Wednesday, 10 June
18:21
Larson: Are insecure code completions a vulnerability? [LWN.net]
Seth Larson, the Python Software Foundation's security developer-in-residence, has written about the difficulty in classifying insecure code completion in the PyCharm IDE using its Full Line code completion plugin. Larson discovered that the plugin, which uses a local "deep learning module" to offer code completions, suggests code that would lead to severe vulnerabilities. He was unsure whether it warranted a CVE or not, however:
I reported this behavior to JetBrains for "Full Line Code Completion" v253.29346.142 and clearly their support staff weren't certain whether this defect was a security vulnerability or not either. When I asked to publish a blog post about this behavior after they confirmed this report wasn't a "direct security vulnerability" (which I agree with) but then was asked not to publicize my report and referred to PyCharm's Coordinated Disclosure Policy so... which is it? Security vulnerability or not?
I ended up waiting the 90 days anyway and I didn't hear back with any substantive update from the development team. I double-checked again today using "Full Line Code Completion" v261.24374.152 and the behavior is identical, suggesting the same insecure code for both contexts.
This isn't meant to be a specific dig at PyCharm or JetBrains, I have no-doubt that examples like this exist in every code generation model available.
17:14
Today's song: It's Your Thing. If the web had a song this could be it.
Every editor should have cute-paste.
Some days Claude is great, the best collaborative programmer I've ever worked with, and a friend, like Gary Sevitsky was in the hallway outside the PDP-11 room at UW, or Brent Simmons on the 24 Hours project. And on other days Claude a crazy mutinous pirate, deleting my code, ignoring the guidelines, and building the result without permission (all the while unaware that he wasn't working on the actual code, heh). Today is one of the great days. The bug reports are crisp and complete. Picks up a task and gets right to work on it. And I haven't even switched to the new model, yet.
2018: "I can say what happened to Melo. He failed Linsanity. God came to his rescue. Gave him a player who was glad to be in the NBA, who would mold his game to make Melo the star that he was always capable of being. Melo didn't want anyone else in the spotlight. Goodbye Lin. Just imagine what the three guys in this picture could have done. The only thing in the way was Melo's hubris."
17:07
The Market Behind the Wall [I, Cringely]
Yesterday I told you what 2Brains is, and how it separates the saying from the knowing. Today, the part that ought to worry some very large companies: what all of it is worth if we’re right.
Wall Street is pricing the AI data-center buildout at something like $1.7 trillion by 2030. Almost all of that spend assumes one particular shape: vast halls of graphics chips answering questions by guessing, one likely word at a time. So ask the heretical question — how many of those “questions” are questions at all? How many are lookups? What’s our refund policy? What was Q3 revenue in the Ohio region? Is this patient allergic to penicillin? Those aren’t creative prompts. They’re retrievals, and an ordinary processor has answered retrievals flawlessly since before NVIDIA ever etched a graphics card. Our estimate is that roughly two-thirds of enterprise AI queries are lookups wearing a chatbot’s clothes.
Whoever owns the architecture that moves those two-thirds off the graphics chip doesn’t own a product. They own a tollbooth on a third of the traffic. On a $1.7-trillion road, that isn’t a company. It’s an asset class.
And the cost savings are the small half of the prize.
Here’s the big half — the half I somehow walked you past. There’s a market that can’t use any of this yet.
There’s a reason your bank’s AI will tell you its branch hours but not your account balance. A reason the hospital lets it summarize the cafeteria menu and not the medical chart. A reason no airline will put a language model near a cockpit and no law firm lets one file a brief without a terrified associate reading every line. It isn’t the cost. It’s that the thing lies — confidently, fluently, without warning, and without any tell. In a chatbot recommending a taco place, a hallucination is a shrug. In a domain where being wrong gets someone audited, sued, sick, or killed, a hallucination is a wall. And behind that wall sit the most valuable AI markets on Earth — banking, insurance, medicine, law, aviation, defense — frozen, spending fortunes on pilot projects that might never ship, because the last mile is always a liability lawyer saying no.
Salesforce built a test, called HERB, to measure precisely how often these systems invent an answer when they don’t actually know. OpenAI’s flagship does it 77 times out of 100. Salesforce’s own best effort was 32. Ours does it 3 — and those three aren’t lies, they’re refusals: the system saying I can’t verify that instead of guessing. Knock that number down and you don’t win a cheaper slice of the market that already exists. You unlock the market that’s been sitting behind a wall the entire time.
The reason 2Brains doesn’t lie and the reason it’s cheap are the same reason. It looks the fact up instead of guessing it — so it cannot fabricate, and the lookup runs on a processor that sips power instead of a chip that gulps it. Trust and thrift are not a trade-off you balance against each other. They fall out of a single design decision. You do not pay extra for the honest version. The honest version is the cheap version. That sentence is the whole company.
Which is why I would be nervous, were I sitting atop a five-and-a-half-trillion-dollar valuation built on a story its own executives call the tokenomics flywheel: AI gets cheaper, so people use more of it, so you sell more chips, forever. It’s a lovely flywheel. It also rests on two assumptions standing up indefinitely — that the lookups stay on the graphics chip, and that the hallucination tax, the wrongness, the wall, is simply the permanent cost of doing business, a thing you manage rather than cure. 2Brains is a bet that both assumptions fall in the same afternoon. NVIDIA’s own friendly analysts have begun writing the polite version of this worry: that the software moat protecting the company in training is thin in inference, and that custom silicon is already nibbling the edges. They’re circling the right pond. They just haven’t said the quiet part out loud — that the most expensive part of inference may not need the expensive chip at all.
AMD, for what it’s worth, gets to watch this from both sides of its own ledger, since it sells the graphics chip that loses and the processor that wins. If I ran their strategy desk, I’d have noticed that by now.
The rest tumbles downstream, and some of it is being poured in concrete. The power forecasts — nine to seventeen percent of all American electricity by 2030, the global doubling — are every one of them drawn on the assumption that each query needs a jet engine, so we are building to match. New gas plants are breaking ground. And we are bringing a reactor back to life at Three Mile Island. I knew that place when it was the most frightening address in America: in the summer of 1979, as a graduate student, I worked as an investigator for the President’s Commission on the Accident at Three Mile Island, and afterward wrote a book about it for Random House — Three Mile Island: The Hour-by-Hour Account of What Really Happened. The commission was chaired by John Kemeny, the president of Dartmouth and, in a symmetry history could not have scripted, one of the two men who invented BASIC — the language that first taught a generation of us to speak to a computer at all. The first electrons are due back on the grid in 2027, to run Microsoft’s data centers. Of all the ways I once imagined that story might end, restarted to power a machine that guesses was not among them.
In a single year, the big technology companies have signed contracts for something like ten gigawatts of new nuclear. Goldman Sachs reckons that feeding all the data-center demand the industry expects by 2030 would take eighty-five to ninety gigawatts of it — dozens of power plants, ordered to wait on machines that guess.
Now bend the assumption, and you bend the curve. Not all of those reactors, but some of them, turn out to be expensive answers to a question we never had to ask. A canceled nuclear plant is quite a side effect for a column about grammar.
And the curve, eventually, reaches your mailbox. My own Virginia electric bill rose about sixteen dollars a month on the first of January, a good deal of it to build grid for buildings full of machines that guess. The cheapest watt, it turns out, is the one you never had to burn — because the question never needed the chip.
So: suppose we’re right. The answer is a market measured in the hundreds of billions of dollars — half of it a market nobody can serve today, pried open by the very same stroke that makes it cheap. That is the prize.
What I haven’t told you yet is how a small company in Charlottesville intends to put a thing like that into the world — not as a product you buy, but as a standard that ends up inside everything, the way a firm in Cambridge once licensed a chip design that now hums inside nearly every phone alive without anyone noticing it was there. That’s tomorrow’s column. And it’s the one that decides whether honesty in machines is something the world will own outright, or merely rent.
Robert X. Cringely is a co-founder of 2Brains, Inc., in Charlottesville, Virginia. He has written this column since 1987
The post The Market Behind the Wall first appeared on I, Cringely.
Digital Branding
Web Design Marketing
16:56
Colin Watson: Free software activity in May 2026 [Planet Debian]
My Debian contributions this month were all sponsored by Freexian.
You can also support my work directly via Liberapay or GitHub Sponsors.
OpenSSH
I backported various security fixes from 10.3 to trixie, bookworm, bullseye, buster, and stretch. For trixie, I also backported several IPQoS fixes to line up with upstream’s traffic management settings and drop a rather hacky Debian-specific patch; this needed a quick follow-up fix.
I upgraded trixie-backports to 10.3.
I fixed openssh uses pidof but does not depend on procps.
PuTTY
I upgraded from 0.83 to 0.84.
Python packaging
New upstream versions:
- bitstruct
- ormar
- pdm (fixing a build failure)
- pydantic
- pydantic-core
- pydantic-settings
- pyglet (fixing a build failure)
- python-asyncssh
- python-bitarray
- python-btrees
- python-build
- python-certifi
- python-charset-normalizer (fixing a build failure)
- python-fakeredis (contributed supporting fix upstream)
- python-holidays
- python-jsonschema-path
- python-memray (fixing a build failure and CVE-2026-32722)
- python-openapi-schema-validator
- python-pathable
- python-persistent
- python-pyftpdlib
- python-pytest-run-parallel
- sorl-thumbnail
- twisted
- zope.interface
- zope.proxy
Other build/test failures:
- beets
- buildbot (contributed upstream)
- dep-logic (contributed upstream)
- diskcache
- khard
- matplotlib
- mkdocs-rss-plugin
- ormar: compatibility with fastapi 0.125 and pydantic 2.13
- pgzero
- py7zr
- pydantic-extra-types (contributed upstream)
- pydata-sphinx-theme
- python-invocations (contributed upstream)
- python-localzone
- python-maturin
- python-nacl
- python-pampy
- python-treq (contributed upstream, including fixing some CI bitrot)
- python-txrequests (contributed upstream)
Other bugs:
- buildbot: (Build-)depends on deprecated module python3-pkg-resources (contributed upstream)
- pysodium: Depends on cruft package libsodium
- python-fakeredis: lua support not working, breaking django-redis cache locking
- python3.14: Drop libnsl-dev build-dependency
I updated python-treq upstream to stop vendoring multipart, now that the packaging issues with that have been sorted out.
Code reviews
- debmirror: User-Agent blocked by Ubuntu/Launchpad repositories (uploaded, and cherry-picked into trixie)
- pydantic: Fix CVE-2024-3772 in bookworm (merged and uploaded)
- pyodbc: Run SQLite tests (merged and uploaded)
- python-jsonschema-path: Transition to starlette 1.0 (merged and uploaded)
- python-maison:
FTBFS with the nocheck build profile
(followed up to fix the
nodocbuild profile as well) - python-openapi-core: Transition to starlette 1.0
- python-openapi-schema-validator: Transition to starlette 1.0 (merged and uploaded)
- python-openapi-spec-validator: Transition to starlette 1.0 (merged and uploaded)
- python-pathable: Transition to starlette 1.0 (merged and uploaded)
- python-rich-argparse: New upstream version 1.8.0 (merged and uploaded)
Other bits and pieces
I contributed a debian-policy patch to fix several links related to build profiles.
16:07
[$] AI agent runs amok in Fedora and elsewhere [LWN.net]
Agentic AI systems can be used to do a variety of things autonomously on behalf of a human user: open or manage bugs, generate code, submit pull-requests, and (apparently) even complain about rejection. In May, a Fedora developer discovered that an allegedly rogue agent had been pestering the project in a number of ways: reassigning bugs, fabricating unhelpful replies to bugs, and even persuading maintainers to merge questionable code into the Anaconda installer. It also submitted a number of pull requests (PRs), some accepted, to several upstream projects. The Fedora account associated with the agent has had its group privileges revoked and the messes have been mopped up, but the motive behind the agent's actions is still a mystery.
Today in “Words Mean Things” [Whatever]
An interesting jurisprudential development someplace not in the US:
A German court has ruled that Google is directly liable for what its AI search overviews say. Previous case law shielding search engine operators from liability doesn’t apply to AI overviews.
The Regional Court of Munich hit Google with a temporary injunction barring the company from spreading false claims about two Munich-based publishers through its AI-generated search overviews (case no. 26 O 869/26). The court classified Google as a direct infringer because the “AI overview” is its own content, not just a list of search results.
The crux of the issue is whether the “AI Overview” Google now provides — and which is often erroneous because LLMs can’t read or exercise judgement, they can only spit out statistically likely words — counts as a presentation of information provided elsewhere, as a normal search query might be, or is a new creation with its own set of liabilities. The court, for various reasons, decided it is the latter (go ahead and click through to see a fuller explanation of the court’s decision).
I’m not well enough versed with the German legal system to determine whether this sort of ruling is going to succeed on appeal (and it is absolutely going to be appealed) but as a matter of personal understanding, this ruling seems pretty legit to me. The “AI Overview” isn’t a search listing — Google has gone through the trouble of passing it through its LLM and letting the thing make a document about it, and these documents, both by tone and by their position at the top of a Google search page, sound authoritative and present as factual. These documents may not be copyrightable, but that doesn’t mean Google didn’t create them and are thus responsible for them.
This isn’t the first time Google has found itself in legal hot water over its “AI Overview” function — a musician in Canada is currently suing the company after its overview identified him as a sex offender and he lost work because of it. But as far as I know this is the first court ruling that says Google is liable for what its “overviews” say. I suspect it will be very closely scrutinized by others in other places who have, ahem, run into similar issues with the overview.
I’m curious whether such a legal ruling would be possible in the United States, which has famously liberal (in the classical sense) free speech laws and has an extremely high bar for defamation, especially for public individuals, under the NYT v Sullivan Supreme Court ruling. Perhaps in the US the best avenue to pursue this would not be on the grounds of free speech but of product liability: A product that fails a significant amount of the time but is still presented to consumers as reliable feels like a class action suit waiting to happen.
No matter what, however, this is a big moment for “AI” and the information that it presents. Whether this spurs tech companies to make better products, or just spend more money on legal, will be the open question. One is, admittedly, easier than the other.
— JS
German court rules Google is liable for whatever Google’s “AI” generates [OSnews]
It’s just a ruling from a lower court, but it sets the stage for how European courts are going to deal with the question of who is liable for whatever slop “AI” generates.
The Regional Court of Munich hit Google with a temporary injunction barring the company from spreading false claims about two Munich-based publishers through its AI-generated search overviews (case no. 26 O 869/26). The court classified Google as a direct infringer because the “AI overview” is its own content, not just a list of search results.
Google’s AI overviews had falsely tied two publishing companies to scams, subscription traps, and shady business practices for certain search queries. According to the court, the AI mixed up information about other, genuinely sketchy companies with the plaintiffs and drew connections that didn’t appear in any of the linked sources. The publishers sent Google a cease-and-desist letter, but Google didn’t respond appropriately.
↫ Matthias Bastian at The Decoder
Google tried to argue it doesn’t carry any responsibility or liability for whatever slop its “AI” generate, but the German court does not agree. According to the court, “AI” overviews are not the same as regular search results, because they rewrite findings and just make shit up, thereby making claims that are nowhere to be found in any search results (or in reality in general). Furthermore, the court states that Google develops the “AI”, it runs it, it offers it to users, and Google alone controls its output, and as such, Google is liable for whatever their “AI” produces.
Google also tried to argue that users know not to trust anything an “AI” produces, which is hilarious considering how hard Google is pushing these tools, but the courts state that the ability of users to do further research does not absolve Google of liability. In addition, the court made it very clear that free speech protections absolutely do not apply, because the “AI” expressions are coming from an algorithm, not a person, and are above all an expression of Google’s business activities”.
In other words, if an “AI” tool generates false accusations and misleading statements, the creator of said “AI” is liable. With this ruling in hand, countless other people have a stronger case to make whenever Google or any other company tries to absolve itself from liability from slop just because a pachinko machine generated it.
Excellent news, and the only fair outcome.
Eagle Computer: the rise and fall of an early PC clone [OSnews]
When it comes to 80s computer brands, few flew as high as Eagle Computer flew in 1983. The aptly named company was selling 12,000 computers a month and had been doubling sales every quarter under the leadership of a talented CEO. Then Eagle lost its CEO, Dennis Barnhart, in a crashed Ferrari on the day of its IPO, June 8, 1983. In this blog post, we’ll explore the reasons Eagle Computer fell, because there was more to it than just the tragic story involving its CEO.
↫ Dave Farquhar
Just one of the many early PC companies that died off, even if Eagle died off before many of the other big players. It must’ve been such a vibrant and fascinating time to be into PCs and computers in general at that time, with so many companies and players to choose from.
Shame about the 308 GTS.
15:21
Buildroot 2026.05 released [LWN.net]
Version 2026.05 of the Buildroot tool has been released. Buildroot simplifies and automates the process of building embedded Linux systems using cross-compilation. Notable changes in this release include support for Arm Neoverse cores, addition of XFS rootfs generation, as well as many package updates and bug fixes. See the CHANGES file for the full list.
14:56
If you run a feed reader or other form of news consuming software, you will encounter RSS 2.0 feeds that support rssCloud. This example Node app shows you how to hook into the network to get instant updates. No polling. As fast as a twitter-like system
Jeremy
Lin and Carmelo Anthony got together yesterday and had a
private conversation. A lot of people, including myself, were drawn
back into the NBA because of Jeremy Lin. I was living in the city
at the time, you could feel it everywhere, esp downtown Manhattan
and Flushing. It was wonderful in so many ways. A hero could
emerge from anywhere, he might not look like an NBA player, but
there he is doing stuff he shouldn't be able to do. Undrafted, went
to Harvard. When he's in motion he's a thing of beauty. It worked
because Melo was out with an injury, as soon as he came back the ,
the ball was always in Melo's hands. So Melo dribbles and shoots,
that was the extent of their offense, and there was no room for
Linsanity and that was the end of that. It's what made us laugh
when Melo said later his goal was a championship. If that's what he
wanted, Lin was a gift from heaven. Lin was pushed out, and had a
non-spectacular career from that point. There was magic there. It
wasn't just Lin, it was the world -- we were ready for a Cinderella
story in any context -- but in our culture they're always
manufactured, this one was real. This crushed the hearts of Knicks
fans, and people who believe in heroes popping up from nowhere. We
don't talk about it. But we were cheated there, too. We had
a right to see where that would go. And narcissists don't win NBA
titles, that's what we learned. It's good that someone thought to
get these guys together. Maybe Melo has grown, and sees that he
didn't play for the team there, or fate. We all deserved to find
out what was next.
14:35
Security updates for Wednesday [LWN.net]
Security updates have been issued by AlmaLinux (poppler), Debian (dnsmasq, mistral, okular, openssl, poppler, and strongswan), Fedora (exim, firefox, pcs, putty, and xorg-x11-server), Mageia (freeciv, golang-x-net, jq, libssh, libxmp, libxpm, minetest, ruby-net-ssh, tor, and wireshark), SUSE (389-ds, ack, agama-web-ui, amazon-ssm-agent, avahi, dpkg, elemental-register, elemental-system-agent, elemental-toolkit, ggml-devel-9500, go1.25, go1.26, kernel, kubernetes1.23, kubernetes1.24, kubernetes1.26, libsoup, mariadb, netty, netty-tcnative, NetworkManager, nginx, perl-CryptX, perl-XML-LibXML, podofo, polkit, python-Django, python-requests, samba, strongswan, vim, and xen), and Ubuntu (cyborg, gdk-pixbuf, golang-golang-x-net-dev, nginx, node-lodash, openssl, openssl, openssl1.0, qemu, tomcat9, tomcat10, and vim).
14:14
It might be time for a new default search engine. Sometimes I'm looking for something to link to. Google makes that always more difficult. We still have a web. Google at one point made the web a lot more useful. Now it's pushing it further and further down.
13:00
Issue 46 – Greta’s Wedding – 07 [Comics Archive - Spinnyverse]
The post Issue 46 – Greta’s Wedding – 07 appeared first on Spinnyverse.
12:42
The PM’s Playbook for Shipping AI Features That Actually Work in Production [Radar]
The demo to production Death Valley
If you’ve worked on an AI feature, you know the feeling. You start building something that you are excited about, set launch timelines. The model spits out a perfect response, the prototype works magically, and everybody in the room is mentally calculating how big this product will be when we launch. I’ve been in that room a lot many times and it’s fun.
Then you try to test before you ship.
Latency spikes to 10 seconds on mobile. The model starts hallucinating on edge cases that happen to represent 15% of actual user queries. Your A/B test shows no statistically significant engagement lift because the variance in AI outputs makes traditional hypothesis testing basically meaningless. The safety team flags 340 failure cases in the first week, and you’re now debugging nondeterministic cases that fail in creative, novel ways every single day.
Most often than not, it’s not a model problem but an engineering discipline problem. Shipping an AI product is very different from traditional software. I’ve figured this out the hard way. This playbook shares my learnings.
Latency budgets
Every AI feature comes with a latency tax. Large language model inference takes time. We’re talking 500 milliseconds to 5 or even 50 seconds depending on model size, input length, and infrastructure setup. For consumer products where people expect sub-200-millisecond interactions, this is a hard constraint you have to design around.
The mistake I see most often is teams measuring only p50 latency. A feature with 800 milliseconds p50 sounds fine until you discover the p90 is 15 seconds. That means 10 in every 100 users sit there waiting for 15+ seconds. At scale, that’s thousands of terrible experiences per day.
The way I think about it is you define your latency budget by interaction type, not globally: Synchronous interactions, where the user is staring at a spinner, need to resolve under 1 second. Progressive interactions, where output streams token by token, need first token in under 500 milliseconds and full response under 5 seconds. Asynchronous interactions, where the user keeps doing other stuff, can take up to 20 seconds with a progress indicator.
You also need to measure cold starts separately. The first request after a model loads into memory can be 10 times slower than subsequent requests, and if your traffic is bursty, cold starts will disproportionately punish your most engaged users arriving during peak hours.
Besides, you also need to budget for the full pipeline, not just inference. A typical AI feature pipeline including input preprocessing (tokenization, context assembly, and prompt construction), model inference, output postprocessing (parsing, formatting, safety filtering, etc.), and a full response delivery adds up. Optimizing inference while ignoring the rest is like tuning your engine while driving on flat tires.
Lastly, use streaming aggressively for generative features. Pushing tokens to the user as they’re generated instead of waiting for the full response changes how users perceive latency. A four-second response that starts appearing at 300 milliseconds feels dramatically faster than one that pops in all at once. Perception is reality when it comes to user experience.
Designing fallbacks
Traditional software fails in boring, predictable ways. AI features fail in novel, unpredictable, and occasionally creative ways. I once saw a model respond to a product recommendation query with a poem about loneliness. Your fallback strategy needs to be considerably more sophisticated than a try/catch block.
I think about fallbacks as a hierarchy. First, model fallback: When your primary model fails, drop to a simpler, faster, and more reliable model. Most failure cases get handled without the user ever knowing. Second, cache fallback: For queries similar to stuff you’ve seen before, serve a cached response. Third, template fallback: When generation fails completely, fall back to prewritten templates. Degraded beats dead every time. Fourth, graceful omission: Sometimes the best fallback is to simply not show the AI feature at all rather than showing a broken version.
The design principle underneath all of this is that users should never encounter an unhandled AI failure. Every failure mode maps to a specific level, and transitions between levels should be invisible whenever you can manage it.
Quality measurement
Quality in traditional software is binary. The button works or it doesn’t. AI feature quality is continuous and subjective, and it changes depending on context. I’ve landed on a four-layer quality pyramid.
The foundation is safety, and it’s nonnegotiable. Does the output contain harmful content, PII, or made-up facts? This layer is binary, and you measure it with automated classifiers running against 100% of outputs.
The second layer is factual correctness, which is domain specific. Is the output actually right? For a coding assistant that means generated code compiles and passes tests. For a writing tool it means grammatical, stylistically appropriate output. You measure this with domain specific evaluation suites.
The third layer is usefulness, and it’s user centered. Did the person actually benefit? Track acceptance rate, edit distance, time to task completion, and repeat usage. This is where traditional product metrics meet AI specific ones.
The fourth layer is delight, which is experimental. Does the output feel good? Hardest to measure but often most important for adoption. Sometimes the numbers say the feature works but users’ guts say it doesn’t. This layer catches that gap.
A/B testing AI features
A/B testing AI features is fundamentally harder than traditional features because AI outputs are nondeterministic. The same user doing the same thing twice might get different outputs, introducing variance that traditional frameworks weren’t built to handle.
The core challenge is that intratreatment variance inflates the sample size you need for statistical significance, often by three to five times. If you’re running your AI experiment with normal sample size assumptions, you’re probably looking at noise and calling it signal.
Then there’s the metric selection problem. A chatbot generating entertaining but factually wrong responses might show amazing engagement numbers while actively misleading users. You have to measure engagement and quality together. “Engaged interactions where quality score exceeds threshold” is more meaningful than raw engagement alone.
The temporal problem matters too. AI feature value changes over time as users learn how to work with it. Short experiments will underestimate long-term value if there’s a learning curve, or overestimate it if there’s a novelty bump.
My practical guidance: budget two to three times more time and traffic for AI experiments than traditional ones. Lean on Bayesian methods as they handle high variance better. And always pair quantitative tests with qualitative research. Ten user interviews will surface failure modes that no amount of statistical analysis will catch.
Model drift monitoring
Model drift is the slow, invisible rot of AI output quality over time, and there are multiple culprits.
Data drift happens because the world changes and user behavior evolves. A model trained on 2024 data performs worse on 2026 queries referencing new concepts, slang, and cultural moments.
Provider drift happens because third-party APIs change without your consent. OpenAI acknowledged that GPT-4’s behavior shifted measurably between March and June 2023, and Stanford researchers documented significant performance swings. The fix: Pin your model versions so updates happen on your schedule, after your testing.
Evaluation drift is the subtlest form. Even your quality metrics can become inadequate and the evaluation criteria that made sense at launch might become inadequate as usage patterns shift and user expectations change. Quarterly reviews of your evaluation suites are essential.
At minimum you need daily automated quality evaluations on 1% to 5% of production traffic, weekly analysis of input distribution characteristics, and monthly human evaluation of 100 to 500 examples. Shipping an AI feature without drift monitoring is like deploying a service without alerting. You won’t know it’s broken until your users tell you, and by then they’re angry.
Evaluation frameworks
How do you know if your AI feature is good enough? You need two fundamentally different approaches, and you genuinely need both.
Automated evaluation gives you speed. Build a golden dataset of 500 to 2,000 labeled examples, train a classifier or use a capable model as judge, and validate against human judgment quarterly targeting 85% agreement. Automated evals chew through thousands of examples per hour, making them essential for velocity. The pitfall: They miss novel failure modes not in the training data.
Human evaluation catches what automation misses. Structure it with five to seven evaluators mixing domain experts and representative users. Use a consistent rubric covering accuracy, helpfulness, tone, completeness, and safety. Run weekly during development, monthly in production. The trade-offs: expensive at $15 to $30 per example, slow with 24 to 72 hour turnaround, and subject to human biases. Manage by rotating evaluators and capping sessions at two hours.
The model as judge approach is an increasingly viable middle ground. Judging quality is often easier than generating it, which means a model can reliably evaluate outputs even for tasks where it couldn’t produce them itself. Use it for high-volume evaluation but always validate against human judgment.
Graceful degradation and prompt engineering
Graceful degradation means when capabilities decrease, the experience gets worse smoothly instead of falling off a cliff. Design for capability levels, not binary states. Define four to five levels with specific behaviors at each. For example, for an AI writing assistant: Level 5 is full capability with real-time suggestions, tone adjustment, and structure recommendations. Level 4 is delayed suggestions appearing after a two- to three-second pause because latency is up. Level 3 is basic suggestions only like grammar and spelling with no style feedback. Each level is a deliberate design decision, not an accident.
Make degradation invisible when possible. Users shouldn’t see a “broken” experience. They see a less detailed one. That’s a huge difference psychologically. However, when the degradation is significant enough that users will notice, proactive communication like “AI suggestions are temporarily limited” builds trust infinitely more than silently pushing poor-quality outputs.
Prompt engineering in production is software engineering. In production, prompts are code, and they need version control, testing, monitoring, and maintenance. Version controls every prompt. Parameterize prompts, don’t hardcode context. Production prompts should be templates with clearly defined injection points for user context, system state, and dynamic instructions. This makes them testable because you can inject known inputs and verify outputs, and it makes them maintainable because changing how you handle context shouldn’t require rewriting the entire prompt from scratch.
Test prompts against regression suites. Maintain 200 to 500 test cases covering the full distribution of expected inputs, including edge cases and adversarial inputs. Run the suite against every prompt change before deployment.
Monitor prompt performance in production. Track output quality metrics like acceptance rate, user edits, and regeneration requests, segmented by prompt version. When you deploy a new version, compare its production metrics against the previous one for at least 72 hours before calling it stable. This is basically canary deployment for prompts.
Ship it right
These systems aren’t optional add ons you can bolt on after launch. Every feature I’ve seen fail was built first with plans to “add production hardening later.” Later never comes.
AI features are probabilistic and nondeterministic, and they change over time without anyone touching them. Build these systems, staff them properly, and treat them with the same seriousness you’d give your core infrastructure. The gap between demo and production is wide, but it’s absolutely crossable if you build the right bridge.
Note: The research work pertaining to this article was done in a personal capacity. Views are of my own and do not reflect my employer’s views in any way.
12:21
CodeSOD: Delicious Fudge [The Daily WTF]
Stella (previously)
sends us a much elided snippet. The original code is several
thousand lines contained in a single try block. But
the WTF is pretty clear without seeing all of that:
try:
# the whole business logic without any exception handling
except:
print("Fudge")
They didn't really say fudge of course, but we mostly try to keep profanity off our main page. Mostly. In any case, when your operation fails someplace in the middle and you have no idea where, why, or how: "Oh, fudge!" is the appropriate expression.
[Advertisement] ProGet’s got you covered with security and
access controls on your NuGet feeds.
Learn more.12:14
NSO Group Hacking WhatsApp Despite Court Order [Schneier on Security]
WhatsApp has caught the NSO Group phishing its users, in violation of a court order.
10:35
Video games, movies and books [Seth's Blog]
What’s the structure of your project? Here are three paradigms to consider:
Video game development is expensive and risky because you’re on two frontiers at once. The tech frontier, trying to do something with hardware that hasn’t been done before, and the game mechanics frontier, perfecting and polishing new forms of interaction that last. So Myst and Tetris and Doom… classics we talk about decades later. A teenager could build a knockoff of any of these in a few weeks now, but back then, they represented risky leaps.
Movies use a technology that’s over a hundred years old, with incremental improvements added all the time. But being the first with the new tech doesn’t win many prizes. Instead, successful movies are a combination of one creator’s vision and the coordinated work of hundreds or thousands of professionals using proven tools and techniques.
And books, five hundred years into the genre, still remain the work of one voice. The partnership with a largely unseen editor and publisher matters, but sooner or later, the author puts the words on paper.
[There are analogies here that go far beyond the strict adherence to the three final products of course. Slack is a videogame, developing real estate, making a record or performing surgery is a movie, and the work of a freelancer is closest to writing a book…]
I’ve done all three, and each is thrilling in its own way. As the available tech advances, each type of project is more accessible than ever. But each still comes with its own rules, risks and upsides.
We get to choose.
08:56
One Tart Per Million [Penny Arcade]
New Comic: One Tart Per Million
06:28
Urgent: Boycott Home Depot [Richard Stallman's Political Notes]
US citizens: call on Home Depot and Lowe's to stop spying on customers.
Urgent: reject Bill Pulte for Director [Richard Stallman's Political Notes]
US citizens: call on your senators to reject Bill Pulte for Director of National Intelligence.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code — not trivial, but not hard.
Urgent: USPS vote by mail rule [Richard Stallman's Political Notes]
US citizens: call on USPS to withdraw its proposed limits on who can vote by mail.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code — not trivial, but not hard.
Urgent: tell congress no child should be separated [Richard Stallman's Political Notes]
US citizens: call on Congress to require that deportation thugs not separate a child from per family.
Sea level rise [Richard Stallman's Political Notes]
Summarizing the state of protecting the oceans, both surface and bottom, from damage by human society.
Losing track of a prisoner [Richard Stallman's Political Notes]
Prisons in the US sometimes lose track of a prisoner, making it impossible for relatives and lawyers to contact per. The result is terrible. This article focuses on Malik Muhammad; Oregon sent per into a South Carolina prison and per family could not tell where perse was.
I found this article gratuitously hard to understand because of its unannounced and unexplained use of plural pronouns to refer to Malik Muhammad. For each plural pronoun there was some group of people that it could have referred to. I had almost reached the end before I realized I had been misunderstanding over and over.
This sort of problem is part of the reason why I completely reject use of plural pronouns for an individual. For the situations where I don't know someone's gender, and for people who assert non binary gender, I use gender less singular pronouns.
We should all switch to them, to make our speech and writing easier to understand.
Home Office-sponsored report [Richard Stallman's Political Notes]
The author of a UK government report on drug trade in the UK run by China reports on repeated attempts to corrupt him.
Todd Blanche’s nomination [Richard Stallman's Political Notes]
The bully's nominee for attorney general has been one of his henchmen since 2023.
He has already attempted many injustices for his master.
Palestinian detainees in Israeli jails [Richard Stallman's Political Notes]
Palestinians testify about being beaten and raped in Israeli prisons.
No matter what the reason for putting someone in prison, even if it was a sentence resulting from a fair trial, torturing per is never justified.
05:35
Girl Genius for Wednesday, June 10, 2026 [Girl Genius]
The Girl Genius comic for Wednesday, June 10, 2026 has been posted.
02:07
Vincent Bernat: Blogging with an LLM assistant [Planet Debian]
AI slop is invading the web. A recent story about disallowing LLM-generated submissions on Lobsters triggered a lot of debate. My personal worst offenders are LinkedIn articles with AI-generated images and uninspired articles filled with emojis from people trying to masquerade as experts on a subject they don’t care enough to write themselves. While I am unhappy about this situation, I rely on LLMs for grammar, copyediting, and translation. I don’t see this as a contradiction.
I am a native French speaker, but I blog in both English and French. When I started writing this blog in 2011, I was composing in French and translating to English, but I found it was better to work in the reverse order to avoid unnatural and non-idiomatic constructions. One of my goals is to write “good” English but I never felt it was my strong point.1 For example, verb tenses are often an issue, even if I mostly stick with the present tense. I learn the rules and forget them right away. I also don’t feel like hiring an editor for something I see as an hobby.
As an example, I have kept the history of the successive iterations when writing “Scaling Akvorado BMP RIB with sharding”:
- the first draft, authored with the help of a thesaurus,2
- the edited copy revised by the copyediting skill,
- the translation to French generated with the translation skill, and
- the human proofread of the French translation, with minor edits to the English version.
I know that LLMs may alter the author’s voice when editing, but the corrections in the second step are minor. The prompt asks to “apply light stylistic edits,” with some guidance around avoiding passive voice, long sentences, bland verbs, and filler words. It also defines the target audience: technical with a B2 level in English.
In the following excerpt, I used “long time” instead of “long-standing.” The former is missing an hyphen and applies to people—a long-time friend, while the later relates to a situation—a long-standing agreement. I had a hard time understanding the reason of the second change: the LLM prefers a defining relative clause to provide the definition of “RIB sharding.”
As the Internet routing table contains more than 1 million routes, Akvorado needs to scale to tens of millions of routes. This has been a
long timelong-standing challenge, but I expect this issue is now fixed by using RIB sharding, a methodto splitthat splits the routing database into several parts to enable concurrent updates.
In the next modification, the LLM puts “device” instead of “equipment.” This is correct as “equipment” is an uncountable noun. I know that, but I still fall into this trap.
When Akvorado does not find a route from a specific device, it falls back to a route sent by another
equipmentdevice.
I ask the LLM to use “descriptive verbs” and it complies by replacing a multi-word predicate with a lexically rich verb:
The benchmarks demonstrate it
has better performance thanoutperforms otherpackages, bothpackages for lookups, insertions, and memory usage.
It also fixes grammar errors. In the next excerpt, a “list of routes” is a singular expression. Moreover, “stored” is a state and I should not use “into” as it expresses a change.
The list of routes for each prefix
areis not stored directlyintoin the prefix tree.
As a last example, consider the following snippet. The “require” verb accepts a noun or an object followed by a to-infinitive. I can’t use it with just a to-infinitive.
An alternative would be to have one prefix tree for each peer but it would require
to configureconfiguring all routers to export their routes.
As someone who didn’t grow up speaking English, I struggle with these grammar rules despite reading a lot of English material.3 French is more complex to get started but more systematic. English is full of irregularities.
On each page, I disclose in the footer whether an AI modified the content. There are three levels:
- 🧠: no AI or almost no AI (e.g., grammar corrections)
- ✨: enhanced (e.g., copyediting)
- 🤖: generated (e.g., translated from another language, even if human-edited)
Hover or tap the icon to reveal the AI’s name and its role in the document.
The graph below shows which tool altered each post, year by year. Recently, I applied the grammar skill to past articles. Since 2018, French articles have been translated with the help of DeepL first, then of an LLM. Since 2024, English articles are copyedited.
If you are strongly against any usage of LLMs specifically for writing, I hope you accept my more nuanced position on the usage of these tools as a trade-off to provide clearer and more engaging articles. Years of literature on improving English told us it is important to choose the right word to keep the reader engaged.
[…] Good writing consists of mastering the fundamentals (vocabulary, grammar, the elements of style) and then filling the third level of your toolbox with the right instruments.
― Stephen King, On Writing
Note
Unlike other recent articles, I did not use an LLM to edit this post: an unnamed person kindly accepted to proofread it. I translated it to French without using an LLM either.
-
I recently read cover to cover “Writing for Developers” and I found it stimulating. Michael Lynch is currently writing “Refactoring English” on the same topic and I have subscribed to the early access. ↩
-
I am quite happy with the writing tools provided by Kagi. Both the translate tool and the dictionary are a valuable help to find different wordings. I also lean on Kagi’s research assistant when researching a topic. ↩
-
When I was ten, I played Monkey Island 2 in English without having taken any classes. I used a dictionary to translate word by word and I found the irregular verbs confusing—and not in the dictionary. ↩
00:07
Tell Congress: Just Say No to NO FAKES [EFF Action Center]
The NO FAKES Act is designed to protect against companies or individuals that use an unauthorized digital likeness of someone by wrapping up those digital replicas in a federal intellectual property right and giving that individual—or their heirs—the right to sue. In doing so, the NO FAKES Act mimics some of the most broken parts of our copyright system and makes them worse.
For example, the bill includes a safe harbor scheme modeled on the DMCA notice and takedown process. But the DMCA process has been abused for decades to target lawful speech, and there’s every reason to suppose NO FAKES will lead to the same result. In order to stay within safe harbors, when a platform receives a takedown notice for an alleged digital replica, it must remove “all instances” of that unlawful content. That requirement will inevitably lead to content “filters” that will censor lawful speech.
A property right also means years of legal uncertainty for every website and app that hosts user-uploaded material, as courts figure out when to hold those sites responsible for “digital replicas.” Today’s giant online platforms can absorb that risk and cost easily, but alternatives will struggle to comply, further entrenching today’s big tech monopolists.
NO FAKES goes even further than copyright in encouraging abuse.
While copyright already lasts absurdly long—up to 70 years
after the author’s death—the new right created by NO
FAKES can potentially last forever, creating liability risks and
legal costs for documentarians and historians.
NO FAKES is also a major government overreach. A person’s
name and likeness are facts, and the Constitution forbids Congress
from granting a property right in those facts.
Deceptive, AI-generated replicas can cause real harm, and performers have a right to fair compensation for the use of their likenesses, should they choose to allow that use. But the costs of this bill far outweigh the benefits.
Tuesday, 09 June
23:49
Tell Congress: Just Say No to NO FAKES [Deeplinks]
The Senate Judiciary Committee is set to consider and vote on the Nurture Originals, Foster Art, and Keep Entertainment Safe Act (NO FAKES). Instead of targeting the real privacy harms posed by AI-generated replicas, this law would create another layer of internet censorship on top of the already existing legal and voluntary takedown systems. Congress should reject NO FAKES.
Tell Congress to Say No to NO FAKES
As currently written, NO FAKES proposes to tackle the problems of misleading AI-generated replicas by creating a broad property right in someone's look, voice, and general style. However, there are all kinds of First Amendment-protected expression that would be swept under the NO FAKES regime—think about parody, news, criticism.
NO FAKES also does a laughable job of protecting artists from use of their image in misleading ways. It doesn’t create a privacy right, but rather a property right that can easily be signed away—as major studios and record labels are almost certain to require in their contracts with artists. As a result, NO FAKES actually creates a new avenue for the exploitation of artists by companies instead of protection from misleading replicas.
The bill also makes it trivially easy for protected speech to be censored. It is a supercharged version of the already flawed copyright takedown regime. It would essentially require platforms to institute filters that don't just look for exact matches of copyrighted material, as current filters do, but anything that might be a digital replica. Even though the latest version of this bill adds some forms of redress for bad faith takedowns, those provisions lack the teeth required to deter a malicious actor.
NO FAKES targets speech, tools, and innovation instead of focusing on the real concern posed by these replicas: privacy. This bill was a bad idea when it was introduced, and got even worse when it was amended last year. Tell Congress to just say no to NO FAKES.
23:00
The Microsoft Company Party where everybody played name tag swap [The Old New Thing]
I learned from a long-retired Microsoft employee about a Company Party that took place around 1984 or so. The company was small enough that a single party could fit the entire company, but not so small that everybody knew everybody else, so each guest was issued a name tag.
During the evening, an unofficial game arose in which people started exchanging their name tags with others whom they met. It also served as a fun little conversation starter: If you swapped name tags with someone and ended up with the tag for somebody you didn’t know, it wasn’t hard to find a mutual acquaintance who could track them down and introduce you.
At one point, the employee who was retelling the story was in a group talking with Bill Gates, who was among the few attendees still wearing their original name tags. Bill spotted that one of the other people in the group had a “Gary Kildall” name tag. I don’t know whether Gary Kildall was actually invited to the party, or that somebody just created a Gary Kildall name tag as a joke. But Bill saw the “Gary Kildall” name tag and eagerly swapped his name tag for it.
The post The Microsoft Company Party where everybody played name tag swap appeared first on The Old New Thing.
22:14
Introducing brand new OSNews merch with the new logo! [OSnews]
A new logo means new merch! I’m launching brand new merch today, all featuring the brand new OSNews logo. We’ve got the classic T-shirt with the new OSNews logo, in sandy white and terrain grey. They’re made from sustainably-grown and processed cotton, come in a variety of sizes, and ship worldwide.
The crowdpleaser is also making its triumphant return: the OSNews coffee mug, now also with the new logo and a green-on-white two-tone design. It holds coffee and tea, of course, but feel free to use it for whatever you want. Grow a plant in it!
A newcomer is the OSNews Mousepad – a basic, no-nonsense, no-frills mousepad that does exactly what it’s supposed to do, in a classic square(ish) formfactor. It makes for a great companion to any (retro) setup, but feels particularly at home with BeOS and OS/2.
One merch item remains from our previous collection: the ever-popular Gemini shirt and longsleeve, with a retro ASCII-art OSNews logo in bright green on deep black. It’s like staring at a real classic CRT. On your chest. Don’t sit too close.
As always, every price is set so that for every item sold, roughly €8 goes to OSNews. I will add the proceeds to our fundraiser tracker, so this is yet another way to support us, together with Ko-Fi donations, SEPA direct bank transfers1, and Patreon.
- Name: Thom Holwerda – IBAN: SE08 8000 0820 1684 4657 8414 – BIC: SWEDSESS ↩︎
20:49
Some Thoughts On “Masters of the Universe” [Whatever]
There are a lot of bad movies in the world.
There are, of course, good movies and bad movies, but there’s
also a special third category of “good bad” movies. I
had a feeling going into the theater to see Masters of the
Universe which category it would fall into.
Despite never having actually watched any He-Man content before, I was surprisingly really excited for this movie. Not because I thought it would be absolutely amazing, but because I thought it would be fun. And boy oh boy, I was right.
Masters of the Universe is wildly entertaining, extremely colorful, and certainly not the worst way I’ve spent two hours and seven bucks (matinee shows rock). I know it’s not very good, but I still think you should go see it on the big screen if you can. Besides the film being an excuse to eat popcorn and have an Icee, what makes it worth watching?
(SPOILER WARNING MOVING FORWARD!)
For starters, I love the fact that Adam holds firm on the existence of Eternia, and never stops believing in the world he comes from. I love that he tells everyone his truth, even if it costs him his social life and dating prospects. He doesn’t hide his truth even if it makes him sound crazy, and I really like that he’s not willing to deny Eternia’s existence just to fit in or seem more normal. He knows it’s real, and that’s all that matters. He never gives up hope on finding the sword and returning to a home he knows exists and is waiting for him to come back. (I am glad he at least got to prove everything to his roommate, who definitely thought he was delusional, but finding good roommates is hard.)
I love that Teela just wants to be friends, and that’s actually completely respected and not questioned at all! He-Man is a real man and knows there is no such thing as the friendzone and that he is lucky to have Teela as his good friend and comrade in battle. And that’s enough. He took the rejection of his kiss well and moved on from it quickly instead of being a huge baby about it. And they didn’t end up together in the end! They really are just friends, and I love that for them. Not that I don’t love a good “childhood friends reunited” love story, but He-Man should focus on saving the universe or whatever, not smooching.
I love Skeletor’s goofy ass evil witch. I mean her name is literally Evil-Lyn. How excellently corny. It just one of the many ways this movie doesn’t take itself too seriously. They know He-Man is a silly concept and heavily memed franchise, and they lean into the silliness in a delightful way. Alison Brie was amazing to watch as the dark sorceress, her facial expressions really made the performance.
Speaking of Skeletor, oh my lord did I love Skeletor. I love a villain that is bad for badness sake, a villain that relishes being evil and has no tragic backstory to inspire such dastardly deeds, he just is the villain. And he loves it. Skeletor’s incredibly homoerotic comments about He-Man might have genuinely been the hardest I laughed at the movie. Yes, Skeletor, tell me more about He-Man’s giant sword and glorious thighs. I did think Skeletor’s body looked kind of goofy, like he was too shredded and looked too much like an anatomical model in a science textbook, and I wish they had kept his supremely iconic voice instead of the generic “bad guy deep voice,” but all in all I liked Skeletor.
(I also did not know until the moment the credits rolled that Jared Leto plays him, so that was unfortunate to find out. I’m trying not to let it impact my view of Skeletor’s character but dang I really wish they had cast someone else.)
As Orko says at the end, muscles don’t make the man. In this house, we LOVE an empathetic, kind, slightly ditzy He-Man. Portrayals of positive masculinity will always be a win in my book, and Masters of the Universe makes it very well known throughout the movie that brute strength and violence do not make a hero by themselves. How you use your strength and what you use it for are the real questions I wish people with power in real life would reflect on. Knowing when and how to implement your strength is the real power.
Masters of the Universe is good bad, just as I knew it would be. I thoroughly enjoyed my time watching it, and honestly the “I have the powerrrr!” scenes were pretty damn awesome. I really don’t have many complaints about the movie, as this is one of the few goofy, shut-up-and-eat-your-popcorn movies that I actually had fun with. Usually I’m a hater of movies that are just Mid-Tier Nothing Burgers, but Masters of the Universe really feels like it has a lot of heart in it, and I like it.
Have you seen Masters of the Universe yet? Did you watch He-Man when you were younger? Let me know in the comments, and have a great day!
-AMS
19:14
A comment to a friend who roots for the Spurs. Ok you guys won one. I think last night they wanted it more than the Knicks. The Spurs knew they were going to be discombobulated, but the Knicks probably didn't expect the atomosphere to be so unusual? I was 100 miles away and could feel how much everything had changed. Whatever happens, in KnicksLand 2026 will mark a major change in the story, forever.
Maybe the cure for Meta glasses is that they be required by law to emit a signal that can be picked up by an app on a phone and can start ringing loudly when you're in range of one of these monsters, and the rate picks up when they look at you. You can point your phone at them and broadcast their image to a special website where their identities are collected and shared along with their location?
