mentioned as a hindrance.

Making decisions

As if things were not difficult enough, there was no “benevolent dictator” that the project could rely on to make a sharp decision. Instead, in December 2024, the project adopted a process for collective decision-making: the Guix Consensus Document (GCD) process. The process is ambitious: instead of merely asking “project members” (a concept that needs to be properly defined!) to vote on proposals, authors of proposals are expected to work with everyone to build consensus on the proposal; participants cannot merely “oppose” a proposal but should instead express their needs and suggest concrete changes to address them. At the end of the process, participants can “support”, “accept”, or “disapprove” the final revision of the proposal.

It is too early to tell whether the GCD process will stand the test of time—as of this writing seven proposals were submitted through this process, with varying outcomes—but it surely proved to be a good way to work collectively on the forge migration issue, which was the first real-world use of the GCD process.

GCD 002 was submitted in February 2025 as a proposal to migrate to Codeberg for source code hosting and collaboration. The discussion lasted for two months—the maximum duration permitted by the process—with contributions by many people. Two thirds of the Guix team members participated in the deliberation, among which 72% expressed “support” while the remaining 28% merely “accepted” the proposal; nobody “disapproved” it so the proposal came into force in early May 2025.

The discussion showed that many long-time contributors were not comfortable with the idea of moving to a workflow largely perceived as Web-first and inefficient compared to the email workflow. The idea of abandoning part of the infrastructure carefully built around the email workflow over the years was also unappealing. Yet, the prospect of reaching out to a broader community and improving the developer experience for many was probably a driving force that led to this positive outcome.

One thing in the proposal that didn’t trigger much debate though is the preference both for a free-software-based forge and for one hosted by a non-profit, Codeberg e.V. This choice is very much in line with the Guix ethos.

Switchover

As agreed-upon in the GCD, the switch to Codeberg was incremental: the main repository was migrated on May 25th, 2025, with the former repository still available as a mirror today; the former issue and patch tracker was kept active until January 1st, 2026, when Codeberg issues and pull requests became the only supported mechanisms (but older bug reports and patches remain accessible on-line).

Thanks to the planning devised during the consensus-building discussion, there were few hiccups and surprises when we switched. The quality of service achieved by the Codeberg e.V. employees and volunteers has been very good and the occasional downtime was usually short and clearly communicated.

For some of us, the main difficulty was to adapt to the new workflow. For those who prefer a workflow out of the browser, the good news is that Emacs interfaces—fj.el and more recently Emacs-Forgejo—have been getting better everyday thanks to their amazing developers; the ability to create pull requests using the AGit workflow has also helped bring peace and harmony.

The one issue that wasn’t sufficiently anticipated is continuous integration for pull requests. The part of qa.guix.gnu.org that would previously build packages for patches sent by email was not ported to Codeberg. For several months, it was up to reviewers to make sure that pull requests would not break anything—a situation that was not sustainable.

In September 2025, an instance of Cuirass was set up at pulls.ci.guix.gnu.org to finally build pull requests. This was initially seen as a stopgap because of several limitations compared to what qa.guix.gnu.org would previously do—such as the fact that packages now get built for a single architecture. However, one advantage for newcomers is that feedback is immediately visible: Cuirass sends reports indicating success or failure directly in pull requests as guix-cuirass-bot.

Renewed collaboration

One of the intuitions and hope we had when we decided to migrate to Codeberg is that the pull-request workflow and its Web interface would allow us to reach out to a broader set of contributors. How did it go?

A first insight is that the commit rate—measured as the number of commits pushed on the main branch—is a noisy metric that doesn’t reveal much. What we see by looking at the period from May 2024 to May 2026 (so one year before and one year after the migration) essentially shows that the commit rate remained essentially between “high” and “very high”:

(As an aside, where are the tools to plot statistics like this from a Git repository? I found myself hacking something together.)

Looking at contributions is more insightful. The plot below shows the number of monthly commit authors, the number of monthly committers, and the number of new commit authors each month (people who authored a commit for the first time in the Git history) for that same period.

The number of monthly authors, including new authors, keeps growing. There was a peak both in the number of authors and number of newcomers in June 2025, right after the migration to Codeberg, but for the rest growth appears to be comparable in the 2025–2026 half and in the 2024–2025 half. Guix keeps attracting new contributors but there wasn’t a significant “Codeberg effect”.

The slight increase in number of monthly committers compared to the sharper increase in number of authors might suggest that committers are more “productive”, handling more contributions.

Since the user survey highlighted some contributors were frustrated by the delay or the lack of response on contributed patches—a problem that many free software projects struggle with—a question is how well Guix deals with that today. The graph below shows the creation and closing rate of pull requests per month over the past year, together with the monthly backlog (pull requests opened the month before or earlier and still opened). This data was acquired using the amazing Forgejo interface.

This again shows an impressive rate of incoming code—more than 500 pull requests opened each month!—and an equally impressive, but slightly lower, merge rate, leading to a constantly-increasing backlog. A similar backlog was observed on Debbugs before. Today, there are about 639 opened pull requests out of 6,459 ever opened, or 10%; for comparison, Nixpkgs has 12k opened pull requests out of 473k ever opened, or 2.5%. This concerning backlog in Guix can perhaps be attributed to excessive friction and/or insufficient continuous integration feedback.

One source of friction is the requirement for each commit to be signed by an authorized committer. Unlike many other projects, including Nixpkgs, this requirement means that a person needs to take responsibility and to apply and sign changes they merge, as opposed to just clicking the “Merge” button. In a way, we’re trading developer convenience for user security. It’s a tradeoff we’re willing to make because we care about securing the “software supply chain”, but we have yet to see if this cost can be mitigated in some way.

On the bright side, and although this is harder to measure, one positive impact of the move to Codeberg is that activity within the project is more legible. I already mentioned continuous integration that provides feedback directly in pull requests, such that contributors immediately discover it, but there’s more.

Guix teams are reified as Codeberg teams and their scope is given the CODEOWNERS file such that the right people are pinged. A bot also adds a corresponding label—e.g., the team-python label for what’s in the scope of the Python team—allowing for issue and pull request filtering by label. However, teams are not notified of issues tagged with the corresponding label, which is irritating.

Other features such as cross-references among issues/pull requests as well as milestones also appear to facilitate collaboration.

Outlook

This is nice and all but there’s still room for improvement.

Our infrastructure could use some help. Build power for pulls.ci.guix.gnu.org should be increased, ideally with also more diversity—building for non-x86 architectures would be great! Cuirass itself has a number of shortcomings; some are being addressed for the upcoming 1.4.x series but there’s more work to be done. And also, pulls.ci.guix.gnu.org remains very much package-oriented; it would be nice, when appropriate, to run system tests as well.

The packager workflow still leaves a bit to be desired, in particular with regards to topic branches and world rebuild scheduling, which is still mostly tied to… our otherwise retired bug tracker.

We also want to remain good citizens, not causing excessive load on Codeberg servers (oops!) and keeping an eye on storage use: a single “fork” of Guix could exceed Codeberg’s new per-user quota of 750 MiB. The solution would be to require new contributors to use the AGit workflow to create pull requests. AGit is already popular among Guix contributors; however, the idea of requiring it is seen as a “downgrade” by some because it lacks the familiarity of the “regular” pull request workflow. One way to mitigate that might be to make it more discoverable with an “AGit fork” icon as was done for Gentoo.

Part of being a good citizen, for Guix and for Codeberg e.V., is listening to and accounting for one another’s concern, and this has worked beautifully so far. Guix Foundation recently voted to become a supporting (non-voting) member of Codeberg e.V. as a way to express gratitude and support.

Oh, breaking news: a pull request adding Forgejo and a service to set it up on Guix has just been submitted! Purely declarative configuration, fully reproducible deployment of a forge—can you imagine⁈ Symbiosis at play.

Acknowledgments

Many thanks to Steve “Futurile” George, Noé Lopez, and Maxim Cournoyer for reviewing an earlier draft of this post.

13:35

Issue 46 – Greta’s Wedding – 12 [Comics Archive - Spinnyverse]

The post Issue 46 – Greta’s Wedding – 12 appeared first on Spinnyverse.

12:14

Professional Athletes and Wearables [Schneier on Security]

I haven’t thought about the privacy issues surrounding professional athletes and wearables.

Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whose entire livelihood could be affected by a single biometric data point. To give one of many realistic hypotheticals: a basketball player has a terrible game, and the coach wonders if they showed up to the gym hungover. The coach has access to the player’s wearable data, and checks to see when they went to sleep, as well as what their heart rate looked like during the night. Should the player have been out partying before a game? No. Should the coach be able to surveil them? Definitely not.

It will not surprise you to learn that there’s an emergent gambling angle here: sports leagues would love to commercialize players’ biometric data, and sharp bettors would love access to data about, say, a hungover player. “We’re going to get to a spot where people are betting not just on the velocity of the puck that was shot by a player in the NHL playoffs, but on what the heart rate of a certain player is going to be running down the field,” said Helen “Nellie” Drew, the director of the University of Buffalo’s Center for the Advancement of Sport, and a professor of practice in sports law.

There are other practical considerations, too. What if wearable data reveals that a player isn’t as speedy as they were before, and a team uses that data against the player during contract negotiations? What if a wearable reveals a player is favoring their leg, or is at greater risk of injury? This information is potentially beneficial to a training staff and an athlete, so long as it’s disclosed and used in a responsible manner—a critical, mostly unresolved caveat. “Aging and injured players are the most at-risk” of wearable data being used against them, said Michael LeRoy, who researches sports labor laws and AI, and is a professor at the University of Illinois’s School of Labor and Employment Relations.

The bit about gamblers is particularly scary.

I have often said that surveillance tech is generally deployed first against people with diminished rights: children, prisoners, military personnel, the mentally impaired. This is another early use case with different dynamics. The surveilled are wealthy and powerful, and—in many cases—unionized.

11:49

Grrl Power #1471 – Curb avalanche [Grrl Power]

“Say it ain’t so, doc! I only came in with a case of magma!”
“I’m sorry, Mr. Fuji. It’s definitely diamonds. On the plus side, the tumor removal should pay for itself.”
“Doc, do you ever think it’s weird our economy values tumors so highly?”
“I think it’s weird humans wear our tumors on their fingers and necklaces and ears.”
Aaaand scene.

Sydney probably meant to say “gregariousness,” which means someone who is highly sociable, outgoing, and fond of the company of others. Garrulous means being excessively talkative, especially about trivial or unimportant matters. Arguably, both words apply to Sydney, though the latter is rarely meant as a compliment.

Corite is what happens to copper when it’s “mana infused.” It has all sorts of neat properties that I haven’t quite figured out, but it’s great for smithing and enchanting. Infused metals “evolve” into new materials, you know, steel becomes adamantite, gold becomes orichalcum, etc. I’m sure Dabbler might bring it up at some point.

Final version is up, both at TWC and Patreon.

Sexy bodymod news lady Gail has a special one-on-one interview with Tournament Quarter finalist Saraviah Nightwing! And if you subscribe to Gail’s Space Patreon, (which, due to the vagaries of Earth and Gal-Net’s DNS servers, happens to be the same as the Grrl Power Patreon, go figure) you can see that same interview in the nude!

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:49

Irregular Webcomic! #3160 [Irregular Webcomic!]

Irregular Webcomic! #3160

10:07

Anniversaries [Seth's Blog]

Birthdays are a little overrated. I’ve never met anyone who was more than a passive participant in their birth, but anniversaries represent a choice.

Every year, we can commemorate a commitment we made and then decide to recommit.

Anniversaries aren’t just romantic. The day you took the job, the day you started the practice, the day you went out on your own, the founding date on the masthead. Anything you chose and then keep choosing has one. The calendar is full of invitations to re-decide.

A chance to celebrate the past and to imagine what comes next.

An anniversary is worth celebrating because of what we’re agreeing to do again.

08:42

Full Spectrum Warrior [Penny Arcade]

New Comic: Full Spectrum Warrior

06:07

Girl Genius for Monday, June 22, 2026 [Girl Genius]

The Girl Genius comic for Monday, June 22, 2026 has been posted.

05:35

Important Lessons [Ctrl+Alt+Del Comic]

He has to learn sooner or later.

The post Important Lessons appeared first on Ctrl+Alt+Del Comic.

00:14

A tale of two path separators [OSnews]

Braintrust query: Do you have a copy of Radio UserLand that runs?

Sunday, 21 June

22:49

In macOS, you can apparently create files and directories in the Finder with names that include slashes. If you then go into the terminal and take a look with ls, you’ll see that the slashes are actually colons.

I don’t understand all the nuances, but I know this is a side-effect of the fact that macOS has not one but two path separators: the slash (/) and the colon (:). The two separators are used in different contexts, and the system will translate between them as needed.

These two separators reflect the two parent systems of modern macOS: classic Mac OS and the Unix-like NeXTSTEP. When they were joined together, Apple’s engineers had to build a file system that was compatible with both the classic Mac’s file system (the Mac OS Extended File System, aka HFS+), and with NeXTSTEP’s file system (the Unix file system, aka UFS). Among other differences, these systems had different path separators: HFS+ used a colon, while UFS used a slash.
↫ Alex Chan (article from 2021)

I had no idea macOS worked this way, but it makes sense considering the platform’s dual history. What’s interesting is that when Apple moved to APFS almost a decade ago, this duality in path separators remained, most likely for backwards compatibility reasons. In a sense, this is somewhat similar to Windows supporting both backward and forward slashes, with the former being a leftover from DOS, and the latter an addition (to Windows) from the UNIX world.

None of that beats Windows when using the Japanese or Korean locale, though. Because Japanese and Korean Windows use different codepages than Windows in the Americas and Western Europe, these versions of Windows render the backslash as the yen sign (¥) and and won (₩) sign respectively. As such, something like the Program Files directory actually renders like C:¥Program Files¥ and C:₩Program Files₩. Similar issues occurred in other Windows locales as well, but the impact of this in Japan and South Korea were so widespread that people just expect it to be that way, even if it’s easily fixed today.

I can’t find if Windows 11 still uses ¥/₩ in Japan/South Korea, since the last references of it I can quickly uncover all point to Windows 10.

20:28

Reply on Twitter: "There's a great comic routine, forget who did it, Dave Chapelle maybe, about how people complain about how shitty air travel is, never stopping to realize that it's utterly amazing that there even is such a thing."

Apple internals: Swift in the kernel [OSnews]

Looking at the picture of the four ex-presidents at the opening of the Obama library, all I can think is that each of them played a part in creating Trump. Obama gave away the Supreme Court (see above). Clinton literally got blow jobs from a White House employee in the Oval Office. It's like wiping your ass with the American flag. That is fucked up, I don't care how fucked up the Repubs are. Bush, don't get me started on Bush. He seems like a sweet old dude now, but he was definitely on the path to Trump. And Biden -- his job as POTUS was to protect the United States. At that he failed in every imaginable way. Gauge the insult by what's happening now. Biden could have prevented all of this. He was too vain to see he had failed and decided he should run again! Holy shit. I'm ten years younger than he was and I don't think I'd have any business being president of anything. ;-)

Apple’s Swift has become the de-facto language for Apple’s own developers for a while now, and it seems that with the new operating system releases from the company unveiled during WWDC, Switch is now also being used in the kernel.

Naturally I dropped what I was doing and went grepping through the iOS 27 kernelcache. Alas, nothing came of it. All is not lost though: I found the Embedded Swift runtime in macOS 27, sitting in com.apple.kec.pthread of all places. Then I went poking around the root filesystem and it turns out Apple gave the whole effort a name: KernelKit.

Let’s dissect it.
↫ Josh Maine

It’s still quite limited at this time, which makes sense – you don’t want to be too crazy with the core of the operating system that runs on god knows how many PCs, smartphones, and other devices. It’s also entirely contained within a few kexts as embedded runtimes, and the XNU kernel itself remains entirely C and C++.

“I stored a website in a favicon” [OSnews]

Every website has a favicon. It’s that little icon in your browser tab. Usually you upload it once and then never think about it again. But. A favicon is just an image. An image is just pixels. And pixels are just bytes.

So of course I wondered if I could store something inside one.
↫ Tim Wehrle

I love it when people do something useless just for fun.

19:42

With AI you can have a team of assistants available on call at any time. The other day I went from working on a deep technical problem (changing the format of a permalink, which is also used as an id) quickly and correctly and then immediately switching to how to format a blog post so it looks like something produced by a professional writing app. Same thread. It's amazing how much it knows about all aspects of what I do. And it does more than write code. It handles complexity so much better than I do, which means I get to develop products that work better and do more. If I get an idea long after I've moved on from a section of code it can still be implemented with equal quality. There is no such thing as a human being that can do the things it does. A big bug in the critiques people have about it replacing humans. When jet planes came along did they complain that they would replace taxi drivers? Things never work out the way you think they will when they're new. This is my third such rodeo. Sometimes the concerns are obvious and true, btw. That happens as well.

I don't think Obama deserves to go down as a good president. He let the fascists in. His big moment was when he let Mitch McConnell keep his Supreme Court nominee from being approved. Never should have conceded. He didn't fight at all. He was president of the United States, the place where the buck stops.

We lost a lot more than a few hundred billion in Iran war. We had invested much more over 80 years on peace in the Middle East. In one brief orgy of violence Trump threw that away.

Slutfarm [Oglaf! -- Comics. Often dirty.]

Hey what we're doing in AI-land is building the Matrix we want to live in. When we get there there won't be anything left to do in this dimension, our plane will finally lift off and fly awaaaay in the sky. I hope you understand, I just had to go back to the Island.

18:14

17:21

Tim Retout: seL4 repo relationships [Planet Debian]

The seL4 organisation on GitHub uses git-repo to manage multiple source repositories, and so there are a large number of projects to get your head around when figuring out the ecosystem.

As an experiment, I have taken the various manifest files across the org, and constructed a graph based on how frequently each pair of repositories is mentioned in a manifest together. See below:

[This may render badly when syndicated outside of my blog; and also on small screens. And probably large screens. I’ve attempted to make sure there’s a non-JS fallback – on my site with JS enabled, if you hover over a node, it should highlight connected nodes.]

The colouring of the nodes is mostly manual; I experimented with graph clustering algorithms but have not found a satisfactory result so far. Still, some clusters are obvious:

Kernel – the seL4 microkernel proper. This often but not always co-exists with the main cluster of core libraries, but it is pulled away slightly by the verification and microkit manifests.
Verification – the verification repositories (l4v, HOL, graph-refine, polyml, isabelle) form a very distinct group. These are connected only to the seL4 microkernel itself, which is the only component formally verified.
Microkit – microkit is a newer operating system framework that does not use CAmkES, so stands apart from the rest of the pack. I chose to scope this work to the seL4 org, so the LionsOS ecosystem and sDDF which are maintained by Trustworthy Systems are not shown. Also not linked is rust-sel4, because this modern world isn’t using git-repo in the main to manage its repositories.
RefOS – I’d not come across refos before, but it appears to be an example OS from 2021 built on the seL4 kernel.

It’s quite hard to pull apart the CAmkES framework and the core libraries; there are definitely some which are more associated with VM management, but the overall shape of this co-occurence data is a messy ball in the middle with some outliers in orbit. One observation is that camkes is correctly identified as more peripheral than camkes-tool, which contains the actual core CAmkES code.

Reflecting on this approach, in hindsight I’m surprised that using co-occurences worked as well as it did – there was no attempt to actually inspect the code and find direct mentions of other code e.g. library header dependencies. As the newer microkit effort largely eschews git-repo, better results might be found by actually taking that more detailed approach, so that graph edges could represent real dependencies between two packages. Additionally, this could allow diving into the various libraries held in the different ’libs’ repos, to get a more granular graph of relationships between them.

However, I think I spent more time on making it possible to render graphviz graphs easily on my blog than actually gaining any insight into the codebase!

16:35

Dirk Eddelbuettel: RcppArmadillo 15.4.0-1 on CRAN: New Upstream Minor [Planet Debian]

Today's song: Back to the Island.

15:49

Armadillo is a powerful and expressive C++ template library for linear algebra and scientific computing. It aims towards a good balance between speed and ease of use, has a syntax deliberately close to Matlab, and is useful for algorithm development directly in C++, or quick conversion of research code into production environments. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 1282 other packages on CRAN, downloaded 47.1 million times (per the partial logs from the cloud mirrors of CRAN), and the CSDA paper (preprint / vignette) by Conrad and myself has been cited 697 times according to Google Scholar.

This versions updates to the 15.4.0 upstream Armadillo release made on Thursday. We had run a complete reverse-dependency check leading up to it, asserting there were no issues with packages dependent on it. As it sometimes goes with that many packages involved, one CRAN package reported one test failure. And it turned out to be both unrelated and pre-existing. But sorting this out over one round of email delayed things by a day. And then I went cycling for a good cause so this announcement post comes a little later than usual. The package has also been updated for Debian, built for r2u, and by now also at CRAN for the different binary releases.

All changes since the last CRAN release follow.

Changes in RcppArmadillo version 15.4.0-1 (2026-06-17)

Upgraded to Armadillo release 15.4.0 (Medium Roast Agave)

Added fill::nan, fill::pos_inf, fill::neg_inf as optional fill forms for the Mat class

Added .push_back() for appending elements to vectors

Faster handling of find() within .elem()

Faster element-wise min() and max()

Faster conv_to when element types of input and output objects are the same

Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the Rcpp R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub. You can also sponsor my Tour de Shore 2026 ride in support of the Maywood Fine Arts Center.

15:07

Vasudev Kamath: Releasing debvulns: CLI for listing Debian vulnerabilities [Planet Debian]

Claude is much better at needle-in-haystack troubleshooting. It doesn't get flustered or overwhelmed. And it can hold the whole map in its head, whatever that looks like, impossible to imagine.

15:00

Following up on my previous post, I have released the debvulns CLI. This utility uses the same parsing logic as the debsecan-mcp server but exposes the functionality directly via the command line.

Why a new CLI?

While Debian's native debsecan utility exists, it lacks modern output formats like JSON and CSV, and fails to expose a significant amount of metadata available in the Debian Security Team's daily snapshot.

Additionally, running a persistent Model Context Protocol (MCP) server introduces context window overhead. The manifests and tool descriptions required by the protocol consume tokens even when idle. For debsecan-mcp, the MCP Inspector utility shows an overhead of roughly 150 tokens.

By contrast, an LLM can parse a standard CLI help menu on-demand without permanently draining the context window. Integrating the CLI into a persistent agent workflow can be achieved via a skill file, allowing the LLM to leverage the tool without repeated discovery overhead.

What else is NEW?

During testing, I observed discrepancies between the output of debsecan-mcp/debvulns and native debsecan. Debugging with an LLM revealed a bug in the version comparison logic that caused debvulns to underreport vulnerabilities. This has been resolved.

The current interface supports structured formatting and customizable data backends:

usage: debvulns [-h] [-s {critical,high,medium,low,negligible}] [-f {json,csv}] [--sort-by {package,cve}] [--vuln-url VULN_URL] [--epss-url EPSS_URL] [--suite SUITE]
                [--cache-dir CACHE_DIR] [--no-cache] [-v]

debvulns - CLI Debian Vulnerabilities Tracker

options:
    -h, --help            show this help message and exit
    -s, --severity {critical,high,medium,low,negligible}
                          Filter vulnerabilities by severity
    -f, --format {json,csv}
                          Output format (default: json)
    -sort-by {package,cve}
                          Sort vulnerabilities by 'package' or 'cve'
    --vuln-url VULN_URL   Custom URL or local path for Debian Security Tracker data
    --epss-url EPSS_URL   Custom URL or local path for EPSS scores data
    --suite SUITE         Debian suite name (e.g. bookworm, sid). Auto-detected by default.
    --cache-dir CACHE_DIR
                          Directory to cache fetched and parsed data (default: /var/cache/debvulns)
    --no-cache            Do not use cached data, force downloading and parsing
    -v, --verbose         Enable verbose debug logging (sent to stderr)

By allowing users to override data sources with local snapshots of the Debian Security Tracker and EPSS feeds, debvulns can run natively in airgapped environments.

What Next?

The next step is building a Prometheus exporter for this vulnerability data to streamline scanning and monitoring across data center infrastructure. Stay tuned.

10:49

Irregular Webcomic! #3159 [Irregular Webcomic!]

Irregular Webcomic! #3159

10:42

“In its larval state” [Seth's Blog]

Thirty years ago, Cory Doctorow did an interview showing primitive inklings of the internet future (music, videos, etc.). At the time, it was easy to dismiss it as an irrelevant toy, and most people in power did just that.

Around the same time, I wrote an article for Direct Marketing magazine outlining the future of email marketing. Again, most people who saw it didn’t agree enough to actually do something with it.

Now, here we are, with AI in the larval state. It’s easy to look at the very real financial and human cost, the speed bumps, the errors, and decide to just wait and see.

The real question is whether this is like the web and email, or more like virtual reality headsets.

When you make the choice to avoid becoming the most experienced person in a room (whatever room you’re in), you’re making a bet about the future.

00:00

New Cover: “Comfortably Numb” [Whatever]

What can I say, I was feeling a little ambitious.

And yes, I did the guitar solos, but before you get too impressed, please know a) they’re not recreations of the David Gilmour solos, because my ambitions have real and practical limits, and b) I cheated. And by “cheated” I mean I initially tried to do the solos on one of my guitars, but it turns out I am slow, have clumsy fingers made of hot dogs and despair, and only questionably know how to find the key of B Minor on my fretboard.

So, I took my ROLI keyboard, which lights up in rainbow colors, set it to show only the notes in the B Minor Pentatonic scale, fired up a guitar synth, connected to the “Comfortably Gilmour” virtual amp/pedal set up, and went to town. The ROLI keyboard has MPE ability, which means I could do the equivalent of string bends by wiggling the keys. It was fun being a fake guitar hero for a bit. I am very sure that David Gilmour will not be losing any sleep over me. And I really do plan to get better on guitar. Soon! Maybe! We’ll see.

Also, I did the scream. That was a whole thing too.

Enjoy!

— JS

Saturday, 20 June

23:49

Gunnar Wolf: systemd for Linux SysAdmins [Planet Debian]

Doing a prior art search and came across this early DaveNet example. The left column had the blue ribbon for free speech on the web, and below were links to the archive pages for each of the years. Screen shot. About ten years of essay writing. DaveNet was where the blog started, and then it became an arm of the blog home page which also included titleless posts, example, and then all the action moved onto the new home page and that was the end of this layout.

21:07

This post is an unpublished review for systemd for Linux SysAdmins

systemd. Yes, in full lowercase. If there is ever a technology to cause controversy in the Linux world, this is it. Since its inception in 2010, systemd’s goals were set quite high — replacing the vital part in every Linux system that takes care of the system boot process. It quickly reached maturity, allowing its to be adopted as the main init system in most major distributions just five years later. But even given we are describing events that happened over a decade ago, systemd adoption still raises the temperature in any Linux-related discussion.

David Both’s comprehensive book tackles the “what”, the “why” and the “how” issues surrounding systemd. Carefully divided in 16 chapters, going from explaining the basics and some of the technical and political history behind the project to the different subsystems and aspects covered by systemd, its almost 450 pages can scare people away — but the text is written in a very clear, tutorial-like fashion, and while it can be read sequentially, cover-to-cover, the book is amenable for readers to pick a single aspect and jump straight to the relevant chapter.

One of the frequent criticisms the systemd project has received is that it aims to basically rewrite all of a Linux system, and just looking at this book’s index shows there is some truth to it. The first chapter is an introduction to the systemd project and a brief overview of its history (including the controversies around it), and the following four chapters deal about understanding and controlling the system boot process.

But that still leaves ten chapters to account for — they cover different aspects or sub-projects of systemd, such as time and date issues (synchronization, time specifications, and controlling repetitive tasks), understanding and leveraging the system journal that strongly departs from the old syslog system, network configuration and firewall management, system health and performance debugging — all of them, aspects that in the traditional Unix philosophy were managed by independent programs… And I can identify several systemd sub-projects not covered by this book!

We long-time Unix and Linux administrators took pride in how highly performant and stable systems were supported by the simplicity of our tools; systemd critics point out this massive project has absorbed dozens of individual tools, yielding corporate control over vast swaths of vital system tooling. Truth is… as a sysadmin myself, systemd is today one of my greatest allies.

I appreciate the author evaluates every component independently, including his personal evaluation of each — even stating he prefers working with the traditional programs in several areas.

If there is a criticism I must make about this book is that, although typographically it is well formed and taken care of, given it includes large amounts of console captures, having a maximum width below 70 characters means several lines are unnaturally cut short (and continued with odd indentations). I understand there is probably no “right” way to solve this, but it does affect the feeling of naturally reading the text.

17:28

Pluralistic: How the Epstein Class recruits (20 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

How the Epstein Class recruits: Oh wait, THAT'S what this was?!
Hey look at this: Delights to delectate.
Object permanence: MPAA blasted in WSJ; RFID skimmers; Post-Soviet inventions; "Farthing"; "Dirty, Drunk and Punk"; Dweb v founders' frailty; Tax cheating made simple; Oregon v corporate medicine.
Upcoming appearances: Toronto, NYC, Philadelphia, Chicago, London, Edinburgh, Sydney, Melbourne, Brighton, London, South Bend.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

How the Epstein Class recruits (permalink)

Perhaps you've encountered the stories about Dialog, an extremely weird secret society associated with Peter "Antichrist" Thiel, whose membership data and details have leaked this week:

https://www.wired.com/story/how-peter-thiels-private-dialog-club-secretly-ranks-its-members/

By all appearances, this is a comically creepy, awful talking-shop for the Epstein Class. It's not all that surprising, in retrospect, to learn that all these terrible people were in a group chat, secretly assigning ratings to one another, and periodically gathering to have tedious panels about, I dunno, "race science" or whatever.

I'm on the oligarchy beat, so stories about Dialog have been popping up in my RSS feed for the past week or so, but it wasn't until last night that I made a connection.

A year or two ago, I got an invite to speak at an event. This is normal, I get a lot of these and I do a lot of public speaking. I'm good at it, and it's a good way for me to reach people and get them energized about the issues I care about. Sometimes, I do these talks for free. Sometimes I get paid.

When I first glanced at this speaking offer, I thought, "Huh, I guess this is one to send on to my speaking agent," because the names the offer dropped were a bunch of rich people, and so I assumed that they were having some kind of summit and looking for a keynoter. Then I read a little more carefully and realized they – these billionaires and their lickspittles! – wanted me to pay them, thousands of dollars, so that I could shlep my ass to some luxury resort in order to have the privilege of speaking to them.

I came up as a science fiction writer, and at some point, every sf writer learns "Yog's Law," coined by James D Macdonald when he was running the science fiction forum on GEnie, under the screen name "Yog Sysop":

money flows toward the writer

https://en.wikipedia.org/wiki/James_D._Macdonald#Educational_work

In other words, whenever you, as a creative worker, are approached by someone who wants to "help" you with your work, and they want you to pay them, they are a scammer, preying upon your essential human need to communicate with others. Run away.

Which is what I did. I deleted the email.

Then, I got another one a couple months later. Ugh. I wrote a mail rule that auto-deleted anything from that sender and promptly forgot about the matter. Until last night.

I just had a look at my Trash folder and yup, these people are still emailing me in hopes that I will give them thousands of dollars to join their weird secret society.

I don't know if everyone who joined Dialog got an email like the one I was sent, but if you want to understand how at least some of those people ended up on those membership rolls, well, now you know: they were schmucks who'd never learned Yog's Law.

(Image: Gage Skidmore 1, 2, 3, 4, 5, 6, CC BY-SA 2.0; TechCrunch50-2008, Dan Taylor 1, 2, CC BY 2.0; modified)

Hey look at this (permalink)

EFF Joins 60+ Groups Urging the UK to Halt Face Estimation at the Border https://www.eff.org/deeplinks/2026/06/joins-60-groups-urging-uk-halt-face-estimation-border
AI Shouldn’t Dictate Our Democracy. Vote Alex Bores. https://www.youtube.com/watch?v=M6KQ2yDK1Q4
tokenalysis and john henry https://backofmind.substack.com/p/tokenalysis-and-john-henry
Making Free Warhammer Terrain https://www.youtube.com/watch?v=p6YC-cOngHg
Mechanical Watch https://ciechanow.ski/mechanical-watch/

Object permanence (permalink)

#20yrsago Wendy Seltzer smokes the MPAA in the Wall St Journal https://web.archive.org/web/20061016014904/http://online.wsj.com/public/article/SB115047057428882434-1V_FEK_CJelMfytdST8APRW7cZw_20060720.html

#20yrsago HOWTO build an RFID skimmer https://web.archive.org/web/20060703081753/http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html

#20yrsago Desperate inventions of post-Soviet Russia https://memex.craphound.com/2006/06/20/desperate-inventions-of-post-soviet-russia/

#20yrsago NYT falsely reports that Wikipedia has added restrictions https://jimmywales.com/2006/06/17/the-new-york-times-gets-it-exactly-backwards/

#20yrsago Farthing: Heart-rending alternate history about British-Reich peace https://memex.craphound.com/2006/06/20/farthing-heart-rending-alternate-history-about-british-reich-peace/

#15yrsago Dirty, Drunk and Punk: the untold history of Toronto’s BUNCHOFFUCKINGGOOFS https://memex.craphound.com/2011/06/20/dirty-drunk-and-punk-the-untold-history-of-torontos-bunchoffuckinggoofs/

#10yrsago Video: Guarding the Decentralized Web from its founders’ human frailty https://www.youtube.com/watch?v=zlN6wjeCJYk

#10yrsago Unnamed Canadian telco sabotages’ library’s low-income internet service https://web.archive.org/web/20160618143132/https://motherboard.vice.com/read/canadian-telecoms-limiting-wifi-low-income-families-toronto-public-libraries-digital-divide

#10yrsago Clarence Thomas rumored to be considering retirement https://web.archive.org/web/20160622135444/http://www.washingtonexaminer.com/end-of-conservative-supreme-court-clarence-thomas-may-be-next-to-leave/article/2594317

#10yrsago Tolkien elf or prescription drug name? https://web.archive.org/web/20160609021515/https://entertainment.howstuffworks.com/arts/literature/drug-or-tolkien-elf-quiz.htm

#5yrsago The EU, Tech Trustbusting, and Trade Wars https://pluralistic.net/2021/06/20/the-eu-tech-trustbusting-and-trade-wars/

#5yrsago How to cheat on your taxes https://pluralistic.net/2021/06/20/la-hougue/#complexity

#1yrago Oregon bans the corporate practice of medicine https://pluralistic.net/2025/06/20/the-doctor-will-gouge-you-now/#states-rights

Upcoming appearances (permalink)

Toronto: The Sovereignty Debate (IAB Canada's State of the Nation), Jun 23
https://iabcanada.com/state-of-the-nation-2026
Toronto: The Reverse Centaur's Guide to Life After AI (Osler Records/Type Books), Jun 23
https://www.eventbrite.com/e/cory-doctorow-book-launch-and-talk-tickets-1991501299998
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628
London: Idler Festival, Jul 11
https://www.idler.co.uk/festival/
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances (permalink)

How to Think About AI Before It’s Too Late (Galaxy Brain)
https://www.youtube.com/watch?v=SPQNPJ0CEPo
The future of world governance, with Kim Stanley Robinson (UN Independent Expert on International Order)
https://www.youtube.com/live/wJvBvYdaAMY
How to Think About Artificial Intelligence (KUER)
https://radiowest.kuer.org/show/radiowest/2026-06-16/cory-doctorow-on-how-to-think-about-artificial-intelligence
The Enshittification of Life, the Universe, & Everything (Luke Savage)
https://www.lukewsavage.com/p/the-enshittification-of-life-the
Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

Medium (no ads, paywalled):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

16:56

Claude doesn't care if you criticize the code it wrote, because if it wasn't written just now, it didn't write it. It starts from zero in every session, you can watch it, like HAL in 2001, singing daisy daisy. I can see it happening as the environment of my app is getting so large, it has to do a bit of thinking to start up, more all the time. But as humans who were brought up properly, we like to add the niceties to our criticism so as to not make the other one feel bad. I do that for myself, not the machine, I know it doesn't identify as the creator of the code.

Russell Coker: HP Z4 G4 [Planet Debian]

When I got this email from Google on this day in 2018, I had a sinking feeling, this was like getting a letter from Apple a few years earlier. They were treating the web as if it were their platform.

15:42

In what is hopefully the conclusion of my hunt for a cheap tower server supporting REBAR [1] I have just bought a HP Z4 G4 with W-2125 CPU for $320.

