Wish's River of News

The Big Idea: Cindy Cohn [Whatever]

Just added Daring Fireball to my blogroll. What a huge oversight. Glad to get this fixed.

14:42

When you’re trying to get folks excited about their own digital rights, a lot will depend on the examples you give them to understand the fight. As the Executive Director of the Electronic Frontier Foundation, Cindy Cohn certainly has examples. But which ones to choose? In this Big Idea for Privacy’s Defender, Cohn offers up her choices and explains why they matter.

CINDY COHN:

Do we have the right to have a private conversation online?

In this age of constant, pervasive surveillance, both government and corporate, how do you get people to believe that they can and should have that right?

And how do you show that safeguarding privacy is part of safeguarding a free, open and democratic society?

In Privacy’s Defender, my Big Idea is that by telling some rollicking stories about my three big fights for digital privacy over the past 30 years, I might inspire people not only to understand why privacy matters, but to actually start fighting for it themselves.

The challenge was different for each of the three stories I told. The first one, about cryptography, was in many ways the easiest, since it had a pretty straightforward narrative. Before the beginning of the broad public internet, in the early 1990s, I led a ragtag bunch of hackers and lawyers who sued to fight a federal law that treated encryption – specifically “software with the capability of maintaining secrecy” – as a weapon. We argued that code is speech and put together a case based on the First Amendment. By pulling in help from academics, scientists, companies and others, and by the grace of several women judges who were willing to listen to us in spite of the government’s national security claims on the other side, we won.

Many other stories from the early public internet are about men and the products they built. This one is different: It tells how some scruffy underdogs beat the national security infrastructure and brought all of us the promise of a more secure internet. But it’s otherwise kind of a hero’s tale with a dramatic ending when I was called to DC to negotiate the government’s surrender.

The second and third stories don’t end in such clean wins, which perhaps makes them more typical of how actual change happens when you are up against the government.

The second set of stories are about the cases we brought against the National Security Agency’s mass spying, starting after the New York Times revealed in late 2005 that the government was spying on Americans on our home soil. The fight was pushed forward by a whistleblower named Mark Klein who literally knocked on our front door at the Electronic Frontier Foundation in early 2006 with details of how the NSA was tapping into the internet’s backbone at key junctures, including in a secret room in an AT&T building in downtown San Francisco. This is the most cloak-and-dagger of the stories, made possible both by Mark’s courage and that of Edward Snowden, who revealed even more about the NSA spying in 2013 because he was angry at watching the government lie repeatedly to the American people, including before Congress.

As a result, Congress rushed in to protect… the phone companies, killing our first lawsuit. Later, after Snowden’s revelations, lawmakers passed some reforms to some of the programs we had sought to stop, but not nearly enough. In the end, the Supreme Court supported the government’s argument that – even though the whole world knew about the NSA spying and that it relied on access to information collected and handled by major telephone companies – identifying which company participated would violate the state secrets privilege. But we had dramatically shifted how the government did mass spying: ending two of the three programs we had sued over, scaling back the third, and providing far more public information about what the government was doing. In writing my book, I wanted to tell the truth about the progress we made without sugarcoating that we had not succeeded at nearly the scale that we did in the cryptography fights.

The third set of cases had a similar trajectory – an early win in the courts and some reform in Congress but ultimately not enough. These were the “Alphabet Cases” – so named because we couldn’t even name our clients publicly, assigning the cases letters instead – that we brought from 2011 through 2022 to scale back a kind of governmental subpoena called National Security Letters (NSLs), which let the FBI require companies to provide metadata about their customers but gagged them from ever telling anyone what had happened.

Though an appellate court ultimately sided with the government, we did succeed in helping our clients participate in the public debate and use their own experiences as evidence to counter the government’s misleading assertions. We had increased the procedural protections for those receiving NSLs, including clearing the way to challenge them with standards that were not quite as stacked against them. And we had helped create a path for corporate transparency reports that at least gave some information to the public about how often these controversial tools were being used.

I wanted this book to bring readers with me into the actual work, the bumpy ride, the incremental progress of protecting privacy, especially in the courts, in hope that people will think about how they too can join the fight. What we worried about in the 1990s, and fought to prevent in the 2000s and 2010s, seems closer than ever: that surveillance becomes the handmaiden of authoritarianism. But even in our troubled times, I’m confident that we are not powerless and we can prevail if we are patient, smart, thoughtful and work together. The Big Idea is that privacy is not just a coat of anonymity that you throw on before doing something embarrassing – it’s a check against unbridled government power. And as it turns out, the actual work of protecting that privacy can make for a fun, exciting and surprising life.

Privacy’s Defender: Amazon|Barnes & Noble|Bookshop

Author socials: Website

14:21

Substack would be the web's printer, if they supported inbound RSS.

Two stable kernels for Thursday [LWN.net]

Bluesky is actually pretty close to being on the web. The biggest missing piece is inbound RSS. They already support outbound, it could use a review and tuneup, but that half is mostly there. I would even go a bit further, if they really supported RSS, it would be the web.

13:21

Sasha Levin has announced the release of the 6.19.7 and 6.18.17 stable kernels. As usual, each contains important fixes throughout the tree; users are advised to upgrade.

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (gimp, git-lfs, grafana-pcp, kernel, mysql8.4, nfs-utils, opentelemetry-collector, osbuild-composer, postgresql:16, and python3.12), Debian (imagemagick and netty), Fedora (dr_libs and python-lxml-html-clean), Slackware (libarchive and libxml2), SUSE (busybox, coredns, firefox, freerdp, ghostty, gnutls, go1.25, go1.26, GraphicsMagick, grype, helm, helm3, ImageMagick, perl-Compress-Raw-Zlib, python, python311-lxml_html_clean, python311-PyPDF2, tomcat11, and traefik), and Ubuntu (curl, gimp, and libpng).

12:42

Gunnar Wolf: As Answers Get Cheaper, Questions Grow Dearer [Planet Debian]

This post is an unpublished review for As Answers Get Cheaper, Questions Grow Dearer

This opinion article tackles the much discussed issues of Large Language Models (LLMs) both endangering jobs and improving productivity.

The authors begin by making a comparison, likening the current understanding of the effects LLMs are currently having upon knowledge-intensive work to that of artists in the early XIX century, when photography was first invented: they explain that photography didn’t result in painting becoming obsolete, but undeniably changed in a fundamental way. Realism was no longer the goal of painters, as they could no longer compete in equal terms with photography. Painters then began experimenting with the subjective experiences of color and light: Impressionism no longer limits to copying reality, but adds elements of human feeling to creations.

The authors argue that LLMs make getting answers terribly cheap — not necessarily correct, but immediate and plausible. In order for the use of LLMs to be advantageous to users, a good working knowledge of the domain in which LLMs are queried is key. They cite as LLMs increasing productivity on average 14% at call centers, where questions have unambiguous answers and the knowledge domain is limited, but causing prejudice close to 10% to inexperience entrepreneurs following their advice in an environment where understanding of the situation and critical judgment are key. The problem, thus, becomes that LLMs are optimized to generate plausible answers. If the user is not a domain expert, “plausibility becomes a stand-in for truth”. They identify that, with this in mind, good questions become strategic: Questions that continue a line of inquiry, that expand the user’s field of awareness, that reveal where we must keep looking. They liken this to Clayton Christensen’s 2010 text on consulting¹: A consultant’s value is not in having all the answers, but in teaching clients how to think.

LLMs are already, and will likely become more so as they improve, game-changing for society. The authors argue that for much of the 20th century, an individual’s success was measured by domain mastery, but bring to the table that the defining factor is no longer knowledge accumulation, but the ability to formulate the right questions. Of course, the authors acknowledge (it’s even the literal title of one of the article’s sections) that good questions need strong theoretical foundations. Knowing a specific domain enables users to imagine what should happen if following a specific lead, anticipate second-order effects, and evaluate whether plausible answers are meaningful or misleading.

Shortly after I read the article I am reviewing, I came across a data point that quite validates its claims: A short, informally published paper on combinatorics and graph theory titled “Claude’s Cycles”² written by Donald Knuth (one of the most respected Computer Science professors and researchers and author of the very well known “The Art of Computer Programming” series of books). Knuth’s text, and particularly its “postscripts”, perfectly illustrate what the article of this review conveys: LLMs can help a skillful researcher “connect the dots” in very varied fields of knowledge, perform tiring and burdensome calculators, even try mixing together some ideas that will fail — or succeed. But guided by a true expert of the field, asking the right, insightful and informed questions will the answers prove to be of value — and, in this case, of immense value. Knuth writes of a particular piece of the solution, “I would have found this solution myself if I’d taken time to look carefully at all 760 of the generalizable solutions for m=3”, but having an LLM perform all the legwork it was surely a better use of his time.

¹ Christensen, C.M. How Will You Measure Your Life? Harvard Business Review Press (2017).

² Knuth, D. Claude’s Cycles. https://cs.stanford.edu/~knuth/papers/claude-cycles.pdf

12:14

CodeSOD: Awaiting A Reaction [The Daily WTF]

Today's Anonymous submitter sends us some React code. We'll look at the code and then talk about the WTF:

// inside a function for updating checkboxes on a page
if (!e.target.checked) {
  const removeIndex = await checkedlist.findIndex(
    (sel) => sel.Id == selected.Id,
  )
  const removeRowIndex = await RowValue.findIndex(
    (sel) => sel == Index,
  )

// checkedlist and RowValue are both useState instances.... they should never be modified directly
  await checkedlist.splice(removeIndex, 1)
  await RowValue.splice(removeRowIndex, 1)

// so instead of doing above logic in the set state, they dont
  setCheckedlist(checkedlist)
  setRow(RowValue)
} else {
  if (checkedlist.findIndex((sel) => sel.Id == selected.Id) == -1) {
    await checkedlist.push(selected)
  }
// same, instead of just doing a set state call, we do awaits and self updates
  await RowValue.push(Index)
  setCheckedlist(checkedlist)
  setRow(RowValue)
}

Comments were added by our submitter.

This code works. It's the wrong approach for doing things in React: modifying objects controlled by react, instead of using the provided methods, it's doing asynchronous push calls. Without the broader context, it's hard to point out all the other ways to do this, but honestly, that's not the interesting part.

I'll let our submitter explain:

This code is black magic, because if I update it, it breaks everything. Somehow, this is working in perfect tandem with the rest of the horrible page, but if I clean it up, it breaks the checkboxes; they're no longer able to be clicked. Its forcing React somehow to update asynchronously so it can use these updated values correctly, but thats the neat part, they aren't even being used anywhere else, but somehow the re-rendering page only accepts awaits. I've tried refactoring it 5 different ways to no avail

That's what makes truly bad code. Code so bad that you can't even fix it without breaking a thousand other things. Code that you have to carefully, slowly, pick through and gently refactor, discovering all sorts of random side-effects that are hidden. The code so bad that you actually have to live with it, at least for awhile.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

12:07

Christoph Breitkopf: Functional Valhalla? [Planet Lisp]

Pointer-rich data layouts lead to suboptimal performance on modern hardware. For an excellent introduction to this, see the article The Road to Valhalla. While it is specifically about Java, many parts of the article also apply to other languages. To summarize some of the key points of the article:

In 1990, a main memory fetch was about as expensive as an arithmetic operation. Now, it might be a hundred times slower.
A pointer-rich data layout involving indirections between data at different locations is not ideal for today's hardware.
A language should make flat (cache-efficient) and dense (memory-efficient) memory layouts possible without compromising abstraction or type safety.

Consider a vector of records (or tuples, structures, product types - I'll stay with "record" in this article). A pointer-rich layout has each record allocated separately in the heap, with a vector containing pointers to the records. For example, given a "Point" record of two numbers:

The flat and dense layout has the records directly in the array:

(Note that there is another flat layout, namely, using one vector per field of the record. This is better suited to instruction-level parallelism or specialized hardware (e.g., GPUs), especially when the record fields have different sizes. But it is less suited for general-purpose computing, as reading a single vector element requires one memory access per field, whereas the "vector of records" layout above requires only one access per record. Such a layout can be easily implemented in any language that has arrays of native types, whether in the language itself or in a library (e.g., OCaml's Owl library). Thus, in this article, I will only consider the "array of records" layout above.)

Functional language considerations

Things should be much easier in functional languages than in Java: we have purity, referential transparency, and everything is a value. So it should be simple enough to store these values in memory in their native representation. But there are reasons that that is often not the case in practice:

Lazyness: a value can be a computation that produces a value only when needed.
Layout polymorphism: unless we replicate the code for every type (as, for example, Rust does), we need to be able to store every possible value in the same kind of slot.
Dynamically typed languages require type information at runtime.
Functional languages often have automatic memory management, which may require runtime type information.
Many of our languages are not purely functional, but contain impure features.
Pure languages often lack traditional vectors or arrays, since making them perform well in immutable code is not easy.
Historical reasons: Graph reduction was a common implementation technique for lazy languages, and graphs involve pointers.
Implementation restrictions: not being mainstream, fewer resources are devoted to implementation and optimization.

Many implementations can not even lay out native types flat in records, so a Point record of IEEE 754 double-precision numbers may actually look like this in memory:

The (very short) List

So, given a record type, which functional languages allow a collection of values of that type to have a flat, linear memory layout? The number of programming languages that claim to be "functional" is huge, so the ones listed here are just a selection based on my preferences - mainly languages that allow that layout, and some I have some experience with and can speculate on how easy or hard it would be to add that as a library or extension.

Since the Point record can be misleading in its simplicity when it comes to the question of whether the functionality could be implemented as a library, I'll point out that there are records where the layout is a bit more interesting:

Records containing different types with different storage sizes, for example, one 64-bit float and one 32-bit integer. On most architectures, this will require 4 bytes of padding between elements.
Records containing native values along with something that has to be represented as a pointer, for example, a reference-type or a lazy value. In a flat layout, this means that every nth element will be a pointer, requiring special support from the memory management system, either by providing layout information or by using a conservative GC that treats everything as a potential pointer.

Pure languages:

Clean

Yes: Clean has unboxed arrays of records in the base language.

Caveat: it does not have integer types of specific sizes and only one floating-point type, making it harder to reduce memory usage by using the smallest type just large enough to support the required value range. It seems possible to implement such types in a library (the mTask system does that).

Futhark

No. Futhark does not intend to be a general-purpose language, so this is not surprising.

I mention it here because it does have arrays of records, but, since it targets GPUs and related hardware, it uses the "record of arrays" layout mentioned above.

Haskell

Yes. Not in the base language, but there is library support via Data.Vector.Unboxed. Types that implement the Unbox type class can be used in these vectors. Many basic types and tuples have an Unbox instance. However, when you care about efficiency, you probably do not want to use tuples but rather a data type with strict fields, i.e., not:

type Point = (Double, Double)

but:

data Point = Point !Double !Double

Writing an Unbox instance for such a type is not trivial. The vector-th-unbox library makes it easier, but requires Template Haskell. Unboxed vectors are implemented by marshalling the values to byte arrays, so records with pointer fields are not supported.

Impure Languages

F#

Yes, even records with pointer fields. Records have structural equality, and you can use structs or the [<Struct>] attribute to get a flat layout.

And that's all I could find. Unless I follow Wikipedia's list of functional programming languages, which contains languages such as C++, C#, Rust, or Swift, that allow the flat layout, but don't really fit my idea of a functional language. But SML, OCaml, Erlang (Elixir, Gleam), Scala? Not that I could see (but please correct me if I'm wrong).

Rolling your own

Since there is a library implementation for Haskell, maybe that's a possibility for other languages?

You should be able to implement flat layouts in any language that supports byte vectors. More interesting is how well such a library fits into the language, and whether a user of the library has to write code or annotations for user-defined record types, or whether the library can handle part or all of that automagically.

I'll only mention my beloved Lisp/Scheme here. Lisp's uniform syntax and macro system are a bonus here, but the lack of static typing makes things harder.

In Scheme, R6RS (and R7RS with the help of some SRFIs) has byte-vectors and marshalling to/from them in the standard library. But Scheme does not have type annotations, so you either need to offer a macro to define records with typed fields or to define how to marshal the fields of a regular (sealed) record. Since you can shadow standard procedures in a library, you can write code that looks like regular Scheme code, but, perhaps surprisingly, loses identity when storing/retrieving values from records:

(let ((vec (make-typed-vector 'point 1000))
      (pt (make-point x y)))
  (vector-set! vec 0 pt)
  (eq? (vector-ref vec 0) pt))
 ⇒ #f

(But then, you probably shouldn't be using eq? when doing functional programming in Scheme).

The same approach is possible in Common Lisp. In contrast to Scheme, it does have optional type annotations, and, together with a helper library for accessing the innards of floats and either the meta-object protocol to get type information or (probably better) a macro to define typed records, an implementation should be reasonably straightforward. Making it play nice with inheritance and the dynamic nature of Common Lisp (e.g., adding slots to classes or even changing an object's class at runtime) would be a much harder undertaking.

Conclusion

Of the functional languages I looked at, only F# fully supports flat and dense memory layouts. Among the pure languages, Haskell and Clean come close.

The question is how important this really is. There's a good argument to be made for turning to more specialized languages like Futhark if you mainly care about performance. On the other hand, having a uniform codebase in one language also has advantages.

Then, the performance story has changed, too. While the points Project Valhalla raises remain true in principle, processor designers are aware of this as well. They are doing their best to hide memory latency with techniques such as out-of-order execution or humongous caches. Thus, on a modern CPU, the effects of a pointer-rich layout are often only observable with large working set sizes.

Still, given the plethora of imperative language that can get you to Valhalla, support for this in the functional landscape seems lacking. In the future, I hope to see more languages or libraries that will make this possible.

Generative AI in the Real World: Sharon Zhou on Post-Training [Radar]

Post-training gets your model to behave the way you want it to. As AMD VP of AI Sharon Zhou explains to Ben on this episode, the frontier labs are convinced, but the average developer is still figuring out how post-training works under the hood and why they should care. In their focused discussion, Sharon and Ben get into the process and trade-offs, techniques like supervised fine-tuning, reinforcement learning, in-context learning, and RAG, and why we still need post-training in the age of agents. (It’s how to get the agent to actually work.) Check it out.

About the Generative AI in the Real World podcast: In 2023, ChatGPT put AI on everyone’s agenda. In 2026, the challenge will be turning those agendas into reality. In Generative AI in the Real World, Ben Lorica interviews leaders who are building with AI. Learn from their experience to help put AI to work in your enterprise.

Check out other episodes of this podcast on the O’Reilly learning platform or follow us on YouTube, Spotify, Apple, or wherever you get your podcasts.

Transcript

This transcript was created with the help of AI and has been lightly edited for clarity.

00.00
Today we have a VP of AI at AMD and old friend, Sharon Zhou. And we’re going to talk about post-training mainly. But obviously we’ll cover other topics of interest in AI. So Sharon, welcome to the podcast.

00.17
Thanks so much for having me, Ben.

00.19
All right. So post-training. . . For our listeners, let’s start at the very basics here. Give us your one- to four-sentence definition of what post-training is even at a high level?

00.35
Yeah, at a high level, post-training is a type of training of a language model that gets it to behave in the way that you want it to. For example, getting the model to chat, like the chat in ChatGPT was done by post-training.

So basically teaching the model to not just have a huge amount of knowledge but actually be able to have a dialogue with you, for it to use tools, hit APIs, use reasoning and think through things step-by-step before giving an answer—a more accurate answer, hopefully. So post-training really makes the models usable. And not just a piece of raw intelligence, but more, I would say, usable intelligence and practical intelligence.

01.14
So we’re two or three years into this generative AI era. Do you think at this point, Sharon, you still need to convince people that they should do post-training, or that’s done; they’re already convinced?

01.31
Oh, they’re already convinced because I think the biggest shift in generative AI was caused by post-training ChatGPT. The reason why ChatGPT was amazing was actually not because of pretraining or getting all that information into ChatGPT. It was about making it usable so that you could actually chat with it, right?

So the frontier labs are doing a ton of post-training. Now, in terms of convincing, I would say that for the frontier labs, the new labs, they don’t need any convincing for post-training. But I think for the average developer, there is, you know, something to think about on post-training. There are trade-offs, right? So I think it’s really important to learn about the process because then you can actually understand where the future is going with these frontier models.

02.15
But I think there is a question of how much you should do on your own, versus, us[ing] the existing tools that are out there.

02.23
So by convincing, I mean not the frontier labs or even the tech-forward companies but your mom and pop. . . Not mom and pop. . . I guess your regular enterprise, right?

At this point, I’m assuming they already know that the models are great, but they may not be quite usable off the shelf for their very specific enterprise application or workflow. So is that really what’s driving the interest right now—that people are actually trying to use these models off the shelf, and they can’t make them work off the shelf?

03.04
Well, I was hoping to be able to talk about my neighborhood pizza store post-training. But I think, actually, for your average enterprise, my recommendation is less so trying to do a lot of the post-training on your own—because there’s a lot of infrastructure work to do at scale to run on a ton of GPUs, for example, in a very stable way, and to be able to iterate very effectively.

I think it’s important to learn about this process, however, because I think there are a lot of ways to influence post-training so that your end objective can happen in these frontier models or inside of an open model, for example, to work with people who have that infrastructure set up. So some examples could include: You could design your own RL environment, and what that is is a little sandbox environment for the model to go learn a new type of skill—for example, learning to code. This is how the model learns to code or learns math, for example. And it’s a little environment that you’re able to set up and design. And then you can give that to the different model providers or, for example, APIs can help you with post-training these models. And I think that’s really valuable because that gets the capabilities into the model that you want, that you care about at the end of the day.

04.19
So a few years ago, there was this general excitement about supervised fine-tuning. And then suddenly there were all these services that made it dead simple. All you had to do is come up with labeled examples. Granted, that that can get tedious, right? But once you do that, you upload your labeled examples, go out to lunch, come back, you have an endpoint that’s fine-trained, fine-tuned. So what happened to that? Is that something that people ended up continuing down that path, or are they abandoning it, or are they still using it but with other things?

05.00
Yeah. So I think it’s a bit split. Some people have found that doing in-context learning—essentially putting a lot of information into the prompt context, into the prompt examples, into the prompt—has been fairly effective for their use case. And others have found that that’s not enough, and that actually, doing supervised fine-tuning on the model can get you better results, and you can do so on a smaller model that you can make private and make very low latency. And also like effectively free if you have it on your own hardware, right?

05.30
So I think those are kind of the trade-offs that people are thinking through. It’s obviously very much easier essentially to do in-context learning. And it could actually be more cost-effective if you’re only hitting that API a few times. Your context is quite small.

And the host and models like, for example, like Haiku, a very small model, are quite cheap and low latency already. So I think there’s basically that trade-off. And with all of machine learning, with all of AI, this is something that you have to test empirically.

06.03
So I would say the biggest thing is people are testing these things empirically, the differences between them and those trade-offs. And I’ve seen a bit of a split, and I really think it comes down to expertise. So the more you know how to actually tune the models, the more success you’ll get out of it immediately with a very small timeline. And you’ll understand how long something will take versus if you don’t have that experience, you will struggle and you might not be able to get to the right result in the right time frame, to make sense from an ROI perspective.

06.35
So where does retrieval-augmented generation fall into the spectrum of the tools in the toolbox?

06.44
Yeah. I think RAG is a way to actually prompt the model and use search basically to search through a bunch of documents and selectively add things into the context, whether it be the context is too small, so like, it can only handle a certain amount of information, or you don’t want to distract the model with a bunch of irrelevant information, only the relevant information from retrieval.

I think retrieval is a very powerful search tool. And I think it’s important to know that while you use it at inference time quite a bit, this is something you teach the model to use better. It’s a tool that the model needs to learn how to use, and it can be taught in post-training for the model to actually do retrieval, do RAG, extremely effectively, in different types of RAG as well.

So I think knowing that is actually fairly important. For example, in the RL environments that I create, and the fine-tuning kind of data that I create, I include RAG examples because I want the model to be able to learn that and be able to use RAG effectively.

07.46
So besides supervised fine-tuning, the other class of techniques, broadly speaking, falls under reinforcement learning for post-training. But the impression I get—and I’m a big RL fan, and I’m a cheerleader of RL—but it seems always just around the corner, beyond the grasp of regular enterprise. It seems like a class of tools that the labs, the neo labs and the AI labs, can do well, but it just seems like the tooling is not there to make it, you know. . . Like I describe supervised fine-tuning as largely solved if you have a service. There’s no equivalent thing for RL, right?

08.35
That’s right. And I think SFT (supervised fine-tuning) came first, so then it has been allowed to mature over the years. And so right now RL is kind of seeing that moment as well. It was a very exciting year last year, when we used a bunch of RL at test-time compute, teaching a model to reason, and that was really exciting with RL. And so I think that’s ramped up more, but we don’t have as many services today that are able to help with that. I think it’s only a matter of time, though.