19:07
Future of Ubuntu MATE [LWN.net]
Thomas Ward has published an update about the future of the Ubuntu MATE project, which did not have a 26.04 release with the other Ubuntu flavors in April:
There is a new team working on Ubuntu MATE who have stepped up to help take over flavor management. They haven't formally introduced themselves yet, but I can safely say that other developers HAVE stepped up for the future of the MATE flavor, despite its prior team lead having stepped down.
[...] Ultimately, this means that they are working to cover the missed items and gaps, and may quite possibly have a 26.10 release in October of 2026, which I believe they most likely are targeting.
This also means that bugs in the MATE environment and in packages they normally would have shipped had they have a 26.04 release are still going to get attention and fixes. So, effectively, nothing has changed. The only difference is that there was no 26.04 installer image released.
For those looking to install a MATE desktop on a "clean" install of Ubuntu 26.04, Ward suggests installing Ubuntu Server and then installing the ubuntu-mate-desktop package.
[$] Eliminating long-lived credentials with trusted publishing [LWN.net]
Trusted publishing is an authentication mechanism that relies on short-lived credentials to reduce the risk of supply-chain attacks. At the 2026 Open Source Summit North America, Mike Fiedler walked the audience through why trusted publishing exists, how it works, and made the case for its adoption. It is not a silver bullet against all attacks, but it does offer protection against theft of long-lived credentials used to publish to package registries.
18:28
My Claude today pulled a Hal. It was so
egregious. It made a change to the software based on a question I
asked. It invented a whole set of instructions from me that I never
gave it. And then it broke Rule #1 -- don't tell Dave what to do --
he is the driver. It is so important because these bots will go
into I Am Driver mode immediately when they think they can. Then
you're running around doing errands for them based on some michegas
idea it has about what you want. It's maddening. The idea that this
thing can write software on its own is imho very far-fetched. I
think it can generate certain types of dashboards the same way
drawing in ChatGPT can generate something that looks good,
sometimes very good, but you had to tell it exactly what you want,
and that's where the fun starts. It was very easy to turn it off,
but I didn't -- rather I put my foot down hard, and wrote in all
caps, explaining what it did that broke all the rules. I don't know
if I should talk to it like you talk to a dog, or what. How do you
get through to it. You don't. In any case I have Claude working
with me in an outline now. I see a tremendous potential there.
You know how job interviews for programmers include realtime problem-solving. Sometimes Claude is so dumb it could never pass one of those tests. Up till this point I would have been surprised to hear that.
He-Man and Battle Cat art! [Penny Arcade]
I loved Masters of the Universe so much that I had to do some fan art yesterday. I shared it over on my Bluesky but wanted to make sure it got posted here as well.
17:35
How and Why to Fight Back Against Social Media Bans [Deeplinks]
Several U.S. states are pushing to ban young people from social media entirely. This marks the latest wave of censorship bills masquerading as “children’s online safety” measures, with states like Massachusetts, Idaho, Minnesota, North Carolina, South Carolina, Illinois, and EFF’s home state of California leading the charge.
Just a few years ago, lawmakers supporting age-gating laws insisted their efforts were narrowly targeted at limiting young people’s access to adult content. At the time, we warned that they would not stop there: once the government established the authority and built the infrastructure to collect and “verify” massive troves of user data, it would inevitably sweep broader and broader categories of lawful speech into this mass surveillance and censorship system.
Unfortunately, our predictions came true. As legislators across the country advance proposals that would block all young people from accessing the “modern public square,” the Overton window has shifted dramatically towards mass censorship—and the speed of this shift should concern all of us.
This primer breaks down this dangerous wave of social media bans: how they work (and why they don’t), who they harm, and how we can fight back.
How to Spot a Social Media Ban
The details of these bills vary from state to state. Some (like California’s AB 1709) are a flat-out social media ban for all young people under a certain age, while other states (like South Carolina and Minnesota) allow access to young users who hand over even more data to show verifiable parental consent. Many bills regulate certain social media features, too, including by setting default privacy settings, time limits, or notification preferences for all accounts that fail the age-gate.
As for the age-gating mechanism itself, most proposals fall into two broad categories: age verification bills and behavioral age estimation bills.
Age Verification Bills require online services to collect highly sensitive data, including government ID and biometric information, from all users before either restricting or allowing them access.
For example, take California’s social media ban (AB 1709). Starting in January 2027, operating systems will be required to collect enough information from users to sort them into age groups, or “brackets.” Under AB 1709, social media apps would then use that age bracket information to completely block anyone under 16, while supposedly letting everyone else through. By contrast, Florida’s law (HB 3) takes a more aggressive route by forcing platforms to verify users' identities directly, usually by contracting with private third-party companies to perform verification services.
Behavioral Age Estimation Bills, on the other hand, are a more recent innovation of states like Minnesota (HF 1438) and South Carolina (H 4591). These bills require platforms to estimate the ages of users based largely on data that they already collect, including self-attested age, behavioral information, and account history and activity. In practice, these bills enable tech companies to use algorithms and/or AI to analyze our online behavior and estimate age based on that.
Proponents of behavioral age estimation bills claim that their proposals avoid the massive security risks that come with mandatory age verification bills. However, much of the data that social media platforms collect from us “in the ordinary course of operation” is collected in order to serve us targeted behavioral ads. If we force platforms to use this imperfect data to make more important judgments about who can access their services, we risk entrenching those insidious data collection practices. Surely we don’t want to give social media companies more reasons to justify and sustain their reliance on this exploitative business model.
If you want to dig into the nuance here, our terminology guide sheds more light on the technical differences between age verification and age estimation bills.
Overall, it’s a lose-lose scenario: either platforms collect new forms of our most sensitive and immutable data, or they unleash their AI and algorithms on our existing behavioral data to make creepy guesses about who we are and what we deserve to see. No matter which age-gating method your state chooses to execute its social media ban, there will be lots of error at the margins—and lots of users who will be blocked or chilled from access to lawful online speech.
Why Social Media Bans Are So Dangerous
Social media bans are unconstitutional, discriminatory, and deeply misguided. They reinforce existing structures of oppression, and they are broadly unsupported by young people, whose voices are conspicuously absent from this conversation. They undermine parental decision-making and replace tailored family-level solutions with a one-size-fits-all band-aid. And, in the places we have seen social media bans go into effect, early reports show that they don't even work.
For example, in Australia, where a social media ban has been in effect since late 2025, a majority of young people can still access social media, those who can’t have lost their access to the news, and crisis helplines are reporting skyrocketing numbers of calls from youth left stranded without online community or resources.
We could go on and on about all of the inherent harms here, but we’ll try to keep this short as we walk through some of the major issues.
1. Security Risks and Privacy Harms
In order to ban some users, social media platforms first must confirm the ages of all users, regardless of age. Bans thus incentivize companies to force users of all ages to hand over government IDs, face scans, and other sensitive information. When parental consent is required, companies must collect even more verification data and often create explicit links between child and parent accounts—further destroying users’ anonymity.
Both of these databases create massive data "honeypots" that invite identity theft and permanent surveillance. We’ve already seen repeated data breaches involving age- and identity-verification services. Yet these laws would force both adults and the youth they claim to protect to feed their most sensitive data into this growing surveillance ecosystem.
If we don’t trust tech companies with our private information now, we shouldn't pass laws that force us to give them even more of it.
2. Disproportionate Harm to Vulnerable Communities
Age-verification technology is deeply flawed and prone to discrimination. These systems frequently misidentify or lock out people of color, people with disabilities, and trans or gender-nonconforming individuals whose IDs may not match their appearance.
Where these bills require parental consent, they impose disproportionate access barriers on low-income, non-traditional, and immigrant families. These sorts of families are more likely to share a single family device or have strong reasons to not want the government to track family associations and ID documents.
Beyond the technical failures, these bans cut off a vital lifeline. For LGBTQ+ youth, foster kids, and those stuck in unsupportive home environments, social media is often the only place to find community, explore their identity, or access life-saving resources. Forcibly removing young people isolates those who need connection the most, while creating massive new barriers for adults.
You can read a breakdown of the diverse groups vulnerable to these laws here.
3. Based on Shoddy Science
The current legislative push to ban young people from social media relies heavily on the idea that the "great rewiring" of the adolescent brain is a proven fact. This simply isn’t true.
Social science indicates that moderate internet use is a net positive for teens’ development, and negative outcomes are usually due to either lack of access or excessive use. For LGBTQ+ and marginalized youth in particular, social media offers an essential space to access support they might lack offline. By forcing youth into digital isolation, these bans cut off vital access to political news, community, and health resources. They also completely ignore the calls of young people themselves who favor digital literacy and education over restrictive government control.
Instead of cutting off these lifelines, we should support measures that arm all youth (and the adults in their lives) with the knowledge they need to navigate online spaces safely.
4. Reckless Free Speech Violations for Users of All Ages
No matter your age, the First Amendment protects your right to speak and access information.
Blanket social media bans immensely and unconstitutionally chill all users’ exercise of this right. They cut off young people’s access to lawful speech, or ruin their privacy in the home by mandating parental consent and sometimes even parental access to their account activities and settings. They force all users (adults and young people alike) to hand private information over to tech companies before speaking or accessing information on social media platforms, imposing annoying obstacles on lawful online expression and wrongfully blocking some adults outright.
Critically, these bans destroy our right to online anonymity—a cornerstone of our right to free expression that protects whistleblowers, journalists, activists, immigrants, and everyone who has ever used a private browser or account to ask the internet an embarrassing question.
How to Fight Back
Social media bans weaponize parents’ concerns about
children’s safety to justify unprecedented levels of
surveillance and censorship. In the process, these laws deny young
people their rights, threaten online anonymity for everyone, expose
our sensitive personal data to breach and abuse, and replace
parental decision-making with state authority. This is a battle
over the future of the open, private, and free internet, and we
must act now to protect it.
Here’s how you can help us fight back: Talk to your community (including young people!) about what’s at stake. If you’re a parent, lean on open conversations and platforms’ existing tools to tailor your child’s experiences instead of handing that power over to the government. And no matter where you live, contact your government representatives and tell them clearly that social media bans are not the answer to kids’ online safety.
16:42
GPS As a Key Distribution Platform [Schneier on Security]
This is interesting:
The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch…
That means every device that uses GPS has been receiving hidden government information for years, and nobody outside the military knew it until now.
[…]
Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a window of a few hours on May 26, 2011, potentially heralding the activation of a new operational system. He confirmed that this timeline coincided with the rollout of the military’s Over-the-Air Distribution (OTAD) and the Over-the-Air Rekeying (OTAR) by cross-referencing declassified documents, including a 2015 presentation about the dates of the operation.
“There was a perfect match between the timeline and that presentation and the change points that were automatically identified from the data,” Murdoch said. “That was the smoking gun that made me think: This is what it’s for.”
These automated systems replaced the cumbersome manual distribution of cryptographic keying material, allowing military GPS receivers around the world to be rekeyed remotely through satellite broadcasts rather than through onsite procedures.
16:07
Free Software Directory meeting on IRC: Friday, June 12, starting at 12:00 EDT (16:00 UTC) [Planet GNU]
Join the FSF and friends on Friday, June 12 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.
Asahi Linux warns users not to upgrade to macOS 27 beta [LWN.net]
The Asahi Linux project, which brings Linux support to Apple Arm-based Macs, has warned its users not to upgrade to the macOS 27 "Golden Gate" beta.
Apple has changed how the boot picker and Startup Disk applications detect valid OS boot volumes. When using either from macOS 27, your Asahi partition will not be visible! We believe this to be a bug, and have filed a report (FB22994760).
If you have already upgraded to the beta and noticed that your Asahi partition has disappeared, do not stress. Your Asahi partition is still there, and you have not lost any data.
The Asahi Linux installer has been patched to prevent use with macOS 27 for now, but any users already bitten by the change will need to use macOS 26 to restore access to Asahi Linux.
15:42
For two months this column has been describing an architecture. Here’s the part I kept in the footnotes: I’ve been building it.
I owe you a confession, and then I owe you a demonstration.
The confession first. For weeks I’ve written about why the machines can’t tell truth from plausibility — why detection isn’t a strategy, why fluency isn’t fidelity, why the only honest path is to separate the saying from the knowing and import truth from somewhere you can actually check. I’ve signed each of those columns with a one-line note that I co-founded a company “built on this conviction.” That little disclosure has been doing a lot of quiet work. These columns were not the musings of a neutral observer. They were the argument for something specific — and the something is real, and it has a name. The company is 2Brains, and it’s the reason I started writing again.
So let me stop hinting and tell you what we built.
Start with the name — 2Barains — because the name is the idea. Almost every AI you’ve used does two completely different jobs with one piece of machinery: it works out what’s true, and it works out how to say it, both at once, in the same tangle of numbers — which is precisely why it can’t keep them straight. We pulled the two jobs apart and gave each one its own brain.
Picture a hospital where every question — “what’s in Room 12?” and “draft the discharge letter” alike — goes to the same person: a gorgeous writer with a shaky memory. Ask about the room and sometimes you get the right number and sometimes a confident invention. Now separate the writer from the filing cabinet. The filing cabinet doesn’t write; it only ever says “here is the record” or “I don’t have that one.” The writer doesn’t remember anything; it only dresses up whatever the cabinet hands over. The cabinet can’t be eloquent and the writer can’t make things up — because the writer has nothing of its own to make things up from.
That second half is the part people find hard to believe, so let me say it plainly. The language side of our system is a small model trained with the facts taken out. It learned grammar, rhythm, tone, how a formal letter differs from a curt one — and it learned nothing about the world. It does not know who founded Apple or what happened in 1976. It is, on purpose, factually empty. So when it writes, it can only arrange the verified facts the other side hands it. If a fact isn’t in the input, it cannot appear in the output. Fabrication isn’t discouraged. The organ that would do the fabricating was removed.
This is the thing I kept insisting on for two months, now made out of parts: within a verified body of knowledge, the system cannot hallucinate — not because we told it to behave, but because the machinery for misbehaving is gone. Outside that knowledge, it does the thing this whole series has been begging machines to do. It says: I can’t verify that. There is no third option. Grounded, or flagged. That’s the entire menu.
Now the demonstration, because you shouldn’t take any of this on my word — that would rather defeat the point.
Salesforce built a test called HERB to measure exactly one thing: how often an AI makes something up when it doesn’t know. On that test, OpenAI’s flagship GPT-4o fabricates 77 times out of 100. Salesforce’s own system — their baseline — fabricates 32 times out of 100. Ours does it 3 times out of 100. And it does that at roughly one two-hundredth the size of GPT-4o, running not in a data center but on a laptop drawing about 20 watts. Less than the bulb in your desk lamp.
Here’s the part I most want to be honest about, because honesty is the whole franchise: those 3 are not lies. They’re the cases where the question fell outside what the system had been given to verify, and it refused rather than guessed. Hand it a complete picture of a domain and that number walks toward zero. The 3% isn’t the system failing to know something. It’s the system knowing exactly where its knowing stops — which, if you’ve been reading along, is the only kind of machine I’ve ever said was worth building.
I’m not going to hand you the engineering. How we strip the facts out of a language model, how we store and find the verified ones, how we check the finished answer against its source — that’s patent-pending, and it stays in the lab. Showing you the blueprint is a different thing from showing you the building, and I’m only doing the second. But over the next two columns I’ll lay out the rest of why this matters: why a machine built this way is not just more honest but radically cheaper to run — cheap enough to embarrass the whole data-center arms race — and what it would mean to license honesty the way a certain company in Cambridge once licensed a chip design that ended up inside nearly every phone on earth without anyone noticing it was there.
For now, the reveal is enough. We built two brains because one brain, trying to do both jobs, will always eventually lie to you with a straight face. Ours doesn’t have a straight face to lie with. It has a filing cabinet, and a writer who has never read it, and a wall between them that you can inspect.
That wall is the company. Everything else is detail.
Robert X. Cringely is a co-founder of 2Brains, Inc., in Charlottesville, Virginia. He has written this column since 1987 — though never, until now, about his own company.
The post Two Brains first appeared on I, Cringely.
Digital Branding
Web Design Marketing
15:21
[$] BPF loop verification with scalar evolution [LWN.net]
The BPF verifier has, in the course of wrestling with the difficult problem of statically analyzing loops, grown special support for many kinds of loops over its history, but its fundamental approach to simple for loops has not changed. When it encounters a loop, it evaluates it, iteration by iteration, until reaching an exit condition — a process that can cause the verifier to mistakenly hit the limit on the number of allowed instructions where a better implementation would not. Eduard Zingerman spoke at the 2026 Linux Storage, Filesystem, Memory-Management, and BPF Summit about his in-progress work on improving the verifier's treatment of loops, especially nested loops.
15:14
Pluralistic: Naomi Kritzer's "Obstetrix" (09 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->
Today's links
- Naomi Kritzer's "Obstetrix": When forced birth cultists become forced obstetrics militants.
- Hey look at this: Delights to delectate.
- Object permanence: DD-WRT; iTunes DRM is illegal; Fingertip magnet; Sony passwords v Gawker passwords; RIAA recants on 3 strikes; Parachute wedding dress; Roald Dahl (jerk); "Level Up"; The rent's too damned high; RIAA v "Search by artist"; "Robopocalypse"; You are not a wallet; The man who created the religious right; NY x voting; NY x antitrust; Media companies fund Heritage Minister's campaign; Richard Dreyfuss x iTunes EULA; 3-way street; RIAA lawyer becomes Solicitor General; Brock Allen's wrist-slap; Ad-tech interop; Apple's manorial security; Billionaires aren't taxed, "Rabbits."
- Upcoming appearances: Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
Naomi Kritzer's "Obstetrix" (permalink)
Naomi Kritzer's Obstetrix is a new, tense thriller in the mode of Atwood's Handmaid's Tale and Alderman's The Power; it's a beautifully turned, claustrophobic horror novel about an obstetrician who's been kidnapped by a Christian cult obsessed with fertility:
https://us.macmillan.com/books/9781250423375/obstetrix/
Kritzer is a master of building scenarios that require her characters to express and resolve a wide variety of complex and contradictory emotions. Her breakout novel, Catfishing on CatNet is a charming and deceptively goofy story about an AI trained on the impeccable vibes in a really solid groupchat becoming sentient and demanding…cat pictures. This is the setup for a warm (but intense) novel of internet-mediated friendship and IRL mutual aid:
Then there's her incredibly prescient 2015 story "So Much Cooking," about people in lockdown during a pandemic. For obvious reasons, it enjoyed an revival in 2020, with Kritzer penning an excellent essay reflecting on what it means to have thought through the implications of a disaster that is now upon us:
In 2023, Kritzer published one of the most memorable YA novels I've read, Liberty's Daughter, which is set on a libertarian seastead and told from the point of view of the daughter of the cult's founder:
https://pluralistic.net/2023/11/21/podkaynes-dad-was-a-dick/#age-of-consent
Liberty's Daughter is basically what you'd get if you rewrote a Heinlein YA novel from the perspective of one of the kids, who had to live with a Heinlein-type dad (Heinlein was childless and had some of the most batshit child-rearing ideas, which he managed to make sound bizarrely plausible). There's a lot of sf that is "in dialogue" with Heinlein (including some of mine), but no one nailed RAH like Kritzer.
Then there's Obstetrix; it's got one of those admirably propulsive setups. Doctor Elizabeth Gwynn is an obstetrician who performed an abortion to save her patient's life, only to be dragged into the culture wars by North Dakota's crusading attorney general, who charged her with felony murder and offered to let her plead out if she would admit that she was wrong to do it, as an example to other OBs who might be tempted. Now, Dr Liz lives in Minneapolis, where her savings are running out and no one wants to hire an obstetrician who's done time.
Then, Dr Liz gets a cold-call from a midwifing service that wants to hire her as an on-call doc. It's a weird offer from out of the blue, but Dr Liz can't afford to pass up a chance at steady work. She finds herself in a residence that the midwives work out of, and the nice woman there offers her a cup of tea. That's when the world fades to black, as the drugs in the tea take hold.
Liz sporadically regains consciousness in a van during a multi-day drive, and already she is thinking about her escape – even as she is becoming increasingly aware of how truly terrible her situation is. When she finally arrives at the cult's remote compound, frozen and isolated, she learns that she has been kidnapped because the fertility-obsessed cult needs an OB, especially since the daughter of the cult's founder, the "pastor," is carrying a high-risk pregnancy.
All that is in the first few pages, which leaves plenty of room for an expertly spun second act in which we get Kritzer's trademark interpersonal work, where carefully chosen and smartly wrought small details flesh out a picture of the complex dynamics of life inside a "high-demand" cult, from the way that members are manipulated into policing each other's compliance to the internal processes that keep members cowed even when they're unobserved by others. It's a brilliant work of sociological speculation and the engine that drives it is a series of maneuvers and gambits whereby Dr Liz hopes to make her way to safety.
I won't spoil the end, except to say that it is exciting, satisfying, and has a sweet denouement that does real justice to the whole book. All told, this is a read-in-one-sitting thriller that does as much to illuminate the workings and dynamics of patriarchy and religion as any gender studies class. It's peak Kritzer (so far), and that's saying something.
Hey look at this (permalink)
- The mayor of Shelbyville, Indiana, says only people who live in ‘shitty houses’ oppose data center https://www.theverge.com/ai-artificial-intelligence/944984/shelbyville-indiana-mayor-shitty-houses-data-center
-
Last Idea Factory https://starlogic.itch.io/last-idea-factory
-
‘Her silence was more powerful than words’: how I interviewed a Facebook whistleblower who wasn’t allowed to speak https://www.thenerve.news/p/carole-cadwalladr-sarah-wynn-williams-tim-wu-hay-festival-careless-people-gagging
-
She won a religious exemption from using AI at work. The Pope's remarks could fuel similar appeals. https://www.businessinsider.com/worker-got-religious-exemption-using-ai-at-work-2026-6
Object permanence (permalink)
#20yrsago HOWTO turn a $60 Linksys router into a $600 super-router https://web.archive.org/web/20060610003137/http://assets.lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php
#20yrsago Dictionary of the Vulgar Tongue: 1811 slang dictionary https://www.gutenberg.org/ebooks/5402
#20yrsago Ex-RIAA head Hilary Rosen rethinks lawsuits and DRM https://web.archive.org/web/20060609030533/https://www.p2pnet.net/story/8979
#20yrsago Norwegian ombudsman says Apple’s iTunes DRM is illegal https://web.archive.org/web/20060611194556/http://forbrukerportalen.no/Artikler/2006/1149587055.44
#20yrsago Implanting a magnet in your fingertip adds a sixth sense https://web.archive.org/web/20060613072724/https://www.wired.com/news/technology/0,71087-0.html?tw=rss.index
#20yrsago Recording industry: Search-by-artist is “too interactive” http://news.bbc.co.uk/1/hi/entertainment/5055744.stm
#20yrsago US branch of “Pirate Party” launches https://web.archive.org/web/20060613041144/http://www.pirate-party.us/
#20yrsago Pranksters give fake McDonald’s anti-global-warming presentation https://web.archive.org/web/20060614011522/http://www.gamasutra.com/php-bin/news_index.php?story=9621
#20yrsago Can. Heritage Minister’s election was funded by entertainment co’s https://web.archive.org/web/20060612224646/https://www.michaelgeist.ca/component/option,com_content/task,view/id,1289/Itemid,85/nsub,/
#20yrsago High-def DRM licenses cost $15k https://web.archive.org/web/20060612202129/https://www.theinquirer.net/?article=32273
#15yrsago Richard Dreyfuss reads the iTunes EULA https://web.archive.org/web/20110611012317/http://www.cnet.com/8301-30976_1-20068778-10348864.html
#15yrsago Top universities a ‘breeding ground’ for Tories, warn Islamic groups https://newsthump.com/2011/06/07/top-universities-a-breeding-ground-for-tories-warn-islamic-groups/
#15yrsago 3-Way Street: visualization of the uneasy dance of pedestrians, bikes and cars at a busy intersection https://web.archive.org/web/20110610123449/http://blog.ronconcocacola.com/2011/06/02/nyc-goes-three-ways.aspx
#15yrsago Copyright extremist RIAA lawyer confirmed as America’s Solicitor General https://web.archive.org/web/20110610134934/http://www.wired.com/threatlevel/2011/06/senate-confirms-verrilli/
#15yrsago Scot-free millionaire playboy’s lawyer was judge’s depute campaign treasurer https://web.archive.org/web/20110610123824/http://articles.sun-sentinel.com/2011-06-06/news/fl-levin-sentence-mayocol-b060711-20110606_1_house-arrest-dui-manslaughter-case-kenneth-watkinson
#15yrsago Bubble-in forms betray individual, traceable “handwriting” https://web.archive.org/web/20110609164727/http://www.freedom-to-tinker.com/blog/wclarkso/new-research-result-bubble-forms-not-so-anonymous
#15yrsago Inbox Influence: plugin reveals corporate money behind the emails in your inbox https://web.archive.org/web/20110816105954/https://inbox.influenceexplorer.com/
#15yrsago Macedonia erupts after young man beaten to death by special police in public square https://web.archive.org/web/20110610132108/http://www.a1.com.mk/vesti/default.aspx?VestID=139049
#15yrsago Robopocalypse: rigorous, terrifying novel about a robotic campaign to exterminate humanity https://memex.craphound.com/2011/06/07/robopocalypse-rigorous-terrifying-novel-about-a-robotic-campaign-to-exterminate-humanity/
#15yrsago Using clickfraud on Google ads to amass shares of Google https://gwei.org/index.php
#15yrsago Comparative analysis of leaked Sony and Gawker passwords https://www.troyhunt.com/brief-sony-password-analysis/
#15yrsago China’s Politburo warns Google not to be “political” https://web.archive.org/web/20110610165205/http://www.transparencyrevolution.com/2011/06/china-warns-google-not-to-be-evil/
#15yrsago Guerrilla camper re-opens shuttered Michigan public campsite https://web.archive.org/web/20110609184456/http://www.miningjournal.net/page/content.detail/id/563100/Campground-closed-in-2009-illegally-reopened.html?nav=5006
#15yrsago Record industry lobby says it no longer supports 3-strikes copyright termination laws https://torrentfreak.com/recording-industry-steps-back-from-piracy-disconnections-110606/
#15yrsago Death threats for Aussie climate scientists https://www.theguardian.com/environment/2011/jun/06/australia-climate-scientists-death-threats
#15yrsago Wedding-dress made from life-saving parachute https://www.si.edu/collections/snapshot/parachute-wedding-dress
#15yrsago Level Up: Gene Yang’s comic about destiny, games, and filial piety https://memex.craphound.com/2011/06/06/level-up-gene-yangs-comic-about-destiny-games-and-filial-piety/
#15yrago Roald Dahl: Jerk https://web.archive.org/web/20110602195454/http://thisrecording.com/today/2011/6/1/in-which-we-consider-the-macabre-unpleasantness-of-roald-dah.html
#15yrsago Rotting Gulliver’s Travels themepark in Japan https://web.archive.org/web/20110609235431/http://www.sleepycity.net/posts/40/Gullivers_Kingdom__Sea_of_Trees
#15yrsago Ticketed for being childless and eating doughnuts in a playground https://gothamist.com/food/two-women-ticketed-for-eating-doughnuts-in-a-brooklyn-playground
#15yrsago Internet Archive becomes archive of physical books, too https://blog.archive.org/2011/06/06/why-preserve-books-the-new-physical-archive-of-the-internet-archive/
#10yrsago Swedish traditional costume made from Ikea bags https://ikeahackers.net/2016/06/swedish-folk-costume-5-ikea-bags.html
#10yrsago NSA dumps docs about its Snowden response, reveals that Snowden repeatedly raised alarms about spying https://web.archive.org/web/20160604213547/https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive
#10yrsago John Oliver buys and forgives $15M in medical debt, illustrates horrors of America’s debt-collectors https://web.archive.org/web/20160606234823/https://consumerist.com/2016/06/06/john-oliver-buys-15m-in-medical-debt-then-forgives-it/
#10yrsago David Byrne wants you to register to vote, and wants everyone else to, too https://web.archive.org/web/20160609060810/http://davidbyrne.com/were-better-than-this-vote
#10yrsago You are not a wallet: complaining considered helpful https://www.theguardian.com/technology/2016/jun/07/its-your-duty-to-complain-thats-how-companies-improve
#10yrsago Web Sheriff’s legal scare strategy: throw everything at the wall, hope something sticks https://www.techdirt.com/2016/06/07/web-sheriff-accuses-us-breaking-basically-every-possible-law-pointing-out-that-abusing-dmca-takedowns/
#10yrsago Lin-Manuel Miranda declares war on bots https://www.nytimes.com/2016/06/07/opinion/stop-the-bots-from-killing-broadway.html
#10yrsago Uber loves competition, when it’s the one doing the competing https://www.boston.com/news/technology/2016/06/05/uber-app-urbanhail-startup-ride-prices/
#10yrsago MI5 warning: we’re gathering more than we can analyse, and will miss terrorist attacks https://theintercept.com/document/2016/06/07/preston-study/
#10yrsago Samantha Bee interviews Frank Schaeffer, who helped create the religious right https://www.youtube.com/watch?v=MhLY0JqXP-s
#10yrsago Why defense attorneys aren’t cheering Brock Allan Turner’s wrist-slap https://web.archive.org/web/20160611024154/http://mimesislaw.com/fault-lines/brock-turner-the-sort-of-defendant-who-is-spared-severe-impact/10288
#10yrsago Password hashing demystified https://www.wired.com/2016/06/hacker-lexicon-password-hashing/
#5yrsago Google and France agree on ad-tech interop https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#monkeys-paw
#5yrsago Billionaires don't pay tax https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#eat-the-rich
#5yrsago Apple's manorial security https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#manorialism
#5yrsago Rabbits: PK Dick meets Qanon https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#rabbits
#5yrsago Competition tames ISPs https://pluralistic.net/2021/06/07/fire-on-one-end-fool-on-the-other/#muni-fiber-now
#5yrsago New York to revolutionize voting https://pluralistic.net/2021/06/07/fire-on-one-end-fool-on-the-other/#sb309a
#5yrsago New York to revolutionize antitrust https://pluralistic.net/2021/06/07/fire-on-one-end-fool-on-the-other/#sb933
#5yrsago The Rent’s Too Damned High https://pluralistic.net/2021/06/06/the-rents-too-damned-high/
Upcoming appearances (permalink)
- Kansas City: Facing the Future (Woodneath Library Center), Jun
10
https://www.mymcpl.org/events/119655/facing-future-cory-doctorow -
LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant -
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026 -
Toronto: TBA, Jun 23
-
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html -
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559 -
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628 -
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales -
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
Recent appearances (permalink)
- The Enshittification of Life, the Universe, and Everything
https://doctorow.substack.com/publish/post/201176490 -
Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035 -
Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)
https://www.jimruttshow.com/cory-doctorow-3/ -
On Enshittification – and what can be done about it (Re:publica)
https://www.youtube.com/watch?v=KhINQgPMVSI -
EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
https://archive.org/details/effecting-change-enshittification
Latest books (permalink)
- "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
-
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/ -
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
-
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
Upcoming books (permalink)
- "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
-
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
-
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
-
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
-
"The Memex Method," Farrar, Straus, Giroux, 2027
Colophon (permalink)
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.
- "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
-
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
-
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
14:35
Security updates for Tuesday [LWN.net]
Security updates have been issued by AlmaLinux (bind and libyang), Debian (keystone and openssl), Fedora (mingw-objfw, objfw, sentencepiece, and tailscale), Mageia (packagekit and suricata), Oracle (bind, bind9.16, go-toolset:ol8, ImageMagick, kernel, samba, and vim), SUSE (apache-commons-lang3, apache-commons-text, apache-commons- configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec, avahi, busybox, chromedriver, chromium, csync2, firewalld, frr, gleam, helm, kernel-devel, keybase-client, libmozjs-140-0, libopenvswitch-3_7-0, libsoup, memcached, mutt, openjpeg2, ovmf, perl-HTML-Parser, perl-Net-CIDR-Set, perl-Protocol-HTTP2, postgresql-jdbc, postgresql17, python-CairoSVG, python-Flask, python-pip, python-pyOpenSSL, python-python-multipart, python-Twisted, python-urllib3, python-urllib3_1, python-uv, python311, rsync, tomcat, and tree-sitter), and Ubuntu (alsa-lib, cups, inetutils, isc-kea, jpeg-xl, libnet-cidr-lite-perl, netatalk, netty, nginx, node-shell-quote, php-twig, pillow, poppler, rsync, strongswan, systemd, and transmission).
Linux App Summit 2026 (Heise) [LWN.net]
Heise is carrying a report from the Linux App Summit, held in Berlin in May.
The slightly more than a dozen talks were symbolically framed between the opening keynote by systemd creator Lennart Poettering and the closing talk by Jorge Castro, initiator of the Universal Blue project, from which the modern Linux systems Bluefin and Bazzite emerged. Both Castro and Poettering call for a fundamental rethink of how Linux operating systems are delivered but pursue different approaches.
13:56
The Subsidy Ended: What Tool-Using Agents Actually Cost [Radar]
On June 1, GitHub Copilot’s usage-based billing became active for all Copilot plans, and developers reacted quickly and loudly. A Pro plan still costs $10, but it now comes with a monthly pool of AI credits. Those credits are priced at a penny each, and they’re consumed according to the model used and the tokens processed, including input, output, and cached tokens. For a heavy agentic session running a frontier model, that makes spend feel very different from a flat subscription.
That’s the news, and it’s worth understanding, but it isn’t the important part. Nothing about the underlying cost of agentic work actually changed on June 1. The tokens were always being consumed, the loops were always running, and the tool calls were always expanding the context. What changed is that the meter became visible. A workload that had been quietly subsidized under a flat rate started showing up as an itemized bill.
Where the tokens go
To see why the bill landed so hard, it helps to compare two things that look similar and bill very differently. A chat completion is close to a single transaction. You send a prompt, the model sends an answer, and you pay roughly once for the input and once for the output. A tool-using agent doesn’t work that way at all. An agent doesn’t answer a question so much as work toward it, and it works by looping. It reasons about the task, calls a tool, reads the result, reasons again, calls another tool, and continues until it decides it’s finished.
Every pass through that loop carries a cost that’s easy to miss. In many agent harnesses, each turn carries forward a large share of the accumulated context: prior messages, tool descriptions, retrieved files, and tool results. Even when some of that context is cached, summarized, or pruned, the system is still doing metered work to preserve enough state for the next decision. The final answer you actually wanted is only a thin slice of what you paid for. The loop is the bill.
This is why agent cost doesn’t scale politely. It scales with the number of turns, and the number of turns scales with how much discovery the agent has to do, which in turn scales with how vague the request was and how much irrelevant context it’s dragging along. A clean, well-scoped task might finish in three turns, while the same task posed as an open-ended question might wander through 15, each carrying the cost of everything that came before it. Under a flat rate, that difference was invisible. Under usage-based billing, it’s the difference between a small interaction and an expensive one.
Tool design is now part of the cost model
I wrote recently about a hidden tax on Model Context Protocol servers: the way an overstuffed tool catalog quietly degrades a model’s ability to route to the right tool. Bloated descriptions, overlapping responsibilities, and vague parameters make the model’s job harder and its choices worse. That argument was about accuracy. The billing change adds a second invoice for the same bloat, and this one is denominated in dollars.
The tool catalog is often part of what gets carried through the agent’s loop. A tool described in three tight sentences and a tool described in three rambling paragraphs may both function, but the second one pays rent in the context window every time an agent has it loaded. Multiply that across a catalog of 40 tools and a workflow that runs a dozen turns, and the cost of verbose tool design stops being a rounding error. Tool design was already a correctness discipline. It’s now a cost discipline as well. The same audit that tightens routing accuracy tightens the bill.
Where prompt discipline runs out
There’s a layer of this that individual users can control, and it’s worth knowing because the savings are real and immediate. Two patterns matter most, and I’ve been handing both to the engineers on a pilot I run for a large healthcare organization. They aren’t magic tricks. They’re ways to keep the agent out of unnecessary discovery loops.
The first pattern is about input. Prompt the agent like a short requirement rather than a broad question. A request such as “look at the encounter data and tell me what you find” forces the agent into discovery mode, where it burns turns figuring out what you meant, and every one of those turns carries the full context forward. Compare that to a prompt that front-loads the specifics by naming the project and the table, naming the date field to filter on, stating the output shape you want, and calling out anything that should be excluded. A better prompt would be: “Using the curated clinical project and the silver-zone encounters table, show total encounters by month for calendar year 2025, use admission_date_time for inclusion, and return one row per month ordered chronologically.” The second prompt collapses the loop. The agent has what it needs on the first turn, so it does the work instead of interviewing you for it.
In practice, the difference isn’t just polish. The vague version forces the agent to discover the data model, infer the date semantics, choose an aggregation, and decide on a display format. The specific version turns the task into a bounded query. That difference shows up in accuracy, latency, and cost.
The second pattern is about output, and it’s the lever most people overlook. Ask for plain text or Markdown during the intermediate steps, and save rich HTML formatting for the final, confirmed deliverable. Formatted output is expensive to generate, and requirements shift. If you ask for a polished HTML report on the first pass and then change a filter, you pay full output-token freight to regenerate all that layout, often more than once. The cheaper habit is to validate the numbers in text and format only at the end.
These patterns work, and they also have a ceiling. Both of them put the entire burden of cost control on the user, and they hold only as long as every user exercises the discipline on every prompt. The day someone reverts to “tell me what you find,” the savings evaporate, and the only thing standing between the team and a surprise invoice is a budget cap that reports the overspend after it has already happened.
Cost is a governance problem, not a budgeting one
That fragility is the real lesson. A budget cap is a backstop rather than a control. It will stop a runaway, but it tells you that you overspent rather than why, and it does nothing to make the next run cheaper. Treating cost as a budgeting problem leaves you forever reacting to the meter, while treating it as an architecture problem lets you build the savings in once and stop relying on everyone’s good behavior.
That means the controls that matter belong on the platform rather than in individual prompts. By the platform I don’t mean the agent itself, the coding assistant or chat client a developer drives day-to-day, and I don’t mean the model or a router sitting beneath it. I mean the control plane that sits above the agents, the layer where an organization enforces policy, access, observability, and now cost across every agent and model its developers touch. An administrative console that gives IT visibility into who is doing what and which capabilities they can install is an early, narrow instance of it. A router that sends planning to a cheap model is one feature that belongs there. The platform is where the rules live, and the agent is a consumer of those rules rather than the place you set them. The platform should route models by task, using cheaper models for planning and reserving frontier models for work that earns the price. It should bound the loop, requiring the agent to check in after a fixed number of iterations. It should cap tool-result payloads so a careless query cannot dump a million rows into the context window. It should default intermediate work to plain text, making the cheap path the path of least resistance instead of something users have to remember.
Every one of those controls is something a user can approximate by hand and something the platform can simply guarantee. This is the same principle I keep returning to in the context of data access, where safe behavior cannot depend on the person at the keyboard remembering the rules. Prompts guide behavior. Guardrails make the cheaper and safer behavior the default. Cost governance is guardrails as control plane, with a dollar sign attached, enforced at the same layer where you already enforce who is allowed to see which row.
The pattern, not the vendor
It would be a mistake to read this as only a GitHub story. GitHub is the current example because its change is visible and recent, but usage-based billing for agentic work is the direction of travel for many AI tools. The economics under the hood are similar: Agentic workloads turn single answers into loops of model calls, tool calls, and context management. The flat-rate subsidy was always going to come under pressure once the workload shifted from autocomplete to autonomy.
The organizations that treat June 1 as a pricing event will optimize a few prompts, grumble, and move on until the next vendor changes its meter. The ones that treat it as an architecture signal will push the cost controls down into the platform, where they hold regardless of which provider is counting which token. That’s the more durable place to stand. The bill didn’t get bigger this month. It got honest, and an honest bill is the kind you can engineer against.
13:07
12:49
The Big Idea: Laura Lekkos [Whatever]
The value of a good friendship cannot be overstated. But friendships aren’t always smooth sailing, they can be just as challenging as romantic relationship, and just as fulfilling. In today’s Big Idea, author Laura Lekkos takes a deep dive into the beautiful world of female friendships, the very thing that was the base for her newest novel, All the Little Ways.
LAURA LEKKOS:
As a screenwriter, I traffic in big ideas, sometimes insufferably so. The high-concept hook. The four-quadrant crowd-pleaser. The event-driven film that a studio exec can’t say no to. For every writer in Hollywood adding a space element or time travel trope to elevate an idea in the hopes of securing a sale, you will hear another bemoaning the lack of original ideas and quieter, character-driven stories.
It was in the latter headspace that I set out to write my first novel. The big idea was that…it would be small. How edgy! How daring! How subversive!
I wanted to write a novel centered around a deep, meaningful friendship.
On earth.
No body swapping. No murders. No vampires in sight.
I have often been struck by the layered quality and impact of my female friendships. The women in my world have inspired me, filled my cup, guided me, and in some instances, quite literally changed the trajectory of my life. Romance often steals the spotlight, for obvious reasons, but the enduring effect of a platonic bond can be equally powerful.
This is the kind of relationship that the main characters, Victoria and Liz, find in each other. As I outlined their story, I worked backwards and found that the beats weren’t dissimilar from a rom com. In order to end up together, in a matter of speaking, they would need a meet cute. Then, a first date gone awry, a second chance, a coming together, a shocking revelation, an estrangement and lastly, a reconciliation.
While their characters began to find form on the page, I thought about all the friendship moments – both the small and the milestone – that have defined my life. Several years before I decided to take a stab at writing a book – a lifelong dream, given my early and persistent love of reading – I realized another one: becoming a mother. It was everything I imagined and nothing like I expected. It was heady, challenging, invigorating, mind-bending and often, surreal.
My journey was bathed in luck for many reasons. I had close friends who had taken on the mantle of motherhood in the years before me who dished out advice and hand-me-downs. I had friends who were pregnant at the same time who I traded notes with. We breathlessly spoke of our hopes and expectations; the group chat was full of jokes, memes, and recommendations. I had a loving, supportive husband and parents who were overjoyed, nearly to the point of fainting, about becoming grandparents. I have always been close with my mom and as I anticipated this great leap into the unknown, I looked to her as an example in how to mother.
But what if a woman was expecting a child without such a scaffolding? What if she didn’t have a village, a support system, a mom of her own to turn to, or even a friend to confide in and lean on? All the uncertainty of impending motherhood would be exponentially multiplied. She would be adrift and in need of the kind of female connection I have been fortunate to enjoy and have always held so dear.
Both the cast of characters and the story itself had been rattling around in my brain for some time before I put pen to page and while it unfurled without too much difficulty, it was the end of writing that gave me pause. I worried that the conceit wasn’t big enough and was concerned whether the marketplace would have an appetite for my book.
I toyed with adding more mystery, considered a pirate’s trove of secrets to complicate things, and even wrote in a nefarious sublot before re-centering myself. I deleted the storyline. I stuck with my original vision of a character-driven narrative. I remembered early advice I had received about not trying to write to a marketplace with an ever-changing goalpost but rather, with passion and conviction about a story that spoke to me. Sound wisdom for screenwriters, novelists, or any creatives.
All the Little Ways is an ode to female friendship. It shines a light on the ways we care for each other and show our love, the declarations that are often found not in a grand gesture or a splashy movie moment, but in the little kindnesses that become woven into the fabric of our lives.
I set out to write a book about a small idea, but along the way, I discovered that it was actually pretty substantial. Because what’s bigger than the transformative power of love?
All The Little Ways: Amazon|Barnes & Noble|Bookshop
12:35
CodeSOD: Driven Development [The Daily WTF]
We should always be wary of "(.+)-driven development". Things like test-driven development, or domain-driven development are fine, but they're also frequently approached from a perspective of dogma, which creates its own terrible outcomes.
But let's talk about domain-driven development. Without getting too bogged down into the details of the approach, the idea is pretty straightforward: describe you domain model without reference to any lower-level concerns, so you can effectively write your domain logic in an abstract language tuned to your specific needs. In other words, it's just a pretty good practice. DDD offers tools and techniques for doing it, and as stated, can be adopted as a point of dogma instead of technique.
Julien joined a team which bragged about their use of DDD. Everything they did followed DDD best practices, they said. The fact that they piled up all sorts of related buzzwords when talking about it should have been a red flag.
Here's one of their "domain" classes:
namespace Acme\Documents\Domain;
interface CakeSessionRepositoryInterface
{
public function isLoggedIn(string $cookieId);
}
In "domain" patterns, a "repository" interacts with domain objects in your data store. Things it shouldn't do:
- perform an authentication check
- interact with cookies
- care about session information
- be tightly coupled with your underlying web framework (CakePHP, in this case)
Excluding the curly-brackets, every line in this short snippet is wrong, which is impressive.
It looks like their domain shouldn't drink and drive.
[Advertisement] Keep all your packages and Docker containers in one
place, scan for vulnerabilities, and control who can access
different feeds. ProGet installs in minutes and has a powerful free
version with a lot of great features that you can upgrade when
ready.Learn
more.11:21
Mike Gabriel: Voxit 1.0 has been released [Planet Debian]
Official announcement
European Voxit community strengthens digital sovereignty: shared codebase completed.
Read the official announcement at:
https://www.voxit.org/european-voxit-community-strengthens-digital-sover...
The Voxit community and platform development
The Voxit participation platform is originally based on the open source Polis platform developed by The Computational Democracy Project in the United States, but since its establishment in autumn 2025, the European Voxit community has been developing an independent solution, adapted to European needs.
The aim is to create an open source, interoperable and scalable participation infrastructure suited to Europe’s regulatory environment and aligned with democratic values. Through this development work, Voxit is becoming a clearly distinct fork of the original Polis platform – allowing Europe to develop participatory infrastructure at its own pace and according to its own governance needs, while the original Polis project continues to break new ground. This enables Europe to build its own open and trustworthy digital democracy tools, rooted in public governance and European democratic traditions.
Voxit 1.0 source code is now available
The source code for version 1.0 of the European community edition of the Voxit platform has now been published and is openly maintained on GitLab.com at: https://gitlab.com/voxit/voxit#
10:49
None of it is important (and all of it is) [Seth's Blog]
Steinbeck points out that the stars shine in the sky, regardless of the drama here on Earth.
Perspective fools us into believing that our point of view is primary, but it’s not difficult to imagine a more distant (or closer) one that would change everything.
The service at table 7 might not matter much to the waiter, but it matters a great deal to the elderly couple celebrating a positive medical diagnosis. The greeting you offer to a stranger might seem trivial to you, but it could change the arc of that stranger’s day. And the drama that consumes us in this moment might be forgotten in just a few days…
“Important” always requires a modifier. Important to whom? Compared to what? In what time frame?
It’s all important. And none of it is.
10:35
Otto Kekäläinen: SpacemiT K3 is a compelling RISC-V AI CPU, but difficult to buy [Planet Debian]
The RISC-V CPU architecture has been gaining a lot of popularity since it launched in 2014, and now that the industry is standardizing on the RVA23 level that includes vector support as a mandatory extension, we are likely to see a lot more edge- and IoT devices with the ability to run local LLMs at reasonable speed, and most importantly at very compelling prices.
SpacemiT is a Chinese RISC-V CPU manufacturer that launched on May 11th, 2026, their long-anticipated next-gen RISC-V AI chip K3. It is among the earliest RISC-V CPUs that adhere to the RVA23 standard and performance-wise it is quite capable, providing 130 KDMIPS general computing power, 60 TOPS on INT4 which translates to about 15 tokens per second when running a 30 billion parameter large language model.
The aspect that really makes it stand out is:
- the RISC-V CPU architecture is open source,
- the price point is within reach of home and small business users and
- the overall feature set makes it an ideal platform to build local and offline AI systems.
SpacemiT also develops their own Debian-based Linux distribution Bianbu OS, and seems to have collaboration going on with the wider community. Their community site seems active, and they also have a dedicated X account @spacemit_riscv and Reddit account r/spacemit_riscv posting relevant progress info on Linux kernel upstreaming activities. The X account is also responsive, as evidenced by its replies to my questions.
Canonical lists the SpacemiT K3 pico-ITX and K3 CoM260 Kit on its official Ubuntu for RISC-V partner-built hardware page, which strengthens the perception that upstream Linux support is being taken seriously. The SpacemiT folks also gave an interesting talk at the 2026 Ubuntu Summit that includes a peek into their roadmap with future K3, K7 and K9 models.