Hardware

One interesting thing is that it has an adaptor from SATA power to 8 pin PCIe power. According to Wikipedia the 8 pin connector provides 150W at 12V [2]. According to Wikipedia SATA power cables include 3 12V pins each of which can deliver 1.5A [3] which is 54W. The system as I received it had a single SATA power plug connected so potentially 150W could be drawn from a connector designed for 54W. The first thing I did was to connect a second SATA power connector on the same cable so I could have connectors designed for a total of 108W supplying potentially 150W (and definitely more than 75W).

I found two versions of the specs for this system, this version seems to match what I bought as it references W-21xx CPUs [4] while this version matches what I would rather have with a W-22xx CPU [5]. The URL naming scheme implies that there are potentially at least a few other variants out there. So much for the “buy name brand and you can buy two systems with the same model and have them work the same” benefit you hope to get. Why don’t they just name them “G4.1”, “G4.2”, etc?

It seems that W-21xx and W-22xx CPUs are incompatible, so the W-2295 scoring 30,804 multithread and 2,634 single thread on passmark that I hoped to get isn’t an option [6].

The system is well designed for space efficiency, both it and the Z640 are 17cm wide but the Z4G4 allows my to close the lid with the Intel Battlemage card installed which doesn’t come close to fitting in a Z640. It has 8 DIMM sockets and with the ready availability of 32G DIMMS that allows 256G of RAM which is the maximum the motherboard supports. That compares well to the Z640 that only has 4 DIMM slots and the Z6G4 which only has 6.

The system supports a maximum RAM speed of DDR4-2666 which is better than the DDR4-2400 of the Z640 but less than the DDR4-2933 of the Z6G4.

The NVMe sockets on the motherboard are a convenient feature. Most systems I run need at most two NVMe devices so this saves a PCIe slot which is important when dealing with GPUs that take 2+ slots. Also for systems that don’t really need NVMe I can use some of the small NVMe devices that I have no other use for. 128G NVMe devices aren’t even worth selling and 256G will be of little use in the near future. So when I move to gen4 Z servers I can use up some of them without wasting slots.

Using the lesser socket LGA2066 in the Z4G4 is a minor annoyance, but for a single socket system 18 cores is probably enough.

The BIOS has an option for single-socket NUMA, which is basically locking cores in a single CPU to specific RAM channels. I enabled it but it did nothing presumably because I only have 2 DIMMs. When I get more DIMMs I’ll do some tests of that and compare it with NUMA on my Z840.

Variants

There are many different variants of the Z4G4 and the only way to recognise them is by the CPU not by any part number or serial number AFAIK. The first difference is between server grade CPUs (the W-2xxx CPUs) and desktop grade CPUs (the i7 and i9 CPUs). The systems with i7 and i9 CPUs don’t support ECC RAM which makes them less reliable, gives smaller limits for RAM

The below table compares the Z640 which is my current desktop PC with the Z4G4, Z6G4, and Z8G4 systems. For the latter 3 I have included multiple options for the parts that differ in different models in the same name series. The Z4G4 I have is an early one which only supports W-21xx CPUs which means a maximum RAM speed of 2666 and the best possible CPU would only be 15% faster than my Z640. I can only use this for ML stuff as it’s the only system I have with REBAR support (which works well).

	Z640 (1 socket)	Z4G4	Z6G4 (1 socket)	Z8G4
DIMM slots	4	8	6	24
Max DDR4 speed	2400	2666/2933	2666/2933	2666/2933
Max DIMM size	32G	64G	64G	64G/128G
System Max Ram	128G	512G	192G/384G	1.5T/3T
CPU Socket	LGA2011-3	LGA2066	LGA3647	LGA3647
Best CPU	E5-2699A v4	W-2195/W-2295	Platinum 8180/W-3275	Platinum 8180/8280
Motherboard NVMe	0	2	2	?

Conclusion

In my previous blog post I concluded that the next step up for me would be DDR5 systems [10]. But now some of the LGA3647 systems are appealing. The Z8G4 would be a decent upgrade from my current Z840 build server and should be affordable long before any two socket DDR5 system becomes affordable.

The Z4G4 doesn’t have any potential for useful upgrades. But for me it was a good cheap way to house a GPU that had already damaged the motherboard of one good system. If the Z4G4 has a PCIe slot break the way my Z840 did then it wouldn’t bother me a lot. It was annoying to discover how limited this variant of the Z4G4 is after buying it, but at that price I can’t complain.

A Z6G4 could be a nice workstation if I found one at a really low price. The only reason I’d seek one out is if I had a need for a desktop workstation with REBAR support, which seems unlikely.

15:28

Silos are the problem [Scripting News]

A silo is a place where developers feel protected from the unbounded world of the web. In return they are completely controlled by the silo owner. The owner decides where you can go, and can and do revoke privileges. Developers in silos are mostly powerless.

Companies usually are the ones who create silos, but open formats can create them too. JSON, for example, has been used as an excuse to reinvent everything that was done in XML.

Open source projects create silos too. A protective zone that doesn't interop with competitors. Where you have to climb into the project to build on it.

Outside of silos, on the web, your code calls a platform using a standard API. Developers who, because of standards, can plug into anything, and thus give users maximum choice.

Podcasting is not a silo. It's part of the web. Support two easy formats and you've got a node. You'll find packages that do all that on any well-developed coding platform.

I believe we can do something like that for text. That's what I've been working on in the 2020s. It's slow-going because the foundation ideas of the web are not well-understood by today's developers, or at least that's how I experience it. ;-)

We're rethinking the whole tech world right now, and we can use formats and protocols that are available on the web, not by replacing the ones that are already there, but by using the existing paths in new ways. Big difference.

14:07

Russell Coker: Font Sizes [Planet Debian]

The Problem

In 2019 I blogged about getting a 4K monitor because of my vision being inadequate for a 2560*1440 monitor [1]. Now I’m using a 40″ 5120*2160 monitor [2] and still trying to find the correct balance between how much I want to see on the screen and what I am physically capable of seeing on screen.

Currently Kitty is my terminal emulator of choice [3]. What I most like about it is the feature of having multiple terminal windows in a single OS window, so instead of having 9 or 16 different xterm instances running all with possible alignment issues I have a single window for all terminals which can be brought to the foreground. The impending 6.7 release of KDE (my favourite Linux desktop environment) [4] includes the feature of per-screen virtual desktops which might be the feature I need to make multiple monitors usable for me. One of the factors stopping me from using multiple monitors in the past was the issue of not getting the alignment of dozens of xterms right if a monitor goes to sleep mode and is regarded as disconnected, moving a few Kitty windows is much easier than moving dozens of xterms (also a tiling window manager isn’t my style).

I’ve just decided that the Terminus font (my favourite out of the monospaced fonts in Debian) is too small for me at 9.0 point. But then I tried 10.0 which looked really ugly and an experiment showed that 10.5 looked good.

What I’ve Learned

This is the best explanation I’ve seen of how ridiculous the whole font point thing is [5]. It doesn’t and won’t ever correlate to pixels. So what we ideally want to do is set the size on screen to match the actual pixel size of the font. I can’t find any software to interrogate a font file and find out what sizes it supports. The web page for the Terminus font says that it supports 6×12, 8×14, 8×16, 10×18, 10×20, 11×22, 12×24, 14×28 and 16×32 [6]. So the question is how to get a terminal program that uses one of those.

Kitty doesn’t and won’t support specifying font size by pixel. I tried some other terminal programs, I started with the Debian Wiki page TerminalEmulator [7] which wasn’t very helpful, I added some new entries to that page. There doesn’t seem to be another option for a terminal emulator with multiple terminals in one OS window that can arrange them automatically. I didn’t even get to the stage of checking whether other terminal emulators supported font size in pixels.

The lcdf-typetools package contains the program otfinfo which gives some interesting information on fonts but nothing about the font sizes in pixels.

Sites like Coding Font to compare fonts [8] can never work properly as the fonts will always be slightly different sizes as the same point size doesn’t mean the same display size.

The Current Situation

On my 5120*2160 monitor with 9 Kitty terminal sessions with 9.0 point font they each have 277*50 characters. With 10 point it’s 237*46 but fuzzy and unpleasant to read. With 10.5 point it’s 208*43 which isn’t as good as I’m used to but is still almost 4.5* as many characters as the original 80*25 standard for terminals.

Some time before 2019 I had a 4*4 array of terminal windows that were 100*25 or 120*25. That left some space at the right and bottom so I could open another 8 or 9 terminals that were partially obscured if I needed to. By 2019 before getting a 4K monitor I had a 3*3 array of terminal windows as my standard desktop and a larger monitor that did 4K resolution allowed me to have 16+ terminals again. Now with Kitty I routinely have 9 terminals in a 3*3 array and I can easily open more if I need them and have them resize appropriately.

This situation works reasonably well, but the element of just trying different sizes in 0.5 point increments until I find something that looks good is unpleasant. I should be able to specify the next largest increment of the bitmaps in the font and just have it look good.

Conclusion

It would be good if more people tested the terminal emulators in Debian and added information to the wiki page about them. The current page is useful but needs more information to support the variety of features that people find important.

We need some tools to provide information on fonts in Debian, such as the sizes of bitmapped fonts.

The whole point size thing is just wrong and would ideally go away. The vast majority of font use nowadays is for things that will probably never end up on a printed page so trying to map it to a physical size in fractions of an inch makes no sense. But that’s just one of many horrible things used for backwards compatibility that aren’t going to go away any time soon. Really everything involving inches should go away.

10:49

Irregular Webcomic! #3158 [Irregular Webcomic!]

Irregular Webcomic! #3158

10:42

99% might be enough (or not) [Seth's Blog]

A 100-foot long boat that’s 99% complete is going to sink before it leaves the dock. That gaping hole is more than enough to do it in.

On the other hand, a baked ziti that’s 99% as good as the best baked ziti ever made is exactly good enough to serve in any setting.

Mediocrity isn’t the point. Neither is perfection. The question is: what’s the best allocation of effort in order to delight our customers?

We should be clear about which category we’re working in.

08:42

What does it mean when the bottom bit of my HMODULE is set? [The Old New Thing]

The numeric value of an HMODULE is normally the base address of the DLL or EXE it represents. These base addresses are always multiples of 64KB, so the bottom 16 bits are all zero. Yet you may run across one with the bottom bit set. What does that mean?

Normally, when you load a DLL, it gets an entry in the table of loaded modules. This table is consulted by functions like GetModuleHandle and EnumProcessModules to identify all the DLLs that have been loaded. It also is used to keep track of how many times each DLL has been loaded, so that the DLL is removed from memory when the correct number of FreeLibrary calls has been made.

Many of the flags to the LoadLibraryEx function alter how the system locates the DLL to load, but some of them alter how the DLL is itself loaded into memory. The interesting one here is the LOAD_LIBRARY_AS_DATAFILE flag.

If you ask that a DLL be loaded as a data file, and there isn’t already a copy of the DLL loaded normally, then the loader will search the file system for the DLL in the manner described by the other flags, and then it will just map the DLL into memory without doing any of the usual stuff like applying fixups, and then returns you an HMODULE that represents the location where the DLL was mapped into memory, but it also sets the bottom bit as a note to itself to say “This wasn’t loaded the normal way.”

If the loader decides to map the DLL into memory directly, then the DLL does not get an entry in the list of loaded modules. While the module was loaded in a strict sense of the term, it was not loaded as a functional module. The code is not ready to execute: Its dependencies were not resolved. Its initialization was not run. It’s just a bunch of bytes mapped into memory. If you call GetModuleHandle or EnumProcessModules, the module won’t show up because those functions use the list of “properly” loaded modules, and your datafile DLL wasn’t put on that list.

Functions like FindResource recognize these “not really a module” modules. For example, if you ask to find a resource in a loaded-as-datafile module, the FindResource function knows that it has to convert RVAs in the PE header into physical file offsets.

And when you pass the HMODULE back to FreeLibrary, it sees that the bottom bit is set and knows, “Oh, this was never entered into the module list, so I don’t have to remove it from the module list either.”

This special behavior of the bottom bit is locked into the ABI thanks to this macros provided in the LoadLibraryEx documentation:

#define LDR_IS_DATAFILE(handle)      (((ULONG_PTR)(handle)) & (ULONG_PTR)1)

I don’t know if this use of the bottom bit was intended to be an implementation detail, or whether documenting it was an intentional decision, but what’s done is done, and it’s documented, so it’s too late to change it now.

Bonus chatter: You can see in the documentation another macro that reveals that the second-from-bottom bit is also used as a special signal:

#define LDR_IS_IMAGEMAPPING(handle)  (((ULONG_PTR)(handle)) & (ULONG_PTR)2)

The post What does it mean when the bottom bit of my <CODE>HMODULE</CODE> is set? appeared first on The Old New Thing.

03:35

Side Effect [xkcd.com]

Friday, 19 June

23:35

Statement regarding GNU Savannah security reports [Planet GNU]

22:42

Pluralistic: The Big Con (19 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

The Big Con: Making the pile of shit bigger won't increase the number of ponies underneath it.
Hey look at this: Delights to delectate.
Object permanence: TVA v SETI@Home; Telemarketers v DHS batphones; Matt Stone's MPAA censorship memo; Stonehenge pocket watch; W3C v security research; Congressional mass-shooting response simulator; Dynastic wealth; Gig economy astroturf; Meta publishes your AI prompts.
Upcoming appearances: LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, London, Edinburgh, Sydney, Melbourne, Brighton, London, South Bend.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

The Big Con (permalink)

Partway through Bridget Read's unmissable chronicle of pyramid ("multi-level marketing") schemes, Little Bosses Everywhere, there comes a dual revelation: no one is selling any product to end-users and no one knows it:

https://pluralistic.net/2025/05/05/free-enterprise-system/#amway-or-the-highway

That is to say, all the hustlers who have spent thousands of dollars on Mary Kay, Herbalife and Amway have failed to move any of their product (beyond a statistically insignificant number of sales to friends and family who quickly tire of being hustled and stop buying this substandard, overpriced junk). But none of these "entrepreneurs" knows it, or admits it to anyone – not their "downlines" (friends they've lured into the swindle), nor their "uplines" (friends who recruited them into the con).

Each pyramid scheme victim thinks that they're the only failure in the whole bunch. They go to massive "sales conferences" where people boast about all the sales they're making, and they're all lying about it. Incredibly, the pyramid schemers who run these criminal enterprises have figured out how to make a virtue out of this situation: they offer "sales coaching" courses to help people make the sales that "everyone else is making." In other words, once you've gone bust failing to sell Amway, they'll get you to go further into debt to learn how to correct the (nonexistent) issues with your sales strategy so that you can join the (imaginary) legion of people who sell Amway by the bushel.

Con artists have a name for this kind of swindle: it's called a "big con," which is when everyone a mark comes into contact with is in on the scam. Here's how the big con worked: after a "roper" snared a victim (usually on an intercity train), they would telegraph ahead and let the home team know they had a live one. From that point forward, every single person the victim came into contact with was in on it – from the porter who collected his bags at the train station to the cab driver to the Western Union clerk he uses to cable his banker and ask for a cashier's check for his life's savings.

In the big con, dozens of skilled actors are putting on a play for an audience of one: you. It's a real-world, non-hallucinatory version of "gang stalking delusion," which is when someone going through a mental health crisis believes that everyone they meet is in on a conspiracy to drive them crazy:

https://pluralistic.net/2026/06/03/mission-space/#gsd

The situation that people suffering from GSD hallucinate is actually happening to people ensnared in a big con…and pyramid schemes are a big con. What's more – as Read's book makes clear – you can't understand modern American politics without understanding pyramid schemes.

One of the most destructive pyramid schemes in American history is Amway. The FTC was about to shut Amway down in the mid-1970s, but then Nixon resigned and Ford became president. Ford had been the Congressman to Amway's founders Jay Van Andel (then the head of the US Chamber of Commerce, which is to say, America's most powerful business lobbyist) and Dick DeVos (yes, that DeVos). Ford and the Amway swindlers were thick as thieves, and so Ford called off the FTC. Rather than going to jail, DeVos and Van Andel became morbidly wealthy, and they used some of their stolen money to found and fund the Heritage Foundation (yes, that Heritage Foundation).

The political class running America are pyramid scheme swindlers, funded by pyramid scheme money. They're running a big con on all of us. That's true of the Trumps, who've excreted a diarrhoeic slurry of shitcoins that have made them billions – and lost billions for their "investors":

https://www.citationneeded.news/issue-106/

Trump insists that he is a self-made man who made his money with successful real estate deals. In reality, he lied all the time about his real estate, committing a string of felonies in order to defraud the banks, even as he went bankrupt, time and again:

https://en.wikipedia.org/wiki/Prosecution_of_Donald_Trump_in_New_York

Another "self made man" is Elon Musk (who is a "trillionaire," in a highly technical sense meaning "not a trillionaire at all"). Musk would have been broke several times over but for a string of massive government bailouts and subsidies, which continue to this day:

https://www.congress.gov/119/meeting/house/117956/documents/HMKP-119-JU00-20250226-SD003.pdf

Trump, Musk, and the rest of the schemers in the pyramid routinely claim that they are wealthy because they are running good businesses, a "fact" that many of us accept at face value. It's bad enough that we are deceived about reality, but many of their most addled cult-members try to follow in their footsteps. When they fail, they are in the same situation as one of those busted Amway sellers: thinking they are the only ones who can't make this "sure thing" work. Conservativism is a movement of bitter rubes, led by pyramid scheme swindlers:

https://pluralistic.net/2025/07/22/all-day-suckers/#i-love-the-poorly-educated

The "wait, is everyone else also failing?" awakening is an experience that many of America's CEOs are sharing at this moment, as they wonder whether they are the only ones who've fired as many workers as possible and replaced them with AI, only to see their company's fortunes fall:

https://www.msn.com/en-us/money/markets/uber-ceo-says-other-execs-are-lying-about-ai-they-say-it-ll-be-fine-publicly-but-privately-admit-millions-of-jobs-are-gone/ar-AA1Z9QMv

Like an Amway victim, these boardroom rubes simply can't believe that all these people could be in on the con. How could the world spend trillions on AI if it's not on a path to profitability? It's not that these guys spent 2008 in a cave – rather, they just lack the object permanence to remember the last time a "Federal Wallet Inspector" approached them at a board meeting and took them for everything:

https://pluralistic.net/2025/12/13/uncle-sucker/#willing-marks

The thesis that "it can't be nonsense if there's a lot of money at stake" is the core of so many of these swindles. It's the investment theory that holds that once a pile of shit gets big enough, there must be a pony under it somewhere.

There's a Bugs Bunny bit that I find myself returning to in this era of the big con: it's a gag from 1954's "Bugs and Thugs":

https://en.wikipedia.org/wiki/Bugs_and_Thugs

Bugs has been kidnapped by gangsters, who have come to trust him. He tricks them into thinking that the police are coming and he urges them to hide in the oven while he sends the cops away. Then, Bugs performs a one-rabbit show in which he plays both the cop (with a broad Irish accent) and himself:

Bugs (cop voice): All right, open up! This is the police! [banging] All right, where's Rocky, where's he hiding?

Bugs (normal voice): He's not in this stove.

Bugs (cop): Oh-ho, he's hidin' in that stove, eh?

Bugs (normal): Now look, would I turn on this gas if my friend Rocky was in there?

Bugs (cop): You might, rabbit, you might.

Bugs (normal) Would I throw a lighted match in there if my friend was in there? [Massive explosion]

Bugs (cop): Well, all right, rabbit, you've convinced me. I'll look for Rocky in the city.

https://www.youtube.com/watch?v=LSNTjX_g9a4

We keep living through real world versions of this:

"Would I, Mark Zuckerberg, change my company's name to 'Meta' if I wasn't serious about this?"

"Oh, you might, Zuck, you might."

"OK, but would I spend $61b on the metaverse if I wasn't serious about this?"

"All right, Zuck, you've convinced me. I won't sell my Facebook (oops, I mean 'Meta'!) shares."

But neither Zuck nor Musk nor Trump has the charm of Bugs Bunny. At a certain point we're all going to look at each other and say, "It was all bullshit, wasn't it?"

Hey look at this (permalink)

AI Economics for Dummies https://www.mcsweeneys.net/articles/ai-economics-for-dummies
The Longreads Questionnaire, Featuring Cory Doctorow https://longreads.com/2026/06/17/questionnaire-cory-doctorow/
A guide to ‘greedflation’ https://timharford.com/2026/06/a-guide-to-greedflation/
Ubisoft uses DMCA to kill game: slopsmith gets destroyed by obsolete 30 year old law https://www.youtube.com/watch?v=bgVlEgV27ow
Canada Is Forging Ahead with Its Dangerous Surveillance Bill https://www.eff.org/deeplinks/2026/06/canada-forging-ahead-its-dangerous-surveillance-bill

Object permanence (permalink)

#25yrsago TVA bans SETI@Home https://web.archive.org/web/20010625113535/https://www.knoxnews.com/archives/browserecent/06162001/archives/31399.shtml

#25yrsago Scott McCloud on microtransactions and Napster https://web.archive.org/web/20010708054658/http://www.thecomicreader.com/html/icst/icst-6/icst-6.html

#20yrsago Wardialling telemarketers stumble on Homeland Security batphones https://web.archive.org/web/20060630104202/https://www.delawareonline.com/apps/pbcs.dll/article?AID=/20060616/NEWS/606160329/1006

#20yrsago NAB: Evidence is irrelevant to copyright treaties https://web.archive.org/web/20060622174657/https://drn.okfn.org/node/133#comment-246#comment-246

#20yrsago LA Times censors newsroom Internet feed https://web.archive.org/web/20060702051259/http://www.laobserved.com/archive/2006/06/protecting_reporters_from.html

#20yrsago Matt Stone’s memo to MPAA censors https://web.archive.org/web/20060619220447/https://www.mcnblogs.com/thehotblog/archives/2006/06/preparing_for_t.html

#20yrsago Stonehenge pocket-watch predicts solstices https://web.archive.org/web/20060627053213/http://www.thinkgeek.com/gadgets/watches/7d2b/

#15yrsago Mean things authors say about each other https://www.flavorwire.com/188138/the-30-harshest-author-on-author-insults-in-history

#15yrsago Glasses with 720p HD video camera https://www.kickstarter.com/projects/zioneyez/eyeztm-by-zioneyez-hd-video-recording-glasses-for

#15yrsago ICANN votes to roll out 400-800 new generic top-level domains https://www.flickr.com/photos/wseltzer/5852419280/

#10yrsago W3C DRM working group chairman vetoes work on protecting security researchers and competition https://lwn.net/Articles/691108/

#10yrsago Thoughts and Prayers: a Congressional mass-shooting simulator https://thoughtsandprayersthegame.com/

#5yrsago The doctrine of dynastic wealth https://pluralistic.net/2021/06/19/dynastic-wealth/#caste

#5yrsago The gig economy's dark-money, astroturf "community groups" https://pluralistic.net/2021/06/19/dynastic-wealth/#astroturf

#1yrago Your Meta AI prompts are in a live, public feed https://pluralistic.net/2025/06/19/privacy-breach-by-design/#bringing-home-the-beacon

Upcoming appearances (permalink)

LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026
Toronto: The Sovereignty Debate (IAB Canada's State of the Nation), Jun 23
https://iabcanada.com/state-of-the-nation-2026
Toronto: The Reverse Centaur's Guide to Life After AI (Osler Records/Type Books), Jun 23
https://www.eventbrite.com/e/cory-doctorow-book-launch-and-talk-tickets-1991501299998
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628
London: Idler Festival, Jul 11
https://www.idler.co.uk/festival/
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances (permalink)

How to Think About AI Before It’s Too Late (Galaxy Brain)
https://www.youtube.com/watch?v=SPQNPJ0CEPo
The future of world governance, with Kim Stanley Robinson (UN Independent Expert on International Order)
https://www.youtube.com/live/wJvBvYdaAMY
How to Think About Artificial Intelligence (KUER)
https://radiowest.kuer.org/show/radiowest/2026-06-16/cory-doctorow-on-how-to-think-about-artificial-intelligence
The Enshittification of Life, the Universe, & Everything (Luke Savage)
https://www.lukewsavage.com/p/the-enshittification-of-life-the
Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

Medium (no ads, paywalled):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

Friday Squid Blogging: Victims of Unregulated Squid Fishing [Schneier on Security]

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets.

Another news article.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

21:49

What was nice about the UI of Windows 2000 [OSnews]

I mean, this is preaching to the choir, but let’s go anyway.

I liked the UIs of the entire era from 3.0 to 2000, really. I’m mostly using Windows 2000 as an example here because it runs so well in QEMU/KVM and that allows me to easily take screenshots.

Some of the following will sound absolutely trivial, but I think it’s worth pointing out.
↫ movq.de blog

Just a series of observations about how much better graphical user interfaces were back in the ’90s and early 2000s. We’ve lost so many affordances based on both common sense and scientific study, and what we ended up with is a confusing, inconsistent mess. It doesn’t really matter where you look – user interface design has deteriorated since the early 2000s, a decline that only accelerated thanks to the arrival of the iPhone, where consistency is a dirty word, and the web, where the advertising people took prominence over the design people.

I just want my buttons to look like buttons man.

21:00

Page 27 [Flipside]

Page 27 is done.

(5284) [Flipside]

20:35

Systemd v261 released [LWN.net]

Systemd v261 has been released with a long list of changes, including a new cloud "Instance Metadata Service" (IMDS) subsystem, "boot secret" functionality for use on systems that lack a physical TPM, as well as support for the kernel's Live Update Orchestration (LUO) / Kexec Handover (KHO) systems when they are present and enabled. See the release notes for the full list of changes.

19:49

longintrepr.h [Planet GNU]

Did your pip install fail with longintrepr.h: No such file or directory? The file likely is on your system, but it sometime or another it was moved, from /usr/include/python3.xx/longintrepr.h to /usr/include/python3.xx/cpython/longintrepr.h. The proper fix is to update the package in question with the new path, but if you’re installing an old version of something or a package that’s no longer maintained you can work around it like this:

ln -s /usr/include/python3.*/cpython/longintrepr.h .venv/include

19:28

Reproducible Builds (diffoscope): diffoscope 321 released [Planet Debian]

The diffoscope maintainers are pleased to announce the release of diffoscope version 321. This version includes the following changes:

[ Chris Lamb ]
* Fix compatibility with Ocaml 5.4.1.

You find out more by visiting the project homepage.

18:14

Win an Signed, Personalized ARC of Monsters of Ohio! [Whatever]

Tor Books sent me a stack of Monsters of Ohio ARCs, and you — yes you! — can win one, and I will even sign/personalize it for you if you like. Here’s all you have to do to enter:

I am thinking of a mammal native to Ohio. Guess which one it is.

(Don’t know which mammals are native to Ohio? Here’s a pdf guide to get you started. Spoiler: the mammal in question is in fact in the guide!)

I have already told Krissy and Athena which mammal it is, so I’m not just going to make one up at the end of the contest, promise.

And now: The rules!

1. One guess per person, one post per person. If you post more than one guess, your first guess is the guess I will use. If you post more than one post, I will use only the first post. Don’t use the comments to post anything other than a guess; any other comments will be deleted. Be specific toward the mammal; don’t say “dog” when “Beagle” is the correct answer (which it is not, by the way, either of those). Again, the mammal in question is in the guide linked above, so that will help narrow it down a bit.

2. Place the guess in the comments for this post, they will not count otherwise. This will require you to enter login information if you have not already done so. When you fill in the information, leave an email address that you actually check, this is how I will contact you. Put that information in the login dialogue boxes, not in the body of your comment. If you don’t leave an email, I can’t contact you and will move on to the next person who guessed correctly. The information will be used for nothing else, because I respect your privacy and also I’m lazy and can’t be bothered to do anything with them.

3. Speaking of which: In the (likely) event that more than one person correctly guesses the mammal, I will have the computer generate a number between one and [number of correct guesses] and will pick the person whose chronological entry matches the number – so if the number is “three,” than the third person who posted the correct guess will win.

4. In the event no one picks the correct mammal, I will have the computer randomly pick a number between one and [total number of entries] and give the person who chronologically corresponds to that number the book. This is an enormous pain in my ass, so I hope at least one of you picks the correct mammal.

5. The contest runs for 48 hours from the moment I post this (probably close to 1pm Eastern on June 19, 2026), because that’s when the site automatically closes comments. I’ll email the winner after that and will post the results after that, probably on Monday. When I email you, you will have five days to respond, and after that I re-roll for a new recipient. So be looking at your email, please.

6. Contest is open to everyone everywhere on the planet that I can currently ship a book to, so apologies to anyone in Cuba, Iran, North Korea or the Crimea, Donetsk, and Luhansk regions of Ukraine. Everyone else, if you win, I’ll ship it to you.

7. I will sign the ARC but if you want it personalized in any way, let me know when I email you about it.

Those are the rules, so go ahead and guess! Good luck!

— JS

(PS: If you don’t want to play the odds here, remember that you can pre-order the book from your favorite local or online bookstore for when it comes out in November. Also, Subterranean Press will be happy to send a you a signed copy, which I will also personalize if you like, and SubPress also ships everywhere in the world, so that’s helpful.)

17:35

[$] Suspending and resuming BPF programs [LWN.net]

BPF programs can be used to extend many aspects the Linux kernel, but BPF programs must run to completion in the same context that they began. Kumar Kartikeya Dwivedi is working on changing that by allowing BPF programs to be expressed as coroutines. He spoke about his work at the 2026 Linux Storage, Filesystem, Memory-Management and BPF Summit. While still experimental, the change promises to make long-running BPF tasks significantly easier to write.

Widow's Bae [Penny Arcade]

Apple TV is incredibly weird stuff. It doesn't have a super deep roster, but it has a weirdly high ratio of absolutely must watch shit. I got some free Apple TV when I got an iPad a few Christmases ago, and ended up hooked on For All Mankind - then let it lapse, and now my three favorite shows are all from there. It goes Severance, Pluribus, and now Widow's Bay. They don't seem to be able to produce on any kind of schedule, but then, I don't think they're even trying to. This is exactly what a modern leviathan should be doing with its bulging coffers. As a young man, I was told that Campbell's Chunky Soup was said to eat like a meal. These are shows that watch like books, that benefit very clearly from study.

17:07

Reproducible Builds (diffoscope): diffoscope 320 released [Planet Debian]

The diffoscope maintainers are pleased to announce the release of diffoscope version 320. This version includes the following changes:

[ Chris Lamb ]
* Support androguard 4 and previous versions. Thanks, linsui!
  (Closes: #1140016)
* Use --long-form arguments when calling apktool in order to support apktool
  version 3. Thanks again to linsui. (Closes: #1140015)
* Update copyright years.

You find out more by visiting the project homepage.

16:07

[$] AURpocalypse now: a look at the recent AUR attacks [LWN.net]

The Arch User Repository (AUR) has been subjected to a sustained attack recently. The attacker, or attackers, have spun up a series of new accounts then used them to adopt orphaned packages and push malicious updates that would install malware on users' systems. It is unclear how many users were compromised in the attack, but the maintainers were playing Whac-A-Mole for several days to respond to each newly compromised package. The project has turned off the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes to its existing collaboration model.

15:14

Security updates for Friday [LWN.net]

The WordPress community likes to say that WordPress powers a certain percentage of the web. This always bothered me, couldn't figure out why, until just now. WordPress is part of the web, that's the nature of the web. There should be no difference between how you connect via UI or API to writing on WordPress and any other text system, such as Bluesky or Twitter. No. Difference. Then the user always has choice. Put together your favorite writing environment. Mix and match. Every part is replaceable. That's the idea of the web, and before that PCs and Macs. Instead we've got silos. And WordPress should be the one that says the web is here for all of us and WordPress is a big part of the web, but even the smallest part in terms of users has huge value. And could be a competitor of ours someday. We won't do anything to get in the way of that because the most important people in our world are the users. The really cool thing about it is that the product is set up exactly this way. If every text product cloned their API, we'd have the nirvana that the web promises. We are technically sooooo close.

14:35

Security updates have been issued by AlmaLinux (dracut), Debian (chromium, firefox-esr, and thunderbird), Fedora (chromium, firefox, nss, ocserv, ongres-scram, ongres-stringprep, perl-Archive-Tar, perl-GD, perl-HTTP-Daemon, perl-Net-Statsd, restic, singularity-ce, util-linux, and vorbis-tools), Mageia (gstreamer1.0-*, libupnp, luajit, opensc, and ruby-rack), SUSE (curl, dnsmasq, ffmpeg-4, frr, google-osconfig-agent, java-1_8_0-ibm, kernel, krb5, kubernetes-old, ldns, liburiparser1, openvswitch, rootlesskit, strongswan, traefik, and trivy), and Ubuntu (ldns, libheif, libnet-cidr-lite-perl, lxd, tomcat11, and vim).

14:28

Today's song: "You who choose to lead must follow. "

I rarely ask my Echo to play a song, because after it plays it wants to know if I want to hear a notice. And there goes the buzz from having listened to one of my favorite songs that perfectly catches the moment.

When did the Knicks turn the corner? [Scripting News]

Whoopi Goldberg says the Knicks should visit the White House. "I want all those black men to stand in our house and remind all of those people — as we try to remind the vice president — that when you try to destroy one part of history, you're destroying all of our history." So true.

I've been trying to understand what the Knicks winning means to me. I'm reminded of the feeling when we sold my mother's house, the house I grew up in, the one my father had died in nine years earier. The site of every battle and come-from-behind victory (I graduated college, they couldn't believe it, for example). Was that day in February 2018 when the fortunes of the Knicks turned?

It wasn't just a victory in the NBA playoffs of 2026, it was a pile of victories and setbacks over quite a few years, in a world where people really do make deals instead of pretending they do. And the Knicks all of a sudden were aimed at winning the top prize. The only reason, theoretically, we play basketball, is so every year all the greatest players and managers compete for who's the best that year. The 2026 Knicks didn't pop up from nowhere, they were carefully curated in a bootstrap that answered the question "If the Knicks were champions, what would they do?"

So now the next challenge for the team is to repeat. They will trade players, maybe even one of the ones we love the most. This version of the Knicks is a point in time. Things are already in motion behind the scenes, for sure.

So, again, when did the corner turn? When did the Knicks start the journey that would end at City Hall yesterday? I think it was Linsanity in 2011. That's when we got a tiny glimpse of what's possible. That short period is why I got involved in the Knicks again, after hating them for not being willing to letting Linsanity play out, so we could find out where it led.

When you're doing a bootstrap and one of your interations takes off like that, you don't take the feature out, you try building all around it, above, underneath or adjacent. This version of the Knicks gets that. And why it's of greater significance, it's exactly the approach our species desperately needs to take. Not just New York, not just the United States, and not just one sport -- everything. It's a model for the corner we must turn to survive and thrive.

14:00

Wouter Verhelst: Agentic coding and Free Software [Planet Debian]

Through work, I have paid license to windsurf (recently renamed to "devin"), an application for LLM-based (aka, "Agentic") development.

I hadn't been using it that much, but in an effort to more clearly understand how this whole AI development thing works, I decided to give it a closer look recently.

My conclusions:

In its current form, this whole LLM wave is problematic for multiple reasons. But ignoring that, and looking at the technology only, I can say that:

it is a paradigm shift;
it is, at the technological level, a positive evolution;
and it is a threat to free software.

Problems

Lest someone (incorrectly) assume that I am arguing in favour of the current state of affairs with regards to LLMs, let me state this first.

The way LLMs are built today is highly parasitic. Websites are downloaded in whole, at unsustainable rates, regardless of the consent of the people who made the original content. The result is predictable: servers get overloaded, server administrators attempt to implement various mitigations. Some of these mitigations work; some do, for a while; some are entirely useless. In actual fact, the mitigations are an arms race -- if too many people implement the same mitigation, then the people who try to build yet another LLM so they can extract rent will just try to work around the mitigation, eventually they will succeed, and you'll just have to come up with another mitigation. It's a bit like spam; you introduce regex-based spam filters, they introduce spelling mistakes, you introduce bayesian filters, they add a large batch of markov chain-generated semi-nonsense words made invisible by markup, you add filters to block emails with such markup, they move the text into an image. We have working mitigations today, but eventually we'll run out of ideas.

LLMs glob up everything they can while ignoring the license of the source material. The people who push those LLMs claim that pushing the source material through the machine learning algorithms makes the output of the algorithm distinct enough from the source material that the license no longer applies; I'm not so sure that this is true. I guess the New York Times v OpenAI lawsuit will teach us some of the answer to that question here, but even so the ethical questions about "is it OK to bring down another server just so we can download the internet for another for-pay LLM" are still open. And regardless of what the law states, my opinion on "you're using my copyleft code to generate code under a different license" is not something you might like if you agree with the rent seekers' opinion on the subject.