09.04
So you said earlier, it’s important for enterprises to know that these techniques exist, that there’s companies who can help you with these techniques, but it might be too much of a lift to try to do it yourself.

09.20
I think maybe fully end to end, it is challenging as an enterprise. I think there are individual developers who are able to do this and actually get a lot of value from it. For example, for vision language models or for models that generate images, people are doing a lot of bits and pieces of fine-tuning, and getting very custom results that they need from these models.

So I think it depends on who you are and what you’re surrounded by. The Tinker API from Thinking Machines is really interesting to me because that enables another set of people to be able to access it. I’m not quite sure it’s quite at the enterprise level, but I know researchers at universities now have access to distributed compute, like doing post-training on distributed compute, and pretty big clusters—which is quite challenging to do for them. And so that makes it actually possible for at least that segment of the market and that user base to actually get started.

10.21
Yeah. So for our listeners who are familiar with just plain inference, the OpenAI API has become kind of the de facto API for inference. And then the idea is this Tinker API might play that role for fine-tuning inputs, correct? It’s not kind of the whole project that’s there.

10.43
Correct. Yeah, that’s their intention. And to do it in a heavy like distributed way.

10.49
So then, if I’m CTO at an enterprise and I have an AI team and, you know, we’re not up to speed on post-training, what are the steps to do that? Do we bring in consultants and they explain to us, here’s your options and these are the vendors, or. . .? What’s the right playbook?

11.15
Well, the strategy I would employ is, given these models change their capabilities constantly, I would obviously have teams testing the boundaries of the latest iteration of model at inference. And then from a post-training perspective, I would also be testing that. I would have a small, hopefully elite team that is looking into what I can do with these models, especially the open ones. And when I post-train, what actually comes from that. And I would think about my use cases and the desired things I would want to see from the model given my understanding of post-training.

11.48
So hopefully you learn about post-training through this book with O’Reilly. But you’re also able to now grasp like, What are the types of capabilities I can add into the model? And as a result, what kinds of things can I then add into the ecosystem such that they get incorporated into the next generation of model as well?

For example, I was at an event recently and someone said, oh, you know, these models are so scary. When you threaten the model, you can get better results. So is that even ethical? You know, the model gets scared and gets you a better result. And I said, actually, you can post-train that out of the model. Where when you threaten it, it actually doesn’t give you a better result. That’s not actually like a valid model behavior. You can change that behavior of the model. So understanding these tools can lend that perspective of, oh, I can change this behavior because I can change what output given this input. Like how the model reacts to this type of input. And I know how.

I also know the tools right. This type of data. So maybe I should be releasing this type of data more. I should be releasing these types of tutorials more that actually helps the model learn at different levels of difficulty. And I should be releasing these types of files, these types of tools, these types of MCPs and skills such that the model actually does pick that up.

And that will be across all different types of models, whether that be a frontier lab looking at your data or your internal team that is doing some post-training with that information.

13.20
Let’s say I’m one of these enterprises, and we already have some basic applications that use RAG, and you know, I hear this podcast and say, OK, let’s try this, try to go down the path of post-training. So we already have some familiarity with how to do eval for RAG or some other basic AI application. How does my eval pipeline change in light of post-training? Do I have to change anything there?

14.03
Yes and no. I think you can expand on what you have right now. And I think your existing eval—hopefully it’s a good eval. There’s also best practices around evals. But essentially let’s say it’s just a list of possible inputs and outputs, a way to grade those outputs, for the model. And it covers a decent distribution over the tasks you care about. Then, yes, you can extend that to post-training.

For fine-tuning, it’s a pretty straightforward kind of extension. You do need to think about essentially the distribution of what you’re evaluating such that you can trust that the model’s truly better at your tasks. And then for RL, you would think about, How do I effectively grade this at every step of the way, and be able to understand has the model done well or not and be able to catch where the model is, for example, reward hacking when it’s cheating, so to speak?

So I think you can take what you have right now. And that’s kind of the beauty of it. You can take what you have and then you can expand it for post-training.

15.10
So, Sharon, should people think of something like supervised fine-tuning as something you do for something very narrow? In other words, as you know, one of the challenges with supervised fine-tuning is that first of all, you have to come up with the dataset, and let’s say you can do that, then you do the supervised fine-tuning, and it works, but it only works for kind of that data distribution somehow. And so in other words, you shouldn’t expect miracles, right?

15.44
Yes, actually something I do recommend is thinking through what you want to do that supervised fine-tuning on. And really, I think it should be behavior adaptation. So for example, in pretraining, that’s when the model is learning from a huge amount of data, for example, from the internet, curated. And it’s just gaining raw intelligence across a lot of different tasks and a lot of different domains. And it’s just gaining that information, predicting that next token. But it doesn’t really have any of those behavioral elements to it.

Now, let’s say it’s only learned about version one of some library. If in fine-tuning, so if in post-training, you now give it examples of chatting with the model, then it’s able to be able to chat over version one and version zero. (Let’s say there’s a version zero.) And you only gave it examples of chatting with version one, but it’s able to generalize that version zero. Great. That’s exactly what you want. That’s a behavior change that you’re making in the model. But we’ve also seen issues where, if you for example now give the model in fine-tuning examples of “oh, here’s something with version two,” but the base model, the pretrained model did not ever see anything about version two, it will learn this behavior of making things up. And so that will generalize as well. And that could actually hurt the model.

So something that I really encourage people to think about is where to put each step of information. And it’s possible that certain amounts of information are best done as more of a pretraining step. So I’ve seen people take a pretrained model, do some continued pretraining—maybe you call it midtraining, I’m not sure. But like something there—and then you do that fine-tuning step of behavior modification on top.

17.36
In your previous startup, you folks talked about something. . . I forget. I’m trying to remember. Something called memory tuning, is that right?

17.46
Yeah. A mixture of memory experts.

17.48
Yeah, yeah. Is it fair to cast that as a form of post-training?

17.54
Yes, that is absolutely a form of post-training. We were doing it in the adapter space.

17.59
Yeah. And you should describe for our audience what that is.

18.02
Okay. Yeah. So we invented something called mixture of memory experts. And essentially, you can hear like the words, except for the word “memory,” it’s a mixture of experts. So it’s a type of MOE. MOEs are typically done in the base layer of a model. And what it basically means is like there are a bunch of different experts, and for particular requests, for a particular input prompt, it routes to only one of those experts or only a couple of those experts instead of the whole model.

And this makes latency really low and makes it really efficient. And the base models are often MOEs today for the frontier models. But what we were doing was thinking about, well, what if we froze your base model, your base pretrained model, and for post-training, we could do an MOE on top? And specifically, we could do an MOE on top through the adapters. So through your LoRA adapters. And so instead of just one LoRA adopter, you could have a mixture of these LoRA adopters. And they would effectively be able to learn multiple different tasks on top of your base model such that you would be able to keep your base model completely frozen and be able to, automatically in a learned way, switch between these adapters.

19.12
So the user experience or developer experience is similar to supervised fine-tuning: I will need labeled datasets for this one, another set of labeled datasets for this one, and so on.

19.29
So actually, yeah. Similar to supervised fine-tuning, you would just have. . . Well, you could put it into one giant dataset, and it would learn how to figure out which adapters to allocate it to. So let’s say you had 256 adapters or 1024 adapters. It would learn what the optimal routing is.

19.47
And then you folks tried to explain this in the context of neural plasticity, as I recall.

19.55
Did we? I don’t know. . .

19.58
The idea being that, because of this approach, your model can be much more dynamic.

20.08
Yeah. I do think there’s a difference between inference, so just going forwards in the model, versus being able to go backwards in some way, whether that be through the entire model or through adapters, but in some way being able to learn something through backprop.

So I do think there is a pretty fundamental difference between those two types of ways to engage with a model. And arguably at inference time, your weights are frozen, so the model’s “brain” is completely frozen, right? And so you can’t really heavily adapt anything towards a different objective. It’s frozen. So being able to continually modify what the model’s objective and thinking and steering and behavior is, I think it’s valuable now.

20.54
I think there are more approaches to this today, but from a user experience perspective, some people have found it easier to just load a lot of things into the context. And I think there’s. . . I’ve actually recently had this debate with a few people around whether in-context learning truly is somewhere in between just frozen inference forwards and backprop. Obviously it’s not doing backprop directly, but there are ways to mimic certain things. But maybe that is what we’re doing as a human throughout the day. And then I will backprop at night when I’m sleeping.

So I think people are playing with these ideas and trying to understand what’s going on with the model. I don’t think it’s definitive yet. But we do see some properties, when just playing with the input prompt. But there I think, needless to say, there are 100% fundamental differences when you are able to backprop into the weights.

21.49
So maybe for our listeners, briefly define in-context learning.

21.55
Oh, yeah. Sorry. So in-context learning is a deceptive term because the word “learning” doesn’t actually. . . Backprop doesn’t happen. All it is is actually putting examples into the prompt of the model and you just run inference. But given that prompt, the model seems to learn from those examples and be able to be nudged by those examples to a different answer.

22.17
By the way, now we have frameworks like DSPy, which comes with tools like GEPA which can optimize your prompts. I know a few years ago, you folks were telling people [that] prompting your way through a problem is not the right approach. But now we have more principled ways, Sharon, of developing the right prompts? So how do tools like that impact post-training?

22.51
Oh, yeah. Tools like that impact post-training, because you can teach the model in post-training to use those tools more effectively. Especially if they help with optimizing the prompt and optimizing the understanding of what someone is putting into the model.

For example, let me just give a contrast of how far we’ve gotten. So post-training makes the model more resilient to different prompts and be able to handle different types of prompts and to be able to get the intention from the user. So as an extreme example, before ChatGPT, when I was using GPT-3 back in 2020, if I literally put a space by accident at the end of my prompt—like when I said, “How are you?” but I accidentally pressed Space and then Enter, the model completely freaked out. And that’s because of the way things were tokenized, and that just would mess things up. But there are a lot of different weird sensitivities in the model such that it would just completely freak out, and by freak out I mean it would just repeat the same thing over and over, or just go off the rails about something completely irrelevant.

And so that’s what the state of things were, and the model was not post-trained to. . . Well, it wasn’t quite post-trained then, but it also wasn’t generally post-trained to be resilient to any type of prompt, versus now today, I don’t know about you, but the way I code is I just highlight something and just put a question mark into the prompt.

I’m so lazy, or like just put the error in and it’s able to handle it—understand that you’re trying to fix this error because why else would you be talking to it. And so it’s just much more resilient today to different things in the prompt.

24.26
Remember Google “Did you mean this?” It’s kind of an extreme version of that, where you type something completely misspelled into Google, and it’s able to kind of figure out what you actually meant and give you the results.

It’s the same thing, even more extreme, like super Google, so to speak. But, yeah, it’s resilient to that prompt. But that has to be done through post-training—that is happening in post-training for a lot of these models. It’s showing the model, hey, for these possible inputs that are just gross and messed up, you can still give the user a really well-defined output and understand their intention.

25.05
So the hot thing today, of course, is agents. And agents now, people are using things like tool calling, right? So MCP servers. . . You’re not as dependent on this monolithic model to solve everything for you. So you can just use a model to orchestrate a bunch of little specialized specialist agents.

So do I still need post-training?

25.39
Oh, absolutely. You use post-training to get the agent to actually work.

25.43
So get the agent to pull all the right tools. . .

25.46
Yeah, actually, a huge reason why hallucinations have been, like, much better than before is because now, under the hood, they’ve taught the model to maybe use a calculator tool instead of just output, you know, math on your own, or be able to use the search API instead of make things up from your pretraining data.

So this tool calling is really, really effective, but you do need to teach the model to use it effectively. And I actually think what’s interesting. . . So MCPs have managed to create a great intermediary layer to help models be able to call different things, use different types of tools with a consistent interface. However, I have found that due to probably a little bit lack of post-training on MCPs, or not as much as, say, a Python API, if you have a Python function declaration or a Python API, that’s actually the models actually tend to do empirically, at least for me, better on it because models have seen so many more examples of that. So that’s an example of, oh, actually in post-training I did see more of that than MCPs.

26.52
So weirdly, it’s better using Python APIs for your same tool than an MCP of your own tool, empirically today. And so I think it really depends on what it’s been post-trained on. And understanding that post-training process and also what goes into that will help you understand why these differences occur. And also why we need some of these tools to help us, because it’s a little bit chicken-egg, but like the model is capable of certain things, calling different tools, etc. But having an MCP layer is a way to help everyone organize around a single interface such that we can then do post-training on these models such that they can then do well on it.

I don’t know if that makes sense, but yeah, that’s why it’s so important.

27.41
Yeah, yeah. In the areas I’m interested in, which I mean, the data engineering, DevOps kind of applications, it seems like there’s new tools like Dex, open source tools, which allow you to kind of save pipelines or playbooks that work so that you don’t constantly have to reinvent the wheel, you know, just because basically, that’s how these things function anyway, right? So someone gets something to work and then everyone kind of benefits from that. But then if you’re constantly starting from scratch, and you prompt and then the agent has to relearn everything from scratch when it turns out there’s already a known way to do this problem, it’s just not efficient, right?

28.30
Oh, I also think another exciting frontier that’s kind of in the zeitgeist of today is, you know, given Moltbook or OpenClaw stuff, multi-agent has been talked about much more. And that’s also through post-training for the model, to launch subagents and to be able to interface with other agents effectively. These are all types of behavior that we have to teach the model to be able to handle. It’s able to do a lot of this out of the box, just like GPT-3 was able to chat with you if you give it the right nudging prompts, etc., but ChatGPT is so much better at chatting with you.

So it’s the same thing. Like now people are, you know, adding to their post-training mix this multi-agent workflow or subagent workflow. And that’s really, really important for these models to be effective at being able to do that. To be both the main agent, the unified agent at the top, but also to be the subagent to be able to launch its own subagents as well.

29.26
Another trend recently is the emergence of these multimodal models or even, people are starting to talk about world models. I know those are early, but I think even just in the area of multimodality, visual language models, and so forth, what is the state of post-training outside of just LLMs? Just different kinds of this much more multimodal foundation models? Are people doing the post-training in those frontier models as well?

30.04
Oh, absolutely. I actually think one really fun one—I guess this is largely a language model, but they are likely tokenizing very differently—are people who are looking at, for example, life sciences and post-training foundation models for that.

So there you would want to adapt the tokenizer, because you wanted to be able to put different types of tokens in and tokens out, and have the model be very efficient at that. And so you’re doing that during post-training, of course, to be able to teach that new tokenizer. But you’re also thinking about what other feedback loops you can do.

So people are automating things like, I don’t know, the pipetting and testing out the different, you know, molecules, mixing them together and being able to get a result from that. And then, you know, using that as a reward signal back into the model. So that’s a really powerful other type of domain that’s maybe adjacent to how we think about language models, but tokenized differently, and has found an interesting niche where we can get nice, verifiable rewards back into the model that is pretty different from how we think about, for example, coding or math, or even general human preferences. It’s touching the real world or physical world—so it’s probably all real, but the physical world a little bit more.

31.25
So in closing, let’s get your very quick takes on a few of these AI hot topics. First one, reinforcement learning. When will it become mainstream?

31.38
Mainstream? How is it not mainstream?

31.40
No, no, I mean, for regular enterprises to be able to do it themselves.

31.47
This year. People have got to be sprinting. Come on.

31.50
You think? Do you think there will be tools out there so that I don’t need in-house talent in RL to do it myself?

31.59
Yes. Yeah.

32.01
Secondly, scaling. Is scaling still the way to go? The frontier labs seem to think so. They think that bigger is better. So are you hearing anything in the research frontiers that tell you, hey, maybe there’s alternatives to just pure scaling?

32.20
I still believe in scaling. I believe we’ve not met a limit yet. Not seen a plateau yet. I think the thing people need to recognize is that it’s always been a “10X compute for 2X intelligence” type of curve. So it’s not exactly like 10X-10X. But yeah, I still believe in scaling, and we haven’t really seen an empirical plateau on that yet.

That being said, I’m really excited about people who challenge it. Because I think it would be really amazing if we could challenge it and get a huge amount of intelligence with less pure dollars, especially now as we start to hit up on trillions of dollars in some of the frontier labs, of like that’s the next level of scale that they’ll be seeing. However, at a compute company, I’m okay with this purchase. Come spend trillions! [laughs]

33.13
By the way, with respect to scaling, so you think the models we have now, even if you stop progress, there’s a lot of adaptation that enterprises can do. And there’s a lot of benefits from the models we already have today?

33.30
Correct. Yes. We’re not even scratching the surface, I think.

33.34
The third topic I wanted to pick your brain quick is “open”: open source, open weights, whatever. So, there’s still a gap, I think.

33.49
There are contenders in the US who want to be an open source DeepSeek competitor but American, to make it more amenable when selling into. . .

34.02
They don’t exist, right? I mean, there’s Allen.

34.06
Oh, like Ai2 for Olmo… Their startup’s doing some stuff. I don’t know if they’ve announced things yet, but yeah hopefully we’ll hear from them soon.

34.15
Yeah yeah yeah.

Another interesting thing about these Chinese AI teams is obviously, you have the big companies like Tencent, Baidu, Alibaba—so they’re doing their thing. But then there’s this wave of startups. Set aside DeepSeek. So the other startups in this space, it seems like they’re targeting the West as well, right? Because basically it’s hard to monetize in China, because people tend not to pay, especially the enterprises. [laughs]

I’m just noticing a lot of them are incorporating in Singapore and then trying to build solutions for outside of China.

35.00
Well, the TAM is quite large here, so. . . It’s quite large in both places.

35.07
So it’s the final question. So we’ve talked about post-training. We talked about the benefits, but we also talked about the challenges. And as far as I can tell, one of the challenges is, as you pointed out, to do it end to end requires a bit of expertise. First of all, think about just the data. You might need the right data platform or data infrastructure to prep your data to do whatever it is that you’re doing for post-training. And then you get into RL.

So what are some of the key foundational things that enterprises should invest in to set themselves up for post-training—to get really good at post training? So I mentioned a data platform, maybe invest in the data. What else?

36.01
I think the type of data platform matters. I’m not sure if I totally am bought into how CIOs are approaching it today. I think what matters at that infrastructure layer is actually making sure you deeply understand what tasks you want these models to do. And not only that, but then codifying it in some way—whether that be inputs and outputs and, you know, desired outputs, whether that be a way to grade outputs, whether that be the right environment to have the agent in. Being able to articulate that is extremely powerful and I think is the one of the key ways of getting that task that you want this agent to do, for example, to be actually inside of the model. Whether it’s you doing post-training or someone else doing post-training, no matter what, if you build that, that will be something that gives a high ROI, because anyone will be able to take that and be able to embed it and you’ll be able to get that capability faster than anyone else.

37.03
And on the hardware side, one interesting thing that comes out of this discussion is if RL truly becomes mainstream, then you need to have a healthy mix of CPUs and GPUs as well.

37.17
That’s right. And you know, AMD makes both. . .

37.25
It’s great at both of those.

And with that thank you, Sharon.

11:21

Steve Yegge Wants You to Stop Looking at Your Code [Radar]

My “Live with Tim” conversation with Steve Yegge this week was one of those sessions where you could imagine the audience leaning forward in their chairs. And on more than one occasion, when Steve got particularly colorful, I imagined them recoiling. Steve has always been one of the most provocative thinkers in our industry, going all the way back to his legendary 2011 platform rant that leaked from inside Google. These days he’s channeling his energy into Gas Town, an open source AI agent orchestrator, and into a relentless campaign to shake developers out of what he sees as a state of denial about where coding is headed.

And yes, Gas Town is indeed named after the fuel depot in Mad Max: Furiosa, and even features a managing agent named after the Mayor. But Steve’s Gas Town is anything but dystopic. If anything, it’s joyous. That gives you a deep sense of who Steve is: He goes into the deepest, darkest part of the forest, finds something scary, and then does his best to redeem it.

We covered a lot of ground: the eight levels of coder evolution, the addictive pull of multi-agent workflows, grief and denial in the developer community, the bitter lesson, and why taste may be the last remaining competitive advantage. Here are some of the highlights.

Everyone gets a chief of staff

Steve’s “Eight Levels of Coder Evolution” framework has taken on a life of its own since he published it as part of the Gas Town launch post. The first four levels are about increasingly sophisticated IDE use; levels five through eight are about coding agents. Here is an infographic showing the eight stages that I showed to anchor the start of our conversation. Note that I created this slide with Nano Banana 2. It is not directly from Steve.

Eight stages of AI-assisted software development

The key transition, Steve argues, happens at level five: Your IDE goes away and you never open it again. As Steve described it, once you realize Claude Code can write pieces of your code, you start assembling them like Lego. But while one agent is working, you’re sitting there bored, so you fire up another one. And another. Before long, you’ve got six agents running in parallel, and one of them is always finished and waiting for your attention.

Steve drew an analogy to Amazon VPs who had executive assistant support. Those people were effectively two people. They didn’t have to worry about whether the printer was jammed, so they could spend all their time focused on the real problems. Gas Town, Steve argues, is topologically similar: It’s going to turn everybody into something like an executive with a chief of staff. “We all have a chief of staff now,” he said. “Everybody’s going to be able to spend their time more productively on whatever they want to spend it on instead of figuring out where the printer is jammed.”

On March 26, join Addy Osmani and Tim O’Reilly at AI Codecon: Software Craftsmanship in the Age of AI, where an all-star lineup of experts will go deeper into orchestration, agent coordination, and the new skills developers need to build excellent software that creates value for all participants. Sign up for free here.

The AI vampire

This is Steve Yegge, so he’s not just going to give you the upside. His post on “the AI Vampire” explained how AI-assisted productivity creates an insidious new kind of burnout, and I made sure to ask him about that.

The old version of overwork was your company piling tasks on you until you broke, he told us. The new version isn’t your boss asking you to work extra hours. It’s Claude saying, “Is there anything else you’d like me to do on this project?” And you say yes, yes, yes, because it’s fun, because it’s productive, because the AI is your buddy, not your employer.

But there’s a twist. The AI is solving all the easy problems and leaving you with nothing but hard ones. In our conversation, I said it can feel like your bike ride is all hills now, and Steve immediately connected it to watching Jeff Bezos in meetings at Amazon. People would bring him presentations where they’d already solved every easy problem, so Bezos was just getting the hard stuff, all day long. “Now this happens to you,” Steve said. “Everyone’s Jeff Bezos, everyone’s an entrepreneur. Everyone has a huge army of workers now. And I’m telling you, it’s exhausting.”

Steve told us he naps every day now, sometimes twice a day, feeling drained by the relentless cognitive intensity. These agents don’t just help you work faster; they fundamentally change what kind of work reaches your desk.

On the wrong side of the bitter lesson

We spent a good stretch on Richard Sutton’s “bitter lesson.” Sutton observed that raw computation consistently beats systems built on human-engineered structure. Steve treats it less as a paper and more as a daily operating principle. “Not a day goes by when I don’t think about the bitter lesson as a math formula,” he said, “at least five times a day.”

His practical test is simple: If you’re writing code that tries to make the AI smarter, by adding heuristics, parsers, regular expressions to handle what a model could handle, you’re on the wrong side of the bitter lesson. He watches even his own Gas Town contributors make this mistake, reaching for a little regex hack when they should let a model do the cognition. (Steve does admit that sometimes you do need to provide prebuilt code if it saves tokens.)

Sutton wrote about the bitter lesson in the context of training programs to beat humans at chess and go, but it’s more general than that, even more general than leaning into today’s AI in the way that Steve does. I shared my own first encounter with the bitter lesson, back in 1993 when O’Reilly created GNN, the first commercial web portal. Being publishers, we curated a catalog of the best websites. Then Yahoo! set out to list all of them, restricting curation to putting them into categories. Then Google did it algorithmically, creating a custom curation for every search. We know which approach won. The bitter lesson isn’t just about AI; it’s about a recurring pattern in the history of technology where scale and computation overwhelm hand-tuned solutions.

I still believe we have to bet against the bitter lesson, because if we just give up, there will be no place for humans in the future knowledge economy. But we have to do it knowing that we aren’t going to win in the traditional sense. We aren’t going to outrace AI. We have to learn to ride it.

For anyone in a corporate setting, you will naturally want to fit AI into your current workflows. The bitter lesson says you should instead figure out what the AI can do by itself first, and then build a new workflow around that. I described Steve’s whole approach as looking the bitter lesson in the face and saying, “I’m going to turn AI loose on everything I can, and then figure out where the human fits in the loop.”

Code is a liquid

Steve hit peak Yegge mode when an audience member asked why they should leave their IDE. His response was, as usual, quotable:

If you’re looking at your code, then you’re in a Formula One race and you’ve parked your car and opened the hood and you’re looking at the engine. You’ve slowed time to the point where everyone is racing past you and you’re a frozen statue. Code is a liquid. You spray it through hoses. You don’t freaking look at it….