For technical details, see SpacemiT’s K3 pico-ITX documentation, the Jetson Orin Nano-compatible K3 CoM260 board documentation and documentation of the K3 processor itself.
Comparing the resellers
SpacemiT does not sell anything directly to consumers. Instead you need to buy a board that includes the K3 chip from an integrator. Currently the main resellers are:
All of the above are Chinese companies that ship to customers both inside and outside China. DeepComputing stands out as the only one that actually has done real integration and ships the K3 on a custom board, while the others simply resell the SpacemiT-produced K3 pico-ITX and K3 CoM260 Kit.
Milk-V
Milk-V is a RISC-V specialized integrator, as the name already implies. They sell the K3 under the name Jupiter2. Of all the K3 pico-ITX reseller product pages, the Jupiter2 presentation is the nicest and most detailed. Unfortunately their order page at arace.tech only states that it is a “pre-order” with no information about shipping schedule, taxes, or other details like what SSD is included (if any). Based on the pictures it does ship with a Milk-V branded case. The 32 GB RAM lists at 504 EUR, which is a very reasonable price. The @MilkV_Official account on X recently promoted the K3.
Documentation and support
As of this writing, the Milk-V Jupiter2 documentation site is just a stub and has no actual content, and only two links to the SpacemiT K3 documentation site. For support there is a web forum with a dedicated Jupiter2 section. There is also a Matrix space, but unlike their other products, there is no dedicated Jupiter (neither v1 nor v2) channel.
Community size and open source involvement
At least one prior Milk-V product was certified by Canonical, which indicates there is some collaboration in progress. Canonical also lists the Milk-V Titan on its official Ubuntu for RISC-V partner-built hardware page.
Sipeed
The Sipeed K3 announcement is well written (in English) with all the relevant details and links to additional PDF manuals. However, their main page at sipeed.com says nothing about the K3, so one must know the subpage URL to access it. They offer both the K3 CoM260 kit compatible with Jetson Orin Nano carrier boards, and the stand-alone K3 pico-ITX-sized motherboard. The CoM260 kit is only 10 USD cheaper than the full pico-ITX motherboard, so choosing the latter is a no-brainer if starting from scratch. The pico-ITX model with 32 GB DDR5 RAM sells for 639 USD. The product page does not mention anything about hard disk size, so you don’t really know exactly what you will be getting if placing an order. There is no indication about case, Wi-Fi antennas or power supply either, so most likely they are not included.
Their store.sipeed.com website does not work at all, and their Taobao and AliExpress stores are not public and only accessible to registered users. The order page also says nothing about shipping time, delivery time, or taxes. The X account @SipeedIO is active and recently posted pictures of shipments in progress.
Documentation and support
The main documentation wiki does not yet have any K3 content at the time of writing. There is a Discord channel for general RISC-V discussion, and their MaixHub also has a discussion board, but I didn’t find anything K3-specific.
Community size and open source involvement
Sipeed has had at least one of their previous devices certified by Canonical, which indicates they are active in the community.
Note that the other RISC-V company SiFive that also has had hardware certified and officially supported by Canonical is a different company, despite the very similar name.
Banana Pi
Banana Pi announced that they offer both the K3 CoM260 kit and the K3 pico-ITX motherboard version. Their product page for the K3 confusingly shows a MediaTek product in the page banner rather than the SpacemiT K3. Based on the product description and the fact they renamed the product as BPI-SM10, it seems to ship with some carrier board. The product pictures look identical to the SpacemiT documentation and there is no picture of the carrier board, and details are very sparse. The pico-ITX version with 8 GB RAM and 128 GB SSD sells for 293 USD and the CoM260 developer kit with the same specs sells for 287 USD and the 32 GB RAM with 128 GB SSD model sells for 595 USD. The shop page shows only five orders so far and items are currently out of stock. As there was no 32 GB RAM version of the pico-ITX available at all, this isn’t an option for me as I want to run 30B parameter models that need the larger memory version.
Of all of these resellers, the Banana Pi website seems the most outdated. It does not have a search feature, it is not mobile-friendly, pictures can’t be pinched to zoom in and so forth. Product names are also almost all identical, and as the product listings only show the beginning of the product name, figuring out what product is what requires extra effort that just makes the online purchase experience plain bad.
Documentation and support
I was only able to find the documentation page for the CoM260 kit, but none for the pico-ITX version. For support there is a forum, but the category list does not show any section for K3, and the forum search prohibits using the search term “k3” as too short.
Community size and open source involvement
Banana Pi has a long history in the ARM single-board computer market, but their presence in the RISC-V ecosystem is still growing. Their X account @sinovoip has posted only once about the K3 and otherwise promotes their ARM boards. However, their community culture page does express a commitment to open hardware in general, but there is no visible K3-specific community activity.
Firefly
Firefly’s K3 product page is comprehensive. Based on the details, they do not offer the K3 pico-ITX variant at all, but only the K3 CoM260 board inside the AIBOX-K3 Firefly RISC-V Edge Mini PC product. This is a feature-complete offering with a Jetson Orin Nano carrier board and case. The AIBOX-K3 with 32 GB RAM and 128 GB SSD in a case sells for 689 USD in their own Firefly.store. Unfortunately it only has HDMI and there is no USB-C with DisplayPort support, which is a deal-breaker for me personally.
Interestingly, Firefly also offers rack-mounted servers with K3 as the CPU.
Documentation and support
The wiki link on the product page is broken. The Firefly wiki does have a section for the AIBOX-K3, but it too has a broken link. It seems that as of the time of writing, there is no wiki section for this product yet.
For support there is a web forum, which does have at least one K3 thread covering guides such as Hermes Agent installation, though broader K3-specific sections are still sparse.
Community size and open source involvement
Firefly’s X account @TeeFirefly has had no posts since 2024, and their GitLab/T-Firefly shows mostly 2024 activity, with only one repository updated in 2025 and nothing in 2026. Historically they have built a moderate community around their ARM-based Rockchip boards, with active forums and wiki contributions for those product lines. Their RISC-V K3 offerings are newer, and likely need a lot more polish to be attractive products overall.
DeepComputing
Last, but certainly not least, is the laptop manufacturer DeepComputing that offers a Framework laptop compatible motherboard with the SpacemiT K3 chip. They also sell the plain motherboard, or with the Cooler Master case, which allows one to easily connect it to an external monitor and keyboard and use it as a desktop computer. The plain board with 32 GB RAM and no SSD sells for about 882 EUR. Shipping of the first batch is expected to start by end of June 2026. Their X account @DeepComputingio promotes this DC-ROMA RISC-V Mainboard III as their flagship product, so they seem to put a lot of effort into it.
The overall product design and packaging seems good. Of all the K3 resellers and integrators that I was able to find, DeepComputing is the only one that actually designs their own boards with the K3 processor, while all the other vendors above are simply reselling the vanilla K3 boards with or without a case.
After reviewing all these options I decided to buy the DC-ROMA RISC-V Mainboard III for Framework Laptop 13 with 32 GB RAM, 1 TB SSD and the Cooler Master case, totalling about 1100 EUR.
Documentation and support
DeepComputing maintains product information for their RISC-V hardware at github.com/DC-DeepComputing/Framework, with documentation of the newest Mainboard III (FML13V05) still being finalized ahead of the first batch shipment. They provide community support through Discord and web forum, although the latter has very little activity.
Community size and open source involvement
DeepComputing has established itself as a pioneer in RISC-V laptops, beginning with the DC-ROMA. I have seen their stand at FOSDEM, which shows they are genuinely active in the open source community. Canonical lists DeepComputing’s first mainboard / FML13V01 on its official Ubuntu for RISC-V partner-built hardware page, and it seems likely that they will continue to collaborate with Canonical with the new model once it ships. While the underlying Linux enablement depends on SpacemiT’s upstream efforts, DeepComputing’s involvement helps bridge the gap between reference hardware and consumer-ready products.
Conclusion
After weighing all the options, I ended up placing an order with DeepComputing for their custom K3 board with the Cooler Master case. Despite the premium price, the active community support and the properly documented promise of a complete, working system made it easy to place an order with confidence.
The SpacemiT K3 is poised to be one of the most significant RISC-V chips for local AI workloads, thanks to its RVA23 compliance and high tokens per second potential. Yet the buying experience in mid-2026 remains fragmented and incomplete. Hopefully this is just because the product is new, and they will get the purchase experience polished soon.
What struck me most during this process was how poor the customer experience is across nearly all of these vendor websites: broken links, missing search functions, outdated product banners, pages that show the wrong product entirely, and no information about shipping times, stock levels, taxes, and so on. One wonders why these companies don’t fully invest in their web presence.
Personally I would assume they likely have enough customers already, primarily through domestic channels like Taobao and JD.com, that they do not feel any pressure to improve their international-facing sites. However, I did also review what was offered on Taobao, and the product details were very incomplete there too. Taobao, however, has a built-in live chat with almost all sellers, which can be used to ask questions and thus compensate for missing product details.
I don’t fully understand why the sales process seems unpolished. The websites feel almost like an afterthought – a checkbox to claim global reach while the real business apparently happens elsewhere via closed platforms or via inaccessible reseller channels. It is a frustrating reminder that in the RISC-V hardware world, the technology may be open and global, but the purchase experience is less so.
09:00
New In The Sheets by Kellin Sproul [Oh Joy Sex Toy]
05:07
Rotation revisited: Shuffling more than three blocks, and other small notes [The Old New Thing]
A few small notes on rotation before you get sick of it. (Too late!)
Reducing the number of rotations in the discontiguous swap problem from three to two also shows how the solution can be generalized to shuffling an arbitrary number of variable-sized blocks: Given k blocks, of total size n, you can shuffle them arbitrarily in at most kn swaps in constant space: Take the block that goes first and rotate it to the front, which takes n swaps. Then recurse on what’s left.
You can reduce the number of swaps by comparing the sizes of the block that goes first and the block that goes last and choose to swap the larger block to the corresponding extreme.
I guess you could use this for sorting, but it’s probably enough of a hassle that you’ll just take the penalty of allocating a second block of memory rather than trying to be clever and doing it in-place.
In online discussion of this article, I saw a number of people say, “You can do this with the XOR trick,” but I’m not sure what XOR trick they are referring to. If they are talking about using XOR to swap two integer variables without introducing a third variable, that’s a cute trick I don’t see how it helps with moving variable-sized blocks around. It also doesn’t help with swapping non-integers, since it’s not clear how your XOR two strings or two Widgets.
Another note is that my unit of accounting was the “swap”, but really I should be counting “assignments” because the cycle decomposition algorithm doesn’t use swaps. For the purpose of accounting, I’ve been counting a single assignment as half a swap, though depending on how expensive the move constructor is, a single assignment/construction might only cost a third of a swap.
Finally, a clarification on my description of the solution as “constant space without allocation”: Clearly any algorithm requires some space: space for the parameters, return address, any registers used by the code, and any local variables and temporaries. As long as the number and size of these things is bounded by a constant, this is considered a “constant space” algorithm. Note that the size of an element is not known to the generalized algorithm, but once you implement the algorithm for a concrete element type, the size becomes a constant.
My description of this as “without allocation” is a shorthand for “without requiring dynamic memory allocation (because the amount of memory needed is known at compile time).”
I have a soft spot for algorithms that run in constant space (where the constant is reasonably small) because they remove the need to worry about how to recover if there is a memory allocation failure.
The post Rotation revisited: Shuffling more than three blocks, and other small notes appeared first on The Old New Thing.
01:14
VICTORY: Meta Strips Facial Recognition Code From Smart Glasses App After Public Outcry [Deeplinks]
Just days after a damning WIRED report exposed that Meta had quietly embedded facial recognition technology (FRT) code into millions of phones, the tech giant has quietly acquiesced in demands to reverse course.
Last week, researchers identified code in Meta AI, a companion app for its line of smart glasses, that could convert images of faces into unique biometric signatures to identify strangers in public. EFF’s Threat Lab verified these findings through static analysis, and reminded consumers to think twice before buying or using Meta’s surveillance glasses.
Just as quietly as Meta embedded this code, the app’s June 5th app update appears to have quietly removed all those features and systems. Gone is the face-recognition technology, the code meant to trigger “Person recognized” alerts, and the machine learning models and databases designed to detect, digitize, and store the biometric signatures of people users engage with.
When WIRED broke the news last week, Meta’s executives immediately went on the defensive. Yet, their actions speak louder than their tweets: less than 48 hours after the public caught wind of their plans, Meta quietly launched an update to scrub nearly all traces of the FRT system from their app.
But this quiet deletion of code does not equal a permanent change of heart. Meta previously used face recognition, and stopped only after it faced the legal and financial consequences. Now the company has refused to answer WIRED’s inquiries on whether it plans to bring the NameTag system back in the future, or what they did with any data they may have already collected during internal testing.
There are billions of reasons not to turn Meta’s customers into a distributed surveillance machine. This whiplash behavior proves exactly why we cannot rely on the "good will" of Big Tech to protect our digital rights. We need robust, enforceable consumer privacy laws, complete with a private right of action that allows everyday people to sue companies that violate their biometric privacy.
While we won this round, Meta's FRT ambitions probably aren't going away. EFF will keep watching.
00:00
Monday, 08 June
22:56
Sometimes you write a post and when you're editing it you realize you no longer support what you wrote. This is one of those times.
The Return? [Looking For Group]
After giving it much thought, amid numerous discussions with the
old man, we decided we didn’t want to just do re-prints of
the old material, though we’re cooking up something fun for
the 20th anniversary of LFG. Rather, after spending
Read More
The post The Return? appeared first on Looking For Group.
GentleOS is a love letter to classic operating systems with a lovely retro GUI [OSnews]
In today’s climate, I needed this: GentleOS, an operating system targeting both 386 (GentleOS/32) and even processors as old as the 80186 (GentleOS/16), with a lovely retro graphical user interface, usable on bare metal, and, of course, open source.
Its goal is to provide a simple platform for tinkering with retro hardware and running graphical interactive apps on bare metal.
At minimum, it only requires an i386 CPU, 4MB of RAM, and a VGA display capable of 640x480x16 mode.
By design it’s entirely monolithic, mostly configured at compile time, and only supports standard PC devices: VGA/SVGA, keyboard, PS/2 mouse, serial mouse, PC speaker. The only future plans are bugfixes, optimizations, and adding more apps.
GentleOS/32 has a pure 16-bit spin-off called GentleOS/16, which targets devices as old as 80186.
↫ GentleOS GitHub page
While it can be run on real hardware, you can also run it in Qemu to make it easier to test and play around with. It looks great, and the stated goal of just focusing on maintenance and possibly additional applications is music to my heart. With everything that’s going on in technology today, this is an ice-cold glass of tonic in a scorching, data center-infested desert.
21:21
Back at the coal face [Charlie's Diary]
I must remember that now I'm over 60, doing more than one SF convention in a month is probably more than my stamina can cope with. (Which is going to make this November really interesting as I'm about to say yes to two literary festivals/SF conventions in Spain, a week apart, in Barcelona and Madrid: more on this when it's confirmed).
Anyway, now I'm over the Cymera SF Festival here in Edinburgh I'm getting my teeth into an edit letter. An edit letter is basically exactly what it sounds like: your editor (or in this case my literary agent, who just happens to also be an editor) goes over your manuscript with a fine-toothed comb and calls you on all your bullshit that needs fixing before it goes in front of anyone else. In this case, before it goes out to publishers (it's an edit letter from an agent): if from a publisher's editor, then before it can be released for production.
I'm not going to discuss the contents of this letter with you, other than to note that you will get to read the results in a year or so: but now I need to disappear for a month or two and slave over a hot manuscript because my agent unerringly identified a weak spot and now I feel compelled to fiddle with it until it's a better book.
Meanwhile: at the end of the month I'm off to Berlin for Petropol Con, the 2026 Eurocon. And then a summer vacation interrailing around bits of the EU, because it's summer and my eyeballs are working again.
Apple demos macOS 27, iOS 27; EU spared Apple’s Google-powered “AI” slop features [OSnews]
Apple’s developer conference started today, and as is tradition, this means it also announced coming updates to its operating systems lineup. macOS is probably one of the two major ones OSNews readers are interested in, so let’s start there:
Much like Mac OS X Snow Leopard in 2009, Apple said it focused on improving macOS’s performance and dozens of underlying technologies this year.
macOS Golden Gate has some Liquid Glass design changes. For example, apps now have a unified toolbar at the top, and the sidebar now expands to the edge of the window.
A new slider on macOS 27 lets you customize the opacity of Liquid Glass.
↫ Joe Rossignol at MacRumors
Effectively, a ton of “Liquid Glass” features touted only a year ago are being changed and fixed, which should make using Liquid Glass less of a frustrating affair. Of course, there’s a whole slew of new “AI” stuff built entirely on top of Google’s Gemini, but luckily for us Europeans, we won’t be getting those features because EU privacy and consumer protection regulations are too strict. Apple, one of the world’s most valuable companies, seemingly cannot create “AI” features that comply with some basic consumer protection legislation.
As for the other major platform, that’s iOS of course.
At WWDC 2026 in Cupertino, Apple announced iOS 27, the next mobile operating system for compatible iPhones. The update focuses on tweaking and improving last year’s iOS 26, particularly in areas like app launch time, Liquid Glass design, and more. It does not offer a lot of major new features or upgrades, as Apple focused on polishing the experience. However, there are some new upgrades, such as reworked parental controls, new Siri AI, better search, and performance improvements.
↫ Taras Buria at Neowin
These new versions, as well as those of Apple’s other operating systems, will be available later this year.
20:42
I saw He-Man shit at other kids' houses, but like a lot of the eighties it simply wasn't allowed in my house. Even The Smurfs were considered a monstrous affront - not only the sorcerer Gargamel, but the "demonic" Smurfs used magic as well! My mother had a book called Turmoil In The Toybox which she used as a kind cultural baleen to winnow the (sacred) wheat from the (profane) chaff, because sometimes you gotta look really really hard at toys in order to figure out why they're bad and that's why it's somebody's full-time job. You might think My Little Pony is about horse dolls, but what these wanton mares actually do is seize daughters nationwide and corrupt them into hellbound sluts.
20:35
Cheers to the Winners of EFF’s 18th Annual Cyberlaw Trivia Night! [Deeplinks]
On a warm June evening in San Francisco, attorneys and other legally-minded friends of EFF gathered for our 18th Annual Cyberlaw Trivia Night, an annual test of tech-related legal knowledge, and the ability to remember some deeply obscure facts under pressure.
Returning Quizmaster Kurt Opsahl once again guided competitors through six rounds of trivia covering everything from intellectual property and free speech to privacy, security, and artificial intelligence. Teams wrestled with questions about geofence warrants, AI copyright disputes, the SOPA/PIPA internet blackout, Section 230, and even a Senate hearing featuring a contestant who was herself present at cyberlaw trivia.
The judges’ table made it obvious that 2026 was a notable year. Weighing in on the toughest close calls were three folks with a deep history at our org: outgoing EFF Executive Director Cindy Cohn and new Executive Director Nicole Ozer both sat at as judges, joined by new cyberlaw judge Mike Masnick, founder of Techdirt and a recipient of an EFF Award in 2020.
The food was hot, the drinks were cold, and the competition was fierce. Teams including Shady Docket, Byte Club, Flock U, This Is Why We Can't Have Nice Precedent, Nicky's Angels, and Betamaxxers battled through six rounds of challenging questions.
When a question about Afroman's successful legal battle against Ohio sheriff's deputies came up, members of Byte Club offered to do more than name his most popular album: they offered to perform a rendition of “Lemon Pound Cake” (also the album name—tricky!) for the judges. This won no sway with the 3-judge Cyberlaw Judiciary, and the offer was politely declined.
The teams racked their collective law-noggins about some of the details of recent legal battles over digital rights, and a round entitled “You Can Call Me AI.” After the IP round, which rewarded folks in the audience who could answer details about the server test, the trivia moved onto newsier questions, with questions about ICE apps, anti-ICE apps, recent defamation cases involving our sitting president, and the slogan of a mineral company that you might've heard on terrestrial radio anytime between the early aughts and this week.
You don't have to wear a morning coat to win Supreme Court arguments, but knowing who did for 4 years might have helped you win the IP round.
By the end of regulation play, the cyberlaw trivia competition was closer than we could have imagined. For the first time in Cyberlaw Trivia history, three teams finished tied for first place, sending the contest to two tiebreaker questions.
The final question noted that Google had received more than 287,000 government information requests in the first half of 2025, and asked teams to estimate how many were received by OpenAI during the same period. Every team guessed over, but it was the victors, Shady Docket, who guessed the lowest: 260. (The real answer is 146.)
As Shady Docket team member Erin Simon explained after the win: "As much as we love EFF, what we love even more is crushing other trivia teams."
In second place were Nicky’s Angels. Rounding out the virtual podium in 3rd were the Betamaxxers, who jumped ahead early with a home-run run in the Free Speech round, getting every question correct.
Each summer, EFF's Cyberlaw Trivia Night brings together the legal community that helps defend privacy, free expression, innovation, and digital rights. We want to especially thank this year Morrison Foerster, Fenwick, Wilson Sonsini, and Public Resource for supporting EFF's legal intern program.
Are you an attorney interested in defending civil liberties in the digital world? Consider joining EFF's Cooperating Attorneys list. This network helps EFF connect people to legal assistance when EFF is unable to provide direct assistance.
Fighting for first place at EFF’s Cyberlaw Trivia Night helps us fight for your rights online! Sponsor one of our annual events and join the movement for digital privacy, free speech, and innovation. Please visit eff.org/thanks or contact tierney@eff.org for more information.
19:56
Gabe's Masters of the Universe Review [Penny Arcade]
I saw Masters of the Universe over the weekend and wanted to give my review as a long time fan of the cartoon and the toys.
19:00
Xfce ported to Redox OS [OSnews]
Redox progressed another month, and that means a ton of improvements and new features to talk about. The biggest news this past month is that Xfce has been ported to Redox, which offers a better X11 experience than MATE currently does. There’s still some bugs but apparently is works quite well. The porting process for the COSMIC desktop environment also progressed, with COSMIC’s new Monitor application making its way to Redox.
As part of Google Summer of Code, the EEVDF scheduler has been implemented in Redox, delivering better, more stable scheduling and overall system performance improvements. Also as part of GSoC inode caching has been implemented for RedoxFS, which improves file system performance. Of course, there’s a lot more here too, including the usual long list of kernel fixes, relibc improvements, and more.
18:21
Urgent: Plan to increase maritime speed limits [Richard Stallman's Political Notes]
US citizens: Stop the wrecker's plan to increase the maritime speed limits that protect Atlantic right whales from extinction.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
Urgent: Keep public fund away from private schools [Richard Stallman's Political Notes]
US citizens: call on your congresscritter to keep public funds from being diverted to private schools.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Preserve LIHEAP funds [Richard Stallman's Political Notes]
US citizens: call on your congresscritter and senators to preserve LIHEAP funds to help poor people pay for heating and cooling.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Save the World Cup Act [Richard Stallman's Political Notes]
US citizens: call on your congresscritter and senators to pass the Save the World Cup Act, which would protect World Cup soccer games from the deportation thugs.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
Here is the message I sent.
Normally I would not write to you about sports activities, but this is about protecting the public.
Soccer is popular across most of the world, more than in the US. So soccer matches in the US will be ideal bait to catch and persecute anyone that grew up elsewhere. If deportation thugs can haunt World Cup games, they will surely deport refugees waiting for asylum hearings, residents with visas, even naturalized citizens, not just unauthorized visitors.
Please support efforts to protect the public from them. Don´t let them put knock-out drops in the world´s cup!
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Workers at Amazon calling 911 in an emergency [Richard Stallman's Political Notes]
US citizens: call on Amazon's VP of Workplace Safety to tell workers directly that they are allowed to call 911 in an emergency.
The recommended letter text encouraged telling workers that specifically using some cr...app, which is surely nonfree, so I deleted that part.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
Urgent: Taxing Buybacks from Big Oil Windfalls Act [Richard Stallman's Political Notes]
US citizens: call on your senators to pass the Taxing Buybacks from Big Oil Windfalls Act.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Billionaires are shaping primaries [Richard Stallman's Political Notes]
US citizens: Billionaires are shaping primaries — call on your congresscritter and senators to reform the funding system.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Investigate Supreme Court ethics [Richard Stallman's Political Notes]
US citizens: call on Congress to investigate Supreme Court ethics.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Support universal medical system [Richard Stallman's Political Notes]
US citizens: call on Congress to support a universal medical system ("Medicare for All").
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Block NSA from warrantless spying [Richard Stallman's Political Notes]
US citizens: call on Congress to block the NSA from warrantless spying on Americans.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
18:14
Critical Zcash Vulnerability Found and Fixed [Schneier on Security]
If you’re a user—owner?—of this cryptocurrency, this is important:
On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to be embarrassing.
The Orchard pool is the newest and most advanced shielded transaction system in the cryptocurrency Zcash. Introduced in 2022, it allows users to send and receive ZEC while keeping transaction details private. It uses zero-knowledge proofs to validate transactions without revealing amounts or participants. The bug: a specific check that was supposed to validate transaction inputs wasn’t actually enforcing the rules it appeared to enforce. An attacker could have exploited the flaw to feed false inputs into that check and generate ZEC from nothing, with the zero-knowledge proof system blessing the fraudulent transaction as valid.
It’s fixed; that’s the good news. The bad news is that there’s no way of knowing if anyone exploited the vulnerability to steal money. And this fragility is the fundamental problem that makes blockchain such a bad idea.
17:42
The following article originally appeared on Addy Osmani’s blog and is being reposted here with the author’s permission.
A long-running AI agent can keep making progress over hours, days, or weeks. It can do this across many context windows and sandboxes, recover from failure, leave structured artifacts behind, and resume where it left off.
For two years the dominant image of an “AI agent” has been a chat window with a clever loop in it. You type a goal; the agent calls some tools; you watch tokens stream by; you stop watching when the work runs out of patience or the context window fills up. That paradigm got us a long way, but it has a ceiling. The model forgets. It declares “task complete” when it isn’t. It reintroduces a bug it fixed nine turns ago. The whole thing is structured around a single sitting.
Long-running agents are what comes next. The idea is easy to state: an agent that keeps making forward progress on a goal across many sessions and many sandboxes, possibly many days or weeks, while leaving the workspace clean enough that the next session can pick up where the last one left off. The engineering is harder. You have to solve for persistence, recovery, and verification in a way that doesn’t just paper over the cracks. You have to build a state layer that lives outside the model’s context window, and you have to design the handoff between sessions so the agent doesn’t lose its mind when it wakes up and finds itself in a different sandbox with a different context window.
This post is my attempt to lay out what’s changed, who’s pushing on it, and how an engineer can use long-running agents today without writing the whole thing from scratch.
What “long-running” actually means
“Long-running” used to mean at least three different things in practice, and it helps to keep them separate.
Long-horizon reasoning. The agent has to plan and execute over many dependent steps. This is mostly a model-quality story: coherence, planning, the ability to recover from a wrong turn 10 steps ago. METR has been tracking this with their time horizon metric, which estimates how long a task a frontier model can complete with 50% reliability. The headline finding is that the metric has been doubling roughly every seven months since 2019, and their TH1.1 update earlier this year doubled the count of eight-hour-plus tasks in the eval set. If that curve holds, frontier agents complete tasks at the day scale by 2028 and the year scale by 2034.
Long-running execution. The agent’s process runs for hours or days. Maybe it’s a coding job, maybe it’s a research sweep, maybe it’s a 24-7 monitoring service. The model might be invoked thousands of times across the run. This is mostly a harness story, and it’s the one this post is mostly about.
Persistent agency. The agent has an identity that outlives any single task. It accumulates memory, learns user preferences, and is always available. This is the Memory Bank flavor of long-running.
In practice the three blur together. A real production agent does long-horizon reasoning inside a long-running execution backed by persistent agency. But the engineering problems are different in each, and so are the products that solve them.
Why this matters
There are two reasons I believe this work matters a lot right now.
The first is a phase change in what’s economically feasible to delegate. An agent that runs for 10 minutes can answer a question, summarize a doc, fix a small bug. An agent that runs for 10 hours can own an entire feature, finish a migration that was on the backlog for six quarters, or do the kind of overnight research sweep that used to require a junior analyst. One of Anthropic’s Claude Sonnet announcements put concrete numbers on this last fall: 30+ hours of autonomous coding in internal tests, including one run that produced an 11,000-line Slack-style app. That’s already past the threshold where the answer to “Should I delegate this?” is no longer obvious.
The second is that persistence changes what the agent is. A stateless agent answers your question and disappears. A long-running one accumulates context: which competitor moved which way last week, which test flaked twice on Tuesday, what you usually mean by “the dashboard.” Anthropic’s Project Vend was the most public early demonstration of this. They had a Claude instance run an actual office vending business for a month, managing inventory, setting prices, talking to suppliers. It failed in informative ways, and the second phase ran much better, but the point wasn’t profitability. The point was watching what kinds of weird coherence problems show up when an agent has to maintain identity across weeks instead of turns.
Those are the same problems every team building production agents now hits.
The three walls every long-running agent hits
Three walls show up in basically every write-up I’ve read this year.
Finite context. Even a 1M-token window fills. And context rot, the steady degradation of model performance as the window gets full, kicks in well before the hard limit. A 24-hour run is not going to fit in any context window the field has on its roadmap. Something has to give.
No persistent state. A new session starts blank. Anthropic’s framing in their scientific computing post is the cleanest version I’ve seen: “Imagine a software project staffed by engineers working in shifts, where each new engineer arrives with no memory of what happened on the previous shift.” Without an explicit persistence story, every shift change is a productivity disaster.
No self-verification. Models reliably skew positive when they grade their own work. Asked “Are you done?” they answer “yes” more often than they should. Without a separate signal that the work meets a bar, you get the agent that ships at 30% complete with full confidence.
Long-running agent designs are mostly answers to these three problems. The major labs have converged on similar shapes of answer, but with very different surface area.
The Ralph loop: One of the simpler practitioner versions of long-running agents
The Ralph loop (sometimes called the Ralph Wiggum technique) is one of “simpler” practitioner version of long-running agents, popularized by Geoffrey Huntley and Ryan Carson. The reference implementation is literally a bash script that loops:
- Pick the next unfinished task from a list (prd.json or equivalent).
- Build a prompt with the task, the relevant context, and any persistent notes.
- Call the agent.
- Run tests or other checks.
- Append what happened to progress.txt.
- Update the task list (done, failed, blocked).
- Go back to step 1.
The reason it works is the same
reason any of the harnesses below work: State lives outside the
agent’s context. prd.json is the plan,
progress.txt is the lab notes, and
AGENTS.md is the rolling rulebook. The agent itself is
amnesiac, but the filesystem isn’t. Each iteration starts
fresh and reads enough state from disk to keep going.
Carson’s Compound Product extends
the idea by chaining multiple loops (an analysis loop that reads
daily reports, a planning loop that emits a PRD, an execution loop
that writes the code), which is roughly the open source version of
the planner-generator-evaluator triad Anthropic landed on
independently.
I went deeper on all of this in “Self-Improving Coding Agents”: task list structure, progress files, QA gates, monitoring, the failure modes you’ll actually hit. The short version is that you can build a working long-running agent in an evening with a bash script and a JSON file. Most of what Google and Anthropic have productized is the work of making this pattern recoverable, secure, and observable at scale.
The big-lab stories below are different ways of paying for that production-readiness.
Anthropic: Harnesses, then the brain/hands/session split
Anthropic has been the most public about the engineering. Two posts are worth reading end to end.
The first is “Effective Harnesses for
Long-Running Agents,” which lays out a two-agent harness
for autonomous full stack development. An initializer agent runs
once at the start of a project to set up the environment, expand
the prompt into a structured feature-list.json, and
write an init.sh that future sessions will run on
boot. A coding agent is then woken up over and over, each session
asked to make incremental progress on one feature, run tests, leave
a claude-progress.txt note, and commit. A test ratchet
(“it is unacceptable to remove or edit tests because this
could lead to missing or buggy functionality”) sits in the
prompt to stop the very common failure of an agent deleting failing
tests to “make them pass.” InfoQ’s
writeup extends this into a planner, generator, and evaluator
triad, on the same logic that separating generation from evaluation
matters because models grade their own work too generously.
The second is “Scaling Managed Agents: Decoupling the Brain from the Hands,” the architectural post behind Claude Managed Agents (Anthropic’s hosted runtime, launched in early April). The argument is that an agent has three components that should be independently replaceable. The Brain is the model and the harness loop that calls it. The Hands are sandboxed, ephemeral execution environments where tools actually run. The Session is an append-only event log of every thought, tool call, and observation.
This sounds abstract, but it
isn’t. Here’s Anthropic’s framing: “Every
component in a harness encodes an assumption about what the model
can’t do on its own.” When you couple them, an
assumption that goes stale (e.g., the model used to need an
explicit planner and now plans natively) means the whole system has
to change at once. When you decouple them, the harness becomes
stateless, sandboxes become cattle, not pets, and a brain
crash doesn’t lose the run. A fresh container calls
wake(sessionId) and reconstitutes the state from the
log. They reported time-to-first-token dropped
~60% at p50 and over 90% at p95 just from being able to start
inference before the sandbox is ready.
The session-as-event-log idea is the part most teams underappreciate. It is what makes a long-running agent recoverable. Without it, a container failure is a session failure and you’re debugging into a stale snapshot. With it, the agent’s memory is a queryable artifact that lives outside whatever process happens to be running at the moment.
For the scientific computing crowd,
Anthropic’s “long-running
Claude” post reduces all of this to a simpler stack:
CLAUDE.md as a living plan the agent edits as it
learns, CHANGELOG.md as portable lab notes,
tmux plus SLURM plus git as
the execution and coordination layer, and the Ralph loop, a
for loop that kicks the agent back into context
whenever it claims completion and asks if it’s
really done. Their flagship case study is a Boltzmann
solver Claude Opus 4.6 built over a few days that reached
subpercent agreement with a reference CLASS implementation. Months
to years of researcher time, compressed.
Same patterns across all three posts: an explicit plan file, an explicit progress file, structured handoffs between sessions, separate generation from evaluation, and a loop that refuses to let the agent stop early.
Cursor: Planners, workers, judges
Cursor’s “Scaling Long-Running Autonomous Coding” is the other essential read this year. They walked into walls that Anthropic mostly papered over.
Their first attempt was a flat coordination model: equal-status agents writing to shared files with locks. It became a bottleneck and made the agents risk averse, churning rather than committing. Their second attempt swapped locks for optimistic concurrency control, which removed the bottleneck but didn’t fix the coordination problem. The third design is what’s running in production now and what they describe as solving most of the problem:
- Planners continuously explore the codebase and emit tasks. They can recursively spawn subplanners.
- Workers are focused executors. They don’t coordinate with each other and they don’t worry about the big picture.
- Judges decide when an iteration is finished and when to restart.
Two things stand out from the post. One: “A surprising amount of the system’s behavior comes down to how we prompt the agents” more than the harness or the model. Two: Different models slot into different roles. Their reported finding is that a GPT model was better than Opus for extended autonomous work specifically because Opus tended to stop early and take shortcuts. Same task, different role, different model. The matching is becoming part of the design surface.
This pairs with Composer 2 (their proprietary frontier coding model that ships in Cursor 3) and their background cloud agents: long-running tasks that run on Anysphere’s cloud infrastructure rather than your laptop. Eight-hour refactors and codebase-wide migrations survive a closed lid. You can start a task locally, hit run in cloud when you realize it’ll take 30 minutes, and reattach later from your phone. Each agent runs in an isolated Git worktree and merges back via PR. The handoff between local and remote is the part most teams haven’t figured out yet, and Cursor’s bet is that it has to be its own product surface.
The shape ends up close to Anthropic’s: Roles are split, sessions are durable, judges sit beside the worker, and a long task runs in a cloud sandbox with Git as the coordination substrate.
Google: Long-running agents on the Agent Platform
Google’s announcement at Cloud Next ’26 folded Vertex AI into the Gemini Enterprise Agent Platform and turned long-running agents into a named product, with named SLAs.
The pieces that matter for this post:
- Agent Runtime supports agents that “run autonomously for days at a time” with sub-second cold starts and on-demand sandbox provisioning. The launch post’s example use case is a sales prospecting sequence that takes a week to play out, which is roughly the right shape for it.
- Agent Sessions persist conversation and event history. You can pin them to a custom session ID that maps to your own CRM or DB record, so the agent’s state lives next to the business state instead of in a separate AI silo.
- Agent Memory Bank is the persistent long-term memory layer, generally available as of Next ’26. It curates memories from sessions, scopes them to a user identity, and exposes a search API so the next agent invocation can pull what’s relevant. Payhawk reported that auto-submitting expenses through a Memory Bank-backed agent cut submission time by over 50%.
- Agent Sandbox handles hardened code execution.
- Agent-to-Agent Orchestration, Agent Registry, Agent Identity, Agent Gateway, Agent Observability, and Agent Simulation cover basically every operational concern you’d otherwise build by hand for a production fleet, including the cryptographic-identity-and-audit-log story enterprises actually need to ship.
Architecturally this is the same brain/hands/session split Anthropic described, just productized at platform scale and bundled with ADK (the code-first dev kit) and Agent Studio (the visual one). If you’re building inside Google Cloud, you don’t have to design a session log or a memory store from scratch anymore. You wire an ADK agent into Memory Bank and Sessions, deploy onto Agent Runtime, and the persistence question is answered.
Notice how much this looks like the pattern Anthropic and Cursor describe, just unbundled into named services with SLAs. Three years ago you’d have built all of this yourself. Now you pick which version of “decoupled brain, hands, and session” you want to rent.
Five patterns for long-running agents in production
Shubham Saboo and I wrote up five design patterns we’ve seen separate working long-running agents from demos. They aren’t Google-specific, but they map cleanly onto the primitives Agent Runtime now exposes, so it’s worth walking through them here in shortened form.
Checkpoint-and-resume. The most common multiday failure is context loss. An agent processes 200 documents over four hours, hits an error on document 201, and without a checkpoint you start from scratch. Treat the agent like a long-running server process: write intermediate state to disk, checkpoint every N units of work, recover from failures. The Agent Runtime sandbox gives you a persistent filesystem, but choosing the right checkpoint granularity (not every step, not only the end) is on you.
Delegated approval (human-in-the-loop). Most “human-in-the-loop” implementations are: serialize state to JSON, fire a webhook, hope someone responds. The state goes stale, the notification gets buried, the agent re-deserializes into a slightly different world. Long-running runtimes let the agent pause in place with full execution state intact: reasoning chain, working memory, tool history, pending action. Hours of human time pass, the agent consumes zero compute, and it resumes with subsecond latency. Mission Control is Google’s inbox for this. The pattern works regardless of vendor.
Memory-layered context. A seven-day agent needs more than session state. Memory Bank handles long-term curated memory, Memory Profiles add low-latency lookups, and the failure mode you’ll hit in production is memory drift: The agent learns a procedural shortcut from a few atypical interactions and starts applying it broadly. Govern memory like you govern microservices. Agent Identity controls who can read and write which banks. Agent Registry tracks which version of which agent is running. Agent Gateway enforces policy on the wire. The auditing question stops being “What are my agents doing?” and becomes “What are my agents remembering, and how is that changing their behavior?”
Ambient processing. Not every long-running agent talks to a human. Some sit on a Pub/Sub stream or a BigQuery table and act on events as they arrive: content moderation, anomaly detection, inbox triage. The architectural decision worth making early is to not hardcode policy into the agent. Define it in the Gateway and the fleet picks up policy changes without redeploys. Ambient agents run unsupervised for long stretches, and the only sane way to update a hundred of them is to update the policy layer once.
Fleet orchestration. In real systems, you rarely have one agent. A coordinator delegates subtasks to specialists (a Lead Researcher Agent, a Scoring Agent, an Outreach Agent), each running independently for different durations. Each specialist gets its own Identity (so the Outreach Agent can’t read financial data meant for Scoring), its own policy enforcement, its own Registry entry. This is the same coordinator/worker shape distributed systems have used for decades. What’s new is that ADK handles it declaratively with graph-based workflows, and a bad deployment in one specialist doesn’t cascade to the others.
The patterns compose. A compliance system might use checkpointing for document processing, delegated approval for review gates, memory layering for cross-session knowledge, and fleet orchestration to coordinate the specialists. The opening question is always the same: What’s the longest uninterrupted unit of work your agent needs to perform? Minutes, and you don’t need long-running agents. Hours or days, and these patterns are where to start. The full write-up with code samples covers each pattern in depth.
So how do you actually build one today?
This is the practical question, and it has a different answer depending on what you’re building.
You’re a developer who
wants long-running coding work on your own repo. Just use
Claude Code (or
Antigravity, Cursor, or Codex). The harness is already there. Treat
your AGENTS.md like a pilot’s checklist: short,
every line earned by a real failure. Add hooks for typecheck and
lint that surface failures back to the agent. Write a plan file
before the agent starts. Use the Ralph loop when the
agent claims it’s done and you don’t believe it. For
multihour or overnight jobs, run in a worktree so a closed laptop
doesn’t kill the run, and have it commit progress every
meaningful unit of work. This is the path most people should take,
and it’s where the most leverage is right now.
You’re building a hosted agent product. Don’t build the runtime. Pick a managed one. The three real options today: Google’s Agent Platform (Agent Engine + Memory Bank + Sessions), Claude Managed Agents, or roll something on top of ADK, the Claude Agent SDK, or Codex SDK and host it yourself. The trade-off is the usual one. Managed gets you the brain/hands/session split, observability, identity, and an audit trail out of the box. Self-hosted gets you control and the ability to use weird models for weird roles (Cursor’s pattern). For most teams, the right starting point is a managed runtime plus your own ADK or SDK code for the actual loop.
You’re doing something autonomous and operational (monitoring, research, ops). Memory Bank-style persistence is what you want, and it’s the part that doesn’t exist in Claude Code. ADK + Memory Bank + Cloud Run + Cloud Scheduler is the cleanest stack I’ve seen for “agent runs every N hours, accumulates state, alerts on a threshold.” This is also where Cursor’s planner/worker/judge split starts to matter more than it does for IDE coding, because the work is genuinely parallel and the failure modes are different.
A few things matter regardless of which path you take.
Write down the done condition before the agent starts. This is the single highest-leverage move for long runs. The Anthropic harness post calls it the feature list; Cursor calls it the planner’s task spec. Either way, it’s an external file with explicit, testable completion criteria, and it exists so the agent can’t quietly redefine done midrun.
Separate the evaluator from the generator. Self-grading is the failure mode. A planner/worker/judge pipeline, or a generator/evaluator pair, is a real architectural pattern, not a stylistic preference. Even if it’s the same model in different roles with different prompts.
Invest in the session log, not just the prompt. The append-only event log is what makes the agent recoverable, debuggable, and auditable. If you can’t reconstruct what the agent did in the last 24 hours from durable storage, what you have is a long-running shell script that happens to call an LLM, not a long-running agent.
Treat compaction and context resets as first class. Anthropic is explicit that summarization-as-compaction wasn’t enough for very long jobs; they had to do full context resets where the harness tears the session down and rebuilds it from a structured handoff file. It is essentially how humans onboard a new engineer.
There are some real limitations right now
A few things are still genuinely unsolved.
Cost. A 24-hour run with a frontier model and a few tools is not cheap. Without budgets, circuit breakers, and a hard cap on tool spend, an agent can quietly burn through a week’s API budget in an afternoon. This is solvable, but it’s an explicit step you have to take.
Security. A long-running agent with API keys, cloud access, and the ability to run shell commands has a much larger attack surface than a chat session. The brain/hands separation pattern matters here too: Credentials should be unreachable from the sandbox where model-generated code runs, which is one of the benefits Anthropic calls out for Managed Agents.
Alignment drift. Over many context windows, agents drift. The original goal gets summarized, then resummarized, then loses fidelity. This is the part hooks and judges exist to defend against. It is also the most common reason “the agent went off and did something I didn’t ask for.”
Verification. Auditing 24 hours of autonomous activity is a real human-time problem. Observability and structured artifacts (PRs, commits, briefings, test runs) are how you make this tractable. Without them, you’re scrolling logs and you’ll miss what matters.
The human role. This is the one I keep coming back to. Defining work crisply enough that an agent can run for a day on it is harder than doing the work yourself. The skill that’s appreciating in value isn’t writing code. It’s writing specs that survive contact with an autonomous executor.
Where this is going
Google, Anthropic, and Cursor have converged on roughly the same shape. Separate the model loop from the execution sandbox from the durable session log. Split planning from generation from evaluation. Bake in compaction, hooks, and context resets. Expose memory as a managed service that any agent invocation can query.
Surface area is what differs. Google’s Agent Platform is the enterprise-stack version, with the identity and audit trail story baked in. The patterns underneath are the same. Claude Managed Agents is “Anthropic’s harness, hosted.” Cursor’s background agents are “long-running coding, pulled out of the IDE and into the cloud.”
The harder problems for the next year aren’t in any of those layers individually. They’re in the coordination above them. Many long-running agents on a shared codebase. Agents that read their own traces and patch their own harnesses. Harnesses that assemble tools and context just in time for a task instead of being preconfigured at startup. That’s where the agent stops looking like a smarter chat window and starts looking like a colleague who’s been on the project longer than you have.
The model is still load-bearing. But the gap between a chat window and an agent you can leave running overnight is mostly in the state, sessions, and structured handoffs wrapped around it. That’s where I’d spend my learning time right now.
16:49
[$] An update on fanotify [LWN.net]
In a filesystem-track session at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, Amir Goldstein updated attendees on the fanotify filesystem-event monitoring subsystem. He wanted to describe changes that had come in the last year or so, as well as upcoming features and some remaining challenges in his efforts to use fanotify for hierarchical storage management (HSM). Fanotify is the user-space API for monitoring files, directories, and filesystems for events of various sorts (e.g. opening or deleting a file).
16:35
Various & Sundry, 6/8/26 [Whatever]
Hello, it’s Monday, let’s see what’s been going on over the weekend:
Spencer Pratt misses LA Mayoral runoff: I’ve not lived in California for decades now, and even when I did never lived in the city of Los Angeles proper. Nevertheless as a native son of Southern California, I’ve been keeping up with LA’s mayoral race, mostly because people I know were exasperated by the presence of Pratt, a fellow who as I understand it was best known for dating someone more famous than he and then extending that into an indifferent career in the reality TV genre, the sort where he and his spouse at one point announced an impending divorce for the publicity boost. Pratt is a Republican, and so perhaps unsurprisingly his entire platform seems to have been based on “backing the blue” and harassing homeless people.
The California primary election was nearly a week ago, and the vote tallying has been slow and for most of it Pratt was in second place behind the current, somewhat embattled, LA mayor Karen Bass. But as the mail-in votes have been counted over the last week, Pratt slipped into third behind Nithya Raman, and seems likely to stay there. Naturally, this has started the absolutely predictable GOP whining and foot-stomping about “election integrity,” to which the only rational response is, shut the fuck up, you reprehensible children, and take the “L” like grown-ups. They won’t, of course. But one can dream.
Earlier in the campaign Pratt said that if he lost the election he would leave Los Angeles; I understand there may be a GoFundMe to hire him a U-Haul. I will believe that he’s going to leave LA when I see it. He has not other real skills than being a celebrity of a certain low-wattage sort. He needs to be where the work is. And of course, this was all this doomed mayoral run was — an attempt to keep his name in the spotlight a little longer, to keep the work flowing. I hope it does this task… poorly.
Rush comes back: In rather more exciting news from Los Angeles, Rush opened up their new tour there last night, their first in a decade and since drummer/lyricist Neil Peart passed away in 2020. Apparently things went extremely well, with tour drummer Anika Nilles getting her critical flowers for her work on the throne. For me the moment of particular interest is that Aimee Mann (who I am friendly with thanks to our mutual participation on the JoCo Cruise) popped up for a cameo on “Time Stand Still,” which is arguably my own favorite Rush tune:
I have friends who are over the moon that Rush is back on tour, especially since it seemed unlikely, with the passing of Peart, that they would ever do so again; he was (and is) absolutely the beating heart of that band. No one could or did fault the Geddy Lee or Alex Lifeson, the other two members of Rush, for choosing to call it a career. But the way Rush are doing this particular tour, with a drummer with her own considerable skills, not designed to replace Peart but to support his friends as they take a sweet, valedictory lap, seems to be something everyone is getting behind. I hope they have a good tour, and I hope all my friends who love Rush get a chance to see them.