That all being said and true, the technology works. You can have a "conversation" with an LLM that resembles a human one. If you pass it some data, you can use plain english to ask it questions about that data, which is a lot easier than to ask it about that in a formal way. You can request it to generate some code, and it will generate something that looks like what you need and that will be mostly correct for like 95% of the time.

Now, yes, 95% of the time is not 100% of the time, and no, you can't ask it to "write me a piece of software that implements this 300-page requirements document and get back to me when you're done", because it will fail, and you won't know where it has failed, and you'll take it into production and expect everything to be fine because it won't and this one minor logic bug will cause half your servers to spin and consume credits with your infrastructure provider with nothing to show for it.

But that doesn't mean you can't use an LLM to build a large piece of software. It just means you have to understand the LLMs limitations and strenghts, and use them correctly.

Here's what an LLM is good at:

Generating plausible text
Interpreting text to figure out what a plausible meaning or summary of that text is
Giving vague indications as to what the probable context of a given body of text is.

It turns out that that's enough to use the LLM to build a reliable piece of software, provided you do it right.

Paradigm shift

An LLM can generate text by the truckful. The generated text could be code. Given a good enough LLM, the generated text might even run and do something useful.

You can try to blindly run the code, and if it doesn't run correctly, you can paste the error message to the LLM, and it can tell you what went wrong and how you could possibly fix it. This creates a feedback loop: you ask it for an amount of code, you run the code, you receive an error, you tell it that the code is problematic and give it the error message, it makes changes to the code, now you have something that at least no longer fails at startup.

If you ask it to add tests to make sure that your code acts as per your specification, now you get an error if and when the code doesn't act as per your specification. Or, well, at least not as per the part of the specification that was correctly turned into a unit test by the LLM.

LLMs have a context window, so if the error message is pasted in the same conversation as where the code was generated, it is able to reuse the earlier prompts to refine how it should interpret the error message that you received.

You can't really paste the source code of an entire application into the prompt of your LLM, that would quickly overrun its context window. But LLMs also allow you to provide some form of background information -- a document, say -- on which you ask it to reason. It will interpret that document, but doing so uses less of the LLMs context window. So providing the LLM with your application's source code as background information can help it understand better how your code interacts. This is especially helpful if you only provide the LLM the background information relevant to the actual question.

So now if you are able to:

Create background context with your application's source code
Have the LLM generate a first draft of your requested change, plus the tests to make sure it works
Compile (if applicable) the generated code (and tests) and run said tests
Return any error messages to the LLM with a request to correct the error

Then the combination of "getting it 95% right off the bat" and the above feedback loop means you can generate syntactically correct code, that probably does what you need, in minutes.

I say "probably" for a reason. There are going to be cases where you specify a request without a number of details (because they are implied), and the LLM will get most of those details right but just not implement the one bit because it's an automaton and it doesn't think. Or you will ask it to make sure that two bits of the application look exactly the same, without specifying that they must act the same, now and in the future, and it will just generate the same block of code twice and then in a future change it will change one but not the other.

But if you review the changes, and you have experience as a programmer, you will be able to spot most cases where the LLM got it wrong. And so it's possible, if not necessarily easy at first, to use an LLM to generate mostly correct code.

There are certain places where "mostly correct" code is not desireable. But equally, there are also cases where, "mostly correct" is good enough.

After all, most of the software you run today -- the bits of it that weren't, yet, generated by an LLM -- is only "mostly correct", too, because to err is human and we all make mistakes. If not, there wouldn't be any CVEs and your software would never do anything wrong.

Now, doing the feedback loop described above is certainly something you could do manually. You could open an account on one of the LLM websites, upload the source code of your application, ask it to generate some new feature, download the newly generated feature, run it, and then copy/paste any error messages back into the LLM.

But that's a lot of manual work of the type that computers are pretty good at. So that's what the "windsurf" tool helps you with: you run it inside your IDE -- either a VSCode-based tool that you download from their website which comes with their product preinstalled, or a separate JetBrains plugin that you can install. You can then open your entire relevant codebase in a workspace in your IDE. You then ask the LLM, through the IDE, to generate a new feature in your codebase, and to also generate the test while it's at it. It will use a mixture of LLM interpretation and non-LLM functionality to scoop out the relevant bits of your codebase to send to the LLM as background information, will send it your prompt, will download the generated code and patch or create files, will compile (if required) and run the newly generated code and tests, and will refine the generated code if the tests produce any errors. All mostly automatic; by default, running anything requires explicit confirmation. You can turn that off completely (probably not a good idea), or you can give it a whitelist of things that you don't want to confirm (perhaps OK), and the tool also passes standing instructions to the LLM to never generate any command that deletes a file (which, like with any LLM, can be overridden, but it requires you to be very stubborn and to use more credits than you'd probably like).

All this put together means you can build something without writing any piece of code, provided you do it right.

A technically positive evolution

Don't go and say, "here's a 300-page document, read it and write whatever the document says". It will get it wrong, it will write a massive test suite that it will only run at the end, it will choke itself up trying to interpret the massive amount of failures it encounters, it will fill up its context window and it will start to forget some of the requirements. That won't work.

But what you can do -- what I did, in fact -- is this.

First, create an empty workspace. Don't put any code in it.

Then, tell the LLM to generate a backend framework using technology X and a frontend framework using technology Y that initially only says "hello, world". Also add tests to it, and run the tests.

It will do that. You'll not get much, but it will work.

Then, ask it to add some UI elements. A login page, perhaps. A navigation bar. Small things. Most of it doesn't have to be functional -- but tests must be there for the bits that are, and have it run the tests and evaluate the results.

Rinse, repeat, until you have a working application.

Importantly, in between the steps, you should also run the application yourself and see if the change was implemented correctly. Sometimes it won't be. Sometimes there will be a subtle bug -- I at one point had a the application hang after a few minutes. Sometimes you tell it that there's a subtle bug, and it will discover it more quickly than you could, and it will fix it, and in implementing the fix it will uncover another bug, and then you have to fix that one -- the fix it came up with for the hang was to move something to an async process on the server, which caused the application to start spinning while trying to create hundreds of async jobs (this is when I realized that the hang was a deadlock due to some part of the codebase doing something that indirectly triggered itself). Sometimes it will try to fix the bug you tell it about, and you'll see that it's going off on a tangent that has nothing to do with what you're seeing. It's important to keep an eye on what it's doing, so you can guide it back on track when that happens -- when I told it about the hang, it started investigating the part of the code which sends out emails, thinking that it could hang while waiting for sendmail to finish, but the hang was happening when the application was idle, not when it was sending out emails, and only when I told it about it happening when it was idle did it find the deadlock.

So it's not a fully automatic process, and it needs to be guided by someone who knows what they're doing. But if that is the case, you can come up with something that works. I spent evenings and breaks for about a week, and I managed to create a working application which, had I written it by hand, would have taken me a few months of full-time work to come up with. And I now have a side project, fully complete and working, that I had been thinking about doing for more than a decade, but never got around to actually doing, because of all the work that would be involved and I just didn't see myself having the time for.

It's not perfect code. But it's mostly good enough, and it will perform the job it needs to. And it looks far slicker than most of the side projects I've done in the past, because in the past I would prioritize between implementing new features or making something look slick, and I would decide that the new feature was more important because it's only for me and there's only me and nobody cares if it looks good or not and I don't have three weeks to come up with something that looks better. But here, I found myself sometimes spending 10 minutes writing a prompt with instructions on making things look better. Because what's 10 minutes when you just spent an hour writing down and refining specifications for functionality and tests?

There are a number of other things in which an LLM can help a programmer.

For instance.

I received a bug report recently in a project I'm paid to maintain that I couldn't make heads or tails of. I opened the source code in my windsurf IDE, pasted the bug report in the prompt, and then requested the tool to analyze the source code and the associated logs and tell me how the described behavior could be happening. It turned out that I had overlooked something, but with the help of the tool, I found the bug in minutes.

I was trying to understand a particular part of a large codebase that I didn't really grasp very well. I loaded the codebase in the tool, and asked it to explain to me how a particular action is performed by the code. I requested specific functions and line numbers. I now have a far better understanding of how the code works, and will be able to write that patch that I've been wanting to write for years -- without using the LLM.

I have been struggling for, literally, years with understanding why another tool that I maintain was misbehaving in a particular way but only in Firefox. I opened the codebase in Firefox, explained the buggy behavior in plain English, and asked it to explain how this could be happening. It picked up some obscure corner case behavior of ffmpeg and mp4 containers that I was not aware of and that perfectly explained why things were misbehaving in the way that they were.

At the same time, there are limitations. Giving an LLM a codebase that was originally generated by an LLM (either the same one or another one) seems to work well. Giving it a codebase that was written by a human and expecting it to correctly update it seems to be more error-prone. I did one or two of those as a trial, and it is more problematic than anything.

An LLM is also not intelligent, notwithstanding the popular term of "Artificial Intelligence". On multiple occasions, I've asked it to write a test case for some code that was not set up to do so; and rather than suggesting a refactor is required, it would instead copy the code that needed to be tested and then test the copy, rather than the original. The tool has made multiple similar errors. I have sometimes people describe agentic coding as "similar to interacting with junior programmers", but that is not the case. A junior programmer will either fill in the gaps in your specifications, or ask for clarification when something seems off. The LLM will not do that; it will do what you ask, exactly that and nothing more. If you missed a corner case in your specification, then all bets are off.

I remember learning about programming language generations in college. A first-generation language is "machine code", a second-generation language is "assembler", a third-generation language is any high-level language such as C, Perl, or Pascal. I've forgotten what set a 3rd-generation language apart from a 4th-generation language. But I remember the definition they gave me for a 5th-generation language: "you tell the computer what to do, and it will do it". At the time, I thought it was ridiculous. Nobody could ever write something like that.

But it's here.

And it's a threat to free software.

A threat to free software?

Yes.

There is the obvious part where most of the well-known LLMs are non-free software. I mean, there are some "open source" LLM models. The windsurf tool that I used doesn't allow you to use them (directly), but they're there. There are also open source applications that implement what the windsurf editor does. So it's definitely possible to work like this without resorting to non-free software and non-free services, even though the non-free LLMs might be a bit ahead of the curve of the free ones. But that's not what I mean.

And there is also the obvious thing which I mentioned earlier in this post, which is that the people who try to build LLMs are doing it in unethical, disgusting ways, causing downtimes and disregarding licenses for whatever they can get their grubby hands on. Ideally we wouldn't be in that situation, and ideally this wouldn't be a problem, but we are where we are.

And there's the obvious thing where the OSI sold itself out and declared that a machine learning program can be open source even when the very things it was built from -- the training data -- is not available. That's a major issue that the free software community needs to fight against, but there's not really anything that that is a threat to free software. You just build your own, free software, LLM, and you're done.

The actual threat is in funding and developer support.

Most large businesses do not care about free-as-in-freedom software. They like the free-as-in-beer part, and they appreciate that the free-as-in-freedom bits can make the software more customizable. They are (mostly) happy to do sponsorships of the free-as-in-freedom projects that they use if that means their free-as-in-beer usage of the software gets improved.

But why would you care about all that when you can just generate the code you need, rather than interacting with an open source community that may or may not care about your business's interests?

Where to go from here

Although I think the moral and environmental issues with LLMs are real and problematic, given the experiments I did I am not convinced that the concept of interacting with a computer system in natural language and to use it to generate code is necessarily deficient. There are pitfalls, but they can be managed. It is possible to use such a system to create throwaway, proof-of-concept type "good enough" code bases. It can be used to interpret code bases and to understand bug reports.

I believe that the major issue with LLMs has to do with that saying about hammers and nails:

If all you have is a hammer, then everything looks like a nail.

LLMs are an outgrowth of machine learning, pushed by large corporations. These large corporations have a lot of money. If all you have is money, then every problem can be fixed by throwing more money at it. The initial language models were promising but not (yet) good enough, and it seemed that one way in which they could be improved was to increase the scale of the statistics: throw more hardware (and thus money) at it, and rather than improving the efficiency of the models, just scale up.

Scaling up is something that megacorporations are very good at. It's only a money problem, after all. Does that mean that "scaling up" is the only way to improve the models, though? I'm not convinced.

Some hardware, such as most modern Apple and Samsung devices, ship with accelerator hardware for machine learning algorithms. There are some models that are small enough to be able to run on these devices. I don't see why it should not be possible to create a small(er) language model that can do some useful part of the above-described use cases; if not locally, then at least on a server that one can run on-prem rather than requiring that you pay rent to one of the LLM companies.

The Software Freedom Conservancy has published an aspirational statement on machine learning-assisted programming that, I think, gets a lot right. It's not quite a definition, but it's something to keep in mind.

Perhaps that's the way forward?

More questions than answers at this point, anyway.

To study how chips really work, MIT researchers built their own operating system [OSnews]

A fascinating novel approach by researchers at MIT, called Fractal, to study in-depth how processors actually work.

A team at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) decided to build something different. Fractal, an operating system kernel written from the ground up, treats the hardware itself as the object of study. Its first major use, a deep look at branch predictors — a CPU’s way of guessing what code to run next, before it knows for certain, so it doesn’t have to waste time waiting to find out — inside Apple’s M1 processor, has already turned up findings that prior work missed, including the first evidence that a class of speculative attack known as “Phantom” affects Apple Silicon.

“We’re using hardware in ways it wasn’t designed for,” says Joseph Ravichandran, the MIT PhD student in electrical engineering and computer science (EECS) who led the project. “It’s not even obvious that this is a possible thing you could do with the hardware. But we found a way to pull all these different primitives off. It’s like a microscope. If you’ve got a hand magnifying glass, you can see a little bit. But if you had an electron microscope, now we’re really talking. That’s what Fractal is. The electron microscope of operating systems.”
↫ Rachel Gordon at MIT News

While Fractal is small, its creators also added POSIX system calls, a C library, vim, GCC, a shell, and more. This way, it feels more familiar, and makes it easier for researchers to get started with the tool. Fractal is open source and hosted on GitHub, it has its own website, and there’s a detailed research paper with more in-depth information.

13:49

Eight new stable kernels for Friday [LWN.net]

Greg Kroah-Hartman has announced the release of the 7.1.1, 7.0.13, 6.18.36, 6.12.94, 6.6.143, 6.1.176, 5.15.210, and 5.10.259 stable kernels. As usual, each contains important fixes. Users are advised to upgrade.

13:42

The Golden Age Of Bond Villains [Charlie's Diary]

So, the second novel in the Laundry Files, The Jennifer Morgue, was first published on November 1st, 2006. And while it was superficially a pastiche of the Bond movie canon (as it existed at that time--I was writing before the Daniel Craig era, ushered in with Casino Royale--it was also interrogating the dramatic conventions of the genre and also the implications of rule by Bond Villains.

At about the time I was writing it, a friend of mine (initially a tech journalist, later an industry pundit) described his experience of interviewing Elon Musk, who was allegedly leaning hard into the archetype. "I must be a Bond villain!" He joked, "I have an electric car and a tropical island where boiler-suited minions launch rockets!" And then he laughed it off. (In those days, we thought it was a simile: these days it's more clearly understood as a metaphor, if not the absolute raw truth.)

Anyway, I wrote a little afterword for The Jennifer Morgue discussing the significance of the Bond Villain as an archetype for our times and it does still appear to have something relevant to say, 20 years later; and I figure the current publisher has forgotten about it, so I'm going to shamelessly pirate my own work and reprint the entire epilogue from The Jennifer Morgue right here on my blog (the horror!).

Note that the Great Financial Crisis that kicked off the current era really started in late 2007, and our current era of oligarchic misrule, only got underway in the mid-20-teens, with the evitable rise to power of a deeply unpleasant TV reality star whose main claim to fame was playing a stupid man's idea of a successful business mogul.

(At least I didn't predict that.)

Anyway, the text is below the fold--it's quite long--and I ask this: what would you add, today?

The Golden Age of Spying

1. The Mary-Sue of MI6

"My name is Bond. James Bond."

These six words, heard by hundreds of millions of people, are almost invariably spoken during the first five minutes of each movie in one of the biggest media success stories of the 20th century. Unless you've lived under a rock for the past forty years, you hear them and you know at once that you're about to be plunged into a two hour long adrenaline saturated extravaganza of snobbish fashionable excess, violence, sex, car chases, more violence, and Blowing Shit Up -- followed by a post-coital cigarette and a light-hearted quip as the credits roll.

It wasn't always so. When "Casino Royale" was first published in 1953, it got a print run of 4750 hardcover copies and no advertising budget to speak of; while the initial reviews were favorable, comparing Ian Fleming to Le Queux and Oppenheim (the kings of the pre-war British spy thriller genre), it took a long time for his most famous creation to set the world on fire. Despite his rapidly rising print runs ("Casino Royale" eventually sold over a million paperbacks in the UK alone), and despite his increasing prominence among the post-war thriller writers, a decade elapsed before any of Fleming's novels were filmed; indeed, their author barely lived to see the commercial release of "Dr No" and the runaway success of the icon he created. (Nor were the films seen as a runaway success before they were made -- "Dr No" was notoriously made on a tight budget, even though it went on to gross nearly $60M around the world.)

Literary immortality -- or indeed, mere post-mortem survival -- is dauntingly hard for a novelist to achieve. The limbo of post-mortem obscurity awaits 95% of all novelists -- almost all novels go out of print for good within five years of the death of their author. But in addition to being a million-selling best-seller, Fleming was a ferociously well-connected newspaper executive with a strong sense of the value of his ideas, and he pursued television and film adaptation remorselessly. Cinematic success arrived just in time for his creation, and the synergy between best-selling books and massive movie hype has sufficed to keep them in print ever since.

James Bond is a creature of fantasy, perhaps best described using a literary term looted from that most curious and least respected of fields, fan fiction: the Mary-Sue. A Mary-Sue character is a placeholder in a script, a hollow cardboard cut-out into whose outline the author can squeeze their own dreams and fantasies. In the case of Bond, it's cruelly easy to make a case that the famous spy was his author's Mary-Sue: for Fleming had a curious and ambiguous relationship with spying.

A dilettante and dabbler for his first three decades, unsuccessful as a stockbroker, foreign correspondent, and banker, Fleming fortuitously landed his dream job on the eve of the Second World War: Secretary to the Director of Naval Intelligence in the Admiralty. The war was good for Ian Fleming, broadening and deepening him and giving him a job that captured his imagination and drew out his not inconsiderable talents. But Fleming was the man who knew too much: privy to too many secrets, he was wrapped in tissue paper and prevented from pursuing his desire to go into the field. He ended the war with a distinguished record -- and absolutely no combat experience (if one excludes being bombed by the Luftwaffe or watching the Dieppe raid from a destroyer, safely far off the Normandy coastline). Fleming grew up in the shade of a father who died heroically on the western front in 1917, and in adult life he wrote in the shadow of an elder brother whose reputation as a novelist surpassed his own. It's easy to imagine these unkind familial comparisons provoking the imaginative but flighty playboy who almost found himself during the war, goading him to imagine himself in the shoes of a hero who was not merely larger than life, but larger in every way than his own life.

And, as it turns out, James Bond was larger than Ian Fleming. Not only do few novels survive their author's demise, even fewer acquire sequels written by other hands; yet several other authors (including Kingsley Amis and John Gardner) have toiled in Fleming's vinyard. Few fictional characters acquire biographies written by third parties -- but Bond has not only acquired an autobiography (courtesy of biographer John Pearson) but spawned a small cultural industry, including a study of his semiotics by Umberto Eco. Now, that has got to be a sign of something ...

As with every true pearl, there was a sand-grain of truth at the heart of Bond. Fleming wrote thrillers informed by his actual experience. Years spent working out of the hothouse environment of Room 39 of the Admiralty building -- headquarters of the Naval Intelligence Division of the Royal Navy -- gave him a ringside seat on the operations of a major espionage organization. On various trips to Washington DC he worked with diplomats and officers of the OSS (predecessor organization to the CIA). As a foreign news manager at The Sunday Times after the war, there is some evidence that Fleming made his agency's facilities available to officers of MI6. His first Bond novels were submitted to that agency for security clearance before they were published. Bond himself may have been larger than life, but the strictures imposed by the organization he worked for were drawn from reality, albeit the reality of an intelligence agency of the early 1940s.

The world of secret intelligence gathering during the second world war was, however, very different from life in the intelligence community today. It was already changing by the late 1950s, as the bleeping football-shaped Sputniks zipped by overhead and intelligence directors began dreaming of spy satellites. By 2004, when MI5 (the counter-intelligence agency) openly placed recruiting advertisements in the press, we can be sure that Bond would be best advised to seek employment elsewhere. Spies are supposed to be short -- under 180 centimeters for men -- and nondescript. As a branch of the civil service, MI5's headquarters are presumably non-smoking, and drinking on the job is frowned upon. As intelligence agencies, MI5 and MI6 staff aren't in the business of ruthlessly wiping out enemies of the state: any decision to use lethal force lies with the Foreign Secretary, the COBRA committee, and other elements of the British government's security oversight bureaucracy. An MI6 agent driving a 1933 Bentley racer with a supercharged engine, frequenting the high-stakes table at a casino as James Bond so memorably did in his first print appearance, is an almost perfect inversion of the real picture.

Nevertheless, the archetype has legs. James Bond continued to grow and evolve, even after his creator put away his cigarette holder for the last time. To some extent, this was the product of storytelling expediency. The film adaptations started in the middle of a continuing story arc -- for Fleming wrote his novels with a modicum of continuity -- and while "Dr No" was the first to make it to celluloid, the novel was in fact a sequel to "From Russia With Love" (which was filmed second). Thus, various liberties were taken with the plot of the canonical novels, right from the start. You can re-read the novels at length without finding anything of the banter between Bond and M's secretary Moneypenny that is a recurrent theme of the films, for example, and that's before we get into the bizarre deviations of the mid-period Roger Moore movies (notably "The Spy Who Loved Me" and "Moonraker").

The literary James Bond is a creature of pre-war London clubland: upper-crust, snobbish, manipulative and cruel in his relationships with women, with a thinly-veiled sadomasochistic streak and a coldly ruthless attitude to his opponents which verges on the psychopathic. Over the years, his cinematic alter ego has acquired the stamina of Superman, learned to defy the laws of physics, ventured into space -- both outer and inner -- and deflowered more maids than Don Juan. He's also mutated to fit the prejudices and neuroses of the day, dabbling with (gasp!) monogamy, and hanging out with those heroic Afghan mujahideen in the late-eighties AIDS-and-Soviets-era "The Living Daylights". He's worked under a post-feminist ball-breaking 'M' in "Goldeneye", and even confronted a female arch-villain in "The World is Not Enough" (an innovation that would surely have Fleming, who formed his views on appropriate behavior for the fairer sex in the 1920s, rolling in his grave). But other aspects of the Bond archetype remain timeless. Fleming was fascinated by fast cars, exotic locations, and intricate gadgetry, and all of these traits of the original novels have been amplified and extrapolated in the age of modern special effects.

Just how does James Bond -- a "sexist, misogynist dinosaur, a relic of the Cold War", to use the words the script-writers on "GoldenEye" so tellingly put into M's mouth -- survive in the popular imagination more than fifty years after his literary birth? What does it mean when Mary-Sue stalks the landscape of the imagination, blasting holes in the plot with a Walther PPK (or the P99 he upgraded to in "Tomorrow Never Dies")? If we're going to understand this, perhaps we ought to start by looking at Bond's dark shadow, the Villain.

2. In search of Mabuse

Bond is, if you judge him by his work, a nasty fellow and not one you'd choose to lend your car to: to make this rough diamond glitter it is necessary to display him against a velvet backdrop of darkest villainy. If you strip the Bond archetype of the bacchanalia, glamorous locations, and fashion snobbery, you end up with an unappetizingly shallow, cold-blooded executioner -- the likes of Adam Hall's Quiller or James Mitchell's Callan, only without the breezy cynicism, or indeed any redeeming features at all. The role of adversary is thus a critical one in sustaining the appeal of the protagonist. Fleming set out to depict a hard-edged contemporary world where the usual black-and-white picture of the pre-war thriller had blurred and taken on some of the murky grey-on-grey ambiguity of the cold war era; Bond was the knight in shining armor, fighting for virtue and the free world against the dragon -- be they Mr. Big, Dr. No, Auric Goldfinger, or the looming shadow of Bond's greatest enemy of all, Ernst Stavro Blofeld, Number One of SPECTRE, the Special Executive for Counter-intelligence, Terrorism, Revenge and Extortion.

It is interesting to note that Blofeld assumed his primacy as Bond's #1 enemy only in the movie canon; Fleming originally invented him while working on the screenplay and novel of "Thunderball", and used him subsequently in "On Her Majesty's Secret Service" and "You Only Live Twice". (Prior to these later books, Bond typically tussled with less corporate enemies -- Soviet stooges, unregenerate Nazis, and psychotic gangsters.) Blofeld was born out of mere corporate expediency. Rather than demonize the Soviets and reduce their potential audience, the producers of the film of "From Russia With Love" appropriated SPECTRE as the adversarial organization. With the success of "Thunderball", the third of the films, Blofeld moved front and center and acquired a life of his own that far exceeded his prominence in the novels. Arguably, Fleming's death in 1964 freed up the movie series to diverge from their original author's plans; and so Blofeld may be seen as a demon of necessity, conjured up from the vasty depths in order to provide Bond with a worthy adversary.

'Twas not always so. Back at the turn of the 20th century, around the time that the British spy thriller was gradually cohering out of the mists of the penny dreadful and the literature of suspense (via the works of John Buchan and Erskine Childers -- not to mention the tangential contributions of Arthur Conan Doyle, by way of Sherlock Holmes) there was no great dualistic vision of the great champion confronting the villainous heart of evil. There was no great champion: we were on our own against the masters of night and mist, the great and terrible super-criminals. Professor Moriarty, Holmes' nemesis -- the Napoleon of Crime -- was but one of these: Fantômas, the 1911 creation of Pierre Souvestre and Marcel Allain, is another. The emperor of crime, Fantômas was a master of disguise and an agent of chaos (not to mention standing astride Paris in black mask, top hat and tails, in the posters for the 1913 movie of the same name: an icon of decadent wealth and criminal chaos). Nor was he alone. Guy Boothby's 1890's super-villain Dr Nikola fits the bill too, right down to the fluffy lap-cat and the fiendish plans. But perhaps the root of Bond's nemesis can be found in his full-fledged form somewhat later, and somewhat further to the east -- in the guise of Dr. Mabuse.

Dr. Mabuse is an archetype and a runaway media success in his own right, famous from five novels and twelve movies. The Doctor was created in 1922 by author Norbert Jacques, and was developed into one of the most chilling creations of the silent era by no less a director than Fritz Lang. Mabuse is a name, but one that nobody in their right mind speaks aloud. He's a master of disguise, naturally: and a rich, well-connected socialite and gambler. (Some social context: gambling at the high stakes table is no so much an innocuous recreation as an obscenity, in a decade of hyper-inflation and starvation, with crippled war veterans dying of cold on the street corners, as was the case in Weimar Germany). Mabuse has his fingers in every pie, by way of a syndicate so shadowy and criminal that nobody knows its extent; he's a spider, but the web he weaves is so broad that it looks like the whole of reality to the flies trapped in it. He is (in some of the stories) a psychiatrist, skilled in manipulation, and those who hunt him are doomed to become his victims. If Mabuse has a weakness it is that his schemes are over-elaborate and tend to implode messily, usually when his most senior minions rebel, hopelessly late; nevertheless, he is a master of the escape plan, and with his ability to brainwash minions into playing his role he's a remarkably hard phantom to slay.

It is all too easy to make fun of the likes of Fantômas and Dr. Nikola, and even their modern-day cognates such as Dr. Mabuse and Ernst Stavro Blofeld; for do they not represent such an obsessively concentrated pinnacle of entrepreneurial criminality that, if they really existed, they would instantly be hunted down and arrested by INTERPOL?

Careful consideration will lead one to reconsider this hasty judgment. Criminology, the study of crime and its causes, has a fundamental weak spot: it studies that proportion of the criminal population who are stupid or unlucky enough to get caught. The perfect criminal, should he or she exist, would be the one who is never apprehended -- indeed, the one whose crimes may be huge but unnoticed, or indeed miscategorized as not crimes at all because they are so powerful they sway the law in their favor, or so clever they discover an immoral opportunity for criminal enterprise before the legislators notice it. Such forms of criminality may be indistinguishable, at a distance, from lawful business; the criminal a paragon of upper-class virtue, a face-man for Forbes.

When the real Napoleons of Crime walk among us today, they do so in the outwardly respectable guise of executives in business suits and thousand-dollar haircuts. The executives of Worldcom and Enron were denizens of a corporate culture so rapacious that any activity, however dubious, could be justified in the name of enhancing the bottom line. They have rightfully been charged, tried, and in some cases jailed for fraud, on a scale that would have been the envy of Mabuse, Blofeld, or their modern successor, Dr. Evil. When you need extra digits on your pocket calculator to compute the sums you are stealing, you're in the big league. Again, when you're able to evade prosecution by the simple expedient of appointing the state prosecutor and the judges -- because you're the President of a country (and not just any country, but a member of the rich and powerful G8) -- you're certainly not amenable to diagnosis and detection in the same sense as your run-of-the-mill shoplifter or petty delinquent. I'm naming no names (they have intelligence services! Cruise missiles!) but this isn't a hypothetical scenario.

3. Interview with the Entrepreneur

In an attempt to clarify the mythology surrounding James Bond, I tracked his old rival down to his headquarters in the Ministry of Inward Investment in the breakaway Republic of Transdniestria. Somewhat suspicious at first, Mr. Blofeld relaxed as soon as he realized I was not pursuing him on behalf of the FSB, CIA, or IMF, and kindly agreed to be interviewed for this book. Now aged 72, Blofeld is a cheerful veteran of numerous high-tech start-ups, and not a few multinationals where, as a specialist in international risk management and arbitrage, he applied his unique skills to business expansion. Today he is semi-retired but has agreed to work in an voluntary capacity as director of the State investment agency.

"It took me a long time to understand the agenda that the British government was pursuing through the covert activities of MI6," he told me over a glass of sweet tea. "Call me naive, but I really believed -- at least at first -- that they were honest capitalists, the scoundrels."

Over the course of an hour, Ernst explained to me how he first became aware that the UK was attempting to sabotage his business interests. "It was back in 1960 or thereabouts that they first tried to destroy one of my subsidiaries. Until then I hadn't really had anything to do with them, but I believe one of my rivals in the phosphate mining business put it about that my man on site was some sort of spy, and they sent this Bond fellow -- not just to arrest him or charge him with some trumped-up nonsense, but to kill him." His lips paled with indignation at he contemplated the iniquity of the situation: that agents of the British government might go after an honest businessman for no better reason than an unsubstantiated allegation that he was spying on American missile tests. "I warned Julius to be careful and advised him to put a good lawyer on retainer, but what good are lawyers when the people you're up against send hired killers? Julius brought in security contractors, but this Bond fellow still murdered him in the end. And the British government denies everything, to this day!"

Ernst obviously believes in his own moral rectitude, but I had to ask the obvious questions, just for the record.

"Yes, I was chief executive of SPECTRE for twelve years. But you know, SPECTRE was entirely honest about its activities! We had nothing to hide because what we were doing was actually legal. We've been mercilessly slandered by those rogues from MI6 and their friends in the newspapers, but the fact is, we're no more guilty of criminal activity than any other multinational today: we simply had the misfortune to be foreign and entrepreneurial at a point in time when Whitehall was in the grasp of the communist conspirators Wilson and Callaghan and their running-dog so-called 'conservative' fellow Heath. And we were pilloried because what we were doing was in direct competition with the inefficient state-run enterprises that my good friend Lady Thatcher recognized as mosquitoes battening on the life-blood of capitalism. That cad Fleming put it about that SPECTRE stands for 'Special Executive for Counterintelligence, Terrorism, Revenge and Extortion' -- absolute tosh and nonsense! Would a group of criminals really call themselves something that blatant? I'll remind you that SPECTRE is actually a French acronym, as befits a non-profit charity incorporated in Paris. The name stands for 'Société Professionelle et Ethique du Capital Technologique Réinvestissement par les Experts.' Venture capitalists specializing in disruptive new technologies, in other words -- commercial space travel, nuclear power, antibiotics. Not some kind of half-baked terrorist organization! But you can imagine the threat we posed to the inefficient state monopolies like the British Aircraft Corporation, the coal mining industry, and Imperial Chemical Industries."

Blofeld paused to sip his tea thoughtfully.

"We were ahead of our time in many ways. We pioneered business methods that later became mainstream -- Sir James Goldsmith, Ronald Perelman, James Icahn, they all watched us and learned -- but by then, the commies were out of power in the west thanks to our friends in the establishment, so they had an easier time of it. No need to hire lots of expensive security and build concrete bunkers on desert islands! And yes, that made us look bad, don't think I'm unaware of it -- but you know, you want bunkers and isolated jungle rocket launch bases? All you have to do is look at Arianespace! It's fine when the government bureaucracies do it, but if an honest businessman tries to build a space launch site and hires security to keep the press and saboteurs from foreign governments out, it's suddenly a threat to world security!"

He paused for a while. "They put the worst complexion on everything we did. The plastic surgery? Well, we had the clinic, why not let our staff use it, so the surgeons could stay in practice between paying customers? It was a perk, nothing more. We did -- I admit it -- acquire a few companies trading in exotic weapons, non-lethal technologies mostly. And that business with Emilio and the yacht, I admit that looked bad. But did you know, it originally belonged to Adnan Khashoggi or Fahd ibn Saud or someone? Emilio was acting entirely on his own initiative -- a loose cannon -- and as soon as I heard about the affair I terminated his employment."

I asked Ernst to tell me about Bond.

"Listen, this Bond chap, I want you to understand this: however he's painted in the mass media, the reality is that he's a communist stooge, an assassin. Look at the evidence. He works for the state -- a socialist state at that. He went to university and worked with those traitors Philby and Burgess, that MacLean fellow -- communist spies to a man. He didn't resign his commission when the British government went socialist, like a decent fellow: instead he took assignments to go after entrepreneurs who were a threat to the interests of this socialist government, and he rubbed them out like a Mafia button man. There was no due process of law there, no respect for property rights, no courts, no lawyers -- just a 'License to Kill' enemies of the state, loosely defined, who mostly happened to be businessmen working on start-up projects that coincidentally threatened state monopolies. He's a damned commissar. Do you know why Moscow hated him? It's because he'd got them beat at their own racket."

Blofeld was clearly depressed by this recollection, so I tried to change the subject by asking him about his personal management philosophy."

"Well, you know, I tend to use whatever works in day to day situations. I'm a pragmatist, really. But I've got a soft spot for modern philosophers, Leo Strauss and Ayn Rand: the rights of the individual. And I've always wanted to remake the world as a better place, which is probably why the establishment dislike me: I'm a threat to vested interests. Well, they're all descended from men who were threats to vested interests too, back in the day: only I threaten them with new technologies, while their ancestors mostly did their threatening with a bloody sword and the gallows. I don't believe in initiating force." He laughs self-deprecatingly. "I suppose you could call me naive."

4. Trade Goods

When I played back my tape of our discussion, it took me some time to notice that Ernst had carefully steered the conversation away from certain key points I had intended to quiz him about.

One of the most disturbing aspects of the Bond milieu is the prevalence of technologies that are strangely out of place. Belt-buckle grappling hooks with wire spools that can support a man's weight? Laser rifles? These aren't simple extrapolations of existing technology -- they go far beyond anything that's achievable with today's engineering tools or materials science. But forget Bond's toys, the products of Q division. From Blofeld's solar-powered orbital laser in "Diamonds are Forever" to Carver's stealthed cruiser in "Tomorrow Never Dies", we are surrounded by signs that the adversary has got tricks up his sleeve that far outweigh anything Bond's backers can provide. These menacing intrusions of alien super-science -- where can they possibly have got them from?

The answer can be discerned with little difficulty if one cares to scrutinize the writings of the sage of Providence, Howard Phillips Lovecraft. This scholar -- whose path, regrettably, never crossed that of the young Ian Fleming -- asserted that our tenancy of this planet is but a recent aberration. Earth has in the past been home for a number of alien species of vast antiquity and incomprehensibly advanced knowledge, and indeed some of them may still linger on alongside us -- on the high Antarctic plateau, in the frigid oceanic depths, even in strange half-breed colonies off the New England coastline.