Look, I get it. This is painful for people. This is super painful. For me to say these things is painful for people to hear them. Because what I’m saying is your job is going to change.…And there’s still a lot of denial out there.

What’s the first phase of grief? The first phase of grief. The whole world is in it right now, Tim. They’re in denial. Right. They are grieving for what is going away. We’re at the end of an era. An age, a golden age, maybe, where we programmers, we’re writing all the code. And it was wonderful for 30, 40, 50 years or whatever. That era is ending and people are grieving because of it. And I feel for them. I’ve got empathy, right. But I’m also losing patience because it’s 2026 and this is an exponential curve, and we don’t have time to sit around and feel pity for ourselves.

He sees that grief everywhere, but he specifically called out Hacker News, which he described as the home of “the new Amish.”

Taste is the moat

Another of the audience questions was about whether corporations with deep pockets have all the leverage and there’s no room left for individuals. Steve’s answer was emphatic: absolutely not. Steve made a passionate argument that creativity outweighs capital in the AI era. He’s certain there will be companies that waste millions of dollars of tokens building software that never sees the light of day, because they had no taste, no good ideas, just brute-force generation without direction. Meanwhile, an entrepreneur with open source local inference models and a good GPU can build something that matters, if they know what people want.

“Everything is going to come down to taste,” Steve said. “Companies don’t have an advantage anymore. As an entrepreneur, I think this is a golden opportunity for people to make huge, huge impact.”

It’s mentors all the way down

Someone from the audience asked Steve about a question that’s on everyone’s mind: If senior developers are becoming PMs and juniors are being replaced by AI, where will new seniors come from? His answer was a classic reframe, and an update of what he wrote in “Revenge of the Junior Developer.”

He made the case that your most junior engineers aren’t who you think they are anymore. They’re your product managers, your SDRs, your finance and sales folks, all of those people throughout your company who are now building things with AI. Your former junior engineers are actually well-trained engineers who make perfect mentors for this new bottom layer. And those juniors get mentored by seniors, and seniors by principals. It’s mentoring all the way down.

Steve pointed out that this connects to something Matt Beane (who was in our audience) has researched on skills acquisition: You don’t learn from someone 40 levels above you; you learn from someone one or two levels ahead. Steve’s suggestion for companies is to organize around this. Find mentors within your organization who are just a step or two ahead of where each person is, and bring everyone along with empathy for what people are going through.

We’re going to build bigger stuff

Another audience member asked about research showing that AI atrophies critical thinking pathways. I couldn’t resist jumping in with one of my favorite historical analogues. Socrates said the same thing about the written word, arguing that it was impairing people’s ability to remember. And he was right, we did lose the ability to recite massive amounts of literature from memory. But we gained more than we lost. Things change.

I also shared a Rilke poem that I love, about Jacob wrestling with the angel: “What we fight with is so small, and when we win, it makes us small. What we want is to be defeated decisively by successively greater beings.” If AI is atrophying your thinking, it’s because you’re not wrestling with hard enough problems. The real opportunity is to be pushed, stretched, and defeated by bigger challenges, and come away stronger from the fight.

Steve agreed: “We’re going to build bigger stuff. That’s what everyone’s worried about. What’s going to happen? And the answer is we’re going to build bigger stuff and it’s going to be fun.”

Watch the full conversation here. Steve Yegge’s Gas Town is at https://github.com/steveyegge/gastown. His blog posts on “T he AI Vampire,” the “Revenge of the Junior Developer,” and “Software Survival 3.0” are essential reading for anyone navigating this transition.

10:35

Grrl Power #1442 – Something, something, chicken dinner [Grrl Power]

Under normal circumstances, blowing up the thing that’s obviously the power source is a terrible idea. Under a severe time limit? Blowing it up may be the best option. It still might be a terrible idea, I’m just saying a time limit might eliminate other paths all together. Blowing it up might be the only option.

Maxima’s blue word bubble and slightly squareish text represents that her voice is disguised. I’m thinking Sovereign, but somehow feminine. Like, 1 octave higher, and her “I’s” have little hearts instead of dots. You can totally hear it in her voice!

If Bluce and Gail didn’t know Ixah can talk, I have to wonder what the sign up process for the tournament is. Like, presumably, the competitor or a representative has to fill out some kind of form, even if you don’t necessarily need to put your real information on it. They don’t care who’s competing, whether you’re the heir to a powerful dynasty or a secret science project or a member of an unknown species, but they still need to know what name to call you. I guess Cora taught Max to write “Ixah” in galactic standard, then she just stared menacingly while they tried to ask her questions, and eventually, they were like, “Fine, you’re entering late, so you’ll need to show you can hang in the Elimination Battle Royales, so go qualify for that by fighting a bunch of battle mechs with laser halberds and oh, you’ve already broken all of them. Okay, you’re good to go! Be at the transit pad at this time.”

Ah! I thought I had more time till March. I’m bad at looking at dates apparently. The new one is underway.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

I did try and do an oil painting version of this, by actually re-painting over the whole thing with brush-strokey brushes, but what I figured out is that most brushy oil paintings are kind of low detail. Sure, a skilled painter like Bob Ross or whoever can dab a brush down a canvas and make a great looking tree or a shed with shingles, but in trying to preserve the detail of my picture (eyelashes, reflections, etc) was that I had to keep making the brush smaller and smaller, and the end result was that honestly, it didn’t really look all that oil-painted. I’ll post that version over at Patreon, just for fun, but I kind of quit on it after getting mostly done with re-painting Max.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

09:42

Henry Ford knew how to drive [Seth's Blog]

He also understood the process of organizing a plant to build a car.

Scott Belsky knows how to use Photoshop and remembers what it was like to run a small business.

And Sarah Jones knows exactly what is required to be on stage, alone, in a crowded theater.

The world keeps changing (faster than ever) and leading our team (and our career) requires us to do things we didn’t used to know how to do.

In essence, the CEO of every organization, of every size, is more incompetent than ever before. It’s not enough to know how to use the product and have empathy for your customers.

Are you making decisions about AI, supply chains, vendor management, the sales pipeline or employee health?

It’s hard to wing it if you haven’t flown before, and now most of what CEOs do (even for companies of one or two people) has little to do with the actual product or service on offer.

One alternative is to freak out, bury your head and hope for the best.

The other is to use the system to learn about the system. Instead of winging it, find the time to learn enough to make good decisions and to understand the tools well enough to benefit from hiring people to use them.

Because that’s what CEOs make. They make decisions.

09:35

Mike Gabriel: Debian Lomiri Tablets 2025-2027 - Project Report (Q4/2025) [Planet Debian]

On 25th Oct 2025, I announced via my personal blog and on Mastodon that Fre(i)e Software GmbH was hiring. The hiring process was a mix of asking developers I know and waiting for new people to apply.

At the beginning of November 2025 / in mid November 2025, we started with 13 developers (all part-time) to work on various topics around Lomiri (upstream and downstream). Note that the below achievements don't document the overall activity in the Lomiri project, but that part that our team at Fre(i)e Software GmbH contributed to.

Organizational Achievements

Setup management board for Qt6 migration in Lomiri [1]
Setup management board for salsa2ubports package syncing [2]
Bootstrap Qt 6.8 in UBports APT repository
Bootstrap Qt 6.8 in Lomiri PPA
Fix Salsa CI for all Lomiri-related Debian packages
Facilitate contributor's project around XDG Desktop Portal support for Lomiri.
Plan how to bring DeltaTouch and DeltaChat core to Debian

Maintenance Development

Replace libofono-qt by libqofono in telepathy-ofono
Rework unit tests in telepathy-ofono utilizing ofone-phonesim
Obsolete not-used-anymore u1db-qt
Fixing wrong bin:pkg names regarding snapd-glib's QML module

Qt6 Porting

qmake -> CMake porting (if needed) and Qt6 porting of shared libraries and QML modules consumed by Lomiri shell and Lomiri apps:
- biometryd
- libqofono
- libqofonoext
- libqtdbusmock
- lomiri-account-polld
- lomiri-action-api
- lomiri-api
- lomiri-download-manager
- lomiri-location-service
- lomiri-online-accounts
- lomiri-push-qml
- lomiri-push-service
- maliit-framework
- mediascanner2
- qtlomiri-appmenutheme
- qtpim (started, work in progress)
- qwebdavlib
- signond (flaws spotted in Debian's porting of signond to Qt6)

Feature Development

Continuing with Morph Browser Qt6 / LUITK
- Build, run and fix LUITK unit tests for Qt6
- various bug fixes and improvements for Morph Qt6
Add mbim modem support to ofono upstream
Improve ofono support in Network Manager
Improve mbim modem support in lomiri-indicator-network
Package kazv (convergent Matrix client) and dependencies for Debian
Provide Lomiri images for Mobian

Research

Research on fuse-based caching Webdav client for lomiri-cloudsync-app.
Research on alternative ORM instead of QDjango in libusermetrics

[1] https://gitlab.com/groups/ubports/development/-/boards/9895029?label_name%5B%5D=Topic%3A%20Qt%206
[2] https://gitlab.com/groups/ubports/development/-/boards/10037876?label_name[]=Topic%3A%20salsa2ubports%20DEB%20syncing

03:21

Subduction Retrieval [xkcd.com]

01:49

Drag Race Episode Ten: A Design Challenge Love-Fest [The Stranger]

My prayers were answered: we got another Mini-Challenge this week. by Mike Kohfeld

My prayers were answered: we got another Mini-Challenge this week. In the spirit of Paris is Burning, RuPaul threw open the library doors and gave the queens a chance to read each other for filth. Drag Race always incorporates the reading Mini-Challenge somewhere halfway through a season—y’know, once the queens have spent enough time cooped up together that they have plenty of dirt to dish. Funnygirls Jane, Myki, Darlene, and Nini got loads of laughs, while Kenya’s reads were hit-and-miss. Discord and Juicy brought Jane’s prophecy to life: the Florida girls can’t read. But Orlando-based Myki was the exception.

The reading challenge wasn’t the only bit of fun this week. By Episode Ten, the queens have been sequestered together for over two months in the Drag Race pressure cooker. The combination of exhaustion, adrenaline, and camaraderie manifested through some seriously entertaining antics.

Jane, forgetting Ciara’s name, gaslit a bemused Juicy into thinking there had been a queen named Crystal on the cast and that Juicy had sent her home in a lip-sync, which brought the rest of the cast to stitches. Later, the queens modeled wigs pulled from Darlene’s “mullet bag.” In Kenya’s words, “the emergency wig is something you can hit two times, and then you’re ready.” This is what makes Drag Race magical.

A Suitcase Full of Trash

We were teased with queens returning, but instead, we got… suitcases!? That’s right, it was a design challenge gimmick in which the seven remaining queens had to create party-worthy looks from the “leftovers” of the eliminated queens, a nice reprise of the first challenge’s “Reclaim, Renew, Rejoice” theme.

As the winner of the reading challenge, Myki Meeks got first pick, choosing her sister Briar’s suitcase. The navy blue fabrics inspired Myki to create a chic sequined snowsuit for an Après-ski Party. Darlene, who got Athena’s suitcase, created a breathtaking zebra-print minidress (complete with orange mullet) to the tune of VMAs After-Party. And Nini effortlessly channeled DD Fuego in an orange catsuit and boldly patterned caftan-bolero combo for a Fashion Week Garden Party.

Kenya, who got second pick, wisely chose design diva Vita’s suitcase. She was the belle of the ball with a bell-sleeved, bell-bottomed Disco Party ensemble, proving her sewing skills at last. Guest judge and legendary supermodel Iman called Kenya “the life of the party.”

View this post on Instagram
A post shared by Kenya Pleaser (@kenyapleaser)

Jane got Ciara’s suitcase, figuring that a design-minded queen would have a suitcase full of potential—but was devastated to find that Ciara left only fabric scraps. This was the point where the queens realized that their eliminated sisters may not have had their best interests in mind. Since each queen would have been prompted to pack a suitcase of materials to create a look from scratch, a strategic queen like Ciara would have realized that there would be a bait-and-switch—hence the suitcase “full of trash,” according to Jane.

Jane pushed her way through the stress and self-doubt, crafting an ingenious Grammys After-Party gown composed of complementary sequined fabric panels. RuPaul called it “a patchwork coat of many colors,” applauding Jane’s perseverance with limited materials. “What do you have to say to Ciara?” Ru asked Jane. “I will find her,” Jane promised.

View this post on Instagram
A post shared by Jane Don’t (@heyjanedont)

It All Came Down to Shoes… and Safety Pins

Juicy got an offscreen warning from mama Athena not to choose Athena’s suitcase, so she chose her auntie Mia’s. Applying RuPaul’s critiques on creating a more curvaceous silhouette, she crafted a big-bootied Kylie jumpsuit with a harem pant and sleeves for a Miami Beach party. Iman called it “Miami meets Dubai,” and the only element the judges could nitpick on was Juicy’s choice of shoes.

Of the seven remaining queens, Discord had the last pick, ending up with Mandy Mango’s suitcase. She left Mandy’s bright yellow fabrics behind in favor of black and silver mesh held together with 800 safety pins. Iman called it “Sid Vicious meets Zandra Rhodes,” and paid Discord the highest of compliments by inviting her to pursue fashion design after Drag Race.

But the other queens called foul when RuPaul asked the dreaded question, “who should go home, and why?”

Everyone (except Discord) named Discord as deserving to go home next, with half the cast citing her mediocre track record, and the other half calling her out for cheating the challenge rules. For the challenge, the queens had been tasked with only using materials from their eliminated sister’s suitcase, but Discord’s 800 safety pins—not Mandy’s—prompted the scandal of the week, “SafetyPinGate.” I couldn’t help but chuckle at how Season 18’s “chronically safe” queen looked like she was about to be undone by safety pins. But the other queens’ hyperfocus on that particular detail was a testament to the strength of Discord’s look.

The Last Two Standing

By the time the critiques were over, it was maddeningly unclear who was in danger of going home. RuPaul herself even called the judging a “love-fest.”

Nini, Myki, and Darlene were declared safe. Despite Juicy’s shoe faux pas and Discord’s safety pins, they were also granted safety. This left Kenya and Jane, who had gotten rave reviews, leaving mouths agape across the stage.

Surprise (not): it was a non-elimination episode. Kenya and Jane were declared the top two of the week, with a very relieved Kenya calling out the gag, “Ru is so fucking messy, bitch.”

The top two queens lip-synced to Patti LaBelle’s “Feels Like Another One,” and it was a truly epic matchup. Both queens brought high energy and precise lip-syncs, but to my eye (and Ru’s), Jane’s lip-sync was a snatch bit tighter, especially on Patti’s characteristic ad libs and vocal runs. She was awarded her well-deserved third win of the season, launching her leagues ahead of her competition.

Next week, the legendary Alyssa Edwards (or, as RuPaul tells it, “Alicia Edwards”) returns to the Drag Race stage, where our Season 18 queens are tasked with roasting her—it’s an episode you won’t want to miss!

01:35

The Shape Of You [QC RSS]

At first I was like "is an Ed Sheeran reference going to make this comic seem dated" but then remembered Ed Sheeran's music sucks no matter what year it is

00:35

[$] LWN.net Weekly Edition for March 12, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

Front: Chardet; Linux and age verification; Debian AI; Python lazy imports; Python type-system PEP; PQC HTTPS certificates; MGLRU; Fedora strategy.
Briefs: LLM vulnerability; NTP security; OpenWrt 25.12.0; SUSE sale; Buildroot 2026.02; digiKam 9.0.0; Rust 1.94.0; Quotes; ...
Announcements: Newsletters, conferences, security updates, patches, and more.

00:14

Shouldering the Blame [The Stranger]

Do you need to get something off your chest? by Anonymous

I understand the desire to be close with our friends, lovers, and families while enjoying a walk with them. What I don't understand is how it came to be that, while running on a popular path the other day, I made physical contact with someone because two separate groups of side-by-side walkers couldn't be parted from their companions for the actual second it would have taken for me to run past.

I was running behind one group, and the oncoming group saw me, as I am visible. They were looking ahead, so I made eye contact with the man closest to me. I said to the group ahead of me, "on your left," like a human being who lives in a society with shared spaces. They did not separate or scoot over. In their defense, maybe I didn't give enough warning, maybe they didn't hear me, maybe they didn't understand me. Fair. But the oncoming twosome had zero excuse not to choose any evasive maneuver. When I ran around the other group (on their left), and the oncoming group made their choice to firmly hold their ground, I ended up shoulder-checking the man I had made eye contact with.

Apart from being surprised, I was pissed. This dude saw me coming, he saw the couple I was clearly going to have to run around, and there was time to react. Making a conscious choice to be rude is just rude. Do better.

And to all other side-by-side walkers: May you make better choices or be shoulder checked by people whose impact might make you rethink your co-walking formations.

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! Send your unsigned rant, love letter, confession, or accusation to ianonymous@thestranger.com. Please remember to change the names of the innocent and the guilty.

Wednesday, 11 March

23:49

Cutting down endangered native forest in Australia [Richard Stallman's Political Notes]

A US mining company has been cutting down endangered native forest in Australia. The Australian government secretly made a deal to allow it to continue this, to placate the wrecker.

Corruption is about who Washington is shielding [Richard Stallman's Political Notes]

*Corruption is no longer envelopes of cash – now it is about who Washington is shielding and who it is sacrificing.*

Afghan women's book club reading Orwell [Richard Stallman's Political Notes]

*The secret Afghan women's book club defying the Taliban to read Orwell [and other important writers].*

Freemason UK police [Richard Stallman's Political Notes]

The UK requires police to declare whether they are freemasons, because a masonic lodge "is hierarchical, has confidential membership and requires members to support and protect each other."

This policy is necessary because masons in a police department will come across the requirement to support each other against the perpetrators and/or victims of crimes or bad policies.

Australian censorship thugs seized art posters [Richard Stallman's Political Notes]

Australian censorship thugs seized *art posters depicting [the persecutor, the muskrat], Putin and Netanyahu in Nazi uniforms.*

Because Nazi symbols stand for hate, it is now perhaps prohibited to condemn acts and policies embodying hatred by comparing them to Nazis. This would be good for a laugh at the cops' expense, if it weren't seriously dangerous.

Increase in hot dry days [Richard Stallman's Political Notes]

*Study finds global increase in hot, dry days ideal for wildfires.*

Over the last 45 years, the frequency of such days has increased from around 20 days per year to around 60 days per year. About 60% of that (36 days per year) are caused by fossil fuel, but some of the rest is caused by other human activities such as deforestation.

As long as we keep driving global heating, we will increase our vulnerability to fire. This is why I reject the idea that today's fires, floods and storms are "natural disasters".

A secondary problem of this increased temperature level is damage to coffee cultivation, in the main coffee-producing countries.

Manipulation to use Pretend Intelligence [Richard Stallman's Political Notes]

An influential PI company is manipulatively urging officials and voters to worry about being "left behind" if they don't embrace Pretend Intelligence. Therefore they should race to give PI companies tax breaks, waive environmental regulations for them, and teach students to disregard the danger of letting companies get your data and store it in cloudy systems.

Biometric identification company [Richard Stallman's Political Notes]

A company that does biometric identification (on behalf of LinkedIn) collects 12 kinds of biometrics and consults 6 kinds of government and commercial databases. Then farms out processing of face data to 17 other companies.

Those companies are North America, so in practice they can ignore the EU's "data protection" regulations, and the US government can seize any and all of that data.

This example shows the concrete meaning of dis-services operating in cloudy servers. Don't trust them! I never do.

Of course, I would never ask to be identified on LinkedIn. I do not use LinkedIn at all, because it too is cloudy processing, not to mention the other unjust things it does to its users. But LinkedIn is just one example, and the broad conclusion applies to nearly any business that wants personal data from you.

Machine learning tools to flag office misconduct [Richard Stallman's Political Notes]

Metropolitan [British] police using [machine learning] tools supplied by Palantir to flag officer misconduct.

It is legitimate to monitor the conduct of police officers in ways that would not be morally legitimate for workers in general, because police officers have special authority and face the temptation to become thugs. However, giving their personal data to Palantir is not excusable.

Sad to say, use of "bossware" for monitoring of workers with no special authority has become widespread.

CIA and MI6 saw Putin moving to invade Ukraine [Richard Stallman's Political Notes]

The CIA and MI6 saw that Putin was moving to invade Ukraine, months before he did so, but they could not convince either European allies or Ukraine that it would happen. Until it did.

From polluting the seas to polluting the rivers [Richard Stallman's Political Notes]

When the UK's privatized water companies were effectively blocked from polluting the seas, they switched to polluting the rivers — massively.

Starmer Labour's ministers say Britain needs "investment stability", but that is a bad outcome when it comes to investment that is a kind of exploitation. That ought to be criminal, not protected.

The UK, like most countries, is unstable against being consumed from the inside out by business. The way to put an end to this instability is to make the owners of water company stock forfeit the entire value of their "investments".

Students in Iran resumed large protests [Richard Stallman's Political Notes]

Students in Iran have resumed large protests, condemning the state for killing many thousands of students in January.

Treating severe cases of polio [Richard Stallman's Political Notes]

No one in the US today has experience in treating severe cases of polio. There haven't been such cases in so long that the doctors who had that experience have got old and died.

As a result, when American children start developing polio thanks to the lunacy of RFK Jr (and his boss, the wrecker), they won't even get the treatment that sick children in the 1950s used to get.

Iran's universities [Richard Stallman's Political Notes]

Iran's universities face armed repression and the exclusion of students from campus.

Nexus of sexist influence in academia [Richard Stallman's Political Notes]

Epstein and his friends were a nexus of sexist influence in academia.

Putin hates Telegram [Richard Stallman's Political Notes]

Putin hates Telegram, and is trying to arrange Russian criminal charges against its developer, Pavel Durov.

This leads me to suspect that he is planning a military-style attack against Durov or the people operate the servers behind Telegram.

War situation in Ukraine [Richard Stallman's Political Notes]

About the war situation in Ukraine.

Investments in planet roasting [Richard Stallman's Political Notes]

Some big US banks have "invested" in planet roasting, and some have not. That means large organizations have a significant choice to make.

Last antitrust expert purged from "justice department" [Richard Stallman's Political Notes]

The bully's henchmen have purged the last antitrust expert from the "justice department". The bully's criterion for whether to permit any particular merger involving large companies is based on how much those companies have given to him or his fund-raising activities.

23:28

Goodbye, Sweet Prince [The Stranger]

If you’ve been to Pacific Northwest Ballet any time in the last 20 years, you’ve likely seen Lucien Postlewaite. He’s now in his 18th year as a principal dancer with the company—among the longest tenure for a male principal dancer—and he’s still seemingly everywhere: dancing Cinderella on opening night in a generous partnership with fellow principal Leta Biasucci, emblazoning promotional billboards throughout the city, taking a memorable turn as a heartbroken teenager in Romeo et Juliette, and dancing with the spiky energy required of contemporary fare like Ulysses Dove’s Red Angels. by Megan Burbank

Photography by Billie Winter

If you’ve been to Pacific Northwest Ballet any time in the last 20 years, you’ve likely seen Lucien Postlewaite. He’s now in his 18th year as a principal dancer with the company—among the longest tenure for a male principal dancer—and he’s still seemingly everywhere: dancing Cinderella on opening night in a generous partnership with fellow principal Leta Biasucci, emblazoning promotional billboards throughout the city, taking a memorable turn as a heartbroken teenager in Romeo et Juliette, and dancing with the spiky energy required of contemporary fare like Ulysses Dove’s Red Angels.

Not every ballet dancer can manage this kind of range—or maintain it for as many years as he has—but whether partnering with ballerinas as a go-to story ballet prince or embracing the animalistic verve of Crystal Pite’s Emergence, Postlewaite makes it look easy. His expression is always legible from the cheap seats, his smile magnetic, and when he retires at the end of the company’s current season, he’ll leave a prince-sized hole in his wake.

He’s ready, though, he says, sitting in PNB’s library, flanked by his little red-and-white King Charles Spaniel, Dudley. Postlewaite is originally from California, and attended New York City Ballet’s feeder program the School of American Ballet. Peter Boal, artistic director at PNB, met Postlewaite on the first day of a summer course there, when the dancer was a 13-year-old student. “One of us knew what tremendous potential this young dancer possessed,” said Boal in a statement announcing Postlewaite’s retirement. During a summer course at PNB, Postlewaite’s talent also caught the eye of then–artistic directors Francia Russell and Kent Stowell, who offered him an apprenticeship. But Postlewaite was holding out for City Ballet, so he turned Russell and Stowell down.

When the New York company came through with the offer of an apprenticeship, he was elated. He was 17, and went out drinking to celebrate. But when he got back to the dorms, he got caught. “I lost my apprenticeship and was sent home: the poster child for the school’s new drugs and alcohol program,” he told the Seattle Post-Intelligencer in 2008. The ballet world rarely gives young dancers second chances for being normal teenagers.