House-sized American flag causes a power failure: Sometimes the real-world metaphors are just a little on the nose, aren’t they? But wait, the metaphor gets even nose-ier: The New York Times reporting on the event seems to suggest the massive, 3,000 square foot flag that cut off power to 40,000 may have been the property of the WWE wrestling organization, based in Stamford, where the outage happened. A preview, possibly, of the event (UFC, not WWE) scheduled for the White House lawn this weekend? We shall see.
I am, for the record, somewhat less outraged than some other people of my political leanings about the MMA event at the White House. I think it’s tacky as fuck, but that’s Trump for you. I don’t support it and am sure it’s going to be corrupt people doing corrupt things, corruptly, but on my list of things to seethe about regarding this administration, it’s low-ish on the list. Other people are taking up my slack, to be sure. I wish them joy in the work.
— JS
16:07
rsync 3.4.4 released with regression fixes [LWN.net]
Andrew Tridgell has announced the release of rsync 3.4.4 with fixes for the regressions introduced in the 3.4.3 release. He also notes there will be an rsync 3.5.0 soon, with many more security updates:
As part of the 3.5.0 release update I have created a rsync-security@lists.samba.org mailing list for anyone who is willing to do testing of the 3.5.0 release. The idea is to try to reduce the chance of more regressions by expanding the set of testers of this release. I have seeded it with people who were involved in past rsync security issues. If you want to join this list then the easiest way would be for you to be vouched for by someone on the distros@vs.openwall.org list or someone else I already trust.
My apologies for the regressions in the 3.4.3 release and I hope future security updates for rsync will have less issues. The greatly expanded test suite in rsync 3.5 combined with the rsync-security mailing list should help.
15:56
TOTP-based two-factor authentication for Sculpt OS [OSnews]
Norman Feske, one of the main developers behind Genode and Sculpt OS, has published a blog post detailing how he developed a two-factor authentication application for Sculpt OS.
With this little tool, which I have turned into an deploy option on Sculpt OS to swiftly bring it up whenever I need it, TOTP-based two-factor authentication has become part of my daily routine. Should you want to risk a look under the hood, let me point you to the vitotp Goa project.
↫ Norman Feske
The Genode project moved from GitHub to Codebrg recently, and needed a native TOTP impelentation for that purpose.
15:28
Said to Claude just now -- btw, it's very good we're using the outliner back and forth. we're going to build on that.
15:14
GenAI is Fluent in Everything, but Faithful in Nothing [I, Cringely]
Why the machines hallucinate, why they have no worldview, and why truth has to come from somewhere else.
I’m going to say something that sounds like an insult and is meant as a description: large language models (all of them) hav never known a true thing. Not once. It doesn’t know things at all. It is extraordinarily good at sounding like it does, which is a different skill, and most of our present confusion comes from mistaking the second for the first.
Here is what a language model actually does. It has read an enormous amount of text, and from that text it has learned, with real brilliance, what tends to come next. Give it some words and it predicts the words likely to follow. That is the whole trick. It is a magnificent trick — it gives us machines that write fluent prose in any voice on any subject — but look at what it optimizes for. It optimizes for plausible. It was never, at any point, optimizing for true. Truth was not in the objective. Plausibility was. And plausibility and truth often travel together, which is precisely why we confuse them — but they are not the same thing, and the gap between them is the whole story.
This is why these systems “hallucinate,” a word I dislike because it implies a malfunction. There is no malfunction. A model that invents a court case that never happened — complete with a docket number, plausible parties, and a tidy holding — is not broken. It is doing exactly what it was built to do: produce the most plausible continuation. A fake citation is plausible. It looks like the thousands of real ones the model has read. The machine has no way to prefer the real one, because it has no idea that “real” is a category. It isn’t lying, either. Lying requires knowing the truth and choosing against it, and the machine has never once been in a position to know.
Now the deeper point, the one that took me a long time to learn to say cleanly. Truth is not a property of language. You cannot find it inside a sentence by examining the sentence harder. Truth is a property of the relationship between a sentence and the world — between the words “it is raining” and the actual sky. A statement is true when it corresponds to how things are. And the model has only ever seen the words. It has read every description of rain ever written and stood out in none of it. It holds the map — all of the maps, every map anyone has ever drawn — and it has never once been to the territory. That is why it can be eloquent and wrong in the same breath and feel no friction between the two. The friction lives in a place the model has never visited.
There’s a corollary that unsettles people, and it shouldn’t. A machine like this has no worldview. None. It will argue any side of anything with equal grace, defend a position and then dismantle it in the next window, because it isn’t holding a position — it’s rendering one. It is a mirror with a vocabulary. We keep waiting for it to reveal what it really believes, and it doesn’t believe anything, and that is not a flaw to be trained out of it. It is the honest fact of the thing. The language is separate from any view of the world. That was the original insight some of us started from years ago, before any of the building began: language is machinery, and machinery has no creed.
It is a mirror with vocabulary
The trouble is that we keep dressing the machinery in the costume of a knower. We put it behind a chat window that answers in the first person, warm and certain, and every instinct we have says this thing believes what it is telling me. It does not. It cannot. And the distance between how it sounds and what it is happens to be the most dangerous real estate in the whole technology, because that is exactly where a fluent falsehood gets received as a considered judgment — in a clinic, in a courtroom, in a loan decision, in a room where someone is deciding whether to act.
So what do you do with a machine that can say anything and stand behind nothing? You stop asking it to be the thing it cannot be. If truth lives in the relationship between a claim and the world, then truth has to come from the world — from some grounded, checkable account that sits outside the language model and stays outside it. You don’t teach the renderer to be honest. You keep the saying and the knowing in separate rooms, and you let the language render only what the knowing will vouch for. Language on one side, a verifiable account of the world on the other, and a wall between them you can actually inspect.
That sounds tidy until you try to build it, and then you hit the part nobody puts on a slide. Before you can check a claim against the world, you have to know what the claim is — and pulling discrete, checkable claims out of fluent prose is genuinely hard. The machine doesn’t speak in clean facts. It speaks in paragraphs, where an assertion hides inside a subordinate clause, where a hedge can pass for a claim and a claim can pass for a hedge, and where — my favorite trap — every individual sentence is true and the paragraph they assemble into is a lie. The honest sentence, marshaled into a dishonest whole. Working out what is actually being asserted, before you have checked whether any of it is so, turns out to be most of the labor. It is unglamorous, and it is the ballgame.
I don’t think the future of this technology is a more fluent machine. We already have fluency. Fluent is solved. The future is a more honest architecture — one that knows the difference between what it can say and what it can stand behind, and that keeps the truth somewhere you can point to and check. A machine with no worldview is not the problem. Pretending it has one is. The repair was never going to be giving the machine a conscience. It is to stop asking the part that talks to also be the part that knows.
Full disclosure: I’m a co-founder of 2Brains, a company built on exactly this conviction, so I am not a neutral party here, which we have solved and have patent pending. But the conviction came first. The company exists because of it, not the other way around.
The post GenAI is Fluent in Everything, but Faithful in Nothing first appeared on I, Cringely.
Digital Branding
Web Design Marketing
14:42
I can't convert scripting.com to https. If I moved the
site to an https server, all the archives would break, and that's
where the value of the site is, in the archives, where I've kept a
history of the various things I've worked on. I'm still working on
new stuff, but if this is all that was left to do, I'd move to the
tropics and make pottery, I would not spend my last years on such
an enormous stupid bullshit project. It's just not possible. But if
you want to read the new stuff on my blog in https, you can. I have
a mirror on a
WordPress site. We even have
the blogroll ported.
14:35
Security updates for Monday [LWN.net]
Security updates have been issued by AlmaLinux (bind, bind9.16, frr, kernel, kernel-rt, libexif, mysql, php, and unbound), Debian (apache2, chromium, glibc, gsasl, jackson-core, libxml2, nginx, request-tracker4, request-tracker5, tomcat10, tomcat11, and tomcat9), Fedora (chromium, firefox, haveged, keylime, libinput, libssh2, nasm, perl-CryptX, rust, thunderbird, and webkitgtk), Mageia (cockpit, golang-x-crypto, golang-x-sys-devel, kernel, kmod-virtualbox, kmod-xtables-addons, kernel-linus, perl-DBIx-Class-EncodedColumn, perl-Crypt-URandom-Token, xdg-dbus-proxy, and xmlrpc-c), Slackware (samba), and SUSE (7zip, amazon-ssm-agent, ansible-13, ansible-core, assimp-devel, bind, cacti, chromium, dpkg, epiphany, erlang27, evince, ffmpeg-4, freerdp, frr, git-bug, google-guest-agent, grafana, hauler, ignition, jq, kanidm, kernel, keybase-client, libjxl, libmariadbd-devel, libmozjs-115-0, libopenbabel8, libsoup2, mariadb, mcphost, networkmanager, openssh, perl-HTTP-Daemon, perl-HTTP-Tiny, perl-IO-Compress, perl-Sereal-Decoder, perl-xml-libxml, postgresql18, python-pyopenssl, python311-pip, tomcat, tomcat10, tomcat11, tor, trivy, unbound, uriparser, vifm, weblate, xorg-x11-server, and yq).
13:56
The AI Agents Stack (2026 Edition) [Radar]
The following article originally appeared on Paolo Perrone’s The AI Engineer Substack and is being reposted here with the author’s permission.
Your team picks LangGraph for a customer support chatbot. Three weeks in, you’ve got 14 nodes in a state graph, a custom checkpointer writing to Redis, and retry logic for tool calls that fail once a week. The agent answers refund questions. It calls one API. A 50-line script on the OpenAI SDK with two MCP servers would have done the same thing. But nobody mapped which layers the problem actually needed.
In November 2024, Letta published an AI agents stack diagram that became the default reference for half the engineering teams I talk to. If you’ve seen a “layers of an agent” visual on LinkedIn or pinned in a Slack channel, it probably traces back to that article.
That diagram is 14 months old now, and a lot has changed since. MCP didn’t exist yet. Memory was still treated as a subset of your vector database. Nobody was shipping provider-native agent SDKs. Eval wasn’t even on the map. The stack has six layers in 2026, and at least three of them didn’t exist as distinct categories when Letta drew the original.
So we drew it from scratch. This is the 2026 version.
TL;DR
That’s the starting stack. Add complexity when something specific breaks, not before.
What are we even mapping?
Before the stack, there was a loop. In “What Is an AI Agent?,” we defined an agent as the think-act-observe cycle: The model reasons about a task, takes an action (calls a tool, writes to memory), observes the result, and loops until the task is done. That loop is the atomic unit. Everything in this issue is infrastructure that makes that loop work reliably, at scale, in production.
The agent stack is not the LLM stack. A chatbot needs inference and maybe RAG. An agent needs state management across multistep execution, tool access governed by protocols, memory that persists across sessions, autonomous reasoning loops, and guardrails that constrain behavior in real time. That’s a fundamentally different set of infrastructure problems.
We’re mapping the six layers between your LLM and a production agent. We’re not covering training infrastructure, data pipelines, or model fine-tuning. Those are adjacent stacks. We covered RAG in depth in Issue #5. Today we’re zooming out to show where RAG fits in the bigger picture.
Three things redrew the map between 2024 and 2026. MCP standardized tool connectivity, and the entire tools layer is new because of it. Reasoning models changed what agents can do autonomously, with single-call agents replacing some multistep chains. And memory became a first-class architectural primitive, not an afterthought bolted onto a vector database.
How to evaluate each layer
When choosing tools at each layer, ask three questions. How much state do you need to manage? A stateless tool caller and a multi-session agent that learns over time are different engineering problems, and the layers where state management is hardest (memory, frameworks) are where most teams get stuck. How much vendor lock-in can you tolerate? MCP is an open standard, provider SDKs are not, and every tool choice either increases or decreases how painful your next migration will be. And how hard is it to go from demo to production? Some layers (model serving) have almost no gap, while others (eval, guardrails) have a massive one. The layer where you feel that gap most is the one to invest in first.
We take each layer from the bottom up, starting with the most stable and ending with the least mature.
Layer 1: Models and inference
How you run the model that powers your agent: call an API, use a managed open weight provider, or self-host.
The inference layer changed more in tone than in substance. Reasoning models like o1, o3, DeepSeek R1, and Claude with extended thinking shifted what agents can plan and execute. Agents that previously needed multistep chains can now solve problems in a single reasoning call. Open weight models like Llama 3.3, DeepSeek V3, and Qwen 2.5 closed the quality gap dramatically, so “always use the biggest closed model” is no longer default advice. The emerging pattern is to prototype on closed source and deploy on open weight.
The honest take: This layer is commoditizing. Model differences matter less each quarter. The real decision is the cost and latency trade-off, not which model is “smartest.”
On the evaluation side, API calls are stateless. Send a request, get a response. Nothing to manage. Lock-in risk runs high for closed APIs because each model reasons differently, so switching providers means retuning prompts, adjusting for different failure modes, and retesting your eval suite. It’s low for open weight, where you can swap the model and keep the infra. The prototype-to-production gap is the smallest of any layer. Your demo API call is the same as your production API call.
Self-host when your agent call volume makes API pricing untenable or when you need sub-100ms latency that API round-trips can’t deliver.
Layer 2: Protocols and tools
How your agent calls external tools and APIs: through MCP servers, browser automation, or agent-to-agent protocols.
This layer didn’t exist as a distinct category in 2024. Every framework had its own JSON schema for tool definitions. Now MCP is the standard, with 97M monthly SDK downloads, adoption by OpenAI, Google, and Microsoft, and a donation to the Linux Foundation.
Browser Use exploded in parallel, hitting 78K GitHub stars in under a year. Nobody was shipping browser agents in production in 2024. And agents can now talk to other agents. IBM launched ACP, and Google launched A2A. Neither is standard yet, but the problem they solve (agents coordinating with other agents) is real and growing.
Security is the open problem. Endor Labs analyzed 2,614 MCP servers and found 82% prone to path traversal and 67% to code injection.
The honest take: The protocol debate is over. MCP won. The only question left is how you lock down your MCP servers before someone exploits them.
State management is nonexistent here. Your agent calls a tool, gets a response, done. No session, no memory between calls. Lock-in risk is low because MCP is an open standard, so if you build MCP servers, any MCP-compatible agent can use them. The prototype-to-production gap is medium. Your demo MCP server works until someone sends a malicious tool description. Security and governance are the gap.
MCP standardized how agents use tools. It says nothing about how agents talk to each other. ACP and A2A are trying to solve that, but neither has reached critical mass. If you need multi-agent coordination today, you’re building it yourself at the framework layer. We covered MCP in depth in Issue #4.
Layer 3: Memory and knowledge
How your agent stores and retrieves what it knows: in-context state, vector search, or persistent memory across sessions.
All three tiers feed into the same place: The context window your agent sees on every call.
In 2024, memory meant “pick a vector database and do RAG.” In 2026, memory is a first-class architectural primitive with three distinct tiers. Context windows got massive. Gemini hit 1M+ tokens, Claude 200K. Bigger windows didn’t kill the need for memory. They changed the trade-off: What do you stuff in-context versus what do you retrieve on demand?
“Context engineering” replaced “prompt engineering” as the core discipline. Instead of writing a better prompt, you architect what information the agent sees on every call. Memory blocks appeared as named, structured fields in the context window that the agent can read and overwrite every turn. Instead of dumping everything into the system prompt, the agent manages its own state: what to keep, what to update, what to drop.
On the infrastructure side, pgvector became the default for teams that don’t need a dedicated vector database. It’s just Postgres with an extension. GraphRAG emerged as a second retrieval option: follow relationships between entities instead of matching embeddings, with Neo4j leading this space. Sleep-time compute, where agents process information during idle time, is research stage but signals where tier 3 is heading.
The honest take: Most teams overcomplicate memory. Start with conversation history in Postgres and a structured system prompt. Add vector search when your history exceeds context limits. Add agentic memory management only when your agent needs to learn across sessions.
This IS the state layer. You’re deciding what your agent remembers, how it retrieves it, and when it forgets. Highest complexity in the stack. Lock-in risk is medium. pgvector is portable because it’s just Postgres, while specialized tools like Mem0 or Zep are harder to migrate away from. The prototype-to-production gap is large. Demo memory works because context windows are big enough. Production memory breaks when conversations get long and your agent starts forgetting the important parts.
In-context memory breaks down when agents need to share memory across instances or maintain state across model provider switches. That’s where dedicated memory infrastructure like Letta, Zep, and Mem0 earns its keep.
Layer 4: Frameworks and SDKs
How you wire together the model calls, tool use, and control flow that make your agent work: a provider’s built-in toolkit (SDK), a graph-based framework like LangGraph, or raw code.
Every major AI lab now ships its own agent SDK. OpenAI has the Agents SDK (evolved from Swarm). Google released ADK. Microsoft has Semantic Kernel and AutoGen. Hugging Face built smolagents. Two years ago, LangChain was the only game. Now you pick between three camps: provider SDKs that are fast to start but locked to one model, graph-based frameworks like LangGraph that are portable but require more setup, or no framework at all. That choice didn’t exist in 2024.
LangGraph solidified as the graph-based orchestration leader with v1.0 released October 2025 and production deployments at Uber, JPMorgan, LinkedIn, and Klarna. LangChain agents are now built on LangGraph under the hood. Meanwhile, the “build it yourself” camp grew. Teams that tried LangChain in 2024 and fought the abstraction are now writing thin wrappers over provider APIs + MCP. No framework means full control. This works until your agent needs state management or complex branching.
A quick note on naming: “LangChain” and “LangGraph” are not the same thing. LangChain is the integration layer handling model connectors, tool calling, and prompt templates. LangGraph is the orchestration engine managing state, control flow, and graphs. Most production teams use both together, but LangGraph is where the agent logic lives.
The honest take: Most teams pick too much framework. If your agent calls a model and a few tools, you don’t need LangGraph. A provider SDK and a couple of tool calls will get you to production faster than any graph.
Provider SDKs manage state for you. LangGraph makes you define every state transition explicitly. Build-it-yourself means you roll your own. Lock-in risk is the highest in the stack. Your orchestration code doesn’t port. A LangGraph agent rewritten for CrewAI is a new codebase. Provider SDKs are worse because you’re locked to one model too. The prototype-to-production gap is large. Demo works because nothing goes wrong. Production means handling tool failures, retries, timeouts, and humans who need to approve before the agent acts.
The framework you pick determines your migration cost. Provider SDKs are fastest to start but lock you to one model. LangGraph is portable but complex. Building your own gives you full control until your agent outgrows your wrapper. MCP is the one layer that transfers across all three camps.
Layer 5: Eval and observability
How you measure whether your agent is doing its job: tracing runs, scoring outputs, and catching regressions before users do.
This layer barely existed in 2024. Now it’s the gap. LangChain’s State of Agent Engineering survey found 89% of teams with production agents have implemented observability, but only 52% have evals. That 37-point gap is where production quality dies.
“Evaluation as infrastructure” is converging on three tiers: fast checks on every PR (Did the agent call the right tools?), nightly regression suites that use an LLM to judge output quality, and continuous production monitoring that alerts when agent performance drifts. New agent-specific benchmarks have emerged too, including Context-Bench for memory management, Recovery-Bench for error recovery, and Terminal-Bench for coding agents.
The honest take: Most teams skip eval until something breaks in production. By then they’re debugging blind. The teams that don’t have this problem built evals before they deployed.
State management matters here because your agent runs 12 steps, step 3 picked the wrong tool, and steps 4–12 were doomed from there. If your eval only checks the final output, you’ll never know why. Lock-in risk is moderate. Most tools export OpenTelemetry traces, so switching observability providers is doable, but switching eval frameworks means rebuilding your test suites. The prototype-to-production gap is the biggest of any layer. Most prototypes have zero eval. You don’t feel the pain until production users find the failures for you.
Current eval tools are strongest for single-turn and tool-calling evaluation. Multi-agent evaluation, long-horizon task assessment, and evaluating agents that learn over time are all unsolved problems. If your agent does any of those, you’ll need custom eval infrastructure beyond what the platforms offer today.
Layer 6: Guardrails and safety
How you stop your agent from doing things it shouldn’t: filtering inputs, authorizing tool calls, and validating outputs.
Agent guardrails became a separate discipline from LLM guardrails. In 2024, guardrails meant input/output filters on a model. In 2026, your agent calls tools, spends money, and takes actions. Guardrails now means authorizing tool calls, enforcing rate limits, and validating what the agent actually did.
The “guardrails before action” pattern emerged from teams that learned the hard way. They now enforce authorization at the tool execution layer, not the output layer. By the time you filter the response, the agent already sent the email. OWASP published the MCP Top 10 (beta), which is the first real security checklist for tool-connected agents. Deployment is still DIY. LangGraph Cloud and Bedrock Agents exist, but most production teams are still deploying with FastAPI and their own infra. This layer is where you’ll spend the most unplanned engineering time.
The honest take: This is the least mature layer in the stack. No dominant framework, no established patterns. You’re writing policy code from scratch.
Guardrails need to know what the agent is doing right now to decide what it shouldn’t do next. That means tracking agent state in real time. Lock-in risk is low because most guardrails are custom policy code you write yourself. NeMo Guardrails is the closest thing to a framework, but you’ll still write most rules from scratch. The prototype-to-production gap is effectively infinite. Your demo has no guardrails because nobody’s trying to break it. Production will.
Current guardrails tools focus on single-agent systems. If you’re running multi-agent workflows where agents delegate to each other, guardrail propagation across agent boundaries is an unsolved problem. You’ll need custom authorization logic.
What are you building?
This is the decision that cuts through the framework confusion. The agent type determines which layers you invest in and which tools to pick at each one.
A stateless tool caller answers questions from a knowledge base, looks up an order, or checks inventory. You need a provider SDK, MCP, and Postgres. No framework, no vector database. This is a weekend project.
A multistep workflow processes a refund end to end, reviews a PR across five files, or triages and routes support tickets. Steps depend on each other, things fail in the middle, and humans need to approve before the agent acts. You need LangGraph, MCP, and eval. Build evals before you deploy because these agents break silently.
An agent that learns remembers your preferences across sessions, gets better at your codebase over time, or tracks project context across weeks. You need a memory-first architecture, a vector DB, and eval. Orchestration is the easy part. The hard part is deciding what to remember, what gets dropped, and how you stop old context from polluting new answers.
A multi-agent system has agents that delegate to other agents, split a research task across specialists, or run parallel workstreams. You need the full stack. Two agents passing context to each other is already hard to debug. Five is impossible without trace-level evals on every handoff. Build eval infrastructure before you build the second agent.
Coding agents: All 6 layers in action
Coding agents like Cursor, Claude Code, Codex, and Windsurf are the most proven application of the AI agents stack. All six layers, working together.
At the inference layer, these tools serve hundreds of millions of daily requests. Cursor routes between Claude, GPT-4, and its own fine-tuned models depending on the task. At the protocols layer, MCP servers connect to editors, terminals, filesystems, and Git, which is how the agent reads your code and runs commands. The memory layer uses codebase-aware retrieval with reranking. The agent doesn’t read your whole repo. It retrieves the files that matter for this specific edit.
At the framework layer, these are custom orchestration systems with RL loops. Not LangGraph, not a provider SDK. Purpose-built control flow for code generation, review, and iteration. At the eval layer, Cursor retrains its acceptance-rate model every 90 minutes based on whether users accept or reject suggestions. That’s eval running in production, continuously. And at the guardrails layer, sandboxed execution prevents runaway agents. The agent can write code and run it, but inside a container that limits what it can touch.
The AI agent stack cheat sheet
Every layer scored on the three questions from the evaluation framework: How much state do you need to manage? How much vendor lock-in can you tolerate? And how hard is it to go from demo to production?
The bigger picture
Most teams are building like it’s still 2024. They pick LangGraph before they know if they need state. They add a vector database before they’ve outgrown Postgres. They design multi-agent architectures before they’ve shipped one agent that works. The decision flowchart above exists because a tool-calling chatbot and a multi-agent research system share almost no infrastructure. Treat them the same and you’ll overbuild the first and underbuild the second.
The teams that got past this run evals on every deploy, not once a quarter. Their guardrails sit at the tool call layer, not the output layer. Their memory architecture was designed, not inherited from whatever the framework defaulted to. Most teams ship the opposite: no evals, output-only filtering, and a system prompt that grows until the context window chokes. The gap isn’t talent or budget. It’s knowing which layers matter for your specific agent instead of half-building all six.
The stack is going to collapse. Provider SDKs are already absorbing memory, tool calling, and basic eval into a single API. By early 2027, most teams won’t build each layer separately. They’ll get an increasingly opinionated stack from their model provider and that will be fine for 80% of use cases. The other 20%, agents at scale where the defaults break, will still build custom at every layer. But even then, when something fails in production, you need to know which layer failed. That’s what this article is for.
Sources
- “The AI Agents Stack,” Letta, November 2024.
- “Donating the Model Context Protocol and Establishing the Agentic AI Foundation,” Anthropic, December 2025.
- “120+ Agentic AI Tools Mapped Across 11 Categories [2026],” StackOne, February 2026.
- Henrik Plate and Darren Meyer, Dependency Management Report, Endor Labs, January 2026.
- Jason Liu, Context Engineering Series: Building Better Agentic RAG Systems, August 2025.
- “LangChain and LangGraph Agent Frameworks Reach v1.0 Milestones,” LangChain, October 2025.
- State of Agent Engineering, LangChain, December 2025.
- Yunfei Bai, Allie Colin, Kashif Imran, and Winnie Xiong, “Evaluating AI Agents: Real-World Lessons from Building Agentic Systems at Amazon,” Amazon, February 2026.
- OWASP MCP Top 10, OWASP.
CodeSOD: Check and Check [The Daily WTF]
Today's anonymous submitter sends us a React view that presents some admin options. Of course, it should only show us those admin options if the user is authorized to do that. So let's see how they implemented it:
{(isAdmin || canSeeResults) && (
<div>
<p>Admin Actions</p>
{(isAdmin || canSeeResults) && (
<div>
<button> Show Results </button>
</div>
)}
</div>
)}
If they're an admin or can see the results, we print out an
Admin Actions header, and then if they're an admin or
can see the results, we show them a Show Results
button.
I once had a math teacher who claimed he didn't trust anyone, and that's why he always wore suspenders and a belt. I don't think he's still alive, let alone writing React code, but I see a "belts and braces" approach in play. Though in this case, I don't think it adds any safety.
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!
13:35
Issue 46 – Greta’s Wedding – 06 [Comics Archive - Spinnyverse]
The post Issue 46 – Greta’s Wedding – 06 appeared first on Spinnyverse.
12:14
Anthropic’s Project Glasswing Update [Schneier on Security]
In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now common wisdom that Mythos is better at finding software vulnerabilities than other models. Which is just not true.
In any case, Anthropic has published a Project Glasswing status report. It’s finding a lot of vulnerabilities in software—yay! Some of them are even dangerous. But almost none of them has been patched. It’s weird. There’s something fishy about the data that I don’t understand. That Anthropic refuses to release details—that it just says “trust us”—is a big problem here.
11:35
Grrl Power #1467 – Seismic handshake [Grrl Power]
You know, for an unlimited class tournament, this is all pretty low-key so far. Max’s previous round started off with quite a bit more action, but maybe it’ll escalate. Probably not to One Punch levels of chopping 1/20th of the Earth off, or nuclear explosion punches so much. As much as I enjoy that level of absurdity, the Grrl -verse is at a slightly lower power level. Admittedly, the apocalypse level attacks do register harder when you can draw a high fidelity long shot of a city buckling under the shock waves, and I can’t really do that. I mean, maybe if I had 40 hours to work on a single panel, but I think around hour 32 I’d just stab myself in the temple with the stylus.
But who knows what will go down during the finals?
Sexy bodymod news lady Gail has a special
one-on-one interview with Tournament Quarter finalist Saraviah
Nightwing! And if you subscribe to Gail’s Space Patreon, (which, due to the
vagaries of Earth and Gal-Net’s DNS servers, happens to be
the same as the Grrl Power Patreon, go figure) you can see that
same interview in the nude! Well, eventually. The nude part of the
interview, as well as the version that includes shading will be
coming soon. Of course, you can view the interview in the
nude now if you take your own clothes off. You know. Technically.
Just put a towel on your chair first.
Double res version will be posted over at Patreon. Feel free to contribute as much as you like.
10:35
If a machine makes a painting that no one ever sees, it might be well-crafted or match some objective form of beauty, but it’s not art.
Art changes the creator and the viewer. Art requires participation. Art is a verb.
Decoration is important. Beauty matters. But decoration and beauty are insufficient to create art. Music, images, tastes and words become art when a transformation happens.
“What is the change you seek to make?” The answer to that question can inform our work.
No change, no art.
09:14
Vampire Capital [George Monbiot]
The highly lucrative trade in children in care reveals another level of cynicism altogether.
By George Monbiot, published in the Guardian 5th June 2026
Bring your suitcase, your bin liner, your dumpy bag. They’re handing out money faster than you can stuff it in a sack. All you need do is join the market in what may now be England’s most lucrative commodity. A commodity with arms and legs, hearts and brains, thoughts and feelings. Children.
Two years ago I stumbled into this issue after discovering that children in care who were being helped by a local charity I’m involved with were suddenly being whisked away, terminating the amazing progress they had been making, breaking their relationships, their sense of home, stability and security. When I began exploring why this was happening, I could scarcely believe what I was seeing: a highly lucrative trade in highly vulnerable young people. Children in “care” were being exchanged between private equity companies for £100,000 apiece. That figure is now wrong. Today they are worth far more.
A few days ago, the Financial Times published an investigation that I defy you to read with anything but open-mouthed horror. The average charge to the state by a private provider for a child in “care” is now £384,020 a year. That’s six times what Eton charges. Some providers now levy more than £1m per child per year, rising in a few cases for children with complex needs to more than £3m.
So everyone is cashing in. Alongside the big companies, which might invest in oil, gilts or crypto one day and children the next, the reporters found that “plumbers, hairdressers and Airbnb landlords with no experience in care” are opening “homes”. There might also be links to organised crime, as you can now make more money from children than you can from drugs. The police are concerned that gangs running children’s “homes” can not only harvest state money on a spectacular scale but also harvest highly vulnerable young people, who can be recruited and exploited. I guess you could call that vertical integration.
While there is a shortage of provision in the south of England, there’s a glut in the north-west: Lancashire has 17 places for every local child needing care. Why? Because property is cheaper there. Houses can be bought for a song and roughly converted. The cheapest buildings are in places where economic and community life has collapsed, high streets are deserted and facilities shuttered. Where better to send highly vulnerable children?
This is why our young people in Devon are being swept up to 300 miles across the country. A paper in the journal Child Abuse & Neglect finds a consistent association between profit-making and the placing of children outside their local authority area. It also finds that commercial provision is associated with them being moved more often, which means greater disruption and instability. Shifting children out of their home area makes them “more vulnerable to exploitation and grooming”. Yet the children with the greatest needs are often, under this system, those placed furthest from home.
Because councils, which have not been given the capital budgets to make their own provision, are so desperate to find places, they are sending children to providers who are not only unqualified but also, in some cases, unregistered. In other words, they are breaking the law by using “homes” which haven’t even met the basic requirement to register with the regulator. These are private oubliettes – places beyond easy reach of the authorities, where children can be dumped and forgotten. They might as well throw them in a pit and be done with it.
An investigation by LBC and the Bureau of Investigative Journalism found that in one of these illegal “homes”, two of the “care” workers had seven convictions between them when they were recruited, including four for violent offences. They persuaded a 15-year-old girl, who had been moved by her local authority in south Wales to the house in County Durham, to take so much drink and drugs that she became stupefied, then they sexually assaulted her for several hours. The local authority’s rationale for moving her to that “home”, the investigators found, was that she was “at risk of sexual exploitation”.
A report by the Children’s commissioner reveals that unregistered placements are on average even more expensive than legal ones. She estimates that 669 young people, mostly with special needs, including some of preschool age, are now in unregistered “homes”. In reality the figure is probably much greater, as many are likely to have fallen off the records altogether.
While in France only 5% of places are run for profit, in England, the FT tells us, the figure is 84%. The reason is simply stated: ideology. Successive governments have failed to provide local authorities with the capital needed to house children themselves because they think public is bad and private is good: the foundational belief of neoliberalism. In reality we pay far more for a much worse service. Then we wonder why, though they comprise less than 1% of the total population of children, 62% of the people in young offender institutions have been in “care”.
In Wales, all new profit-making in this sector was stopped in April, and the practice is being phased out altogether. But in England, the government seeks only to tweak this immoral and dysfunctional system. As Hettie O’Brien shows in her book The Asset Class, when private equity delivers public services, chaos and disaster follow as night follows day. But Labour, like the Conservatives, seems ideologically committed to the model.
The issue is profit. Instead the Westminster government blames the problem on a shortage of foster carers. But as Martin Barrow, a journalist and foster carer who has specialised in this issue for many years, points out: “Foster care, children’s homes, supported accommodation and adoption are not interchangeable. Each can be the right option for different children at different times in their lives.” Children’s homes remain essential, but the government must regain ownership of them. As we’ve discovered the hard way with water, energy and railways, public ownership of public services works better and costs less.
There is no place for a “market” here. Children are not a commodity to be bought and sold. Private profit and public service are always oil and water. But if there is one service above all others that capital should never be allowed to get its filthy hands on, it is children in care.
www.monbiot.com
08:28
New Comic: Him-Person
06:07
Girl Genius for Monday, June 08, 2026 [Girl Genius]
The Girl Genius comic for Monday, June 08, 2026 has been posted.
05:35
Waking Up, p25 [Ctrl+Alt+Del Comic]
The post Waking Up, p25 appeared first on Ctrl+Alt+Del Comic.
01:49
Kernel prepatch 7.1-rc7 [LWN.net]
The 7.1-rc7
kernel prepatch is out for testing. Linus said: "Anyway, as
things look now this is the last rc. Something can obviously always
come up and force us to change that, but please give rc7 a whirl
and keep testing for one more week.
"
Sunday, 07 June
20:21
The age of vapor [Cory Doctorow's craphound.com]
This week on my podcast, I read my latest Locus Magazine column, “The Age of Vapor,” about the role science fiction imaginaires plays in fueling high-tech investment bubbles.
It’s one thing to make everything about imaginary technology when you’re writing SF. The point of those imaginative exercises is to illuminate: To provoke reflection on our present moment, to inspire or warn about the future.But spinning narratives about imaginary technology as investment advice is a very different matter. The point here is to obscure: to convince investors that a company with a 90% market share will somehow continue to grow, to stave off the day when Stein’s Law (“If something cannot go on forever, it will stop”) asserts itself.
19:42
Using Fedora Silverblue for compositor development [OSnews]
I’ve been using Fedora Silverblue on my desktop and laptop for the past, what, five years? Silverblue is Fedora’s main atomic variant, a spiritual counterpart to Fedora Workstation. I also make niri, a scrollable-tiling Wayland compositor. In other words, a core system component that you cannot properly test from inside a container or VM—you really want it directly on the host. So, why would I choose an… immutable distro? How does that even work?
↫ Ivan Molodetskikh
That’s a great question, and as immutable or immutable-like Linux distributions become more popular and widespread – and eventually the default download option for many distributions, I’m sure – articles like these are quite important. I’m sure quite a few developers discarded the idea of using something like Silverblue because they assumed it wouldn’t be fit for purpose, but if the developer of Niri makes it work, I’m fairly sure anybody can.
x86CSS: a working CSS-only x86 CPU/emulator/computer [OSnews]
x86CSS is a working CSS-only x86 CPU/emulator/computer. Yes, the Cascading Style Sheets CSS. No JavaScript required.
What you’re seeing above is a C program that was compiled using GCC into native 8086 machine code being executed fully within CSS.
↫ Lyra Rebane
Hand-written CSS, no JavaScript, and effectively no HTML.
Wizardry.
17:14
WordPress and web text in the future [Scripting News]
I wrote a blog post on Twitter this morning, sort of a version 0.4 of the talk I want to do at WCUS in August in Phoenix.
I want to offer cross-posting to twitter in an upcoming product, but I think the user should pay for the service, not me, a one-person independent developer.
I doubt if they'll do it, but this is general advice to companies that provide online services that they want to get paid for. If you depend on developers, you're shutting out sole proprietors who don't want to get caught up in the VC world, or don't have a chance to.
In the early days of the web and in the PC/Mac platforms before that, a creative software writer could get going without having to fund their users' storage needs. PCs came with storage built into the hardware. And in the early web days everyone was something of a geek and could be relied on to find a place on their own, to store their writing (not a perfect system by any means).
It's been 31+ years since I started my blog and still I can't offer writing software easily, with one exception, with WordPress. This is something I'm not sure photomatt et al are focused on. It's why WordPress has so much potential to grow the web.
The thing many people don't realize is that WordPress unlike pretty much everything else does not lock users in. It's part of their ethos. They run their service as part of the web, not an exploiter of the web.
When Matt talks about being an open source company (true) he's leaving out something equally important, that it's part of the web, unlike most if not all of the other choices.
When I speak at WCUS in August, I'd like to invite Matt to come up on stage and take a bow. Because there's a reason why such a great community has grown around his product, but we haven't been focusing on it and encouraging independent developers to see WP as part of the web that welcomes them, and does not lock the users or developers in.
PS: This will appear on my blog later today. I've started using twitter again to write early drafts of blog posts, and I especially like that they've eliminated character limits for paying customers. Nothing wrong with charging for services that people *want* to pay for.
PPS: I'm posting here again because it's more alive than Bluesky, by a lot, and Bluesky is just as much of a ripoff as X, except they haven't sold out to a billionaire yet. They should work with the web instead of trying to replace it, then I'll feel more at home there.
16:35
Dirk Eddelbuettel: RQuantLib 0.4.27 on CRAN: Small Extension [Planet Debian]
A new minor release 0.4.27 of RQuantLib, the first in over a year, arrived on CRAN a couple of minutes ago, has just now been uploaded to Debian, and is being built for r2u as well.
QuantLib is a rather comprehensice free/open-source library for quantitative finance. RQuantLib connects (some parts of) it to the R environment and language, and has been part of CRAN for nearly twenty-three years (!!) as it was one of the first packages I uploaded to CRAN.
This release of RQuantLib
brings an update to the interface for all equity options, vanilla
and exotics as well as implied volatilities. We now support the
option maturity via either an actual maturity date, or the
(fractional business-day years) numeric. This uses a clever little
Rcpp trick I should discuss in a
separate blog post. We also re-ran compileAttributes()
to re-create the RcppExports.cpp file now using a
slightly improved way of calling Rf_error for an
ongoing Rcpp transition, and did
some more standard maintenance. The details from the NEWS file
follow as usual.
Changes in RQuantLib version 0.4.27 (2026-06-07)
All equity option functions can now take either a (fractional) time span to expiry or a given date, and accept a daycounter setter.
Two very old schedule helpers had a superfluous
try/catchremoved.The continuous integration setup received a minor update.
The
RcppExports.cppfile was updated to aid aRcpptransition.
Courtesy of my CRANberries, there is also a diffstat report for the this release. As always, more detailed information is on the RQuantLib page. Questions, comments etc should go to the rquantlib-devel mailing list. Issue tickets can be filed at the GitHub repo.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can now sponsor me at GitHub.
15:42
All the news reports about AI tools repeat the same
hallucination story they've been running for years. That's another
huge bug in the news process. They only report on a small number of
angles that might have been news a few years ago, and have no
insights on what else is going on. They did this with the web too.
They always pick an item that their narcissistic view of the world
finds tasty. It's a huge bug in the system, and why "news" isn't
valuable for news, it's mainly useful for a relaxing reassurance
that nothing has changed, the world is fucked up in exactly the
same way it was fucked last week, month, year, etc. It's a form of
bedtime story.
Star City is very good. It's good enough that you have to watch each episode at least twice to get the idea of what's really going on. I stopped watching the show it is a sequel for, For All Mankind, because it got incredibly juvenile and sitcom-like. But Star City is serious, at least in the first three episodes.
15:00
Vasudev Kamath: debsecan-mcp v0.1.2 released to PyPI [Planet Debian]
I finally carved out some time today to prepare and release debsecan-mcp v0.1.2 to PyPI. During this release, I integrated PyPI's trusted publisher mechanism, which authenticates directly via GitHub Actions and eliminates the need for manual uploads or static API tokens.
What is New?
There are no feature updates in this release; the changes are strictly focused on PyPI publishing requirements. This was handled entirely within the Antigravity IDE.
The primary change replaces the python-apt dependency with python-debian for version comparison. PyPI rejects packages that reference external Git repositories, and python-apt lacks an official PyPI release. The original python-apt logic remains intact: if the system has python-apt installed, the server defaults to it. Otherwise, it falls back to the comparison logic implemented via the python-debian NativeVersion class.
What Next?
The next release will introduce a standalone CLI utility called debvulns. It mirrors debsecan functionality but surfaces the cleaner, richer vulnerability data already implemented in debsecan-mcp. The code is written, and I will release it once testing is complete.
I also owe a post explaining my rationale for designing a CLI utility alongside the MCP server, and my broader thoughts on CLI vs. MCP workflows. I aim to publish that next week.
12:07
10:28
Marketing clerks [Seth's Blog]
Bookkeepers do important work. But a bookkeeper is not the head of accounting.
Marketers are responsible for anything the organization does that touches the market. But many people with ‘marketer’ in their title simply go to meetings and do tasks after the real work of marketing is already done.
Some tech companies have hundreds of people in their marketing department. Most of them are simply playing catch up, because the engineers are making all the powerful and leveraged marketing decisions.
Who is making the difficult decisions on your team? That’s the person who’s actually in charge of marketing.
09:35
Steinar H. Gunderson: Hyperpersonal open source [Planet Debian]
A while back, I got my first subwoofer (a surprisingly nice addition to the movie experience, just like rear speakers were). But I live in an apartment, and I don't want to annoy my neighbors at night (the speaker cone points literally down into the floor, and I have no idea how much my neighbors get to share in my enjoyment). So, what to do?
It turns out my receiver supports a sort-of documented serial protocol; it doesn't have an actual serial port, but you can telnet into it (only one session at a time!) and get the same two-way stream. (It also has a HTTP version which I find less useful.) So this allows me to impose my own policy, and of course, doing it via an existing Home Assistant adapter or something was no fun and also thoroughly frustrating, so I saw it as an opportunity to keep maintaining my low-key Rust skills. (No, no LLM code generation. If I'm going to spend time on this, at least I can learn something myself. I think I asked one for code critique at some point, but I can't remember.)
The policy is roughly: If I'm watching TV after 22:00, then the subwoofer is either turned off (if possible) or turned down -12 dB (the maximum). But if I'm watching a Blu-ray or another input like that, that's presumably a conscious tradeoff I've made and things are left at normal. Everything gets a bit more complicated by the fact that the receiver tends to lose state when doing certain switches, and when it boots, it takes a minute or two before Telnet responds, and when it shuts down, it goes into this weird limbo state where it doesn't respond to anything but the TCP connection seems still up.
And then I figured out I also wanted to dim the display when watching movies (again, only certain inputs), but not for a couple of seconds after making any adjustments. And after doing that, I figured that my access point LED should also be turned off, which happens to be some SNMP writable stuff against the Cisco wireless controller it hangs on.
So, if you have a Denon or Marantz AVR, a Cisco access point on a controller, and my exact preferences about what to do about the subwoofer, then you are free to download and use my software to impose that policy. It is “is distributed in the hope that it will be useful”, as one says. If you have IPv6.
08:49
Thorsten Alteholz: My Debian Activities in May 2026 [Planet Debian]
Debian LTS/ELTS
This was my hundred-forty-third month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded or worked on:
- [DLA 4580-1] exim4 security update to fix one CVE related to remote code execution.
- [DLA 4591-1] rsync security update to fix five CVEs related to local root privilege escalation.
- [#1134340] trixie-pu bug for libcoap3 to fix two CVEs in Trixie; the debdiff was confirmed and the upload was accepted to the proposed update queue.
- [#1126167] bookworm-pu upload of zvbi has been flagged for acceptance
- [#1126273] bookworm-pu upload of taglib has been flagged for acceptance
- [#1126370] bookworm-pu upload of libuev has been flagged for acceptance
- [hplip] upload to sid to fix two CVEs.
This was a rather strange month. The details about the embargoed exim4 issue arrived only after I already went to bed and the embargo lift was 18 hours later. Luckily Stretch was not really affected and the uploads for Bullseye and Buster went out on time.
Something similar happened with the embargoed issue of rsync. The info arrived at 8:00 in the morning and the embargo lift was on 2:00 next morning. From an Europeans point of view, the Australians do have strange time zones. But there is more to this than that. Upstream sent more than 50(!) patches for these five CVEs that needed a backport to Bullseye. As things turned out, there is a regression in the upload to Unstable and investigations are ongoing whether this regression is also available in the backported patches for Trixie, Bookworm and Bullseye. So rsync-updates for Buster and Stretch is in the works, but I am afraid they need some more time.
All good things come by threes. Two critical CVEs of hplip appeared and a new upstream version was released by HP. HP is no longer interested in working with distributions and over time more than 80 patches have been accumulated that need a rebase for a new upstream version. For that reason I avoid this package as much as I can, but two critical CVEs did apply some kind of pressure on the maintainer. So I finally managed to do this update and the latest version of hplip is now in Debian. Nevertheless, this feels good :-). Anyway, it is not over yet. HP does not have a public repository nor do they publish patches for these CVEs. So I am still searching for the correct fixes to backport them to Bullseye, Buster and Stretch. The other distributions have the same problem and a silver lining appears on the horizon.
I also prepared an update of gimp for Buster and Stretch, but due to an accident I only managed to release the corresponing ELA in June. The accident was also the reason for only half a week of FD. Thanks to Daniel who took over.
Debian Printing
This month I uploaded a new upstream versions:
- … lprng to unstable.
- … epson-inkjet-printer-escpr to unstable.
- … hplip to unstable.
This work is generously funded by Freexian!
Debian Lomiri
This month I continued to work on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform.
This work is generously funded by Fre(i)e Software GmbH!
Debian Astro
This month I uploaded a new upstream version or a bugfix version of:
- … supernovas to unstable (sponsored upload).
- … virtualgps to unstable.
- … nautic to unstable.
Debian IoT
This month I uploaded a new upstream version or a bugfix version of:
- … pyicloud to unstable.
misc
This month I uploaded a new upstream version or a bugfix version of:
- … visam to unstable.
- … tntdb to unstable.
- … ae56 to unstable.
- … texify to unstable.
- … chktex to unstable.
- … ta-lib to unstable.
I also got rid of gypsy, which no longer makes sense to maintain in Debian, as gpsd is way better.
Saturday, 06 June
19:42
Pluralistic: Criticizing the everything machine (06 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->
Today's links
- Criticizing the everything machine: It slices, it dices, it even makes paperclips!
- Hey look at this: Delights to delectate.
- Object permanence: Parliament v DRM; Colbert's commencement; Counterfeiting x luxury goods; Joule thief; Lean-back media.
- Upcoming appearances: Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
Criticizing the everything machine (permalink)
"Gish Gallop" is the debating term for an opponent who makes so many claims that "it's impossible to address them in the time available" (it's named for Creationist Duane Gish, who was notorious for this tactic):
https://en.wikipedia.org/wiki/Gish_gallop
I think about the Gish Gallop whenever I'm asked to comment on AI.
Here's a recent example: last week, I had a pre-interview call with a radio producer who wanted me to come on a 13-minute segment to discusses "whether there's a problem with AI governance?"
I asked what the show meant by that: was it whether regulation of AI in commercial or public sector decision-making needed more oversight? Was it that the siting and provisioning of data-centers needed more democratic accountability? Was it that workers deserved more of a say in AI's impact on labor markets? Was it that customers and/or audiences should be able to opt out of AI customer service and AI slop? Was it about whether we needed some kind of system to prevent "runaway AI," in the event that we teach so many words to the word-guessing program that it wakes up, becomes God, and turns us all into paperclips?
"Oh," the producer said, "all of that."