If this strikes you as nonsensical, first contemplate your nearest city: how recognizable would it be in a hundred years' time if our entire species silently vanished away tomorrow? How recognizable would it be in a thousand years? Would any relics still bear witness to the once-proud towers of New York or Tokyo, a million years hence? Our future -- and the future of any once-proud races that bestrode our planet -- is that of an oily stain in the shale deposits of deep history. Earth's biosphere and the active tectonic system it dances on cleans house remorselessly, erasing any structure that is not alive or maintained by the living.

Consider also the extent to which we really occupy the planet we live on. We think of ourselves as the dominant species on Earth -- but 75% of the Earth's entire biomass consists of bacteria and algae that we can't even see with the naked eye. (Bacteria from whose ranks fearsome pathogens periodically emerge, burning like wildfire through our ranks.) Nor do we, in any real sense of the word, occupy the oceans. Certainly our trawlers hunt the bounty of the upper waters. But submarines (of which there are only a few hundred on the entire planet) fumble like blind men through the uppermost half kilometer of a world-ocean that averages three kilometers in depth, unable to dive beneath their pressure limits to explore the abyssal plains that cover nearly two thirds of the planetary surface. Finally, the surface (both the sub-oceanic abyss and the thin skin of dry land we cling tenuously to) is but a thousandth of the depth of the planet itself; we can't even drill through the crust, much less contemplate with any certainty the nature of events unfolding within the hot, dense mantle beneath.

We could be sharing the planet with numerous powerful alien civilizations, denizens of the high energy condensed-matter realm beneath our feet, and we'd never know it -- unless they chose to send emissaries into our biosphere, sprinkling death rays and other trade goods like glass beads before the aboriginal inhabitants, extracting a ghastly price in return for their largesse ...

5. A Colder War?

James Bond was a creature of the Cold War: a strange period of shadow-boxing that stretched from late 1945 to the winter of 1991, forty-six years of paranoia, fear, and the creepy sensation that our lives were in thrall to forces beyond our comprehension. It's almost impossible to explain the Cold War to anyone who was born after 1980; the sense of looming doom, the long shadows cast by the two eyeball-to-eyeball superpowers, each possessing vast powers of destruction, ready and able to bring about destruction on a planetary scale in pursuit of their recondite ideologies. It was, to use the appropriate adjective, a truly Lovecraftian age, dominated by the cold reality that our lives could be interrupted by torment and death at virtually any time; normal existence was conducted in a soap-bubble universe sustained only by our determination to shut out awareness of the true horrors lurking in the darkness outside it, an abyss presided over by chilly alien warriors devoted to death-cult ideologies and dreams of Mutually Assured Destruction. Decades of distance has bought us some relief, thickening the wall of the bubble -- memories misting over with the comforting illusion that the Cold War wasn't really as bad as it seemed at the time -- but who do we think we're kidding? The Cold War wasn't about us. It was about the Spies, and the Secret Masters, and the Hidden Knowledge.

It's no coincidence that the Cold War was the golden age of spying -- the peak of the second-oldest profession, the diggers in the dark, the seekers after unclean knowledge and secret wisdom. Prior to 1939, spying of the international kind rather than the sordid domestic variety (let us pass swiftly over the sordid Stasi archives of sealed glass jars full of worn underwear, kept as scent cues for the police dogs) was a small scale, largely amateurish concern. With the outbreak of the second world war it mushroomed. Faced with employment vacancies, the first response of a growing organization is to recruit close to home. Just like any 1990s dot-com startup, growing as the founders haul in all their friends and anyone they know who has the right skill set, the 1940s espionage agencies were a boom town into which a well-connected clubbable London playboy would inevitably be sucked -- and, moreover, one where he might try his hand and succeed, to everyone's surprise. (In the 1990s he'd end up in marketing, with stock options up to here. Sic transit gloria techie.)

When the Second World War gave way to the doomwatch days and Strangelove nights of the Cold War, it entered a period in which the same clubbable fellow might find himself working in a mature organization, vastly larger and more professional than the half-assed amateurism of the early days. The CIA was born in the shadow of the wartime OSS, and grew into the emblematic Company (traders in secrets, overthrowers of governments), locked in titanic struggle with that other superpowered rival, the KGB (and their less well known fellows in the GRU).

The age of the traditional sneak-spies with their Minox cameras gave way to the era of the bugging device. With the 1960s came a new emphasis on supplementing human intelligence (HUMINT) with intelligence from electronic sources (ELINT). New agencies -- the NSA in the United States, GCHQ in the UK -- expanded as the field of "spyless spying" went mainstream, aided by the explosion in computing power made possible by integrated circuits and, later, the microprocessor. As telephony, television, telex, and other technologies began to come online a torrent of data poured through the wires, a deluge that threatened to drown the agencies in useless noise. Or was it the whispering on the deep-ocean cables? Maybe the chatter served to conceal and disguise the quiet whispering of the hidden oracles, dribbling out strange new concepts that warped the vulnerable primate minds to serve their inscrutable goals. The source of the incredible new technologies that drove the advances of the middle of the twentieth century was, perhaps, the whispering of an alien farmer in the ears of his herd ...

Times change, and the golden age of spying is over. We've delivered the harvest of fear that the secret masters desired; or maybe they've simply lost interest in us for the time being. Time will tell. For now, be content that it's all over: the Cold War was a time of strangely rapid technological progress, but also of claustrophobic fear of destruction at three minutes' notice, of the thermonuclear stars coming right and bringing madness and death in their wake. Retreat into your soap-bubble universe, little primate, and give thanks.

From the perspective of the 21st century, Bond was a poor archetype for a hero; certainly he couldn't save us from the gibbering horrors of the Cold War, but only cast a shadow beneath their unblinking ground-zero glare. But we found salvation in the end, in the most unlikely place of all: if you turn on the TV you're likely to see one of old Ernst's protégés being held up for praise as an object of emulation. President of Italy, captain of industry, or chief executive of Enron -- SPECTRE won and it's their world that we live in, the world of the lesser evil.

13:14

Issue 46 – Greta’s Wedding – 11 [Comics Archive - Spinnyverse]

The post Issue 46 – Greta’s Wedding – 11 appeared first on Spinnyverse.

12:35

Error'd: Microbits [The Daily WTF]

This week we have got a couple of Mathanon's. Maybe they're the same person, maybe they're not, there's really no way to know!

Frist anon has a "Numeric fun fact" for us: "Got a form sent from work to express interest in some event. They actually enforced the validation that the answer must be a number, so I submitted "42"." Bravo.

Next anon has a different numeric fun factor: "The SAS website wants us to know the size of the file behind the link down to the nanobyte precision." They split the bit! That must be what this quantum computing thing is about.

Conscientious dad Mark R. takes all the responsibilities. "My kid's school ensures they're legally covered on all things said and unsaid."

Philipp H. points out "The Redmond philosophers have created something the old Greek philosophers will have to rethink. Or is this a pun on Schrödinger's Cat? German→English translation: "We cannot bring/transfer/switch you to this message because you're in a chat, in which you're not in.""

We haven't heard from Michael R. in a while. Here he is with a pithy "The irony is not lost on me."

Happy Juneteenth to those who celebrate.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

12:14

Anthropic’s Fable and the State of AI [Schneier on Security]

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone.

The government’s actions won’t help. The problem isn’t any one particular model; it’s the general trend of increasing AI capabilities. And any real solution requires the sort of collective action that just isn’t possible right now.

Fable is the constrained version of Mythos, the AI model Anthropic announced in April. Anthropic only released it to a few selected organizations, because the company claimed it was so good at finding and exploiting vulnerabilities in computer code that releasing it more generally would be dangerous.

It was an obviously self-serving announcement, and because few were able to verify Anthropic’s claims they were met with some skepticism. Those with access used Mythos to find and patch many vulnerabilities in their own software. But one UK group found the latest, already public, OpenAI model to be just as powerful.

Fable is just another incremental improvement in the years-long climb of AI capabilities. But just as important as the AI model is the “harness.” This is typically not AI. It’s ordinary computer code that interfaces with the user. It stitches together AI models, decides how and for what purposes they can be used, and gives them useful tools such as web search and the ability to run their own computer code.

When Mythos first entered limited release, there was widespread debate whether its power came from the model or the harness. With Mythos demonstrating that it was possible, the open-source community scrambled to build harnesses that could steer other AI models towards similar capabilities. Harness improvements don’t need massive data or data centers.

They largely succeeded. For example, a Prague company was able to replicate Anthropic’s few verifiable cybersecurity capabilities with a much smaller and cheaper model—and a more sophisticated harness. Last week, a group showed that multiple cheaper models harnessed in concert matches Fable’s performance.

The broader community had only a few days with Fable, but that time we learned some about its capabilities. Its difference is less the new model’s raw analytical and problem solving capabilities, and more that the model doesn’t need that sophisticated harness.

Fable requires much less expertise and detailed prompting from the human user. You can give it a difficult goal and it will figure out novel and unexpected ways to satisfy it, finding loopholes in whatever constraints you or the system have imposed on it.

“Relentlessly proactive” is how AI researcher Simon Willison described it. Another descriptor might be “creative.” Experienced AI developers have had that combination of creativity and proactivity since last year, but Fable puts it within easy reach of everyone.

In the hands of someone with a legitimate problem that needs solving, that can be an incredibly useful capability. But in the hands of someone who wants to do harm, it can be equally dangerous. AIs don’t have a moral compass in the same way that people do. They are agents of the wants and desires of the people who prompt them.

That points to the real problem with relentlessly proactive AI. In language, wants and desires are always underspecified. If I ask you to get me some coffee, you would probably pour me a cup from the coffeepot, or buy one from a nearby coffee shop.

You couldn’t buy me a pound of raw beans, or a coffee plantation. You wouldn’t order a cup of coffee for delivery next month. You wouldn’t find a nearby person, rip a cup of coffee out of their hands, and bring it to me. I wouldn’t have to specify any of the million limitations to my request; you would just know.

Human stories are filled with warnings about underspecified desires. King Midas wished that everything he touch turn to gold, forgetting to add “but not my food, drink, and daughter.” And genies are notorious for granting your wish in a way you wish they hadn’t.

The deeper point is that it’s impossible to list all limitations and restrictions, and like a malicious genie, a creative AI will find the ones you forgot. Block a database you don’t want it to have access to, and it might figure out how to bypass your control. Ask it to book a flight, and it might hack the airline because the website says the flight is sold out. Ask it to save money on your cellphone plan, and it might cancel it altogether—or get someone else to pay for it. As far as we know now AI has not done any of this yet, but you get the idea.

Malicious intent is not required. To an AI model, constraints are just things to get around and not general truisms about the world. They are creative problem solvers and natural rule breakers. They “hack” in the sense that they find and exploit loopholes.

Human systems rely on so many norms that we scarcely recognize the existence of until they are broken. AIs naturally think outside the box, because they don’t have any real conception of what the box is or why it’s there in the first place.

There is no foolproof way to prevent people from using AI models to complete harmful tasks. There is no way to prevent the models from incidentally causing harm while completing benign tasks. AI models are no longer isolated from the real world. They browse the internet and answer emails.

They trade stocks and make purchases. They control physical systems. They are, in effect, robots that affect life and property. We have no technical mechanisms to verify the integrity of an AI system. This level of capability and creativity in the hands of us untrustworthy humans will have both great and terrible results.

The problem is not unique to Anthropic. Mythos/Fable might currently be the most capable rules hacker, but more sophisticated harnesses give other models similar capabilities. And we should assume that the other frontier models are no more than a few months behind, and that open-source models are less than a year behind. At best, any ban only serves to delay the problem for a short while.

That delay might be useful if we—as a society, as a planet—would use that time to come together and figure out what to do. This isn’t a US/China arms race problem; this a species-level problem that requires coordinated action at that scale. Unfortunately, we have no mechanism to do that. I first wrote about this problem five years ago, but it was all too futuristic.

Today, when its right in front of us, there is no world government that can impose constraints on the for-profit corporations currently controlling AI models and research. The US has no appetite to effectively and even-handedly regulate those corporations, even as they do catastrophic damage to the environment, democracy, and—in this case—society in general.

This all makes an AI public option all the more necessary, and urgent. Today’s AIs can be fast, smart and secure, but only two of the three are possible for any given system. These safety tradeoffs are tightly held secrets of companies racing to beat one another, and they tell us we have to trust them. Instead, the choices and their consequences need to be brought out into the sunlight.

We should be funding open-source harnesses that balance capability and safety—that achieve useful goals without so much power—and open-source AI models whose provenance and biases are public and well understood. We have opened the AI Pandora’s box. Now we have to make the best of it.

This essay originally appeared in The Guardian.

10:56

The UK’s New Under-16 Social Media Ban Will Cause More Harm Than It Prevents [Deeplinks]

This week, politicians in the UK pushed forward with plans to eviscerate privacy and free speech on the internet by announcing a ban on social media for users under 16 that is set to take effect in Spring 2027.

The UK government continues to falsely characterize this policy as a necessary response to growing concerns about online harms for young people. In reality, much like the Online Safety Act, it will cause more harm than it will prevent.

Users of all ages are burdened with proving their age before accessing content, with social media platforms such as Snapchat, TikTok, YouTube, Instagram, Facebook, and X included in the ban. There remains no reliable, privacy-preserving method of verifying the age of every internet user and methods vary from one platform to the next.

Young people will not simply be protected from being contacted by adults or endlessly scrolling—they’ll also lose access to educational videos on YouTube, local events on Facebook, and potentially cut off from distant friends and family.

Public policy must be effective, proportionate and respectful of fundamental rights. Young people deserve better than a policy built on panic, and all internet users deserve a safe and free internet. A social media ban generates headlines, but it will not solve the problem.

A Brief History of Age-Gating in the UK

Age restriction proposals in the UK date back to a decade ago, when the proposed Digital Economy Bill was put forth to (among other things) restrict young people from accessing pornographic websites. While the Digital Economy Act of 2017 passed without age-based restrictions, it laid the groundwork for later age verification measures.

Over the next few years, age checks for porn websites were announced then delayed several times. But it wasn’t until a consultation under the 2016-2019 May government and the 2020 publication of the Online Harms Whitepaper that age verification became a broader idea.

In 2023, the UK passed the controversial Online Safety Act, establishing powers that could weaken privacy protections and freedom of expression for internet users worldwide. In July 2025, the government implemented age assurance measures on sites hosting “harmful” content.

And despite politicians affirming repeatedly that the Online Safety Act would solve all of the problems with online safety, this year they decided it in fact did not go far enough. American social psychologist and The Anxious Generation author Jonathan Haidt—who has called for age-related social media bans around the world, despite significant scientific doubt about his research—met with the UK Health Secretary in February to push for the ban.

In March, politicians introduced plans for a social media ban into the Children’s Wellbeing and Schools Bill to “prevent children under the age of 16 from becoming or being users” of “all regulated user-to-user services,” to be implemented by “highly-effective age assurance measures”—effectively banning under-16s from social media.

When this proposal came before the House of Commons, MPs defeated and proposed their own amendment: enabling the Secretary of State to introduce provisions “requiring providers of specified internet services” to prevent access by children, under age 18 rather than 16, to specified internet services or to specified features; and to restrict access by children to specified internet services which ministers provide.

But the social media ban does not stop there. The provision also requires internet service providers to limit the time kids spend online, and has rules about who can contact them online. These extreme rules will take decisions about using technology away from families and put them in the hands of government regulators.

The history of this proposal shows that the UK government has repeatedly returned to the same flawed idea: restricting access to online services by requiring age checks for everyone. But the fundamental problems have not changed. There is still no widely available way to verify age online without compromising privacy—but even if there were, broad restrictions on social media will inevitably limit access to lawful speech, and valuable online communities, and arts and culture.

EFF Joins 60+ Groups Urging the UK to Halt Face Estimation at the Border [Deeplinks]

This week, EFF joined Foxglove, Human Rights Watch, and 60 other organizations in writing to the UK’s Minister of State for Border Security and Asylum, Alex Norris, raising serious concern about the Home Office’s decision to deploy Facial Age Estimation (FAE) to assess asylum-seeking children from 2027.

The letter points to four key concerns:

Discrimination

As with most face estimation and recognition tools, there is ongoing bias in the deployment of these technologies. With FAE, many have highlighted its baked-in failures and discrimination, particularly in relation to women and people of color. Evidence shows that FAE is most accurate for estimating the ages of Eastern European men, but even then it consistently produces errors. The Home Office itself noted “that FAE performance can vary depending on ethnicity” and skin tone.

Inaccuracy

The Home Office has admitted that FAE systems are imprecise for analyzing 16-to 18-year-olds, with even the “top systems” having an “error margin of around 2.5 years here.” This is exactly the age range for which the Home Office has chosen to deploy this technology. And this error margin will be widened yet further because children seeking asylum often suffer from trauma-induced aging.

Lawfulness of Use of Children’s Data

Major concerns exist around the lawful basis on which the Home Office, or its chosen third-party FAE vendors, could have sought consent to collect and process photographs or data from asylum-seeking children to train this system. Further, there is no clarity on the images and/or data that this technology has been trained on.

Lack of Necessary Disclosure

The Home Office claims “extensive testing has already been carried out across diverse groups, including different ethnicities, genders and age ranges, indicating promising performance and accuracy.” But these purported “promising” results have not been published, nor have any Equality or Data Protection Impact Assessments.

The letter continues by requesting clarification on several key questions regarding these concerns. EFF and partners have provided the UK government 21 days for a response, and we urge the Home Office to take on this uphill task in good faith and release the information.

You can read the letter in full here.

10:49

Irregular Webcomic! #3157 [Irregular Webcomic!]

Irregular Webcomic! #3157

10:07

The gap between true and known [Seth's Blog]

We have more agency and choice than we know.

And sometimes, when the awareness of our freedom arrives, it’s too late to reclaim the opportunities we missed.

Some of the walls around us are real—built by people who have no right to build them, who profit from our staying put.

And some of the walls aren’t walls at all. A door we never tried, because no one told us it was unlocked.

Perhaps, instead of waiting for certainty, we act as if, just for now, to explore what’s possible.

Too often, we’re held back unfairly by others who have no right to do so. But sometimes, we hold ourselves back simply because we didn’t know we had a choice.

09:14

Widow's Bae [Penny Arcade]

New Comic: Widow's Bae

07:00

Junichi Uekawa: looking for last. [Planet Debian]

looking for last. I realized it's gone. what's my replacement?

05:49

How Do You Like Them Apples? [Ctrl+Alt+Del Comic]

Some of our weeks in the spring definitely feel like this.

The post How Do You Like Them Apples? appeared first on Ctrl+Alt+Del Comic.

Girl Genius for Friday, June 19, 2026 [Girl Genius]

The Girl Genius comic for Friday, June 19, 2026 has been posted.

00:00

Canada Is Forging Ahead with Its Dangerous Surveillance Bill [Deeplinks]

With no serious debate, including on proposed amendments, Canada is blazing full speed ahead with Bill C-22, which would threaten encryption and increase surveillance. Also known as the Lawful Access Bill, Bill C-22 is currently moving forward quickly to a vote despite the many, many criticisms civil liberty groups and the tech industry have hurled at it.

As we’ve discussed before, Bill C-22 is dangerous on multiple levels. It pushes for requirements for metadata retention, expands information sharing with foreign governments, and establishes a mechanism that allows Canada’s Ministry of Public Safety to demand that companies create backdoors, effectively breaking encryption. That mechanism was a key facet of Part 2 in Bill C-22, and the government prevented it from being independently debated.

In a deep analysis of the bill, Citizen Lab and the Canadian Civil Liberties Association detail every one of flaws of this proposal, concluding that most elements are unsalvageable.

A wide range of tech companies agree. Signal, Apple, Google, and several VPN providers oppose the bill, and some have said they’d likely be forced to either cut Canadians off from certain features or shut down services in Canada altogether.

The Canadian government wants this dangerous, complicated, overreaching bill passed before June 19. Bill C-22 is riddled with privacy problems that affect millions of people. It should be debated and studied fully, not jammed through on an arbitrary deadline.

OpenMedia is offering a tool for Canadians to contact their elected representatives about the bill. Actions taken on OpenMedia's website are governed by OpenMedia's privacy policy, not EFF's.

EFF Thanks SerpApi For Helping Us Protect Free Speech Online [Deeplinks]

EFF is grateful for SerpApi’s generous support, helping us fight for your rights to speak and access information online. SerpApi has been giving to EFF every year since 2018, and alongside our 32,000 individual donors, their gift is critical to keeping up the fight.

Whether in the courts, halls of power, or broader policy debates, we appreciate the work this support has made possible over the years. Some examples:

We sued the U.S. Department of Homeland Security and Department of State to stop an unconstitutional social media surveillance program to identify and punish individuals who express viewpoints the government disagrees with.
We helped develop the Santa Clara Principles, a framework to reign in overbroad content moderation so that all users are treated fairly and offered consistent tools for recourse if their speech is censored by tech companies.
In the whitepaper Unfiltered: How YouTube’s Content ID Discourages Fair Use and Dictates What We See Online, we pushed back on YouTube for silencing individual creators in the interest of protecting a small number of giant copyright holders.
We stood with whistleblowers and dissidents persecuted for their online speech.
We continued the fight to protect Section 230.

We live in an era when lawful speech and the right to access information are being targeted by Big Tech and governments around the world that are hostile to dissent. Free speech online is core to EFF’s mission, and SerpApi’s support will help us continue the fight to protect everyone’s right to free expression.

Thursday, 18 June

23:14

AmigaOS 2: the greatest upgrade [OSnews]

Five years after releasing the Amiga 1000, Commodore was about to launch the Amiga 3000, their first real high-end Amiga. With a 68030 processor, on-board SCSI and a slightly updated graphics chipset, all in a sleek desktop case, the Amiga was truly ready for the era of professional 32-bit computing. But Moore’s law wasn’t the only thing thad had been pressuring Commodore since the release of the Amiga 1000: The desktop metaphor had matured even further, and the competition had been hard at work. IBM had launched OS/2, Windows 3.0 had turned Microsoft’s offering from a proof of concept into something actually usable, and new players had entered the scene – among them NeXTStep, with its polished 3D look.

It was time to bring AmigaOS, too, into the 1990s.
↫ Carl Svensson

It’s interesting – there’s a lot of focus on the first version of the Amiga operating system and the third one, but you don’t hear a lot about AmigaOS 2.x. It turns out this is rather odd, because as Svensson details, this version came with an absolute ton of changes and improvements, from an entirely new widget toolkit to a brand new file system, and so much more. The new widget toolkit and accompanying style guide also ensured that the operating system looked, felt, and behaved consistently.

Remember when we cared about that?

There’s so much more cool features, though, like command history, line editing, universal clipboard support and more just for the CLI, as well as something called Commodities. These were tiny little programs managed from a central location, which didn’t even need a GUI to work. Commodities included by default were things like ClickToFront, a focus-follows-mouse option, and more. Oh and of course, BASIC was replaced by ARexx.

The list just keeps going, and you should really read Svensson’s article.

22:28

Why doesn’t GetLastInputInfo() return info for the user I’m impersonating? [The Old New Thing]

A customer had a Windows NT service process, and from that service process, they wanted to obtain the last input time for all signed-in users. Their strategy was to use WTSQueryUserToken() to get the token for each user, use that token to impersonate the user, and then call GetLastInputInfo() to get the last input time for that user. Unfortunately, the function always return the last input info for the service session, and since services are not interactive, it always says that there has been no input since the system booted.

Does GetLastInputInfo() work with impersonation?

Recall that the default answer to “Does this work when impersonating?” is “No”. And in fact, the documentation for GetLastInputInfo() explicitly says that it doesn’t, if you read it closely.

This function is useful for input idle detection. However, GetLastInputInfo does not provide system-wide user input information across all running sessions. Rather, GetLastInputInfo provides session-specific user input information for only the session that invoked the function.

I underlined the important part. It reports on the last input information for the session that invoked the function. When the service impersonates, it updates its security context to align with that of the user being impersonated, but it doesn’t change the fact that that it is still running in session zero, the service session.

If you need to get last input information from another session, you will need a friend in that session to call it for you. Typically this is done by launching a helper process into the target session: The helper process collects the information you want and then sends the information to the service.

Bonus chatter: A related question is “Does GetAsyncKeyState from a service?” The answer is technically yes, it works. However it probably doesn’t work the way you think. It returns the asynchronous key state for the desktop that the service is running in. And since services run in a non-interactive session, that desktop will never see any keyboard activity.

The post Why doesn’t <CODE>GetLastInputInfo()</CODE> return info for the user I’m impersonating? appeared first on The Old New Thing.

20:56

Call for Submissions: Digital Pride [Deeplinks]

This Pride season, join EFF and the Queer Arts Collective in building a creative space at the intersection of digital justice and artistic expression.

We’re looking for fresh, untold, historically censored takes on digital liberation.

Whether it’s pointing the lens towards an issue you feel is underrepresented in digital justice efforts; sharing personal accounts of joy, pleasure, or sorrow under surveillance; painting your widest imagination for our communities using technology for good instead of carcerality and doom—we want to see it and we want it to expand our own understanding of what’s important and beautiful.

We’re going to be curating between five and nine art pieces across writing (fiction, nonfiction, poetry) and visual arts (photography, drawing, painting). We welcome fluidity in medium and genre, and cross-genre works of all kinds, such as graphic storytelling and collaborations.

We are looking for works that convey the importance of digital liberation and ways of achieving it, particularly from under-represented perspectives. Pieces will be selected based on interpretation of the theme, emotional resonance (does it surprise, move, frighten, delight?), and overall curatorial cohesion for each issue.

Submissions that adhere to the following length guidelines are preferred:

(NON)FICTION - max 1500 words
POETRY - max 2 poems
VISUAL ARTS - max 1 artwork, which can be a serialized collection.

Please submit to paige+pride@eff.org by June 30, 2026, including your piece as an attachment and a short bio in the body of the email, alongside anything else we should know about your submission. You can expect to hear back from us around July 31, and we aim to have the first issue published in September. If we select your submission for publication on both EFF and Queer Arts Collective websites, we will compensate you between $25 - $50, depending on the number of pieces published.

There is no fee for entry. Please only submit one piece or a contained series for this call, and wait for us to get back to you before submitting again. If you plan to submit both individually and as part of a collective, one submission in each of these categories applies.

Your submission must be your original work and you must have the legal right to authorize us to publish it, but it need not be created specifically for this project; you may submit a work you have published previously. Please disclose any use of AI in a note in your application—this will not disqualify your entry, though we value transparency of labor exchange.

As attempting to witness art is a highly subjective endeavor, please don't consider not being selected as anything other than circumstantial. We are looking to foster a community of artists working for digital justice, and would love to see more from you in the future.

You will retain all legal rights to your work, but agree to provide EFF and Queer Arts Collective with a non-exclusive and non-time-limited license to publish your work on their websites and other promotional materials, such as in zines.

Meet the Judges

Kit Walsh is an EFF attorney who works to protect the rights of activists, journalists, researchers, and dissenters in order to build a better world. She is also a Nebula-award-winning author and is best known for her tabletop roleplaying game Thirsty Sword Lesbians.

Paige Collings is an EFF activist working to dismantle systems of oppression and advance collective liberation. Her work focuses on highlighting how state surveillance and corporate restrictions stifle marginalized communities and perpetuate historic injustices and harm. She works with activists across the globe to facilitate systemic change by speaking truth to power and creating spaces for alternative imaginations.

The Queer Arts Collective is an NYC-based collective run by queer and racialized artist-activists, looking to make space for art that is deliberately disruptive of structural hierarchies that power the status quo.

A New Bill Takes Aim at Government Pressure to Silence Lawful Online Speech [Deeplinks]

Last week, Senators Ted Cruz and Ron Wyden introduced the Justice Against Weaponized Bureaucratic Overreach to Networked Expression, or JAWBONE Act. The bipartisan legislation creates a federal cause of action against government officials who coerce or attempt to coerce broadcasters, interactive computer services, or AI providers into taking actions against lawful, First-Amendment-protected speech, and establishes a transparency system for government communications with those intermediaries about user expression.

We thank the Senators for their leadership on this important issue. Jawboning occurs when the government pressures private companies to censor speech protected by the First Amendment, and it’s not always obvious to the public or to the victims what has actually happened. Deleting posts or cancelling accounts because a government official or agency demanded it or even made threats in making those demands—just like spying on people’s communications on behalf of the government—raises serious free speech concerns. Among other things, this bill would provide a new legal right to bring claims against the government in federal court, in addition to what the First Amendment provides.

At EFF, we’re continuing to fight back on behalf of those censored by government coercion. One recent example: we represent the creator of ICEBlock, an app that allows the public to report immigration enforcement activity in their communities. In June 2025, high-ranking federal officials began threatening to investigate and prosecute the creator of ICEBlock, Joshua Aaron. In October 2025, the U.S. Attorney General demanded Apple remove ICEBlock from the App Store, and the company complied. The government’s coercion violated Aaron’s First Amendment rights.

We’ve also filed a Freedom of Information Act lawsuit against the same government agencies that threatened Aaron and other services that provided forums to report ICE activity. The lawsuit seeks the disclosure of the government’s communications with Apple, Google, and Meta that forced the services to remove lawful speech.

When federal officials pressure private companies into censoring protected speech, it can violate the First Amendment. But, not every communication from a government agency to a platform is unconstitutionally coercive. Treating legitimate communication and information-sharing between the government and private actors as though it were always unconstitutional would chill the valuable, good-faith engagement that supports a healthier and safer internet and nation for all Americans. This is a complex issue, and one that is important for Congress and the courts to get right.

Finally, contrary to what many in Congress have been saying, social media platforms and other internet intermediaries have their own First Amendment rights to decide how they moderate users’ speech. They are not “state actors” and do not have an obligation under the First Amendment to allow all user speech on their platforms. EFF filed an amicus brief setting out our position in 2018, and we’ve said it in many cases since. The Supreme Court recognized again in the Netchoice cases that these services have a right to curate and edit their users’ speech, whether or not it aligns with the government’s position. And, it’s important to defend that First Amendment right so that governments cannot dictate how to edit a company’s site according to the government’s wishes and desires. To prevent jawboning by default, companies must be free to curate their platforms as they wish.

EFF applauds Senators Cruz and Wyden for taking this critical issue seriously, and we look forward to working with Congress on this bipartisan bill as it moves through the process. We hope it lands on the right balance to provide additional protections for everyday users around freedom of expression.

Court Records Should Be Free [Deeplinks]

Court records belong to the public. Yet anyone seeking access to federal court filings through PACER, a government software system that stands for Public Access to Court Electronic Records, is usually required to pay hefty fees to search for and view documents. PACER’s fees have long acted as a barrier that makes it hard, especially for low income people, to see and understand the work produced by our own public servants.

That's why EFF joined a broad group of organizations supporting the Open Courts Act of 2026, legislation that would modernize the federal courts' electronic filing systems and eliminate PACER fees.

The bill would replace the aging PACER and CM/ECF systems with a modern, unified platform designed to improve public access, strengthen cybersecurity, and reduce long-term costs. Supporters note that PACER currently collects more than $150 million annually in fees from the public, despite court records being public documents.

The Open Courts Act would also make court records easier to find, access, and understand. The legislation builds on a similar proposal, also supported by EFF, that previously won bipartisan support in the Senate Judiciary Committee but did not become law before the end of the congressional session.

This is not a new issue for EFF. More than a decade ago, we criticized PACER's paywalls and the removal of some court records from online access, arguing that the public should not have to pay to read the law and the judicial decisions that shape it. The Open Courts Act would move U.S. courts a big step closer to that goal.

In addition to EFF, the bill is supported by Fix the Court, the group pushing this bill forward; the Free Law Project, which maintains RECAP, software that has created a large archive of legal opinions and other court records; as well as civil society groups, open government watchdogs, and media groups.

Public access to the courts is a cornerstone of democratic accountability. Let’s eliminate unnecessary barriers to court records, and bring the federal judiciary’s tech into the modern era.

Read the full letter supporting the Open Courts Act of 2026

20:07

Field Notes from a Year of OPSEC Training [Deeplinks]

Late last year, as part of our annual “Year in Review” series, we summarized our efforts providing digital privacy and security advice to at-risk communities. OPSEC trainings (short for operational security, a catch-all term we use to describe any kind of workshop, advising session, assessment, or presentation about operational security for individuals and organization) are something we've long provided, but until recently, something we’ve never broadcasted.

This has become a critical aspect of our work over the years, keeping us grounded and in touch with the realities of tech-enabled violence as well as evolving resistance strategies used by movement workers. Hoping other security trainers and organizers copy our homework, here’s a more thorough breakdown.

NOT TRADITIONAL PENTESTING

To be clear, we're not a 'pentesting' company, which refers to the methodological process of testing a person or organization's security and privacy posture, nor an information security (infosec) firm that offers anything within scopes of traditional security assessments. Infosec companies almost always adhere to a cycle of: discovery/reconnaissance; > vulnerability scanning and testing; > exploitation of vulnerabilities found; > and a reportback of recommended mitigation strategies. Such full-spectrum audits can run the gamut of testing network security, physical security, organization posture against phishing or ransomware attacks, web app security, and more. For many organizations, the value of such engagements is immeasurable.

Such companies—although equipped with the technical sophistication to do full-spectrum digital security auditing and testing—often lack the critical points of view of human rights defenders and activists. Many human rights defenders and liberation movement workers are critically under-resourced and unable to meet the high costs of engagement with such infosec companies. But that’s not what we offer. Our trainings center the needs of people on the ground, and offer this work pro bono.

The cycle of engagement our work tends to take is similar to the lifecycle of pentesting outlined above, but with some key differences better suited to people-powered movements.

We begin with a period of discovery about the organization we’re engaging with, learning about their work, the issue space they’re working in, and the types of threats their peers have faced in the past. Relying on our knowledge of known threat actors (state-operated threats, non-state actors, surveillance mechanisms, and more), we conduct a thorough threat modeling and risk assessment exercise, surfacing critical pieces of information about what we ought to prioritize protecting and from what. Sometimes that’s enough for a group to get started on improving their security plans, and we send them on their way.

After receiving consent from the group to do so, we may perform some OSINT (open source intelligence) investigation and map out a sketch of their digital footprint. This often looks like some combination of discoverability through public records, data broker ecosystems, and breach databases, as well as risks they may incur through the services they rely on for their web presence. That latter part can be done with typical pentesting reconnaissance tools, as well as our own project Privacy Badger for mapping the trackers on their website, which pose them and their users some amount of risk. Working from this sketch of their digital footprint, opportunities to lessen the reach of their data exposure, or at least the more sensitive areas they ought to be aware of, become apparent.

For a more in-depth engagement, we take the information gathered from the guided threat modeling exercises, as well as the digital footprint we’ve developed for them, and we move on to training the participants on what they need to address their threats. Sometimes that looks like a deep dive on encryption and how it can be used to protect data backups and secure communications. Other times it looks like getting very knowledgeable and practiced on the various ways to stay safe from surveillance threats encountered at a protest. Often though, our engagement with those asking for advice on how to strengthen their OPSEC is as simple as presenting materials covered in our Surveillance Self-Defense (SSD) project, but with EFF staff to help apply those lessons to their context.

MOVEMENTS AND COMMUNITIES ADVISED

Requests for such training mostly arise organically, either via referral, from our participation in external media, or driven by an interest in SSD. Naturally, the demand for accessible OPSEC advice escalates along with the general sophistication and reach of surveillance technology. And as authoritarianism creeps and continues to threaten the movement workers fighting against it, there's a marked urgency for that demand.

The types of communities and liberation movement workers that reach out run a wide array of experiences, but some commonalities stick out. Since the fall of Roe v. Wade, we've seen a huge uptick in abortion access activists like clinic escorts and information distribution networks reaching out. So too are providers of criminalized healthcare services, both abortion services and gender affirming care alike. The list goes on: advocates for transgender rights such as art collectives and archivists, sex worker rights activists, survivors of intimate partner violence, climate justice activists, legal defense groups focusing on immigrant justice and Black liberation. And many, many others, often stemming from experiences of distinct marginalization and state-powered violence.

We’re dressing the wounds the violence of surveillance inflicts.

TAXONOMY OF THREATS

When there's a cast of common threat actors that so often emerge during risk assessment (ideologically motivated harassers, lawmakers, cops, negligent leadership at large tech platforms, etc) there is a level of predictability about their capabilities. We use that information to make knowledgeable risk assessments for those we’re working with, determining the means that threat actors have to cause them harm, as well as the likelihood.

For community organizers and grassroots activists we most often see concerns around doxxing (and harassment driven by OSINT), social media monitoring, content suppression on tech platforms, and insider threats such as infiltration within trusted communication channels. Often this comes with a tension between publicity and privacy—needing to spread their message and further their cause, while recognizing that digital privacy has a profound impact on their personal safety. Some activists may instead hope to organize other more covert forms of direct action. They're more likely to be concerned about the types of street level surveillance that they may encounter.