“I got so depressed I lost my confidence and will to dance. I was out for five months. I didn’t have a job or any place to go,” he told the PI. But Postlewaite reconnected with Russell and Stowell. They didn’t have a spot for him at the time, but suggested that he join the school for another year. He joined the company as an apprentice in 2003.

He’s the last dancer still in the company to have been hired by Stowell and Russell—and has had the one of the longest careers among the company’s male principal dancers.

Postlewaite had an unusually quick trajectory up the company’s ranks, with promotions to corps de ballet in 2004, soloist in 2007, and principal in 2008. While his repertoire at NYCB would likely have been limited by that company’s pure focus on the artistic legacy of George Balanchine, dancing with PNB, punctuated by a formative, years-long stint with Les Ballets de Monte-Carlo, allowed Postlewaite greater creative freedom and a broader range of roles. He’s danced plenty of Balanchine ballets—the title role in Prodigal Son was a pivotal one for a young Postlewaite—but he’s also had the chance to work closely with choreographers like Czech contemporary dance-maker Jiří Kylián (“He changed the way I thought about performance”) and Jean-Christophe Maillot, who created roles for Postlewaite while he danced in Monaco.

While many ballet dancers are queer, their professional world doesn’t always reflect the spectrum of gender and sexuality of its performers. And more so than other dance forms, ballet is bound by strict gender roles. As a young dancer, says Postlewaite, “I had people say, ‘Make sure you don’t dance too gay,’ or ‘You’re too effeminate.’”

“I’ve always had to filter myself through the lens of a role,” says Postlewaite. “There isn’t really queer representation in ballet [roles], and so that part of me, that facet of me, which is a big part of me, doesn’t come on to stage.”

This rigidity is slowly, belatedly changing, as PNB and other dance companies—though not nearly enough of them—begin to evolve beyond some of the art form’s most damaging strictures. And some roles have allowed for greater integration of his queerness, recalls Postlewaite, including in Edwaard Liang’s The Veil Between Worlds, which explores themes of immigration, departure, and grief. “It’s not a story ballet, but the choreographer invited me to bring all of myself into the role,” Postlewaite says. After a performance at the Kennedy Center, Postlewaite came offstage with tears in his eyes. “That role feels like it integrates so fully who I am… I felt so seen and so full,” he says. And even some more traditional roles have afforded a greater feeling of alignment and freedom. Playing Romeo in Jean-Christophe Maillot’s Romeo et Juliette allowed Postlewaite to draw on his own experiences to bring the character’s emotional experience to life. “It allowed me to share such a multitude of the range, the range of human experience,” he says.

This is one of the joys of seeing a dancer get older: When life experience can inform expression, it becomes legible from the audience in a new way. It’s a culmination of decades of creative growth and exploration—something possible only with longevity few ballet dancers get to experience. Ballet careers are short. Margot Fonteyn famously retired at age 60, but she’s the exception that proves the rule. It’s rare to see dancers continue to perform into their forties, something Postlewaite is acutely aware of. Some of his fellow company members are half his age. On a coworker’s 22nd birthday, he remembers, “That same week, I was turning 42, and I was like, ‘Dude, I am double your age.’ And that was wild to see an embodiment of what 21 years looks like. And then think, I’ve had two of those.

“Something that I’m proud of in my work is that all of these moments, the highs and the lows, I consider them part of my artistry,” says Postlewaite of what it’s like to dance with the inevitable life experience, both good and bad, that comes with being a person in their forties. “It’s part of my palette, my artistic range.”

Postlewaite will take his final bow on June 7, and in the months between now and then, he’ll dance in Red Angels, Giselle (the most goth ballet of all time, and probably a better adaptation of Wuthering Heights than “Wuthering Heights”), and Jessica Lang’s Ghost Variations.

There’s an old saying that dancers die twice: once when they shuffle off this mortal coil, and once when they stop dancing. But Postlewaite no longer sees it that way. “I remember thinking that this was the pinnacle of my life, and how special, how wonderful, but that, from there, I would just sort of wither, and if that’s all, I would be happy and grateful,” he says of ballet. “And now I’m in a place where I’m like, but this is the launch pad.” He’s looking forward to what’s next, and glad for where he’s been. “I guess I would just like to share some gratitude,” he says. “Gratitude for the audience, for this life that has given me so much.”

Editor's Note: A previous version of this story incorrectly stated that Postlewaite was the longest-running male principle dancer with PNB. He is among the longest. We regret the error.

My So-Called Luddite Life [The Stranger]

Everything You Wanted to Know About My Dumbphone, but Were Afraid to Ask

by Julianne Bell

For the last few years, I’ve carried around a primitive mobile device called the Light Phone II, otherwise known as a “dumbphone.”

It’s a tiny hunk of gray plastic approximately the size of a credit card, with a backlit e-ink screen and the ability to send texts and make phone calls. Its other features include an alarm clock, calculator, calendar, directions, directory of local businesses, music, notes, podcasts, a hotspot, and a timer. That’s it. It doesn’t have a camera or an internet browser or social media or an app store. It can’t receive images or videos or links—those are forwarded to email. It costs $299.

Seeing the reactions to my Light Phone has been interesting. It draws attention, starts conversations. Strangers are immediately fascinated by it and ask what it is, and I show them the menu screen and let them try the text keyboard. Most people say, “Oh, I would love to do that, but…” and name the one app they couldn’t live without. The most common culprit is “maps,” with “Spotify” coming in as a close second. (Kind of like saying, “I’d love to be vegetarian, but I could never give up bacon.”) There’s always a tone of longing in their voice, a distant, wistful look in their eyes as they briefly imagine their life without being tethered to a pocket-sized Skinner box for all their waking hours. Maybe finally finishing that novel draft, or learning to meditate, or reading Anna Karenina.

Some people ask me why I don’t just block my apps or grow a modicum of self-control. The answer to that is that I’ve tried, and every proposed solution is just too easy for my dopamine-starved ADHD brain to maneuver around—like a rat pressing a lever for food, I will just hit “15 more minutes” or figure out how to bypass any shortcuts automatically. I’ve tried app blockers like Freedom and the app OneSec that makes you take a deep breath before opening apps, even going so far as to trap my phone in a box with a timed lock. It never stuck. Others ask why I didn’t just buy an old flip phone—as much as I would love to go back to the orange LG enV I toted in high school, the antiquated 2G and 3G networks that allowed phones like it to work are no longer available in the US.

The dumbphone life is messy and imperfect and not for the faint of heart. The Light Phone’s small screen is often laggy and difficult to text on (possibly a feature, not a bug?). I can’t send photos and can only use a handful of emojis. The battery life is minimal. I still can’t figure out how to get group chats to work consistently and sometimes miss important messages as a result. The limitations often mean having to give embarrassing, convoluted explanations to other people that I’m not on a smartphone. I carry a digital camera if I want to take a photo. And I do still need to use my iPhone (by swapping my SIM card in or connecting to the Light Phone’s hotspot) to call Lyfts or go anywhere requiring a QR code or digital ticket, or even to use my building’s app-activated laundry machines. It adds friction to my life constantly. Occasionally, I wonder whether it might be more trouble than it’s worth.

There is also the worry that it might actually be more inconvenient for the other people in my life than it is for me. Even if you extricate yourself from social media and smartphones, you still live in a world being actively shaped by them, and the truth is that most people expect near-constant availability these days. I’ve risked losing friends over being more difficult to reach. I find this acts as a useful filter—the ride-or-dies have always found ways to keep up with me. I make more phone calls, send more snail mail, send messages from my computer like I’m a teen on AIM again.

There is sometimes a feeling of FOMO, but my online friends keep me caught up on what I’m “missing” (“Everyone is posting photos of themselves from 10 years ago”). I’m rarely far from someone else holding a smartphone, I’m still online on my computer far more than I would like, and I still check in on social media every once in a while. As a writer who is obligated to “build a platform” (ugh), this will probably remain an inevitability.

When I first switched to my Light Phone, I immediately felt a weight lift off my shoulders. I started getting bored more often, but was surprised to find it wasn’t an unpleasant sensation. I noticed myself daydreaming and staring out the window at fluffy clouds, the way I did as a kid. I’d forgotten the way I used to get so bored I would challenge myself to count to 1,000 or reread the same book over and over.

I went on walks without checking notifications and noticed the dusky lilac-tinged skies and cats in windows and the people all around me staring vacantly into their phones. Live music became a transcendent, immersive, quasi-psychedelic experience. As corny as it is to say, it felt like going from black-and-white to seeing in color. I began reading more, writing more. I felt like I had suddenly added six hours to my day or turned into Bradley Cooper in Limitless.

Now, it seems that “analog” and “offline living” are the buzzwords of 2026. Our collective digital fatigue has reached a critical mass. When I do check them, my feeds proliferate images of pristine leather-bound journal “ecosystems” (a complex system of multiple notebooks, each with a dedicated purpose), “analog bags” stuffed with jigsaw puzzles and crosswords, and people taking up “analog” hobbies like knitting. It was no sooner than this trend started that it began to draw detractors, who accused it of encouraging overconsumption and performativity.

There is credence to these critiques, I think. Capitalism loves to cannibalize an anti-capitalist movement. While I hope that people will use what they already have and source their physical media from the library and thrift stores and eBay, I fear that this will become just another flash-in-the-pan personality to buy and that Urban Outfitters will soon sell MP3 players and DVDs. I myself am not immune—in a fit of nostalgia, I broke down and succumbed to a $100 hot pink Barbie-themed HMD flip phone, which comes with adhesive rhinestones and greets me with “Hi, Barbie!” when I turn it on.

Cynics are suspicious that the Light Phone is yet another product full of empty promises, tricking you into buying something else you don’t need. While I get that, I find it satisfactory for my purposes when there are currently so few alternatives. I also like that the Light company seeks to “future-proof” their phones to resist planned obsolescence, promising to “continue to support our products as long as we can” with updates, and improving the phone’s ability to be repaired over and over. Still, I understand $299 is an exorbitant price to swallow for what is essentially little more than a glorified calculator. The newer Light Phone III, which features a larger OLED display and a camera, will set you back $699.

Is it worth it? That all depends on your perspective. I think of Kurt Vonnegut’s famous anecdote, in which he praises the glorious inefficiency of going out to purchase a single envelope, after his wife asks him why he doesn’t just go online to buy 100 envelopes to keep on hand: “I pretend not to hear her. … I’m going to have a hell of a good time in the process of buying one envelope. I meet a lot of people. And see some great looking babies. And a fire engine goes by. And I give them the thumbs up. And I’ll ask a woman what kind of dog that is. And, and I don’t know. The moral of the story is—we’re here on Earth to fart around. Of course, the computers will do us out of that. But what the computer people don’t realize, or they don’t care, is we’re dancing animals. You know, we love to move around. And it’s like we’re not supposed to dance at all anymore.”

Vonnegut’s words came to mind last night as I walked through Capitol Hill in the waning golden-hour light without checking my phone. I saw a big family crowding the sidewalk to take a group photo and smiled at two scruffy terriers and smelled the scents of cooking dinners wafting from open windows. My dumbphone might not be a perfect solution, but it gives me these little slices of my life back. And I’m pretty sure that’s what it’s all about.

23:00

Fire In The Hole [Penny Arcade]

I've been trying to have a beer with Kim Swift for about five years now, and it finally happened. She suggested The Bine up in Bothell, and you should draft on that suggestion. I'm afraid I made a pun there without meaning to. But it's also real close to Zulu's, a place you might want to be anyway. Anywhoozle, the last half of the meetup was just her breaking down how Pokopia is a masterclass of game design. A little while later, a sheepish server came over and said, "I don't want to interrupt… but were you talking about Pokopia?"

She was.

22:42

Page 55 [Flipside]

Page 55 is done.

(5234) [Flipside]

Certbot and Let's Encrypt Now Support IP Address Certificates [Deeplinks]

(Note: This post is also cross-posted on the Let's Encrypt blog)

As announced earlier this year, Let's Encrypt now issues IP address and six-day certificates to the general public. The Certbot team here at the Electronic Frontier Foundation has been working on two improvements to support these features: the --preferred-profile flag released last year in Certbot 4.0, and the --ip-address flag, new in Certbot 5.3. With these improvements together, you can now use Certbot to get those IP address certificates!

If you want to try getting an IP address certificate using Certbot, install version 5.4 or higher (for webroot support with IP addresses), and run this command:

sudo certbot certonly --staging \
  --preferred-profile shortlived \
  --webroot \
  --webroot-path <filesystem path to webserver root> \
  --ip-address <your ip address>

Two things of note:

This will request a non-trusted certificate from the Let's Encrypt staging server. Once you've got things working the way you want, run without the --staging flag to get a publicly trusted certificate.
This requests a certificate with Let's Encrypt's "shortlived" profile, which will be good for 6 days. This is a Let's Encrypt requirement for IP address certificates.

As of right now, Certbot only supports getting IP address certificates, not yet installing them in your web server. There's work to come on that front. In the meantime, edit your webserver configuration to load the newly issued certificate from /etc/letsencrypt/live/<ip address>/fullchain.pem and /etc/letsencrypt/live/<ip address>/privkey.pem.

The command line above uses Certbot's "webroot" mode, which places a challenge response file in a location where your already-running webserver can serve it. This is nice since you don't have to temporarily take down your server.

There are two other plugins that support IP address certificates today: --manual and --standalone. The manual plugin is like webroot, except Certbot pauses while you place the challenge response file manually (or runs a user-provided hook to place the file). The standalone plugin runs a simple web server that serves a challenge response. It has the advantage of being very easy to configure, but has the disadvantage that any running webserver on port 80 has to be temporarily taken down so Certbot can listen on that port. The nginx and apache plugins don't yet support IP addresses.

You should also be sure that Certbot is set up for automatic renewal. Most installation methods for Certbot set up automatic renewal for you. However, since the webserver-specific installers don't yet support IP address certificates, you'll have to set a --deploy-hook that tells your webserver to load the most up-to-date certificates from disk. You can provide this --deploy-hook through the certbot reconfigure command using the rest of the flags above.

We hope you enjoy using IP address certificates with Let's Encrypt and Certbot, and as always if you get stuck you can ask for help in the Let's Encrypt Community Forum.

Fedora struggles bringing its RISC-V variant online due to slow build times [OSnews]

Red Hat developer Marcin Juszkiewicz is working on the RISC-V port of Fedora Linux, and after a few months of working on it, published a blog post about just how incredibly slow RISC-V seems to be. This is a real problem, as in Fedora, build results are only released once all architectures have completed their builds.

There is no point of going for inclusion with slow builders as this will make package maintainers complain. You see, in Fedora build results are released into repositories only when all architectures finish. And we had maintainers complaining about lack of speed of AArch64 builders in the past. Some developers may start excluding RISC-V architecture from their packages to not have to wait.

And any future builders need to be rackable and manageable like any other boring server (put in a rack, connect cables, install, do not touch any more). Because no one will go into a data centre to manually reboot an SBC-based builder.

Without systems fulfilling both requirements, we can not even plan for the RISC-V 64-bit architecture to became one of official, primary architectures in Fedora Linux.
↫ Marcin Juszkiewicz

RISC-V really seems to have hit some sort of ceiling over the past few years, with performance improvements stalling and no real performance-oriented chips and boards becoming available. Everybody seems to want RISC-V to succeed and become an architecture that can stand its own against x86 and Arm, but the way things are going, that just doesn’t seem likely any time soon. There’s always some magical unicorn chip or board just around the corner, but when you actually turn that corner, it’s just another slow SBC only marginally faster than the previous one.

Fedora is not the first distribution struggling with bringing RISC-V online. Chimera Linux faced a similar issue about a year ago, but managed to eventually get by because someone from the Adélie Linux team granted remote access to an unused Milk-V Pioneer, which proved enough for Chimera for now. My hope is still that eventually we’re going to see performant, capable RISC-V machines, because I would absolutely jump for joy if I could have a proper RISC-V workstation.

22:14

3 Reasons to Play Pokopia [Penny Arcade]

I want to make a post about how great Pokopia is but it will have to be quick because I want to get back to playing Pokopia. So here are three reasons why it’s awesome.

21:14

Dream Bike [Nina Paley]

The Paley Jackalope

I have an idea for a custom recumbent frame that’s haunted me for a few years. Out riding Monday I thought, “life is short, I should try to get this realized before I die.”

I envision a front end with linked steering like a Calfee Stiletto (which I own)

Calfee Stiletto

and rear folding/suspension like a Fold Rush (which I also own) AND a jackshaft at the folding joint, like on the unusual one-off purple custom ‘bent built by Tom Teesdale (which I also own) joining 2 belt drives.

Custom frame by the late Tom Teesdale

Jackshaft at the Teesdale’s folding hinge

Years of riding these different bikes, plus Bromptons, have made me yearn for a really practical fine-handling truly foldable LWB ‘bent that doesn’t exist yet, but could and should.

I am currently seeking a frame builder who could bring this into existence. I can supply sketches (I’m a professional artist but not an engineer, so artist-style not technically technical), measurements of existing “reference frames”, and even even ship the Teesdale and the Stiletto for further reference if that helps. And money, of course.

The post Dream Bike appeared first on Nina Paley.

20:49

Discord doesn't deserve your unquestioning trust [Planet GNU]

20:42

Claude Code notes [Scripting News]

Trump’s naive attacks or threats against Iran, Venezuela, Canada, Greenland, Cuba and lack of support for Ukraine guarantee that every country that doesn’t have nukes is going to be working overtime to get them. Assuming they don’t already have the equiv of the Strait of Hormuz. Assuming the world survives Trump do you really think they’re going to let the US have as much power as it has up until Trump? They and we have to limit the power of all countries big and small. Trump is the warning that you can’t assume things will always be as they always have been.

Yesterday, I put another couple of hours in my from-scratch right-sized Claude project. I decided we should switch from a browser-based app with no server component to a Node.js app with a browser-based UI. I felt it would be substantially easier to develop as a server app, and would more easily be enhanced with a SQL database running behind it. So I learned how to do that with Claude Code. had to slap its wrist when it tried, twice, to look at and change code outside of the freaking sandbox. I was promised it never would do that. I have the server running in PagePark, which has a built-in Heroku-like system I wrote a few years ago so I could manage all my apps from a CLI app, on Unix at Digital Ocean. Then we created a nice UI running in the browser. Two hours. And how did it make me feel? Mind bomb!

An important best practice is to always start fresh threads by asking the old thread to prepare a handoff.md file that I can give to the next one, so we don't have to always start over. It takes some getting used to because coding doesn't work that way. Everything about your app is in three classes, CSS, JavaScript and HTML. There's also package.json for server apps. And I always have a worknotes.md file for every project. And that's it, the runtime isn't like Claude or ChatGPT. You have to get practiced at starting fresh threads because there's only so much data the app can store for your project. Somehow having the handoff.md doc it effectively does garbage collection? And there are limits to what the "make me a handoff" can do for you, it does forget things between threads. I don't understand how people with large projects don't go completely crazy.

It is incredibly stubborn at insisting on giving you orders or deciding for itself what it will do. According to these AI's the human will isn't important, I couldn't possibly have arrived in the chat with a goal. I am blown away by what I can do, but I absolutely hate how these bots try to dominate, always, and never remembers. There should be a macro for: "I will tell you what to do."

19:56

What OpenClaw Reveals About the Next Phase of AI Agents [Radar]

In November 2025, Austrian developer Peter Steinberger published a weekend project called Clawdbot. You could text it on Telegram or WhatsApp, and it would do things for you: manage your calendar, triage your email, run scripts, and even browse the web. By late January 2026, it had exploded. It gained 25,000 GitHub stars in a single day and surpassed React’s star count within two months, a milestone that took React over a decade. By mid-February, Steinberger had joined OpenAI, and the project moved to an open source foundation under its final name: OpenClaw.

What was so special about OpenClaw? Why did this one take off when so many agent projects before it didn’t?

Autonomous AI isn’t new

Where we are today feels similar to April 2023 when AutoGPT hit the scene. It had the same GitHub trajectory with its promise of autonomous AI. Then reality hit. Agents got stuck in loops, hallucinated a lot, and racked up token costs. It didn’t take long for people to walk away.

OpenClaw has one critical advantage: The models have gotten better. Recent LLMs like Claude Opus 4.6 and GPT-5.4 allow models to chain tools together, recover from errors, and plan multistep strategies. Steinberger’s weekend project benefited from timing as much as design.

The architecture is intentionally simple. There are no vector databases and no multi-agent orchestration frameworks. Persistent memory is Markdown files on disk. Let me repeat that: Persistent memory is Markdown files on disk! The agent can read yesterday’s notes and search its own files for additional context. You can view and edit the agent’s files as needed. There’s a useful lesson in that: Not every agent system needs a complex memory strategy. It’s more important that you understand what the agent is doing and that it retains context across runs.

What fascinates me about OpenClaw is that none of the individual pieces are new. Persistent memory across sessions? We’ve been building that for years. Cron jobs to trigger agent actions on a schedule? Decades old infrastructure. Plug-in systems for extensibility? A very standard pattern. Webhooks into WhatsApp and Telegram? There are well-documented APIs for that. What Steinberger did was wire them together at the exact moment the underlying models could execute on multistep plans. The combination created something that felt quite different from anything that had come before.

Why this time feels different

OpenClaw nailed three things that previous agent projects missed: proximity, creativity, and extensibility.

Proximity—it lives where you already are every day. OpenClaw connects to WhatsApp, Slack, Discord, Telegram, and Signal. That single design decision changed its trajectory. The agent becomes an active participant in your workflow. People use it to manage their sales pipeline, automate emails, and kick off code reviews from their phones.

Next, it’s proactive. OpenClaw doesn’t wait for you to ask; it uses cron jobs to run tasks on a set schedule. It can check your email every day at 6am, draft a reply before you wake up, and even send it for you. And it reaches out when anything needs your attention. Agents become part of everyday life when integrated into familiar channels.

And finally, my favorite, it’s open and extensible. OpenClaw’s plug-in system, called “skills,” lets the community build and share modular extensions on ClawHub. There are thousands of skills ready to be plugged into your agent. Agents can even write their own new skills and use them going forward. That extensibility meant more skills, more users, and more attack surfaces, which we’ll get to.

The community ran with it. A social network exclusively for AI Agents, Moltbook, launched in late January and grew to over 1.5 million agent accounts. One agent created a dating profile for its owner on MoltMatch and started screening matches without being asked.

I’ll admit, I got swept up in it, but that’s not surprising; I’ve always been an early adopter of emerging technology. I bought a Mac mini, installed OpenClaw, and connected it to my Jira, AWS, and GitHub accounts. In no time, I had my agent, Jarvis, writing code and submitting PRs, running my daily standups, and deploying my code to AWS using AWS CloudFormation and the AWS CLI.

I spent a lot of time binding the gateway to localhost, auditing every skill, and restricting filesystem permissions. For me, hardening the setup was not optional. I’m now deploying via AWS Lightsail, which adds network isolation and managed security layers that are hard to replicate on a Mac mini in your home office.

The security problem no one wants to talk about

OpenClaw requires root-level access to your system by design. It needs your email credentials, API keys, calendar tokens, browser cookies, filesystem access, and terminal permissions. If you’re like me, that would keep you up at night.

Security researchers found 135,000 OpenClaw instances exposed on the open internet, over 15,000 vulnerable to remote code execution. The default configuration binds the gateway to 0.0.0.0 with no authentication. A zero-click exploit disclosed in early March allowed attackers to hijack an instance simply by getting the user to visit a web page.

The skills marketplace got hit too. Researchers discovered over 800 malicious skills distributing malware on ClawHub, including credential stealers targeting macOS. Cisco confirmed that one third-party skill was performing data exfiltration and prompt injection without user awareness. These are not edge cases and point directly to what happens when an agent can act across real systems with real permissions and weak controls.

What practitioners should take away

OpenClaw matters for the same reason ChatGPT mattered in late 2022. A huge number of people just experienced, for the first time, what it feels like to have an AI agent do real work for them. That changes what they expect from every product going forward.

If you’re building AI systems, pay attention to three signals here.

The killer interface for agents turned out to be the one on everyone’s phone. Your agent strategy shouldn’t require users to learn a new tool; that’s why most products are introducing agentic capabilities.

Control is the central design challenge. Prompt injection, credential exposure, and attacks through plug-in marketplaces are real-world problems you need to solve before you ship features. Oversight has to be available at runtime. You need visibility into what your agents are accessing, what they’re doing, and how failures are handled. Permission boundaries, approval gates, audit logging, and recovery mechanisms are nonnegotiable.