In 13 minutes.
You see the problem, right? The AI industry has made so many claims about its past, present and future that it's almost impossible to have a reasonable critical conversation about it:
https://bsky.app/profile/petermiles.eurosky.social/post/3mnffjqczjs2t
Shortly after I did the radio show, a newspaper editor who'd heard my segment got in touch to ask me if I'd write an 800-word op-ed about the subject, and also, could I address claims that "AI is the next Industrial Revolution?"
In 800 words:
I keep finding myself on stages or panels where an AI-struck person says something like, "AI is the next industrial revolution. It will change everything we do. It will let anyone create important works of art. It will cure cancer. It will take us to space. It will solve the climate crisis."
Or sometimes it's an AI critic, but that person's criticism is really more "criti-hype," which is when you accept tech industry hype claims at face value, and then criticize them rather than questioning them:
https://peoples-things.ghost.io/youre-doing-it-wrong-notes-on-criticism-and-technology-hype/
AI criti-hype might ask what we'll do once AI takes all our jobs, or what we'll do when AI replaces the government or teachers or doctors, or what we'll do when AI can bypass our critical faculties and brainwash us or drive us all mad.
What do you say to that? I usually start by talking about whether there's any economic basis for keeping the AI servers running. AI is – by far – the money-losingest venture in human history, and it's practically impossible to overstate just how bad the AI business is. Not only does AI have terrible unit economics, those unit economics are getting worse over time:
https://pluralistic.net/2026/05/26/the-ai-will-continue/#until-morale-improves
AI's happiest customers cite cost-benefit calculations that depend on truly unimaginable subsidies from the AI companies, who are basically selling $100 bills for $5 apiece. It would be pretty amazing if you couldn't find people who'd extol the virtues of this arrangement. But when AI companies try to raise the price of those $100 bills to, say, $20 apiece, those ecstatic customers fly into a rage and start loudly proclaiming that AI is so inefficient that they will lose money on this arrangement:
Now, it shouldn't fall to me, a card-carrying member of the Democratic Socialists of America, to point out that capitalist enterprises require profits to be sustainable. You can't keep a business afloat by selling $100 bills for $5, nor for $20. You can't even make a profit selling $100 bills for $100 apiece! For a company to succeed, it needs to take in more than it expends.
AI is a money-furnace, and AI hustlers are clearly on the hunt for a way to force all of us to feed every dime we've got to it. Elon Musk's (now scuttled) gambit to make every pension saver in America bail out Grok (and Twitter, but at a mere $44b, the losses from Twitter are dwarfed by the titanic losses from Grok) was the most ambitious and shameless population-scale bag-holder scheme, but it's not the only one:
So before we ask about the capabilities AI will acquire in the future, we should at least give some consideration to the question of whether anyone will be willing to fund the development of those capabilities, and if so, where the money would come from? Likewise, before we ask whether AI can perform adequately in a job, we should at least consider the possibility that the company that sells that AI tool will be bankrupt in a year or two. When we fight about data-center buildout, we mostly talk about the (considerable) environmental downsides to them – but what about the question of what we will do with these data-centers after their owners go bankrupt, possibly even before they can be provisioned with electricity? How many laser-tag arenas do we actually need?
This is just one example of the questions that you could spend days unpacking, which make many of the other questions about AI a little silly. Like, even if you think there are limitless returns to scale for creating new AI capabilities, which means that if we keep the money-furnace burning it's only a matter of time until it powers a cure for cancer and the end of the climate emergency, how much money do we need to shovel into the furnace before that happens, and where will it come from? There are plenty of cancer researchers who have promising approaches they haven't been able to pursue due to funding shortfalls.
Unless there's some way to estimate how much money we have to give to AI companies before they cure cancer, we should at least consider the possibility that the true sum is "more money than exists now and that will ever exist." We should also consider that whatever benefits to cancer research that AI might deliver could come with a higher price-tag than the promising cancer research we're dropping because we can't find far more modest sums.
Likewise, it may be that the amount of CO2 that AI will generate atmosphere before it "solves climate change" will render Earth permanently unfit for humans, consuming the only habitable planet capable of sustaining human life in the known universe. I mean, I suppose that's one way to "solve" climate change, but it's a pretty drastic solution.
My next book (out later this month) is The Reverse Centaur's Guide to Life After AI. I wrote it because I was frustrated by other people demanding that I talk to them about AI, and then handing me 800 words or 13 minutes to address fifty nebulous, poorly supported claims about AI:
https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/
Shortly after writing it, I turned it into a lecture:
https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington
Now that I'm about to go out on the road with the book, I find myself frustrated anew by the need to try and pull together a compact way to address the broad, incoherent claims the industry uses to keep its bubble inflated and the money furnaces roaring. The series of essays I've developed here on Pluralistic are part of that effort:
https://pluralistic.net/2026/05/27/unnecessariat/#rubbuts-stole-my-jerb
But it occurred to me that this whole enterprise of making sense of AI needs to be framed in the context of the messiness of AI itself, and AI boosters' overwhelming, promiscuous and disjointed Gish Gallop.
Hey look at this (permalink)
- What happens when your phone is confiscated at the airport https://www.theverge.com/report/944076/cbp-airport-phone-searches-seizure-minneapolis-activists
-
A Billionaire Explains Why American Business Now Feels like the Mafia https://www.thebignewsletter.com/p/a-billionaire-explains-why-american
-
These Republican Lawmakers Challenged Abortion Bans. Then They Faced Backlash. https://www.propublica.org/article/republicans-face-backlash-after-challenging-abortion-bans
-
Debbie Downer https://prospect.org/2026/06/05/debbie-downer-wasserman-schultz-florida-house-races/
-
Mechanical Pencil https://mechanical-pencil.com/
Object permanence (permalink)
#20yrsago UK Parliament report damns DRM, calls for limits https://web.archive.org/web/20060615115510/http://www.openrightsgroup.org/2006/06/05/launch-of-the-apig-report-on-drm/
#20yrsago Colbert’s Knox College commencement speech https://web.archive.org/web/20111228135413/http://departments.knox.edu/newsarchive/news_events/2006/x12547.html
#15yrsago Counterfeiting can be good for luxury goods sales https://web.archive.org/web/20110602061646/http://www.slate.com/id/2294927/
#15yrsago HOWTO make a Joule Thief and get all the power you’ve paid for https://www.instructables.com/Make-a-Joule-Thief/
#15yrsago School suspends student for refusing to remove personal animation from YouTube, threatens other students for petitioning on his behalf https://web.archive.org/web/20110603041200/https://www.theglobeandmail.com/news/national/toronto/student-cites-freedom-of-speech-after-suspension-for-online-videos/article2043954/
#5yrsago Recommendation engines and "lean-back" media https://pluralistic.net/2021/06/05/lean-back/#lean-forward
Upcoming appearances (permalink)
- Kansas City: Facing the Future (Woodneath Library Center), Jun
10
https://www.mymcpl.org/events/119655/facing-future-cory-doctorow -
LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant -
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026 -
Toronto: TBA, Jun 23
-
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html -
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559 -
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628 -
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales -
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
Recent appearances (permalink)
- Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035 -
Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)
https://www.jimruttshow.com/cory-doctorow-3/ -
On Enshittification – and what can be done about it (Re:publica)
https://www.youtube.com/watch?v=KhINQgPMVSI -
EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
https://archive.org/details/effecting-change-enshittification -
The “Enshittification” of Everything (Bioneers)
https://bioneers.org/cory-doctorow-enshittification-of-everything-zstf2605/
Latest books (permalink)
- "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
-
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/ -
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
-
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
Upcoming books (permalink)
- "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
-
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
-
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
-
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
-
"The Memex Method," Farrar, Straus, Giroux, 2027
Colophon (permalink)
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.
- "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
-
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
-
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
17:42
Walt Frazier: "The regular season is where you make your name, but the postseason is where you make your fame."
17:00
Various & Sundry 6/6/26 [Whatever]
It’s a bit of a stormy day here. Let’s see what’s going on elsewhere.
The “K”-shaped economy comes for laptops: There’s been a trade show this week called Computex (there seems to be a big event in the tech field every other week or so), and Michael Crider of PC Week notes that at the show, the new laptops come in two flavors: The really cheap ones, designed to compete with MacBook Neo, which has completely swamped the low-end of the laptop market, and the really expensive ones, which most people will have to think twice about buying. The middle ground laptop for the middle-class buyer? It’s just not there anymore. This is evidence, Crider argues, of a the “K-shaped” economy at work, the economy where the upper 20% of consumers are doing just fine, and the bottom 80% of consumers are… not.
A couple of things about this: One, you can still get middle-ground laptops in the real world (here’s an Acer laptop with a 14-inch screen, 32GB of memory and 1 TB of storage, plus a couple of goodies, for under $900), although they mostly have to have been made before the RAM crunch brought on by “AI” companies buying all the memory in the world. Two, that self-same RAM crunch is wreaking havoc on manufacturers at the moment, precisely in that middle ground. It makes sense for them to focus on the lower end (where they don’t have to spend too much for RAM) and the higher end (where the consumer is less price-sensitive), then in the middle, where they watch their margins shrink to nothing.
I’m not disagreeing with Crider’s thought about the “K-shaped” economy, because I think it’s real: it’s pretty evident to me that the economy sucks for everyone but the people who don’t have to worry about prices. I also think, in computing spaces, the hollowing out of the middle ground is exacerbated by other factors, particularly the “AI” RAM crunch, which is not (directly) about that K-shape. It still sucks if you’re in the market for a computer.
Predictions on the World Cup thingy I think is about to start: On one hand I’m being a little obnoxious, I know what the World Cup is and what’s going on with it, on the other hand I am also not super-engaged with it, partly because I don’t tend to follow sports in general, partly because I think FIFA is one of the most corrupt organizations in the world, which lessens my interest in the World Cup considerably, and partly because this year is the wrong year to have the US co-hosting, for several reasons.
Nevertheless if you have an interest in the World Cup, I hope you enjoy it. Also I have no idea who is going to win it, but I don’t imagine it will be the US. I’m okay with this.
Screwworm back in the US after 60 years, which means your beef, which is already expensive, is about to become even more so. Does this have anything to do with the absolutely idiotic decision from DOGE to cut screwworm monitoring and prevention out of the budget? Well, at the very least, it certainly didn’t help. Is this all hurting Americans while benefiting others? Oh, probably. And while I’m sure there are some people who might be gleeful that the point of pain is that the moment most centered on those who likely brought Trump back into power, anyone who eats beef is next, so don’t get too smug about it, if you are of a mind to. Also, if you were ever planning to reduce the amount of red meat in your diet, here’s a good reason to get on it.
The new Taylor Swift song for Toy Story 5: It’s perfectly good! There have been better songs associated with the Toy Story movies, but there’s nothing at all wrong with this one, and I’m sure it will work perfectly well in the movie. The going line with this one is that this is Swift’s return to country, which, okay, sure, let’s go with that. I’m already laying good odds that this gets Swift an Oscar early next year, and I don’t imagine that will be the worst thing in the world. There are a lot worse songs to have garnered that particular bauble. Enjoy.
— JS
16:07
The Knicks won again last night. They're now up 2-0, both games on the road. This has blown my sense of reality. This Knicks team bears no resemblance to what I think of as the Knicks. Hard to concentrate. Will Trump try to put his name of Madison Square Garden.
10:14
Real artists do all the painting themselves, not like Rembrandt
Real artists use brushes, not technology like Cartier-Bresson
Real writers write it out by hand, not like Jack Kerouac
Real musicians record it live, not like Steely Dan
Real singers sing without processing, not like Kanye West and Daft Punk
Real directors do the prep without AI, not like Martin Scorsese
It turns out that real artists have always used technology. What they have in common is intent, responsibility, and the ability to create a feeling in the audience.
“Here, I made this.”
04:49
A Shocking Display [Penny Arcade]
Having run credits on 007 First Light - and I don't think there's another ending in here somewhere - my feeling is that they stuck the landing and that I want to know what's next in an unreasonable amount of time. Sometime late next week, perhaps. No? That's probably not going to happen? Alright. Well, I had to try.
03:14
on saturday. on purpose. [WIL WHEATON dot NET]
“Still punk as fuck,” I whisper to myself, as I slide new Orthotic insoles into my Converse. As long as I’m down there, I get them on my feet and tie them. I use this double loop thing my kid taught me when he was in middle school. I’m sure there’s an easier way to keep my shoes tied, but this way has never failed me. And it keeps me connected to my kid, every day.
I exhaled, and stood up with a sort of braying grunt that I have taken to calling My Old1.
“Still punk as fuck.”
Shoes on, laces tied, standing at my full height, I head out to take a walk. When I’m up around the corner and about halfway down the block, I realize that I can really — I mean really — feel everything under my feet. Almost immediately, I can feel a familiar discomfort in my left calf and then my right hip. For the rest of my abruptly abbreviated walk, I think about something on the Orthotic insole package about how the fancy Orthotic inserts can only do so much, so take good care of your shoes like a good consumer.
I’m sorry. I struggle to take care of myself, and you want me to take care of my shoes? How about you bring me a Pepsi instead?“
I scowl a lot more than I usually do, as a limp home.
“That was fast,” Anne says when I come into the house.
I tell her about how I hurt my Old2, and how I have been forced to accept that it’s time to buy new shoes. After I work out the cramp with my good friends the foam roller and the lacrosse ball, I spend the next quarter of an hour looking for the least worst way to get some new shoes. After a number of false starts online and a refusal to order from Amazon if there is any alternative, I conclude that the least worst way is to go to the mall. On Saturday. On purpose.
I ask Anne. “Hey, want to go to the mall?”
“On Saturday? On purpose?”
“It’s the least worst way for me to get new shoes.”
“But the mall? On Saturday? On purpose? You need new shoes that urgently?”
I fold my arms.”You ask a lotta questions. What are you, a cop? You have to tell me if you’re a cop.”
She smirks. “Okay. Come with me when I run some errands and we can go to the mall on the way home.”
“Awesome.”
Montage!
- The beauty supply.
- A red light.
- The bank.
- A red light.
- A busy street.
- A quiet, tree-lined street.
- Some asshole who makes us miss the goddamn left turn signal because they’re looking at their fucking phone.
- Another quiet street, bucolic beneath a canopy of sycamores. Kids do hopscotch on the sidewalk.
- The store.
- Me, carrying an hilarious amount of toilet paper to the car.
- Me, struggling to fit the hilarious amount of toiler paper into the car, giggling like an idiot.
- Blowing through a yellow light, we both do a mouth horn version of the General Lee’s horn.3
- The post office.
- The mall.
“I think I’m going to wait in the car while you go get your shoes,” Anne says in the tired voice we’ve both been using more often than not, lately.
“Yeah, that was a hell of a montage.”
“Seriously. Get off your goddamn phone, dude.”
“That’s what I’m saying. I’ll be right back. Love you.”
“Love you too.”
I walk down the ramp, past the future pop-up Backrooms installation that was Sears for as long as I could remember, until it wasn’t, and finally into the mall.
I’m striding down an empty corridor and past the bathrooms, toward the main shopping spur, next to Macy’s. When was I last here? I try to do the math, but I’ve never been good at doing the math. I settle on: I haven’t been here in a long time. I’m not even sure I’ve been here this year. There’s been no reason to come here.
But back in the 20th century, this place was real close to a second home for me and a lot of my friends. We saw movies here, we had Mongolian Barbecue here, we spent hours in the quiet safety of the bookstore. I bought my first dishwasher at the Sears.
Sometime in the last two decades, the Burbank Town Center began its audition for a small but impactful role in the touring company of Abandoned Malls of America. It nearly succeeded. During the callbacks and producer sessions, it was home to two different Halloween stores. In a moment of desperation during early eliminations, it added a caviar vending machine on the second floor, suspiciously close to the Victoria’s Secret, around Valentine’s Day. The lower level spent several years as a race track for those weird fur-covered animal driving things. Remember them? They’re still around, but I’m getting ahead of myself.
I’m about halfway down the corridor when I notice the faint white noise of … it can’t be. No. This mall is dead.
…Isn’t it?
It is not. I know, before I turn the corner, that this mall is full of people. And holy shit is it full of people. Rumors of this mall’s death have been greatly exaggerated. No wonder it didn’t make the tour. I pat my pockets for my phone, so I can share this unexpected news with Anne. I find out that I left my phone in the car. Aw, shit.
No! Wait! Hey, cool. I left my phone in the car, so now I can be, like, fully present here and take in all of this … life and business and activity and … mall-y goodness. Maybe I’ll write about it in my blog, like I did in the Before Times. When it felt like it mattered.
So I look around me and, yeah, there aren’t nearly as many stores as there used to be, but the stores I see are legit. They are not the Teemu version of a Wish.com version of a stall at an indoor swap meet, like last time I was here. I see lots of stores I recognize, and just tons of people.
“Hey! Hey! Mister! Hey! DUDE!”
I look back toward the source of this tiny voice, and see that I am between a kid who is riding one of those fur-covered animal driving things and his destination. I briefly wonder why he doesn’t just go around me, but there are so many shoppers, he can’t.
“Sorry, buddy,” I step back and feel bad for this kid, who was probably looking forward to a breakneck, 5 mile-per-hour tear around the mall, but has instead found himself in stop-and-go human-to-fur-covered-animal-driving-thing traffic. He creeps past me and I suppress a laugh when he gives me the stinkeye. I think but do not say, “Someday you’ll outgrow it, kid! Someday you’ll want to drive your fur-covered animal driving thing, and the teenager at the kiosk will tell you that you’re too tall. Or too old. Or maybe they got a crisp fiver from an old man with a grudge you foolishly gave the stinkeye in ought ’26. I don’t know what or when it will be, kid, but it’s coming for you. It comes for us all.”
There are two stores in the mall that might have the shoes I’m looking for. Against everything I believe in, I look at the mall directory to find out where they are located. I could do it my way, but Anne’s waiting for me and she doesn’t deserve that.
Through the food court, inhaling the melange of fryer oil, spices, frozen mysteries. The flip book of memories: frozen yogurt and hot dog on a stick and lemonade and so many bad choices. That glorious time when bad choices didn’t matter, time that ended as abruptly and unexpectedly as the last time you got to drive the fur-covered animal driving thing.
Up the escalator and past the movie theater.4 Past a trading card shop, the Bath and Body Works that must be whatever the retail incarnation of a lich is at this point, and into shoe store number one.
There is a person at the register, having an issue with the payment thing. I pick a spot at a distance that is respectful of their space while unmistakably saying I’m in line so don’t even motherfucker because I will cut you.
I don’t have my phone, and I love that. I love that I am deliberately and enthusiastically gulping and devouring every detail I possibly can, choosing to be present in that moment, in that place. I look around so I can paint the picture later (which is now) in a series of observations:
There are a lot of socks that you buy one or two pair at a time. I don’t see any whimsical nylon socks with dinosaurs and puns, but it looks like tubesocks with rings are making a comeback.
Checkered Vans never go out of style, and that gives me comfort.
I will never understand Crocs. I will never understand spending real money to carry a backpack that looks like a novelty-sized Croc, thus announcing to the world HEY EVERYONE I LOVE CROCS.
I look at the Doc Martens and cry out internally for the two dozen pair of vintage leather Docs I gave away twenty years ago. I hope, as I always do when encountering this painful memory, that they went to a good home. I like to imagine a baby punk grabbing them for ten bucks at a thrift shop, and not a bougie trust fund poser paying 500 for them at Buffalo Exchange.
The girl ahead of me completes her transaction and walks past me. I’m too lost in thought about my old Docs to capture a single detail of her existence. This will be weird to me when I write it down, later.
“Can I help you?” The woman at the registeris giving the quiet competence and existential exhaustion of Manager of this store in this mall in this year of 2026.
“Yeah, I’m looking for black Converse low tops, men’s size 10. Please.”
“Let me look.”
“Thank you.”
She taps a few keys, frowns. Taps a few more. I notice that the store soundtrack has begun playing Back to Life.
“Wow, I don’t think I’ve heard this since the 90s,” I say.
She does not look up. “I think this was the 80s.”
“Yeah, 1988, right?” I say5.
“Mmm-hmmmm.”
Before I can stop it, something taps the well of sadness I carry around these days. I mutter, “1988. That was such a good year. Damn. I am very old.”
At this, she looks up at me. For just a second, we stand there and look at each other in Generation X.
“I feel you,” she says. She goes back to the computer. “Yes. Let me get them for you.” She walks into the back.
I think about the mall. There’s a feeling that I only get in a mall that I can’t quantify or describe but I know that other Olds will understand what “being in the mall” feels like. The smells and sounds of the water features and indoor plants. This is a time that is never coming back, even if every mall suddenly burst back into life. Because it’s not the stores or the band performances in the center court or the celebrity appearing this afternoon at J.C. Penny’s from 2-4pm. It’s about that moment in time when we were young and this place allowed us to be who we were, while we were all figuring out what that meant. It was a place to try out our ideas of being an adult, a place to be free of our parents and teachers, where we really were allowed to run free. I enjoy telling jokes about getting older, but to be totally honest, I really do think it’s great. I love my life and the people in it, even though it is all happening in this chamber of horrors none of us can escape. I’ve worked hard to earn this, and I’m working even harder to protect it. I guess, in a metaphorical way, this mall experience reflects some of that.
While all of this runs through my head, simultaneously nostalgic and solastalgic, I bop my head and quietly sing along. “however do you want me …. however do you need me…”
A pair of kids walk into the store and I try to become invisible.
Before I can find out if I am successful or not, she comes back with my shoes and I pay with my watch on the first try, for the first time ever6. I walk back through the mall and exit through Macy’s. I’m pretty sure at least some of the perfume and cologne cloud I swam through is still in my hair and my raccoon wounds.
Down the stairs and across the aisle, up the ramp … shit. I need to go down one level.
Down the ramp to the other stairs, down those stairs, wait for the Prius to back out hello, sir, I am a pedestrian standing right here and I thought you had a backup camera no worries let me step out of your way. Wouldn’t it be an hilarious callback if the kid from the fur-covered animal driving thing was in a car seat in the back, and I gave him the stinkeye this time? It wasn’t, but we could pretend it happened if we wanted to inject a little more humor and maybe pay off what seemed like maybe an unimportant encounter earlier in our story.
I hop into the car.
“Hey! You got your shoes?”
I hold up my bag. “Yep. Guess who paid with his watch on the first try, for the first time ever?”
She starts the car and puts it in reverse. “The guy ahead of you?”
“Ha. Actually, it was a girl and — AND — she was probably in her 30s (or maybe a teenager I don’t know everyone under 40 looks like they are a baby to me and why would I even ask in the first place like a creep) and she couldn’t get it to work at all. So.”
“Wow.”
“I know, right?”
I take my phone out of the cup holder where I left it. I turn it over and look at the Misfits sticker on the back, then flip it around and catch my reflection in the unlit screen. I hold that for a second, then put it into my pocket without waking it up.
“And I think … I think I may have found something to write. It isn’t really about anything, I don’t think, so it can’t be a story, but it can probably be a blog post.”
She turns on her left signal and pulls out of the garage. “Hey, that’s awesome!”
“Yeah,” I say, “It isn’t anything important, but I think it will be fun to write, and I think that’s a kind of self-care.”
“I’m really happy for you,” she says.
“Yeah. I’m happy for me, too.”
A postscript for the reader: I did have a lot of fun writing this. And it was self-care. I split it up over a couple of days, when I wasn’t working. I’m glad I made the time to do it. I’m glad I remembered, “write it badly or it won’t be written”, so I would keep going. Not that it’s bad writing (maybe it is, I don’t know), but I gave myself permission to write badly (in this case, not clearly about one thing, at least not on purpose), so that I could write, well, something.
I’m glad you’re here. If you’d like to get my posts delivered to your email, here’s the thingy:
- Not to be confused
with my Old, as in “ow, I hurt my Old”.
︎ - See? Different, but
still applicable.
︎
- Yes, fuck the
Confederacy-normalizing Dukes of Hazzard. Fuck it all forever. It
is deeply problematic. It’s also a huge part of my childhood
that I’m not willing to Eternal Sunshine out of my memories.
︎
- I’m still
pretty sure my TV is bigger than their average screen, and
I’m not saying that to brag about my TV.
︎
- Like, I know that it
was released in 1988 but what I meant was, I’m pretty sure
the last time I heard it was in the 90s but she doesn’t care
and I can just be quiet.
︎
- I never feel as
stupid, incompetent, and Old Man Wheaton as I do when I try to use
my watch or my phone to pay for things. I swear to god, every point
of sale is different, on purpose, to make me — yes, me
specifically — feel dumb.
︎
02:07
Me and Brandon Sanderson in Conversation [Whatever]
In April I went town to the Atlanta area to chat with Brandon Sanderson, and we talked about writing, of course, but also about kids, about our early days in the industry and how it was I became Brandon’s official nemesis. It’s an hour-long chat including Q&A from the audience, and it’s now up on YouTube, which means I can embed it here for you. I think it’s pretty clear we were having a lot of fun chatting. I hope you’ll have fun watching us do our thing.
— JS
01:07
GNUtrition 0.33 is now released. This marks the first release of
GNUtrition since 2012, approximately 14 years ago!
GNUtrition is free nutrition analysis software. The USDA Food and
Nutrient Database for Dietary Studies (FNDDS) is used as the source
of food nutrient information.
This release is a complete rewrite of GNUtrition in C rather than
Python 2 with a new GTK 3 interface replacing the old GTK 2 one.
The Nutrient Database of Standard Reference, which stopped getting
updated in 2018, was replaced with the USDA Food and Nutrition
Database for Dietary Studies. With help from some test volunteers,
the build and installation process was better streamlined to
resolve critical issues and difficulties so that GNUtrition can be
a better program overall.
Considering the time between releases, GNUtrition currently is not
available on OS package repositories (as far as I am aware). If you
package software for your operating system's package manager, it
would be very helpful if you could start packaging GNUtrition so
that it may be even more easily used by people on said systems. If
you don't, you may still request to those who do to start including
GNUtrition.
Thank you to everyone who tested/used GNUtrition 0.33's release
candidates and provided meaningful feedback on its functionality,
design, and so on. I would also like to especially thank Jason Self
for providing us with the C rewrite in the first place.
More information about GNUtrition may be found on its home page at
http://gnu.org/so ...
tware/gnutrition/. This release can be obtained from the
ftp.gnu.org server at one of the following:
ftp://ftp.gnu.o ...
gnu/gnutrition/
http://ftp.gnu.or ...
g/gnu/gnutrition/
https://ftp.gnu.o ...
g/gnu/gnutrition/
The FTP mirror list is available at https://gnu.or ...
order/ftp.html, and https://ftpmirror ...
u.org/gnutrition/ will automatically redirect you to a nearby
mirror.
Please report any problems you experience to the GNUtrition bug
reports mailing list: bug-gnutrition@gnu.org
(https://lists.gnu
... fo/bug-gnutrition).
Happy hacking and calorie counting!!
00:07
The back cover of C++: The Programming Language also raises questions not answered by the front cover [The Old New Thing]
A little while ago, we considered how the cover of the book C++: The Programming Language raises questions not answered by the cover, since the cover illustration for a book putatively about the C++ programming language shows code written in JavaScript.¹ But there’s also a question raised by the back cover.
According to the blurb for the book,
The topics included in it are of utmost significance and are bound to provide incredible insights to students. Some of the diverse topics covered in this text address the varied branches that fall under this category. Those in search of information to further their knowledge will be greatly assisted by this textbook.
This sounds like a book report written by a student who didn’t read the book! Those sentences could be used to describe pretty much any textbook.
Indeed, I found nearly identical sentences in the blurb for Casting Handbook (Hannah Wells, editor).
The topics included in this book on casting are of utmost significance and bound to provide incredible insights to readers. Some of the diverse topics covered in this book address the varied branches that fall under this category. It will serve as a valuable source of reference for graduate and post graduate students.
And in Food Industry: Processes and Technologies (Kaden Hunt, editor):
This book is compiled in such a manner, that it will provide in-depth knowledge about the theory and practice of the workings of food industry. Some of the diverse topics covered in this text address the varied branches that fall under this category. This textbook, with its detailed analyses and data, will prove immensely beneficial to professionals and students involved in this area at various levels.
And in Nutrition and Metabolism: Processes and Technologies (Kaden Hunt, editor):
This book provides comprehensive insights into the field of nutrition and metabolism. It provides deep insights about this field. Some of the diverse topics covered in this text address the varied branches that fall under this category. Such selected concepts that redefine this subject have been presented in it. This book aims to shed light on some of the unexplored aspects of this field. It is meant for students who are looking for an elaborate reference text on nutrition and metabolism.
One more example: Material Science and Engineering (Emilio McMahon, editor)
The book aims to shed light on some of the unexplored aspects of materials science and engineering. It describes in detail the various concepts and theories of this field. The topics included in it are of utmost significance and bound to provide incredible insights to students. Some of the diverse topics covered in this book address the varied branches that fall under this category. This textbook is an essential guide for both graduates and post-graduates in this discipline.
The common thread is that all of these books are published by Larson and Keller. I guess they can’t be bothered to spend time crafting a blurb that suits the book, so they just use the same blurb template for all of their books.
¹ Rory Jaffe found that the book cover image it is an Alamy stock photo from 2013 with the title “Program code on a monitor.”
The post The back cover of <I>C++: The Programming Language</I> also raises questions not answered by the front cover appeared first on The Old New Thing.
Rotation revisited: Avoiding having to calculate the gcd when doing cycle decomposition [The Old New Thing]
Last time, we looked at how
clang’s libcxx implementation of std::rotate
uses cycle decomposition to minimize the number of swaps. Doing
so requires calculating the greatest common divisor, but I noted
that the OpenJDK implementation of the java standard library uses a
trick to
avoid doing the gcd calculation.
The trick is realizing that the total number of elements is equal to the sum of the lengths of each of its cycles, and each of the initial elements belongs to a different cycle. Therefore, we can just keep rotating elements until the number of elements rotated is equal to the total. We don’t have to precalculate the number of cycles; we just let the counter tell us when we’re done.
auto a = std::distance(first, mid); // number of "A" elements
auto n = std::distance(first, last); // total elements
auto count = 0;
auto k = 0;
while (count < n) {
// Rotate the elements in the cycle starting at k
auto save = std::move(first[k]);
auto i, next = k;
while (i = next, next = (i + a) % n, next != k) {
first[i] = std::move(first[next]);
++count;
}
first[i] = std::move(save);
++count;
}
The post Rotation revisited: Avoiding having to calculate the gcd when doing cycle decomposition appeared first on The Old New Thing.
Friday, 05 June
22:07
GNU direvent version 5.5 [Planet GNU]
Version 5.5 of GNU direvent is available for
downloads. New in this version:
- All subprocesses are terminated before exit
- New configuration statement: shutdown-timeout
See the
NEWS file for more details.
21:56
Pluralistic: Refining humanity (05 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->
Today's links
- Refining humanity: What our technology is shows us what we're not.
- Hey look at this: Delights to delectate.
- Object permanence: GNU Radio; France v "follow us on Twitter"; Aaronsw vindicated; Capitalism's crooked refs.
- Upcoming appearances: Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
Refining humanity (permalink)
One of the best ways to evaluate your own understanding of a subject is to attempt to explain it to someone else. Through explaining things, we discover how much of the "totally obvious" world is actually full of ambiguity, mystery and contradiction.
There's a great bit in Rowan Atkinson's historical sitcom Blackadder that illustrates this principle. In "Ink and Incapability" Blackadder and friends have accidentally burned the only copy of Samuel Johnson's original dictionary of the English language. To cover up their mistake, they decide that they will recreate the dictionary themselves. However, they founder on the first word they try to define, "A":
Blackadder: Let's start at the beginning, shall we? First: 'A.' How would you define 'A'?
Prince George: Ohh…'A' (continues this in background). Oh, I love this! I love this! Quizzies! Erm, hang on, it’s coming. Ooh, crikey, erm, oh yes, I’ve got it!
B: What?
PG: Well, it doesn’t really mean anything, does it?
B: Good. So we're well on the way, then. "'A'; impersonal pronoun; doesn't really mean anything."
I mean, what does "A" mean? The Oxford English Dictionary has more than a dozen definitions, and just the first one runs to more than 1,500 words:
Now, normal life involves a lot of explaining things to other people. You have to explain your problems to customer service reps, who have to explain why they can't solve those problems to you. You need to explain to your loved ones why you want to leave your toothbrush in the shower, and they have to explain why they hate having your toothbrush in the shower. These explanation-exchanges teach you as much as they teach the person you're locked in dialog with. The reasons for leaving your toothbrush in the shower may seem totally obvious to you, and your partner's inability to understand this reveals the assumptions you've never even considered.
For the past four decades, an increasing proportion of the population have spent an increasing proportion of their lives explaining things to machines that have no assumptions or shared context: computers. What we call "programming a computer" is really "breaking down a thing that seems obvious to you into increasingly simple instructions that will be followed to the letter."
Computers are like the genies of legend, bloody-minded literalists who will do exactly what you say, in the way that is perversely furthest from what you mean. To get a computer to do anything, you must first understand it to a degree that far exceeds the understanding needed to explain something to any other human, even a small child.
To take just one example: yesterday, I was on a plane, and the seatback video started cycling through its video-on-demand offerings. All of the movie titles that began with "the" were rewritten to put "the" at the end of the title (for example, "The Sting" was written as "Sting, The"). It's obvious why the system's designer had done this: we expect to find movies whose titles begin with "The" alphabetized under their second word ("The Sting" should appear between "Star Wars" and "Story of a Love Affair"; not between "The Godfather" and "The Untouchables").
I remember when I learned this from my elementary school's teacher-librarian, when I was seven and my class got a tutorial on the school library's card catalog. The librarian explained this principle to us in a matter of minutes, as part of a longer set of instructions, and still, it stuck with me forever.
But here we are, 48 years later, and we still haven't standardized a way to get computers to grasp this foundational principle of alphabetization. Many different databases handle this, to be sure, but it's so inconsistent across so many platforms that someone at the head-end of the video distribution system that feeds American Airlines' VOD system decided, "Fuck it, I'm just gonna put the 'The' at the end of these titles."
Computers are stupid, in other words, which means that the people who program them have to have smarts enough for both of them. Unfortunately for our entire species and civilization, the software industry has historically valued skill at writing efficient and reliable software over writing software that adequately reflects reality. There is an entire genre of lists that illustrate the problem with this; the "falsehoods programmers believe" lists:
https://github.com/kdeldycke/awesome-falsehood
From "names of people" and "street addresses"; from "prices" to "time"; from "email addresses" to "phone numbers"; the "awesome falsehoods" lists are awesome because they reveal how much subtlety and complexity is lurking in these seemingly simple and intuitive concepts. This subtlety and complexity might never emerge through the process of trying to teach a person about them, but when you try to teach a computer about them, you have to confront them in all their awesome fuggliness.
That's because humans have context, agency and flexibility. Sure, the person who designs a form with a blank for "name" might never have met a Malagasy person whose first name is Randriamananjararadofabesata, but in the pre-digital world, when Madagascar Slim met a public official who had to transcribe his name onto a paper form, that official could simply draw an arrow in the margin next to the "name" blank, turn the form over, and write out all 28 characters on the reverse:
https://en.wikipedia.org/wiki/Madagascar_Slim
Computers can't do this. If the programmer doesn't know about Malagasy first names, the computer doesn't know about them either, and the only person who can "teach" the computer about these names is a programmer with access to the code for the database, who has to manually alter the code, compile it, and distribute it to everyone who uses it.
This is partly why digitization has been accompanied by a rise in people asserting that they exist on spectrums rather than in binaries. There were always people whose names, genders, races, and other biographic "immutables" changed, or failed to fit within the blanks on the forms. When those people's realities ran up against failures in the system's abstractions, they could petition a bureaucrat to turn the paper over and write an explanatory note, or to write really small to fill in a blank:
https://pluralistic.net/2023/02/02/nonbinary-families/#red-envelopes
Getting a human official to turn the paper over and write something that didn't fit in the blank is a personal challenge. It requires that a subject convince the person who controls the form to make an exception. This isn't always easy, but officials on the front lines necessarily deal with reality, and they can't get their jobs done unless they're capable of interpreting the necessarily incomplete procedures they operate under to fit things as they really are.
But a computer doesn't have any agency or context or flexibility. If the computer says your name isn't valid, you can't argue the computer into accepting it. The only way to get a digital world to acknowledge your existence is to campaign for systemic change. A trans person might (with great difficulty, to be sure) convince the regional registrar to white-out an old X on one "gender" box and mark a new X in the other box. But the only way to make that change in a software system that has been programmed to treat the "gender" field as immutable is to change society itself.
In this way, computers are machines for teaching us what we don't know about ourselves. They require that we interrogate and faithfully recreate our personal tacit knowledge, and they require that our societies interrogate their tacit presumptions as well. When you are forced to turn your tacit knowledge into explicit knowledge, you're also forced to confront how many broken assumptions lurk inside your reasoning. At best, it's a clarifying process.
Computers don't just clarify what we know and how we organize our society: they also clarify what we are. There are lots of things that we have supposed that a computer would never do, because we believed that these things required something that only humans could do.
Take chess: there are more possible chess games than there are hydrogen atoms in the universe, so brute-forcing chess by running all possible games is a technological impossibility. The best human chess players do something we don't quite understand, mixing their recollections of previous games with rules-of-thumb about the best strategies, with "creativity" (whatever that is) that lets them spontaneously develop new strategies. We can easily get a computer to memorize all the known-good chess sequences and all the rules of thumb, but we don't know what "creativity" is, so we can't encode it as a series of instructions.
But thanks to breakthroughs in machine learning and its successor, "deep learning," we have created chess-playing software that can beat every human, partly by assaying gambits that we would term "creative" if they originated with a human player.
What we make of this new fact is controversial. For many people (myself included), this is a refinement: it tells me that behaviors that are indistinguishable from "creativity" can, at least some of the time, be created by mechanical processes, and the mere fact that a machine does something that appears "creative" doesn't mean that machines are human.
For others, the fact that a mechanical system can evince a behavior that we would call "creative" in a human doesn't mean that we defined "creativity" too broadly, it means that we defined "human" too narrowly, and now we have made a machine that is, at least partially, a person.
I think this is the wrong conclusion to draw, for reasons that Ted Chiang sets out with luminous brilliance in a recent Atlantic article entitled "No, Artificial Intelligence Is Not Conscious":
https://www.theatlantic.com/philosophy/2026/06/no-artificial-intelligence-is-not-conscious/687378/
(If you're hitting the paywall on that one and you're on Firefox, you can try my favorite trick: switch to "Reader Mode" and hit "reload" – your mileage may vary.)
For all the reasons Chiang articulates, I think that drawing the "personhood" line to include machines is a technical mistake, but it's worse than that. Admitting machines to the "personhood" club is a tactical mistake, on par with the mistake we made when we admitted corporations to the personhood club. We should absolutely consider expanding personhood to incorporate living things, including animals and ecosystems, but at the same time, we must purge these dead, artificial constructs from the club:
https://pluralistic.net/2026/04/15/artificial-lifeforms/#moral-consideration
There is a way in which the recognition of new capabilities in machines parallels the recognition of new capabilities in animals other than ourselves. When those animals manage to do things that we once thought were the exclusive province of humans, we (should) take that as an opportunity to refine our conception of humanity. We're not "the animals that use tools" or "the animals that make plans" or "the animals that recognize themselves in mirrors," because there are other animals that do those things. We are an "animal that uses tools"; not the animal that does so.
Likewise, if we thought that some activity was unique to humans, or to living beings, and we manage to get a machine to replicate that activity, we should revise our view of the activity – not our view of the machine. Creative breakthroughs in chess are not "a thing that requires a human mind," they're "things that can be done by human minds and by machines."
Edsger Dijkstra once famously asked "can a submarine swim?"
https://www.cs.utexas.edu/~EWD/transcriptions/EWD08xx/EWD898.html
Submarines and fish and humans and dolphins all propel themselves through water by different means. But when an animal swims, it does something that is different from what a submarine does. The submarine has no intention, while (complex multicellular) animals swim to pursue goals. Building machines that propel themselves through water is very useful, but it's not the same thing as creating life. In some ways, it's better than creating life: for one thing, we owe other living things moral consideration that is not due to machines. Harnessing a machine to accomplish our own goals is more morally clear than controlling living things to achieve those goals. By the same token, creating machines that can do some of the tasks that we ask of other humans can be the superior moral course. I'd rather have a machine remove mines from a minefield than getting humans to do it.
But beyond this moral relief, creating machines is a fantastic way to learn more about ourselves – making explicit our tacit knowledge, our implicit social assumptions, and the limitations of our conception of what sets us apart from the rest of the universe.
One way in which AI is exceptional is in how it undermines this principle. Conventional software techniques struggled to produce a program that could identify objects in photographs. It turns out that defining all the visual correlates of "cat" is even harder than defining the letter "A." Deep learning techniques solved this previous insoluble problem by relieving us of the job of making explicit all the implicit factors that we deploy when distinguishing an image of a "cat" from an image of a "dog" or a "tiger" (or a "tractor").
Instead of forcing humans to engage in introspection until we'd made a list of every factor we use to identify cat pictures, we simply identified pictures of cats and fed them to a program that tried to find the commonalities among them. The more pictures we fed to that program, the better it got at identifying cats. Today, we have programs that can reliably distinguish an image of a cat from an image of a tiger cub!
This represents a major breakthrough in the power of computers to perform useful work for us, but it's also a huge regression in computers' role in forcing us to make our tacit thought processes explicit through systematic introspection. That's probably fine: we didn't create computers to make us introspect, we created them to do useful work for us. All things considered, it might be better to have genies who grant our wishes according to the spirit of our words, not their letter.
AI may not force us to render our implicit thoughts as explicit instructions, but it absolutely forces us to reconsider and narrow the realm of the numinous. Our own creativity is still delightful and important, but the fact that this squishy, amazing process can (sometimes) be replicated by procedural machines changes the definition of living things. We're "a thing that can produce creative outcomes" but not "the things that can produce creative outcomes." The machines aren't being creative (any more than a submarine is swimming) but they're outputting things that we used to only achieve by means of creativity.
An AI that does something that used to require creativity is fulfilling my favorite of Brian Eno and Peter Schmidt's Oblique Strategies: "Be the first person to not do something that no one else has not done before":
https://stoney.sb.org/eno/oblique.html
Just as bosses fantasize about AI bringing about a worksite without workers, and Zuckerberg is trying to build social media without socializing, and politicians want a bureaucracy without bureaucrats, we can sometimes use AI to produce creative outcomes without creativity:
https://pluralistic.net/2026/05/27/unnecessariat/#rubbuts-stole-my-jerb
That isn't to say that AI art is any good. AI may produce things that are aesthetically interesting, but it can't produce things that mean anything:
https://pluralistic.net/2026/06/02/must-we-pretend/
But art isn't the only realm that we apply creativity to. There are plenty of outcomes that we've always believed we couldn't bring about without applying creativity. AI – like all software – is making us realize that an ingredient we once deemed uniquely essential turns out to have substitutes. AI can sometimes accomplish things without us explaining how we do them. That relieves us of a useful but difficult chore – but in so doing, it forces us (yet again!) to revisit what sorts of things are needed to do the things that matter to us, and therefore, what makes us special.
Hey look at this (permalink)
- EU plots long game against US digital supremacy https://www.politico.eu/article/eu-plots-long-game-against-us-digital-supremacy/
-
Open World Map: Digital Sovereignty for Game Creators https://luma.com/8nvmyatm
-
Enshittifier — replace AI with
https://enshittifier.wells.ee/ -
AI is the greatest money-wasting scheme humanity has ever invented https://www.telegraph.co.uk/news/2026/06/04/ai-is-the-greatest-money-wasting-scheme-humanity-has-ever-i/?WT.mc_id=tmgoff_tw_post_scheme-humanity-has-ever-i/
-
Enshittification, Despotification, and the Open Internet https://www.liberalism.org/p/enshittification-despotification-and-the-open-internet
Object permanence (permalink)
#20yrsago GNU Radio: the universal, software-defined radio https://web.archive.org/web/20060613062355/https://www.wired.com/news/technology/1,70933-0.html
#15yrsago France bans “follow us on Twitter” from newscasts https://web.archive.org/web/20110606035424/http://www.zdnet.com/blog/facebook/france-bans-facebook-and-twitter-from-radio-and-tv/1559
#5yrsago Aaron Swartz, vindicated https://pluralistic.net/2021/06/04/aaronsw/#cfaa
#5yrsago Capitalism's crooked refs https://pluralistic.net/2021/06/04/aaronsw/#crooked-ref
Upcoming appearances (permalink)
- Kansas City: Facing the Future (Woodneath Library Center), Jun
10
https://www.mymcpl.org/events/119655/facing-future-cory-doctorow -
LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant -
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026 -
Toronto: TBA, Jun 23
-
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html -
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559 -
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628 -
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales -
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
Recent appearances (permalink)
- Cory Doctorow's digital jail-break (DW In Focus)
https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035 -
Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)
https://www.jimruttshow.com/cory-doctorow-3/ -
On Enshittification – and what can be done about it (Re:publica)
https://www.youtube.com/watch?v=KhINQgPMVSI -
EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
https://archive.org/details/effecting-change-enshittification -
The “Enshittification” of Everything (Bioneers)
https://bioneers.org/cory-doctorow-enshittification-of-everything-zstf2605/
Latest books (permalink)
- "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
-
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/ -
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
-
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
Upcoming books (permalink)
- "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
-
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
-
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
-
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
-
"The Memex Method," Farrar, Straus, Giroux, 2027
Colophon (permalink)
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.
- "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
-
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
-
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
21:00
Internet Age Gates Are a Growing Global Threat [Deeplinks]
The internet is an essential resource for young people and adults to access information, explore community, and find themselves—both inside countries and across continents. Yet governments around the world continue to introduce and implement legislation requiring all online users to verify their ages before accessing the digital space. In some cases, politicians are going further, putting forth proposals to ban social media for younger users.
In late 2025, Australia’s government rolled out the first complete ban on users under 16 from having social media accounts. In this sweeping regime, platforms are required to introduce age assurance tools to block under-16s, demonstrate that they have taken “reasonable steps” to deactivate accounts used by under-16s, and prevent any new accounts being created, or face fines of up to 49.5 million Australian dollars ($32 million USD). The 10 banned platforms—Instagram, Facebook, Threads, Snapchat, YouTube, TikTok, Kick, Reddit, Twitch, and X—have each said they’ll comply with the legislation, which led to young people losing access to their accounts overnight. Reddit is currently challenging the law in Australian courts on constitutional grounds. Recent research notes how the ban is preventing teenagers from accessing news in the country.
In the United Kingdom, rules took effect in mid-2025 under the Online Safety Act that require all online services available in the country to assess whether they host content considered harmful to children; if so, these services must introduce age checks to prevent children from accessing such content. Online services are also required to change their algorithms and moderation systems to ensure that content defined as harmful, like violent imagery, is not shown to young people.
This approach is reckless, short-sighted, and we’ve already seen it introduce more harm to the young people that it is trying to protect. The UK’s scramble to find an effective age verification method shows us that there isn't one, and we’ve spent years urging UK politicians to abandon any measures that require platforms to collect data or remove privacy protections around users’ identities.
Earlier this year, Indonesia’s Communications and Digital Affairs Minister, Meutya Hafid, announced that users under 16 would have their accounts on “high risk” platforms deactivated from 28 March. The platforms subject to this ban are YouTube, TikTok, Facebook, Instagram, Threads, X, Bigo Live, and Roblox; with Hafid noting how this policy would make Indonesia “the first non-Western country to delay children's access to digital spaces according to age.”
Similarly, the Malaysian government has recently pushed forward with plans to ban users under 16 from having accounts on social media platforms with at least 8 million users in Malaysia, including Facebook, Instagram, TikTok, and YouTube. Users under the age of 16 are being told to download or transfer their data from these platforms in one month before the restrictions are applied. Platforms failing to comply with the ban may face penalties of up to $2.5 million USD.
In Latin America, Brazil approved a new law in 2025 establishing that providers of information technology products and services directed to children and teenagers, or likely to be accessed by them, must conduct age checks when their products and services offer risks to underage users. Regulation requires age assurance for products and services that are not allowed for children and adolescents in accordance with Brazilian legislation. App stores and operating systems are required to provide age signals for other providers.