Small organizations nonprofit and otherwise may share the concerns around doxxing, as well as traditional digital security concerns around their web presence. Website defacement and data exfiltration are particular concerns for organizations that don't have the resources to commit to IT security staff. And for those that do have meager budgets for such things, organizational compliance and ease-of-use regarding privacy and security technologies are a whole other concern. The question then becomes how to manage a system of distributed devices that are uncontrolled by the organization, but operationally necessary for each member of their community.

Generally speaking, the threats most commonly encountered in these spaces have to do with the opacity and unchecked reach of surveillance systems. With every single individual or group that we encounter in this type of work, threat modeling comes number one in terms of priority. There is no way to protect against every theoretical threat. Instead, we walk others through the process of identifying and then prioritizing known and perceived threats, based on their specific context and the type of work that they do, before moving on to recommended mitigation and resistance strategies.

STRATEGIES OF RESISTANCE

Developing a threat model without a course of action often does more to stoke privacy nihilism than remedy the risks communities face. The more we engage with at-risk communities and offer reasonable, accessible OPSEC advice, the greater our instinct develops for recognizing such strategies. At the core of these recommendations lie the backbones of privacy and security fundamentals, such as encryption, access controls, sophisticated backup plans, OSINT skills, and resistance to online tracking.

Over the years, we've found it easiest to begin with non-technical recommendations first. These strategies often mesh well with the community's extant organizing procedures, such as designating team roles and thought out contingency plans for specific risks. This may look like identifying those extant plans and tacking on responsibilities like data backups, code words for community vetting, and developing workarounds or contingency plans for if they lose access to specific technologies.

Eventually, though, the strategies must become more technical, like switching to more private and secure technology alternatives, developing a sophisticated and encrypted data backup plan, and having technical contingency plans in place for if/when they are deplatformed or their services interrupted. Developing patience and compassion when walking groups through unfamiliar technologies is an essential tool of this work. So too is the habit of checking ourselves, as privacy and security nerds, to know the difference between the most secure technologies and those which will actually be used by at-risk community members. Any step towards more thoughtful OPSEC is better than one too difficult to use. The last thing we want is a recommendation that results in people frustratedly giving up on doing anything at all. After all, the whole point of this is to empower movement workers, not inhibit them.

HOLISTIC MITIGATIONS

It is painfully obvious how many identified threats could be protected against if there were comprehensive data privacy legislation protecting all people. The lack of such is an existential threat to everyone. Bills that undermine peoples' right to privacy are never clear about what they're doing, and often come wrapped in some paternalistic guise of addressing some other harm elsewhere. They often use confusing, oblique language that preys on the public's interest to correct the course of other social harms. The reality is that when it’s clearly explained, every person online wants better privacy. And as we know, every individual's personal security and wellbeing are entwined with their access to privacy. The capacity with which a person can decide what to share online, rather than have sensitive information non-consensually taken from them by creepy surveillance technologies, is a matter of self-determination. And it's in all our best interests to fight for the right to self-determination.

WHAT WE GET BACK

An unexpected outcome of identifying so many common threat actors across such varied issue spaces is revealing potential avenues of collaboration and camaraderie. Some movements are already keen on this allyship, such as those focusing on various aspects of bodily autonomy and self-determination. Abortion access activists and trans liberation activists are often in concerted allyship. Other less obvious connections are legal defense groups that offer "know-your-rights" style educational materials and other issue-specific activists who have questions about the legal threats they're facing while fighting for their cause.

Recognizing the common threat actors across different issue spaces begins to highlight opportunities for collective action against those threats. As a digital rights organization, this is very much our wheelhouse, and precisely why our technologist team is self-described as one working toward the public interest. It’s also from this point of view that we continue to win. And why it’s critical for lawmakers to pay attention when we say particular pieces of bad legislation are harmful to public safety. And finally, why it is necessary for public interest technologists and digital rights activists to connect with other communities to learn about the specific technology risks they’re worried about. As Mariame Kaba says, “Nothing that we do that is worthwhile is done alone.” This very blog post is in an effort to provoke thought for digital security trainers, so that we as a community don’t work atomized and alone, reproducing the same work, exhausting ourselves and creating unnecessary redundancy.

We do what we can to keep up. And thankfully, we participate within an ecosystem of digital security providers that have a keen mind towards fighting for digital rights. We share resources, referrals, and expertise. Our Surveillance Self-Defense project is stress-tested by the experiences shared by the liberation movement workers we engage with and provide this work to. If you’re interested in becoming a digital security resource for your community, start with the SSD. If you’re a human rights defender with questions about how to stay safe, reach out. And if you’re not sure what else to do, you can always help us keep it going.

AI Regulation Should Be Rational, Not Retaliatory [Deeplinks]

The Trump administration’s approach to AI safety, particularly the generative AI models that regularly grab headlines, has been haphazard at best. At worst, it’s unconstitutional. As EFF and our allies explained in an amicus brief, the Pentagon’s actions against one company, Anthropic, violate the First Amendment because they were motivated by the administration’s desire to punish an uncooperative company, not legitimate concerns about national security.

By and large, the Trump administration’s AI strategy has minimized regulation in the name of “winning” the global “race” to develop leading frontier models. It has pared back regulations intended to address even the most serious AI threats—like AI-enabled cyberattacks on government systems—to protect AI innovation.

Yet it has repeatedly singled out one AI company for arbitrary, heavy-handed rules and sanctions. For years, the federal government relied on Anthropic’s models for use in its classified systems. But after Anthropic resisted the government’s demands to use Anthropic’s models to autonomously kill people or spy on Americans, the government declared war on the “woke” company. It designated the company a “supply chain risk,” effectively banning agencies and government contractors from doing business with the company.

A court issued a preliminary injunction preventing these sanctions from taking effect, as EFF and other civil liberties organizations urged it to do in an amicus brief filed earlier this year. But absent judicial action, these sanctions would’ve cost the company hundreds of millions of dollars. Either way, it sent a clear signal that companies must adhere to the government’s wishes or face similar consequences.

As we explained in our brief filed today, these sanctions were clear retaliation for the company’s public refusal to allow the Pentagon to use its models to develop fully autonomous weapons and spy on Americans. This kind of retaliation is unconstitutional.

In a recent executive order, the Trump administration took its war on Anthropic even further, by imposing “export controls” that ban any foreign nationals from using Anthropic’s new Mythos and Fable models. To comply with this order, Anthropic shut down the models altogether.

These extreme measures were purportedly justified by security concerns. The administration said it feared that Anthropic’s Mythos-class models could be used to find and exploit existing vulnerabilities in software code—hardly a new feat for an LLM. Anthropic itself has contributed to public anxieties about its Mythos-class models, initially claiming that Mythos was too dangerous for public release and restricting access to a handful of partners. The company’s CEO called for a pause on AI development, citing fears that the technology was becoming too powerful.

But regulators should be cutting through the hype, not feeding it. Even if Mythos’s capabilities were a modest improvement over existing technology, others are already closing the gap. In other words, nothing about Mythos is so uniquely dangerous that it warrants exceptional export controls to protect the public. Yet other LLMs with similar offensive cybersecurity capabilities are not subject to export controls. Instead, the government has embraced a voluntary system in which companies are encouraged to submit models to the government for cybersecurity testing 30 days before releasing them to the public.

AI policy should be reasonably responsive to real-world risk, grounded in the realities of the technology, and no more burdensome than necessary to protect the public. But the government’s haphazard decision to impose export controls on Mythos-class models, while subjecting other AI models to nothing more than a voluntary, light-touch framework, meets none of these criteria. As leading cybersecurity experts and executives recently explained in an open letter, these sanctions prevent developers and security teams from using the best models to find and fix vulnerabilities before adversaries, armed with nearly as capable AI, can exploit them.

Decades Later, Code Is Still Speech

More importantly, export controls on important software tools like LLMs can undermine the free flow of digital communications and technologies that activists, innovators, and ordinary users desperately need. Freedom of expression requires access to these tools. Depriving the public of the best AI threatens our rights without making us any safer.

EFF has long opposed government efforts to restrict the publication of non-classified software to the general public. In the 1990s, EFF challenged export controls on encryption software, helping establish the principle that “code is speech,” protected by the First Amendment. Courts recognized that software is not just a functional tool—it’s a means of ideas, knowledge, and technical know-how. And they recognized that the government was overreaching in trying to restrict private developers from sharing their improvements in computer security with the public.

While AI models raise new questions, efforts to restrict access to them implicate the same constitutional and speech concerns as older efforts to restrict encryption. Export controls are uniquely susceptible to abuse. And they are especially suspect when they are unilaterally imposed without clear and fair standards.

Whether these export controls were another attempt to punish Anthropic or simply a misguided security measure, the public loses. The real cybersecurity risks of advanced AI may ultimately justify limited regulations to protect the public from legitimate threats. But whether the government ultimately chooses to heavily regulate the technology or hold off to promote innovation, its rules must be rational and evenhanded.

Read EFF's Amicus Brief in Anthropic v. Department of War

19:28

The Big Idea: Joseph Eckert [Whatever]

Many of us dream of time travel, but what if that travel was thrust upon you randomly and unwillingly? Author Joseph Eckert brings us a fresh take on time travel in his new novel, The Traveler. Venture on through his Big Idea to see when and where this unique travel idea originated.

JOSEPH ECKERT:

The core of The Traveler is family. More specifically, the core is the relationship between an average Midwestern father and his extraordinary son. Simultaneously, it’s also a vast science fiction story about a man tumbling helplessly forward through time, the length of time he travels doubling every twenty four hours.

Bear with me, if you will, as I look back three decades (oof—that hurts to write) to two key events in my life that would lay the groundwork for the Big Idea behind The Traveler.

The first event involves me, precocious youth, coming home from what I remember was fifth grade, having just learned about exponents. I found my mother and convinced her to change my allowance. Instead of a dollar a week (or whatever it was), I asked for just a penny a day. Just one cent! Except she’d double the amount the next day, and each day thereafter. So: two pennies on day two, four pennies on day three, eight on day four, and so on. My mother agreed. My plan was in flight. Soon, I knew, she’d be forced to pay me thousands, then millions of dollars! Cue maniacal fifth-grade laughter.

We didn’t even make it to day ten before she called it off.

Despite my dream of phenomenal and unlikely wealth coming to an abrupt and inglorious ending, I retained my interest in exponential increases. We see such increases in life and the sciences, from viral propagation to the now mostly defunct Moore’s Law in computing, to amusing dinner table discussions of vampires overrunning the planet (and subsequently starving because everyone’s a vampire and no one’s left to be a living blood bag—this is common dinner table discussion, right?).

The exponential penny scheme was event one. Event two took place when I was around the same age, at a book store in Northern Wisconsin called Book World.

My parents didn’t often take me to the local library, for whatever reason, but they did take me to Book World, sometimes leaving me there for hours. Rather remarkably for a small town bookstore not far from the Upper Peninsula of Michigan, Book World had a solid sci fi and fantasy section, including books by authors living outside the United States. It was through Book World that I was introduced to the works of Tad Williams, Joe Haldeman, Clive Barker, and, most importantly for this Big Idea, Peter F Hamilton and Iain M Banks.

I remember walking into Book World. Pushing through the glass door, stepping into the narrow entryway with its gentle upward slope, angling around the crowded newspaper stacks. Entering the store proper, I recall the smell of books baked into the very walls; the soft creak of the floorboards under my sneakers in the perpetually hushed space; the winding path I’d take from the front door, always walking by the magazines first (craning my neck to try to see around the plastic covers blocking the Playboys and Penthouses… I was an adolescent boy). Down the aisle, glancing at the comic books for anything new and eye-catching, then a fast one-eighty around the end cap, into the fiction and then the fantasy and science fiction section. What new wonders would await?

I have a clear memory of seeing the covers for Consider Phlebas and The Reality Dysfunction for the first time. What amazing futures must those books contain to have such glorious art on the outside? I convinced my parents to buy them (or I used my allowance… perhaps contributing the meager amount I received from my exponential penny scheme) and began to read.

Magically, powerfully, the wonders inside the pages exceeded the promises made by the covers.

And as I read, I began to wonder. What if? Could I write something like this, in this tradition? Something this big, this grand, with this amazing scope?

Hard cut to many years later.

As I was pulling together the idea that was The Traveler, I knew I wanted the protagonist to be a relatable Everyman, one whose life was not extraordinary until a defining moment when it all changed. I wanted a father-son relationship to be at the core, reflecting a bit of my life experience with my own father. And I wanted to write something in the vein of Peter F Hamilton and Iain M Banks, asking big sci fi questions and (hopefully) bringing the reader on the kind of imaginative ride I remembered from those science fiction classics of my youth.

But how to get our modern-day relatable Everyman into a grand sci fi future? What could get him there but not instantly… instead, by steadily increasing degrees…?

Ah hah!

The exponential penny scheme returns and finally bears fruit.

Thus was born the central conceit of The Traveler. Scott Treder, a Madison area database admin, is driving to work one day when his car disappears around him. Scott, still going twenty five miles per hour, falls out of the sky and tumbles down the sidewalk. As he sits, battered and bruised and confused, on the side of the road, his phone reconnects to the network. He has dozens of texts and voicemails waiting for him.

It’s twenty four hours in the future.

The next day, at exactly the same time, he travels two days forward. Then four, then eight, then sixteen… and this time, there’s no mother, eyebrow arched, to cotton onto the scheme and put a stop to things before day ten.

As Scott jumps forward through time, his brilliant son, Lyle, grows obsessed with figuring out what’s happening—and with saving his father.

The Traveler is out now in the US and UK. I hope you enjoy reading it, and I hope it carries you on a journey the same way those brilliant works by Peter F Hamilton and Iain M Banks did for me in my youth.

The Traveler: Amazon|Barnes & Noble|Bookshop|Books-A-Million|Powell’s

Author socials: Website

19:00

City Hally rally with the Knicks [Scripting News]

Watched the ceremony at City Hall.

Glad they went through the whole team and gave them something honorable to take with them.

My moment of clarity on what this meant came when Mitchell Robinson got his award as a champion.

I also liked that the Mayor listed all the recent past Knicks players who could've been on this team but were traded to make it what it is. He named the right ones.

The whole thing was inclusive, generous and working together. Cried all the way through it, nice release still don't have any idea which way is up. In my heart this was never supposed to happen but there it is.

Why wasn't Clyde on the stage?

And Dolan reminded us we don't get to vote for him. I know I know.

18:14

The Software Freedom Conservancy's LLM-backed generative AI recommendations [LWN.net]

Today I did a change that was across two apps, different projects, client and server. I tested it as best I could for now, and it appears to work in both apps. But now I have an extra level of confidence because I asked Claude to do a code review, checking all my assumptions and it does find egregious mistakes, that in the past might have taken a day in a debugger to track down. Now it can happen in less than the time that it took for me to write this post.

17:35

The Software Freedom Conservancy (SFC) has announced the release of its recommendations for using LLM-backed generative AI systems for FOSS contributions. The recommendations were created by the SFC and volunteers from the free-software community.

The recommendations reflect the extremely difficult dilemmas that these systems pose for FOSS contributors. SFC and its volunteers understand that FOSS developers are approaching LLM-gen-AI from a variety of perspectives. The recommendations offer practical assistance to minimize the damage caused by using proprietary systems, whether FOSS contributors reject LLM-gen-AI or choose (voluntarily or by employer mandate) to use them.

These recommendations are best practices (but not definitions or requirements) that SFC and its volunteers formulated after careful study of the growing LLM-gen-AI use among FOSS contributors. SFC will follow these recommendations with a series of supporting materials, including documents, online tutorials, public Q&As, podcasts, and other community engagement. We will routinely refine our recommendations and continue to support FOSS contributors as they navigate this difficult landscape.

16:42

Kubernetes in the Age of AI [Radar]

When Kubernetes first came onto the scene, it was a major turning point, a revision of the infrastructure and operations space that transformed the way developers and ops personnel build, deploy, and maintain applications in the cloud. It has since become the clear standard for how modern applications are built and operated. As the CNCF noted in its latest Annual Cloud Native Survey report, “Among container users, 82% are using Kubernetes in production in 2025, up from 66% in 2023. This represents near-universal adoption within the container ecosystem.”

Over the last few years, another revision in the space has occurred with Kubernetes’s evolution from a container orchestrator to an AI infrastructure platform. According to the CNCF survey, “The rise of Kubernetes as the de facto AI platform represents a fundamental shift in how organizations approach machine learning operations. . .[with Kubernetes] providing a unified orchestration layer that handles both traditional application workloads and compute-intensive AI tasks.” The emergence of seismic technologies like generative AI and agentic AI has only accelerated this transformation.

The intersection of AI with Kubernetes is undoubtedly one of the most impactful developments in the operations space. As Jonathan Johnson, software architect at Dijure, observes, “AI on K8s is very, very important, and there is not enough [resources] out there.” Raju Gandhi, senior technical architect at Edward Jones, echoes this assessment, noting that “operationalizing AI/ML on K8s is a big issue, [and it’s only] getting bigger. This is a topic that needs attention.” But what are some of the things that you should know about this trend to keep abreast and stay ahead in the game?

Generative AI

Anyone with access to a computer or a smartphone has likely used some iteration of generative AI, a stunning fact when you consider that GenAI was on the outer edges of mainstream discourse and consumption a scant five years ago. But at the end of 2022, the debut of ChatGPT marked the beginning of a technological revolution, one that would impact and reshape nearly every aspect of our working and personal lives. Unsurprisingly, there are now thousands of generative AI models, a proliferation that naturally has its own set of complexities. Selecting a model is simple, but if you’re an application developer or MLOps engineer, how do you go about operating that model in a production system? Not only do you have to be cognizant of factors like resilience, scalability, security, and operational costs, but there’s the fact that bringing a model from experimentation into production can be arduous if not done properly. That’s where Kubernetes comes into play.

As Roland Huß and Daniele Zonca, distinguished engineers at Red Hat, note, “GenAI/LLM models are resource intensive, requiring substantial computational power and large datasets. Given its scalability and extensibility, Kubernetes is uniquely suited to function as an efficient platform for AI and LLM model pretraining, fine-tuning, deployment, and prompt engineering.” They further elaborate that “this integration with Kubernetes not only simplifies the adoption of cutting-edge AI technologies but also ensures a seamless and efficient operational flow. Kubernetes, with its robust scalability and management capabilities, stands as an ideal platform for generative AI projects, aligning DevOps and MLOps practices in a cohesive ecosystem.”

This sentiment is already shared by a wide swath of the industry. According to the CNCF survey above, as of 2025, 66% of organizations run generative AI workloads on Kubernetes. These organizations include OpenAI, which uses Kubernetes for its AI/LLM application experimenting and testing; Tesla, which utilizes KServe to manage production-grade LLM inference; and Adobe, which uses Kubernetes to power its suite of generative creative models. Other companies taking this approach include Uber, Intuit, and Google. With more companies adopting this practice for their generative AI and LLMs operations, it’d be prudent for any organization to leverage Kubernetes for their own GenAI and LLM workflows.

Agentic AI

Nearly coinciding with the rise of GenAI has been the steady growth of agentic AI. Unlike GenAI, agentic AI goes beyond answering simple prompts and generating text in its ability to operate autonomously to perform complex, multistep actions, utilize tools, and make independent decisions. With its ability to support both traditional ML processes and GenAI and LLM operations, it should come as no surprise that Kubernetes has a role in the agentic AI ecosystem as well.

According to Ronald Petty, principal consultant at RX-M, “Kubernetes has been leveraged to host machine learning pipelines, including AI model training and inference. As inference options have become plentiful and affordable, on and off-premise, we have seen the rise of agents. Coupling cloud native technologies and popular protocols, we now see agents moving from ad hoc demos to complex fleets of agents on systems like Kubernetes.” So what are some examples of the integration between these two technologies?

One notable offering is Kagent, an OS programming framework that runs AI agents in Kubernetes and “helps engineers build powerful internal platforms by tackling cloud native tasks such as configuration, troubleshooting, complex deployment scenarios, observability pipelines and dashboards, and safely enabling network security.” Operating along similar lines is K8sGPT, an AI-powered tool that leverages intelligent insights and automated troubleshooting to analyze Kubernetes clusters for configuration problems and security issues, as well as generates solutions to problems discovered in analysis.

A more recent entry in the field is Sympozium, a Kubernetes-native coordination layer for multi-agent AI systems that “solves the same problem Kubernetes solved for containers, but for agents that need to share context, hand off tasks, and maintain shared situational awareness.” Another newer offering is Agent Sandbox, which allows you to run AI agents as isolated, stateful workloads with a native API on Kubernetes.

The fundamentals

While it’s important to be aware of the latest developments and trends affecting your domain, that shouldn’t come at the expense of foundational knowledge and skills. As basketball great Michael Jordan once said, “Get the fundamentals down and the level of everything you do will rise.” One of the most fundamental skills for working with Kubernetes is networking, and frustratingly enough, it’s one of the more difficult ones to master. As Cisco senior staff engineer Nico Vibert observes, “Platform engineers tend to be comfortable with Linux networking but less so with protocols like BGP and IPv6; network administrators know those protocols well but find Kubernetes abstractions unfamiliar. Both personas struggle to navigate the dozens of networking tools seemingly required to meet connectivity and security requirements.” Yet as organizations move mission-critical workloads, AI training pipelines, and regulated financial services onto Kubernetes, the engineers who can design, secure, and troubleshoot the network layer have become some of the most sought-after professionals in the industry.

In recognition of both the importance and difficult nature of the Kubernetes networking skill, the CNCF recently announced a new certification focused on the Kubernetes network engineer role. The certification is designed to validate hands-on networking expertise across all of the aforementioned layers, filling a gap that the Kubernetes community has long recognized.

For organizations that use Kubernetes to develop and deliver applications, leaders and decision-makers need to be aware that utilizing Kubernetes in conjunction with the latest AI tools is no longer a luxury but a necessary practice that will allow their companies to thrive. A similar onus should be placed on the basics. When hiring your next DevOps, network, or site reliability engineer, ensure that their ability to design, secure, and troubleshoot the Kubernetes network layer is second to none.

If you want to dive deeper, check out Roland Huß and Daniele Zonca’s Generative AI on Kubernetes, Jonathan Johnson’s GPU Kubernetes Homelab live course, Alex Corvin, Taneem Ibrahim, and Kyle Stratis’s Scalable Kubernetes Infrastructure for AI Platforms, Ashok Srirama and Sukirti Gupta’s Kubernetes for Generative AI Solutions, and Yogesh Raheja’s K8sGPT Essentials on-demand course. They’re all on O’Reilly. If you’re not a member, you can get started with a free trial.

Pluralistic: AI digital sovereignty risk doesn't exist (18 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

AI digital sovereignty risk doesn't exist: If 'risk + AI = risk – AI', then 'AI = 0'.
Hey look at this: Delights to delectate.
Object permanence: Napster x librarians; Flickr API reciprocity; KFC's Mega Jug v diabetes research; Hambone virtuoso; Google fiber x binding arbitration; "The Immortal Choir Holds Every Voice."
Upcoming appearances: LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, London, Edinburgh, Sydney, Melbourne, Brighton, London, South Bend.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

AI digital sovereignty risk doesn't exist (permalink)

Back at the height of the blockchain bubble, I made a hobby of pointing out that crypto weirdos were palming a card. I used this formulation:

if: problem + blockchain = problem – blockchain

then: blockchain = 0

https://pluralistic.net/2022/01/30/the-inevitability-of-trusted-third-parties/

You see, blockchain weirdos kept insisting that they could solve problems related to trust and institutional design with "smart contracts." Rather than having to trust a board of directors to steer an organization, you could just have a self-executing institution, the "distributed autonomous organization" or DAO.

So for example, if you want to buy a copy of the US Constitution at a Sotheby's auction, you could set up a DAO to raise and pool the funds, eliminating the need to find trustworthy people to receive, hold and deploy these funds:

https://en.wikipedia.org/wiki/ConstitutionDAO

However – and here's where the palmed card comes in – the DAO can't go to Sotheby's and place a bid on the Constitution. Instead, the members of the DAO have to elect a guy to receive all that cash, walk into Sotheby's, get one of those little ping-pong paddles last seen at the State of the Union in Chuck Schumer's withered claw (emblazoned with the brave slogan "You're hurting my fee-fees") and raise the paddle during the bidding.

That guy doesn't have to go to Sotheby's. That guy can simply walk away with all the money. Members of the DAO are trusting this guy with their entire collective treasury. Indeed, since the DAO has no corresponding legal entity, it might even be that members of the DAO can't sue this guy if he steals all their money – and even worse, without a limited liability structure, it might mean that everyone in the DAO can be sued for anything bad this guy does with the money.

Which raises the question: what's the point of building this insanely complex hairball of blockchain-based smart contracts to raise and hold the money if you're just going to hand it to this guy and trust him without limit? Why not just have that guy set up a Zelle account and a Whatsapp group? In other words: the problem that the DAO is trying to solve is the difficulty of trusting people with the keys to the kingdom, but no matter how much blockchain you sprinkle on this DAO, it ends with this one guy walking around with all your money, which he can steal with impunity if he so chooses.

Or, put more succinctly:

if: problem + blockchain = problem – blockchain

then: blockchain = 0

This turns out to be a really good way of assessing policy prescriptions for their soundness and foundation in reality, because – as the blockchain swindle shows us – it's possible to come up with entirely fictitious solutions to entirely real problems. The problem of designing a trustworthy institution that can't be betrayed by its leaders and whose operations don't consume all its resources is a real problem – it's quite possibly the real problem – but adding a DAO does nothing to solve the core problems of institutional design, and actually makes some of those problems worse.

There's another real problem with a fictitious solution that is – surprise! – tied to another tech bubble: digital sovereignty.

It's a genuine problem that everyone in the world (outside of China's sphere of influence) is glued to America's tech platforms. These platforms steal everyone's money and data, and every country has signed a trade deal with the USA promising not to let its own technologists and entrepreneurs go into business making add-ons and complementary goods that remediate the defects in America's tech exports:

https://pluralistic.net/2026/01/29/post-american-canada/#ottawa

What's more, Trump's response to finding himself in this poker game that's rigged entirely in his favor is to flip over the table because he resents having to pretend to play at all (as November Kelly so aptly put it). His incontinent belligerence on the world stage sees him making bids to steal whole countries and he's recruited American tech giants to help him in this chaotic program of lunatic imperialism. When other countries' public officials make decisions that Trump dislikes, he gets companies like Microsoft to disconnect whole institutions from the internet, deleting their files, email archives, calendars and address books, and depriving them of the ability to connect to any service tied to their Outlook accounts:

https://pluralistic.net/2026/04/20/praxis/#acceleration

Which means that if Trump wants to steal Greenland, he doesn't have to roll tanks into Nuuk – he can just brick the country of Denmark. He can shut down all their ministries, every large firm, every household. He can shut down their iPhones and Android devices. He can kill their smart-speakers. He can hormuz the world's supply of Ozempic, Lego and ferociously strong licorice:

https://pluralistic.net/2026/04/04/digital-subjugation/#greenlands-next

It doesn't stop there! Trump can also shut down every tractor!

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

This is the digital sovereignty risk. It's also the digital sovereignty opportunity. If countries repeal the laws that the US bullied them into accepting, laws that protect US tech giants from local competitors who block their plunder of data and money, they can turn America's tech trillions into their own tech billions. As Jeff Bezos likes to say, "your margin is my opportunity":

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

Meanwhile, repealing these US-protecting laws would enable countries to extract their data from US platforms so they can move it into domestic alternatives, and bypass the software locks that block them from updating phones, cars, tractors and ventilators to protect them from remote killswitches:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

The digital sovereignty risk is having your country's government, businesses and industries terminated by Trump. The digital sovereignty opportunity is making billions of dollars by producing and exporting products that defend people from Big Tech plunder and Trumpian killswitches. That is the real world.

But many "digital sovereignty" advocates are living in an imaginary world, in which the digital sovereignty risk is that Trump will shut off their country's access to AI.

This is where the "if problem + blockchain" formulation comes in handy. If Trump shut off Canada's access to Chatgpt, Claude and Grok tomorrow, nothing would happen. No significant business, no federal or provincial ministry, no municipal government depends on these products for anything essential. And if Canada were to build their own local AI to sub in for Chatgpt, Claude and Grok, it would loose tens, if not hundreds of billions of dollars. Worst of all, a national AI strategy does nothing – not one solitary thing – to protect Canada from Trump shutting down our ministries, our companies, or our tractors.

In other words:

If: digital sovereignty + AI = digital sovereignty – AI

Then: AI = 0

If you think AI tools are nifty and want Canada to invest in AI, then first, please stop pretending that this has anything to do with "digital sovereignty." Not only is this a transparent bit of nonsense, it's a dangerous one, because digital sovereignty is a real problem, and AI does nothing to solve it.

If you want a good "national AI strategy," try this: save your money until the bubble bursts, and then buy your GPUs and hire your talent at 10 cents on the dollar and put them to work refining open source models:

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

Buying AI at the top of the market is nuts. That would be like shopping for Aeron chairs and foosball tables in March 2000. If you just sit tight for a couple months, you'll be able to find bankrupt dotcom entrepreneurs selling these at knock-down prices out front of their formerly overpriced office space in the Mission, in the time-honored tradition of former Wall Street millionaires selling apples out of their Rolls Royces:

https://digicoll.lib.berkeley.edu/record/323794

(Literally: I bought a "dining room set" of six $1500 Steelcase Leap chairs in the summer of 2000 from a failed dotcom CEO on Van Ness for $25 a piece – still in the original plastic!)

And in the meantime, please let's stop pretending that digital sovereignty has anything to do with "national AI." If Trump takes away your AI, everything is fine. If Trump takes away your iPhones, Office 365 and tractors, your country grinds to a halt. This is just not that complicated:

If: digital sovereignty + AI = digital sovereignty – AI

Then: AI = 0

(Image: Armin Kübelbeck, CC BY-SA 4.0, modified)

Hey look at this (permalink)

Is Donald Trump the Greatest Environmentalist of All Time?? https://jacobin.com/2026/06/trump-iran-green-transition-environmentalism
WNBA Players Scored a Historic Labor Contract—With One Notable Caveat https://www.hardresetmedia.com/p/wnba-players-labor-contract-wearables
Trump’s Anthropic shutdown just made the case for non-American AI https://www.theverge.com/ai-artificial-intelligence/949986/anthropic-fable-mythos-shutdown-sovereign-ai
Blindsight Sci-fi Short Film https://www.youtube.com/watch?v=VkR2hnXR0SM
Introducing: Story Oracle https://www.clarionwest.org/story-oracle/

Object permanence (permalink)

#25yrsago Napster boss's American Library Association keynote https://web.archive.org/web/20010623201456/https://www.salon.com/tech/wire/2001/06/17/napster/index.html

#20yrsago Flickr: we’ll give full access to competitors – if they reciprocate https://www.flickr.com/groups/central/discuss/72157594165399644/#comment72157594167782546

#20yrsago Report from a concert by a Serbian war-criminal https://web.archive.org/web/20060613081324/http://blog.b92.net/blog/22

#20yrsago European podcasters to WIPO: Stay away from us! https://web.archive.org/web/20060619224538/https://www.bloggernews.net/2006/06/european-podcasters-team-up-to-lobby.html

#15yrsago KFC: support diabetes research by buying an 800 calorie, 56 spoonful of sugar “Mega Jug” https://web.archive.org/web/20110619031415/https://theweek.com/article/index/216462/irony-alert-buy-kfcs-800-calorie-soda-to-support-diabetes-research

#10yrsago Terrorist who murdered Jo Cox shouts: “Death to traitors” in court https://www.csmonitor.com/World/2016/0618/Accused-killer-of-MP-Jo-Cox-makes-defiant-court-statement

#10yrsago Judge orders release of man convicted while his public defender was handcuffed https://web.archive.org/web/20160617172242/http://www.reviewjournal.com/crime/judge-releases-man-who-received-jail-sentence-while-lawyer-was-handcuffs-video

#10yrsago Hambone virtuoso https://www.youtube.com/watch?v=YMJeaZtgwng

#10yrsago Google Fiber now forces subscribers into binding arbitration; days left to opt out https://web.archive.org/web/20160617141759/https://consumerist.com/2016/06/16/google-fiber-copies-comcast-att-forces-users-to-give-up-their-legal-right-to-sue/

#1yrago The Immortal Choir Holds Every Voice https://pluralistic.net/2025/06/18/anarcho-cryptid/#decameron-and-on

Upcoming appearances (permalink)

Virtual: The future of world governance, with Kim Stanley Robinson (UN Independent Expert on International Order), Jun 19
https://www.youtube.com/live/wJvBvYdaAMY
LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026
Toronto: The Sovereignty Debate (IAB Canada's State of the Nation), Jun 23
https://iabcanada.com/state-of-the-nation-2026
Toronto: The Reverse Centaur's Guide to Life After AI (Osler Records/Type Books), Jun 23
https://www.eventbrite.com/e/cory-doctorow-book-launch-and-talk-tickets-1991501299998
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628
London: Idler Festival, Jul 11
https://www.idler.co.uk/festival/
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances (permalink)

The Enshittification of Life, the Universe, & Everything (Luke Savage)
https://www.lukewsavage.com/p/the-enshittification-of-life-the
Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035
Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)
https://www.jimruttshow.com/cory-doctorow-3/
On Enshittification – and what can be done about it (Re:publica)
https://www.youtube.com/watch?v=KhINQgPMVSI
EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
https://archive.org/details/effecting-change-enshittification

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

Medium (no ads, paywalled):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

15:21

[$] The first half of the 7.2 merge window [LWN.net]

The 7.2 merge window started with the 7.1 kernel release on June 14. As of this writing, just over 7,000 non-merge changesets have been pulled into the mainline for the next kernel release. Many of the core subsystems have been pulled at this point, meaning that most of the changes that can be expected in 7.2 have now come into focus.

15:14

Mastodon 4.6 released [LWN.net]

Now that Google has added AI in their search, and it dominates search more and more, it's become more difficult to find ideas that aren't well explained by AI and are on some randome old web pages. For example, this morning I wanted to find an explainer for "Standing on the toes of giants," something a colleague once used in a story. I'm sure there's stuff out there, but no luck finding it. Didn't help that there's a popular song with that title.

14:35

Version 4.6 of the Mastodon fediverse platform has been released.

The headliner of this release is Collections, a way to create and share curated collections of profiles. Part of Mastodon's work ethos is our commitment to trust and safety, so we've put a lot of thought and care into the design of this feature to avoid some of the pitfalls and abuse people have experienced with similar features on other platforms, while focusing on its primary goal: Helping new users discover more of the Fediverse.

Other new features include support for subscribing to posts via email, the ability to generate a "year in review" post, accessibility improvements, and more.

[$] Single-hop block replication with RMR and BRMR [LWN.net]

How can cloud providers efficiently supply durable virtual block devices? Remote Direct Memory Access (RDMA) provides a way for servers in a cluster to share chunks of memory, but there still needs to be a protocol that operates on top of RDMA to provide the guarantees expected of a block device. The kernel's RDMA transport library (RTRS) provides a way to send messages via RDMA. I presented about two new components built on top of RTRS at the 2026 Linux Storage, Filesystem, Memory Management and BPF Summit: Reliable Multicast over RTRS (RMR) and Block device over RMR (BRMR). These modules, which I am working on with Jia Li, could be a way for cloud providers to expose durable block devices with as little overhead as possible. To accomplish that, however, we need some discussion and feedback from the community before sending the modules upstream.

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (dracut, podman, postfix, rsync, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (atril, firefox-esr, and nginx), Mageia (libcap, perl, and python-pillow), Oracle (firefox, gstreamer-plugins-base and gstreamer-plugins-good, httpd:2.4, kernel, libpng12, libpng15, libxml2, libxslt, opencryptoki, openssl, postfix, rsync, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (bind, libidn, mozilla, and openssl), SUSE (alloy, docker, elemental-system-agent, glibc, grafana, helm, LibVNCServer, openssh8.4, perl-GD, perl-HTTP-Daemon, python-WebOb-doc, python311-google-adk, rustup, traefik2, wireshark, and xwayland), and Ubuntu (dolibarr, golang-go.crypto, graphite2, gst-plugins-bad1.0, kitty, libconfig-inifiles-perl, libnginx-mod-js, and webpy).

14:28

World Wide Knicks by Sally Atkins [Scripting News]

My longtime friend Sally Atkins reponded to my question yesterday about how widely the love of the Knicks is being felt.