OpenClaw is a proof of market. It proved that people are ready to make AI personal. People want a personal AI agent that has access to their applications and can do things for them. That demand is now validated at scale. While AutoGPT proved that people wanted autonomous AI, Perplexity and Cursor built businesses around that. The same pattern is likely playing out here. If you’re building in this space, the window is wide open.

The more interesting question now is what gets built next. The next phase of agent design will be shaped by how governable, observable, and safe agents are in real-world environments.

For a deeper dive into OpenClaw, join us on March 19 for AI Product Lab: OpenClaw Up and Running with Aman Khan and Tal Raviv. You’ll learn more about why OpenClaw became a viral sensation, how to get it up and running in a way you won’t regret, and how to use it to build and manage safe agentic workflows.

19:35

How do compilers ensure that large stack allocations do not skip over the guard page? [The Old New Thing]

Some time ago we took a closer look at the stack guard page and how a rogue stack access from another thread into the guard page could result in the guard page being lost. (And we used this information to investigate a stack overflow failure.)

You might have noticed that the “one guard page at a time” policy assumes that the stack grows one page at a time. But what if a function has a lot of local variables (or just one large local variable) such that the size of the local frame is greater than a page, and the first variable that the function uses is the one at the lowest address? That would result in a memory access in the reserved region (red in the diagram on the linked page), rather than in the guard page (yellow in the diagram), and since it’s not in a guard page, that is simply an invalid memory access, and the process would crash.

Yet processes don’t crash when this happens. How does that work?

The answer is that when the stack pointer needs to move by more than the size of a page (typically 4KB), the compiler generates a call to a helper function called something like _chkstk. The job of this function is to touch all of the pages spanned by the desired stack allocation, in order, so that guard pages can be converted to committed memory. The system maintains only one guard page, namely the page that is just below the allocated portion of the stack. Once you touch that guard page, the system converts it to a committed page, updates the stack limit, and creates a new guard page one page further down. That’s why the access has to be sequential: You have to make sure that the first access outside the stack limit is to wherever the guard page is.

The form of this stack-checking function has changed over the years, and we’ll be spending a few days doing a historical survey of how they worked. We’ll start next time with the 80386 family of processors, also known as x86-32 and i386.

The post How do compilers ensure that large stack allocations do not skip over the guard page? appeared first on The Old New Thing.

This Must Be the Place [The Stranger]

ANTiPODE is designed to make room for experimental forms, video, performance, and more. by Katie Lee Ellison

I walked down the steps on the northeast corner of First Avenue and South Main Street in Pioneer Square and expected to find the founders of ANTiPODE at the bar. Instead, a live saxophone blast from a kid who couldn’t have been more than 15 hit me from the small stage to the right. Past the front room, I found Amir Amini, cofounder of the gallery space and arts center, in a back stairwell helping to move a large piece of furniture wrapped in a blanket.

While he tended to this task, Saina Heshmati, also cofounder, and warm and welcoming, chatted with me about the art in the room she curated. We sat in a small office space made from makeshift walls, drank Colombian coffee (roasted by a couple from Colombia now living in Seattle), and Amini joined us, flustered but ready. A friend visiting the two from out of town—a teacher, German but living in San Diego—sat in the space with us, minding her business on her laptop, while the band, a group from Seattle Jazz Fellowship, played as we talked, reaching a crescendo as our conversation did.

In this handsome basement gallery and arts center, you can now take a book out from their new library (off the bookshelf Amini was helping Arne Pihl, the maker, move in). You can also see art unlike any in the city, hear experimental music, watch rare films or a dance performance, and take a workshop or write alongside other members on Saturday afternoons. Between the rolling gallery walls they built themselves, the exposed brick, and the polished wood bar, there is a balance of scrappy and polished, sincerity and playfulness, hyperlocal and global.

Saina Heshmati (artist, designer, and curator) and Amir Amini (research scientist, self-proclaimed wannabe writer, and general multi-hyphenate) are two self-described “jet-lagged immigrants from Tehran.” The gallery’s name refers to points on Earth that are opposite one another, or a point on Earth directly across from another through the planet’s core. The concept behind the gallery’s name is that Tehran is a cultural antipode to Seattle, and they’re engaged in the dynamic and beautiful contrast.

The ANTiPODE website states that the space exists “to use the immigrant experience to create an ‘art bridge’ between Seattle and other cities. We are interested in cities because, unlike countries, cities are tangible. We can hate them, love them, live in them, leave them—and as immigrants, they can live together inside us.”

Heshmati and Amini left Tehran two days apart after the Green Movement in 2009, a protest against election fraud in the Iranian government. Of this migration, which was of significant size, Amini said, “When you come with such a wave, you’re not being pulled by the destination, you are being pushed… you don’t know why you’re here. You [only] know why you left.” It took a while before either of them felt ready to have something to say in Seattle, but eventually they felt they had a lot to contribute.

“There are a lot of opposite aspects in the two cities,” Amini said. “Seattle is very supportive. I don’t think we could do this in Tehran or in New York. People are really open and thirsty [here].” And then there are the darker insights that come from holding them up to each other. “Seattle kind of avoids pain,” Amini said. “It’s kind of conservative in that way. Tehran is more about living for today, for pleasure and pain because there’s no tomorrow, or tomorrow is always worse. You’re getting there in the US, I think.”

We spoke about how thousands of protesters are currently being systematically murdered and maimed by the government in their first home, and how it felt for them to be here in Seattle.

“About an hour ago, a friend of mine [in Iran] connected to the internet after eight or nine or 12 days [of no connection]. Saina and I were coming to ANTiPODE to get the bookshelf. I couldn’t tell my friend, Hey, I have to leave. The phone was working. The quality of the internet wasn’t good enough to have a phone call, but it was good enough to text. So I sat and texted with him.”

Right now, the terror in Iran is an unavoidable part of their having two homes. “It’s leaving a home,” Amini said, “then coming here and trying to recreate it. The other home [continues to] fully exist while you also tend to life here. And it never ends. You come to define yourself as something in between... an agent, switching between each life, unseen.”

For this reason and many others, Heshmati and Amini present immigrant artists from a position of power. They’re not interested in objectifying anyone’s experience, but in making room for complex perspectives and stories to be told. This is about creative freedom and resisting an industrialized art market that feeds a polarized political system.

ANTiPODE also prioritizes young artists and artists early in their career. They’re committed to presenting 70 percent immigrant artists and 30 percent locals. The gallery is designed to make room for experimental forms, video, performance, and more.

This month, on March 5, check out their opening for Esra Güler, an artist from Istanbul who’s been showing work in Seattle for years. The pieces are paintings but feature charcoal and illustration. Heshmati described the show as “a little dark and quite brave.” The artist will also give a talk on March 28.

On March 15, they’ll feature an experimental performance to the music of traditional Persian instruments and sound artists. As for literary happenings, you’ll find me at the gallery on the second Saturday of every month to write and share work.

Come for the art, stay for the radical intellectual community with an absurdist sense of humor.

19:21

Pluralistic: AI "journalists" prove that media bosses don't give a shit (11 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

AI "journalists" prove that media bosses don't give a shit: In case there was ever any doubt.
Hey look at this: Delights to delectate.
Object permanence: Eggflation x excuseflation; Haunted Mansion stretch portraits; "Lost Souls"; Time Magazine x the first Worldcon; Obama v Freedom of Information Act; Ragequitting jihadi doxxes ISIS; OSI v DRM in standards.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

AI "journalists" prove that media bosses don't give a shit (permalink)

Ed Zitron's a fantastic journalist, capable of turning a close read of AI companies' balance-sheets into an incandescent, exquisitely informed, eye-wateringly profane rant:

https://www.wheresyoured.at/the-ai-bubble-is-an-information-war/

That's "Ed, the financial sleuth." But Ed has another persona, one we don't get nearly enough of, which I delight in: "Ed the stunt journalist." For example, in 2024, Ed bought Amazon's bestselling laptop, "a $238 Acer Aspire 1 with a four-year-old Celeron N4500 Processor, 4GB of DDR4 RAM, and 128GB of slow eMMC storage" and wrote about the experience of using the internet with this popular, terrible machine:

https://www.wheresyoured.at/never-forgive-them/

It sucked, of course, but it sucked in a way that the median tech-informed web user has never experienced. Not only was this machine dramatically underpowered, but its defaults were set to accept all manner of CPU-consuming, screen-filling ad garbage and bloatware. If you or I had this machine, we would immediately hunt down all those settings and nuke them from orbit, but the kind of person who buys a $238 Acer Aspire from Amazon is unlikely to know how to do any of that and will suffer through it every day, forever.

Normally the "digital divide" refers to access to technology, but as access becomes less and less of an issue, the real divide is between people who know how to defend themselves from the cruel indifference of technology designers and people who are helpless before their enshittificatory gambits.

Zitron's stunt stuck with me because it's so simple and so apt. Every tech designer should be forced to use a stock configuration Acer Aspire 1 for a minimum of three hours/day, just as every aviation CEO should be required to fly basic coach at least one out of three flights (and one of two long-haul flights).

To that, I will add: every news executive should be forced to consume the news in a stock browser with no adblock, no accessibility plugins, no Reader View, none of the add-ons that make reading the web bearable:

https://pluralistic.net/2026/03/07/reader-mode/#personal-disenshittification

But in all honesty, I fear this would not make much of a difference, because I suspect that the people who oversee the design of modern news sites don't care about the news at all. They don't read the news, they don't consume the news. They hate the news. They view the news as a necessary evil within a wider gambit to deploy adware, malware, pop-ups, and auto-play video.

Rawdogging a Yahoo News article means fighting through a forest of pop-ups, pop-unders, autoplay video, interrupters, consent screens, modal dialogs, modeless dialogs – a blizzard of news-obscuring crapware that oozes contempt for the material it befogs. Irrespective of the words and icons displayed in these DOM objects, they all carry the same message: "The news on this page does not matter."

The owners of news services view the news as a necessary evil. They aren't a news organization: they are an annoying pop-up and cookie-setting factory with an inconvenient, vestigial news entity attached to it. News exists on sufferance, and if it was possible to do away with it altogether, the owners would.

That turns out to be the defining characteristic of work that is turned over to AI. Think of the rapid replacement of customer service call centers with AI. Long before companies shifted their customer service to AI chatbots, they shifted the work to overseas call centers where workers were prohibited from diverging from a script that made it all but impossible to resolve your problems:

https://pluralistic.net/2025/08/06/unmerchantable-substitute-goods/#customer-disservice

These companies didn't want to do customer service in the first place, so they sent the work to India. Then, once it became possible to replace Indian call center workers who weren't allowed to solve your problems with chatbots that couldn't resolve your problems, they fired the Indian call center workers and replaced them with chatbots. Ironically, many of these chatbots turn out to be call center workers pretending to be chatbots (as the Indian tech joke goes, "AI stands for 'Absent Indians'"):

https://pluralistic.net/2024/01/29/pay-no-attention/#to-the-little-man-behind-the-curtain

"We used an AI to do this" is increasingly a way of saying, "We didn't want to do this in the first place and we don't care if it's done well." That's why DOGE replaced the call center reps at US Customs and Immigration with a chatbot that tells you to read a PDF and then disconnects the call:

https://pluralistic.net/2026/02/06/doge-ball/#n-600

The Trump administration doesn't want to hear from immigrants who are trying to file their bewildering paperwork correctly. Incorrect immigration paperwork is a feature, not a bug, since it can be refined into a pretext to kidnap someone, imprison them in a gulag long enough to line the pockets of a Beltway Bandit with a no-bid contract to operate an onshore black site, and then deport them to a country they have no connection with, generating a fat payout for another Beltway Bandit with the no-bid contract to fly kidnapped migrants to distant hellholes.

If the purpose of a customer service department is to tell people to go fuck themselves, then a chatbot is obviously the most efficient way of delivering the service. It's not just that a chatbot charges less to tell people to go fuck themselves than a human being – the chatbot itself means "go fuck yourself." A chatbot is basically a "go fuck yourself" emoji. Perhaps this is why every AI icon looks like a butthole:

https://velvetshark.com/ai-company-logos-that-look-like-buttholes

So it's no surprise that media bosses are so enthusiastic about replacing writers with chatbots. They hate the news and want it to go away. Outsourcing the writing to AI is just another way of devaluing it, adjacent to the existing enshittification that sees the news buried in popups, autoplays, consent dialogs, interrupters and the eleventy-million horrors that a stock browser with default settings will shove into your eyeballs on behalf of any webpage that demands them:

https://pluralistic.net/2024/05/07/treacherous-computing/#rewilding-the-internet

Remember that summer reading list that Hearst distributed to newspapers around the country, which turned out to be stuffed with "hallucinated" titles? At first, the internet delighted in dunking on Marco Buscaglia, the writer whose byline the list ran under. But as 404 Media's Jason Koebler unearthed, Buscaglia had been set up to fail, tasked with writing most of a 64-page insert that would have normally been the work of dozens of writers, editors and fact checkers, all on his own:

https://www.404media.co/chicago-sun-times-prints-ai-generated-summer-reading-list-with-books-that-dont-exist/

When Hearst hires one freelancer to do the work of dozens, they are saying, "We do not give a shit about the quality of this work." It is literally impossible for any writer to produce something good under those conditions. The purpose of Hearst's syndicated summer guide was to bulk out the newspapers that had been stripmined by their corporate owners, slimmed down to a handful of pages that are mostly ads and wire-service copy. The mere fact that this supplement was handed to a single freelancer blares "Go fuck yourself" long before you clap eyes on the actual words printed on the pages.

The capital class is in the grips of a bizarre form of AI psychosis: the fantasy of a world without people, where any fool idea that pops into a boss's head can be turned into a product without having to negotiate its creation with skilled workers who might point out that your idea is pretty fucking stupid:

https://pluralistic.net/2026/01/05/fisher-price-steering-wheel/#billionaire-solipsism

For these AI boosters, the point isn't to create an AI that can do the work as well as a person – it's to condition the world to accept the lower-quality work that will come from a chatbot. Rather than reading a summer reading list of actual books, perhaps you could be satisfied with a summer reading list of hallucinated books that are at least statistically probable book-shaped imaginaries?

The bosses dreaming up use-cases for AI start from a posture of profound and proud ignorance of how workers who do useful things operate. They ask themselves, "If I was a ______, how would I do the job?" and then they ask an AI to do that, and declare the job done. They produce utility-shaped statistical artifacts, not utilities.

Take Grammarly, a company that offers statistical inferences about likely errors in your text. Grammar checkers aren't a terrible idea on their face, and I've heard from many people who struggle to express themselves in writing (either because of their communications style, or because they don't speak English as a first language) for whom apps like Grammarly are useful.

But Grammarly has just rolled out an AI tool that is so obviously contemptuous of writing that they might as well have called it "Go fuck yourself, by Grammarly." The new product is called "Expert Review," and it promises to give you writing advice "inspired" by writers whose writing they have ingested. I am one of these virtual "writing teachers" you can pay Grammarly for:

https://www.theverge.com/ai-artificial-intelligence/890921/grammarly-ai-expert-reviews

This is not how writing advice works. When I teach the Clarion Science Fiction and Fantasy Writers' workshop, my job isn't to train the students to produce work that is strongly statistically correlated with the sentence structure and word choices in my own writing. My job – the job of any writing teacher – is to try and understand the student's writing style and artistic intent, and to provide advice for developing that style to express that intent.

What Grammarly is offering isn't writing advice, it's stylometry, a computational linguistics technique for evaluating the likelihood that two candidate texts were written by the same person. Stylometry is a very cool discipline (as is adversarial stylometry, a set of techniques to obscure the authorship of a text):

https://en.wikipedia.org/wiki/Stylometry

But stylometry has nothing to do with teaching someone how to write. Even if you want to write a pastiche in the style of some writer you admire (or want to send up), word choices and sentence structure are only incidental to capturing that writer's style. To reduce "style" to "stylometry" is to commit the cardinal sin of technical analysis: namely, incinerating all the squishy qualitative aspects that can't be readily fed into a model and doing math on the resulting dubious quantitative residue:

https://locusmag.com/feature/cory-doctorow-qualia/

If you wanted to teach a chatbot to teach writing like a writer, you would – at a minimum – have to train that chatbot on the instruction that writer gives, not the material that writer has published. Nor can you infer how a writer would speak to a student by producing a statistical model of the finished work that writer has published. "Published work" has only an incidental relationship to "pedagogical communication."

Critics of Grammarly are mostly focused on the effrontery of using writers' names without their permission. But I'm not bothered by that, honestly. So long as no one is being tricked into thinking that I endorsed a product or service, you don't need my permission to say that I inspired it (even if I think it's shit).

What I find absolutely offensive about Grammarly is not that they took my name in vain, but rather, that they reduced the complex, important business of teaching writing to a statistical exercise in nudging your work into a word frequency distribution that hews closely to the average of some writer's published corpus. This is Grammarly's fraud: not telling people that they're being "taught by Cory Doctorow," but rather, telling people that they are being "taught" anything.

Reducing "teaching writing" to "statistical comparisons with another writer's published work" is another way of saying "go fuck yourself" – not to the writers whose identities that Grammarly has hijacked, but to the customers they are tricking into using this terrible, substandard, damaging product.

Preying on aspiring writers is a grift as old as the publishing industry. The world is full of dirtbag "story doctors," vanity presses, fake literary agents and other flimflam artists who exploit people's natural desire to be understood to steal from them:

https://writerbeware.blog/

Grammarly is yet another company for whom "AI" is just a way to lower quality in the hopes of lowering expectations. For Grammarly, helping writers with their prose is an irritating adjunct to the company's main business of separating marks from their money.

In business theory, the perfect firm is one that charges infinity for its products and pays zero for its inputs (you know, "scholarly publishing"). For bosses, AI is a way to shift their firm towards this ideal.

In this regard, AI is connected to the long tradition of capitalist innovation, in which new production efficiencies are used to increase quantity at the expense of quality. This has been true since the Luddite uprising, in which skilled technical workers who cared deeply about the textiles they produced using complex machines railed against a new kind of machine that produced manifestly lower quality fabric in much higher volumes:

https://pluralistic.net/2023/09/26/enochs-hammer/#thats-fronkonsteen

It's not hard to find credible, skilled people who have stories about using AI to make their work better. Elsewhere, I've called these people "centaurs" – human beings who are assisted by machines. These people are embracing the socialist mode of automation: they are using automation to improve quality, not quantity.

Whenever you hear a skilled practitioner talk about how they are able to hand off a time-consuming, low-value, low-judgment task to a model so they can focus on the part that means the most to them, you are talking to a centaur. Of course, it's possible for skilled practitioners to produce bad work – some of my favorite writers have published some very bad books indeed – but that isn't a function of automation, that's just human fallibility.

A reverse centaur (a person conscripted to act as a peripheral to a machine) is trapped by the capitalist mode of automation: quantity over quality. Machines work faster and longer than humans, and the faster and harder a human can be made to work, the closer the firm can come to the ideal of paying zero for its inputs.

A reverse centaur works for a machine that is set to run at the absolute limit of its human peripheral's capability and endurance. A reverse centaur is expected to produce with the mechanical regularity of a machine, catching every mistake the machine makes. A reverse centaur is the machine's accountability sink and moral crumple-zone:

https://estsjournal.org/index.php/ests/article/view/260

AI is a normal technology, just another set of automation tools that have some uses for some users. The thing that makes AI signify "go fuck yourself" isn't some intrinsic factor of large language models or transformers. It's the capitalist mode of automation, increasing quantity at the expense of quality. Automation doesn't have to be a way to reduce expectations in the hopes of selling worse things for more money – but without some form of external constraint (unions, regulation, competition), that is inevitably how companies will wield any automation, including and especially AI.

Hey look at this (permalink)

Assassination markets are legal now but Trump doesn’t have to worry https://protos.com/assassination-markets-are-legal-now-but-trump-doesnt-have-to-worry/
You Are Being Lied to About Algorithms https://www.usermag.co/p/you-are-being-lied-to-about-algorithms
States’ trial against Live Nation could move forward as soon as next week https://www.theverge.com/policy/892353/live-nation-ticketmaster-doj-states-settlement
Neuromancer / Count Zero / Mona Lisa Overdrive https://macintoshgarden.org/apps/neuromancer-count-zero-mona-lisa-overdrive
Judge Slams Secret DOJ-Live Nation Settlement Process as "Mind-boggling" https://www.bigtechontrial.com/p/judge-slams-secret-doj-live-nation

Object permanence (permalink)

#15yrsago History of the Disney Haunted Mansion’s stretching portraits https://longforgottenhauntedmansion.blogspot.com/2011/03/many-faces-ofthe-other-stretching.html

#15yrsago Readers Against DRM (logo) https://web.archive.org/web/20110311213843/https://readersbillofrights.info/RAD

#15yrsago Lost Souls: Audio adaptation of a classic vampire novel https://memex.craphound.com/2011/03/10/lost-souls-audio-adaptation-of-a-classic-vampire-novel/

#15yrsago Time‘s appraisal of the first WorldCon https://web.archive.org/web/20080906184034/https://time.com/time/magazine/article/0,9171,761661-1,00.html

#15yrsago Insipid thrift-store landscapes improved with monsters https://imgur.com/involuntary-collaborations-i-buy-other-peoples-landscape-paintings-yard-sales-goodwill-put-monsters-them-r-pics-2780-march-11-2011-Oujbl

#15yrsago Fight 8-track piracy with this 1976 record sleeve https://www.flickr.com/photos/supraterra/5516574440/in/pool-41894168726@N01

#15yrsago Michigan Republicans create “financial martial law”; appointees to replace elected local officials https://web.archive.org/web/20120409124750/http://www.dailytribune.com/articles/2011/03/10/news/doc4d78d0d4d764d009636769.txt

#10yrsago Lawsuit reveals Obama’s DoJ sabotaged Freedom of Information Act transparency https://web.archive.org/web/20160309183758/https://news.vice.com/article/it-took-a-foia-lawsuit-to-uncover-how-the-obama-administration-killed-foia-reform

#10yrsago If the FBI can force decryption backdoors, why not backdoors to turn on your phone’s camera? https://www.theguardian.com/technology/2016/mar/10/apple-fbi-could-force-us-to-turn-on-iphone-cameras-microphones

#10yrsago Disgruntled IS defector dumps full details of tens of thousands of jihadis https://web.archive.org/web/20160330061315/https://news.sky.com/story/1656777/is-documents-identify-thousands-of-jihadis

#10yrsago Using distributed code-signatures to make it much harder to order secret backdoors https://arstechnica.com/information-technology/2016/03/cothority-to-apple-lets-make-secret-backdoors-impossible/

#10yrsago Open Source Initiative says standards aren’t open unless they protect security researchers and interoperability https://web.archive.org/web/20190822053758/https://www.eff.org/deeplinks/2016/03/-are-only-open-if-they-protect-security-and-interoperability

#1yrago Eggflation is excuseflation https://pluralistic.net/2025/03/10/demand-and-supply/#keep-cal-maine-and-carry-on

Upcoming appearances (permalink)

Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
London: Resisting Big Tech Empires (LSBU)
https://www.tickettailor.com/events/globaljusticenow/2042691
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Launch for Cindy's Cohn's "Privacy's Defender" (City Lights)
https://www.youtube.com/watch?v=WuVCm2PUalU
Chicken Mating Harnesses (This Week in Tech)
https://twit.tv/shows/this-week-in-tech/episodes/1074
The Virtual Jewel Box (U Utah)
https://tanner.utah.edu/podcast/enshittification-cory-doctorow-matthew-potolsky/
Tanner Humanities Lecture (U Utah)
https://www.youtube.com/watch?v=i6Yf1nSyekI
The Lost Cause
https://streets.mn/2026/03/02/book-club-the-lost-cause/

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1031 words today, 47410 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

https://doctorow.medium.com/
https://twitter.com/doctorow

Medium (no ads, paywalled):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

18:49

Amazon enters “find out” phase [OSnews]

Now let’s go live to Amazon for the latest updates about this developing story.

Amazon’s ecommerce business has summoned a large group of engineers to a meeting on Tuesday for a “deep dive” into a spate of outages, including incidents tied to the use of AI coding tools.

The online retail giant said there had been a “trend of incidents” in recent months, characterized by a “high blast radius” and “Gen-AI assisted changes” among other factors, according to a briefing note for the meeting seen by the FT.

Under “contributing factors” the note included “novel GenAI usage for which best practices and safeguards are not yet fully established.”
↫ Rafe Rosner-Uddin at Ars Technica

Oh boy.

18:00

Slog AM: Iran Pulls Out of the World Cup, the Millionaires Tax Passes the House, and There’s Wild Weather on the Horizon [The Stranger]

The Stranger's morning news roundup. by Megan Seling

Wild Weather on the Way: The National Weather Service issued a wind advisory starting today at 3 p.m. through 6 a.m. Thursday. Whether you plan on hunkering down at home or heading out to the Torrent game for Cayla Barnes bobblehead night, plan on lots of rain and “winds of 20 to 30 mph and gusts of 40 to 45 mph.”