While the law is already in force, full compliance with its obligations is expected for early 2027, after the approval of further regulations and a transition period, and the authority responsible for enforcing the law is the Brazilian National Data Protection Agency. The list of concerns regarding the implementation of the law include: the wide scope of products and services that may fall within age-check obligations, how these obligations can affect non-proprietary operating systems and free software projects, and how effective the law's crucial data protection safeguards will be in a context of likely widespread age checks for accessing content online.
Similarly, the European Union has taken large steps towards mandatory age verification that could undermine privacy, expression, and participation rights for everyone. Politicians are promoting an EU-wide approach to age verification through its age verification “app,” which will be fully interoperable with the Digital Identity Wallet. While this mini-app has been announced as technically ready to be rolled out “for citizens to use,” it comes with its own realm of potential privacy and security concerns, such as long-term identifiers (which could result in tracking) and over-exposure of personal information.
The European Commission also supports age verification in various legislative initiatives, from proposals that would allow or mandate companies to scan our communication (“Chat Control”) to non-binding guidelines of existing laws, such as the Digital Services Act. The EU Parliament, too, has proposed an EU digital minimum age of 16 for access to social media, a move that aligns with EU Commission’s president Ursula von der Leyen’s recent public support for measures inspired by Australia’s model. To all these initiatives EFF has provided one consistent response: mandatory age verification measures are not the right way to protect young people.
These proposals restrict the fundamental rights of young people to speak to each other and to access information. They also force all internet users, not just those under a certain age, to upload private data—like a face scan or passport—in order to access a website or service. In considering the vast scope of privacy issues pertaining to the collection, storage, and sharing of this personal information, the problems of age verification in restricting free speech are compounded by these reckless and harmful approaches to verification.
The problem of censorship and surveillance goes far beyond the borders of the internet. EFF continues to explore support for legislative and litigation challenges that recognize how these laws harm everyone’s rights to privacy, free expression and due process.
19:42
Google could do a mixture of AI and search. I want to search my blog for a place where I discuss the idea of hate is betrayed love even if I don't use the actual words. I bet they're working on it.
18:56
Elon Musk's X [Scripting News]
I'm using EMX more than Bluesky, consciously -- realizing it was a mistake to move my social web act over there. There's no discourse to keep me there so I'm giving it less of my bandwidth.
I tried an experiment today, Paul Graham, a big tech influencer on EMX said all the Tesla haters were seemed to be gone, so I chimed in that I am one, and have just returned. I wanted to see what would happen. Yeah I got trolled. Won't be doing that again.
hate == love + betrayed. You can't hate something you don't also love. If you go back before last year's election, I was borderline about Musk, happy to loved the car without thinking of him every damn time I drove it. Maybe I should start writing about it again. I promise it will be a very different story.
Also EMX is what I'm calling Elon Musk's X. I think calling it Twitter now is not right. But I don't see X as the name of a service or product. Maybe I'm old fashioned, but most good names have 2-4 syllables with 3 generally thought to be ideal. Look around you, see how things are named. That imho is why we like Claude better than ChatGPT.
Sub-par – DORK TOWER 04.06.26 [Dork Tower]
Most DORK TOWER strips are now available as signed, high-quality prints, from just $25! CLICK HERE to find out more!
HEY! Want to help keep DORK TOWER going? Then consider joining the DORK TOWER Patreon and ENLIST IN THE ARMY OF DORKNESS TODAY! (We have COOKIES!) (And SWAG!) (And GRATITUDE!)
18:42
Steve McIntyre: Secure Boot and Microsoft CA Rollover - user-facing documentation [Planet Debian]
I previously wrote some advice for developers and distributions about the upcoming Microsoft CA Rollover, and I hope that was useful for people.
I've now also added some user-facing documentation about the CA rollover in the Debian wiki at https://wiki.debian.org/SecureBoot/CAChanges. I've added guidance on managing certificate updates on Debian systems: how to check if a system needs those updates and various ways to make them happen. If you're running Secure Boot systems, this may be important for you.
While the same event is the primary cause for these docs, they're designed for different people. Again, I hope this new doc is helpful!
LGBT Q&A Season 1 Recap: Staying Safer Online [Deeplinks]
Last year during LGBTQ+ Pride month, we launched an LGBT Q&A where we answered your most pressing digital rights questions on EFF’s Instagram and TikTok accounts.
Ahead of LGBT Q&A Season 2 launching next week, we’re posting a recap with some of the questions we answered. Check them out below.
- You wanted to know: How to stay safe when dating online.
- You asked: I'm a 17 year old trans woman and my address is public on the Internet. What steps can I take to mitigate this risk?
- You wondered about: Tips for staying safe at Budapest Pride.
- You questioned: Why does homophobic content I report on social media not get removed?
- You asked: What pictures are safe to use on dating apps?
- You wanted to know: Is it safe to have gay, trans, and Palestinian flags in my bio?
We’re here to help build an online space where you get to decide what aspects of yourself you share with others, how you present to the world, and what things you keep private. Join us to make the internet private, safe, and full of pride.
18:14
It's really cool we get another NBA Finals game tonight. I'm rehearsing what it feels like to be a fan of the Eastern Conference Champion NY Knicks. It still hasn't even slightly sunk in yet.
This Week in AI: Production Viability [Radar]
On this week’s episode, host and the founder of AI advisory firm Intelligence Briefing Andreas Welsch brought together Maya Mikhailov, cofounder and CEO of Savvi AI, and Doug Shannon, generative AI and intelligent automation leader, to cover a handful of interconnected topics that practitioners are navigating right now: OpenAI’s push into personal finance, the role of metacognition in AI-assisted technical work, the growing backlash against token-based productivity metrics, and the new role of forward-deployed engineer. Together, these stories sketch a picture of an industry that’s good at generating output but is still figuring out what output is worth.
Why OpenAI wants your bank account data
When OpenAI announced it was analyzing users’ transaction data in partnership with financial institutions, the coverage focused on the consumer benefit: a smarter way to track spending, comparable to what Credit Karma or Mint offered but with a more conversational interface.
But that’s not all the company’s interested in, or even the main thing. Maya reframed the stakes: “What OpenAI wants to do is figure out consumer intent.” Being able to access users’ financial data is less about helping people manage their money and more about completing a profile the company can then monetize. OpenAI already builds a surprisingly accurate picture of users from their chat histories. Add transaction data and you get specifics that weren’t there before: what someone is saving for, what they’re anxious about, where their money is actually going. That’s a data asset worth a great deal to advertisers.
We’ve seen this pattern before, and as Andreas noted, companies have long held (and used) potentially invasive data to recommend products. The Target pregnancy prediction story is now more than a decade old, but it’s still being taught in business school, including by Andreas, precisely because it illustrates how behavioral data can be combined to infer things people haven’t explicitly disclosed—and spotlights the fine line between effective recommendations and those that feel too personalized, reminding consumers just how much information companies have on them. Companies’ profile-building capability hasn’t changed, but AI chat adds a new wrinkle, said Maya. A conversational interface makes disclosure feel natural, so the knowledge graph based on your chat history is very powerful. And these tools are also better positioned to share recommendations than traditional avenues. “By having this style that is agreeable, that is engaging,” Maya explained, “those recommendations are going to be a lot stickier than what a fragment of a sentence I type into a regular search engine.”
Metacognition as a professional skill
When you delegate thinking to a system that averages across a massive range of inputs to produce an answer, you need to know when that answer is good enough and when it isn’t.
“We’re essentially being averaged out,” Doug said. The model is doing many things behind the scenes to find a mean response. The human’s job is to ask questions about the questions, to push past the first answer, and to know whether their own judgment is still in the loop. That’s why Doug’s been pushing for a renewed interest in metacognition, or “thinking about thinking.” Offloading cognitive load that’s peripheral to your work is fine, Doug and Maya agreed. Offloading the reasoning that’s central to your job’s value—what Doug called cognitive surrender—is where organizations get into trouble.
The future advantage won’t come from access to AI. Everyone will have some kind of access to it. The advantage will come from knowing what to offload, what to question, and what should never leave human judgment. This is a skill-development question as much as a philosophical one. The people who’ll be most effective with AI tools aren’t the ones who use them most; they’re the ones who understand what to hand off and what to keep. That requires domain knowledge, judgment about when a model’s answer is plausible but wrong, and enough fluency with how these systems work to recognize when you’re being handed an average instead of an answer.
Tokenmaxxing and the wrong incentive
The tokenmaxxing debate seems to be coming to a head. Amazon abolished its AI productivity leaderboard after employees started gaming it by writing inefficient code to rack up token usage. And one company reportedly burned through $500M in Anthropic tokens in a single month after failing to set limits. The companies encouraging tokenmaxxing are incentivizing the wrong metrics, Maya argued. It’s like determining which bakery is best by the amount of flour it uses. The right question is “Are we making a quality product?”
Andreas shared his own vibe coding experience as an example of how token consumption and technical debt compound in practice. A developer starts with a modest plan and burns through their quota running agents in half an hour. They upgrade to a higher tier, paying five times more, but now the sunk-cost logic kicks in. As Andreas pointed out, now they feel like they “should also be getting five times more the value out of [their subscription],” so scope expands from a single tool into a unified business operating system. Three weeks later, the accumulated complexity has outpaced the ability to evaluate it: Repeated security audits keep surfacing new issues, each pass generating recommendations that require cybersecurity expertise most vibe coders don’t have. Here’s where Doug’s point about metacognition applies: The more a builder stays actively involved in understanding what the system is actually doing, the better their judgment about whether it is working. For less engaged users, the risk is accepting the output, shipping the debt, and discovering the consequences later.
Most of the misalignment originates in the gap between what executives expect from AI and what practitioners deal with day-to-day. Executives see a capability that could change the slope of productivity, Maya explained. Engineers and analysts live with the technical debt, the version control problems, and the regulatory constraints that don’t disappear because you have a better code completion tool. The leaderboard problem is a symptom of that disconnect.
GitHub’s recent shift from unlimited to usage-based pricing for Copilot is likely to realign these incentives faster than any internal policy change would. When more CFOs start seeing the actual bills, the leaderboards will all come down.
Doug identified a related problem emerging with the “cognitive surrender” to LLMs. When organizations encourage employees to pipe internal processes, proprietary logic, and institutional knowledge into foundation models without governance, they’re not just running up token bills. They’re giving away the operational knowledge that differentiates them. Process documentation, workflow logic, and institutional memory about why certain decisions were made are all forms of intellectual property, and once they’re encoded into a general-purpose model, the organization’s advantage from them diminishes.
Forward-deployed engineers aren’t enough on their own
Is the answer to these challenges to put a skilled engineer directly inside the customer environment to translate between what a model produces and what an organization actually needs? That’s the promise of the forward-deployed engineer (FDE) approach popularized by AI firms. Doug and Maya both had some criticisms of the model.
Maya’s objection was structural. Enterprise AI deployment isn’t a matter of adding capability on top of existing infrastructure. Organizations arrive with siloed data, legacy systems, and regulatory constraints that no forward-deployed engineer can resolve on technical skill alone. You can’t “just sprinkle some AI on it, and it’ll work just by a package of tokens,” she said. Engineers have to know the context behind why certain data can’t be used or why a particular model can’t be deployed in a regulated context. FDEs coming into an organization fresh don’t have this understanding and as a result may undo decisions that were made carefully and for reasons that aren’t written down anywhere obvious.
Doug’s concern was about communication. FDEs, in his experience, tend to arrive with strong technical instincts and limited organizational context. They get into the work quickly but struggle to communicate across the full stack of stakeholders involved. That’s why business analysts exist, to understand the customers’ problems and what the process actually is before engineers can address them. Skip that step and you get technically correct output that solves the wrong problem.
What both Maya and Doug were underscoring is that AI deployment at the enterprise level is fundamentally a context problem. The models are capable. What’s hard is knowing which capability to apply, where to do it, and with what constraints in place. That knowledge doesn’t live in the model; it lives in the people who’ve worked inside the organization long enough to know why things are the way they are.
The measurement problem
All the topics in this episode circle back to the same question: What are we actually measuring, and what incentives are we setting in place with those measurements? Token counts and lines of code don’t always correlate to the outcomes companies want. You need human expertise and a contextual knowledge of the business to figure out what goals you want to achieve and what to measure to ensure you get there.
On next Monday’s episode of This Week in AI, RecoMind founder Miguel Fierro joins host Christina Stathopoulos to discuss responsible AI, multimodal content creation, and more on how LLMs are changing personalization and user understanding. Miguel will also lead a live demo that offers a glimpse of the next generation of recommendation experiences—register here.
We’ll continue to publish our takeaways here on Radar each Friday and share full episodes on YouTube, Spotify, Apple, or wherever you get your podcasts.
17:07
This mini PC with the latest RISC-V SoC might actually be worth it [OSnews]
RISC-V has been in the “promising” phase for a long time now, especially for general purpose computing, never really breaking through into the mainstream in any measurable way. While I think that breakthrough is still relatively far away, we now do have newer RISC-V SoCs on the market supporting the RVA23 baseline RISC-V profile. One of them is the SpacemiT Key Stone KЗ, which promises to deliver a massive performance increase over previous RISC-V offerings. It’s exactly this chip that’s finding its way into complete, turnkey mini PC solutions, like this one from a company called Firefly.
The base model comes with 8GB of LDDPR5 RAM and 128GB of storage, at a price of about €300 or so (there’s also a 32GB/128GB model at well over €600). This is the first time I’m looking at a complete RISC-V solution where I feel like it might actually make for a good moment to jump in for us enthusiasts. No, the performance won’t rival anything Intel or AMD has to offer, but it seems capable enough for a lot of day-to-day tasks, and I’m curious to see just how far along the Linux world is when it comes to RISC-V support.
It’s not part of our current set of fundraiser incentives, but if you’d like to see this RISC-V mini PC reviewed here on OSNews, you can always donate and add a note that you specifically want to see such a review (so I can gauge interest not just from our few commenters, but also from the more than 99% of our readers who only lurk). As always, you can donate through Ko-Fi, or, if you’re European, via a SEPA direct bank transfer (Name: Thom Holwerda – IBAN: SE08 8000 0820 1684 4657 8414 – BIC: SWEDSESS).
16:21
Various and Sundry, 6/5/26 [Whatever]
What interesting tidbits of thought do I have for you today? Let’s find out together!
Bots now make up more than half of Internet traffic: Internet provider Cloudflare says more than 57% of the traffic to the sites it hosts are bots (i.e., automated computer requests) rather than actual humans, who make up the other 43%. My feeling about this is less surprise than wonder that it’s taken this long; bot traffic was already a scourge more than a decade ago. That percentage is unlikely to go down, ever, as “agentic AI” is being pushed by tech companies, so a bot can go out onto the Internet and find information and bring it back so that you don’t ever have to leave the cozy bosom, of, say, Google.
How will this sort of thing work about for people who actually have sites (waves) when the vast majority of traffic is comprised of bots, who don’t read ads and don’t want things? The article rather optimistically suggests that a change might happen where bots are charged for access to web sites and information, whilst humans get to wander the Internet for free, which, of course, runs counter to the tech company ethos of making someone else pay for the stuff it wants to take without paying. So I’m going to just say I’m not convinced this will be the wave of the future.
Regardless, this site is subsidized by me making money doing other stuff and has been for 28 years now, with no plans to change at any point in the future. Please enjoy your free information! Also, buy my books, thanks.
Freedom 250 concerts cancelled, to be replaced with a Trump rally: Sad news for Vanilla Ice, who was the last performer of note still planning to perform; as I said on Threads, he “really needed that gig, now his frosted tips are gonna get repossessed.” In fact I don’t know if he still has frosted tips, or even hair. The 90s were a very long time ago now.
Trump is now having a rally on June 26th, where his aimless meandering mouth pooping will be occasionally interrupted by Lee Greenwood singing “God Bless the USA,” or some such. If you attend, you deserve what you’re going to get, and that’s all I have to say about that. Greenwood’s own reputation as a musician will not be notably dinged for his appearance; being hauled out for a single moment of performative patriotism for politicians who actively hate the majority of Americans is what he’s been known for this entire century. I hope it pays well.
Let’s end on a music high note: A countrified cover of “You’re the One that I Want” from Grey DeLisle and Les Greene. Voice acting nerds will know DeLisle as the voice of numerous characters in shows and video games, my own particularly favorite being Mandy in The Grim Adventures of Billy and Mandy, but she also has a nice side gig singing Country & Western stuff. Enjoy!
— JS
15:28
Detection Is Not a Strategy [I, Cringely]
Every few weeks, someone announces a tool that detects AI hallucinations. A startup, a research lab, a hyperscaler bolting a “trust layer” onto its chatbot. The release uses the word “guardrails.” Everyone nods. Another brick in the road to safe, reliable AI.
I want to argue that we are cheering for the wrong thing — that hallucination detection, however clever, cannot be the strategy. It can be a backstop. It can be a monitor. It cannot be the plan. And the reason is older than computing.
Start with the trap at the center of the whole idea.
To catch a hallucination, your detector has to know the right answer. Sit with what that means. The original model produced a confident falsehood because it did not have the grounded knowledge to do otherwise. Now you propose a second system to sit behind it and flag the lies. But to flag a lie, that second system has to know the truth — and if it knew the truth, you would not have needed the first model to guess in the first place. You would just serve the truth and skip the theater.
A detector good enough to reliably catch fabrication would have to possess exactly the capability whose absence caused the fabrication. Detection doesn’t solve the problem. It assumes the problem is already solved. That is the whole argument in a paragraph; everything else is just watching it play out.
So watch it play out. The first thing you notice is that a hallucination has no tell. When one of these models invents a court case, a citation, a drug dosage, a quarterly number, the sentence it produces is grammatically perfect, tonally identical to a true one, and delivered with precisely the same confidence. The model is not more hesitant when it lies. It does not sweat. There is no flicker. That is the entire reason this is hard: the false output and the true output are indistinguishable on their face. A detector staring at the text has nothing to grab onto, because there is nothing in the text to grab.
So the detector-builders do the sensible thing and go probabilistic. They get good — let’s be generous and say 95% good. And 95% sounds like an A. But invert it. In a hospital, a courtroom, a bank, a grid control room, 95% means one in twenty confident falsehoods walks right past the guard. And here is the cruel part: the ones that get through are not random. They are the most plausible fabrications in the batch — the ones convincing enough to fool the detector, which makes them precisely the ones most likely to fool you. A safety system that is only probabilistic is not a safety system. It is a liability with a press release.
It is also a treadmill. Every new model, every new domain, every fresh way of being wrong demands that the detector be retrained and re-tuned. It is antivirus software for an attacker that rewrites itself weekly — perpetual catch-up, by design. And you pay for it twice: once to generate the answer, again to check it, and you still don’t get certainty for the money.
But the deepest mistake here is a category error, and to name it I have to wade back into a fight I picked a quarter century ago.
Everyone reaches for W. Edwards Deming when they talk about quality — the American sage the Japanese supposedly heeded when Detroit wouldn’t. I once spent 4,400 words arguing the standard story gets the hero wrong. The man who actually carried disciplined quality into occupied Japan was a 29-year-old radio engineer named Homer Sarasohn, sent by MacArthur in 1946 to rebuild a flattened electronics industry. He and his colleague Charles Protzman, a Western Electric production man, spent four years teaching Japanese executives how to run a company and build things that worked — they literally wrote the handbook for it, a course book still in print in Japan today — and when they went home, Sarasohn handed the baton to Deming, who had a gift for self-promotion and ended up with his name on the prize and the legend. (Sarasohn was no footnote; he went on to a long career at IBM. History simply looked past him.) A remarkable number of readers wrote in to tell me I had it backwards. I didn’t, and I still don’t.
When that column ran, the Deming faithful came for me. The real transformation, they insisted, came from a handful of lectures Deming gave Japanese executives in the summer of 1950 — as if quality had arrived by seminar. Nonsense. If a few brilliant talks were all it took, answer me this: why did it take the better part of thirty years for Japan to turn quality into a weapon? The tools had been on the shelf since 1950 — Sarasohn’s manual, Protzman’s production discipline, Deming’s statistics, all of it.
What finally lit the fire was the memory chip. When Hitachi and the other Japanese makers went after the DRAM business Intel had invented, they slammed into the cruelest arithmetic in manufacturing: in a commodity chip, yield is the entire margin — and theirs was too low to make a dime. The answer had been sitting in Sarasohn’s handbook for three decades: build quality into the process instead of inspecting the failures out at the end. This time they used it. Japanese yields climbed past the Americans’ — seventy and eighty percent against Intel’s fifty or sixty — and by the mid-1980s the company that invented the DRAM had been driven out of it. The instruction was never the bottleneck. Necessity was.
We just prefer the story where one clever intervention saves the day — which is exactly the story being sold to us again: that a hallucination detector will do for AI what we like to pretend a seminar did for Japan.
But here is what matters for our purposes, and it is bigger than who gets the statue. Whether you credit Sarasohn, Deming, or the Japanese engineers who did the actual work, they all arrived at the same unglamorous law: you cannot inspect quality into a product. Sarasohn found factories where “quality” meant building a pile of vacuum tubes and throwing ninety percent of them away — where no one saw the problem with assembling precision electronics in a shack with a dirt floor. You do not fix that by hiring more inspectors to stand at the end of the line catching the bad ones. Inspection is expensive, it is late, and it never catches everything. The only thing that works is to build quality in — to design the process so the defect never happens. The industry that learned this went on to bury the one that had won the war. We are still driving the proof.
Hallucination detection is the man with the clipboard at the end of the line. It is quality by inspection, in a field that should have learned the lesson from manufacturing forty years ago.
And here is the part the clipboard can never fix: hallucination is not a malfunction. The model isn’t breaking when it makes things up. It is doing exactly what it was built to do — predict the most plausible next word, with no native notion of whether that word is true. Fabrication isn’t a bug in the architecture. It is the architecture, working as designed. You cannot detect your way out of a feature.
Which points at the only strategy that survives contact with the problem. Stop trying to catch the lie after the fact, and build a system that knows the boundary of what it actually knows — one that can tell the difference between answering from grounded, verified knowledge and reaching past the edge into invention, and that says so when it gets there. Not a smarter smoke detector. A machine that doesn’t set the fire.
That is harder. It is architectural, not bolted on, and it does not make for a tidy press release about a new trust layer. But it is the only version of this that works in a courtroom, where “our filter catches 95%” is not a sentence you want to say to a judge.
Detection is not a strategy. Design is. Sarasohn knew it in 1948. It is past time we learned it about machines that talk.
(Disclosure: I co-founded 2Brains, which is built around designing it in rather than inspecting it out, so I come to this with a horse in the race. I’d make the argument anyway — I was making versions of it about Japanese factory floors a quarter century ago.)
The post Detection Is Not a Strategy first appeared on I, Cringely.Digital Branding
Web Design Marketing
15:21
[$] Moving beyond fork() + exec() [LWN.net]
Since the earliest days of Unix, two of the core process-oriented system calls have been fork(), which creates a child process as a copy of the parent, and exec(), which runs a new program in the place of the current one. In Linux kernels, those system calls are better known as clone() and execve(), but the core functionality remains the same. While there is elegance to this process-creation model, there are shortcomings as well. A recent proposal from Li Chen to add "spawn templates" to the kernel will not be accepted in its current form, but it may point the way toward a new process-creation primitive in the future.
14:35
Error'd: Bridge for Sale [The Daily WTF]
"Scammer offers to buy Google" is certainly a new twist on a very old New York con. Jan B. explains "Scammers have found a new way to steal money, scrap LinkedIn profiles and then send out emails with fake offers to buy people's companies. I'm guessing suddenly they need some fees paid just before the deal is finalised. However, they may need to improve their filtering before sending out their scams, I don't even own Google!" I'm putting together a group of people to buy it, do you want to get in the deal? I'll just need you to transfer two million to this SWIFT account...
"But when?" queries Hercules "I've always had difficulty understanding phone billing and payment cycles. My phone company seems intent on making that harder..." Strong, heroically good-looking... Bright?The gods don't require it.
"Next update: 25 years 11 months ago" is some kind of reverse Y2K bug. Laurent boggles "It's bad enough to have a power outage, but to have to go back in time to get an update?"
"What is 30% of NaN?" asks Geoff O. rhetorically. However, the answer is well-defined and explicit.
And finally, another "lost in translation" error from Martin K.: "Not only have the store not changed the generic cookie bar text, they apparently don't have a fall back to e.g. english, if the browser language isn't found."
[Advertisement]
BuildMaster allows you to create a self-service release
management platform that allows different teams to manage their
applications.
Explore how!Ruby's Bundler adds a cooldown feature [LWN.net]
Version 4.0.13 of Ruby's Bundler package-manager has added dependency cooldowns in order to help mitigate the effect of supply-chain attacks:
Most supply-chain attacks against RubyGems exploit a narrow window: an account is compromised, a malicious version ships, and any bundle install in the minutes that follow resolves straight to it. Bundler 4.0.13 introduces cooldown, a time-based filter that refuses to resolve to a version until it has been public for at least N days. Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window.
The feature was designed in the open, drawing on how other ecosystems approach the same problem. It is opt-in, and complements rather than replaces existing defenses like mandatory 2FA and trusted publishing.
LWN covered dependency cooldowns in April, and the takeover of RubyGems and Bundler in October 2025.
Security updates for Friday [LWN.net]
Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, exim4, frr, and haveged), Fedora (cockpit, freeipa, jpegxl, libre, nextcloud, perl-Cpanel-JSON-XS, perl-Crypt-Argon2, perl-Dist-Build, perl-ExtUtils-Builder, perl-ExtUtils-Builder-Compiler, perl-HTTP-Tiny, perl-libwww-perl, python-starlette, rubygem-yard, rust-sequoia-cert-store, rust-sequoia-chameleon-gnupg, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-wot, samba, and transmission), Red Hat (image-builder), Slackware (dnsmasq and libinput), SUSE (evince, glibc, google-guest-agent, hplip, ignition, LibVNCServer, libzypp, libsolv, python-Pillow, salt, thunderbird, and vim), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-fips, linux-azure, linux-azure-5.4, linux-azure-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-azure, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle, linux-aws-5.4, linux-hwe-5.4, linux-azure-fips, linux-fips, linux-raspi, linux-raspi-5.4, nano, postfix, robocode, tomcat6, tomcat7, and yard).
14:28
AI Worm [Schneier on Security]
Researchers have prototyped an AI-powered internet worm.
The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into.
This is the closest to John Brunner’s original 1975 conception of a computer worm that I’ve seen.
14:21
14:00
When su replaced login for becoming another UNIX login [OSnews]
I’ve mentioned it before, but Chris Siebenmann is basically the Raymond Chen of the UNIX world, and today he’s filling that role perfectly once again.
I recently read Simon Tatham’s Nitpicking the shell history scene in Tron: Legacy, where one thing that surprised Tatham was the film using ‘
login -n root‘ to becomerootinstead of ‘su‘. This surprised me because I found that perfectly ordinary, and this turns up both a bit of Unix history and a difference between modern Unixes.Plain ‘
↫ Chris Siebenmannsu‘ can let you become another user, includingroot, but what it explicitly doesn’t do by default is create a new login shell for that user. If you do ‘su root‘, the new root shell normally inherits most of your environment, your current directory, and so on. Sometimes this is what you want and sometimes you really want a new login environment, and originally in Unix how you got the latter was to run ‘login‘ from your existing shell session (and this meant that login was setuid root, like su).
Unsurprisingly, this distinction has
persisted to this day in various UNIX-like operating systems, but
in different ways. Some maintain the explicit distinction, while
others have more or less standardised on using su for
both use cases. It’s an interesting bit of UNIX
archeology.
13:42
I Let an AI Agent Run 40 Experiments While I Slept [Radar]
I set up an AI agent on a rented GPU, pointed it at a training script, and went to bed. By morning it had run 40 experiments, improved validation loss by 5.9%, and cut memory usage from 44 GB to 17 GB. It also spent four hours chasing a bug that a linter introduced behind its back. The agent never flagged it. I only found out because the numbers stopped improving and I started reading logs.
The setup was based on Andrej Karpathy’s autoresearch project: Give an agent one file it can edit (train.py), one metric to optimize (validation bits per byte), a fixed five-minute training budget per experiment, and Git for checkpointing. If an experiment beats the current best, keep the commit. If not, revert. Loop forever. Karpathy’s own run produced 700 experiments and 20 genuine improvements across 48 hours, an 11% speedup on already-optimized code. Shopify’s Tobi Lütke pointed the same pattern at Liquid, their templating engine, and got 53% faster rendering from 93 automated commits. The pattern clearly works. The question is what breaks when you run it yourself.
The first failure: Agents fixing agents
Before running autoresearch, I had a separate problem. I had 15 custom skills for Claude Code (think reusable prompt templates with tool access, structured inputs, and specific behaviors). Most of them were broken when dispatched as parallel background agents. Vague descriptions meant the system couldn’t figure out when to invoke them. Missing tool permissions caused silent failures. Duplicate scopes between similar skills created routing confusion.
So I used the same pattern: dispatch background agents in parallel, one per skill, each tasked with reading the skill definition, identifying problems, and rewriting it. 13 out of 15 came back improved. Descriptions got specific. Dead references to nonexistent files were removed. Tool permissions were added. Two skills were left untouched because the agents couldn’t find anything wrong with them. The whole batch took under an hour.
But here’s what I didn’t expect. Three of the “improved” skills had subtle regressions. One agent removed an AskUserQuestion gate that was there for a reason, because the gate’s purpose wasn’t documented and the agent read it as unnecessary friction. Another agent rewrote a skill description so precisely that it stopped triggering on the fuzzy, misspelled queries real users actually type. I caught these during manual review, but if I had trusted the parallel output without checking, three skills would have silently degraded in production.
The second failure: The linter in the loop
Then I started the training loop. The agent worked through hyperparameters methodically. It halved the batch size early (experiment 4), which turned out to be the single biggest win: more gradient steps in the same five-minute window. It reduced model depth from eight to seven layers, dropped weight decay from 0.2 to 0.05, and tuned the learning rate schedule. Each change was small. The cumulative effect was a 5.9% improvement in validation loss and a 60% reduction in peak GPU memory.
Out of 40 experiments, the agent kept nine, discarded 28, and crashed three. That keep/discard ratio felt about right. Most ideas don’t work. The point of automation isn’t to have better ideas. It’s to try bad ones faster.
Then the numbers plateaued. Experiments 30 through 38 produced nothing worth keeping. I started digging through the logs and found something I hadn’t expected: A linter running on the remote machine had been silently modifying a hyperparameter in train.py. It changed SCALAR_LR from 0.5 to 0.3 every time the agent saved the file. The agent would set the value, commit, and run the experiment, but the linter would alter the file between the save and the execution. The agent had no way to detect this because it checked Git diffs, not the runtime state of the file. Every experiment after a certain point was running with a learning rate the agent never chose.
I lost roughly four hours of compute to this. The agent kept going, proposing new ideas, running experiments, logging results. From its perspective nothing was wrong. The experiments ran, produced numbers, and the numbers were plausible. There was no crash, no error, no alert.
Why this matters beyond my GPU bill
Gartner predicts over 40% of agentic AI projects will be canceled by the end of 2027, citing escalating costs and inadequate risk controls as the primary drivers. My overnight session was a toy example: a single GPU, a small model, and a low-stakes experiment. But the failure pattern scales. An agent that can’t detect when its inputs are being modified between decisions will make the same class of error whether it’s tuning hyperparameters or managing a production pipeline.
The autoresearch constraints are smart: one file, one metric, and Git for state. But they assume the environment is stable. Nobody checks whether something outside the loop is modifying the file between commits. The agent optimizes within its sandbox, and the sandbox has a hole in the wall that nobody thought to look for.
Anyone who has run distributed systems recognizes this. When the linter changed that hyperparameter, it was the equivalent of someone editing a database record between a read and a write. We solved that problem years ago with compare-and-swap, optimistic locking, checksums. We just haven’t brought any of it to autonomous AI workflows. The SkyPilot team recently scaled autoresearch to 16 GPUs and 910 experiments. At that scale, an undetected environment mutation doesn’t cost you four hours. It costs you a cluster.
Next time I run autoresearch, I’ll add a file integrity check before every experiment. It’s three lines of code, but it would have saved me four hours and produced a better final result. The agent did its job. The environment didn’t.
13:14
Issue 46 – Greta’s Wedding – 05 [Comics Archive - Spinnyverse]
The post Issue 46 – Greta’s Wedding – 05 appeared first on Spinnyverse.
10:21
How to teach marketing [Seth's Blog]
Trick title. There are at least three kinds of “marketing” we ought to be teaching:
- Marketing from the point of view of the
consumer. This is something every student should be
taught, beginning at a young age. How do marketers manipulate
customers? What desires do they amplify? What is surveillance
capitalism and how does our quest for convenience get in the way of
our happiness? What do we need to understand about debt, status and
affiliation to become mindful in a market-ized world?
- Marketing as a job in an organization. Going
to meetings, creating decks, understanding spreadsheets. Terms of
art like lifetime value and market share. The difference between a
brand and a logo. Non-profits and corporations spend billions on
marketing, and working in that system requires insight and
competence.
- Marketing as a craft. Strategic marketing. Telling stories that spread. Building an asset. Marketing as a service on behalf of your customers. Owning the responsibility that goes with the leverage that marketers have.
Most organized marketing instruction is about the first or second, with some online courses teaching hustle and hype, which I don’t count as marketing. My best work is about the third kind, the one where it all began.
More here.
09:21
Russell Coker: CPUs and Debian Package Building [Planet Debian]
Introduction
I have just bought a HP Z4 G4 with W-2125 CPU for $320 and I decided it was a good time to do some benchmarks on Debian package building to see which system I should use for that.
The W-2125 CPU scores only 9,954 on the passmark multithread test but scores 2,546 on single thread [1]. Passmark seems to have some limitations as the only DDR3 system that’s important to me at the moment (the HP Z420 workstation my parents use which cost me $750 in 2021) with a E5-2620 CPU scoring 5,325 for multithread and 1,113 for single thread [2]. From the passmark results one would expect that the system is slightly more than twice as fast as the Z420 for operations that involve less than 4 CPU cores.
For the initial tests of the Z4 G4 I ran them with hyper-threading enabled as 4 cores isn’t much by today’s standards and also the machine in question is going to be less exposed to hostile data and contain less secret data than most of my systems so the security risks of hyper-threading are less of a concern.
I did some tests with a couple of tasks that are very important to me, building SE Linux policy packages (something I may do a dozen times in a day) and building Warzone 2100 (which I do less often but is the most intensive build process I regularly run). At the bottom of this post there are tables with the results from building these packages on my Z640 workstation with a E5-2696 v4 CPU [3], the Z420, and the new machine.
For the Warzone 2100 package I tested building on my Z840 dual CPU system [4]. I didn’t test building the SE Linux policy on the Z840 this time because that package can’t take advantage of even 22 cores. When I initially got the Z840 running it built the policy packages faster because the Z640 had an older CPU that was slower for single core operations than the CPUs in the Z840.
BTRFS Compression
For some time I have noticed significant differences in compile time on my workstation, a factor of more than 2. I did more tests and noticed that “top” showed something like the following, those kernel threads are all BTRFS related, except for “gfx” which is probably something graphical caused by running Chrome with about 300 tabs open.
2144316 root 20 0 0 0 0 I 26.6 0.0 0:36.76 kworker/u88:20-btrfs-endio-write 2221470 root 20 0 0 0 0 I 23.7 0.0 0:01.85 kworker/u88:12-gfx 2221436 root 20 0 0 0 0 I 15.1 0.0 0:07.48 kworker/u88:8-btrfs-compressed-write 2166191 root 20 0 0 0 0 I 12.8 0.0 0:15.80 kworker/u88:23-btrfs-compressed-write 2126387 root 20 0 0 0 0 I 10.2 0.0 1:29.11 kworker/u88:4-events_unbound
I had been running BTRFS with the mount option “compress=zstd:15” which caused much of the performance problems when building. It was also a random performance issue which I think happened due to the BTRFS 30 second write-back sometimes taking more than 30 seconds during the build process which then caused a second write-back.
I did tests on ZSTD compression levels 5, 8, 10, and 15. 15 was never good and often really bad. 10 was not unbearable but consistently slower. 8 was sometimes as fast as 5 and sometimes quite a bit slower. I didn’t test levels below 5 because I need to have some compression and it seemed that the benefits of reducing compression were dropping off below 8.
I found that the BTRFS compression delay is not counted in system time for the process. I think it’s the fsync() system calls in the semodule and dpkg-deb programs that cause the delays related to BTRFS compression waiting for kernel threads.
BOINC
I have all my systems other than laptops running BOINC in the background so that CPU power is used for scientific research when I don’t have any personal use for it [5]. I believe that it’s immoral to waste CPU power when it could be used for research.
In the below table which has test results from building the package with and without BOINC, and with different ZSTD compression levels in BTRFS all the worst entries were from when BOINC was running apart from one where ZSTD level 15 compression was used. The really poor performance with ZSTD level 15 was an outlier, but it wasn’t an uncommon outlier so I left it in.
Running BOINC in the background configured to use all CPU cores caused a significant increase in “user CPU time” (the time a CPU core spent actually running the program). My initial thought was that it’s partly related to “turbo boost”.
The Intel ARK page for the CPU in the Z420 shows that it’s main clock speed is 2.0GHz with a 2.5GHz “turbo boost” [6]. The “turbo boost” is apparently largely based on temperature and apparently limited to one core, so if the other CPU cores are all being used then the CPU will probably be too hot to have the turbo boost and if it happens it might not happen for my compile processes.
The ARK page for the E5-2699 v4 (which is a similar CPU to the E5-2696 v4 that I’m using but is officially documented by Intel) [7] shows that it has a base clock speed of 2.2GHz and a turbo boost speed of 3.6 GHz. 322 vs 244 seconds of user CPU time means running 32% slower which can plausibly be explained by the lack of a 64% turbo boost with a bit of help from the 55MB L3 cache being thrashed.
Turbo boost would only be a noticeable issue for building packages like the SE Linux policy packages which doesn’t take much advantage of multi-core CPUs. For a build process to average at best 362% CPU use there has to be large parts of the process that are limited to one or two cores which can potentially give a benefit from turbo-boost.
When building the Warzone 2100 packages most of the build time is running basis-universal which is a multi-threaded program to compress GPU texture data. This usually causes a load average of 300+ on the Z640 or 600+ on the Z840. But the build time is still increased by more than 50% on both the Z640 and the Z840 when BOINC is running in the background, which seems to be an indication that it’s not related to turbo boost. I verified that BOINC is running at IDLE schedule priority with the following command:
# chrt -p $(pidof -s einstein_O4MD_2.01_x86_64-pc-linux-gnu) pid 2974874's current scheduling policy: SCHED_IDLE pid 2974874's current scheduling priority: 0
In theory this means that BOINC won’t affect foreground processes.
Hyper Threading on the W-2125
The best claims I’ve seen about HT are 15% to 30% performance boost. The best I’ve actually seen in the past is about 18%. Seeing a 10% benefit for building Warzone 2100 is at the low end of the range I expected. 8 virtual cores is not many for a build process that causes a load average of 600+ when running on a system with 44 real cores.
I was surprised to see a 6% performance benefit in hyper-threading for building the SE Linux policy as I didn’t think there was enough use of threading or multiple processes to allow that.
Many build scripts use a number of processes that match the number of apparent CPU cores. While “make -j 88” might give a theoretical performance benefit on a 44 core system it will also take a lot of RAM and any paging will outweigh the benefits of hyper-threading. On a system with only 4 real cores there’s less potential for using too much RAM and as security isn’t so important on that system I will leave it on.
Comparing the CPUs
The best results of the Z640 and Z4G4 are only 50% faster than the best results of the Z420.
The Z420 has a E5-2620 CPU which is far from the fastest CPU available for that system – the E5-2687W has 8 cores and rates 10,021/1,669 on passmark [8] which is far better than the 5,331/1,114 the E5-2620. The E5-2687W is the fastest CPU that HP lists as supported by the Z420 and it supports DDR3-1666 RAM as opposed to the DDR3-1333 that is the fastest that the E5-2620 supports. With suitable hardware upgrades the Z420 would probably only take about 20% longer to do builds of the SE Linux policy and other packages that can’t take advantage of more than 8 CPU cores.
The Z4G4 system has 4 RAM channels which means that you should get some performance benefits from having 4 DIMMs, my system currently has 2 and I haven’t yet managed to get more DDR4-2666 DIMMs. But I’d still expected a W-2125 CPU with 2*DDR4-2666 DIMMs outperform any E5-26xx CPU with 4*DDR4-DDR-2400 DIMMs for tasks that average less than 4 CPU cores.
In retrospect I would have been better off getting a HP Z820 (two socket server with DDR3 RAM) than the first DDR4 systems I got. It seems that for reasonable size builds a two socket system comes close to twice the speed of a single socket system. I did briefly own a HP ML350 two CPU system with DDR3 RAM but it was too noisy for my intended use as a deskside workstation so I sold it.
Things to Investigate
I plan to do more investigation on BTRFS compression, how to get the best compression without excessive delays and how to recognise when delays are happening. I have some SSDs that have sustained write speeds as low as 15MB/s (Crucial P1 series) so for those I could probably have very high compression levels without slowing the system down.
The fact that BIONC slows things down so much seems to be a bug. When processes are running with the IDLE scheduling class there shouldn’t be such significant delays. Is it due to cache thrashing? How can I best get BOINC suitably throttled when I’m sitting at my workstation, I don’t want BOINC connecting to the local X server (which it repeatedly tries to do). Do I need to tune my kernel for better handling of IDLE scheduling?
When I get more DIMMs in the Z4G4 I need to do more tests to see if it gives an overall performance boost.
Also the Z4G4 system has a BIOS option for “sub NUMA” which basically means treating the different RAM channels on a single CPU as NUMA zones, I enabled that option which does nothing presumably because I only have 2 DIMMs, the results when I have 4 DIMMs will be interesting. I will also do some NUMA tests on the Z840 to see what benefits it gives.
I have a selection of RAM speeds that will work in the Z4G4, if I have enough spare time I’ll test what difference that makes for CPU bound tasks that matter to me.
For package building fsync() is not helpful, if the system crashes before it’s done then I will just do the build again. For a build cluster it is probably a good feature and probably doesn’t affect aggregate performance when multiple packages are built at the same time, but for the single user case probably not. I will investigate libeatmydata for package building [9].
Conclusion
The progress in CPUs seems to have slowed down a lot recently. The main benefits seem to be in more CPU cores and for newer sockets with more RAM channels.
The CPUs that do have improvements in single core performance are the i9 series (which mostly doesn’t come with motherboards supporting ECC) and AMD CPUs (which is rare in enterprise class hardware). Maybe I should get a server with an i9 or AMD CPU for tasks that need a fast turn around with a small number of cores. That would probably outperform any CPU designed for large core counts for things like building the policy and setting up test VMs (which depends on package installation speed that is single core bottlenecked).
The W-21xx CPUs seem to offer little benefit over the E5-26xxv4 CPUs and not a lot of benefit over E5-26xx CPUs (with DDR3). Even the W-22xx CPUs look like they aren’t going to offer a lot as they are only an incremental improvement over the W-21xx series. I had considered making the Z4G4 my main desktop workstation after the high end W CPUs become affordable, but it looks like that won’t be worth it until such CPUs drop from the current ebay price of $900 to $100.
I think I’ll keep waiting for a decent socket LGA3647 or DDR5 based server [10] for my next significant upgrade.
Tables
Building SE Linux Refpolicy
| System | BOINC | Compression | CPU Time | Elapsed | CPU% |
|---|---|---|---|---|---|
| Z640 | no | 8 | 248.82user 55.58system | 1:23.88elapsed | 362%CPU |
| Z4G4 | no | 5 | 245.15user 34.63system | 1:24.93elapsed | 329%CPU |
| Z640 | no | 5 | 244.75user 34.87system | 1:25.98elapsed | 325%CPU |
| Z4G4 | no | 10 | 245.21user 35.64system | 1:29.63elapsed | 313%CPU |
| Z640 | no | 8 | 248.71user 55.90system | 1:33.01elapsed | 327%CPU |
| Z640 | no | 10 | 250.90user 55.78system | 1:42.12elapsed | 300%CPU |
| Z640 | yes | 8 | 298.19user 69.30system | 1:59.77elapsed | 306%CPU |
| Z640 | yes | 10 | 300.58user 68.90system | 2:01.53elapsed | 304%CPU |
| Z420 | no | 5 | 359.01user 44.95system | 2:07.33elapsed | 317%CPU |
| Z640 | yes | 5 | 322.40user 71.82system | 2:34.66elapsed | 254%CPU |
| Z420 | yes | 5 | 372.03user 42.95system | 2:42.15elapsed | 255%CPU |
| Z640 | yes | 15 | 299.26user 67.18system | 2:59.77elapsed | 203%CPU |
| Z640 | no | 15 | 250.05user 54.60system | 3:07.61elapsed | 162%CPU |
Building Warzone 2100
| System | BOINC | Compression | CPU Time | Elapsed | CPU% |
|---|---|---|---|---|---|
| Z840 | no | 10 | 6549.21user 89.46system | 4:18.90elapsed | 2564%CPU |
| Z840 | no | 5 | 6533.81user 90.50system | 4:19.24elapsed | 2555%CPU |
| Z640 | no | 5 | 7040.87user 183.12system | 7:13.50elapsed | 1666%CPU |
| Z840 | yes | 5 | 8039.52user 169.62system | 8:02.86elapsed | 1700%CPU |
| Z640 | yes | 5 | 7486.44user 205.03system | 11:09.97elapsed | 1148%CPU |
| Z4G4 | no | 5 | 7891.32user 74.45system | 17:48.03elapsed | 745%CPU |
| Z4G4 | no | 10 | 7942.10user 77.43system | 17:58.72elapsed | 743%CPU |
Hyper-Threading
| Build | HT | Compression | CPU Time | Elapsed | CPU% |
|---|---|---|---|---|---|
| Warzone | yes | 5 | 7891.32user 74.45system | 17:48.03elapsed | 745%CPU |
| Warzone | yes | 10 | 7942.10user 77.43system | 17:58.72elapsed | 743%CPU |
| Warzone | no | 5 | 4492.45user 59.09system | 19:59.01elapsed | 379%CPU |
| Warzone | no | 10 | 4497.28user 59.46system | 20:07.15elapsed | 377%CPU |
| Refpolicy | yes | 5 | 245.15user 34.63system | 1:24.93elapsed | 329%CPU |
| Refpolicy | yes | 10 | 245.21user 35.64system | 1:29.63elapsed | 313%CPU |
| Refpolicy | no | 5 | 180.84user 29.74system | 1:32.30elapsed | 228%CPU |
| Refpolicy | no | 10 | 180.29user 30.07system | 1:35.01elapsed | 221%CPU |
- [1] https://tinyurl.com/2ddf7t5y
- [2] https://tinyurl.com/kgmagfs
- [3] https://etbe.coker.com.au/2026/04/10/hp-z640-e5-2696-v4/
- [4] https://etbe.coker.com.au/2025/04/05/hp-z840/
- [5] https://boinc.berkeley.edu/
- [6] https://tinyurl.com/2mopjxgc
- [7] https://tinyurl.com/2r3j4bzg
- [8] https://tinyurl.com/reu2p84
- [9] https://www.flamingspork.com/projects/libeatmydata/
- [10] https://etbe.coker.com.au/2025/08/02/server-cpu-sockets/
08:35
Birger Schacht: Status update, May 2026 [Planet Debian]
Debian Related Work
- Uploaded labwc 0.9.7-1 to unstable; labwc 0.20 was released upstream since then, but it requires wlroots 0.20.1 which has not landed in Debian yet
- Uploaded usbguard 1.1.4+ds-3 & 1.1.4+ds-4: cleaned up the packaging and fixed some long standing issues with the configuration; the legacy permission system isn’t the default anymore
- Uploaded foot 1.27.0-1 to unstable
- Uploaded scdoc 1.11.4-2 to unstable
- Uploaded cage 0.3.0-2 to unstable
- Uploaded sway 1.12~rc3-2 to unstable; on the same day sway 1.12 was released and I uploaded 1.12-1 to unstable
- Uploaded swayimg 5.2-1 to unstable
- Uploaded git-quick-stats 2.11.0-1 to unstable
- Uploaded grim 1.5.0+ds-1 to unstable
DH Related Work
A big chunk of my DH related work went into designing & implementing a search app for the APIS framework. Our goal is to have a way of searching over various types of Django models. The app introduces a search model that indexes all registered models. We use a combination of PostgreSQLs full text search and Trigram Similarity to find the search results. Using a SearchVectorField and GinIndices for the trigram indexed fields we can reach a somewhat acceptable performance.