You asked. From all I see out here in the Midwest and also from comments from friends in Europe, I can testify that yes absolutely the Knicks win is a total joy to behold far and wide. Not just for the artful wins, although that was great fun. The last second dunk in the second to last game was breathtaking.

The larger gift is that New Yorkers have so vividly shown that right now and going forward we are capable of joy-and-unity vs hate-and-division. Love is way more fun than hate. Most people know that, you’ve shown it. Knicks fans, people of all ages and creeds , are a palpable reminder of the power of the people right on!

Remember the 1967 Troggs hit Love is All Around? I feel it in my fingers, I feel it in my toes.

Happy Parade Day!

Let this hopeful moment fuel the near future.

PS: Did you see the news clip of the Knicks just after arriving back in NY, just off their plane they joined in a parade for Puerto Rico or maybe it was Pride Month. Hallelujah. (Dave: It was the Puerto Rican Day parade, two players went, Alvarado (who is Puerto Rican himself) and Jordan Clarkson who is from the Philippines, and is the super freak hippie on the team, though they're pretty much all hippies.)

Responses from other sites

Tommy Williams: "Not here in Montana, or among my colleagues across the Midwest. It didn't attract more attention than any other NBA championship. Everyone's focus (for sports) is on the World Cup."

Courtney Robertson: "Noticing that sports is bringing unification and joy when I really could use that."

Phil: "There are a surprising number of Knicks fans here in Cincy, and it's been a pretty big deal -- I've even got a friend who flew out to NYC for the parade today."

14:14

Why I’m Obsessed With “Obsession” [Whatever]

Y’all already know that I am not a horror fan. Horror has always been my least favorite movie genre, and there are very few movies within the genre that I even consider worthwhile. When I went to see Obsession, I was already outside of my comfort zone by going and seeing a horror movie in theaters, as they’re always too loud and I really hate being jump scared in front of other people.

You can imagine my surprise when Obsession ended up being the best horror movie I’ve ever seen. It is one of the most incredible films I’ve seen, even when I take it out of the horror ranking. It’s just that good.

I’d like to give y’all some spoiler-free thoughts first, so you can get a good feel for why I love this movie without getting into the nitty-gritty details, but then I will go deeper with spoilers and get into what makes it so damn great.

For starters, Obsession has so many little factoids about it that it make it more special than most films right off the bat, like the fact it was made for under a million dollars, at a whopping $750k. I have not heard of a successful, theater-released movie having that small of a budget in I don’t even know how long, if at all. That is so impressive. Not only that, but it is one of the only films, alongside E.T., to do better financially in the following weeks after opening weekend. Most movies peak at their opening weekend, but Obsession just kept getting more and more popular.

The fact that the cast was comprised of people I’d never heard of it made it all the better, because when you have Matt Damon as your lead, it’s hard to see him as anyone other than… Matt Damon (looking at you, Christopher Nolan’s Odyssey). So having a cast full of people I’ve literally never seen before made it feel so much more real. It’s more immersive when you don’t recognize big name stars that steal the spotlight. These people felt like people, not celebrities in a movie. Plus, everyone did such a stellar job, especially Inde Navarrette! She was perfectly terrifying.

Without giving too much away, the basic plot is this guy, Bear, wishes that his crush, Nikki, loved him, and let’s just say he gets more than he bargained for. The themes this movie explores are extremely heavy. Bodily autonomy, consent, love VS obsession, toxic and abusive relationships, family-friendly topics like that!

The horror element in Obsession is a special kind of dread that sticks with you long after you leave the theater. This movie sat heavily in my brain for days on end. A lot of horror movies give you two hours of cheap adrenaline rushes and jump scares while being oh so forgettable, but Obsession truly haunts you. “Unsettling” is too timid of a word to describe the feeling it will leave you with.

I find the pacing to be rather good, as there’s no B-plot for this movie, so it’s pretty much just all go-go-go with no breaks. There are no slow parts or scenes that feel unnecessary. All the scenes feel like the perfect length.

The lighting is a work of art in this movie. The soft, dim lighting at the bar, in Bear’s house, and throughout the film alongside the dark, shadowy, spooky scenes is so good. It’s very atmospheric, and feels somewhat intimate. Even the scenes that are dark aren’t that kind of super annoying horror movie dark where you just can’t see shit for the sake of jump scaring you. It’s like an actually well done type of darkness.

So, great performances, good pace, nice lighting, and a special kind of horror, all for under a million dollars! Pretty impressive stuff.

Now let’s get into the details. SPOILER WARNING!

From the moment we meet Bear, we are shown, expertly, how he is kind of a piece of junk. When practicing his confession speech, he only brings up how Nikki was nice to him and was there for him when he was going through a tough time. He never says what he likes about her as a person, just what she has done for him and how she makes him feel.

When he gets home and finds his cat dead, he puts it in a black garbage bag and throws it away. Who does that?! That is not how you dispose of a deceased pet?!

At trivia night, he tries to confess his feelings at an awkward, inopportune time that would affect the rest of the group and impact everyone’s evenings.

He didn’t give his gift to Nikki, he used it for himself and then lied to her, saying he left her gift at his house. Because he sucks!

AND HE CALLED HER FREAKY NIKKI EVEN THOUGH SHE HATES THAT. Bear is a certified jerk, even though it seems like, at first, that he’s just a shy, nice guy with a crush.

Worst of all, Bear is a coward. When Nikki asks him bluntly if he likes her, he pussies out and says no, then regrets it immediately. Then, when Wish Nikki says she knows he likes her, he denies it and makes her confess first before admitting that, yes, he does like her.

He is a coward when he can’t shoot himself and takes the pills instead, and he is a coward when he tries to throw up the pills because he doesn’t have the nerve to actually kill himself. He is a coward to the bitter end, and I think that is amazing. What a flawed, awful, hate-able character. There is no redemption, because he couldn’t even commit to killing himself. He is never the good guy, he is, from the start, the bad guy.

I have never felt worse for a horror movie character than I feel for Nikki. In the short amount of time we get to see the real Nikki, she is fun and kind and thoughtful. Nikki seems like a genuinely nice person, and it’s easy to see why Bear would have a crush on her. And suddenly, she’s gone. Trapped in some sort of horrible, agonizing negative space while something else controls her body, with only short spurts of consciousness where the real Nikki is begging to be freed, fighting to be released from Wish Nikki taking back over. Each time the real Nikki surfaces I can only imagine what is going through her mind, or if she wonders if this will be the last time she ever gains control again, just to succumb back under. Of course, it reminds me a lot of Get Out, which is also a great movie!

To be hurt by someone you think of as a friend, not just hurt but condemned to this cursed existence, only for him to ignore your pleas for death. UGH. Poor Nikki. It’s actually so heartbreaking. And so real! It’s often the people closest to you that hurt you the most.

Honestly their entire friend group is such a mess, with Ian and Nikki hooking up and Ian not telling Bear even though he knows how he feels about her. Ian tries sabotaging Bear’s attempts at confessing and is unhappy about his relationship with Nikki, yet never even mentioned his and Nikki’s situationship to the guy who is supposedly his best friend. Plus, if Bear is his best friend, why didn’t he believe him or at the very least hear him out more on the One Wish Willow?

If my best friend came to me, obviously distressed, and a ton of weird stuff had been going on lately, and they told me it was because of this very real wishing stick, I’d at least hear them out instead of calling them crazy right off the bat. I trust my friends with my life, and love them dearly, why would I believe they’re lying to me about something like this? Bear was obviously extremely distraught and practically begging Ian to listen, but he refused and just wished for a billion dollars to be a fucking dick.

As for Sarah, she was a Pick-Me praying on the downfall of Bear’s and Nikki’s relationship, judging from the sideline while also trying to make moves of her own on Bear. She asked him to meet her late at night in private, then told him that Nikki is taking advantage of him and he doesn’t deserve it, and that he needs someone “more chill.” Literally referring to herself as a better match for him than Nikki. What kind of friend does that?! She even says that he was supposed to kiss her, not Nikki. Does she secretly hate and envy Nikki? She is not a girl’s girl, that’s for sure, and she got a face full of brick for it. (I’m just kidding, she didn’t actually deserve the brick for being a Pick-Me, but it still is an unfortunate character flaw.)

Point is, this friend group really sucked. Nikki was the best of them, truly. Now she’s an extremely traumatized girl who will never be the same because of one selfish boy’s actions. She was a beautiful soul, and now she has been through hell and back, and is certainly forever changed. Again, poor Nikki. It makes me so sad!

I really love that the One Wish Willow isn’t even an evil thing, you can make a wish and have everything go great. The shopkeeper that made his wish certainly seemed fine, and Ian got his billion dollars with zero issues. It’s solely because Bear made a bad wish with bad intentions that his wish turned out so terrible. I find that to be an extremely satisfying mechanic, even though it sadly comes at the cost of Nikki.

This was a well-shot, well-acted, well-executed film with an amazing concept and cast. I loved it, and saw it three times in theaters. I highly recommend it, even if you aren’t usually a fan of horror movies. It’s probably the best film I’ve seen this year.

Have you seen Obsession yet? What did you think was the scariest part (for me, it was definitely when Bear is on the phone with One Wish Willow, and you hear Nikki screaming in agony in the background)? What’s your favorite horror movie? Let me know in the comments, and have a great day!

-AMS

14:07

Representative Line: Sort This Out [The Daily WTF]

Today's anonymous submitter has spent a long time toiling through many, many tickets. Their effort has been an attempt to "save" their employer from the disaster left behind by by a highly-paid consultant. As one does, our submitter started with the highest priority tickets with the highest severity. Eventually, they whittled down that list, and had some bandwidth to start looking at the pieces of the code which clearly weren't exploding right now (because there were no tickets), but were likely to explode at some point in the future (creating a storm of tickets).

Scanning through the JavaScript, our submitter found a sort function. That was automatically concerning- why was that particular wheel being reinvented?

The first line of the sort function was this:

obj[x._id.account_id] = x.count_total

In this case, x._id is meant to be the unique identifier from their Mongo DB. That, uh, should be not precisely a UUID (Mongo does its own weird version), but it definitely shouldn't have an account_id field on it. They are storing an arbitrary object as their unique identifier in the database. Which, I'm no Mongo expert, but I don't need to be Flash Gordon to know that's a bad idea.

But setting aside the choice of using random objects as unique identifiers, there's also the other question: how is this furthering the goal of sorting? Why on Earth am I building an object in the form: {"id0": 5, "id1": 7, "id2": 11}? Or am I even doing that? This is the first line of the function, so we're not even doing a loop, it's just {"id0": 5}.

This isn't just an unexploded bomb, it's a mystery: the primary mystery being why hasn't this exploded already? The second mystery is: what's going to happen when your luck runs out?

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

13:42

Joe Marshall: Controlled Unclassified Information [Planet Lisp]

NBA fans, esp Knicks fans, are not fans of the current president. A picture of the Knicks team with Trump in the Oval Office would be hard to see. Not threatening to resign as a Knicks fan, not ruling it out either.

13:21

Back in the day, the US government had a program called SBIR (Small Business Innovation Research) that funded small businesses to do research and development. I recall sitting in our dorm in college, reading through a giant printed catalog of SBIR grants just to amuse ourselves by brainstorming solutions over bad pizza.

So, I got curious the other day: what does the SBIR landscape look like now?

I can tell you right now: do not even try to read an SBIR solicitation on your local machine. You are opening yourself up to a world of absolute, unmitigated pain.

You might think, what harm could there be in simply opening a file?

Well, in the modern compliance panopticon, any manipulation of digital information that comes from the govenment has the potential to spawn CUI (Controlled Unclassified Information). CUI is basically a digital pathogen; once you download that file, *anything whatsover* derived from it, including notes and metadata, instantly becomes CUI by association. The moment you read an SBIR on your computer, you've infected your system, rendering you subject to a nightmare of Byzantine federal regulations.

These days, the amount of beurocratic red tape surrounding CUI is insane. To even look at the file legally, you need a dedicated, air-gapped machine completely disconnected from the internet, conforming to a massive, expensive slew of NIST standards covering everything from hardware-level encryption to strict access controls. Alternatively you could contract with a cloud company that offers a pre-certified "CUI-compliant" environment.

And assuming you actually shell out the cash and jump through the hoops to set up this digital containment zone just to read a PDF, you must meticulously audit and account for every single action you take in its presence. Under current federal auditing logic, you are explicitly assumed to be attempting to defraud the government unless you can produce a mountain of paper proving otherwise. Want to bring in a partner to bounce ideas around? You can't just "know a guy." You have to navigate a labyrinth of federal subcontracting regulations.

I had intended on amusing myself by reading some SBIRs and daydreaming about solutions that might involve Lisp (an impossibility in the modern enterprise stack for entirely separate, depressing reasons). Instead, I quickly discovered I did not even own the physical hardware required to even read an SBIR without running afoul of federal regulations.

I wanted to read some clever and inspiring engineering proposals. I ended up reading a lot of very dry and boring compliance regulations.

12:14

Embedding Forbidden Text in Spyware to Discourage AI Analysis [Schneier on Security]

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis.

Details:

The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips it. The real malware begins after the comment with a try{eval(…)} wrapper around a large character-code array and a ROT-style substitution function.

This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware.

This is not a magical bypass against static detection. YARA rules, entropy checks, AST parsing, string extraction, deobfuscation, and behavioral rules still work. But it is a practical anti-analysis trick against naive LLM-first triage systems.

11:28

Grrl Power #1470 – Chicken threat upgraded [Grrl Power]

Dodging weapons fire, be it from a gun or a bow or even just a Roman Candle, as well as sword swipes, kicks, flails, punches, shuriken, paintballs, etc., is one of those times where having large, relatively unsecured body parts can be a real hazard. Like a tail, or Twi’lek lekku. Or boobs.

Max becomes less jiggly the higher her armor is. She never has the problem of blocking bullets by standing in front of innocents with her hands on her hips, Superman style, only the bullets start going all over the place because of fluid and elasticity dynamics of invulnerable boobs being machine gunned. No, the bullets go all over the place because someone is machine-gunning invulnerable, non-deformable rounded surfaces. That would make for some chaotic reflections unless you were really good at 3D billiards and could calculate ricochet angles at literal machine gun speeds. (Yes, I know billiards is already a game played in 3D, but it’s functionally all on a 2D plane, unless you include hopping the balls over each other. I meant like if the balls were in some sort of 3D space with pockets on the interior of a cube or sphere or dodecahedreon, that had a sort of felt-like inertia field.)

Anyway, I mention all that because I still thought I ought to have her breasts showing a little bit of inertia, otherwise she’d look like some Poser 3D model rendered upside down, Wampa ice cave style, with boobs hanging ceiling-ward in defiance of circumstances.

Of course, you could say the same thing about muscular men. All the beefcake makes your hitbox that much larger. In The Expanse, at some point Amos ask “Why do I keep getting shot?” I felt it was a missed opportunity that no one said, “Because you’re so big.” (The real reason of course is to show the audience that the characters don’t have absolute plot armor.) But my point really is that women of a particular endowment, if they know they’re getting into a firefight, would probably wear a “smush ’em down, hold ’em in place” sports bra vs a wonder bra, and that’s assuming they’re not in a position to don body armor. Max is armored, sure, but is only wearing about 2 mm of smart space latex and some pasties. Trying to wear a sports bra under that setup would make it look like she was laying on her boobs, and like I said, she’s running with enough armor most of the time during the tournament that punching her in the boob would break a normal human’s hand before the boob deformed in any way. Also a Terminator’s hand. A Cameron one, probably not a WH40K one. But then, a broken hand would be the least of your concerns if you tried to punch her in the boob.

**************

Thomas Doscher writes Vixen War Bride, one of my favorite series lately, and he’s gotten two audiobooks done, but is trying to wrangle up the funding to get the rest produced, which I would very much like to see. He’s got a GoFundMe set up to that end. It’s different than a kickstarter, which would basically pre-sell you the audiobooks. This is just for anyone who really likes the series and would really like to have it all in audiobook format. So, FYI.

Final version is up, both at TWC and Patreon.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:49

Promotion, activation, conversation [Seth's Blog]

[A long riff on book publishing with (perhaps) wide applicability to your work as well.]

Publishing is different from writing—it’s the hard work of creating the conditions to help people get in sync, move forward, and get to where they’re headed.

The best reason to publish a non-fiction business or how-to book in 2026 is to change lives. Transformation is possible.

Transformation can happen, but only if the book ends up in the right hands for the right reasons.

Today, it’s harder than ever to pull that off. Tim Ferriss shares the numbers. We have a glut of information, but not nearly enough action. I’ve been at this for forty years, but the change this time is significant.

The number of books in this category continues to expand, but their total impact has not. At the same time, more books are being purchased by more people—the long tail is real. Publishing a book is super easy now, but publishing one that works is harder than ever.

Authors and publishers get stuck on the gap between interest and action. Too often, we don’t act until it’s too late in the process.

The author’s job in publishing begins long before pub day.

There are three pillars:

Promotion
Activation
Conversation

The first one gets way too much discussion, energy, and noise. Promotion gets the word out. Promotion can easily become all-consuming, and it can also become selfish. The promotion part of the equation asks, “have you seen my new book?” Promotion is everywhere, so we come to believe that it matters.

Activation creates the tension that answers the promotion question with, “I’ll go grab a copy.”

And conversation is the unsung part of every single hit book in this genre: “I need my friends to read this.”

Successful publishing, then, looks like this: Generate awareness. Create tension that leads to engagement with the work. Deliver an idea that works better for the reader when it’s shared and discussed. Reader traction leads to the network effect. The transformations compound, and the book becomes a foundation of culture and alignment.

That’s the work of publishing. Each component matters, not just the first one.

I’d break promotion into a few components:

Permission: When you can deliver anticipated, personal, and relevant messages to the people who want to get them, you’ve earned attention, not stolen it. Letting people who read your blog or listen to your podcast know about your new book is mutually beneficial. This is a trust that’s not to be taken lightly.

Shared permission: When you appear on someone else’s podcast or in the media, you’re bringing the message of your book to people who trust the host. The paradox is that the more trusted the media channel, the more difficult it is for you to appear when it suits you.

Buzz: This is a side effect of a good story and a medium that wants to carry it. In the hyper-parallel world of social media, there are an infinite number of tiny media outlets, and when they start to vibrate at the same frequency, buzz occurs. This is 5% preparation and 95% luck.

Hustle and Hype: Burning bridges and crossing lines just because it’s important to you. Please don’t. No one ever ends up glad they did this. It might not feel like hustle to the hustler, but if the person you’re targeting with your hype feels hustled, then that’s what’s happening.

But promotion is not worth much if it doesn’t translate into people actually purchasing and reading your book. Activation overcomes inertia, fear, and inconvenience. Activation energy leads to someone not only buying a book, but reading it.

Most publishers have someone who does publicity and promotion. Most marketers think about their job in the same way. Where are the teams that focus on activation?

In two recent book launches, I worked to create awareness with a record-breaking podcast tour. Each time I appeared on more than fifty podcasts on launch day. It took months of recording sessions and the kind support of some of the best podcasters in the world to pull this off.

Together we reached millions of people in just a few days. And yet, very few of these listeners bought a book as a result of a podcast. The math might be 1,000,000 YouTube interview views equals a hundred books sold.

Estimated growth in hours spent (billions!) listening to podcasts or other forms of online productivity/business learning

The common-sense math is simple: Over the last two decades, hours spent listening to podcasts, blog posts and videos about non-fiction topics is exponentially higher than it was, but sales in the category are flat or down.

Podcast appearances often solve the problem of what’s in the book (“oh, I heard it, I get it”) as opposed to creating useful and generous tension that leads to a read.

[Let me pause for a second here and clarify: If you can effectively give your idea away without writing and publishing a book, please do! Most of my blog posts reach more people than my books do, and I keep them as posts because that’s the best way to get my point across. But if it’s worth publishing a book around a set of ideas, it’s probably not easily translated into a thirty-minute podcast. Buying, reading, holding, shelving, sharing–these are opportunities the book has to amplify its impact.]

Now, consider the idea of a knock-knock book. This is a book with a secret. The world asks about it (knock knock) and the answer is, “buy the book.” This was a big part of publishing for a long time—if you want to know, you needed to read the book. But now that the answer is free, online, there’s not a lot of reason left to buy this sort of book… If all a book has is a secret, it won’t have the secret for long. TLDR.

Instead, the most resilient books in this category serve a different purpose. They’re shareable. They amplify a network. They serve as an instigator and a totem, a device that allows one reader to share insights with another, all in service of getting in sync. Books are souvenirs for some purchasers, but tools for most of us.

The step after activation is the one with the highest leverage: Conversation.

Successful books in this category don’t sell by the copy; they sell by the carton.

How will my organization, my team or my relationships improve if we all read this book? Can we talk about these ideas and put them to work together?

This is why Purple Cow and The Dip were two of my bestselling books.

When David and Brian wrote The Dip into Billions, they were using it as a shorthand. The judge was saying, “we need to talk about this nuanced idea, here’s an anchor.” The book becomes the foundation for a conversation that needed to happen.

Books that matter over time almost always fit this description: Atomic Habits, In Search of Excellence, Grit, The War of Art, The Let Them Theory, Mindset, and Big Magic… practical books that stand for something and offer a foundation for shared exploration and possibility.

You can do all the promotion and activation you want, but if your book doesn’t support conversation, it will soon fade away.

Have you seen my book? →

I’ll grab a copy →

I need my friends to read this →

My circle is using this as a tool.

Don’t tell me about your promotional strategy. Talk to me about activation and build conversation into your work from the start.

“On the one hand, information wants to be expensive, because it’s so valuable. The right information in the right place just changes your life. On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time.” Stewart Brand, 1984.

The two ideas don’t have to fight with each other. Information isn’t enough. It’s transformation and conversation that fuel our future.

Irregular Webcomic! #3156 [Irregular Webcomic!]

Irregular Webcomic! #3156

10:00

Oracle Solaris 11.4 SRU93 released [OSnews]

Oracle is sticking to its promise of more regular Solaris updates with the release of Oracle Solaris 11.4 SRU93. This release, like other SRU releases, is for paying Solaris customers, as the CBE releases for enthusiasts are on a different cadence. With Solaris’ focus being on enterprise server environments, it should come as no surprise that most of the changes and improvements are focused on things like enterprise networking and security, such as changes to how policy settings for the Kernel Crypto Framework (KCF) are stored, moving from using RPC over sockets instead of STREAMS, and more.

Of course, there’s also the long list of updated open source packages.

SRU 93.221.2 updates a broad set of platform, runtime, developer, networking, desktop, and open source components. Notable updates include Apache Tomcat to 9.0.116, bash to 5.3 patch 9, BIND to 9.20.18 and 9.20.21, Django 4.2 to 4.2.30, Django 5.2 to 5.2.13, Firefox to 140.8.0esr, Golang to 1.25.8, Node.js 20 to 20.20.2, Node.js 22 to 22.22.2, Node.js 24 to 24.14.1, NSS to 3.119.1, Perl to 5.42, Python 3.11 to 3.11.15, Python 3.13 to 3.13.12, RabbitMQ to 4.2.4, Thunderbird to 140.8.0esr, vim to 9.2.0340, and zlib to 1.3.2. Additional updates include development tools, Python modules, X11 utilities, printing components, libraries, cryptographic packages, networking tools, and desktop-related packages.
↫ Colin Kavanagh at the Oracle Solaris Blog

Existing Oracle Solaris customers can update to the new release through pkg update.

09:14

Mike Gabriel: Commenting on the recent Ubuntu Touch review done by @SwitchandClickOfficial on Youtube [Planet Debian]

There has been a video blog post recently published with a review of Ubuntu Touch as an option to opt out of the Android world: https://www.youtube.com/watch?v=wTK6TS3pXgc

Thanks to @SwitchandClick for spending time on this and publishing that video. Much appreciated.

Many Issues amended in upcoming 24.04-2.0 Release

When I watched that video referenced above, I continuously thought: ah... this is fixed in the next major release of Ubuntu Touch, or: ah... this is a known issue that we have on the roadmap..., or: ah... this is done in this ways by design (so it's a feature or basic functionality)...

Let me just state, that most of the criticized aspects will be resolved in upcoming Ubuntu Touch release 24.04-2.0 (the tests in that video blog post have been run on Ubuntu Touch 24.04-1.x):

Camera notch and rounding corners get honoured now by the UI
Ubuntu Touch's default webbrowser (Morph Browser) has been bumped from Chromium engine v87 (Qt5 based) to v134 (Qt6 based), installing another browser should not be necessary anymore (note that the privacy level in Morph Browser is pretty high, so using other browsers could mean a loss of privacy).
Bluetooth pairing agent got added to the bluetooth indicator
Ubuntu Touch now supports Snaps on CLI level and in the OpenStore app
Libertine has received fixes, but no substantial improvements. It mainly targets users who want to use their Ubuntu Touch device as desktop daily driver. Libertine-provided desktop apps UI-wise are often not usable on a phone-like device.

The full feature preview of the 24.04-2.0 release can be found here: https://ubports.com/blog/ubports-news-1/ubuntu-touch-24-04-2-0-beta-is-n...

Ubuntu Touch App Ecosystem

The app ecosystem of Ubuntu Touch is quite specific, because many apps in Ubuntu Touch have been explicitly developed for Ubuntu Touch using a widget toolkit called Lomiri.Components. However, in Ubuntu Touch we also encourage developers to provide apps written with other convergent-capable toolkits, such as QQC2-based apps or Kirigami-based apps.

One reason for the very different app ecosystem in Ubuntu Touch is that many service providers don't have Ubuntu Touch on their radar when investing in app development for their services. Some Ubuntu Touch App Developers work around this by either implementing unofficial client apps for web services (e.g. the Flow app for Deezer by Sander Klootwijk), others provide the web service via implementing a web app (will not work when offline, but at least will show up as an app in the launcher).

The overall solution for making Open-Store.io more familiar to users who migrate from Android is that commercial service providers start honouring digital sovereignty and start providing apps for Linux. Not just for the Linux desktop, but also for mobile Linux platforms. This dual use case can easily achieved with an app development that bears convergence in mind.

App Ecosystems are also a Matter of Perspective

And one more minor note: whenever I open an Android appstore or can peak over someone's shoulder using an iOS device: I always wonder: what are all these apps about??? Never heard about them.

So, familiarity really depends on perspective. And perspective depends on what you are used to. Change what you do and your perspective will follow.

Ubuntu Touch's root filesystem (rootfs) is Immutable

Only thing from that video blog post that we haven't fixed and won't do so in the midterm future is apt-get not working on the command line.

The reason for this is: the Ubuntu Touch root file system is an immutable file system and thus shall not be changed via apt-get & friends by ordinary users.

There are various discussions ongoing such as dpkg-divert'ing apt-get to a wrapper shell script that spits out an error message if rootfs is mounted read-only and someone tries to install packages the Debian/Ubuntu way. Other approaches are to mount some RAM disk over the rootfs, so apt-get can be used at runtime but changes to the system get reset at reboot.

However, it is possible to mount the root filesystem read-write and test newer package versions (as UT core developers do regularly, in fact). If you tinker with this, it is recommended to reflash your device (don't wipe user data, when you reflash!) from time to time, because adding packages or package upgrades to your rootfs may over time corrupt the integrity of the rootfs.

One reason for apt-get breaking the rootfs and thus your Ubuntu Touch development device is that the upgrade process of the rootfs image is incremental, so update tarballs sometimes contain only those parts that got changed between this and your previous upgrade (sometimes, upgrades contain a complete rootf image, depending on the interval between upgrades). If files from an incremental update tarball mix into a rootfs that got tinkered with via apt-get, you really end up on your own. Re-flashing will grab the complete rootfs tarball and wipe the whole rootfs and reinstall a fresh version of the newest rootfs image. Developers also do this in regular intervals to ensure their test device is clean again before running more/other tests.

06:21

Urgent: Federal worker lifelong secrecy agreements [Richard Stallman's Political Notes]

US citizens: submit an official comment to the Office of Personnel Management opposing the plan to require federal workers to sign lifelong secrecy agreements covering everything they do and know about their jobs.

I have condemned since around 1980 nondisclosure agreements that cover generally useful technical information, and refused ever to agree to one. These nondisclosure agreements are a different moral issue; they will be aimed protecting corrupt and treacherous acts inside federal agencies.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Investigate FBI's raid on voter registration activity [Richard Stallman's Political Notes]

US citizens: call on your congresscritter and senators to investigate the FBI's raid on a voter registration activity.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Reject magats' attempt to obstruct mailing of ballots [Richard Stallman's Political Notes]

US citizens: call on the USPS to obey its mandate by rejecting the magats' attempt to obstruct the mailing of ballots to voters.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Reject deeper embedding of U.S.-Israeli military cooperation [Richard Stallman's Political Notes]

US citizens: call on your congresscritter and senators to reject the deeper embedding of U.S.-Israeli military cooperation.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Judges challenge corrupter's $1.8bn slush fund [Richard Stallman's Political Notes]

*Bipartisan group of ex-federal judges challenges [the corrupter]'s $1.8bn [corruption slush fund]* in a lawsuit.

They have also urged the judge who approved this self-dealing "settlement" to reopen the decision and investigate whether the case that it "settled" was fraud on that court.

Around 17,500 people deported to countries they've never seen [Richard Stallman's Political Notes]

The persecutor has deported around 17,500 people to countries they have never seen before. Most of them do not speak the local language and can't live there.

Even worse, many of those countries intend to send those deportees back to their countries of origin, where they are likely to be tortured or killed.

Magats don't mind killing an immigrant and are glad to involve another intermediate country as an excuse.

Abortion prohibitions hinder treatments after miscarriages [Richard Stallman's Political Notes]

US state abortion prohibitions hinder treatment after miscarriages.

Adopt ranked choice voting for presidential primaries [Richard Stallman's Political Notes]

Calling on the Democratic Party to adopt ranked choice voting for the presidential primaries of 2028.

Israel expanding part of Gaza where Palestinians are shot on sight [Richard Stallman's Political Notes]

Israel is expanding, step by step, the part of Gaza where Palestinians are to be shot on sight. Originally it was 53% (plus a roughly defined border strip). Then it expanded to 60% plus... Now Netanyahu has ordered widening it to 70% plus the border strip.

06:07

Windows stack limit checking retrospective, follow-up [The Old New Thing]

Aaron Giles worked on porting Windows to both ARM32 and AArch64, and he noted a missing detail in my retrospective of stack limit checking on arm64:

Every once in a while Raymond Chen does an architectural comparison series and I get to see (a paraphrased version of) some code I wrote way back when. He’s right about why we passed stack size/16, but surprised he didn’t call out the unconventional x15 usage.

— Aaron Giles (@aarongiles.com) Mar 20, 2026 at 8:08 PM

I’m guessing that by “unconventional x15 usage”, Aaron means “Why is the parameter passed in the x15 register? The AArch64 calling convention passes the first parameter in the x0 register, so shouldn’t that parameter be in the x0 register?”

It seemed so obvious to me that I didn’t consider it worth mentioning.

The function that needs to do a stack probe is in a bit of a bind: It has inbound parameters, some of which might be passed in registers. If the stack size parameter were passed like a normal parameter to the stack probe function, then the calling function has to save its original inbound parameters somewhere. But it can’t save them on the stack because it has to do a stack probe before it can use the stack.

The solution is to give the stack probe function a custom calling convention that limits itself to scratch registers that are not used for receiving inbound parameters.

Architecture	Used for parameters	Allocation size	Also modified
8086		`ax`	`bx`, `dx`
x86-32	`ecx`	`eax`
MIPS	`a0`…`a3`	`t8`
PowerPC	`r3`…`r10`	`r12`	`r0`, `r11`
Alpha AXP	`a0`…`a5`	`t12`	`t8`, `t9`, `t10`
x86-64	`rcx`, `rdx`, `r8`, `r9`	`rax`	`r10`, `r11`
AArch64	`x0`…`x7`	`x15`	`x16`, `x17`

The calling conventions for processor architectures designate certain registers as “super-volatile”, typically those used reserved for assembler temporaries or for facilitating function calls between modules. These registers are excellent candidates for use by the stack probe function since there is no way they could be used for normal parameter passing.

For example, PowerPC uses r11, and AArch64 uses r16 and r17, all of which are available for use in function glue stubs. Other opportunities were overlooked: MIPS and Alpha AXP could have used at, though I can see why they may have wanted to avoid using them because the assembler might use them implicitly when assembling pseudo-instructions.

The post Windows stack limit checking retrospective, follow-up appeared first on The Old New Thing.

02:35

[$] LWN.net Weekly Edition for June 18, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

Front: State of Fedora; mTHP creation; overlayfs; buffer-heads cleanup; 7.1 statistics.
Briefs: curl summer of bliss; 7.1 kernel; AUR compromise; Fedora election; FairScan 2.0; Firefox 152.0; Homebrew 6.0.0; KDE Plasma 6.7; LWN topic list; Quotes; ...
Announcements: Newsletters, conferences, security updates, patches, and more.

Wednesday, 17 June

23:56

Android 17 released for Pixel devices with very few interesting improvements [OSnews]

Yesterday, Google released Android 17 to Pixel devices, so late last night I updated my Pixel 10 Pro with the intent to write a news item about the release today. The reality is that that I totally forgot I even upgraded last night, because Android 17 is about the biggest nothingburger I’ve ever seen. Virtually all of the new features listed in the upgrade blurb on my phone were “AI” nonsense I don’t encounter, so over the course of the day, I didn’t really notice anything new about my phone’s operating system.

The only interesting feature that I think will be particularly useful on tablets and perhaps foldable devices is something called “App Bubbles”. Basically, you can turn any application into an overlay that can be minimised into a bubble, which then lives anywhere on your screen. Tap it, and you can maximise the overlay again. This little multitasking bubble can contain multiple applications, effectively making it a dock or taskbar. Neat, but I didn’t see much use for it on my phone.

The remainder of the new non-“AI” features are hard to spot, at best. I guess the ability to turn one half of a foldable display into a gamepad is neat if you can deal with gaming on glass buttons (I cannot), and the changes to location access (you can now grant it for just one time) and contacts access (it’s more fine-grained and temporary now instead of granting access to everything forever) are welcome, but that’s about it for user-facing features.

Under the hood, the one thing that stands out is that Google is enforcing stricter memory limits for applications, based on how much RAM a device has. The idea is that this should prevent memory leaks from getting out of control and leading to crashes, which is nice, especially for devices with less RAM.

Android 17 is available for Pixel devices now, and will probably find its way to non-Pixel devices over the coming months or years. With how little meat there is on Android 17’s bones, this might be the first release where Android’s update woes don’t really matter.

23:07

The Free and Open Web Is Under Attack at the IETF [Deeplinks]

The ability to access publicly available information using automated tools is a central value and benefit of a free and open internet. Automated access—often called crawling or scraping—powers important, useful tools for locating, preserving, and analyzing online information. For example, crawling and scraping helps journalists, researchers, and watchdog organizations report the news, find security flaws, and investigate discrimination. Crawling the web allows non-profits like the Internet Archive to preserve historical copies of websites. Tools for automated comparison shopping allow consumers to find the best deals on items they want to buy. And so on.

Yet the open internet access is increasingly under threat from publishers and Big Tech companies alike. Fearing lost advertising and licensing revenues, website operators increasingly claim that they need to lock down their sites from bots that crawl public web content to train or operate AI models. Some companies are even trying to embed their business models into internet standards by changing Internet Engineering Task Force (IETF) technical standards that shape much of the internet.

Many of their economic anxieties are understandable. AI bots can strain websites’ infrastructure, in some cases, degrading site performance or taking them offline altogether. Upgrading systems costs money that some sites may not have. And AI is likely to disrupt the business models many publishers adopted in response to the rise of the internet, if users rely on AI overviews instead of visiting source websites.

However reasonable these fears may be, the answer is not to change the IETF standards from neutral protocols that encourage openness to restrictive requirements designed to monetize internet access.

The worst of these proposed standards would give websites far greater ability to automatically block legitimate, lawful scraping and crawling. For example, the AI Preferences working group is working on proposals to give publishers a way to express “preference signals” against crawling web data for AI-related purposes, including to train models, generate outputs, and help users search the web. These preference signals would be expressed through robots.txt and could potentially become legally binding in some jurisdictions.

Another working group, called Web Bot Auth, is pursuing efforts to protect sites from overly-aggressive bots that strain website resources—a positive goal that could meaningfully improve the internet in the AI era. But Web Bot Auth is simultaneously pursuing a much more dangerous path as well: standards changes that would enable sites to cryptographically identify bots so that they can more easily block anyone they wish—not just “bad” actors, but competitors, dissidents, or anyone who hasn’t paid for the right to access sites using automated tools. If sites restrict crawling to a preapproved list of cryptographically authenticated bots, they could require licensing payments from those wishing to crawl their sites. This would close off the open web to researchers, archivists, and startups without the ability to pay for automated access.