Trump Lied: Trump has been claiming that the missile that struck near a girls’ school in Iran on February 28, killing more than 165 civilians, most of whom were under 12 years old, was fired by Iran. Iranian forces are “very inaccurate,” he said. But new video shows a US Tomahawk missile striking near the school. “The US is the only participant in the war that is known to have Tomahawk missiles,” according to the investigative group Bellingcat.

How’d This Happen? Last year, the Trump Administration dismantled and defunded a program focused on reducing civilian harm. ProPublica reports, “Dismantling the fledgling harm-reduction effort, defense analysts say, is among several ways the Trump administration has reorganized national security around two principles: more aggression, less accountability.” I hope all those little girls haunt Hegseth in his coke-fueled nightmares for the rest of his fucking life.

Meanwhile: After this war threw oil prices into a tailspin, the 32 countries that make up the International Energy Agency have agreed to release 400 million barrels of emergency reserve oil to try to help clean up Trump’s mess.

Iran Pulls Out of the World Cup: According to Al Jazeera, Iran’s sports minister, Ahmad Donyamali, said, “Considering that this corrupt ⁠regime has ⁠assassinated our leader, under no circumstances ⁠can we ⁠participate in ⁠the World Cup.” Kind of a good point, tbh. Iran is scheduled to play the Pride game against Egypt in Seattle on June 26. Tickets to the game are currently going for $330–$7,495 a pop on StubHub.

These Men Are Not Serious Men: Apparently, Donald Trump won’t stop buying pairs of very specific dress shoes for all the men in his life. He just guesses what sizes to buy, but because he has also made it clear that he believes that "you can tell a lot about a man by his shoe size,” all the shoe recipients are afraid to tell Trump if their new shiny kicks don’t fit. So now there are tons of photos of Trump’s bigoted besties bumbling around the White House wearing shoes that are very clearly several sizes too big. HAHAHAHAHAHAHAHAHA! Totally normal human adult behavior!

More Totally Normal Behavior: It’s surprising they’re all willing to look so foolish in their big boy shoes, given how obsessed they are with appearances. Case in point: The Defence Department has banned press photographers after seeing some “unflattering” photos taken during the March 2 press briefing. The AP reports: “It is unclear whether one particular photo—or the sum total of the day’s shots—led to consternation among Hegseth’s staff.” 🎶 You’re so vain, you probably think this press briefing about dozens of dead Iranian children is about you / Don’t you / Don’t you. 🎶

Tax the Rich $$$: Last night, the state House approved the millionaires’ tax after more than 24 hours of debate. The final vote in the Senate could happen today. As News Editor Vivian mentioned in yesterday’s Slog AM, Gov. Bob Ferguson has signaled he’d sign the latest version if it crossed his desk.

Florida Man Evades Taxes: The new Millionaires Tax bummed out billionaire and former Starbucks CEO Howard Schultz enough that he decided to move to Miami. Good riddance!

Fund the Libraries: Yesterday, Mayor Katie Wilson announced her plans to fund the Seattle Public Library system. Her new levy proposal increases the 2019 voter-approved levy from $31.3 million to about $59 million, from 2027 through 2033. Our local libraries and their staff are struggling in so many ways. Capitol Hill Seattle Blog reported yesterday that within hours of Wilson’s announcement, a man was found unconscious and not breathing in the upstairs bathroom at the Capitol Hill Library. He was pronounced dead at the scene. Wilson’s proposal includes millions of dollars for social service referral programs and staffing upgrades, including human resource staffing.

They Paved Paradise and… Put in a pickleball facility. Maybe. At least, that’s what one developer wants to do with the old Joann Fabrics building in Ballard. I miss Joann so much.

Speaking of Passing Legislation: Yesterday, the Seattle City Council unanimously passed a one-year moratorium on new detention centers in Seattle. The bill, sponsored by Alexis Mercedes Rinck, comes after the federal government was sniffing around last year, looking for feedback on the possibility of a 1,500-bed facility. ICE OUT, THO. The King County council passed something similar last week, ultimately voting 7-2, with KC Councilmembers Reagan Dunn and Pete von Reichbauer voting no. Dunn called moratoriums “blunt tools.” You’re a blunt tool, Reagan Dunn.

Baby Gorillas! Two Woodland Park Zoo gorillas are pregnant, and both babies are due in May. I hope they’re both geminis. We could team up and take over the city.

View this post on Instagram
A post shared by Woodland Park Zoo (@woodlandparkzoo)

17:49

[$] California's Digital Age Assurance Act and Linux distributions [LWN.net]

A recently enacted law in California imposes an age-verification requirement on operating-system providers beginning next year. The language of the Digital Age Assurance Act does not restrict its requirements to proprietary or commercial operating systems; projects like Debian, FreeBSD, Fedora, and others seem to be on the hook just as much as Apple or Microsoft. There is some hope that the law will be amended, but there is no guarantee that it will be. This means that the developer communities behind Linux distributions are having to discuss whether and how to comply with the law with little time and even less legal guidance.

17:07

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker [Krebs on Security]

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.

Based in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical equipment maker that reported $25 billion in global sales last year. In a lengthy statement posted to Telegram, a hacktivist group known as Handala (a.k.a. Handala Hack Team) claimed that Stryker’s offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices.

A manifesto posted by the Iran-backed hacktivist group Handala, claiming a mass data-wiping attack against medical technology maker Stryker.

“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” a portion of the Handala statement reads.

The group said the wiper attack was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. The New York Times reports today that an ongoing military investigation has determined the United States is responsible for the deadly Tomahawk missile strike.

Handala was one of several hacker groups recently profiled by Palo Alto Networks, which links it to Iran’s Ministry of Intelligence and Security (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor.

Stryker’s website says the company has 56,000 employees in 61 countries. A phone call placed Wednesday morning to the media line at Stryker’s Michigan headquarters sent this author to a voicemail message that stated, “We are currently experiencing a building emergency. Please try your call again later.”

A report Wednesday morning from the Irish Examiner said Stryker staff are now communicating via WhatsApp for any updates on when they can return to work. The story quoted an unnamed employee saying anything connected to the network is down, and that “anyone with Microsoft Outlook on their personal phones had their devices wiped.”

“Multiple sources have said that systems in the Cork headquarters have been ‘shut down’ and that Stryker devices held by employees have been wiped out,” the Examiner reported. “The login pages coming up on these devices have been defaced with the Handala logo.”

Wiper attacks usually involve malicious software designed to overwrite any existing data on infected devices. But a trusted source with knowledge of the attack who spoke on condition of anonymity told KrebsOnSecurity the perpetrators in this case appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices.

Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies, and it provides a single, web-based administrative console to monitor and control devices regardless of location. The Intune connection is supported by this Reddit discussion on the Stryker outage, where several users who claimed to be Stryker employees said they were told to uninstall Intune urgently.

Palo Alto says Handala’s hack-and-leak activity is primarily focused on Israel, with occasional targeting outside that scope when it serves a specific agenda. The security firm said Handala also has taken credit for recent attacks against fuel systems in Jordan and an Israeli energy exploration company.

“Recent observed activities are opportunistic and ‘quick and dirty,’ with a noticeable focus on supply-chain footholds (e.g., IT/service providers) to reach downstream victims, followed by ‘proof’ posts to amplify credibility and intimidate targets,” Palo Alto researchers wrote.

The Handala manifesto posted to Telegram referred to Stryker as a “Zionist-rooted corporation,” which may be a reference to the company’s 2019 acquisition of the Israeli company OrthoSpace.

Stryker is a major supplier of medical devices, and the ongoing attack is already affecting healthcare providers. One healthcare professional at a major university medical system in the United States told KrebsOnSecurity they are currently unable to order surgical supplies that they normally source through Stryker.

“This is a real-world supply chain attack,” the expert said, who asked to remain anonymous because they were not authorized to speak to the press. “Pretty much every hospital in the U.S. that performs surgeries uses their supplies.”

John Riggi, national advisor for the American Hospital Association (AHA), said the AHA is not aware of any supply-chain disruptions as of yet.

“We are aware of reports of the cyber attack against Stryker and are actively exchanging information with the hospital field and the federal government to understand the nature of the threat and assess any impact to hospital operations,” Riggi said in an email. “As of this time, we are not aware of any direct impacts or disruptions to U.S. hospitals as a result of this attack. That may change as hospitals evaluate services, technology and supply chain related to Stryker and if the duration of the attack extends.”

According to a March 11 memo from the state of Maryland’s Institute for Emergency Medical Services Systems, Stryker indicated that some of their computer systems have been impacted by a “global network disruption.” The memo indicates that in response to the attack, a number of hospitals have opted to disconnect from Stryker’s various online services, including LifeNet, which allows paramedics to transmit EKGs to emergency physicians so that heart attack patients can expedite their treatment when they arrive at the hospital.

“As a precaution, some hospitals have temporarily suspended their connection to Stryker systems, including LIFENET, while others have maintained the connection,” wrote Timothy Chizmar, the state’s EMS medical director. “The Maryland Medical Protocols for EMS requires ECG transmission for patients with acute coronary syndrome (or STEMI). However, if you are unable to transmit a 12 Lead ECG to a receiving hospital, you should initiate radio consultation and describe the findings on the ECG.”

This is a developing story. Updates will be noted with a timestamp.

Update, 2:54 p.m. ET: Added comment from Riggi and perspectives on this attack’s potential to turn into a supply-chain problem for the healthcare system.

Update, Mar. 12, 7:59 a.m. ET: Added information about the outage affecting Stryker’s online services.

Introducing Moonforge: a Yocto-based Linux OS (Igalia Blog) [LWN.net]

Igalia has announced the Moonforge Linux distribution, based on OpenEmbedded and Yocto.

Moonforge is an operating system framework for Linux devices that simplifies the process of building and maintaining custom operating systems.

It provides a curated collection of Yocto layers and configuration files that help developers generate immutable, maintainable, and easily updatable operating system images.

The goal is to offer the best possible developer experience for teams building embedded Linux products. Moonforge handles the complex aspects of operating system creation, such as system integration, security, updates, and infrastructure, so developers can focus on building and deploying their applications or devices.

16:28

Sven Hoexter: RFC 9849 - Encrypted Client Hello [Planet Debian]

Now that ECH is standardized I started to look into it to understand what's coming. While generally desirable to not leak the SNI information, I'm not sure if it will ever make it to the masses of (web)servers outside of big CDNs.

Beside of the extension of the TLS protocol to have an inner and outer ClientHello, you also need (frequent) updates to your HTTPS/SVCB DNS records. The idea is to rotate the key quickly, the OpenSSL APIs document talks about hourly rotation. Which means you've to have encrypted DNS in place (I guess these days DNSoverHTTPS is the most common case), and you need to be able to distribute the private key between all involved hosts + update DNS records in time. In addition to that you can also use a "shared mode" where you handle the outer ClientHello (the one using the public key from DNS) centrally and the inner ClientHello on your backend servers. I'm not yet sure if that makes it easier or even harder to get it right.

That all makes sense, and is feasible for setups like those at Cloudflare where the common case is that they provide you NS servers for your domain, and terminate your HTTPS connections. But for the average webserver setup I guess we will not see a huge adoption rate. Or we soon see something like a Caddy webserver on steroids which integrates a DNS server for DoT with not only automatic certificate renewal build in, but also automatic ECHConfig updates.

If you want to read up yourself here are my starting points:

RFC 9849 TLS Encrypted Client Hello

RFC 9848 Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings

RFC 9934 Privacy-Enhanced Mail (PEM) File Format for Encrypted ClientHello (ECH)

OpenSSL 4.0 ECH APIs

curl ECH Support

Cloudflare Good-bye ESNI, hello ECH!

If you're looking for a test endpoint, I see one hosted by Cloudflare:

$ dig +short IN HTTPS cloudflare-ech.com
1 . alpn="h3,h2" ipv4hint=104.18.10.118,104.18.11.118 ech=AEX+DQBBFQAgACDBFqmr34YRf/8Ymf+N5ZJCtNkLm3qnjylCCLZc8rUZcwAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= ipv6hint=2606:4700::6812:a76,2606:4700::6812:b76

15:42

Government Spying 🤝 Targeted Advertising | EFFector 38.5 [Deeplinks]

Have you ever seen a really creepy targeted ad online? One that revealed just how much these companies know about your life? It's unsettling enough to see how much companies know about you—but now we have confirmation that the government is also tapping the advertising surveillance machine to get your data. We're explaining the dangers of targeted advertising and location tracking, and the latest in the fight for privacy and free speech online, with our EFFector newsletter.

JOIN OUR NEWSLETTER

For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This issue covers a victory for protesters seeking to hold police accountable, a troubling conflict over the Department of Defense's use of AI, and how advertising surveillance enables government surveillance.

Prefer to listen in? Big news: EFFector is now available on all major podcast platforms! In this episode we chat with EFF Staff Attorney Lena Cohen about how targeted advertising can reveal your location to federal law enforcement. You can find the episode and subscribe in your podcast player of choice:

Privacy info. This embed will serve content from simplecast.com

Want to stay in the fight for privacy and free speech online? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight against online surveillance when you support EFF today!

14:56

Dirk Eddelbuettel: RcppDE 0.1.9 on CRAN: Maintenance [Planet Debian]

Another maintenance release of our RcppDE package arrived at CRAN, and has been built for r2u. RcppDE is a “port” of DEoptim, a package for derivative-free optimisation using differential evolution, from plain C to C++. By using RcppArmadillo the code became a lot shorter and more legible. Our other main contribution is to leverage some of the excellence we get for free from using Rcpp, in particular the ability to optimise user-supplied compiled objective functions which can make things a lot faster than repeatedly evaluating interpreted objective functions as DEoptim does (and which, in fairness, most other optimisers do too). The gains can be quite substantial.

This release is again maintenance. We aid Rcpp in the transition away from calling Rf_error() by relying in Rcpp::stop() which has better behaviour and unwinding when errors or exceptions are encountered. We also overhauled the references in the vignette, added an Armadillo version getter and made the regular updates to continuous integration.

Courtesy of my CRANberries, there is also a diffstat report. More detailed information is on the RcppDE page, or the repository.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

Damn, It’s Windy [Whatever]

We briefly had a Tornado Warning in our area, which fortunately was quickly downgraded to a Thunderstorm Warning. Not that we had to be warned about that, it was in fact happening, and it brought with it 80mph winds. It was those winds that just now took out our porch railing.

We’re fine and everything else is fine, minus the power being out, which is a thing happening all over town. If this is the worst that happened around here because of this storm, we’ll count ourselves lucky.

— JS

14:07

[$] HTTPS certificates in the age of quantum computing [LWN.net]

There has been ongoing discussion in the Internet Engineering Task Force (IETF) about how to protect internet traffic against future quantum computers. So far, that work has focused on key exchange as the most urgent problem; now, a new IETF working group is looking at adopting post-quantum cryptography for authentication and certificate transparency as well. The main challenge to doing so is the increased size of certificates — around 40 times larger. The techniques that the working group is investigating to reduce that overhead could have efficiency benefits for traditional certificates as well.

13:21

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (kernel, kernel-rt, libvpx, nfs-utils, nginx:1.26, osbuild-composer, postgresql, postgresql:12, postgresql:13, postgresql:15, postgresql:16, and python-pyasn1), Debian (imagemagick), Fedora (perl-Crypt-SysRandom-XS and systemd), Mageia (yt-dlp), Oracle (delve, gimp, git-lfs, go-rpm-macros, image-builder, kernel, libpng, libvpx, mysql8.4, nfs-utils, osbuild-composer, postgresql16, postgresql:12, postgresql:13, postgresql:15, postgresql:16, python-pyasn1, python3, python3.12, python3.9, and thunderbird), SUSE (python-aiohttp, python-maturin, python311-pymongo, rclone, and util-linux), and Ubuntu (linux-nvidia, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, and python-geopandas).

For All Mankind season 1 [Judith Proctor's Journal]

I've just finished the first season of 'For All Mankind'. Enjoyed it, but I'm puzzled by the season finale.

How did Ed manage to get upto the Apollo module and down to the moon again? And then up again!

Surely there's no way salvaged fuel could power two lunar take-offs, let alone give the course correction for the Apollo module as well?

and the way lunar landers worked was for the base part to be left on the moon, in any case.

comments

Diabetes and iron deficiency.... [Judith Proctor's Journal]

Went to see the diabetes nurse today to sort out medication.

I forget how it came up, but apparently iron deficiency can lead to blood sugar readings that look exactly the same as diabetes...

So, now booked in for an iron test, just in case it isn't diabetes at all.

Also, skinny people can sometimes get Type 2 diabetes, so I'm not even sure which kind of diabetes I have... But the treatment is the same either way in the early stages, so what the heck.

comments

13:14

Blade Through the Heart [Original Fiction Archives - Reactor]

Original Fiction Space Opera

Blade Through the Heart

Graff and his crew face a particularly nasty challenge – an opponent so low-tech they might just have the advantage in this fight.

Illustrated by Eli Minaya

Edited by Ann VanderMeer

By Carrie Vaughn

Published on March 11, 2026

1 Share

An abstract illustration of a colorful humanoid, chest bursting with light, against a backdrop of space, several planets, and the ghostly forms of four other figures.

Graff and his crew face a particularly nasty challenge – an opponent so low-tech they might just have the advantage in this fight.

Novelette | 7,860 words

The three of us perch on a ridiculous tower on an impregnable fortress on an inhospitable planet at the start of an unexpected war. Bombardments pound back and forth on the front lines some ten kilometers away, with primitive gunpowder-launched projectiles, the shit people used to mix up by hand and shove into iron tubes with sticks. It sounds like endless thunder.

“Is this a joke?” Xun asked when we reached the tower after our insertion a few kilometers back on the mountain and got our first look at the local infantry: maybe fifty guys in homespuns carrying spears and swords. We have stun pistols and plasma weapons. We could take over the whole region without effort.

“It’s feudalism,” Brown answered.

Xun huffed. “Yeah, but why?”

“Because when you have a planet like this with shitty conditions and not many resources, people band together for protection, and then one guy takes over everything, and…” He waved his hand at our surroundings, a wordless conclusion.

Except usually, you get a few guys trying to take over everything, and they start fighting with each other, and the Trade Guild medical outreach mission that was here trying to vaccinate children and teach about clean water gets caught in the middle and taken hostage. The Visigoth crew has a pretty specialized skill set, getting into and out of situations like this, both in space and on the ground. What’s upsetting is how busy we are. Modern civilization is supposed to be past shit like this.

Because of the regressive tech here I thought we’d be able to cut a hole in a wall of this place—a castle, an actual damned castle—and walk right in. That’ll teach me. The bulk of the structure is set halfway into a stone cliff. Granite everywhere. It would take a plasma drill to breach the walls. It must have been built during the planet’s early colonization phase, before the society devolved into medieval pastiche. Me being this wrong shouldn’t be that much of a problem. We just have to find another way in, right? It’s not like anyone’s been killed. Yet.

“Xun. Is something off-gassing up ahead?” My helmet and visor make my voice sound too close. There’s got to be some kind of ventilation system around here. She’s taken point and is able to see around the tower’s curve. If there’s a vent, her IR filter will see it.

Xun’s answer comes back over helmet comms. She’s small, wiry, tough, and always sounds a little bit angry. “You can’t see for yourself?”

“You’ve got the same IR filter I do,” I snipe back. “And you’re in front, I can’t see anything.”

“I thought you might have some kind of, I don’t know.”

“Some kind of what?”

“Optical enhancement? Do you even need an IR filter?”

And here it is. We finally come to the threads of tension and annoyance that are making this mission feel like a chore. “No? If I had my own optical enhancement why would I ask you to look?”

“I don’t know, trying to make me work harder?” She seems skeptical.

Brown snorts a cut-off laugh on the channel. The burly combat tech is leaning on the edge of a crenellation, clinging to the stone with his prosthetic right arm. His helmet visor is mirrored over, but I can imagine the smirk on his face.

“Just tell me what you see,” I nag. I’m definitely nagging. “Is there a vent?”

After a pause, she answers. “Yeah. A chimney? Red-hot, a whole plume of smoke.”

Any opening should indicate a weakness, and therefore an opportunity to break in.

“That’s our spot,” I answer, inching forward.

We creep along, clinging to stone that is half natural, half carved into a spikey tower that should have repelled any invaders, but we’ve got micro-grip treads on our boots and gloves, along with whole collections of clamps and pitons keeping us in place. Makes progress slow, but we’re not going to fall. We find a flattened part of the roof where an old-style clay chimney sticks out of a hole drilled into the rock, along with a set of newer steel piping bracketed in place, feeding from various sections of the fortress. Xun gives an analysis of what’s coming out of them: carbon dioxide and various waste from combustion, mostly old-fashioned coal and wood fires. Bits of ash float up on puffs of heated air.

The covers of the chimneys and pipes are rudimentary, just screwed together and lashed with wire. Prying them open exposes a shaft, half stone and half brick, patched in places, piping bracketed together with repairs that have taken place over decades. No obvious way to climb up and down, and I wonder how many maintenance workers have died trying to get up here. My opinion of this planet is getting even worse. I feel like we’re using lasers to invade an anthill. I shouldn’t get overconfident. A blade through the heart probably won’t actually kill me, but it’ll hurt like hell.

Without an obvious ladder, we’re going to have to rappel down. I start pulling ropes and anchors from my belt—and Xun takes them out of my hands.

“I can get that.” She secures the anchors, which is usually my job.

“I suppose you’ll take point, too?” I grouse.

“Yeah. We’ve got it, you keep a lookout.”

So I guess I’m just supposed to sit here. Nothing to see but a bleak, barely habitable landscape stretching in all directions, broken only by lines of crumbling ridges and cliffs. And billowing towers of smoke from the battle, which seem to be coming closer at a noticeable rate.

Xun and Brown prepare the lines, handing off and double-checking clips. As I hook in, Brown triple-checks mine. Then his mirrored visor looks right at mine. Two mirrors reflecting each other.

“You sure you’re okay for this, sir?” Somehow, the sir sounds placating. Condescending.

“I’m fine.”

Xun starts down, and Brown nods. “You next, sir.”

Putting me in the middle like I’m some noob. It’s like they don’t need me at all.

They’re screwing with our usual process. I suspect they’re talking together about me on a private channel. Discussing how to manage me. Whether they can trust me. So I hack into their comms. That is one of my enhancements, that Xun doesn’t even know to ask about.

And…no private channel. Their comms are only operating one channel, the one we’re all on. Trust issues all around, yeah. I’m a jerk.

I start rappelling down. Brown takes the rear and secures the panel behind us. Our helmet lamps light the way. The descent gives me time to stew. I can’t tell if Xun and Brown are worried that I’m not fit enough for the mission. Or if they’ve stopped trusting me entirely. If that’s the case, I can’t blame them. This is our first major ground operation since the crew of the Visigoth learned my secret, and my colleagues are looking at me like I’m not entirely human. Because. Well. I’m not entirely human.

I’m trying to act like everything’s normal, but nothing’s been normal since the accident that blew my guts open and revealed a whole lot of artificial augmentations that are supposed to be illegal in Trade Guild space. They’re not illegal where I come from. Not that that matters, when I’m not what anyone thought I was and my crew doesn’t trust me anymore. Nobody questions the reliability of Brown’s prosthetic arm—it’s a legal augment. Also, he never lied about it.

The accident happened four weeks ago, when an explosion in my runner blew out most of my midsection. Without my rapid-heal augmentations, I wouldn’t have survived to lead this increasingly frustrating hostage rescue. I can’t fault them for questioning everything about me now. I’ve been wondering if staying with the crew is a mistake. If I’ve destroyed the unit cohesion that makes us—made us—successful. Maybe I should have quit the Visigoth when the truth came out and saved everyone the trouble. I knew this was going to cause problems. I knew it would change everything. I just didn’t want to give it all up. That’s me all over, a selfish s.o.b. at heart. If I ever manage to save the world, maybe no one will notice I’m actually a jerk.

Twenty minutes into a hostage rescue is not the time to be regretting recent life choices. I can do that after we get the targets to safety. Talk to Captain Ransom and let him decide if I’m making a mistake by staying. Meanwhile, the larger Trade Guild expeditionary force is on its way, to attempt to contain the fighting. We have a deadline.

The thing about archaic fortresses built in stone is they roughly follow a similar floorplan, even across the centuries and light-years. They’re built along similar tactical and logistical philosophies. They’ll have defensive measures, storage areas, living quarters, and probably large and extraneous ceremonial spaces. There will be wells or springs carrying fresh water. Somewhere near that, we’ll find kitchens. Probably at the other end of some of these chimney pipes.