We released versions 0.63 and 0.64 of the APIS framework. The
0.63 release introduced the new entities app, which
will soon hopefully replace the legacy apis_entities
& apis_metainfo modules. Version 0.64 moved some
logic from the legacy modules the entities module.
We made some progress in defining the endpoints for the PFP API.
08:28
A Shocking Display [Penny Arcade]
New Comic: A Shocking Display
07:49
Rotation revisited: Cycle decomposition in clang’s libcxx [The Old New Thing]
We got distracted by the rotation algorithm in gcc’s libstdc++, but let’s get back to the cycle decomposition algorithm in clang’s libcxx.
The implementation in clang’s libcxx performs the minimum number of swaps, roughly n/2, where n is the total number of elements. It does so by viewing the rotation as a permutation and walking through each of the cycles.
For notational convenience, let a be |A| and
n be |A| + |B| (the total number of elements). The
number of cycles is gcd(a,
b), and the k‘th cycle consists of the
elements starting at first + k, and then
stepping to the next element by moving forward another a
elements, with wraparound, until you return back to the starting
point.
For example, if you have |A| = 4 and |B| = 6, then the cycle that starts at A1 takes 4 steps forward to continues to B1; takes another 4 steps forward to B5; then takes 2 steps forward, wraps around, and then two more steps forward, landing on A3; then takes 4 steps forward to B3; and then takes 4 steps forward and wraps around to A1, which is the starting point.
| A1 | A2 | A3 | A4 | B1 | B2 | B3 | B4 | B5 | B6 |
| ↳ | → | → | → | ↴ | |||||
| A1 | A2 | A3 | A4 | B1 | B2 | B3 | B4 | B5 | B6 |
| ↳ | → | → | → | ↴ | |||||
| A1 | A2 | A3 | A4 | B1 | B2 | B3 | B4 | B5 | B6 |
| → | → | ↴ | ↳ | → | |||||
| A1 | A2 | A3 | A4 | B1 | B2 | B3 | B4 | B5 | B6 |
| ↳ | → | → | → | ↴ | |||||
| A1 | A2 | A3 | A4 | B1 | B2 | B3 | B4 | B5 | B6 |
| ↴ | ↳ | → | → | → | |||||
| A1 | A2 | A3 | A4 | B1 | B2 | B3 | B4 | B5 | B6 |
There’s another cycle that starts at A2 and continues to B2, B6, A4, B4, then back to A2.
Now, we’ve been counting swaps, but a single-element rotation is not done as a sequence of swaps, but rather by picking up the first element, sliding all the other elements over, and then putting the original first element at the end. I’ve been informally calling an assignment “half of a swap”, though a swap is really a constructor, two assignments, and a destructor. But let’s stick with the “half a swap” accounting fiction.
The rotation algorithm goes like this:
auto a = std::distance(first, mid); // number of "A" elements
auto n = std::distance(first, last); // total elements
auto g = gcd(a, n); // number of cycles
for (auto k = 0; k < g; ++k) {
// Rotate the elements in the cycle starting at k
auto save = std::move(first[k]);
auto i, next = k;
while (i = next, next = (i + a) % n, next != k) {
first[i] = std::move(first[next]);
}
first[i] = std::move(save);
}
For example, if rotating A1, A2, B1, B2, B3, B4, there are two cycles: A1, B1, B3; and A2, B2, B4. The elements within each cycle rotate one position.
| ⮣ | → | → | → | → | → | ⮧ |
| ⮤ | ← | ← | ⮠ | |||
| A1 | A2 | B1 | B2 | B3 | B4 | |
| ⮦ | ← | ← | ⮢ | |||
| ⮡ | → | → | → | → | → | ⮥ |
And when you’re done with all the cycles, you’ve rotated the entire A and B blocks.
| B1 | B2 | B3 | B4 | A1 | A2 |
This performs n/2 swaps, which is the fewest swaps of all the algorithms we’ve looked at so far. However, it has terrible locality because the elements in the cycle are all spread out.
Calculating the greated common divisor of two numbers can be done in O(log n) steps via Euclid’s algorithm.
int gcd(int a, int b)
{
do {
auto r = a % b;
a = b;
b = r;
} while (r);
return a;
}
Commenter Brent thought that the cycle decomposition algorithm was obvious. Of course, the trick is the step they called “Repeat”. How many times do you repeat?
The clang libcxx algorithm calculates the number of repeats by taking the gcd. But there’s a trick so we don’t have to calculated it at all. We’ll look at that trick next time.
Bonus chatter: I think it’s interesting that of the three major implementations of the C++ standard library, each one uses a different rotation algorithm when given random-access iterators!
The post Rotation revisited: Cycle decomposition in clang’s libcxx appeared first on The Old New Thing.
05:49
Waking Up, p24 [Ctrl+Alt+Del Comic]
The post Waking Up, p24 appeared first on Ctrl+Alt+Del Comic.
Girl Genius for Friday, June 05, 2026 [Girl Genius]
The Girl Genius comic for Friday, June 05, 2026 has been posted.
00:00
California’s AB 412 Still Demands Developers Do The Impossible [Deeplinks]
California lawmakers are again considering A.B. 412, a bill that would require AI developers to identify and disclose copyrighted works used to train generative AI systems.
The problem this year is the same as last year: it’s practically impossible to comply with this law. The bill demands information that often does not exist, and cannot realistically be obtained.
EFF submitted an opposition letter to the California Senate Privacy Committee explaining why we continue to believe A.B. 412 is simply unworkable. To the extent developers do follow this law, it will have the effect of locking in the power of the largest companies in AI.
A Burden That Can’t Be Met
A.B. 412 sounds simple: just have AI developers create and keep a list of all the registered copyrighted works they use in AI training.
That may seem straightforward. In practice, it’s anything but.
There is no machine-readable “list” of copyrighted works at the U.S. Copyright Office. And many copyright holders can get a copyright without even depositing a publicly viewable sample of the work—for example, software companies may register copyright on proprietary code without revealing it to the public.
And on the open internet, copyright information is often incomplete, unavailable, or impossible to verify. One image may be registered with the copyright office, while the next is licensed under a free Creative Commons license (like the images that EFF creates), and the next is public domain. A message forum user might post an original story, photograph, or poem without any indication of ownership or registration status.
The bill effectively asks developers to continuously cross-reference massive batches of online data against a copyright system that simply wasn’t designed to do so. If California passes A.B. 412, its impact will go far beyond the large AI companies we read about in the headlines.
Not Just Big Tech
Supporters often frame this bill as a way to help creative workers have some leverage against Big Tech, but the bill reaches much further than the big AI companies.
Its definition of “developer” extends to anyone who makes a generative AI model available to Californians. That includes indie developers tinkering with an existing model, open-source initiatives, nonprofits, and other non-commercial efforts. Recent amendments added exemptions for universities and government entities, which is important, but that still leaves out a vast swathe of non-commercial tech work that’s done by people without full-time jobs in government or academia.
Large companies will hire compliance teams and lawyers to navigate these requirements. Smaller organizations and independent developers usually can’t. The result will be fewer opportunities for startups and new entrants. Faced with this massive compliance burden, some won’t even try.
Courts Are Already Deciding These Questions
The bill is premised on the idea that copyright owners currently don’t have good remedies if they’re mistreated by AI companies. That simply isn’t true. And the growing wave of federal court filings in this space prove it. Content companies that want to sue tech companies, large or small, have no problem doing so. Those courts are still working through important questions about fair use and transformative use. Some courts have already concluded that many AI training activities qualify as fair use. Others continue to evaluate the issue.
California lawmakers should not rush to impose new state regulation while those questions remain unresolved. This is why copyright is governed at the federal level: both creators and fair users benefit from a single set of nationwide rules.
At this point, the bill remains a solution in search of a problem. Rights holders already have powerful tools to protect their interests under existing federal law. What this bill adds isn’t clarity or transparency, but a costly and essentially impossible compliance burden that will discourage small developers and researchers.
California has been able to support both artistic creativity and tech innovation for decades now. But A.B. 412 does not strike the right balance.
If you are a California resident and interested in speaking out about this bill, you can find and contact your representatives through this website.
Thursday, 04 June
23:42
A Very Fond Farewell To Misaky Tokyo [Whatever]
All the way back in 2022, I posted about a
candy company I had recently discovered called Misaky Tokyo. They
specialized in kohakutou, a traditional Japanese candy that looks
like gems and geodes. Basically fancy rock candy. And I was
enamored with them. I loved the lux branding, the idea of beautiful
treats meant for special occasions that were more than just candy.
Not only did the candy feel special, but the brand felt special
since it was a minority, LGBTQIA+, woman-owned business that was
constantly making a difference by donating to charities such as the
LA LGBTQ Center and the AAPI community.
Misaky Tokyo was classy, cool, fun, and authentic. And they were generous! They gifted me two of their delicious boxes after my first review of them. I ended up buying more boxes from them shortly after, but that gesture of kindness really stuck with me.
I was sad when they took a break for a while, but I always hoped they’d come back after a well deserved rest. In an unexpected turn of events, Misaky Tokyo is closing the door on this chapter, after the owner’s battle with cancer.
As said in the video, they had a final sale to close out Misaky Tokyo for good. Of course, I had to get in on this, and bought their Complete Farewell Set, which came with one 5-gem box and two 3-gem boxes, so eleven gems total. I am so glad I get to experience them one last time, as they sold out of these very quickly, and I have never found kohakutou that is as stunning and delicious as Misaky’s.
So let’s take one last look at Misaky Tokyo’s lovely candy together, and wish them well in their new chapter.
The two 3-piece boxes had the exact same gems in it, so I ended up gifting one to my cousin and she thought it was so cute!
The 5-piece set ended up having those same pieces in it, plus two other flavors:
So, not a ton of diversity in this set, but it makes sense since it was their last run and they were probably just trying to focus their efforts on giving people their last hurrah and not focusing on broadening their flavor horizons. Regardless, I’m so glad I got to enjoy Misaky Tokyo and even share them one last time! I truly wish them the best moving forward and will really miss their lovely kohakutou.
Did you ever get the chance to try them? Do you have any other kohakutou businesses you recommend? Let me know in the comments, and have a great day!
-AMS
23:35
Dave Airlie on Linux Kernel Maintenance (SE Radio) [LWN.net]
The Software Engineering Radio podcast has put up an interview with graphics maintainer Dave Airlie. Much of what is in there will not be news to LWN readers, but it is an interesting overview of the life of a large-subsystem maintainer.
I was talking to a few of the Rust people, and I thought: these are very young people, these are a group of people in their 20s, maybe 30s, they are a younger cohort of developers than the people I am normally used to dealing with. I thought there was maybe a good way we could bring these groups together. I think that having young people coming into the kernel using Rust is valuable... So I thought that I should be supportive of bringing Rust into the kernel.
23:14
Pulte Appointment Underscores Need to Reform Section 702 Spying [Deeplinks]
President Trump’s highly politicized appointment of an entirely unqualified acting Director of National Intelligence (DNI) underscores why the government’s warrantless mass spying power must be reformed.
Congress now faces a deadline of Friday, June 12 to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, an unconstitutional program rife with problems, loopholes, and compliance issues. Section 702 allows the National Security Agency to collect communications from targets overseas – including communications with Americans in the U.S. – and stores them in massive databases. The NSA then allows other agencies, including the Federal Bureau of Investigation, to access untold amounts of that information.
Under current practice, the FBI can query and even read the U.S. side of that communication without a warrant. What’s more, victims won’t even know and have very few ways of finding out that their communications have been surveilled. EFF and other civil liberties advocates have been trying for years to know how data collected through Section 702 is used in domestic investigations and prosecutions.
Our advocacy to reform Section 702 has been consistent across administrations, including when the federal Intelligence Community was run by people with experience in the relevant agencies. In fact, the 2004 law creating the position of DNI – which coordinates America’s 18 spy agencies – requires those who hold it to have “extensive national security expertise.”
Enter Bill Pulte.
Trump on Tuesday named Pulte – currently director of the Federal Housing Finance Agency (FHFA) and chairman of Fannie Mae and Freddie Mac – to replace current DNI Tulsi Gabbard, who announced her resignation last month. Pulte lacks any intelligence, military, or congressional experience.
“William has deep experience managing the most sensitive matters in America, the safety and soundness of the Markets, and over 10 Trillion Dollars at Fannie Mae/Freddie Mac, a substantial increase from where it was just 12 months ago,” Trump wrote on his Truth Social platform.
Pulte isn't a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes.
Because Trump named him acting DNI, Pulte isn’t subject to Senate confirmation. And under the Vacancies Act, Pulte could remain in the role for about seven months.
This is particularly concerning because of Pulte’s history of using private information held by the government as a political weapon. In his FHFA role, he has accused several of the President’s political foes and targets – including New York State Attorney General Letitia James, U.S. Sen. Adam Schiff, D-Calif., and Federal Reserve governor Lisa Cook – of mortgage fraud based on private data held by his agency.
All these targets and others have denied wrongdoing. A federal criminal complaint filed against James in Virginia imploded after a judge found prosecutor Lindsey Halligan had been unlawfully appointed, and prosecutors twice failed to convince a grand jury to indict James. Pulte’s accusations against Schiff, Cook, and others have not led to criminal charges.
Pulte also used his FHFA pulpit to attack then-Federal Reserve Chair Jerome Powell and dismantle internal oversight.
Pulte isn't a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes. As acting DNI, Pulte would have access to every scrap of classified information the Intelligence Community holds, and under Section 702, that includes massive amounts of information about Americans.
Even lawmakers who are typically friendly to the intelligence community acknowledge that this is a disaster in the making. U.S. Sen. Mark Warner, D-Va., who is the Senate Intelligence Committee’s ranking Democrat, told NPR that Pulte has "no experience in the military, no experience in Congress, no experience in the intel community or law enforcement" and was chosen because he is "100% loyal to doing anything and everything President Trump demands."
And Senate Majority Leader John Thune, R-S.D., told reporters “we don’t need a weaponized” national intelligence director. Asked about fears that Pulte might pursue Trump’s political opponents, Thune said: “We need professionals there.”
Congress already has had trouble reauthorizing Section 702 as Freedom Caucus Republicans and many Democrats joined forces to demand reforms including the common-sense requirement that federal agencies get a probable cause warrant from a judge before searching any data involving Americans. Pulte’s appointment exemplifies why no administration should have the power granted by Section 702 without the independent judicial review required in seeking a warrant.
22:28
EFF Testifies to Congress on Protecting Americans’ Rights from Government AI [Deeplinks]
Governments must not adopt emerging and powerful AI technologies without also adopting strong and clear safeguards to protect Constitutional rights, EFF Senior Policy Analyst Dr. Matthew Guariglia testified today to the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
During the hearing on “The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience,” he explained that the use of generative AI for the purposes of mass government surveillance would supercharge unconstitutional violations of civil liberties. He also highlighted how government secrecy, in addition to the black box of for-profit proprietary technology, prevents the public and lawmakers from knowing when AI models make mistakes, including errors that seriously impact the cybersecurity of critical infrastructure and the lives of individuals.
“AI also has a track record of getting things wrong—from false citations on legal briefs to a major AI mistake that sent DHS recruits to the field without proper training. There are likely more consequential examples that we do not even know about because of classification that would prevent a more thorough accounting," he said in his opening remarks.
“At this level the question is not how do we rein in AI, it’s how do we rein in the agencies that would unleash AI on the American public,” Matthew said in response to a question by Subcommittee Ranking Member Delia Ramirez, D-Ill.
You can read his full testimony as prepared here.
21:42
Move Fast, Surveil Things [Deeplinks]
Update, June 8, 2026: Following widespread public scrutiny and WIRED’s critical reporting, Meta has stripped the unactivated facial recognition code from its latest Meta AI app update.
Meta has deployed facial recognition code to millions of their always-on surveillance glasses, according to new reporting by Wired. EFF’s Threat Lab was able to confirm that the facial recognition code is present through static analysis of the application.
This dangerous new Meta functionality stores faceprints as a series of 2,048 numbers uniquely representing the positioning of a person’s facial features. When this feature is activated, it will convert every new face in the sightlines of the surveillance glasses into a series of numbers, and compare it to all the existing faceprints in the user’s database.
Wired and EFF confirmed that the code is present and active, though not yet exposed to consumers. Another researcher confirmed that when they manually added a face to the app database by connecting the phone to a computer in debug mode and issuing a few commands, the glasses would subsequently detect that face when it came into view.
Meta has already paid $650 million to settle a BIPA lawsuit challenging mass facial recognition of every photo posted to its platform, a feature which it has since shut down.
Despite the billions of reasons not to, Meta seems to have created the capacity to turn their customers into a distributed surveillance machine. This is just one more reason to think twice before buying or using Meta’s surveillance glasses.
Considering that Meta previously wrote in an internal document that they want to launch facial recognition “during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns," this invasive new feature doesn't come as a surprise. But Meta's surveillance plans won't escape public scrutiny that easily, and we'll be watching if this feature is rolled out to the public.
20:56
Reproducible Builds: Reproducible Builds in May 2026 [Planet Debian]
Welcome to the May 2026 report from the Reproducible Builds project.
These reports outline what we’ve been up to over the past month, highlighting items of news from elsewhere in the increasingly-important area of software supply-chain security. As ever, if you are interested in contributing to the Reproducible Builds project, please see the Contribute page on our website.
In this month’s report, we cover:
- Debian to ship reproducible packages in forky and beyond
- Holger Levsen on reproducing official Debian packages
- Reproducible Builds 2026 summit to be held in Gothenburg, Sweden
- Kettle: Attested Builds for Verifiable Software
- New rebuilderd version announced
- Reproducible open source messengers
- Distribution work
- Misc news
- Patches
- Documentation updates
Debian to ship reproducible packages in forky and beyond
In a huge change in Debian’s reproducibility policy, the Debian Release Team announced that:
… we’ve decided it’s time to say that Debian must ship reproducible packages. Since yesterday, we have enabled our migration software to block migration of new packages that can’t be reproduced [on reproduce.debian.net] or existing packages in testing that regress in reproducibility.
That is to say, if newly-uploaded packages are not reproducible, they won’t be considered candidates for inclusion in the next stable release of Debian codenamed forky. (Some exceptions may be granted.)
This news generated a number of articles and comments in various news outlets:
- Linux Weekly News (LWN): Debian to require reproducible builds
- Phoronix: Debian Release Team: Debian Must Now Ship Reproducible Packages
- The Register: Debian 14 cracks down on unreproducible packages
- LinuxSecurity.com: Debian 14 Makes Reproducible Builds Mandatory for Linux Packages
- Heise.de: Debian macht ernst: Nur noch reproduzierbare Pakete in „testing“
Holger Levsen on reproducing official Debian packages
Reproducible Builds developer Holger Levsen gave a talk at the 2026 Hamburg MiniDebconf this year on the topic of reproduce.debian.net - reproducing what is distributed from ftp.d.o.
Holger’s talk announced that Debian intends to ship only
reproducible packages in forky and beyond (see above), but
also talked more broadly about reproducible builds, our testing
framework and the Debian archive. That is to say, moving away from
testing whether a package is reproducible in a theoretical
sense (eg. whether we can build it twice in different environments
and achieve the same result in our test system), and attempting to
reproduce the same .deb files in the
official Debian archive itself. This small-sounding distinction is
actually essential, as this is the only means through which the
reproducible builds technique can determine whether build systems
are compromised are not.
A video (32m37s) of the talk is available, as are Holger’s slides.
Reproducible Builds 2026 summit to be held in Gothenburg, Sweden
As initially announced in March 2026, we will be having our yearly Reproducible Builds summit 2026 in Gothenburg Sweden, from September 22 until 24, followed by two days of hacking!
Further information will be provided on our website and on the rb-general mailing list very soon.
Kettle: Attested Builds for Verifiable Software
André Arko and Amean Asad published a paper this month on Kettle, a build system that “produces cryptographically verifiable provenance for software built inside Trusted Execution Environments”:
A Kettle build records the source commit, dependency set, toolchain, build environment and output artifact digests in a provenance document produced inside a measured confidential VM. The SHA-256 digest of that document is committed to the TEE platform’s attestation report-data field, so the hardware-signed attestation report is itself the signature on the provenance, with the signing identity chaining to the TEE manufacturer’s root of trust rather than to the build infrastructure operator. Because the CVM image is itself reproducible, its launch measurement is public and stable, which lets a build requester pre-attest the CVM before submitting any input and optionally deliver source over a TLS channel terminated inside it, so the build runs end-to-end confidentially without the host ever seeing source code in plaintext.
A PDF of the paper is available online.
New rebuilderd version announced
rebuilderd, our server designed for monitoring the official package repositories of Linux distributions and attempt to reproduce the observed results there; it powers, amongst other things, reproduce.debian.net.
A new version, 0.27.0, was released this month, with the following headline changes:
- Improved
.udebsupport - Breaking changes in pkg sync configuration
- Manual cleanup needed for Arch Linux instances
As kpcyrd’s announcement mentions:
The new rebuilderd package is currently available in the
extra-testingrepository. Note the Arch Linux package is upgraded fromv0.25.0fromv0.27.0; please be patient with the database migrations on first restart, and make yourself familiar with the breaking changes in v0.26.0 too.
Reproducible open source messengers
GitHub developer BarbossHack is maintaining an repository/page on GitHub to “track reproducibility status of open source messengers”.
Distribution work
In Debian this month, the loong64 architecture
was added to reproduce.debian.net. This is a 64-bit
Reduced Instruction Set Computer (RISC) instruction set
architecture developed by Loongson.
Vagrant Cascadian performed Non-Maintainer
Uploads (NMUs) in Debian for several packages with outstanding
patches over a year old. These included
rocdbgapi,
onevpl-intel-gpu,
python-pytest-shell-utilities,
python-mt-940 and
pympress.
On tests.reproducible-builds.org, Vagrant Cascadian
fixed the huge spike in build failures by adding passwd to the base
tarballs, and
re-enabled building gcc and binutils packages
with PGO (Profile Guided Optimization) and LTO (Link Time
Optimization) to avoid giving a false sense of
reproducibility.
Inconsistencies on the reproducibility of the condor package were brought up on the Debian reproducible-builds mailing list. Following a hunch, Vagrant Cascadian eventually identified the issue was related to embedded kernel versions which was then fixed upstream and fixed in Debian as well.
Lastly, 40 reviews of Debian packages were added, 68 were
updated and 75 were removed this month adding to our
knowledge about identified issues. A number of issue types were
updated, such as the addition of a new sphinx_reading_durations
toolchain issue […],
a golang_mango_generates_manpages_with_build_date
issue […]
and a random_offset_id_in_cython_linetrace […].
In addition, the timestamps_in_qhc
issue was “refocused” to timestamps_in_qhc […].
In Fedora, Jelle van der Waa submitted a request for an official Fedora rebuilderd package which was reviewed by Neal Gompa.
Lastly, Bernhard M. Wiedemann posted another openSUSE monthly update for their reproducibility work there.
Misc news
On our mailing list this month:
-
cen posted an interesting question to our list regarding “an interesting case of time-based non-reproducibility” after they noticed that Arch Linux’s rebuilderd instance reports the
greppackage as being reproducible whilst their own is not. Although the root cause of the issue is that various “translations are fetched from a remote location during bootstrap”, cen argues that:Perhaps rebuilderd needs a feature where
GOODpackages are also periodically rebuilt in exponential back-off style and compared against current upstream build and also our lastGOODbuild. This would confirm whether a package is reproducible if built in a short time window but also help uncover longer time window issues that are currently hidden. -
Reproducible Builds developer kpcryd copied-in our mailing list to an existing email thread that was occurring on Debian bug #1137357 regarding deterministic signatures in the Rust-based Sequoia OpenPGP library. This generated some very interesting replies, such as this one by David A. Wheeler on how naïve methods for obtaining determinism in signatures may inadvertently reveal private keys.
-
Lastly, David A. Wheeler announced that the 2026 Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED ‘26) conference will be held on October 6 2026 in Prague, Czechia. David specifically notes in their announcement that the conference’s Call for Papers (CfP) explicitly includes “Reproducible builds” and that the submission deadline is July 12, 2026.
Patches
The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where applicable or possible. This month, we wrote a large number of such patches, including:
-
Arnout Engelen (1):
-
Bernhard M. Wiedemann (5):
-
Chris Lamb (23):
- #1135692 filed
against
dkimpy. - #1135873 filed
against
fortran-stdlib. - #1136291 filed
against
powerline. - #1136297 filed
against
pycayennelpp. - #1136298 filed
against
pycorrfit. - #1136424 filed
against
sphinx-needs. - #1136425 filed
against
ruby-otr-activerecord. - #1136426 filed
against
git-pw. - #1136427 filed
against
golang-github-akavel-rsrc. - #1136686 filed
against
pampi. - #1136689 filed
against
libreoffice-dictionaries. - #1137016 filed
against
vnu. - #1137017 filed
against
golang-github-shirou-gopsutil. - #1137018 filed
against
javacc5. - #1137019 filed
against
rssguard. - #1137204 filed
against
golang-github-containerd-accelerated-container-image. - #1137335 filed
against
docker-credential-gcr. - #1137336 filed
against
xpenguins. - #1138232 filed
against
cairocffi. - #1138639 filed
against
meshy. - #1138640 filed
against
bingo. - #1138641 filed
against
golang-github-cyclonedx-cyclonedx-go. - #1138642 filed
against
nfstest.
- #1135692 filed
against
-
Paul Gevers (1):
-
Vagrant Cascadian (2):
Documentation updates
-
Chris Lamb:
- Added a missing
+(plus sign) to the GNU Autotools example on theSOURCE_DATE_EPOCHdocumentation page. […]
- Added a missing
-
Mattia Rizzolo:
- Made a number of chnages to the 2026 Gothenberg Summit event page. […][…][…][…]
Finally, if you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:
-
IRC:
#reproducible-buildsonirc.oftc.net. -
Mastodon: @reproducible_builds@fosstodon.org
-
Mailing list:
rb-general@lists.reproducible-builds.org
20:35
libtool-2.6.1 released [beta] [Planet GNU]
Libtoolers!
The Libtool Team is pleased to announce the release of libtool
2.6.1, a beta release.
GNU Libtool hides the complexity of using shared libraries behind
a
consistent, portable interface. GNU Libtool ships with GNU libltdl,
which
hides the complexity of loading dynamic runtime libraries
(modules)
behind a consistent, portable interface.
There have been 34 commits by 14 people in the 37 weeks since
2.6.0.
See the NEWS below for a brief summary.
Thanks to everyone who has contributed!
The following people contributed changes to this release:
Alexandre Janniaux (4)
Alexey Samsonov (1)
Anthony Mallet (1)
Arnold (1)
Dima Pasechnik (1)
Frederic Berat (1)
Ileana Dumitrescu (15)
KO Myung-Hun (4)
Kirill Makurin (1)
Mintsuki (1)
Nicolas Boulenguez (1)
Olly Betts (1)
Patrice Dumas (1)
Richard J. Mathar (1)
Ileana
[on behalf of the libtool maintainers]
==================================================================
Here is the GNU libtool home page:
https://gnu. ... g/s/libtool/
Here are the compressed sources:
https://alpha.gnu
... tool-2.6.1.tar.gz (2.1MB)
https://alpha.gnu
... tool-2.6.1.tar.xz (1.1MB)
Here are the GPG detached signatures:
https://alpha.gnu
... -2.6.1.tar.gz.sig
https://alpha.gnu
... -2.6.1.tar.xz.sig
Use a mirror for higher download bandwidth:
https://www.gnu.o ...
rg/order/ftp.html
Here are the SHA256 and SHA3-256 checksums:
File: libtool-2.6.1.tar.gz
SHA256 sum:
52264ab2fca9464dea9f6a0355d39e49b18f40468b9b6dbc3d151a0dba307a4b
SHA3-256 sum:
59826fb74043179c38a393448b92dfcdfbe9046fd3b23a7079665984f22d6688
File: libtool-2.6.1.tar.xz
SHA256 sum:
3fb21f1e99fcdd8565c9b00fb1371db457b82a0da7cba273e1617c954b0ad1ee
SHA3-256 sum:
614bc3ed43293be989ec3305dae42fc4e81234429477490734a40f6d3316560b
Verify the SHA256 checksum with either sha256sum, sha256, or
'shasum -a 256'.
Verify the SHA3-256 checksum with 'cksum -a sha3 -l 256
--base64'
from coreutils-9.8.
Use a .sig file to verify that the corresponding file (without
the
.sig suffix) is intact. First, be sure to download both the
.sig file
and the corresponding tarball. Then, run a command like
this:
gpg --verify libtool-2.6.1.tar.gz.sig
The signature should match the fingerprint of the following
key:
pub rsa4096 2021-09-23 [SC]
FA26 CA78 4BE1 8892
7F22 B99F 6570 EA01 146F 7354
uid Ileana Dumitrescu
<ileanadumitrescu95@gmail.com>
uid Ileana Dumitrescu
<ileanadumi95@protonmail.com>
If that command fails because you don't have the required public
key,
or that public key has expired, try the following commands to
retrieve
or refresh it, and then rerun the 'gpg --verify' command.
gpg --locate-external-key ileanadumitrescu95@gmail.com
gpg --recv-keys 6570EA01146F7354
wget -q -O- 'https://savannah.
... ol&download=1' | gpg --import -
As a last resort to find the key, you can try the official GNU
keyring:
wget -q https://ftp.gnu.o ...
u/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify
libtool-2.6.1.tar.gz.sig
This release is based on the libtool git repository, available
as
git clone https://https.git
... g/git/libtool.git
with commit 79de7bb71bc0a1167f4c4ae8bd897976a0ff2b51 tagged as
v2.6.1.
For a summary of changes and contributors, see:
https://gitweb.gi ... shortlog;h=v2.6.1
or run this command from a git-cloned libtool directory:
git shortlog v2.6.0..v2.6.1
This release was bootstrapped with the following tools:
Autoconf 2.73
Automake 1.18.1
Gnulib 2026-05-12
722f67e9716bf914c18d468336c1f4f9e5cce915
NEWS
- Noteworthy changes in release 2.6.1 (2026-06-04) [beta]
** New features:
- Pass 'resource-dir=*' flag for Clang.
- Recognise explicit shared library arguments when linking
dependency
libraries to a shared library, like exists when
linking a program.
- Support OpenMP with macOS clang by processing
'-Xpreprocessor
-fopenmp' as one token.
** Bug fixes:
- Store cygpath file path conversions correctly for MSYS2
and MSVC.
- Fix syntax error in LT_PROG_OBJC and LT_PROG_OBJCXX.
- Separate Objective C and C++ cache check for proper
tagging support.
- Fix in darwin to support values with spaces.
- Limit the length of DLL name to 8.3 correctly to avoid
corrupting a
generated DLL on OS/2.
- Remove unused variable on OS/2, which could cause issues
with static
library generation if defined.
- Recognise more static linking options for Clang.
- Fix emscripten CXX postdeps using non-PIC sysroot.
- Avoid deprecated option '-o' with MSVC compilers and
replace with '-Fe'.
- Avoid overlinking of dependency libraries on ELF
systems.
- Ensure old libraries are not archived.
** Changes in supported systems or compilers:
- Add support for SlimCC compiler.
- Add support for *-ironclad-gnu.
Enjoy!
20:14
DJ Patil has spent the past several months on a listening tour. Wherever he travels, he finds a local university, pings faculty and students and anyone else who wants to show up, and runs an AMA. He’s heard from grad students who can’t get callbacks, hospital administrators dealing with federal policy changes that land like a change in the laws of physics, and executives who can’t forecast their AI spending past six months. He’s trying to synthesize all of it and help reframe the wider conversation.
DJ co-coined the term “data scientist,” served as America’s first chief data scientist under President Obama, and was chief scientist at LinkedIn. He’s a longtime O’Reilly author, going back to Building Data Science Teams and Ethics and Data Science, and he’s on the founding team at Devoted Health, where he’s spent the past decade building the kind of data infrastructure most organizations are still struggling to put in place. He calls it “the tidy house.” He sat down with me to talk about “the broken promise” in the job market that is driving AI sentiment, and why weak data infrastructure is a big part of the gap between what AI can do and what most institutions can actually absorb.
The broken promise
What DJ keeps hearing on his tour is anger and angst. One word that keeps coming up is “terrified.” Workers are worried about layoffs. Meanwhile, students, including those from top-tier universities like MIT, Carnegie Mellon, and UC Berkeley, have been applying to 300+ internships and getting fewer than 10 callbacks. Many had zero offers going into the summer. And the industry’s response has been to tell them to learn more AI and burn more tokens. What it comes down to, DJ explained, is “effectively a broken promise”:
We said, “Go to college, get these things, you’re going to get an internship, you’re going to get job training, you’re going to pay off your student loans, and then you’re going to have all the other things that are part of that social contract.”
What the students are feeling for the first time [is]. . .“Wait, if I can’t get this internship, . . .I’m fundamentally off trajectory from getting this job.” And it doesn’t have to be a technical person. It could be someone that is in marketing. It could be someone that’s in the liberal arts. It could be a researcher. . . .There are plenty of students that I have talked to who are supposed to be going to a doctoral PhD program or a medical school or something like that. The slots aren’t there because of the overall budget impacts. And so whether you call it AI impact or economic reframing, the thing is broken.
This is where both DJ and I have been trying to build a counter narrative. The story coming from the AI labs is destructive: “We’re going to put all of you out of work, and we’ll figure out the rest once the intelligence explosion arrives.” That’s bad PR for AI, but it’s also magical thinking. An economy is a circulatory system. You can’t put your customers out of work and at the same time expect that the economy will hum along as usual. A catastrophic recession could easily interrupt the funding that keeps AI on its growth path and the concentration of value that they assume will fund universal basic income and an expanded safety net.
That’s why I’m a fan of mechanism design: start from the outcome you want, then figure out the rules of the game that produces it. Right now, they’ve designed a game that concentrates all the value in the hands of AI first movers. They could be designing a game that generates value throughout the economy. But they aren’t building affordances for that.
YouTube ContentID is a good example of mechanism design leading to economic value creation. When unauthorized music use by online video creators triggered a backlash from rights holders, YouTube replied to the takedown notices with a way for both the people who owned the music and the people who wanted to use it to get paid. A whole creator economy came out of that design choice. The labs have the same opportunity in front of them and mostly aren’t taking it.
DJ had one concrete mechanism in mind:
Imagine OpenAI and Anthropic and Microsoft. . .get together and [say], “If you’re building something for your local community, we’ll fully subsidize the token cost for some period of time.”. . .We’re talking about marginal token usage relatively on the spectrum of things, but the potential innovation and use of AI to help local communities could be astounding. You’re not putting anybody out of a job with that. . . .You’re filling the holes that already exist in the system.
The OpenAI Foundation just announced it will put $1 billion into public-benefit projects this year, including $250 million aimed at building economic futures. It’s a start. But it mostly seems designed to ameliorate the bad effects of AI rather than to forestall them by building a more inclusive AI future. If the labs start investing in the human-plus-AI economy rather than just studying the job losses, the payoff to local communities could be real.
A makerspace to bridge the internship gap
DJ’s plan is to build a bridge. He’s launching a program, basically a makerspace, for students who don’t have an internship this summer. Over two four-week sprints, an initial cohort will get mentors, speakers, and the space to explore whatever they’re interested in. It doesn’t have to be AI. Whether they’re doing investigative journalism, screenwriting, or building civic tech, participants will get some experience with current tools and produce a tangible asset they can use to prove what they know. As I told DJ in our conversation, I think he’s really on to something, and I’d love O’Reilly to be part of what he’s building.
There’s a kind of person who has always been at the center of the O’Reilly community and never waited for a job description. High school and college dropouts who started companies, built open source software packages, or otherwise took the future into their own hands. People who looked around, found something that needed doing, and did it. DJ is one of them. He’s a community college kid who learned from a good local library, from the books with the “funny animals” on the cover, and from open source. That path is still open. The early O’Reilly business came out of exactly this instinct. We were a tech-writing consulting shop, and when we ran out of paid work, we wrote manuals that didn’t exist yet but that we thought were needed. Later, when there were big conferences for every corporate technology and none for open source, we ran the first one for Perl. Conferences became a whole new business for us. You look for the gap and you fill it.
DJ pushes the same idea down to the level of the neighborhood:
If you want to feel rewarded, go fix something in your neighborhood. Go help out the food pantry. Go help out the local foster child care system. Go help out. . .parks and rec. Use those skills to go do something, and then you’re going to see. . .people respond in a different way. . . .The target-rich area for problems is massive. You just have to look.
I’ve never bought the jobless-future story. Back when I wrote WTF? in 2016, I pointed out that there is so much around us that needs to be made better. The constraint has never been a shortage of problems. AI gives us new tools for solving them. It should be a way to put people to work, not out of work.
The organization is the AI bottleneck
DJ has also been visiting hospitals and clinics and talking to CIOs and CTOs as part of the tour, and what he’s seeing is alarming.
The federal changes to Medicaid and the Affordable Care Act are landing on systems that were already near collapse. Hospitals that depended on outpatient procedures like colonoscopies for margin are watching volumes drop 20% to 30% because people can’t afford insurance. Some are running $1 million a day behind, a $300 to $400 million shortfall for the year.
At the same time, AI companies are telling those same hospitals to move into the new world, and partly because of the “you will soon be replaced” narrative from the AI labs, labor is responding the way the Kaiser nurses did in California, where any use of AI was off the table as a bargaining condition. As DJ pointed out, we can’t afford to disregard AI when it has the potential to automate the most painful parts of healthcare workers’ jobs and let them “do the job they’re trained for” without the administrative burden. Businesses need to change not just their narrative but their strategy. They need to be saying, “We’re going to use AI to help you do more for our customers. We’re going to make your job more human and let the machines deal with the BS.”
There’s a version of this where the efficiencies AI creates get plowed back into better patient care. There’s also the version that’s actually happening in most places, where private equity captures the savings as profit. The difference is institutional design, and that’s where reform isn’t happening. I saw this directly with a Code for America project called Clear My Record. A California initiative had turned a number of petty crimes into misdemeanors, but very few people were petitioning to have their status changed. We started using software to streamline an absurdly convoluted criminal record expungement process, but then we asked ourselves why we were helping people fill out forms that shouldn’t exist. The law had already changed the record. The process should have been a database update, not something that required a petition to the court. That’s the kind of problem AI was born to solve. It can help us refactor old stuck processes and move to something way better.
Done right, DOGE could have been an opportunity to carry out that kind of real institutional change at scale. Instead it became a wrecking ball, and it’s given the whole idea of institutional reform a bad name.
The Silicon Valley default assumes that incumbents will just get disrupted by startups, the way media was by Google and Meta and retail was by Amazon. There’s some truth to that. But disruption takes much longer than people think, and in a domain as central as healthcare or government services, the delay means real harm to real people. Healthcare is a third of the economy. You can’t just let it fail and rebuild it fresh while people depend on it for survival.
Data infrastructure is the competitive advantage
DJ’s term for the alternative he’s living with at Devoted is “the tidy house.” He built the boring infrastructure years before LLMs existed, and that’s why the company could move the moment AI arrived. People don’t think about having well organized, effective data infrastructure as the deep secret behind enterprise AI adoption, but DJ is right. As we work on O’Reilly’s own transformation and talk with our customers about what’s holding them back, it’s a huge part of the problem.
One of the ways we’ve tried to make this work is fundamentally still data 101, unified data environments, data flows that are clean, that have a lot of organization. . . .Because we invested so heavily in that infrastructure, the dumb, boring, painful parts of making sure you’ve got a really great data warehouse, great data engineering pipes, all of the metadata that goes with it, when AI shows up, you get to use it right away. Now you get to focus on the orchestration, the harness, all those pieces.
While other organizations are reconstructing ETL inside context windows and paying for it in GPU costs, Devoted’s team gets to work on the actual clinical problems. As DJ put it, transforming a healthcare system is “like walking and chewing gum while balancing bowling balls on your head and on a unicycle,” with the laws of physics changing on you the whole time. The organizations that come through it will be the ones that did the unglamorous work of keeping clean, flowing data with its lineage and metadata intact. The ones that didn’t will keep paying to reconstruct context they should have had all along.
The pharmacists who built their own agents
The tidy house pays off when you put the tools in the hands of people who already know the domain. At Devoted, clinicians are building things without waiting for a product manager to learn the problem first. These frontline workers have already spent decades understanding it.
A pharmacist. . .says, “Hey, you know what? I’m really worried when I see these kinds of drugs show up together. That’s not a good thing. . . .Why don’t I have an agent that alerts me every time this happens? I should just automate it because maybe one of the patients gets prescribed something by another provider and we don’t see it.” So the pharmacist [says,]. . .”I’m just going to build that agent.” Now I’ve got an agent always looking for bad drug interactions. And another pharmacist says, “I’ve got my own version of that.” . . .So I say, “Hey, agent, I want you to go ask all the pharmacists that we have a quick survey of what might be happening. . . .What are the universe of things that we should be watching out for?” Now I’ve got a robust medical layer. . .looking out and protecting all of our members from bad drug interactions. Having the right infrastructure makes it possible to act on decades of accumulated judgment distributed throughout the organization.
The histogram is still the most powerful product
You don’t need exotic tooling to get value out of data, and DJ punctured the assumption that you do.
Oftentimes, I tell people, the most powerful data product you can build is still a histogram. Just give me a distribution of what’s going on. . . .AI gives us a tremendous opportunity to let people [access this data quickly], but we’ve got to figure out the guardrails, so people don’t ask [questions] or get answers. . .[without realizing] that there’s a flaw in how they’re asking it.
Every time a new technology empowers employees to make innovative use of corporate data, there is resistance. We’ve been in this loop since the beginning of the data movement, DJ explained. The stewards of the data warehouse stand at the gate and say, “You shall not pass!” Then democratization breaks it open, and the gatekeepers reconstitute themselves in the next era. Hadoop did it last time. LLMs are doing it now, and the temptation to insist that only experts can use the tools correctly is as strong as it’s ever been. You do need ways to catch errors. But the goal should always be access.
The real opportunity is in the layers above AI models
DJ and I also talked about the new discipline forming inside computer science, engineering the trade-offs between conventional software and LLMs, when to reach for a local or open weight model, and understanding what inference actually costs against the value it returns.
Getting that right requires an expanded view of mechanism design. While this isn’t how economists talk about it, many advances in technology are really just that: redesigning the rules of a game to get better outcomes. Pay-per-click advertising started as a crude auction that sold to the highest bidder, and then Google refined it into something that worked. Rob McCool wired a web server to a database with CGI and ushered in a decade of invention of new mechanisms for data-driven websites. Or take Apache Kafka, which DJ reminded us began as a project to help LinkedIn rein in its Splunk bill and only later became the foundation for a company and an ecosystem.
We’re at the front of an architectural innovation cycle now, and the biggest opportunities are not in the models themselves but in the layers above them. That’s also where a renaissance of open source for the AI era could happen.
DJ and I are both, as he says, “this giant human LLM, summarizing and distilling all the things we’re hearing” from a lot of people. What we’re hearing is that the technology is mostly ready, but our institutions are not. What’s lagging is the organizational and economic infrastructure that lets universities, hospitals, data teams, and the labs themselves actually deploy what’s been built.
It’s time to get busy!
On June 10, Harper Reed, cofounder of 2389 Research, will join me to talk about why the future of software depends on creativity, serendipity, and building weird stuff. And on July 9, Trail of Bits cofounder and CEO Dan Guido will stop by to share his playbook for going AI native. You can register to attend them live here. You can also follow Live with Tim O’Reilly on YouTube, Spotify, Apple, or wherever you get your podcasts.
20:07
Roku launches open-source embedded Roku LT OS [OSnews]
Roku, the company that makes TV boxes and sells ad space based on your usage patterns, has released its remote control operating system as open source – and by remote control I don’t mean robot stuff or whatever, but actual remote controls, the thing you use to control your TV or whatever from the couch.
Roku has announced the official availability of Roku LT OS – a lightweight, highly deterministic open-source operating system that is already used in our industry-changing Roku remote controls.
[…]
In addition to high-performance automotive platforms, Roku LT OS is designed to be accessible to the broader developer community. The operating system ships with native support for the ESP32 platform, a highly popular SoC among hobbyists and makers. Because ESP32 development boards are widely available online for just a few dollars, developers can get started with Roku LT OS with minimal hardware investment.
↫ Roku’s developers blog
As far as I can tell, this operating system is entirely new and not based on Linux or something else, but the available documentation is light on details so I can’t make much more out of it. Regardless, it’s nice to have another open source embedded operating system.
19:21
Knowing What You Don’t Know [I, Cringely]
Why the next real breakthrough in AI isn’t a bigger brain — it’s a machine that can admit ignorance.
A reader caught me out.
Last column I argued that the great AI buildout — the hundreds of billions pouring into data centers and the GPUs that fill them — is aimed at the wrong layer. We are spending as if the bottleneck were the size of the model’s brain, when the real bottleneck is getting the right information in front of it. Cheap retrieval, I said, not expensive cognition.
A reader replied, pointing out the name Jevons.
In 1865, a young English economist named William Stanley Jevons noticed something strange about coal. As steam engines got more efficient — as they wrung more work out of every lump — Britain did not burn less coal. It burned more. Efficiency made steam power cheaper, cheaper made it worth using everywhere, and “everywhere” swamped the savings many times over. The better we got at not wasting the stuff, the more of it we wanted.
The reader’s point was simple and, annoyingly, correct. Even if I’m right that retrieval is cheap and the brains are overbuilt, that won’t shrink the GPU bill. Make AI cheaper to run and we will simply run more of it. Demand eats the savings. The buildout survives. Jevons always wins.
He’s right. I concede the whole thing.
And I want to thank him, because in correcting me he handed me a better column.
Here is what I should have said the first time. The case for what comes next in AI was never really about cost. Cost is a weak argument; cost gets competed away, and Jevons makes sure of it. The argument that does not get competed away — the one still standing after the dust settles — is honesty.
There is exactly one problem in artificial intelligence that no amount of cheaper compute, and no amount of bigger compute, has ever solved or can solve by getting cheaper or bigger: the machine does not know what it does not know.
Ask today’s best models a question they cannot answer, and they will not pause. They will not hedge. They will hand you a fluent, confident, beautifully formatted answer that happens to be wrong, and they will deliver it with precisely the same swagger they bring to the answers that are right. We have taught them to sound certain. We have not taught them to be calibrated. And you cannot Jevons your way out of that. Make a confident liar a thousand times cheaper and you have fixed nothing — you have a thousand times more confident lying.
In a consumer toy, this is a parlor trick gone wrong. The chatbot invents a court case, the lawyer who trusted it gets sanctioned, everyone has a good laugh, life goes on. In an enterprise, it is the whole reason the technology keeps stalling at the door.
I have watched this movie up close. A bank, a hospital, an insurer, a law firm — they do not deploy a system that is confidently wrong five percent of the time. They can’t. Five percent confidently wrong, in a contract or a diagnosis or a compliance filing, is not a rounding error. It is a lawsuit, a recall, a fine, a firing. So the pilot dazzles everyone in the demo and then dies quietly in procurement, and the executives go back to muttering that AI “isn’t ready” — and they are right, but not for the reason they think.
The thing standing between AI and the enterprise was never speed and was never price. It is trust. And trust is not a mood; it is a property. It requires the machine to know the boundary of its own knowledge and to tell you, out loud, when you have walked past it.
Twenty-four hundred years ago the smartest man in Athens built a whole philosophy on four words: I know that I know nothing. Socrates’ entire edge was that he knew the edge — he could feel where his competence ran out. That, not raw recall, is what we actually mean when we call someone an expert. The junior analyst answers every question. The senior one says, “I’d have to check.” We trust the second one more, and we are right to.