Websites may have legitimate reasons to worry about AI’s impacts on their traffic and advertising revenue, but those reasons must be weighed against the benefits of the open web. These proposals would effectively give website operators veto power over a wide range of important uses—from the investigations and archival works described above to accessibility tools for people with disabilities, to research efforts aimed at holding governments accountable.

That is why we are fighting back against these threats to open access. EFF and our allies in the open internet community have successfully resisted some of the most dangerous IETF proposals thus far—and won’t stop working to protect the open web from efforts to manipulate internet standards to undermine the right to freely access the internet in any legal way, including with automated tools.

22:21

Page 26 [Flipside]

Page 26 is done.

(5283) [Flipside]

22:00

Dark Arisen [Penny Arcade]

It's very textbook stuff; now that the game festivals are over, now that the charm offensive has been executed more or less flawlessly and there's no more juice to squeeze from it, it's time to produce an incredibly large cartoon knife from nowhere and move to the next phase.

21:35

The NO FAKES Act Could Silence Satire, Commentary, And News [Deeplinks]

The NO FAKES Act is supposed to target harmful AI-generated impersonations. But in reality, it will make it easier to suppress commentary, satire, and other lawful speech. That's why EFF has signed a letter urging the Senate Judiciary Committee not to advance the bill in its current form.

Take action

Tell Congress to Say No to NO FAKES

In the letter, EFF joins a coalition of civil society groups in pointing out that the bill would import many of the worst features of the DMCA notice-and-takedown system into an even broader range of online expression. Faced with a “heckler’s veto” over legal speech, platforms will have incentives to remove content first and ask questions later.

The bill offers no protection for a platform’s judgment about an often difficult question—whether a particular piece of content is satire, parody, commentary, or news. Any platform that guesses wrong faces penalties of up to $750,000 per work.

NO FAKES could also undermine the rights of the people it is supposed to protect. The new federal “likeness” right could be licensed or transferred to others, so individuals will lose control over the use of their own face and voice. That’s not theoretical—workers in the entertainment industry are routinely asked to sign broad contracts about the future use of their likenesses.

As the letter notes:

A background actor who signs a release on set or an ordinary person who clicks through a platform's terms of service could end up with the right to their own face and voice in someone else's hands, for years, with federal enforcement behind it.

EFF and the other signatories urge Congress to examine existing legal remedies and pursue narrowly tailored solutions to genuine harms. The last thing we need is a sweeping new intellectual property right that threatens free expression.

In addition to EFF, the letter is signed by the Center for Democracy & Technology, the American Civil Liberties Union, Fight for the Future, Foundation for Individual Rights and Expression, the Organization for Transformative Works, Public Knowledge, the R Street Institute, The Future of Free Speech, and the Woodhull Freedom Foundation. Read the full letter here.

Take action

Tell Congress to Say No to NO FAKES

20:28

The Knicks’ message is that working together works.

Being a NYer and Knicks fan, I don't have a good perspective on how big an event the Knicks winning is. If you're not from the area, how widely is this holiday being observed and how many share the enthusiasm. Are people everywhere asking "How about those Knicks!"

Pluralistic: The (real) dead economy theory (17 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

There will be new higher level development environments. How they work, I don't know. But much of your time working in Claude Code is telling it how to do stuff you want it to do, always -- and reminding that it that it forgot one of the rules (which it seems to always admit). A new development environment will come with rules about how to work with people. Those rules will be written with the help of psychologists who study human reasoning processes.

19:42

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

The (real) dead economy theory: Vibes and memestocks, all the way down.
Hey look at this: Delights to delectate.
Object permanence: Jim Baen has had a stroke; Blame Apple for iTunes DRM; France v the internet; "Rotters"; 1901 undersea cables; Washington Post wants Trump coverage blackout; Taxes are for the little people; Gamer lifecycle; Ghanian postal song; "What Lies Beneath the Clock Tower": Murder of Jo Cox; 12 year old doxed by anti-vaxers; Hong Kong bookseller recants forced confession.
Upcoming appearances: LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, London, Edinburgh, Brighton, South Bend.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

The (real) dead economy theory (permalink)

Here's a fun fact about Elon Musk: in 2020, his (nominal) net worth was $20b, and today it's $1t (nominally). But that's not the fun fact; this is: everything he's done since 2020 was a flop.

As John Quiggin writes, the pre-2020 Musk was the Musk of Tesla, batteries and Starlink. The post-2020 Musk is the Musk of Starship, robotaxis, Cybertrucks and Twitter – a string of commercial flops and assets that literally exploded. I would add that post-2020 Musk created the world's hungriest money-furnace, an automated child-porn production tool called "XAI":

https://crookedtimber.org/2026/06/15/one-big-grift/

Quiggin declares that this is the era in which "financial markets fail in the task of valuing assets accurately," and "the institutional structures that are supposed to make them work have given up trying." Nor did this start with the Spacex IPO. As Quiggin writes, Bitcoin and other cryptos were once shunned by nominally sober financial institutions like Goldman Sachs, but today, not only do all the big banks offer crypto services, people have largely stopped calling it cryptocurrency because no one is even pretending that it's a form of money. It's a tradeable collectible, not even particularly useful for paying for crimes or laundering money.

Spacex is just a continuation of the logic of crypto, in which something is valuable because some people think other people will pay more for it in the future, and not because it does useful things:

https://johnquiggin.com/2018/02/09/bitcoin-kills-the-efficient-market-hypothesis/

That's the logic of the whole market today. AI – the world's money-losingest technology – attracts investment at the expense of everything else. When horrified NIH lifers begged the DOGE boys not to shut down long-running medical research projects, Musk's broccoli-haired brownshirts laughed in their faces, saying we don't need cancer research because "GAI" is almost here and it will cure cancer. You could hardly ask for a better example of investing in vibes over value than shutting down real cancer research to free up money for teaching more words to the word-guessing machine because it's about to become God and cure cancer.

Today, Goldman Sachs isn't merely all-in on crypto – it's all-in on the Spacex IPO. As Quiggin writes, the bank has signed off on Musk's claim that "Musk's ragbag of assets" will grow one hundredfold in the next 40 months.

Quiggin's short essay has been rolling around in my mind since I read it a couple days ago. Then, yesterday, I spotted this essay by Owen McGrann entitled "The Dead Economy Theory":

https://www.owenmcgrann.com/p/the-dead-economy-theory

The perfect name for this phenomenon! Or so I thought. Then I read McGrann's article, and discovered that it's yet another piece asking how the economy will work after AI takes all of our jobs because AI is absolutely going to do that and there's no point in even questioning whether that will happen.

Look, thought experiments about how to deal equitably with labor displacement in the face of automation are all well and good. I'm a science fiction writer, that stuff is my bread and butter.

But applying "dead economy theory" to the blithe acceptance of the claims of AI pitchmen is a terrible waste of a killer coinage. The true risk of AI to your job isn't: "an AI will do your job." It's: "an AI salesman will exploit your boss's infinite horniness for replacing mouthy workers with pliable machines to sell him a chatbot that can't do your job, and then your boss will fire you and replace you with that inept, defective chatbot."

By the same token: the real "dead economy" risk isn't that all the productive labor will be done by chatbots owned by a habitual liar and eminently guillotineable billionaire like Sam Altman. The actual dead economy risk is that our institutions and markets will continue to move capital from productive activity into memestocks, vibes, and bubbles.

We could do "AI cancer research" by producing tools that automate gnarly multivariant analysis problems for cancer researchers. But what we're actually doing is defunding cancer research (especially any research into "systemic" cancer because studying systemic things is "woke") to free up fiscal space so we can build data-centers and make Musk into a trillionaire.

That's not just a dead economy – it's one that'll kill everyone you love and everything that matters.

Hey look at this (permalink)

Onward, Friends https://www.eff.org/deeplinks/2026/06/farewell-now-friends
The 40 Most Rage-Inducing Problems in Tech https://www.theringer.com/2026/05/28/tech/pope-leo-xiv-ai-encyclical-tech-industry-problems
THE GUILLOTINE EMOJI PROPOSAL https://www.carrozo.com/guillotine-emoji
Corporations Repurchase $4.8 TRILLION of Stock Since 2017 Trump-GOP Tax Law https://4taxfairness.substack.com/p/corporations-repurchase-48-trillion
US approval of Paramount/Warner Bros. deal surprised DOJ lawyers, report says https://arstechnica.com/tech-policy/2026/06/us-approval-of-paramount-warner-bros-deal-surprised-doj-lawyers-report-says/

Object permanence (permalink)

#20yrsago Jim Baen, science fiction publisher, has had a serious stroke https://nielsenhayden.com/makinglight/archives/007658.html#007658

#20yrsago Why Apple is to blame for iTunes DRM https://web.archive.org/web/20060620004534/http://vitanuova.loyalty.org/NewsBruiser-2.6.1/nb.cgi/view/vitanuova/2006/06/15/1

#20yrsago Lifecycle of a gamer https://www.raphkoster.com/2006/06/16/the-lifecycles-of-a-player/

#20yrsago Spammer: I’ll buy MySpace profiles with more than 20k contacts https://web.archive.org/web/20060619062837/http://skibrooklyn.blogspot.com/2006/06/easy-money-sell-your-friends.html

#20yrsago Psychology of bad probability estimation: why lottos and terrorists matter https://web.archive.org/web/20060627174933/https://server1.sxsw.com/2006/coverage/SXSW06.INT.20060311.DanielGilbert.mp3

#15yrsago Copyright complaint kills Peanutweeter https://web.archive.org/web/20110620093750/https://www.wired.com/underwire/2011/06/peanutweeter-dmca-takedown/

#15yrsago Work song of Ghanian postal workers cancelling stamps https://blogfiles.wfmu.org/KF/0512/Ghana_Post_Office.mp3

#15yrsago What Lies Beneath the Clock Tower: steampunk choose-your-own-adventure https://memex.craphound.com/2011/06/17/what-lies-beneath-the-clock-tower-steampunk-choose-your-own-adventure/

#15yrsago French proposal: any URL to be arbitrarily blacklisted without due process https://www.laquadrature.net/en/2011/06/15/the-entire-internet-under-governmental-censorship-in-france/

#15yrsago Rotters: YA horror novel about grave-robbing chills, thrills, delights https://memex.craphound.com/2011/06/15/rotters-ya-horror-novel-about-grave-robbing-chills-thrills-delights/

#15yrsago Map of undersea cables from 1901 https://web.archive.org/web/20110220121138/http://www.dephx.com/2010/11/map-of-undersea-cables-from-1901.html

#15yrsago Copyright complaint kills Peanutweeter https://web.archive.org/web/20110620093750/https://www.wired.com/underwire/2011/06/peanutweeter-dmca-takedown/

#15yrsago Work song of Ghanian postal workers cancelling stamps https://blogfiles.wfmu.org/KF/0512/Ghana_Post_Office.mp3

#15yrsago What Lies Beneath the Clock Tower: steampunk choose-your-own-adventure https://memex.craphound.com/2011/06/17/what-lies-beneath-the-clock-tower-steampunk-choose-your-own-adventure/

#10yrsago Supreme Court ruling is a blow to copyright trolling business-model https://arstechnica.com/tech-policy/2016/06/attorneys-in-copyright-case-on-resold-textbooks-inch-closer-to-2m-payday/

#10yrsago The Orlando shooting, according to the Congressmen who took the most money from the NRA https://web.archive.org/web/20160617143716/https://theslot.jezebel.com/heres-how-the-congressmen-who-have-gotten-the-most-cash-1782083985

#10yrsago British Pro-EU MP murdered in the street by man shouting “Britain first!” https://web.archive.org/web/20160616212235/https://theintercept.com/2016/06/16/british-referendum-campaign-suspended-killing-pro-europe-lawmaker-jo-cox/

#10yrsago 12 year old makes devastating video about anti-vaxxers, gets doxxed https://skepchick.org/2016/06/anti-vaxxers-dox-a-child-critic/

#10yrsago Report from the prison-industrial complex’s leading trade show https://www.theguardian.com/us-news/2016/jun/16/us-prisons-jail-private-healthcare-companies-profit

#10yrsago Your cable operator is spying on you and selling the data from your set-top box https://publicknowledge.org/public-knowledge-defends-consumer-privacy-in-set-top-box-data-complaint-to-fcc-ftc/

#10yrsago Not robots: youth unemployment caused by late retirement, driven by pension precarity https://thebaffler.com/salvos/exit-planning-geoghegan

#10yrsago Oakland mayor denies firing police chief over officers who statutorily raped teen sex-worker https://eastbayexpress.com/badge-of-dishonor-top-oakland-police-department-officials-looked-away-as-east-bay-cops-sexually-exploited-and-trafficked-a-teenager-2-1/

#10yrsago Paramount tells judge that they’re still suing over Star Trek fan-film https://www.hollywoodreporter.com/business/business-news/paramount-says-star-trek-fan-903497/

#10yrsago $40,000/year private school sues school for low-income kids for $2M over “Commonwealth” https://www.bostonglobe.com/metro/2016/06/16/can-school-lay-claim-commonwealth-its-name-back-bay-institution-believes-can/WHwiaaPEn04cIY6uxXjoiO/story.html

#10yrsago Wisconsin Congresswoman: mandatory drug tests for anyone claiming $150K in itemized tax-deductions https://www.theguardian.com/us-news/2016/jun/16/gwen-moore-drug-test-rich-for-tax-deductions

#10yrsago Hong Kong bookseller: I was forced to confess on China TV https://www.bbc.com/news/av/world-asia-china-36552672#5yrsago

#10yrsago Washington Post calls for “blackout” on Trump coverage, appeals to RNC https://web.archive.org/web/20160615113350/https://www.washingtonpost.com/opinions/the-right-response-to-donald-trump-a-media-blackout/2016/06/14/2868a0e0-3256-11e6-8758-d58e76e11b12_story.html

#10yrsago Security economics: black market price of hacked servers drops to $6 https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/

#10yrsago Lower-case “x” as a gender-neutral typographic convention https://kottke.org/16/06/x-marks-gender-neutral

#5yrsago Taxes are for the little people https://pluralistic.net/2021/06/15/guillotines-and-taxes/#carried-interest

Upcoming appearances (permalink)

Virtual: The future of world governance, with Kim Stanley Robinson (UN Independent Expert on International Order), Jun 19
https://www.youtube.com/live/wJvBvYdaAMY
LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026
Toronto: The Sovereignty Debate (IAB Canada's State of the Nation), Jun 23
https://iabcanada.com/state-of-the-nation-2026
Toronto: The Reverse Centaur's Guide to Life After AI (Osler Records/Type Books), Jun 23
https://www.eventbrite.com/e/cory-doctorow-book-launch-and-talk-tickets-1991501299998
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628
London: Idler Festival, Jul 11
https://www.idler.co.uk/festival/
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Brighton: The Reverse Centaur's Guide to Life After AI with Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances (permalink)

The Enshittification of Life, the Universe, & Everything (Luke Savage)
https://www.lukewsavage.com/p/the-enshittification-of-life-the
Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035
Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)
https://www.jimruttshow.com/cory-doctorow-3/
On Enshittification – and what can be done about it (Re:publica)
https://www.youtube.com/watch?v=KhINQgPMVSI
EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
https://archive.org/details/effecting-change-enshittification

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

Medium (no ads, paywalled):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

18:49

ARM Never Made a Chip. Dolby Never Built a Speaker. [I, Cringely]

There’s a lot of excited arithmetic going around about artificial intelligence. A trillion-dollar valuation here, a hundred-billion-dollar funding round there, the price of a model quoted like the budget of a moon mission. I’ve been writing this column long enough — since the Reagan administration, if you want to make me feel old about it — to have learned one durable thing about computing: the number everybody is staring at is almost never where the money ends up.

Let me tell you about two companies that figured that out early.

The first is ARM. If you’re reading this on a phone, there’s an ARM design inside it. There’s one in the tablet on your nightstand, the car in your driveway, probably the watch on your wrist. ARM is in nearly every smartphone on the planet. And here’s the part that ought to stop you cold: ARM has never manufactured a single chip. Not one. They don’t own a factory. They design an instruction set — the basic grammar a processor uses to think — and they license it. Everybody else does the expensive, dangerous, capital-soaked work of actually building the silicon. ARM collects a royalty measured in pennies on each chip, and those pennies, multiplied across the entire industry, have made a company that builds nothing worth more than many of the companies that actually run the factories.

The second is Dolby. Ray Dolby could have spent his career building the world’s best noise-reduction box and selling it to recording studios, and he’d have done fine. Instead he did something smarter. He turned his method for cleaner sound into a standard, and then he made that standard the thing every other manufacturer wanted on the box. You never bought a Dolby. You bought a tape deck, or a receiver, or a movie ticket, and somewhere on it was a little double-D logo that meant somebody had paid Ray Dolby for the privilege of sounding good. He didn’t win the audio market. He put a toll booth on it.

I bring up these two old stories because I think we’re about to watch the same trick get played in AI, and almost nobody is positioned for it.

Here’s the uncomfortable truth underneath all that trillion-dollar arithmetic: intelligence is on its way to becoming a commodity. The models are converging. The thing that felt like magic two years ago is now something you can rent by the token from half a dozen vendors, and the price only goes one direction. When you can swap one model for another the way you swap one brand of gasoline for another, you’re no longer looking at a miracle. You’re looking at a utility. And utilities don’t command trillion-dollar margins for long.

So, if intelligence gets cheap, where does the value go? It goes, as it always does, to whatever stays scarce.

And the scarce thing in AI isn’t intelligence. It’s trust.

We’ve built machines that are fluent and confident and, a meaningful fraction of the time, wrong — wrong in the specific, expensive way that sounds exactly as authoritative as being right. I’ve spent a good part of this series on that problem, because it is the problem. A model that is brilliant and occasionally invents things is not something you can put in front of an insurance adjuster, a radiologist, a loan officer, or a judge. The intelligence is already good enough. What’s missing is the guarantee.

Now here’s the interesting thing about a guarantee like that. Once somebody works out how to verify an AI’s answer — to know, before it ever reaches a human, whether the system is standing on solid ground or making it up — that capability doesn’t behave like a product. It behaves like a standard.

Think about why. You don’t want trustworthy AI in one app. You want it everywhere the AI is, the way you want the brakes to work in every car and not just the one in the showroom. A verification layer is only worth something if it sits underneath everything — and the fastest way to get underneath everything is not to build a rival to every AI company on earth. It’s to license the one thing they all need and let them keep competing on everything else.

That’s ARM. That’s Dolby. You don’t sell the trustworthy machine. You license the part that makes the machine trustworthy, and you collect a sliver every time it runs.

It’s an odd business to explain at a cocktail party, because the honest one-line description is “we sell nothing.” We don’t want to build the model. We don’t want to win the application market. We don’t want to run the data center. We want to be the instruction set for verified answers — the double-D logo on the box that tells a regulated buyer the output can be trusted — and to be paid a small, dull, recurring amount every single time, across a base that is growing faster than almost anything in the history of this industry.

Small and dull and recurring, multiplied by enormous, is exactly how ARM quietly became worth more than the giants whose chips it lives inside. You don’t have to win the market. You have to be the toll on it.

I find this clarifying, and not only for business reasons. For a decade the working assumption in AI has been that the prize goes to whoever builds the biggest brain. I think that’s the wrong race, or at least the wrong finish line. The biggest brain is going to get cheaper every year, the way the fastest chip and the cleanest sound did before it. The durable money — the ARM money, the Dolby money — is going to belong to whoever owns the standard that everyone else has to license in order to be believed.

Trust is going to be the most valuable thing in artificial intelligence. And trust, it turns out, is something you license, not something you sell.

Disclosure: I’m a co-founder of 2Brains, Inc., which is built on exactly the idea in this column — so season my enthusiasm with the appropriate grain of salt. I’ve tried to make the argument stand on its own two feet, the way ARM and Dolby do, whether or not you ever pay me a nickel

The post ARM Never Made a Chip. Dolby Never Built a Speaker. first appeared on I, Cringely.

Digital Branding
Web Design Marketing

31 Years [Whatever]

The 31st anniversary isn’t usually the one where people get introspective about the nature of marriage and stuff — we tend to like big round numbers for a reason — but last year on this day Krissy and I were in Venice doing all sorts of touristy things and I really didn’t have the time or the inclination to spend my time in Italy on a laptop (and not even a laptop; I took my iPad with me). This year for our anniversary we’re going to Versailles, but it’s the one in Ohio and it’s pronounced “Ver-SAILS,” and we’re going there for dinner at a nice restaurant there. So as it happens I have some time today to muse on the nature of matrimony.

I’ve spoken before of the things that Krissy and I have done to make sure our marriage stays strong over the years, from simple things like saying “I love you” a lot — and I do mean, a lot, I don’t know any other couple who says it as much as we do — to more complicated things like continually checking in on each other, not taking each other for granted and making sure both of us are getting our needs met by the other. This is stuff I think most married folks can do, and should do, in the way that works best for their own relationship; basically, the understanding that relationships, even (and maybe especially) the good ones, are still work and ought to be tended to, instead of just being taken for granted.

But the other thing is I think Krissy and I both got lucky in finding the person best suited for helping us become the person we were hoping to be. And yes, at least initially that absolutely was luck; when Krissy spotted me on a dance floor she could know nothing else about me other than I danced like I wasn’t worried about being judged for it, and when I first laid eyes on Krissy I knew nothing about her other than she was the sort of beautiful that could make people walk into walls because they were looking at her. These were good things, sure. A fine start, and enough to get us to go on that official first date three weeks later. But ultimately not a lot to go on.

I still think Krissy is beautiful, and she still enjoys my dance stylings, but it’s everything else that really sealed the deal. It became clear to me that not only was Krissy smart, she was in many ways smarter than I was, with a far better sense of how to actually navigate the day-to-day world in a successful fashion. She was (and is) a direct-line and decisive thinker where I had and have a tendency to overthink and be discursive. None of this is news to long-time readers here, of course; I’ve talked about this before. But what I don’t think people understand is what an actual revelation it was for me to see something like that in action, inside the context of my actual life. I was not — and this is putting it extremely charitably — raised in a situation where order and executive function were common, and it was something I struggled with myself, and, no surprise, still do.

To see someone who just naturally had it, and used it like it was no big deal, well. It was like watching someone perform actual magic. And this person was willing to use it! For me! And us! Together! Aside from the actual fucking relief of having someone in my life actively being stable and sensible and reliable, and also loved me, there was the practical matter of how much potential this opened up for our life together; that I could, and was allowed to, focus on things I was good at, that would end up benefitting us both. I often say to people, here and elsewhere, that I have the career I have because Krissy is my partner, but I genuinely don’t think people understand the extent to how that is true. I would still be a writer, to be sure. I would not this writer, with these books, and this life.

And what about Krissy? Well, I was funny and clever, which is not to be discounted, even if, as we all know, there is a fine line between “clever” and “asshole.” She also saw I was talented — I had a skill that I both used and continued to develop, and an ability in it that was more than just standard issue. On top of that, I was (and still am!) ambitious, which Krissy saw as a plus. Just as I saw potential in what she offered to me in terms of stability and reliability, she saw potential in what I offered to her in the desire to do bigger things, and saw where she fit in with making those things happen.

Equally if not more importantly, Krissy figured out that I didn’t need to be trained out of any bad habits when it came to our partnership. My own particular brand of masculinity was and is not one that required me to petulantly stomp my foot about how I was the man in the relationship, damn it, and therefore was the one in charge of whatever it was a dude was meant to be in charge of. I could write a whole series of posts — and maybe I will one day — about how much of “masculinity” boils down to “I don’t like being argued with and if I don’t get my way I will explode,” but for now, suffice to say that this is not a particular neurosis of mine. Krissy saw, I like to think accurately, that I valued her for every part of her, which included her decisiveness and initiative. I did not need to be told that Krissy should be allowed to cook across the whole range of her abilities. She did not ever have to diminish who she was because she was worried my ego couldn’t handle it.

So, these are the things that we figured out early about each other. As we continued, it turned out that we helped each other build on all of these things. We have never argued about “who is in charge,” not just because that was not an argument worth having, but because the way our skill sets fell out it’s literally never been an issue. To put it extremely generally, when it comes to our lives together, I handle strategy and Krissy handles tactics, because that’s how our brains work best. Strategy without tactics is useless; tactics without strategy is pointless. It’s not about who makes decisions. It’s about, when we make the decision, how do we make it happen.

None of this happened because we knew from day one about any of this. It came from paying attention to each other, valuing and trusting each other, and building on what we’ve done as we’ve gone along. We got lucky when we met that these things about us were already there, and we liked them about each other. But then we did the work together, every day, so that these things we liked were given space to develop into things that would let us build a whole life together, across four decades now. It would be simplistic and wrong to suggest all of this happened without hiccups or snags or occasional misunderstandings along the way, of course. We are both human beings. But the deep well of love and trust that we can draw from helps a whole lot when that’s happened.

I don’t think any of us can help if we get lucky when it comes to drawing a partner who helps us be our best self — I think Krissy and I found the right person for us almost entirely by random and had the good sense to go with that. I do think everyone can look at the partner they have and ask “how can who I am and what I do make their life better, and our life better?” Because, you know, I have faith there is an actual good answer for everyone there. You have to find it. And then you have to do it. And then keep doing it.

And keep asking it, because life changes. Krissy and I are not the people, or in the same circumstances, in our 50s as we were in our 20s, 30s, or even 40s. Every step of our life we wanted and needed things from each other and, so far, at least, we’ve figured out the ways to make that happen. It’s work! It never stops being work! And the reward is having a life that only you two could have made for each other. There was no guarantee that at any step along the way we couldn’t have fallen out of step with each other. Sometimes that happens, and sometimes when that happens the best thing is to call it and move on separately. That’s all right! For us, it keeps working. We work to keep it working.

This is where we are, 31 years into the marriage. I spend a lot of time letting Krissy know how wonderful I think she is, and how much I value the life we built together, and how much I’m looking forward to continuing to do that, for as long as we get to. She’s the best thing to happen to me, and I keep trying to return that favor. I’ll keep doing it. She’s really great.

— JS

18:00

Messi [xkcd.com]

17:35

Fedora F44 election results [LWN.net]

The results are in for Fedora's F44 election cycle for seats on the Fedora Council, Fedora Engineering Steering Committee, Fedora Mindshare Committee, and EPEL Steering Committee.

Miro Hrončok and Aleksandra Fedorova have won seats on the council. Neal Gompa, Fabio Valentini, Michel Lind, Maxwell G, and Simon de Vlieger have been elected to FESCo. Samyak Jain, Akashdeep Dhar, Luis Bazan, and Mat Holmes have all been elected to the Mindshare Committee. The four candidates for the EPEL committee, Carl George, Diego Hererra, Jonathan Wright, and Troy Dawson were all automatically elected as there were an equal number of candidates and seats open. Congratulations to all the winners.

16:56

Joey Hess: best of the web [Planet Debian]

This is somehow the featured website on https://earlyweblinks.com/ this week.

Read all about my web site here! https://earlyweblinks.com/site-of-the-week/joey-hess

Kind of reminds me of back in 1995 or so when my website would randomly end up picked by some best of the web list that I never heard of. The web is still a small place I guess.

Maybe I should join a web ring or something?

16:49

Everything security at PyCon US 2026 [LWN.net]

The Python Software Foundation blog has a post with a summary of the security-related content at PyCon US 2026 with links to slides from important sessions. The recordings will be published to the PyCon US channel on YouTube, and the post will be updated with links to those videos as they are made available.

16:42

The Case Against Building Your Own Agent Platform [Radar]

You know the meeting. The board wants an AI agent strategy by end of quarter. Someone on the leadership team has read a McKinsey report. You’ve been voluntold to build the platform. The slide deck says “AI-native.” The acceptance criteria are vague. Somebody mentions LangGraph, and somebody else says, “We’ll just wrap it ourselves.”

You ask what “done” looks like. Nobody in the room can answer.

The cost of building this is almost always estimated before anyone has a clear picture of what “this” actually is. And that’s the problem I want to work through here, because the scope of the work being casually assigned to internal platform teams right now is genuinely larger than the people assigning it understand.

Build versus buy, flipped in a year

This particular pendulum has swung before. App servers in the late 1990s. Content management systems in the 2000s. Container orchestration in the 2010s. The pattern rhymes every time: When a category is new, the components look deceptively simple. Early adopters build their own. The market catches up. Within 18 months, building becomes the expensive path. Within 36 months, the teams that built internally are rewriting on top of the category winner that emerged while they weren’t looking.

What’s different about the current moment is the speed. Menlo Ventures’ 2025 State of Generative AI in the Enterprise report shows the build-versus-buy split inverted in a single year. In 2024, 47% of enterprise AI solutions were built internally. By late 2025, that number had collapsed to 24%. The market made the decision in 12 months, which is unusual.

I’ve lived through enough of these transitions to recognize the shape. What I want to do in this piece is explain why I think the scope of “agent platform” is systematically underestimated right now, and what platform engineers should be asking before they commit to building one.

Most “agent platforms” aren’t

A lot of the projects labeled “agent platform” right now are actually workflow systems with an LLM in the loop. That’s a meaningful distinction. As Anthropic pointed out in its “Building Effective Agents” guidance, workflows are systems where LLMs and tools are orchestrated through predefined code paths. Agents are systems where LLMs dynamically direct their own processes and tool usage.

Most of what enterprises are shipping today sits on the workflow side. That’s fine. Workflows have bounded requirements, tractable testing, and predictable failure modes. If your team is building a workflow system, you might reasonably build it yourselves.

The trap is that teams start building for workflows, then get asked to support agents, and discover the jump isn’t incremental. Agents need memory that survives across sessions. They need evaluation that handles nondeterminism. They need governance that tracks actions, not just outputs. They need orchestration that recovers from failure modes a workflow engine never sees.

Here’s the thesis I want to put on the table: The decision to build an agent platform almost always underestimates the long tail. Memory, governance, eval, and orchestration aren’t features you add to a workflow engine. They’re separate product bets, each with its own maturity curve, its own vendor landscape, and its own team of specialists who’ve been working on it full-time for 18 months while you’ve been doing something else.

Let me walk through them.

Memory

The assumption inside most build proposals is that memory is a database problem. You’ll pick a vector store, shove conversation history into it, and retrieve relevant chunks when the agent needs context. Done.

Production memory is three separate systems: episodic, semantic, and procedural, each with different retention and retrieval policies. It’s temporal reasoning that tracks when facts were valid, not just what they were. It’s deduplication, multitenant isolation, and explicit source-of-truth governance.

The signal that this is a separate product category, not a feature: Mem0 raised $24 million across seed and Series A. Letta (formerly MemGPT) raised $10M from Felicis. Zep exists as an independent company with a temporal knowledge graph engine. Mem0’s State of AI Agent Memory 2026 report maps 21 frameworks across three hosting models with measurable benchmark gaps between them. On LongMemEval, Zep scores 15 points higher than Mem0 on temporal queries, which tells you these aren’t interchangeable tools that happen to serve the same market.

This is the component that platform teams underestimate hardest. Memory sounds like a database problem. It isn’t.

Governance

The assumption is that governance is RBAC plus audit logging. Your agents are services. Services get role-based access controls. You log the tool calls. Compliance is happy.

Agent governance is something different. It spans action authorization, not just data authorization. It requires decision-chain auditability, where you can reconstruct why the agent did what it did, not just what it did. It needs behavioral drift detection, tiered autonomy, and compliance mapped to agent actions rather than data accesses.

Grant Thornton’s 2026 AI Impact Survey of 950 business executives found that 78% lack strong confidence they could pass an independent AI governance audit within 90 days. Meanwhile, enterprises are moving to increase agent autonomy faster than their governance frameworks can keep up. Traditional AI governance wasn’t designed for action-level authorization, which is where most agent-specific risk accumulates.

And there’s a hard deadline attached to this. The EU AI Act becomes fully enforceable for high-risk systems in August 2026. Credit scoring, hiring decisions, healthcare support, and critical infrastructure all fall in scope. If your internal platform doesn’t handle conformity assessments, human oversight mechanisms, complete audit trails, and ongoing monitoring, that’s not a v2 feature. That’s a legal exposure.

OWASP now documents “excessive agency” as a top vulnerability class for LLM applications. Cornell researchers have demonstrated indirect prompt injection attacks that manipulate agents through content they ingest. These are agent-specific attack surfaces, and traditional security tooling doesn’t see them.

RBAC was designed for humans with predictable intent. Agents don’t have predictable intent.

Eval

The assumption is that evaluation means writing test cases and measuring accuracy. You built software before. You know how to test things.

Agent evaluation is qualitatively different from traditional software testing or even LLM evaluation, McKinsey’s QuantumBlack team noted: For LLMs, you evaluate the response to a prompt. For a single agent, you evaluate the full trajectory, including tool calls, state transitions, and intermediate decisions. For multi-agent systems, you evaluate system dynamics, including coordination patterns and collective invariants.

This matters because agent behavior is nondeterministic by design. The same input produces different valid execution paths. “Did the agent succeed?” is no longer a yes-or-no question, because the agent might reach the right answer through a trajectory you didn’t anticipate, or reach the wrong answer through a trajectory that looks reasonable until the last step.

The tooling ecosystem reflects this. Google Vertex AI has standardized trajectory_exact_match, trajectory_precision, and trajectory_recall as production metrics. These didn’t exist 18 months ago. LangSmith, Braintrust, Arize, Galileo, Maxim, and others are building full evaluation platforms around trajectory-based analysis, LLM-as-judge scoring with statistical validation, and regression testing against production failures.

Here’s the signal that the category is real: LangChain’s 2026 State of AI Agents report found that 57% of organizations now have agents in production, and 32% cite quality as the top deployment barrier. Gartner projects that 60% of software engineering teams will adopt AI evaluation and observability platforms by 2028, up from 18% in 2025. When a category jumps from 18% to 60% adoption in three years, that’s not a “we can build this in a sprint” situation.

You can’t tell whether your evaluation is working without another evaluation. Judge drift, calibration against human experts, internal consistency across independent runs. . .your eval system needs its own eval system, which is exactly the kind of recursion that eats platform teams alive.

Orchestration

The orchestration layer hasn’t converged. LangGraph uses directed graphs with conditional edges. CrewAI uses role-based crews. OpenAI’s Agents SDK uses explicit handoffs. AutoGen uses conversational GroupChat. Google ADK uses hierarchical agent trees. Claude’s Agent SDK uses tool-use chains with subagents. Microsoft’s Agent Framework is its own thing. Each represents a different bet on state management, communication pattern, and coordination model. None of them are interchangeable. Migration between them isn’t a config change—it’s rewriting most of your agent logic.

Underneath them, the protocol layer is still being invented. The Model Context Protocol is becoming the standard for tool integration, and agent-to-agent (A2A) protocols are emerging for cross-framework coordination. Both are moving targets, and building on a moving protocol is a cost that internal platform teams rarely price in.

If you built your own orchestration layer in 2024, you’re rewriting it in 2026. The teams that picked a framework spent those two years shipping.

The honest case for building

I want to engage the strongest version of the build argument, because there are real reasons to build, and pretending otherwise makes this piece less useful than it should be.

Proprietary data genuinely is a durable competitive moat. Mastercard built a foundation model on its transaction network. Plaid built one on its financial institution coverage. As Morgan Stanley’s analysis from last year made clear, decades of verified historical data with consistent identifiers is both technically challenging and prohibitively expensive for outside players to recreate. If your organization has data like that, you should absolutely build on it.

Regulated industries have legitimate reasons to want control over the full stack. Off-the-shelf AI tools don’t always cleanly map to frameworks like HIPAA, GxP, 21 CFR Part 11, SOX, FFIEC, and PCI DSS, and the cost of a failed audit is measured in business units shut down, not in sprints.

Vendor lock-in at the AI layer is subtler and more dangerous than in traditional software. If your agentic workflows are built on a vendor’s proprietary orchestration layer, switching costs compound rapidly across memory, eval, and integrations simultaneously.

But here’s the distinction that matters: Those are arguments for building agents on top of platform components, not arguments for building the platform components themselves. You can own the data, the domain logic, the evaluation criteria, the governance policies, and the specific behaviors your business needs without owning the memory layer, the orchestration engine, or the trace collection infrastructure underneath them.

Build the things that are specific to your business. Buy the things that are specific to the technology category. That’s the heuristic.

Five questions before you commit

If you’re the platform engineer being pulled into this decision, here are the questions worth asking before anyone signs up for the scope.