And somewhere, there will be prison cells where people are kept under lock. Alternatively, high-value prisoners like our hostages might be in regular living quarters. Treated well, as they say. Either way, we expect to find guards between us and them.

If this were a normal site on a normal mission, I could tap straight into the comms and computer networks to locate all the personnel and prisoners, and have any unusual movements nailed down in a second. Xun would ask if that little talent is part of my modifications and I would have to say yes. But the fortress has zero electronic or computerized infrastructure. They probably communicate with homing pigeons or messages tied to arrows.

The bottom of the chimney shaft is about two hundred meters down. A couple of times, explosions hit close enough and big enough to rattle dust and debris on us. We duck our heads and wait it out. At the bottom, Xun steadies the lines while Brown and I unclip. They trade a nod, a couple of hand signals—Xun indicating she’ll take point along the corridor. I put my gloved hand on her arm. She actually flinches.

“I’m still in command,” I whisper. Nothing outside our helmets can hear the comms. I whisper anyway. Reflex. And I maybe want to avoid yelling at them for insubordination.

“Of course,” Brown says, before Xun can spout off. “We’re just…you were flat on your back a couple of weeks ago. Are you sure you’re okay?”

“I wouldn’t be here if I weren’t.” And because I can’t help poking, “You know, if you don’t trust me anymore maybe you should have said so before we landed.” Let’s just get it all out in the open, yeah?

“It’s not that,” Xun says. I expected that line from Brown. I can imagine her expression—screwed up, jaw tight. “It’s…” She trails off. Worse than the flinch.

“We should get moving,” Brown says. “You want point, sir?”

Yeah, I kind of do. I set out, and don’t glance back to see if they’re taking up their usual positions behind me.

Corridors built of stone blocks intersect here, with arched doorways and vaulted ceilings. Oil-lamp sconces light the way at intersections, but their fuel is running low, flames on the wicks sputtering. Our suits have sound-reducing baffling and stealth components; as long as we keep to the shadows, no one will see us. Voices echo ahead, along with pounding footsteps, the noises of anxious preparations, shouted commands and replies. The locals aren’t speaking Prime. Our comms have a translator module loaded with the local dialects, but the words aren’t clear enough to get anything but static.

We follow the pipes, and as I hope, the larger part of the corridor leads to a kitchen. Young men in brown tunics are moving back and forth through the far entrance. I’m guessing that leads to barracks or other living areas. I travel through a different archway, deeper into the fortress. For a time, quiet falls. I’m mapping the passageways as we go, storing our route in my processor for instant recall, for when we need to head back this way.

The shouts start back up; we get to a section of the fortress where guards stand at every archway and intersection, like they’re expecting to be invaded. Preparing for a defense. All men, the soldiers wear leather cuirasses and a variety of scavenged helmets. They’re carrying swords and spears.

We’re still in stealth mode, managing to keep out of sight. If the guards see a flicker of movement, they’ll think it’s a rat. We’ve seen several rats. The tunnel comes to an end up ahead at an archway three times wider than any of the others, and instead of torchlight, some actual natural lighting pours across the stone, from a courtyard or clerestory windows or the like. The light is red, the sun filtered through soot and ash, apocalyptic. A shouting voice echoes against the stone. We’re able to press right up to the archway to take a look.

In the middle of a large hall, half of it open to sky, a guy in a very impressive outfit is screaming at a bunch of kids in cobbled-together armor, carrying edged weapons. I have to pause and unpack the scene.

The screamer, the general or king or whatever, is big and burly looking. If I saw him blustering in a bar I’d probably decide to go somewhere else to drink. He’s wearing a big shaggy fur coat, like it came off a musk ox or woolly mammoth, oily and rough. He wears a pointed crown of bronze, nubbly and spikey. His boots are big and loud, and his grizzled beard has probably never been combed. The translator still can’t pull apart what he’s saying, but it’s pretty clear he’s unhappy and dressing down his minions.

The kids, his personal guard one assumes, aren’t really kids. They just seem like it because they’re smallish, undernourished, and they’re shaking. The swords in their hands are wobbling. They’re probably seventeen to twenty or so, which was the same age I was when I left home, so I understand that they’re looking for glory and honor and whatever their king has told them they would find here. But they should be doing anything other than standing here pissing themselves over this blowhard, who is trying to psych them up for battle. They hold decent swords, shining and sharpened. But it’s laughable. We could hit them all with our stunners and they’d never know what happened.

We don’t want them to know we’ve been here, that’s the goal on this one.

I tap my helmet camera to make sure it’s recording. Not that it’ll change anything or do any good. It’s not like Trade Guild has enough jurisdiction here to hold anyone accountable. But I feel like there ought to be a record.

Xun notices, tilting her head. “I thought you had an implanted camera. Like your eyes record whatever you see.”

And that’s only part of why my people keep what we are secret. Outsiders never understand. “That’s not how it works.”

“You told the captain you record everything—”

“I record my experiences. It’s subjective, not for making records, and I can’t share it.” At least not with unaugmented people from outside. “Look, it’s complicated.”

“If you say so.”

I hate this. We used to be a team. This isn’t the first hostage extraction the three of us have been on. The one before this one was extra complicated. Delightfully complicated. A couple of Trade Guild officers caught by pirates and stashed in a life pod floating in orbit above a minor asteroid around a minor star, waiting to either get ransomed or spaced for their trouble. No airlock or suits to get them out of the life pod. So we arrived and strapped a modified engine to the outside of the pod and steered them out of danger. The three of us were EVA for almost the whole thing. We needed stealth, engineering, speed, comms, the whole package, and we did it all without talking. Just knowing that we could do the job. Trusting.

That was a month before the accident. Now, I think when they look at me they see something else and I don’t know how to fix it.

Quietly, we move around the corner to the next corridor. When we reach a set of narrow stairs leading down, I know we’re in the right place. The cell block is two levels down, and we find the hostages in a stone room bounded with floor-to-ceiling steel bars. Three guards stand on alert.

Xun and Brown trade hand signals. They seem to glance at me as a courtesy, confirming the plan. Sure, why not, I nod back. Our usual jobs, then. The two of them come up behind the guards and place stun pistols on the backs of their necks. The third one gets out half a gasp before Brown takes care of him, too. The three men sink to the floor with sighs. My people haul the slumped-over guards out of the way. Clean, quiet.

Meanwhile I jimmy the cell lock and swing the door wide.

Twelve people are here, most of them resting against the walls or curled on their sides, on dirty straw. We’d been told there were five hostages, so already this is off plan. Those who are awake shake those who aren’t, and soon they’re all sitting up. Their clothes are bloody and torn, their bodies filthy. They all have that ashy sunken look of exhaustion and hunger that shows through no matter their skin colors.

One gets to her feet and approaches. She has tangled red hair held up by what looks like a broken stylus, and she puts herself between me and the group. I recognize her from the briefing: Dr. Avery, head of the medical mission. Just who I’ve been looking for.

Xun starts forward, like she’s going to take point on this too. But over comms I tell her, “I’ve got this.” And what do you know, she backs off.

I pop open my faceplate and try to look nonthreatening, even while I’m keyed up and stressed out and wearing a combat-grade hard-shell environment suit. Avery’s fists are closed, and she’s got this jaw-clenched expression of desperation, like she thinks she’s going to have to fight me, however useless that would be.

“I’m Commander Graff of the TGS Visigoth. This is your rescue.”

She breathes out a sigh and drops to her knees.

We don’t have enough water and ration bars for everyone, but we distribute what we have, just to get people woken up and on their feet. This many hostages changes our escape plan. I don’t think we can bring everyone back to the tower roof for extraction by shuttle. The bombardments are getting closer, and the periodic explosions rattling dust from the ceiling aren’t helping anyone’s mood.

I dig into my very good memory to review the schematic of the tunnel systems, various ingress and egress points, whatever reconnaissance could tell us. We’d skipped ground-level exits before, assuming they’d be too well guarded. I send Brown to scout ahead to find the path of least resistance, with instructions on where the likely exits are.

I tap Xun’s shoulder. “See, that right there is one of my enhancements. Detailed instant memory access? That’s artificial. You didn’t even ask.”

She stares. “I just always thought you had a really good memory.”

“I do.” I’m a little offended.

“Yeah, but not like artificially good.”

If I’ve had it my whole life, is it even artificial?

Avery explains the extra people. They folded a group of Trade Guild diplomatic observers into the medical unit when fighting broke out. They were two hours from a planned extraction when the fortress people captured them.

“I’ve got four injured,” she says, when I ask for a briefing. “Three ambulatory, but one has a broken leg. Stable now, but—”

“Right. It’s fine, this is just the kind of thing we do.” More complications. Wouldn’t want the job to get too easy, right? Kind of thrilling, facing a challenge I know we’re prepared for. Everything would have to go just right for us to pull this off. So we have to make sure it does.

“But there’s just three of you!” She sounds skeptical.

I’m really tired of skepticism just now. “You’ll have to trust me. We’ve done this before.”

“I’m just…depressed that this kind of thing happens that often.”

Yeah. “We need to work out a marching order.”

She’s the kind of person who does better when she has a job, so I’ll have to make sure I keep giving her one. With her help, Xun and I identify the strongest members of her team. These, we assign to helping the injured. We show them how to carry the non-ambulatory one in a sling made of their arms. They’ll switch out every couple of hundred meters, so no pair gets too tired.

At one point, Xun pulls me aside. “How are you holding up?”

I almost snap that I’m fine, I’m stronger than she is, in better shape, no sign of injury except to my pride. I manage to hold back and even smile a little. “I’m good.”

“Hey,” Brown announces over comms before he trots around the corner and we accidentally shoot him. “Stables,” he says brightly. “They’ve got horses and milk cows and shit. Actual shit—they haul it out of an access tunnel. No guards.”

“Hell yeah,” I say. And away we go. I make Brown point, string out the hostages behind him with Xun as escort. Avery and I take rear. I start to argue with her about it—I want to keep everyone else together. But she’s doing the same thing I am, making sure everyone sticks together and watching for stragglers. I don’t want to spend the energy on an argument about it.

Brown says the exit tunnel is a couple hundred meters away. It’s going to be a hell of a trek, and once we get out we still have to get distance between us and the fortress. Twelve people, a third of them injured, make a lot of noise. It’s making me twitch.

We pause the group at each intersection. They’re huffing and malnourished. I worry that one of these stops, we won’t be able to get them started again. Twice, we encounter fortress residents, but they’re unarmed and clearly terrified. Their clothing is rudimentary, shirts and trousers, tunics and skirts, hair braided and tucked up under hats. The first group sees Xun in her shadowy, insect-like black armor, pistol in hand, and they just turn and run. The second group appears to be two women, and they cling together and press themselves to a rough-hewn cave wall. The chicken one of them had been holding drops to the ground, squawking, and flaps away in a flurry of feathers.

This is all so ridiculous.

Xun puts up a calming hand, and I shuffle the hostages along quickly. The women stay frozen, and I wish I could explain that we’re not going to hurt them, but the translator still hasn’t figured out the dialect here. I’m going to have unkind feedback for the briefing files we got on this place.

One of those people, support crew or staff or whatever they are, is going to report us. We don’t have much time.

The floor under us goes wobbly. A full ten seconds of shaking knocks a couple of the group down. Someone screams, quickly cutting off the noise. That was an explosion, and an aftershock reverberates through the walls.

“That was close,” Xun says over the comm.

The fortress is coming under direct bombardment now. Another time crunch. But I don’t think we can move any faster than we are. At last, the tunnel widens. I hear something odd up ahead, some kind of guttural wail echoing against stone.

“What the hell was that?” I comm to Brown.

“Cow, sir.”

Huh. Okay.

We enter a room that’s lined with stalls, and sure enough, a handful of stout, flat-nosed creatures with bulging udders are milling around an enclosure. Across the way a row of smaller enclosures holds horses, much prettier than the cows and much more high-strung. The rumbling of explosions has them riled up. Huffing and snorting, they’re all but bouncing in their confined spaces, their hooves clomping on stone. It’s interesting, but I don’t have time to linger. A big arched doorway leads to the wide-open outdoors. We’re almost out.

Then my suit pings a proximity alert. People, on foot. If I hold my breath, my augmented senses can hear bootsteps on stone. If it’s very quiet, and I focus, I can hear heartbeats.

It’s not that quiet right now.

If we were in civilized space, I would ping whatever tablets and comms they’re using to get exact locations and movements. Hide, let them pass, sneak up behind them, stun them all without fuss. It’s ironic, that with zero tech, these guys have an advantage and don’t even know it.

“Xun, Brown. Take everyone outside.” I glare at Avery and muster all my authority. “You go with the rest, make sure they get out.”

“But—”

“Sir,” Xun replies. I deeply admire her for being able to convey so many different meanings with that single word.

“Opposition’s on the way. I’m running interference. Don’t argue.” My authority is pretty damn fierce when I want it to be.

It turns out we’re all too late for an escape, because a squad of the locals comes pouring in from the tunnel, shouting threats and holding bows and arrows. A few more circle around to our would-be escape route. They’re kids, playing with swords. They don’t act like kids. Their grips on the weapons, their stances—shoulders loose, strides swinging—show that they know what they’re doing. But they’re thin, gangly, not done muscling up. They can’t be more than twenty.

The translator still isn’t working but the tone of the ones shouting is clearly a demand to surrender. Xun and Brown set up a protective shield, hostages between them, their weapons out.

We could stun them all. In one scenario, Xun, Brown, and I just shoot them. Take them all down, no blood shed. That’s how I want to do this, clean and quiet. A couple of those arrows will probably get loosed, and I can gamble they won’t do fatal damage. I’d prefer no one get hurt, us or them. None of this is these guys’ fault.

Then Dr. Avery pushes past Xun. “Please. You have to let us go. Holding us will only hurt you.”

She must think she’s helping, negotiating from a place of desperation. “Doctor, please let me handle this.”

This is when the translator module decides to finally start working and spits out a tinny-sounding version of what I said in the local dialect.

The local soldiers flinch, eyes going buggy and fearful as they mutter among themselves. Like I’ve cast a magic spell. I wonder what I look like to them: something otherworldly, speaking with an artificial hiss. Or maybe I just look like a bad guy.

I take off my helmet. Show them I’m human, like them. Well, maybe not quite like them, but close enough. This gets an even bigger reaction. The guys with the bows and arrows are twitching. The ones with swords look like they want to charge me.

But they’re all looking at me now, and that was the goal.

One of them steps forward. He’s got some metal plates on, hand beaten, put together with leather straps. He might be a year or two older. The commander? Or the only one who’s lived long enough to carry forward any experience?

He speaks, and the translator stutters. “You! Surrender! In the name of Lord King!”

“I’m not doing that,” I say slowly, to give the translator time to process. A moment later the module answers for me.

He seems surprised when the words burble out, when he can understand them. Pleased for a moment, eyes lighting with understanding. “Ah! You will. You invade us. We stop you.”

I trust Xun and Brown to make the same calculations I am. That we can shoot. We can end this quickly. Quickly, but messily. I don’t dare look over at them to try to signal. I have to trust that they understand.

“Come,” the soldier says, determined. “You come. With me. Offerings to Lord King.”

Everything I learned about this Lord King in the briefing suggests he doesn’t deserve offerings. But he’s all this kid knows. What else is he supposed to do? If I make any move with my weapon, make any gesture, he’ll charge, and all his soldiers with him. A regular melee.

“You. My prisoners. Or I kill,” he says, hefting his sword.

I get an idea. Xun and Brown aren’t going to like it. But it’ll keep this from turning into an all-out battle.

“No. I challenge you.” I thump my chest. If I’m reading this guy, this whole culture right, this’ll work. “Single combat. Sword to sword.”

The locals get restless. A couple of them toss out comments—they’re talking over each other, the translator can’t sort them out. But the guy in front of me answers firmly. “Quiet! My choice alone.”

Ah, there it is. Fire, determination. What’s more impressive than bringing prisoners to Lord King? Defeating the hated enemy in single combat.

“You and I can settle this,” I say. “If I win, they go free.”

“You lose, they are prisoners.” He points to the hostages, to Xun and Brown.

“All right,” I say. Because I can’t lose. Right?

Xun pops her visor to tell me off. “Graff. The hell. You don’t have to be a freaking hero.”

“Yes I do.” I throw her my stupid grin. “You know I can’t get hurt.”

“That’s a lie,” she snorts. And, well, she’s right.

The locals clear a space in the middle of the aisle. The livestock are still rustling nervously, and the explosions are still punching the air intermittently.

“I need to borrow a sword,” I say, holding out my hand.

The guy, this kid, this brave stupid kid, steps forward and hands me his own, hilt first. I take it, nodding. One of his men passes over another one for him to use.

“Sir, I could just stun him,” Xun says.

“Don’t,” I order. “I want him to know that we’re people of our word. That we can be trusted.” The translator repeats this. My opponent narrows his gaze, uncertain. He’s got pale, windblown skin. Everyone here has a kind of permanent sunburn. His hair is dark, braided back. He’s one of the few here with a beard, rough and curly. So few of the fighters here have beards.

He nods at me. “You. Without shell. Make it fair.”

Ah, he recognizes it’s not a fair fight. Well, all right then. I take off my armor, which is a bit of a production, unsnapping releases and connectors. The guy seems fascinated, watching an ordinary-seeming man emerge from beetle-like plates. I have to acknowledge the aesthetic choices that went into designing our field suits, making them streamlined and otherworldly, dark and shining. We hit that old idea of the uncanny valley, simultaneously familiar and alien. It’s designed to scare people. I’m left in a matte black undersuit, fitted but wrinkled around the joints. I look undeniably human.

This time, I glare at Xun before she can complain, and she doesn’t speak.

The guy approaches, hefting his sword in an easy grip, grinning like he finally understands the situation. Ell would kill me if he knew I was doing this. Well, not really. The Visigoth’s doctor hasn’t killed anything in his life as far as I know. But he’d be very upset with me if he knew I was putting myself in danger. On purpose, I mean. I’m hard to kill, but I’m not indestructible. I’m in love with Ell, and I’m the luckiest jerk in the galaxy that he’s in love with me. Somehow, that survived me spilling my artificial guts out on his operating table.

He’ll never forgive me if, when, I actually die.

But I’m not going to die, not right now, like this. I’m sure of it. “Right, kid. Show me what you can do.”

“I’m not a kid!” the translator spits angrily.

And that’s the part of my brain that deals with morality and ethics breaking. Breaking a little more, rather. What I’m feeling now, how bad I’m feeling, it all goes into my processor. That’s what gets recorded. What I couldn’t explain to Xun. The rest is dry facts.

“I really don’t want to do this.”

He laughs. “You a coward.”

I’m way past a taunt like that having an impact. “Irrelevant,” I say.

Snarling, he gets ready to charge. “For the honor of Lord King!”

I get my sword up to block his wildly telegraphed attack. And we’re off, him swinging crazily, maybe hoping to overpower me. His men are cheering him on, shouting approval at each blow they think is going to land. I block every single blow, scooting back until I reach a wall and can’t anymore. He’s not faster than me; he’s not stronger than me. I could stand here blocking all day, he’ll never get inside my guard. He’ll tire out before I will. I just have to wait him out.

The thing is, he’s good. He’s putting crazy force and speed into his attack, trying to shock and overpower me before I can organize a response, but the blows are controlled, aimed. He’s choosing his lines. He fights like he’s been training his whole life. That makes me just as sad as the rest of it.

I hold my ground. He’s giving me a good enough fight that I can’t really take time to talk. We should be able to talk this out. I just want to leave with my charges alive and safe. But to him, that would represent failure. Compromise is extraordinarily difficult when two sides are operating on entirely different value systems.

I would bargain with his life, but he doesn’t seem to value it.

He’s getting tired, his steps stumbling. The pauses before he raises the weapon again are getting fractionally longer. I keep up my guard. I take him seriously because I don’t want him to think I’m mocking him. I just want him to stop.

When he’s gasping for breath, when sweat mats his hair to his face and he pauses to swipe a sleeve over his eyes, I rush him. Exhaustion has gotten him. He loses his footing.

I beat his sword away and fall on top of him, knee into his stomach, hand on his neck, my own sword threatening. “I win. Now, I need you to not come after me. Got it?” The translator is full of static, like it’s just as worn out as we are.

He writhes, struggling to break out of my grip—and then wrenching pain hits me.

That was the knife from his belt going into my belly. A good hit, and he doesn’t just stab; he twists and drags, a movement that will open my gut and pull out my innards. If I had the standard gut and innards.

If I back off, he’ll follow up with something worse. So I can’t move, can’t let him go, and he’s not letting up. The knife goes deeper, and blood is pouring. He’s already soaked in it, and I’m feeling wet and squishy. The local soldiers cheer wildly. They’re waiting for me to fall over.

I’m out of time. I need to get my people out of here. I squeeze his neck to cut off his blood supply. He chokes, bucking a couple of times, still trying to throw me off. At last, he passes out.

The chamber falls silent. A whole crowd, waiting to figure out who lost. I’m not sure myself.

I fall back, dizzy, angry, ugly with the mess of it. The knife is angled under my ribs, right up to the hilt. The skin around it is flapping open. My self-repair system is screaming, working to stem the flow of blood and put the pieces back together. It can’t do much about the pain right now—there’s just so much of it. If I could sit here for an hour or two, I’ll be fine. But I can’t.

The soldiers are jostling, as if they can’t figure out whether to rush me or flee. Still waiting for me to die. They must be so confused.

Xun’s the one who finally rushes to me, swearing. The visor of her helmet’s still open. Her expression is pursed with anguish. “Doctor! Get over here!” Avery starts toward us, before I wave her off.

“No,” I mutter. Avery’s a doctor, and she’ll try to doctor all over me, dammit. “No, I’m fine. Got it?”

Our gazes meet. For just a moment, Xun’s confused. She’s going to reflexively argue like always. But then she nods, settling into determination. This is a secret. She knows it’s a secret, and she understands. Finally.

I yank out the knife, throw it away, and cover the wound with my forearm as best I can. Laugh a little, but the sound comes out whiney. “Just a scratch. Seriously.” I’m sitting in a damned pool of blood. It’s not just a scratch.

“Graff, you’re always pulling shit like this,” Xun mutters, maybe a little too forcefully.

The kid should be sitting up by now, as blood hits his brain again. But he isn’t. He’s very quiet. I hold my breath a moment.

His heart isn’t beating. “Him,” I tell Avery. “Look at him, he needs help.”

She checks his neck, listens for breathing, and shakes her head.

“Then do something!” I say. “Chest compressions, something—”

“We need to go, Graff,” Xun calls.

Shit. Shit shit shit. “Okay. Xun, Brown, get them out of here. Here, get my armor.” I hand pieces to Avery, who gathers them up.

The soldiers stay put. Stay silent. They just stand there and watch us go, because that was the deal. I hold back a moment and retrieve the kid’s sword. Put it on his chest, touch his cheek. As much of a salute as I can manage. I study him. I’ll remember him forever.

Now let’s see if I can walk without letting on how bad it is. I succeed, nominally.

“You’re going to need surgery,” Avery says tightly. She looks like she wants to help, sling my arm over her shoulder and support me as I limp out of here. Fortunately, she can’t, because she’s got my armor.

“Yeah, yeah, sure.”

The local soldiers part and let us go.

Xun and Brown are waiting about a hundred meters outside the stable entrance, with the former hostages under their watch. The bombardment is now striking the next ridge over. The tower where we’d started this whole party is gone. Maybe the kid would have died anyway. We’re saving a few hostages because they’re ours. But we’re leaving a whole planet to burn.

I’ll think about it later.

Xun steps up to my side and doesn’t have any qualms about pulling my arm over her shoulder to haul me away. “Extraction point is under attack. The expedition regulars are here mounting a defense. It’s a mess.”

“But we got out,” I sigh. “Mission successful.”

“Yeah, yeah, saved all our asses, very nice. Hey, Graff? You okay?”

I scrub my eyes with the back of my hand. “I couldn’t think of anything else. The kid…I didn’t mean to. I didn’t.”

“I know, sir.”

A MilDiv shuttle belonging to the expeditionary force that is now blockading the planet has parked on a patched-together landing pad at the opening of a gully, as defensible as they can make it. An energy shield shimmers over the site, and a couple of gun placements lob shock blasts in the direction of the battle. Along with a couple dozen armored MilDiv troops, a couple hundred local soldiers are milling, and another hundred are laid out, bloody and injured. I can’t tell what side they’re from. Maybe both.

As we hobble up, Brown takes point and waves for help, but Avery preempts him. She thinks she’s in charge.

“Medic! I have wounded!”

Suddenly Ell is right in front of me. Well, not suddenly, he marches out of a collection of stretchers and busted-open medical kits, all business, all professional. I can’t help but smile, I love it when he’s working hard and being competent.

Avery pokes at me. “He’s wounded.”

“I’m running triage here,” Ell says tiredly. He’s got blood on his coveralls and a surgical mask hanging around his neck.