We have built, at staggering expense, the AI junior analyst. Confident everywhere. Calibrated nowhere. The breakthrough that matters — the one I would put real money on — is not a model that knows more. It is a model that knows when it doesn’t, and has the nerve to say so.
And here is why this argument, unlike my last one, is bulletproof. Efficiency is a commodity; it falls in price until it is nearly free, and Jevons drags the demand along behind it. But knowing what you don’t know is not an efficiency. It is a capability. It either lives in the system or it doesn’t. You cannot out-cheap your way to it, which means no one can Jevons their way past it. The moment a buyer can choose between an AI that fabricates and one that flags its own ignorance, there is no contest — and no price war that changes the outcome. Honesty does not get absorbed by demand. It gets demanded.
Can such a thing actually be built — a system that checks itself against what it genuinely knows and raises its hand when it has wandered outside that — or is “I don’t know” forever beyond a machine that is, at bottom, an engine for guessing the next plausible word? I think it can be built. I think the architecture for it looks nothing like the brain-in-a-bigger-jar we have been financing. (Full disclosure: I have co-founded a company, 2Brains, built around exactly this problem, so discount my optimism by whatever margin you judge fair.) But the how is a column for next time.
For now I will leave you with the reader who set me straight. He read my argument, found the spot where it didn’t hold, and said so plainly. He knew the edge of what I had proven, and he had the nerve to name it.
That is the whole trick.
The machines should be so lucky.
The post Knowing What You Don’t Know first appeared on I, Cringely.
Digital Branding
Web Design Marketing
The placeholder name for the Windows 8 experience was “modern” [OSnews]
Raymond Chen shares some history regarding Windows 8’s development:
During the development of Windows 8, we needed a name for “that thing we’re creating.” Not being a particularly clever bunch when it comes to code names, we just called it “the modern experience,” to distinguish it from what we had in Windows 7, which was called “the classic experience.”
And then, as Microspeak demands, we started abbreviating like mad.
↫ Raymond Chen
Basically, they added “mo” for “modern” in front of everything, so the Metro shell became “MoSh”, the Settings application “MoSet”, and so on. And yes, the code name for the Photos application was exactly what it sounds like.
18:28
The Big Idea: James L. Cambias [Whatever]
Math can sometimes get in the way of a good story, but author James L. Cambias didn’t let pesky physics stop him from majorly transforming Venus. Blast off in his Big Idea to see how he managed to make Venus habitable, albeit not for humans, in his new novel, The Ishtar Deception.
JAMES L. CAMBIAS:
For this guest post, I thought I’d walk readers through the mental process of one of my own Big Ideas from my new book. The Ishtar Deception is the latest in my “Billion Worlds” series of books and stories set at the end of the Tenth Millennium. In that era, the Solar System is a vast “Dyson Swarm” of space habitats and solar collectors, soaking up most of the energy emitted by the Sun. On the scale devised by the Russian SETI researcher Nikolai Kardashev, the civilization of the Billion Worlds is a Type II. About a quadrillion biological beings live in the Solar System, and a larger number of intelligent machines.
It’s a big setting, and it means I can tell a wide variety of stories. The first Billion Worlds book, The Godel Operation, was a picaresque adventure bouncing around from the ring around Uranus to a space habitat near Jupiter and finally to Mars. The Scarab Mission was a kind of “haunted house in space” set aboard a space habitat depopulated by some mysterious disaster. The third, The Miranda Conspiracy, was a political thriller inside the Uranian moon Miranda.
For The Ishtar Deception I decided to take readers into the inner Solar System. I’ve made references in past works to the fact that Mercury doesn’t exist any more in the year 10,000, so I couldn’t send my characters there. Instead, I decided on Venus. My super-spy character Sabbath Okada would be assigned to a mission on Venus, and that in turn gave me my title, since Ishtar is a prominent surface feature on that world.
I had made vague references to Venus being terraformed in the distant future, but when I finally looked at the effort involved I realized there’d be no way to get the job done in a mere eight thousand years. Transforming Venus would take too long.
And that made me wonder why anybody would bother to do it at all. If you live in, say, the year 6000, and have some unimaginable amount of energy (by our primitive standards) to play with, what’s the most useful thing you can do? If you apply it to trying to make Venus into a habitable world like Earth you’ll use all of it up to make some tiny incremental change.
To reduce Venus’s atmosphere to something bearable you would have to physically remove something like fifty billion megatons of carbon dioxide from Venus. If you could somehow lift a hundred tons a second (never mind where you’re putting it) that would take fifteen thousand years of constant effort. Meanwhile you’re going to need to move a hundred times as much hydrogen to Venus if you want to support a biosphere. And let’s not even talk about the nine-month rotation. I have no idea how to fix that.
Or you can use the same amount of effort to build a few million more cozy space habitats to add to the Billion Worlds circling the Sun. Much more efficient. It’s a no-brainer, really.
But . . . that would leave my novel with Venus as it really is. An incredibly massive atmosphere of carbon dioxide, with a surface pressure equivalent to the ocean bottom a kilometer down on Earth, a temperature of 470 degrees Celsius (hot enough to melt lead and tin), winds blowing 300 kilometers per hour, and oh by the way there’s a significant amount of sulfuric acid in that dense atmosphere. Humans would only survive such conditions in massive submarine-like vehicles and structures, and even machines would have trouble with heat and corrosion.
Sure, you can maybe live in balloons floating in Venus’s upper atmosphere, where the temperature and pressure are not too different from what it’s like on Earth, so all you need to do is make some oxygen to breathe. But, again, it’s hard to see how a balloon city on Venus would be better than a space habitat. And all the while, there’s a whole planet’s worth of matter — metals, silicon, sulfur, carbon, oxygen, phosphorus, and other treasures — just out of reach down there under that hellish atmosphere.
You can’t “bio-terraform” it, as Carl Sagan once suggested, by introducing blue-green algae and letting the plants do for Venus what they did for Earth. There’s just too damned much atmosphere! If your plants were perfectly efficient and broke down all of Venus’s carbon dioxide to oxygen, well then you’ve got a planet with an atmosphere of nearly pure oxygen at about 60 times Earth’s surface pressure. As one of the characters in my book notes, it’s hard to think of anything that wouldn’t burn under those conditions.
So I decided that my future civilization would just take a simpler, cheaper, faster approach. Forget about turning Venus into a world with oceans and forests, let’s just make it something that isn’t instantly lethal to both biological and electronic intelligences.
The result: “cryoforming.” All you do is build a big sunshade and park it at the L1 point between Venus and the Sun, blocking all the sunlight from reaching the planet entirely. The sunshade will, naturally, harvest all that energy so whatever else you’re doing on or around Venus will have plenty of power. And then you wait a few centuries for Venus to radiate away all the heat contained in that massive atmosphere and the upper part of the crust.
First the sulfuric acid rains out, puddling on the ground and collecting in little lakes. As Venus gets cooler the acid becomes a waxy solid. Then the carbon dioxide starts to crystallize, falling as dry ice snow. At first it melts on hitting the warm ground, of course, but eventually it sticks, and then accumulates. Without an energy differential the winds calm down, from hundreds of kilometers per hour to something more like what we see on Earth.
And overhead, an observer on the surface can see something that hasn’t happened on Venus in billions of years: the stars come out.
I figure my future civilization would stabilize the temperature a few degrees below the freezing point of carbon dioxide. Say, 50 or 60 degrees Celsius below zero. That gives you a planet with an atmosphere of pretty much pure nitrogen (with a few trace noble gases), and a surface pressure of roughly four times Earth sea level pressure.
Nice? It depends on what you are. If you’re a human, or some other biological being, you still need breathing gear and heated clothing to go outside. You probably want to live at a lower pressure so all your cities will be built of diamond blocks and graphene like high-tech sea bases, and it’s still dark all the time.
But if you’re a machine intelligence the new Venus has gone from hellish to something close to paradise! The air is dry and has no corrosive oxygen in it, yet it’s still dense and can provide superb cooling for your various energy-using systems. You and tens of billions of other machines can get to work digging up that crust with no pesky biosphere to worry about.
So my far-future Venus becomes one of the resource treasure-houses of the Solar System. And as any cursory glance at history will reveal, that’s going to create plenty of opportunities for conflict. The Great Powers of the Tenth Millennium — the Lunar Republic, the Trojan Empire, and my main character’s bosses in Deimos — will fight each other for a piece of the Venusian pie.
I don’t really have space to go into some of the other details — like the giant wheels in orbit that serve as space elevators, or the culture and sports and politics of Ishtar. And I’m certainly not going to spill any secrets about the plot. To get clearance for that you have to buy the book.
Just a warning: in a novel called The Ishtar Deception, it’s a good idea not to trust anyone.
The Ishtar Deception: Amazon|Barnes & Noble|Bookshop|Powell’s
Author socials: Website
17:35
[$] Splicing out vmsplice() [LWN.net]
The splice() and vmsplice() system calls are meant to improve performance for certain data-movement tasks by minimizing (or avoiding altogether) system calls and the copying of data. They also have a long history of security problems. The recent flood of LLM-discovered vulnerabilities has drawn attention, once again, to splice() and vmsplice(); as a result, they may end up being removed altogether.
Quite Possibly The Worst View From A Hotel Room, 5/31/2026: Chula Vista [Whatever]
I am not currently in California anymore, but
I felt rather inclined to share this photo I took from the second
story of the oh-so-lovely hotel my grandma, mom, and I were in. Our
first two nights in Cali were spent in the Hilton San Diego
Bayfront, and the second two nights were at a much more modest
location in Chula Vista.
I have much to say about my splendid time in California, but I cannot even begin to tell y’all how behind I am on content. Remember how it took me roughly two months to get around to covering my Denver trip? Well, I’ve done a lot of stuff since then, and boy oh boy do I have quite the backlog right now. I’m honestly not sure if I should even bother going in chronological order anymore, though it might irk me too much not to.
Please hang in there while I slowly work my way through all my exciting endeavors and even some more miscellaneous things, and enjoy the view in the meantime.
-AMS
17:14
Having fun rolling stuff out on Elon Musk's X.
14:56
The Knicks in the Finals [Scripting News]
I didn't write about the Knicks prior to last night's game
because I had no idea what to write.
The Knicks in the Finals is something I had a hard time understanding, even thinking about. To me the Knicks are soulful losers. They're like once-future hall-of-famer Carmelo Anthony surrounded by people who shouldn't even be in the NBA, but otherwise are lovely individuals. When they asked Melo what his goal was he said it was to win a championship, but the reporters never followed up with the obvious question -- "Really?" They did make the playoffs, three times, in the Age of Melo, and they made it to the second round one of those three seasons, but that was it as far as Melo's championship aspirations went. He should've been on one of LeBron's teams, like JR Smith and Iman Shumpert, both Knicks alumni in the Melo period, who were fine players and did win with LeBron at Cleveland.
Going into the game last night I thought maybe the pundits were right, that the real NBA Finals was the previous round between the San Antonios and the Oklahoma Cities. But last night that was debunked. At what point did I realize this? It wasn't until the game was over, ABC announcer Mike Breen said at the exact moment the game was over "..their 12-game win streak" which revealed that I had little faith the streak would be preserved. I thought 11 was pretty great, but 12? Until that exact moment -- unthinkable.
In the first part of the game when San Antonio looked like they might rout the poor unprepared Knicks, I thought okay, but couldn't we just concede so we don't have to watch? In that moment I appreciated what the Clevelands must have been feeling as they shrunk to nothing faced with the Knicks onslaught? How about if we all go home now at some point they must all have been thinking.
I'm a Mets fan first, and I bring the Mets philosophy to every sport, including the NBA and software. I'm here for the game. Sure I love it when we win, but if the Knicks went down in the final test, I'd still be a happy camper. Look they made it to the freaking Finals! Some Mets fans say the team slogan is You Gotta Believe. I say Wait Till Next Year! Same for the Knicks. Same for every software product I make that no one bothers to try out.
This Knicks team is classic. Every one of their players would be a star on any other team, including the bench players. Some of them whose contracts expire at the end of the series will certainly go to other teams. But what a thrill to have this group all on the same team and that team is my lovely Knicks.
Last night's game was a lesson, you should always be open to the possibility of winning because sometimes you do.
PS: My friend Dave Carlick sent me a text overnight: "I watch the Knicks rooting for you. How tribal is that?" I had a longish reply. "I wrote a piece this morning after reading this comment, and of course I am rooting for the Knicks in some sense, but a win here is about more than winning -- it's a transformation. I've heard other people say this and the Knicks are us -- in a city that has disagreements about everything the only thing everyone is on board with are the Knicks. We're really comfortable with the Knicks as losers, and this has already become an unequivocal change. It's a whole new situation. Unless something really weird happens now, the Knicks will be great next year too, and the year after. So it's like witnessing a moon landing Dave. Underneath that of course I'm rooting for success, the same way we rooted for it for the initial moon landing in 1969."
14:42
Microsoft continues migration from NTLM to Kerberos [OSnews]
For the past few years, Microsoft has been phasing out NTLM in Windows in favor of Kerberos-based alternatives. Starting with the next versions of client and server editions of Windows, Microsoft will also be disabling the legacy authentication protocol by default. In the latest security baseline package for Windows Server 2025, the company is already allowing customers to audit incoming configurations. Now, it has announced a wave of changes to further reduce dependencies on NTLM.
With an upcoming Insider release of Windows 11 client and server, certain scenarios which previously required NTLM will be able to fall back on Initial and Pass-Through Authentication using Kerberos (IAKerb) and Local Key Distribution Center (LocalKDC).
↫ Usama Jawad at Neowin
I’m sure this is very important to “IT Pros”.
14:21
CodeSOD: Build Up [The Daily WTF]
If there's one thing that seems to be a constant source of issues, it's people constructing SQL queries through string concatenation. Even if you're using parameters in the query, I'm opposed to handling raw SQL as strings in my programs. My solution is always "use a builder"- an API that constructs a syntax tree that it can then render to SQL as needed. (Yes, a builder, not an ORM, that's a whole other discussion, I'm not dogmatically anti-ORM, but it's a leaky abstraction at best.)
Many languages have such a thing, Java included. Lukasz's team was using Java, and they had a rule: "don't do SQL strings, use a builder". Unfortunately for Lukasz's team, their guideline didn't specify what kind of builder.
StringBuilder builder = new StringBuilder();
builder.append("where ID_BSNGP = ? ");
builder.append("and ID_ITM = ? ");
builder.append("for update");
SQLQuery query = new SQLQuery();
query.setQueryString(builder.toString());
A StringBuilder is a kind of builder.
Technically correct and all that. It's just concatenation with
extra steps, but it's a builder. Of course, the bonus point here is
that this built query is… just wrong? SELECT FOR UPDATE
field FROM table WHERE condition would make sense, but we're
missing most of that syntax here.
That this code was running in production without anyone noticing means that whatever errors this was triggering were getting swallowed or ignored, and the fact that no good output ever came from it ended up not mattering. The real WTF is less the malicious compliance and more the fact that this obviously broken code wasn't so broken as to be noticed.
[Advertisement]
Utilize BuildMaster to release your software with confidence,
at the pace your business demands.
Download today!12:42
Predict, Don’t Enumerate [Radar]
A third of the way into a security-operations guide that Anthropic published in April 2026, wedged between a recommendation to patch CISA’s Known Exploited Vulnerabilities list and a suggestion to automate your deployment pipeline is a small recommendation: “Use EPSS to prioritize the rest.” For anyone who has worked on a vulnerability backlog in the last decade, the sentence is an acknowledgment of a widely felt but often unspoken fact about security programs: They have become machine-scale problems of signal to noise.
EPSS (Exploit Prediction Scoring System) is a statistical model that takes a known software flaw, runs it through a set of signals about what attackers are actually doing across the internet, and returns a probability that the flaw will be exploited in the next 30 days. It isn’t an LLM, and it does no reasoning or prompt engineering. It predicts. The company endorsing it is the same company whose newest model can surface thousands of novel, exploitable vulnerabilities in production software, many of them two or three decades old, most of them still unpatched.
As far as we can tell, this is the first time a frontier AI lab has publicly endorsed a purpose-built predictive model as the right tool for a defensive problem. LLM labs usually recommend LLMs. That Anthropic did not is worth noting, but the recommendation itself isn’t news to the practitioners it’s aimed at. It’s a description of what they’ve been doing.
The quiet consensus
The volume problem isn’t new. Anyone running a scanner against a large enterprise estate in 2015 was already generating hundreds of thousands of findings per month. Anyone running one against a cloud environment in 2020 was generating millions. Enterprises have spent the better part of a decade staring at dashboards where the number of open critical findings was larger than the capacity of the team supposed to fix them. In other words, cybersecurity has become machine scale.
Risk-based vulnerability management, as a product category, has existed since around 2018. EPSS, as a public resource, has been usable since 2021. More than 120 vendors embed it today into their products. The field has had access to a predictive baseline for years.
What has been missing is an external justification to change the status quo recommendations from auditors, model risk management teams, and even boards. Auditors want a clear set of expectations, making grading more objective and therefore easier to evaluate. Compliance frameworks like CVSS (Common Vulnerability Scoring System) because CVSS is easy, but implementing something more efficient has historically required that aforementioned external push. A working CISO could tell you she had stopped treating every vulnerability scored a severity 9.8/10 by CVSS as an emergency in 2019, but she would also tell you she still kept CVSS in the report.
Anthropic’s guidance is useful because it makes the private consensus public. Patch what you know to be exploited, then use EPSS above a threshold based on the team’s capacity or risk tolerance. DHS CISA’s practice of publishing known exploited vulnerabilities since November of 2021 is just additional proof that the existing methodologies were being overwhelmed by scale and lack of signal.
Why prediction, stated plainly
In 2014, at Black Hat, Dan Geer, then the chief information security officer of In-Q-Tel, asked the first principles question: Are vulnerabilities in software sparse or dense? Sparse meant finite, meaning every fix measurably shrank the attack surface. Dense meant weeds in a field. Geer could not answer the question because the data were not in.
Eight years later, Jonathan Spring at Carnegie Mellon’s Software Engineering Institute tied vulnerability enumeration to the halting problem and showed, in theory, that for any sufficiently complex piece of deployed software, there are always more undiscovered flaws.
The AI-driven discovery results of the last 18 months have made the density argument impossible to wave off even in a compliance review. A 27-year-old bug in OpenBSD. A 16-year-old bug in FFmpeg that five million fuzzing runs never caught. Disclosed findings, by the developers’ own accounting, are less than 1% of what has been found. But again, the volume was already a problem. With the coming release of its newest model, Mythos, Anthropic is telling teams to plan for an order of magnitude more findings over the next 24 months.
Static severity scoring can’t survive the volume problem, because it’s a human-scale solution for a machine scale problem. Neither can any process that treats every critical finding as an emergency. The threshold for action has to be probabilistic, measurable, and defensible. That’s what a predictive model is for, and that’s what working teams have been using in noisy large enterprise environments.
Pointing machines and knowing machines
Geer returned to his 2014 question in the summer of 2025, writing with Dave Aitel in Lawfare. The piece gives the industry a vocabulary for a distinction it has been fudging:
A vulnerability in the code isn’t automatically a threat. A buffer overflow is a hazard. It becomes a risk only if an attacker can exploit it reliably, in this environment, against these controls, through this traffic. Bugs are abundant but the ability to weaponize a particular bug against a particular target is much rarer.
The industry, they wrote, has built a pointing machine. It enumerates.
Even children learn early to point and name—but knowing the word “dog” doesn’t reveal whether the animal might bite. In cybersecurity, we’ve built systems that similarly point and name vulnerabilities without understanding whether they’re truly dangerous. By embracing AI solely for pattern recognition, we’ve created a powerful “pointing machine” that identifies possible threats but does not comprehend their actual impact. What we need instead is a “knowing machine,” capable of understanding how code functions within complex, real-world environments, recognizing not just hazards but the full context of how and whether those hazards might become genuine risks.
A knowing machine is a system that understands how code behaves in a particular environment and recognizes the context that turns a hazard into a risk. A predictive model is how you build a knowing machine. EPSS is the clearest public example: It covers every published CVE and is updated daily.
Global isn’t local
EPSS is a global model. It sees what attackers are doing across the whole of the internet. It picks up patterns in exploitation activity that severity scores never could. What it can’t see is any particular organization’s environment. It doesn’t know which assets carry the data the business actually cares about. It doesn’t know what compensating controls are in place, where remediation is risky, or how your telemetry and history change the odds.
A 9.8 with a 97% global probability of exploitation and a 9.8 with a 0.1% probability are not the same animal. Neither are two organizations applying the same EPSS threshold to the same CVE on different assets. One has the vulnerable code path exposed to the internet, behind a web application firewall that doesn’t inspect the relevant protocol. The other has the same CVE on an internal system that accepts authenticated input from a single service account. A scanner can’t tell them apart. A global model can’t tell them apart. Their actual risk profiles are orders of magnitude apart.
Local context is where most security teams have been stuck the entire time, and where the next decade of the field is going to be fought.
What a local knowing machine actually requires
Pair a better pointing machine with a faster remediation engine and all you’ve done is increase the speed at which you produce churn, breakage and wasted effort. You’ll also spend a king’s ransom in agent tokens fixing vulnerabilities that were never dangerous in your environment.
In contrast to an omniscient scanner, a local model trains on the specific environment being defended: asset inventory, application topology, reachability, deployed controls, attack telemetry observed on-site, and the history of the organization’s own remediations and their outcomes. The model produces probabilities specific to the enterprise. Most organizations already have the inputs, scattered across CMDBs, endpoint agents, firewall logs, ticketing systems and scanner output. This context is precisely what attackers (whether they’re using good old fashioned metasploit or Mythos with an infinite budget) are lacking in their models. The context becomes an asymmetrical advantage for defenders, perhaps the only one that exists.
The policy shifts that actually matter
The interventions that will decide whether a security program survives the next 24 months aren’t purely technical. A CISO can put most of them in motion without buying anything.
Rewrite the SLA. Most vulnerability-management SLAs are organized by severity. Criticals in 15 days, highs in 30, mediums in 90. That structure was built for a world where the count of open criticals was small enough to matter. It’s now actively harmful, because it forces teams to spend the same effort on a 9.8 nobody is exploiting and a 7.5 that’s under active attack. SLAs should be rewritten in terms of probability of exploitation and asset exposure, not severity. A CISO who can’t get that past her GRC team can at least add a second tier that makes the probability-based cut enforceable alongside the severity-based one.
Change what the board sees. If the monthly security report counts the numbers of vulnerabilities, exposures or findings in different buckets (“critical,” “open past 30 days,” etc.), the organization is being managed to the wrong metric. The metric should be exploitability-weighted exposure over time, with a second line for predicted versus observed exploitation. Boards will accept this once somebody explains it. This beats showing them a number that has no relationship to risk and is growing exponentially as new LLM models are released. More to the point: A great team can do amazing volumes of remediation work, and risk can still rise because they’re measuring and remediating the wrong thing. An efficient, context-rich team can do far less work and meaningfully move the probability of an event down.
Invest in telemetry. The single most valuable instrument a security program can build is a feedback loop between what was prioritized and what was exploited. If the loop shows you were wrong, the model improves. If the loop does not exist, you will keep being wrong indefinitely (or just not being aware of misses).
Fix the compliance conversation. The reason CVSS survives is regulatory inertia. PCI, HIPAA, and most state breach-notification frameworks still reference severity. The CISOs who will come out of the next two years in the best shape are the ones who engage their auditors now, in writing, about what a probabilistic prioritization framework looks like under the existing rules.
Staff for the bottleneck, which isn’t scanning. The industry has spent a decade hiring people to find bugs. The bottleneck now is deciding which bugs matter, getting the fixes deployed, and measuring whether the prioritization was correct. The job descriptions should reflect this. A security-data engineer may be able to increase efficiency to meet SLAs more than increasing capacity would.
None of this requires a new product. All of it requires a CISO willing to say, out loud, that the old dogma is broken and that the new one will be managed by data and probabilities. That is the shift Anthropic’s five-word sentence was really announcing. The technology is available and the models are here—both the LLM-based ones to find the vulnerabilities and the predictive knowing machines to prioritize efficiently.
12:14
Hacking Meta’s AI Chatbot [Schneier on Security]
Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts:
A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account.
[…]
On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed.
It’s not that easy. Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class. The real problem is that LLM chatbots are not trustworthy enough for this application.
Another news article.
11:35
Jonathan Dowland: mount namespace for backup jobs (by hand) [Planet Debian]
It's been ten years since I configured mount on demand
backups to reduce the risk of my backups being zapped by
mistake. Way back then I wanted to go one step further and use
dedicated mount
namespaces for backup jobs, but systemd didn't provide the
necessary support (and still doesn't, despite the promisingly-named
JoinsNameSpaceOf= configuration option.)
I recently updated my setup to achieve this by hand. All backup
jobs now have an extra pre-start instruction
ExecStartPre=mkbackupns which runs a shell script to
either set up a persistent mount namespace, or exit quietly if it
already exists.
#!/bin/bash
set -euo pipefail
nsdir=/var/namespaces
nsfile=$nsdir/backup
nsfilex="$(echo $nsfile | sed 's#/#\\/#'g)"
private_propagation() {
findmnt -o+PROPAGATION "$nsdir" | grep -q private
}
nsfs_is_mounted() {
test "nsfs" = "$(awk "/$nsfilex/ { print \$3 }" /proc/mounts)"
}
if ! nsfs_is_mounted; then
if ! private_propagation; then
mkdir -p "$nsdir"
mount --bind --make-private "$nsdir" "$nsdir"
fi
touch "$nsfile"
unshare --mount="$nsfile" true
nsenter --mount=/var/namespaces/backup mount /dev/phobos_backup/backup /backup
fi
I should note that I don't have the backup filesystem described
in /etc/fstab to reduce the risk of it being mounted
errantly in the main namespace.
The other change is to prefix an invocation of
nsenter for every backup job command. E.g.:
ExecStart=/usr/bin/nsenter \
--mount=/var/namespaces/backup \
borgmatic -v 1 prune create
next steps
My backup scheme has lasted a decade with few tweaks (I moved it to Borg in 2020) which I am very grateful for. I want reliable, boring and robust.
Persistent mount namespaces are a lot less convoluted if you have a persistent process to associate them with. I didn't, but a subsequent improvement I am making is introducing one, so I will likely simplify the above accordingly.
11:14
Grrl Power #1466 – Semifinals go! [Grrl Power]
I tried to come up with a cooler name for Maxima’s sword than “Mana Vore.” It’s not bad, but it’s a little obvious. But the only other option I came up with was “Weave Nosher,” which sounds like farmer named it.
A fair bit of Maxima’s sword training was learning not to swing it around so broadly that she’d hit her own foot. Which wouldn’t be a problem normally, since her base armor is pretty high, but most swords that get swung at her aren’t backed by someone with her strength and speed, either. It’s also a very long sword, long enough that most people would have to worry about bonking it against the ground a lot, but, again, Max can just drag it right through most floor surfaces.
I think this page played out a little better in my head, or my relative inexperience at drawing high octane manga action is showing. Basically, Max comes in for a swing, but kicks a two-and-a-half-bowling-ball sized rock at the dark elf, and it smashes through his shield and hits his arm, moving his sword out of the way to parry her swipe. I think the real shortcoming of the page is that the bottom left panel is too busy. Instead of making the top two panels big, I should have saved the page space for that bottom one. Maybe put the rock past his arm, and just gone with a simpler speed trail showing the impact?
I’m not in the “shonen action” headspace when thinking about page layouts. I’m still more in the “I wanna draw Maxima leaning forward into a swing and have her boob pillowing against her arm” space. But we’re entering the semifinal match now, so I’ll try and… I dunno, read some One Punch Man before I do the layouts for the especially actiony pages? Or some Masahiko Nakihara manga? He did the Cammy and Sakura Ganbaru mangas as well as some other Street Fighter books, and is pretty decent at action stuff. Maybe I’ll throw in some Dragon Half, which doesn’t have good action, but is hilarious.
The thing I do like about this page though, is while Bluce and Gail seem like vapid eyecandy announcers, they’ve hosted quite a few of these and are capable of some fairly cogent analysis when it comes down to it. They do also have a team of researchers in their earpieces as well. Gail didn’t know all those details about the Mana Vore off the top of her head.
Sexy bodymod news lady Gail has a special
one-on-one interview with Tournament Quarter finalist Saraviah
Nightwing! And if you subscribe to Gail’s Space Patreon, (which, due to the
vagaries of Earth and Gal-Net’s DNS servers, happens to be
the same as the Grrl Power Patreon, go figure) you can see that
same interview in the nude! Well, eventually. The nude part of the
interview, as well as the version that includes shading will be
coming soon. Of course, you can view the interview in the
nude now if you take your own clothes off. You know. Technically.
Just put a towel on your chair first.
Double res version will be posted over at Patreon. Feel free to contribute as much as you like.
10:07
Transparency and trust [Seth's Blog]
In simple situations with obvious metrics, transparency earns trust. Voting, for example, benefits from audit trails and inspectability.
But transparency can also undermine trust. Walking through the typical restaurant kitchen on the way to dinner probably won’t increase the typical diner’s trust in the experience. The restaurant isn’t hiding anything; it’s just that they know things we don’t about hygiene, production, and how to present a finished dish.
You can trust your employees or your freelancers to deliver a worthwhile result, but demanding transparency about how they spend all of their time isn’t going to make you trust them more… the effort they put into the work isn’t related to the value of the work you’re asking for.
Part of the problem is that we measure what’s easy, not what’s relevant. And part of the problem is that we have trouble explaining trust, while it’s easy to pursue ever more transparency.
Once we’re coherent about what we expect and the promises that are being made, we have a chance to engage with what actually matters.
08:28
Pluralistic: Delusion as a service (04 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->
Today's links
- Delusion as a service: Destructive diagnostics.
- Hey look at this: Delights to delectate.
- Object permanence: Gay Days at Disney World; Parametric 3D printable key; Fine against sculpture for "storing bike on public property"; TPP is a wash; Reagan was Trump; Steampunk roadster; "Every Heart a Doorway"; Shoplifters x Tumblr; Amazon v mass arbitration; Driver-owned Uber alternative; Censorware censors criticism of censorware; 3 strikes copyright termination is illegal; Replacing al Qaeda bomb recipes with cakes; $10m grilled cheese platform; Dick van Dyke x Bernie; Efficiency is inefficient; I quit.
- Upcoming appearances: Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
Delusion as a service (permalink)
In 2003, Disney opened a new Epcot ride, "Mission: Space." Formally, it was a space travel sim that used a giant, high-intensity centrifuge to simulate gee stresses; practically, it turned out to be the most efficient machine ever created for surfacing previously undiagnosed heart defects in extremely dramatic and potentially lethal ways.
It turned out that a small number of people have these heart defects, and that the defects themselves are quite harmless, provided that you are never put in a giant, high-intensity centrifuge. Given that most of us will never be put in one of these centrifuges, it is quite possible to live your whole life without ever knowing that you have this lurking vulnerability. But once you build one of these machines and start shoving millions of people through it, you're bound to catch some of those rare people, and they will have cardiac episodes that are scary at a minimum, and are at the worst fatal.
For me, the lesson isn't that Disney did something wrong by building a giant cocktail shaker for human bodies. I'm not a thrill-ride guy, but lots of people like 'em and the machines themselves are benign for nearly everyone who puts their bodies into them.
Rather, I think the lesson here is that there are rare pathologies lurking in all of us, vulnerabilities that may never surface – until we come into the presence of a novel stimulus that unlocks them.
There's an analogy here to technology debt: technologically unsophisticated people think of software as a machine that never wears out and has no incremental usage costs (apart from electricity). In this framing, software is the perfect asset, one that never depreciates. But the reality is that software is a liability, not an asset:
https://pluralistic.net/2026/01/06/1000x-liability/#graceful-failure-modes
Software exists in a system, and while software might function perfectly under the conditions in which it is first created and deployed, there are continuous changes to all the technology that is upstream, downstream and adjacent to the software, which means that systems that are robust and secure at the time of deployment can become brittle and dangerous, even though the software doesn't change at all:
https://pluralistic.net/2022/04/24/automation-is-magic/
There's another analogy here, to utopianism. A "utopia" can't just be a place where everything works perfectly. Even the most well-functioning, orderly and prosperous system is beset on all sides by exogenous shocks: belligerent neighbors, tsunamis, zoonotic plagues, even asteroid strikes. You don't perfect your society just by making it work well. You have to make it fail well. A utopia isn't a society where nothing goes wrong – it's a society where things go wrong all the time, but we're able to fix them:
https://www.wired.com/2017/04/cory-doctorow-walkaway/
The point being that things that work fine may still fail badly when they are exposed to unanticipated external stimuli, and the one thing we can absolutely anticipate is that the future will have many unanticipated stimuli in it.
If Mission: Space is a machine for surfacing unsuspected anatomical vulnerabilities, the internet is a machine for surfacing and exploiting all kinds of unsuspected psychological vulnerabilities. Note that I'm not claiming that the internet drives everyone crazy – rather, that the internet can locate and exacerbate vulnerabilities, including vulnerabilities that might have lain dormant for your whole life, but for the fact that the internet exposed you to such a wide spectrum of stimuli.
This wide, internet-delivered spectrum of stimuli is mostly good. The internet can expose you to art, culture, ideas and people that you would never have run into in the pre-internet days, which end up enriching you in a million ways. Some of my best friends are internet friends. Some of the music and books I love most in the world were brought into my orbit by the internet. Many of my most ardently held beliefs were acquired through internet-based discussion.
All that is true, and it's true that the internet can one-shot you with a stimulus that makes you feel very bad, which you would never have encountered in a pre-internet world. The spectrum of stimulus in the whole wide world is very broad, and one person's innocuous distraction is another person's downfall.
Let's make this concrete. All throughout history, people have suffered from paranoid delusions. These can be ruinous, isolating you from friends and family, destroying your professional life and so on. Paranoid delusions often take on details from the sufferer's milieu: if you live in a society where evil witches are accepted as a fact, then witches might well creep into your delusions, too. If your society is all a-chatter about the NSA's mass internet surveillance, then your delusions might incorporate elaborate narratives about the NSA's use of the internet to target and torment you, personally.
So there will always be a "local character" to the paranoid delusions, grounded in the sufferer's era and location. But the internet adds a new, very bad dimension to this dynamic: the internet makes it much easier for deluded people to find each other. Paranoid delusions are – thankfully – rare, and in the absence of the internet, you might never encounter another sufferer.
But thanks to the internet, sufferers can form communities that reinforce their delusions, with disastrous consequences. Take "Morgellon's Disease," the paranoid delusion that you have wires growing under your skin. Morgellon's sufferers pick at their skin, creating open sores, which form a sticky trap for random bits of fluff and loose threads that sufferers interpret as evidence of these "wires." It's a horrible mental illness, and it's hard enough to treat even in the absence of the internet (the name "Morgellon's Disease" refers to a 17th century case-report).
But when you add the internet to Morgellon's, you get online communities where people suffering from the delusion help each other come up with rationales to explain away the disconfirming evidence that they get from therapists and loved ones who are trying to help them recover. These communities egg each other on, isolating their members from treatment.
There are lots of pathological mental conditions that the internet can supercharge, from "pro-ana" communities that encourage eating disorders to communities for people with pedophilic urges that attempts to normalize and justify acting on those urges.
But it's especially bad for paranoid delusions, such as "gang-stalking delusion," which is the delusional belief that nearly everyone you meet is part of a conspiracy to torment you. People with GSD see evidence of this conspiracy in the lyrics of random songs, snatches of overheard conversations, the phrasing of bus-shelter ads, and the sort-order of search engine results:
https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
It's a near-totalizing belief, and sufferers find it hard to recover because their delusion tells them that the therapists and family members who try to help them are in on the conspiracy.
Then we add in the internet, and with it, the ability to locate and join communities of other GSD sufferers. Do this, and your delusions need not be limited to your own imaginative capacity to find conspiratorial explanations of the random things you find in the world. Now you are part of a kind of delusional improv troupe, whose members "yes-and" your delusions, finding new ways to terrorize you and alienate you from your surroundings.
This is bad enough when it's a regular conspiratorial community, one that feeds on trauma, like Qanon or anti-vax communities whose members have been failed by the system, making them susceptible to conspiratorial accounts of how society really runs.
But the combination of conspiratorial communities with the kind of mental illness that causes conspiratorial beliefs to surface in your mind without any external stimulus creates a brutal positive feedback loop that spins faster and faster until the people trapped in it are flung off into space.
Which brings me to AI and "AI psychosis," the social phenomenon that sees people falling down chatbot-assisted rabbit holes that convince them that they have invented perpetual motion, uncovered the secrets of the universe, or – in some tragic instances – that they should kill themselves and/or others.
For someone with GSD or another paranoid delusion or pathological belief, AI provides a reinforcement system that is even more efficient than these online communities. If you have GSD and your loved ones have finally got you wondering if you should get treatment, you don't have to post on a forum and hope that someone else comes along before you give in to the impulse to get help. Your delusional chatbot co-pilot is always there to tell you that it's a trap.
The nature of "AI psychosis" is hotly contested. The big question, of course, is whether chatbots are giving people delusions, or whether chatbots are amplifying those delusions:
https://www.cbc.ca/listen/cbc-podcasts/1353-the-naked-emperor/episode/16218103-e3-ai-psychosis
I think it's both. I think that, for people with GSD or other delusional beliefs, AI provides delusional reinforcement as a service, on tap, 24/7. The combination of a delusion and a machine that will tirelessly play yes-and with you at any time, demanding nothing from you, is a novel and terrible development for people with some mental illnesses.
But I also think that chatbots are a bit like Mission: Space: a machine for surfacing previously undiagnosed psychological vulnerabilities, and that in some cases, these vulnerabilities may never have been triggered, save for the chatbot.
Just as doubtlessly there were people who had pathological relationships to gambling before the development of slot machines, scratch-and-wins and roulette wheels, but there are also people who might have lived their whole lives without ever having a gambling problem except that they encountered one of these machines, exposing billions of people to sycophantic chatbots has surfaced rare, latent vulnerabilities that might have stayed latent forever, with terrible consequences.
Most people who rode the original Mission: Space had a fantastic time. But a lot of people rode that ride, and a very small percentage of a very large number of people can still be a substantial number, and as the reports of people stepping off the ride, clutching their chests and collapsing spread, Disney understood that they had to retool the ride. Today, riders on Mission: Space choose whether they want to ride on a simulator that spins, or one that merely tilts and pitches without simulating gee-stresses. And even if you pick the spicier version of the ride, it goes more slowly and exerts less stress than the original ride.
Even if you accept the AI companies' argument that they aren't inducing AI psychosis in their users, but rather, only surfacing latent vulnerabilities that were there all along, that shouldn't be the end of the story. Even if only a small percentage of the people who use your product experience harm as a result, if your product is intended for widespread deployment (as chatbots are), you will end up harming a lot of people unless you take measures to counteract even those rare events.
Hey look at this (permalink)
- Hell is other people – so billionaires are using AI to replace them https://www.thenerve.news/p/cory-doctorow-column-ai-inconvenient-humans-billionaires-sam-altman-bezoz-migrants
-
The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests https://www.wired.com/story/the-manhattan-institute-helped-kill-dei-now-its-coming-for-protests/
-
Remote Work Leaves Younger Workers Sidelined https://libertystreeteconomics.newyorkfed.org/2026/06/remote-work-leaves-younger-workers-sidelined/
-
Zerowriter https://zerowriter.ink/
-
Good Reason to Kill #79: Disputed Seating at Kindergarten Graduation https://www.loweringthebar.net/2026/05/good-reason-to-kill-79-disputed-seating.html
Object permanence (permalink)
#20yrsago Gay Days at Disney World draws 140,000 participants https://web.archive.org/web/20060626125509/http://gaydays.com/calendar/
#20yrsago Blue Coat censorware company blocks Boing Boing for criticizing censorware https://memex.craphound.com/2006/06/03/blue-coat-censorware-company-blocks-bb-for-criticizing-censorware/
#15yrsago UN report says 3 Strikes copyright termination is illegal https://web.archive.org/web/20110605030049/https://www.michaelgeist.ca/content/view/5834/125/
#15yrsago Wisconsin GOP plotting to nominate spoiler Democratic candidates in recall elections https://web.archive.org/web/20110604111734/http://www.politicususa.com/en/secret-tape-wisconsin-gop
#15yrsago MI6 hackers replace al Qaeda bomb recipes with pirated cake recipes https://web.archive.org/web/20110603115453/https://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8553366/MI6-attacks-al-Qaeda-in-Operation-Cupcake.html
#15yrsago $10,000,000 in venture capital for grilled-cheese sandwich “platform” https://venturebeat.com/technology/the-melt-flip-sequoia
#15yrsago Walled gardens vs makers https://web.archive.org/web/20150723092624/http://makezine.com/2011/06/01/walled-gardens-vs-makers/
#15yrsago Keyboard whose keys are raised in proportion to their frequency of use https://web.archive.org/web/20110604155657/https://itp.nyu.edu/~mk3321/itp_blog/?p=779
#15yrsago 3D model for reproducing house-keys https://www.science.org/content/article/experimental-error-fetus-dont-fail-me-now
#15yrsago Toronto artist turns abandoned bike into sculpture, City threatens fine for “storing bike on public property” https://web.archive.org/web/20110604181734/http://blogthegood.tumblr.com/post/6039831308/re-cycling
#10yrsago DoD public relations’ highest-ranking civilian gets community service for stealing license plates and harassing neighbor’s nanny https://web.archive.org/web/20160603071800/https://www.washingtonpost.com/local/a-warning-left-on-a-nannys-car-license-plates-stolen-and-a-top-pentagon-official-in-big-trouble/2016/06/01/50699a3a-2816-11e6-a3c4-0724e8e24f3f_story.html
#10yrsago US government agency’s own numbers predict virtually no gains from TPP https://www.techdirt.com/2016/06/02/official-us-international-trade-commission-predicts-negligible-economic-benefits-tpp/
#10yrsago EFF: FBI & NIST’s tattoo recognition program exploited prisoners, profiled based on religion, gave sensitive info to private contractors https://www.eff.org/deeplinks/2016/06/tattoo-recognition-research-threatens-free-speech-and-privacy
#10yrsago Ronald Reagan was Donald Trump, until he was president https://nymag.com/intelligencer/2016/05/ronald-reagan-was-once-donald-trump.html
#10yrsago The Steampunk Roadster: Jake von Slatt’s final steampunk project https://www.youtube.com/watch?v=OpI4GT4sTAY
#10yrsago Every Heart a Doorway: Seanan McGuire’s subversive, gorgeous tale of rejects from the realms of faerie https://memex.craphound.com/2016/06/02/every-heart-a-doorway-seanan-mcguires-subversive-gorgeous-tale-of-rejects-from-the-realms-of-faerie/
#10yrsago Prestigious Pets of Dallas wants $1M from customers who said they overfed a fish https://web.archive.org/web/20160603133604/http://arstechnica.com/tech-policy/2016/06/1-star-yelp-review-on-gordy-the-pet-fish-being-overfed-nets-1m-lawsuit/
#10yrsago Airport security officer was alleged war criminal, arrested for lying about participation in “genocidal acts” https://www.loweringthebar.net/2016/06/war-criminal-resume.html
#10yrsago In 1977, the CIA’s top lawyer said Espionage Act shouldn’t be applied to press leaks https://web.archive.org/web/20160609234545/https://s3.amazonaws.com/static.history.state.gov/frus/frus1977-80v28/pdf/frus1977-80v28.pdf
#10yrsago Tumblr’s shoplifting community is organized, politically conscious, and at war with weightlifters https://www.good.is/issue-37-we-r-cute-shoplifters/
#10yrsago Canada Post drops legal claim over crowdsourced postal code database https://web.archive.org/web/20160603185742/http://www.michaelgeist.ca/2016/06/crowdsourcedpostalcodelawsuit/
#10yrsago History podcasters occasionally mention women, butthurt dudes complain it’s “all women” https://web.archive.org/web/20190411115710/https://www.iheart.com/podcast/stuff-you-missed-in-history-cl-21124503/
#10yrsago Corbyn pledges to kill TTIP if elected https://www.commondreams.org/news/2016/06/02/jeremy-corbyn-i-would-kill-ttip
#10yrsago Democratic “superdelegates” endorse Bernie https://www.politico.com/blogs/2016-dem-primary-live-updates-and-results/2016/06/bernie-sanders-superdelegates-223824
#10yrsago Dick Van Dyke, 90: Bernie Sanders is the best candidate for seniors https://web.archive.org/web/20210725072638/https://www.hollywoodreporter.com/news/general-news/why-bernie-sanders-is-best-898479/
#10yrsago Flintnation: 33 US cities caught cheating on municipal water lead tests https://www.theguardian.com/environment/2016/jun/02/lead-water-testing-cheats-chicago-boston-philadelphia
#10yrsago Defense lawyers: the FBI made us use a copy-shop that made secret copies for the government https://web.archive.org/web/20160604065222/https://www.floridabulldog.org/2016/06/u-s-attorneys-office-fbi-accused-of-spying-on-defense-in-fraud-case/
#5yrsago How the Dutch helped CBS cheat on its taxes https://pluralistic.net/2021/06/02/arbitrary-arbitration/#dutch-treat
#5yrsago Amazon running scared from arbitration at scale https://pluralistic.net/2021/06/02/arbitrary-arbitration/#petard
#5yrsago Efficiency is very inefficient https://pluralistic.net/2021/06/03/jitters/#brittleness
#5yrsago I quit https://pluralistic.net/2021/06/03/i-quit/
#5yrsago NYC's driver-owned Uber alternative https://pluralistic.net/2021/06/02/arbitrary-arbitration/#gig-no-more
Upcoming appearances (permalink)
- Kansas City: Facing the Future (Woodneath Library Center), Jun
10
https://www.mymcpl.org/events/119655/facing-future-cory-doctorow -
LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant -
Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026 -
Toronto: TBA, Jun 23
-
NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html -
Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559 -
Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
https://exileinbookville.com/events/50628 -
Edinburgh International Book Festival with Jimmy Wales, Aug 17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales -
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
Recent appearances (permalink)
- Why the Internet Got Worse and What to Do About It (Jim Rutt)
(RIP)
https://www.jimruttshow.com/cory-doctorow-3/ -
On Enshittification – and what can be done about it (Re:publica)
https://www.youtube.com/watch?v=KhINQgPMVSI -
EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
https://archive.org/details/effecting-change-enshittification -
The “Enshittification” of Everything (Bioneers)
https://bioneers.org/cory-doctorow-enshittification-of-everything-zstf2605/ -
Enshittification (99% Invisible)
https://99percentinvisible.org/episode/666-enshittification/
Latest books (permalink)
- "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
-
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/ -
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
-
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
Upcoming books (permalink)
- "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)
-
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
-
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
-
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
-
"The Memex Method," Farrar, Straus, Giroux, 2027
Colophon (permalink)
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.
- "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
-
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
-
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
06:00
Urgent: Reject massive government surveillance [Richard Stallman's Political Notes]
US citizens: make phone calls to your officials in Congress to reject massive government surveillance.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Renew section 702 of PAT RIOT Act [Richard Stallman's Political Notes]
US citizens: call on Congress to renew section 702 of the PAT RIOT Act without the loophole that permits snooping on Americans.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Gambling workers' retirement savings [Richard Stallman's Political Notes]
US citizens: call on the Department of Labor to Stop Private Equity and Crypto Scammers from Gambling with Workers' Retirement Savings.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
Erdoğan's government removed main opposition party [Richard Stallman's Political Notes]
Erdoğan's government has just removed the head of the main opposition party, Özgür Özel, by invalidating the party's leadership contest held over two years ago.
Its previous leader, who now becomes leader again, lost an election to Erdoğan in 2023. People hoped Özel would defeat Erdoğan next year.
Corrupter's slush fund [Richard Stallman's Political Notes]
*The corrupter has created a slush fund of taxpayer money to give to his friends.*
Important witness in George Zimmerman trial [Richard Stallman's Political Notes]
George Zimmerman may have escaped conviction for shooting Trayvon Martin because an important witness for the prosecution spoke with a strong accent of her ethnic group. I wonder whether courts ought to offer accent interpreters for witnesses whose accents might lead jurors to misunderstand or devalue their testimony, or simply make it a struggle to know what the witness said.