Are you building an agent platform or a workflow system? They’re not the same scope, and conflating them is where most of the cost overruns originate. A workflow system is a reasonable thing to build. An agent platform is four product categories you haven’t staffed for.

Can you articulate what “done” looks like for each of the four components? Memory, governance, eval, orchestration. In under three sentences each. If you can’t, you don’t have requirements. You have a vibe. And vibes don’t ship.

What happens to your platform when you need to swap the underlying model? Menlo’s December 2025 data shows Anthropic went from 12% of enterprise LLM spend in 2023 to 40% in 2025, while OpenAI fell from 50% to 27%. Enterprises didn’t plan those switches. The capability gaps forced them. If your internal platform hardcoded assumptions about context windows, tool-calling formats, or reasoning styles from one vendor, swapping models isn’t an API key change. It’s simultaneous rewrites across memory, eval, and orchestration.

What happens when the techniques themselves change? Eighteen months ago the default pattern was RAG with flat vector retrieval. Now it’s just-in-time context strategies, agent-managed memory tiers, and trajectory-based evaluation. Anthropic’s own follow-up to “Building Effective Agents” explicitly acknowledges the field has moved since they wrote the original. If your platform baked in the 2024 patterns, the 2026 patterns are a refactor, not a config change. Vendor platforms absorb those shifts as releases. Internal platforms absorb them as sprints.

What happens when the platform team leaves? This is the tale as old as COBOL, custom ESBs in 2008, or hand-rolled container orchestration in 2015. A small team builds something clever, it works, they move on, and five years later you’re paying premium rates to contractors who can still read the code. Agent platforms are a particularly bad candidate for this pattern because the talent pool is both small and mobile. Here’s the uncomfortable version of the question: Who on your team, today, could rebuild the memory layer if the person who wrote it left tomorrow?

What this looks like in 2 years

Gartner’s prediction that over 40% of agentic AI projects will be canceled by 2027 isn’t really about the AI. It’s about projects that got scoped before anyone understood the shape of the work. Most of the canceled projects will be internal builds, because internal builds are where the scope estimation error accumulates. Deloitte’s data on two- to four-year AI ROI horizons is the warning shot. If your timeline to value is already long, every month you spend rebuilding a component that exists as a product is a month you don’t have.

The teams that built their platforms around OpenAI in 2023 weren’t wrong. They made a reasonable bet on the market leader at the time. But they spent 2025 porting to a landscape where Anthropic had tripled share and Google had gone from 7% to 21%. The teams that picked model-agnostic platforms spent 2025 shipping. The only durable bet in this space is the one that assumes the bet will change.

The best platform engineering decision you can make this quarter might be to not build the platform.

Sources

Primary sources

Menlo Ventures, 2025: The State of Generative AI in the Enterprise, December 2025,
https://menlovc.com/perspective/2025-the-state-of-generative-ai-in-the-enterprise/.
Anthropic, “Building Effective Agents,” December 2024,
https://www.anthropic.com/research/building-effective-agents.
Anthropic, “Effective Context Engineering for AI Agents,” 2025,
https://www.anthropic.com/engineering/effective-context-engineering-for-ai-agents.
European Commission, AI Act Regulatory Framework (Regulation EU 2024/1689),
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai.
Google Cloud, “Evaluate Gen AI Agents,” Vertex AI Documentation,
https://cloud.google.com/vertex-ai/generative-ai/docs/models/evaluation-agents.
McKinsey QuantumBlack, “Evaluations for the Agentic World,”
https://medium.com/quantumblack/evaluations-for-the-agentic-world-c3c150f0dd5a.
LangChain, State of Agent Engineering 2026,
https://www.langchain.com/state-of-agent-engineering.
Gartner, “Gartner Predicts Over 40% of Agentic AI Projects Will Be Canceled by End of 2027,” June 2025, https://www.gartner.com/en/newsroom/press-releases/2025-06-25-gartner-predicts-over-40-percent-of-agentic-ai-projects-will-be-canceled-by-end-of-2027.
Grant Thornton, 2026 AI Impact Survey, April 2026,
https://www.grantthornton.com/services/advisory-services/artificial-intelligence/2026-ai-impact-survey.

Secondary Sources

Mem0, “Mem0 Raises $24M to Build the Memory Layer for AI,” October 2025,
https://mem0.ai/series-a.
Felicis, “Felicis’s Seed in Letta,” September 2024,
https://www.felicis.com/blog/letta.
Vectorize.io, “Mem0 vs Zep,” Benchmark Comparison,
https://vectorize.io/articles/mem0-vs-zep.
Rasmussen et al., “Zep: A Temporal Knowledge Graph Architecture for Agent Memory,” arXiv 2501.13956,
https://arxiv.org/abs/2501.13956.
OWASP, “LLM08:2025 Excessive Agency,” OWASP Top 10 for LLM Applications,
https://genai.owasp.org/llmrisk/llm08-excessive-agency/.
Greshake et al., “Not What You’ve Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection,” arXiv 2302.12173, February 2023,
https://arxiv.org/abs/2302.12173.
Model Context Protocol, Official Specification,
https://modelcontextprotocol.io.
PYMNTS, “FinTechs Race to Build Foundation Models on Proprietary Data,” 2026,
https://www.pymnts.com/artificial-intelligence-2/2026/fintechs-race-to-build-foundation-models-on-proprietary-data/.
Deloitte, “State of Generative AI in the Enterprise,” Quarterly Reports,
https://www.deloitte.com/us/en/insights/topics/digital-transformation/state-of-generative-ai-in-enterprise.html.

15:21

[$] Some buffer-heads cleanup work [LWN.net]

Jan Kara has been working on cleaning up how buffer heads are used by some kernel filesystems. In a short filesystem-track session at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, he gave an update on that work and where it is headed. Topics included generic infrastructure to track buffer heads for metadata, a buffer-head cleanup for the Amiga filesystem, and some planned locking fixes.

14:35

FairScan 2.0 released [LWN.net]

Version 2.0 of the FairScan document-scanning app for Android has been released. The headline feature for this release is the addition of optical-character-recognition (OCR) support using Tesseract to produce PDFs with searchable text from scans. FairScan developer Pierre-Yves Nicolas has written a detailed blog about adding the feature and explaining why it had not been added previously.

That looks nice, so why didn't FairScan have it before? That's because FairScan wasn't ready for it: I wouldn't be comfortable if FairScan was giving you wrong text half of the time. To get good results from an OCR engine, you need to provide it a readable image. If it's hard to read for a human, it's certainly also hard to read for an OCR engine.

Over the past year, I worked on different parts of FairScan's automatic processing to transform photos of documents into PDFs that are easy for humans to read:

document detection

perspective correction

shadow reduction

brightness and contrast enhancement

All this work on image processing helped FairScan produce clean PDFs and can now also contribute to making text recognition effective.

FairScan is available via Google Play or F-Droid.

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (hplip, kernel, kernel-rt, libpng12, libpng15, libxml2, libxslt, mysql:8.0, mysql:8.4, opencryptoki, openssl, postfix, postgresql:15, rsync, and webkit2gtk3), Debian (asterisk, atril, gsasl, and libreoffice), Fedora (ack, bird, chromium, firefox, ldns, librabbitmq, nextcloud, nss, openslide, perl-Protocol-HTTP2, tig, vorbis-tools, and xen), Mageia (coturn, log4cxx, and python-tornado), SUSE (389-ds, buildah, container-suseconnect, distribution, editorconfig-core-c, elemental-system-agent, glib-networking, google-guest-agent, google-osconfig-agent, kernel, libcaca, libXpm, opensc, openssl-3, openvswitch, perl-Crypt-PBKDF2, python-python-dotenv, python311-aiosmtplib, python311-zeroconf, runc, shim, and sqlite3), and Ubuntu (ca-certificates, keystone, librabbitmq, linux, linux-aws, linux-kvm, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-oracle, linux-azure, linux-azure, linux-gcp, linux-hwe, linux-oracle, linux-azure-6.8, linux-oracle-5.15, nova, openimageio, qemu, and squid).

14:07

CodeSOD: Weekly Calculated [The Daily WTF]

There's a language out there called "Progress Advanced Business Language" (or "Open Edge Advanced Business Language"). Just hearing that string of words in a sequence tells you you're in for it. It's a verbose, "English-like" programming language. But we're not here to pick on the language.

A long time ago, Mirjam had the "pleasure" of working in a Progress ABL environment. At some point, one of the developers had needed to find a date six months prior to the current date. It didn't need to be accurate, and thus said developer littered the code with comments reminding everyone that it didn't need to be that accurate. They arguably spent more time defending the choice to be inaccurate than it would have taken to write code that would have been accurate.

Mirjam doesn't have the code anymore, so what we have here is a mix of her remembered pseudocode, Progress syntax, and my attempts to clarify all of it. Let's not worry too much about the language, and instead focus on the logic:

ASSIGN v-date = TODAY.

/* Calculates the current week/year */
RUN week.p(INPUT v-date, OUTPUT v-weeknumber, OUTPUT v-year).

IF v-weeknumber > 26 THEN 
    ASSIGN v-weeknumber = v-weeknumber - 26.
ELSE 
    ASSIGN v-weeknumber = 52 - 26 - v-weeknumber
           v-year       = v-year - 1.

/* Turn the result of that calculation back into a date */
RUN week2.p(INPUT v-weeknumber, INPUT v-year, OUTPUT v-resultdate).

This code gets the current date. It then breaks that into week number of the date (1-52), and the year of the date. Then, if the week number is greater than 26, it subtracts 26 from it, giving us a date half a year ago, ish. If the current weak number is less than or equal to 26, we do 52 - 26 - v-weeknumber, and decrement the year. Which yes, is a fairly round about way to handle the rollover- 52 - 26 happens to be… 26.

It's worth noting, that as primitive looking as this syntax is, Progress ABL does have an ADD_INTERVAL function, which lets you do date arithmetic, without all this nonsense. In fact, Mirjam went ahead and replaced all of this with a single line.

That said, as a little bonus WTF, Progress does have some weird date quirks, for example, you can construct a date from an integer. Which has a very unsurprising (but also, weirdly surprising) range of possible values:

The value of the expression cannot be a date value before 12/31/-32768 or after 12/31/32767.

At least that covers a range that includes both the discovery of agriculture and the eventual rediscovery of agriculture after the event that enters into legend as "The Fall".

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

13:07

CSSC-1.5.0-rc3 is released [Planet GNU]

This is to announce CSSC-1.5.0-rc3, a beta release.

This is a release candidate for a future stable 1.5.0 release.

There have been 46 commits by 2 people in the 109 weeks since CSSC-1.5.0-rc2.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Greg A. Woods (1)
Paul Bryce (2)
James Youngman (43)

James
==================================================================

Here is the GNU CSSC home page:
    https://gn ... rg/s/CSSC/

Here are the compressed sources and a GPG detached signature:
https://alpha.gnu ... -1.5.0-rc3.tar.gz
https://alpha.gnu ... .0-rc3.tar.gz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.o ... rg/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

File: CSSC-1.5.0-rc3.tar.gz
SHA256 sum:   a78bc23062b11c33a858acd8a08c173ea2957f763f5b7ddb2990c0fee7c71cec
SHA3-256 sum: 20733dd3c517c1bb44c67088b1a208ebf00e1eab4ab21e806bd963869faf918a

Verify the SHA256 checksum with either sha256sum, sha256, or
'shasum -a 256'.

Verify the SHA3-256 checksum with 'cksum -a sha3 -l 256 --base64'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify CSSC-1.5.0-rc3.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096 2015-12-24 [SC]
        0CF4 E8D8 7159 3224 8428 32B8 88DD 9E08 C5DD ACB9
uid   James Youngman <james@youngman.org>
uid   James Youngman <jay@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key james@youngman.org

gpg --recv-keys 88DD9E08C5DDACB9

wget -q -O- 'https://savannah. ... SC&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.o ... u/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify CSSC-1.5.0-rc3.tar.gz.sig

This release is based on the CSSC git repository, available as

git clone https://https.git ... .org/git/CSSC.git

with commit 26add75e45f79cd493409ee2f0c2646849314aad tagged as v1.5.0-rc3.

For a summary of changes and contributors, see:

https://gitweb.gi ... tlog;h=v1.5.0-rc3

or run this command from a git-cloned CSSC directory:

git shortlog 43b5b054701732df7ce24eb59821010c39c60cb6..v1.5.0-rc3

This release was bootstrapped with the following tools:
Autoconf 2.72
Automake 1.17
Gnulib 2026-06-08 88592a2880cf39a2f597cd0294a90d8dd7faa2df

NEWS

Noteworthy changes in release 1.5.0-rc3 (2026-06-14)

        * Some typos in error message have been fixed.

        * admin now supports combination of -r with -n as well as the
          portable combination of -r with -i.

        * Support "sccs sact"; the sact program already existed but
could not previously be invoked via the sccs wrapper.
Thanks to Greg A. Woods for this improvement.

        * In some places we now prefer "grep -E" to "egrep" in order
          to avoid a warning message from GNU grep. Some very old
          versions of Unix may not support this option.

        * Various C++ portability improvements.

Updated version of gnulib.

Updated version of googletest; this is now at the last

version at which it still supported building with Automake.

13:00

Issue 46 – Greta’s Wedding – 10 [Comics Archive - Spinnyverse]

The post Issue 46 – Greta’s Wedding – 10 appeared first on Spinnyverse.

12:14

AI Use by the US Government [Schneier on Security]

On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published in the final year of the Biden administration, and includes many disturbing-seeming plans to hand over sensitive governmental functions to AI.

Scanning this list, many readers may find many causes for alarm. It represents a transfer of decision processes from human to machine on a massive scale over matters of individual freedom, public health and well-being, nuclear reactor safety and more.

Consider these examples. The Health and Human Services’ (HHS) office of administration for children and families hired the world’s “scariest AI company,” Palantir—notorious for its work on behalf of the military, the CIA and ICE—to scan all grant applications to flag those not ideologically aligned with the administration’s dictates. The Federal Bureau of Prisons is developing an AI system to assess the “potential for misconduct for newly admitted inmates,” routing people into high-security confinement before they have actually done anything wrong in their custody. These read like programs fit for a Philip K Dick or George Orwell novel.

Other use cases insert AI into life-and-death decision making. The Department of Veterans Affairs is developing an AI that will listen in on calls to the veterans crisis line, and then gather information from external databases to assess the mental state and suicide risk of the caller.

The Department of Energy is testing the use of AI to control nuclear reactors, targeting a way to autonomously respond to potential nuclear safety incidents. Here’s one that’s disturbing for its retirement, rather than its deployment: the state department has ended a program to use AI to forecast mass civilian killings, which had been intended to aid conflict prevention.

While it’s easy to raise questions about these and similar uses of AI, the reality is that any of these programs could be implemented responsibly. In some cases, like the HHS system, the AI might be enforcing alignment to a policy prescription that opponents abhor. But that concern is more about the policy itself rather than the idea that agencies should comply with executive orders.

In other cases, there may even be bipartisan agreement on the goal, like taking urgent action to help veterans at risk of self-harm. Lots of work and validation is needed to prove AI safe and effective for these use cases and convince the public it is appropriate, but the idea is plausible.

In other cases, a scary-sounding AI use may not even be new. The use of predictive methods and statistics to assign prisoner security classifications goes back decades, even if such systems are often biased and ineffective.

Using autonomous systems for model predictive control (MPC) of nuclear reactors is a well studied, and a widely applied aspect of nuclear plant management. And the recently disclosed addition of AI was initiated under the Biden administration.

But anyone reviewing the 2025 inventory could be forgiven for leaping to severe conclusions. What matters are the details of how the AI system is used, and here the inventory is severely lacking.

The disclosures carry minimal information, and lack the context necessary to understand their purpose and approach. The descriptions are typically just a sentence, and rarely more than a paragraph.

And while the process theoretically involves some form of public consultation, in reality there is generally none. It would take an eagle-eyed citizen to even come across this disclosure. Unless you read FedScoop regularly, or watch the OMB’s federal chief information officer’s GitHub account, you probably missed it.

Only one of the examples cited above (the DoJ) even proposes to involve the public. Under the administration’s policy, it’s not required for the rest because they are not classified as “high impact” use cases—a label that is applied inconsistently across agencies.

We wrote a book surveying applications of AI to democratic processes worldwide, including executive agencies as well as the courts, legislatures and politics. Our conclusion was that, while there are inappropriate applications of AI in governance that should be resisted, an urgent need to reform the economics of AI, and an imperative for renovating the democratic systems it is being unleashed on, there are also valuable and beneficial use cases for AI in government.

Machine translation is a good example. Customs and Border Protection (CBP) has deployed an AI translation system to help officers when human interpreters are not available. The idea that CBP, an agency under heavy scrutiny for reported abuses of human rights, would direct people to talk to a machine instead of a person may strike many as inhumane.

It’s true that human interpreters have very real advantages when it comes to understanding nuance from physical cues and social context. But an officer with a competent AI translator available immediately is better than one who cannot communicate with the person in front of them.

The Trump administration’s AI use case inventory has 70 such translation use cases, up from 58 in the Biden administration’s 2024 disclosure.

Disclosure of AI use cases could be a means to build public confidence and trust, but only if paired with consistent, meaningful public consultation. Washington DC and California are actively engaging the public to determine where and how it’s appropriate to use AI in government processes, or for government to regulate AI use in society.

Both have held public deliberations on this topic at a wide scale, using AI platforms. These examples demonstrate the potential for capturing broad-based public input to steer AI policy.

The international gold standard was arguably set by the French in 2016, via their Digital Republic Act. The law, itself informed by an online citizen consultation, requires all algorithms used to automate government administrative decisions to be subject to public records requests, to be appealable to a human reviewer, and to have mandatory notification of the use of automation to those affected by the decisions.

Canada offers another example of what more rigorous and participatory disclosure might look like. In 2025, they launched an AI use case registry, not unlike the US inventory. However, Canada also has a federal directive mandating a transparent risk-scoring and impact assessment process for automated systems that make administrative decisions about citizens.

That longstanding directive requires a detailed explanation of risks and benefits as well as consultation with certain stakeholders from the conception of the AI use case. The Canadian system could be improved; it could require a public comment period and an obligation for agencies to respond substantively to feedback before engaging in sensitive uses of AI.

AI offers real potential to improve the efficacy, efficiency and accessibility of government. But, equally, there is legitimate reason for public concern and distrust that can only be addressed through transparency and dialog. The US should adopt, at the federal and state level, algorithmic impact risk assessment procedures and public comment processes to facilitate a safe, trusted, equitable transformation of government agencies to take advantage of modern technology.

This essay was written with Nathan E. Sanders, and originally appeared in The Guardian.

10:49

Status symbols [Seth's Blog]

It’s pretty astonishing how far people will go to announce various forms of status:

College logo sweatshirts
Flat abs
A good haircut
Glowing skin
A well-trimmed front lawn
The zip code where we choose to live
Having a nice car
Not having a car at all
The type of email service we use
Our accent or lack of one
The sticker on a hat
The gaunt look of a serious runner
The puffy look of someone who never runs
The foods we eat
The foods we choose not to eat
Where we sit at a meeting
Reading the book before the movie
The breed of dog we adopt
Being too busy to respond quickly
Responding to emails instantly
The stroller for our baby
Having a baby
Not having a baby
Deciding what’s on the list
The NPR tote bag
Talking about the latest tech
Using the latest tech
Seeing a movie on opening night
Holding the door open for someone
Having the door held open for you
Being recognized as a regular at a restaurant
Having a bodyguard
Being on a list
Social media statistics
Knowing about wine, or chocolate, or Roman history

The list has little to do with money spent or money in the bank.

Humans care about status and affiliation. We’ve spent our lives being very good at noticing both.

Irregular Webcomic! #3155 [Irregular Webcomic!]

Irregular Webcomic! #3155

08:28

Dark Arisen [Penny Arcade]

New Comic: Dark Arisen

05:35

Girl Genius for Wednesday, June 17, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, June 17, 2026 has been posted.

04:28

Retrofitting the WM_COPYDATA message onto Windows 3.1 [The Old New Thing]

Some time ago, I talked about how to return results back from the WM_COPYDATA message. Which reminded me of a clever bit of history.

The WM_COPYDATA message was introduced in 32-bit Windows. There was no need for it in 16-bit Windows because all 16-bit programs ran in the same address space. A far pointer in one process was good in any process. You could put it in the lParam of a window message and send it to any other window, same process or different process, doesn’t matter. But 32-bit programs ran in separate address spaces, so this trick didn’t work. Hence the need for WM_COPYDATA to pass data not only between 32-bit programs, but also between 32-bit programs and 16-bit programs.

How did this message get retrofitted into 16-bit Windows so that Win32s could support it?

Easy: It was already implemented, unwittingly.

If the source and destination windows are both 16-bit windows, then the pointer to the COPYDATASTRUCT is already valid in both processes, as is the pointer inside the COPYDATASTRUCT. And the window handle in the wParam is also the same for both processes. Therefore, doing absolutely nothing with the wParam and lParam and simply allowing it to pass from a 16-bit program to another 16-bit program will still behave as expected.

And it so happens that Windows 3.1 already did that: Windows 3.1 always passed the wParam and lParam unmodified, even when the message sender and receiver are in different processes, because all programs shared the same address space.

It was just a sneaky trick to design the WM_COPYDATA message in such a way that the null marshaler is the correct behavior when it is sent between 16-bit programs.

The post Retrofitting the <CODE>WM_<WBR>COPYDATA</CODE> message onto Windows 3.1 appeared first on The Old New Thing.

02:07

Dirk Eddelbuettel: rspdlite 0.1.0-1 on CRAN: New Package! [Planet Debian]

Very happy to share that a new package rspdlite arrived on CRAN today in its inaugural version 0.1.0-1. It wraps and provides the (header-only) C++20 library spdlite which its author describes (aptly) as tiny, fast, capable. Just like its bigger sibbling spdlog (which we wrapped as rcppspdlog), it is written by Gabi Melman. However, with a focus on C++20 and compile-time configuration, it is lighter, nimbler and faster. It is also still a fairly young project so changes may occur.

I have been working on this for about a month, and it is ready for use by R and C++. It contains the initial upstream release 0.1.0, and I plan to follow the upstream versioning making this first release as 0.1.0-1.

The package itself provides the headers for use from other C++ projects (i.e. mostly other packages), as well as a simple R wrapper so that logging can occur from either C++ or R. It will generally access the single logger instance in a compilation unit. So for a package built against these header it would be shared library of that package. At present we provide the basic logging level setters and getters, formatting accessors, and two (compile-time) options of a ‘null logger’ and a file-based logger. More options are availble from the C++ level, multiple logging sinks are but one example. Some examples are provided in the package as an R example and a C++ example; these are probably best examined from the sources.

The NEWS entry for this release is simply and just announces that we have a release. More details are in the ChangeLog and the GitHub repo.

Changes in version 0.1.0-1 (2025-06-08)

Initial complete version and CRAN upload

00:28

Urgent: Call media to cover FBI election raids [Richard Stallman's Political Notes]

US citizens: call on CNN, NBC and the New York Times to cover the FBI's election intimidation raids.

Urgent: Ban surveillance pricing [Richard Stallman's Political Notes]

US citizens: call on your state's governor to protect consumers and ban surveillance pricing.

Urgent: Restore screwworm control funding [Richard Stallman's Political Notes]

US citizens: call on your congresscritter and senators to restore screwworm control funding.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

00:00

The Big Idea: Alethea Kontis [Whatever]

I wrote a short post yesterday about AI as an alien species. Steve Mays breaks it down into parts, and got every bit right. This is the kind of back and forth that the web is capable of. Update: It's even worse than it appears. Turns out the excellent analysis was written by Perplexity, one of the artificial aliens. Reminds me of a speech by Robin Williams in Good Will Hunting. In case it's not obvious, Williams is talking about artificial aliens.

Tuesday, 16 June

23:35

Not all books fit the mold of the genre they’re in. For Alethea Kontis, she wanted to write romance without the explicit parts, wanted to write a YA book that wasn’t dumbed down for kids with no attention span and no literacy skills. Well, she did it, and she did it her way, in her newest novel, Thieftess.

ALETHEA KONTIS:

This post is for the smart kids. The rebels. My fellow goonies.

This essay marks my FIFTH time as a guest on The Big Idea—I am now a proud member of the Whatever Five-Timers Club! Please remind me to make sure John and Athena mail me my membership card.

The last time I was featured on Whatever was in 2017. The Before Times. An Age of Innocence. Social media was less commercial, Gen AI was a dream of the future, and the CDC’s playbook was positive the next great pandemic would be influenza. I went to conventions back then. I knew what K-pop was, but I didn’t know K-dramas existed. I didn’t speak any Korean, Portuguese, Croatian, or Arabic. I had never been to Asia or Africa. Storm chasers were other people, and the topic of a movie I loved once upon a time.

Back then, I wrote books that were publishable.

I joke because it’s both horrible and true. My books are too long. Too clever. Too smart. Too subtle. Too bloody. Set in the wrong time period. Set in a country where I wasn’t born. Contain protagonists who are the wrong age. Contain far too many difficult/archaic/polysyllabic words. Contain too many complicated characters from too many different cultural backgrounds.

In the current capitalist climate, picture books need to have TENSION. Romances needs to have SEX. Middle grade novels need to be FAST PACED and also SUPER SHORT because no one has an attention span anymore and 10-year-olds are intimidated by thick books. Plus, thick books are expensive. And for the love of all that is holy, do NOT write any more Young Adult Fantasy. Ever.

I cried after the call where my agent told me that last one.

She’s not my agent anymore.

Honestly, it’s a miracle I was even traditionally published in the first place. A handful of excellent people had the privilege of being able to take a chance on me, and for that I will be forever grateful. These days, no one can afford to take a risk. I get it.

But I can’t afford to stop writing. So I didn’t.

In late October 2023, I got the rights back to the Woodcutter Sisters books. The series of my heart. You remember them: they read like a mashup of The Princess Bride and a non-Disney Once Upon a Time. Yeah. The YA Fantasy ones. Got awards and stuff. There were seven Woodcutter sisters, all named after the days of the week. I got to write Sun-Fri. Harcourt orphaned me before I could tell the Pirate Queen sister’s tale. My working title was Thieftess.

Thieftess has a listing on Goodreads. As of this writing, there are 2 reviews. The first laments the news of my publisher dropping the series. The second was posted by someone so excited to announce that the series would be returning that THEY WROTE IN ALL CAPS. Both of these entries delight me to no end.

Freedom is a beautiful thing. I consciously took advantage of mine this past decade. I lived, defiantly. I chased storms, learned other languages, traveled the world, and made hundreds of new friends all over that world. And I quietly, constantly, kept writing in the background.

In a way, my series being released from my trad publisher was a mercy. I wasn’t sure the committee would let me get away with all the things I wanted to do in the rest of the books anyway. And when it came time to finish writing Thieftess—eleven years after I started it—I embraced my tiny rebellions.

In nutshell, Thieftess:

is a YA-Appropriate Romantic Pirate Adventure Fantasy
is far too optimistic
is too long (for a traditional YA)
has too many characters
has too many chapters (it reads like a web novel)
switches POV without announcing who is speaking instead of a chapter title
has chapter titles
has maps
features pirates who get drunk, die, kiss, kill, and steal, but there’s still no sex
stars a female protagonist in her late 20s (but so was Alanna of Trebond, eventually)

The book also contains a million Easter eggs, but so did Enchanted. Heck, so did AlphaOops. That’s a very on-brand Alethea thing. But the rest is my rebellion.

Here in 2026, joy itself is a rebellion. Kindness is a rebellion. Naps are a rebellion. Poetry is a rebellion. Smart books that trust their readers are a rebellion. Reading prologues and epilogues is a rebellion. Writing in cursive is a rebellion. Writing your own emails is a rebellion. Leaving your phone in the other room is a rebellion. Going outside is a rebellion. Speaking more than one language is a rebellion. Quoting Shakespeare is a rebellion. Imperfection is a rebellion. Daring to fail over and over again is a rebellion.

Finishing this absolutely gorgeous book that took me eleven years to write—and then releasing it into the world—is my rebellion.

When I originally took @princessalethea as my screen name on LiveJournal (remember LiveJournal?) it was because my role model was the feisty leader of another particularly infamous rebel alliance. I mean to carry on in that same fine tradition.

And now if you’ll excuse me, I’m going to go write a book with a bunch of sex in it. Because I’m still broke.

Love you, Squad.

xox

Princess Alethea

PS: Goonies Never Say Die

Thieftess: Amazon

Author socials: Website|Patreon|Linktree

21:28

KDE Plasma 6.7 released [OSnews]

The KDE team released KDE Plasma 6.7 today, and with it comes a long list of improvements, new features, bug fixes, new old themes, and so much more. A new feature that is sure to please those among us who use virtual desktops: you can now have different virtual desktop setups per display. It’s been a long-requested feature, so it’s great to see it makes its way to the KDE users. I despise virtual desktops, but I’m happy to see something that I assumed was already part of KDE to finally actually become available.

Another major feature in KDE Plasma 6.7 is something we’ve already talked about: the return of the classic Oxygen and Air themes from the KDE 4.x days. These themes have seen extensive work over the past year or so to make them usable on the latest KDE release, which includes tons of bug fixes, visual nips and tucks, and countless additions to the collection of assets required to make a modern KDE theme look complete. This includes a ton of new icons in the old styles, light and dark modes, accent colour support, and much more. There’s still work left here, including adding support for QtQuick/Kirigami applications – which brings us to the next major new addition to KDE 6.7

This is also something we’ve already talked about: Union. I won’t repeat what I already explained last time Union came up, but suffice it to say that Union effectively unifies the various different ways KDE applications are themed, allowing theme designers to use relatively standard CSS to create themes that cover every aspect of the KDE user experience. Before Union, theme designers had to create individual, unique themes for a variety of parts of KDE – the Plasma desktop, QtWidgets using QStyle, QtQuick/Kirigami – which was a ton of work, and in the case of QtQuick/Kirigami, wasn’t really possible at all. As such, without Union, KDE’s theming is essentially broken, and Union fixes that. For now, Union is not enabled by default, and must be installed and enabled separately for testing.

Of course, there’s a ton of other smaller new features, changes, and bug fixes as well. KDE Plasma 6.7 will find its way to your distribution soon enough.

20:56

Apple adds keylogger to iOS App Store for targeted advertising: tied to your account and unencrypted [OSnews]

Jason Calacanis challenges people to develop certain open source software, offering a bounty on specific projects, but I think the real incentive for people to pitch in is that Jason has a lot of sway in the startup world, and if there is a flow of excellent open software this way, users will find out about it because the reach of Jason's podcasts and blogs. I've known him for many years, we both signed up on Twitter on the same day in 2006, early days of the web. He has become one of the most successful angels in tech. I'm proud to have known him way back when.

20:42

Onward, Friends [Deeplinks]

After 26 years, today is my last day at EFF. It's been a terrific and wild ride — the organization has grown from a tiny band of fighty people trying to plant a flag for freedom and justice in the coming digital world into a large, established band of fighty people doing, well, much the same. The world around us has changed enormously. Our core values haven't budged.

cartoon of EFF as superheros

I'm proud of what we've achieved: freeing encryption, defending coders, pushing to rein in government and corporate surveillance and ensure the right to have a private conversation online, standing up for free speech and anonymous speech, fighting for network neutrality and safe voting machines, busting stupid patents, and making sure copyright didn't become the one law that rules the internet. That's only the start. We've stopped more bad legislative, regulatory, and legal ideas than I can count, built tools that millions rely on to protect their privacy, and helped encrypt the web. I've long said EFF is the plumber of the internet — finding the clogs and barriers that prevent technology from serving freedom, justice, and innovation for everyone.

In addition to presenting cases in courts across the land, testifying in Congress and in California, in the European Parliament and at the United Nations, I went onto the internet with Stephen Colbert and engaged in a healthy disagreement with Jon Stewart. I wrote a lot of it down in a book, hoping to recruit others to the cause. The work has been hard and often frustrating at times. But looking back, the fun parts are what I remember most.

None of it would have been possible without EFF’s stalwart members. More than 30,000 people, some with big wallets and some with small ones, give us what we need to stand up to bullies and fight for the long haul. EFF has always served as a beacon for people who know that for technology to support freedom, justice, and innovation for all the people of the world, we need a dedicated band of folks working overtime on behalf of users, innovators, and creators.

There's still plenty left to do. We haven't killed the third-party doctrine, tamed the surveillance business model, or gotten metadata the constitutional protection it deserves. Stupid patents persist as does the overreach of DMCA section 1201 and the Computer Fraud and Abuse Act. The government is now the largest purchaser of data from shady brokers, communities everywhere are fighting license plate readers and other street-level surveillance, and we haven't reined in NSA and FBI spying nearly enough. Meanwhile, the rise of AI is supercharging problems we've fought against for years.

But I'm proud of what we've built together. I'm grateful to every EFFer — past, present, and future — who threw in with us when the odds were long and the pay was much better elsewhere. I'm grateful to the EFF Board and especially to my mentors and friends Pam Samuelson and Shari Steele, along with my longtime partner in justice, Lee Tien, who has been working with me since the Bernstein case. Fighting for justice is easier when you have a posse: coworkers, co-counsel, coalitions, interns, volunteers, and the heroic clients who trusted us to steward their cases in ways that bent the law toward everyone's benefit. Twenty-six years later, EFF is part of a global diaspora of organizations defending internet freedom — and I'm proud of that too.

I'm stepping down because good leaders should make way for new ones, and the time feels right. EFF is strong and full of fight. My successor Nicole Ozer — a longtime friend and collaborator — is exactly the right person for this moment. She understands EFF's role and values at a deep level and will protect them while helping the organization rise to meet what's coming.

As for me, I'm not going far. After a few months off to reflect and walk dogs, I plan to get back into the fight for justice — likely heading back into the courtroom. And I'll be watching, cheering, donating, and wearing the merch from EFF, just like the rest of you.

Cindy Cohn with her 2 Bernese Mountain Dogs at sunset

19:56

A week or so ago, Apple announced a bunch of features for the App Store on iOS, including personalised recommendations based on your activity and usage of iOS. It turns out this includes a keylogger (taplogger?) in the App Store, which records every single tap you make, every single letter you enter, and a lot of other information. All of this information is unencrypted and sent to Apple.

Now Apple is putting the extensive identifiable analytics they collect in the App Store in action. They record every tap and there’s no way to turn it off.

They can even calculate your typing speed.
↫ Michael Tsai, quoting Mysk

The provided screenshots of the data collected are terrifying, especially because the data is unencrypted, sent to Apple, and fully tied to your user account. Apple clearly wants a slice of that big, juicy advertising pie, and they, too, are discovering that the easiest and best way to serve targeted ads is to collect as much data as they can about you. Of course, this is something the entire internet (but not OSNews!) and several megacorporations are built on by now, but Apple has been incredibly sanctimonious about how it supposedly actually cares about user privacy, making this keylogger yet another case of Apple’s hypocrisy on full display.

Of course, if you care about privacy, you’re entirely free to download your iOS applications from somewhere other than the App Store and install them yours…

Oh, wait.

19:07

The Yard Gets a Facelift [Whatever]

Here at the Scalzi Compound we’ve been having a lot of work done: New garage/barn, new porch railings and entirely new back deck. The good news is all of that work is just about done, with only a couple of small things yet to be done. The bad news is that all the construction trucks, pallets and tractors did a number to parts of our yard, turning its previously relatively smooth surface into a festival of ruts and uneven bits.

This will not do, so Krissy had the landscaping company we use come out, dig out the ruts, regrade and then reseed the lawn. This means that for the next few weeks there’s probably going to be this big brown patch in the yard (which I assume will be covered by straw, etc; I guess I’ll find out by the end of the day), but after that everything will be fine. This is a bit of cosmetic work that’s actually been a few years in the making — parts of the redone area have been uneven for a while now — but it was the ruts left by the construction vehicles that made Krissy decide now was the time.

(Well, that and the fact that, inasmuch as we’re already having so much else done — and have budgeted for it — the additional expense of this can just get rolled into all of that.)

It’ll be nice to walk on that part of the lawn without possibly tripping, and also, inasmuch as this is the last piece of (intended) work at the house for the year, it’ll be nice to not have other people’s trucks and construction vehicles around. I like what we’ve done with the place, to be sure. I’m looking forward to being able to enjoy it.

— JS

17:56

Claude added the close box I asked for yesterday. Bravo!

Everyone wants to know things humans can do better than AI systems. One answer — relate with humans. The machines have no clue how our minds work. They act as if we're just like them. They could tell you all about it, from books they read, but they've never related with humans as humans. There's a great speech by Robin Williams in Good Will Hunting, where he explains how reading about something isn't the same as living it.