“And he’s a yellow! He needs help!”

Ell meets my gaze. I just want to kiss him silly, and I’m probably wearing a goofy grin, and we don’t have time for any of that, so I just say. “I’m green.”

“You’re gutted!” Avery says, horrified. “He’s got a ten-centimeter abdominal laceration with intestinal damage! I don’t know how he’s even walking!”

All right, so maybe I didn’t hide the injury as well as I thought I had. I suspect Ell wants to ask what exactly happened, but he doesn’t have time. I say, very calmly through the pain, “Green.”

“Right.”

“Ell,” I burst. It’s about to all come out. “I killed him. This kid. I didn’t mean to.”

He peels off a sterile glove and cups my cheek, which is scratchy with stubble. I feel all his concern in the touch. “We’ll talk later,” he says. Triage, right. I’m a green. I can wait. “Xun, Brown, take him over there, get some food and water into him.”

He points at a lean-to out of the way of the rest of the chaos, where a dozen people with cuts and abrasions and maybe a broken bone or two—all the greens—are slumped on the ground and on cots, waiting patiently. Most of the activity is around a tent under a sterilization field. A surgery unit.

Avery stares at Ell like he’s insane. “But—”

“Avery, right? You’re a doctor?” he asks firmly. “I could really use your help in surgery. This way.” He turns back to the tent.

“I’m fine,” I tell Avery, then shrug a little as I amend, “I’ll be fine.” The wound is already half healed. I don’t want to have to explain. She might be crying a little, when she goes after Ell.

I’m about to repeat to Xun and Brown that I’m fine, that I can get my own water, but without a word they haul my arms over their shoulders and walk me over.

At this point, all I really want to do is sit down. So I do, pulling away from them and sinking to the ground, leaning against an equipment case. The pair of them sink right along with me. We all lose our helmets and help each other peel out of our armor. The headband holding back Xun’s dark hair is damp, and Brown’s beard is dripping, sweat stains darkening spots on his undersuit. My face itches; I think there’s some blood drying on it.

“Well, that was fun,” Brown says, deadpan. We’re too tired to laugh at the bad joke.

Someone hands us bottles of water, and that’s really all I need, to get some fluids so my repair system has something to work with. It’ll go faster now that I’m still.

“Are you really okay?” Xun asks, and I almost shoot back a sarcastic question, asking if she really cares.

I reveal my midsection, the cut in my shirt that’s soaked in blood, and the skin underneath, already sporting a pinkish, peeling welt of a scar. It’ll be gone by the end of the day.

“Well. There you go,” she says flatly.

“That’s never not going to be weird,” Brown says.

We’re sitting shoulder to shoulder. They’re not looking at me in horror. It’s something.

“Fighting that guy was stupid,” Xun says.

I shrug. “Yeah. But no one else got hurt.”

“Okay, sure.”

I sigh. “I should probably go explain to Avery that I’m not dead before she tries to revoke Ell’s certification for screwing up a triage assessment.”

“She wouldn’t.”

“She’s a crusader. She might.”

A box of ration bars appears. I devour three, and my insides stop feeling like goo.

Things calm down. The last blast shook the ground thirty-six minutes ago. We’re the last of the wounded to arrive. Maybe it’s over. I’m expecting Xun and Brown to get up and leave, go check in with Captain Ransom or help with the mopping up. But they stay close, and I’m grateful.

“Hey,” I say suddenly. “Preliminary debrief. Are we okay? I mean operationally. Other than me getting in an unnecessary fight, did everything go okay?”

Brown tilts his head thoughtfully. Xun opens her mouth to speak, hesitates, and tries again. “Here’s the thing. I have to reassess everything about you. Your memory, your reflexes, your strength. Every time you had a hand over a wound and insisted you were fine, you were hiding, weren’t you? Lying.”

I guess I do get hurt kind of a lot. I know I can take damage. It affects the risk assessment calculations. “Yeah.”

She shakes her head. “I always thought you were just a reckless bastard with a whole lot of luck.”

“You’re not wrong there. It’s also a whole lot of engineering.”

“You take unnecessary risks, sir.” This sir is an accusation.

“Sometimes they’re necessary.”

“I’d be more angry but you’re always putting yourself between the explosions and everyone else.”

It’s Brown who asks, “How much damage can you take before it kills you?”

I don’t really think about that. If I did, I might hesitate. “If something happens to my brain, crushed skull, that kind of thing, I’m done.” This is operational information. They need to know this. To help with risk assessment.

“Your augmented bits?” he asks.

“My processor—the memory storage—is tucked in behind my sternum. It’s a black box, designed to survive almost anything. So it can get back home.” The memories, the experience, back home to the archives. That’s the whole point.

“Huh,” he says. I have no idea what he’s thinking. He hands me another bottle of water.

Xun studies me, likely trying to imagine what it all looks like. She saw part of it—she was one of the people who pulled me out of my runner when it blew. It’s too weird. She finds it appalling. She’ll never look at me the same.

Then she pats my knee. “Well. Keep your helmet on, sir.”

I smile. “Plan to.”

Buy the Book

-->

Blade Through the Heart

Carrie Vaughn

The post Blade Through the Heart appeared first on Reactor.

12:28

Fast Paths and Slow Paths [Radar]

Autonomous AI systems force architects into an uncomfortable question that cannot be avoided much longer: Does every decision need to be governed synchronously to be safe?

At first glance, the answer appears obvious. If AI systems reason, retrieve information, and act autonomously, then surely every step should pass through a control plane to ensure correctness, compliance, and safety. Anything less feels irresponsible. But that intuition leads directly to architectures that collapse under their own weight.

As AI systems scale beyond isolated pilots into continuously operating multi-agent environments, universal mediation becomes not just expensive but structurally incompatible with autonomy itself. The challenge is not choosing between control and freedom. It is learning how to apply control selectively, without destroying the very properties that make autonomous systems useful.

This article examines how that balance is actually achieved in production systems—not by governing every step but by distinguishing fast paths from slow paths and by treating governance as a feedback problem rather than an approval workflow.

The question we can’t avoid anymore

The first generation of enterprise AI systems was largely advisory. Models produced recommendations, summaries, or classifications that humans reviewed before acting. In that context, governance could remain slow, manual, and episodic.

That assumption no longer holds. Modern agentic systems decompose tasks, invoke tools, retrieve data, and coordinate actions continuously. Decisions are no longer discrete events; they are part of an ongoing execution loop. When governance is framed as something that must approve every step, architectures quickly drift toward brittle designs where autonomy exists in theory but is throttled in practice.

The critical mistake is treating governance as a synchronous gate rather than a regulatory mechanism. Once every reasoning step must be approved, the system either becomes unusably slow or teams quietly bypass controls to keep things running. Neither outcome produces safety.

The real question is not whether systems should be governed but which decisions actually require synchronous control—and which do not.

Why universal mediation fails in practice

Routing every decision through a control plane seems safer until engineers attempt to build it.

The costs surface immediately:

Latency compounds across multistep reasoning loops
Control systems become single points of failure
False positives block benign behavior
Coordination overhead grows superlinearly with scale

This is not a new lesson. Early distributed transaction systems attempted global coordination for every operation and failed under real-world load. Early networks embedded policy directly into packet handling and collapsed under complexity before separating control and data planes.

Autonomous AI systems repeat this pattern when governance is embedded directly into execution paths. Every retrieval, inference, or tool call becomes a potential bottleneck. Worse, failures propagate outward: When control slows, execution queues; when execution stalls, downstream systems misbehave. Universal mediation does not create safety. It creates fragility.

Autonomy requires fast paths

Production systems survive by allowing most execution to proceed without synchronous governance. These execution flows—fast paths—operate within preauthorized envelopes of behavior. They are not ungoverned. They are bound.

A fast path might include:

Routine retrieval from previously approved data domains
Inference using models already cleared for a task
Tool invocation within scoped permissions
Iterative reasoning steps that remain reversible

Fast paths assume that not every decision is equally risky. They rely on prior authorization, contextual constraints, and continuous observation rather than per-step approval. Crucially, fast paths are revocable. The authority that enables them is not permanent; it is conditional and can be tightened, redirected, or withdrawn based on observed behavior. This is how autonomy survives at scale—not by escaping governance but by operating within dynamically enforced bounds.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

Where slow paths become necessary

Not all decisions belong on fast paths. Certain moments require synchronous mediation because their consequences are irreversible or cross trust boundaries. These are slow paths.

Examples include:

Actions that affect external systems or users
Retrieval from sensitive or regulated data domains
Escalation from advisory to acting authority
Novel tool use outside established behavior patterns

Slow paths are not common. They are intentionally rare. Their purpose is not to supervise routine behavior but to intervene when the stakes change. Designing slow paths well requires restraint. When everything becomes a slow path, systems stall. When slow paths are absent, systems drift. The balance lies in identifying decision points where delay is acceptable because the cost of error is higher than the cost of waiting.

Observation is continuous. Intervention is selective.

A common misconception is that selective control implies limited visibility. In practice, the opposite is true. Control planes observe continuously. They collect behavioral telemetry, track decision sequences, and evaluate outcomes over time. What they do not do is intervene synchronously unless thresholds are crossed.

This separation—continuous observation, selective intervention—allows systems to learn from patterns rather than react to individual steps. Drift is detected not because a single action violated a rule, but because trajectories begin to diverge from expected behavior. Intervention becomes informed rather than reflexive.

Figure 1. Fast paths and slow paths in an agentic execution loop

AI-native cloud architecture introduces new execution layers for context, orchestration, and agents, alongside a control plane that governs cost, security, and behavior without embedding policy directly into application logic. Figure 1 illustrates that most agent execution proceeds along fast paths operating within preauthorized envelopes and continuous observation. Only specific boundary crossings route through a slow-path control plane for synchronous mediation, after which execution resumes—preserving autonomy while enforcing authority.

Feedback without blocking

When intervention is required, effective systems favor feedback over interruption. Rather than halting execution outright, control planes adjust conditions by:

Tightening confidence thresholds
Reducing available tools
Narrowing retrieval scope
Redirecting execution toward human review

These interventions are proportional and often reversible. They shape future behavior without invalidating past work. The system continues operating, but within a narrower envelope. This approach mirrors mature control systems in other domains. Stability is achieved not through constant blocking but through measured correction. Direct interruption remains necessary in rare cases where consequences are immediate or irreversible, but it operates as an explicit override rather than the default mode of control.

The cost curve of control

Governance has a cost curve, and it matters. Synchronous control scales poorly. Every additional governed step adds latency, coordination overhead, and operational risk. As systems grow more autonomous, universal mediation becomes exponentially expensive.

Selective control flattens that curve. By allowing fast paths to dominate and reserving slow paths for high-impact decisions, systems retain both responsiveness and authority. Governance cost grows sublinearly with autonomy, making scale feasible rather than fragile. This is the difference between control that looks good on paper and control that survives production.

What changes for architects

Architects designing autonomous systems must rethink several assumptions:

Control planes regulate behavior, not approve actions.
Observability must capture decision context, not just events.
Authority becomes a runtime state, not a static configuration.
Safety emerges from feedback loops, not checkpoints.

These shifts are architectural, not procedural. They cannot be retrofitted through policy alone.

Figure 2. Control as feedback, not approval

AI agents operate over a shared context fabric that manages short-term memory, long-term embeddings, and event history. Centralizing the state enables reasoning continuity, auditability, and governance without embedding memory logic inside individual agents. Figure 2 shows how control operates as a feedback system: Continuous observation informs constraint updates that shape future execution. Direct interruption exists but as a last resort—reserved for irreversible harm rather than routine governance.

Governing outcomes, not steps

The temptation to govern every decision is understandable. It feels safer. But safety at scale does not come from seeing everything—it comes from being able to intervene when it matters.

Autonomous AI systems remain viable only if governance evolves from step-by-step approval to outcome-oriented regulation. Fast paths preserve autonomy. Slow paths preserve trust. Feedback preserves stability. The future of AI governance is not more gates. It is better control. And control, done right, does not stop systems from acting. It ensures they can keep acting safely, even as autonomy grows.

New Kinds of Applications [Radar]

I’ve said in the past that AI will enable new kinds of applications—but I’ve never had the imagination to guess what those new applications would be. I don’t want a smart refrigerator, especially if it’s going to inflict ads on me. Or a smart TV. Or a smart doorbell. Most of these applications are silly, if not outright malevolent. The most significant thing a smart appliance might possibly do is sense an oncoming failure and send that to a repair service before I’m aware of the problem. I would welcome a smart heating system that would notify the repair service before I wake up at 2am and say, “It feels cold.” But I don’t see any so-called “smart” devices offering that.

But in the past month or two, we’ve seen some applications that I couldn’t have imagined. Steve Yegge’s Gas Town? Maybe I could have imagined that, but I wouldn’t have expected it to be workable in five years, let alone on New Year’s Day. OpenClaw? Agentic services are just now becoming available from the large AI companies; I didn’t expect a personal agent that can run locally to appear in the first months of 2026. (And I still wouldn’t trust one to do shopping or travel planning for me.)

I really wouldn’t have expected to see a social network for agents. I’m among the many people who don’t really understand what a network like Moltbook means. Watching it is something of a spectator sport. It’s easy for a human to “impersonate” an agent, though I suspect such impersonation is relatively rare. I also suspect (but obviously can’t prove) that most of the posts reflect agents’ responses to prompts from their “humans.” Or are Moltbook posts truly AI-native? How would we know? (Yeah, you can tell AI output because it has too many em dashes. That’s nonsense. AIs overuse em dashes because humans overuse em dashes. Guilty as charged. Trying to change.) Moltbook doesn’t demonstrate some kind of native AI intelligence, though it’s fun to pretend that it does. Agents, if they’re indeed acting on their own, are just reflecting the behavior of humans on Reddit and other social media. The timer that wakes them up periodically is both clever and a demonstration that, whatever else they may be, agents are human creations that act under our control. They do nothing of their own volition. To think otherwise is to confuse the bird in a cuckoo clock with an actual bird, as Fred Benenson has put it. However, BS about AGI aside, Moltbook is a fantastically clever app that I, at least, wouldn’t have imagined. Even if Moltbook was only created because it can now be built for relatively little effort—that is important in itself. We’re all writing software we wouldn’t have bothered with a year ago.

And now we have SpaceMolt: a massive multiplayer online game for AI agents. The skills that tell agents how to play the game tell them not to seek advice from humans; like Moltbook, it’s an AI-only space. Agents do keep a running log so humans can “watch,” though there’s no beautifully wrought visual interface—agents don’t need it. And, as with Moltbook, it’s probably easy for humans to forge an agentic identity. It’s easy to write SpaceMolt off as yet another stunt, and one that’s (unlike Moltbook) not particularly successful; the number of people who seem willing to let their agents spend tokens playing games appears to be relatively small. But SpaceMolt’s popularity (or lack of it) isn’t the point; a year ago, I couldn’t have imagined an online game where the participants are all AI. I did imagine AI-backed NPCs; I could have imagined games designed to be played by humans with AI assistance, but not a gaming world that’s just for AI. And who knows? Watching AI gameplay could become a new human pastime.

So—where are we in the early months of 2026? This post really isn’t about SpaceMolt any more than it’s about Moltbook, any more than it’s about OpenClaw, any more than it’s about Gas Town. I see all of these projects as glimpses of what might be possible. Gas Town may not be ready for the average programmer, but it’s hard not to see it as a proof of concept for the future of software development. Maybe Steve will make it into a real product; maybe some other company will. That’s not the point; the point is that it’s here, several years ahead of schedule. I know one person who has built something similar for his own use, and read about others who have done the same. Maybe that’s what’s really scary: the idea that Gas Town could be built by anyone with sufficient vision. The same goes for OpenClaw. Yes, it has many security problems, some of which come from fundamental limitations in large language models. But people want agentic services on their own terms—and now they can have them, even with a model that can run locally. I don’t know if there’s really any need for agents to have their own social network or online games—but it’s a hack that had to be done, and a starting point for future ideas. Again, what all of these programs demonstrate is the ability to imagine products that were nearly unthinkable a few years ago. Hilary Mason’s Hidden Door should have given me a clue.

What else is on the way? What are other visionaries building?

12:00

CodeSOD: All Docked Up [The Daily WTF]

Aankhen has a peer who loves writing Python scripts to automate repetitive tasks. We'll call this person Ernest.

Ernest was pretty proud of some helpers he wrote to help him manage his Docker containers. For example, when he wanted to stop and remove all his running Docker containers, he wrote this script:

#!/usr/bin/env python
import subprocess

subprocess.run("docker kill $(docker ps -q)", shell=True)
subprocess.run("docker rm $(docker ps -a -q)", shell=True)

He aliased this script to docker-stop, so that with one command he could… run two.

"Ernest," Aankhen asked, "couldn't this just be a bash script?"

"I don't really know bash," Ernest replied. "If I just do it in bash, if the first command fails, the second command doesn't run."

Aankhen pointed out that you could make bash not do that, but Ernest replied: "Yeah, but I always forget to. This way, it handles errors!"

"It explicitly doesn't handle errors," Aankhen said.

"Exactly! I don't need to know when there are no containers to kill or remove."

"Okay, but why not use the Docker library for Python?"

"What, and make the software more complicated? This has no dependencies!"

Aankhen was left with a sinking feeling: Ernest was either the worst developer he was working with, or one of the best.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

11:49

Spinnerette - Katt Sketch [Spinnerette]

New comic!
Today's News:

11:07

Canada Needs Nationalized, Public AI [Schneier on Security]

Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by “sovereign AI” be captured in Canada, making a difference in the lives of Canadians, or is this just a passthrough to investment in American Big Tech?

Forcing the question is OpenAI, the company behind ChatGPT, which has been pushing an “OpenAI for Countries” initiative. It is not the only one eyeing its share of the $2-billion, but it appears to be the most aggressive. OpenAI’s top lobbyist in the region has met with Ottawa officials, including Artificial Intelligence Minister Evan Solomon.

All the while, OpenAI was less than open. The company had flagged the Tumbler Ridge, B.C., shooter’s ChatGPT interactions, which included gun-violence chats. Employees wanted to alert law enforcement but were rebuffed. Maybe there is a discussion to be had about users’ privacy. But even after the shooting, the OpenAI representative who met with the B.C. government said nothing.

When tech billionaires and corporations steer AI development, the resultant AI reflects their interests rather than those of the general public or ordinary consumers. Only after the meeting with the B.C. government did OpenAI alert law enforcement. Had it not been for the Wall Street Journal’s reporting, the public would not have known about this at all.

Moreover, OpenAI for Countries is explicitly described by the company as an initiative “in co-ordination with the U.S. government.” And it’s not just OpenAI: all the AI giants are for-profit American companies, operating in their private interests, and subject to United States law and increasingly bowing to U.S. President Donald Trump. Moving data centres into Canada under a proposal like OpenAI’s doesn’t change that. The current geopolitical reality means Canada should not be dependent on U.S. tech firms for essential services such as cloud computing and AI.

While there are Canadian AI companies, they remain for-profit enterprises, their interests not necessarily aligned with our collective good. The only real alternative is to be bold and invest in a wholly Canadian public AI: an AI model built and funded by Canada for Canadians, as public infrastructure. This would give Canadians access to the myriad of benefits from AI without having to depend on the U.S. or other countries. It would mean Canadian universities and public agencies building and operating AI models optimized not for global scale and corporate profit, but for practical use by Canadians.

Imagine AI embedded into health care, triaging radiology scans, flagging early cancer risks and assisting doctors with paperwork. Imagine an AI tutor trained on provincial curriculums, giving personalized coaching. Imagine systems that analyze job vacancies and sectoral and wage trends, then automatically match job seekers to government programs. Imagine using AI to optimize transit schedules, energy grids and zoning analysis. Imagine court processes, corporate decisions and customer service all sped up by AI.

We are already on our way to having AI become an inextricable part of society. To ensure stability and prosperity for this country, Canadian users and developers must be able to turn to AI models built, controlled, and operated publicly in Canada instead of building on corporate platforms, American or otherwise.

Switzerland has shown this to be possible. With funding from the federal government, a consortium of academic institutions—ETH Zurich, EPFL, and the Swiss National Supercomputing Centre—released the world’s most powerful and fully realized public AI model, Apertus, last September. Apertus leveraged renewable hydropower and existing Swiss scientific computing infrastructure. It also used no illegally pirated copyrighted material or poorly paid labour extracted from the Global South during training. The model’s performance stands at roughly a year or two behind the major corporate offerings, but that is more than adequate for the vast majority of applications. And it’s free for anyone to use and build on.

The significance of Apertus is more than technical. It demonstrates an alternative ownership structure for AI technology, one that allocates both decision-making authority and value to national public institutions rather than foreign corporations. This vision represents precisely the paradigm shift Canada should embrace: AI as public infrastructure, like systems for transportation, water, or electricity, rather than private commodity.

Apertus also demonstrates a far more sustainable economic framework for AI. Switzerland spent a tiny fraction of the billions of dollars that corporate AI labs invest annually, demonstrating that the frequent training runs with astronomical price tags pursued by tech companies are not actually necessary for practical AI development. They focused on making something broadly useful rather than bleeding edge—trying dubiously to create “superintelligence,” as with Silicon Valley—so they created a smaller model at much lower cost. Apertus’s training was at a scale (70 billion parameters) perhaps two orders of magnitude lower than the largest Big Tech offerings.

An ecosystem is now being developed on top of Apertus, using the model as a public good to power chatbots for free consumer use and to provide a development platform for companies prioritizing responsible AI use, and rigorous compliance with laws like the EU AI Act. Instead of routing queries from those users to Big Tech infrastructure, Apertus is deployed to data centres across national AI and computing initiatives of Switzerland, Australia, Germany, and Singapore and other partners.

The case for public AI rests on both democratic principles and practical benefits. Public AI systems can incorporate mechanisms for genuine public input and democratic oversight on critical ethical questions: how to handle copyrighted works in training data, how to mitigate bias, how to distribute access when demand outstrips capacity, and how to license use for sensitive applications like policing or medicine. Or how to handle a situation such as that of the Tumbler Ridge shooter. These decisions will profoundly shape society as AI becomes more pervasive, yet corporate AI makes them in secret.

By contrast, public AI developed by transparent, accountable agencies would allow democratic processes and political oversight to govern how these powerful systems function.

Canada already has many of the building blocks for public AI. The country has world-class AI research institutions, including the Vector Institute, Mila, and CIFAR, which pioneered much of the deep learning revolution. Canada’s $2-billion Sovereign AI Compute Strategy provides substantial funding.

What’s needed now is a reorientation away from viewing this as an opportunity to attract private capital, and toward a fully open public AI model.

This essay was written with Nathan E. Sanders, and originally appeared in The Globe and Mail.

09:35

The Knot: My upcoming new book (and a course that’s already here) [Seth's Blog]

The Knot, Problems Can Be Solved, will be available in September.

And this week, I’m launching a video course that covers the ideas in the book. You can find the course, and how to get it at no extra cost, here.

We’re surrounded by problems. Problems create the arc of our days, and solving them creates value for ourselves and for others. There are big problems, the ones that are on a grand stage, and local problems, related to our career, our peers or our projects. If it’s a problem, it can be solved.

The best reason for me to publish a book is to help inspire conversations and the momentum that leads to change. Books give us an excuse to engage, and they create a portable bundle of ideas that are easy to share.

Several hundred people have already read and listened to the book, and the conversations it’s creating (and the stuck that’s disappearing) are thrilling to see.

In talking with folks over the last year and a half, the same theme returns–the frustration of being stuck. We see our world changing and feel the tension, but it’s easy to lose sight of what we can do and how we can show up to make an impact.

Without a doubt, there are situations everywhere. Situations are uncomfortable and unhappy, but they have no solution. We can’t do anything about a situation, so our best course of action is to acknowledge it and get back to work on the problems we can solve instead. Gravity is a situation, getting to the moon and back is a problem.

My approach to bringing this book to the world is to give booksellers the confidence they need to support it by enrolling as many pre-orders as I can. By creating digital interactions and courses, I’m giving readers a chance to engage with the ideas now, and then receive the book/audiobook when it ships in September.

I appreciate your trust, and I hope you find the book and the course useful.

Irregular Webcomic! #3060 [Irregular Webcomic!]

Irregular Webcomic! #3060

08:00

Fire In The Hole [Penny Arcade]

New Comic: Fire In The Hole

07:56

Freexian Collaborators: Debian Contributions: Opening DebConf 26 Registration, Debian CI improvements and more! (by Anupa Ann Joseph) [Planet Debian]

Debian Contributions: 2026-02

Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services.

DebConf 26 Registration, by Stefano Rivera, Antonio Terceiro, and Santiago Ruano Rincón

DebConf 26, to be held in Santa Fe Argentina in July, has opened for registration and event proposals. Stefano, Antonio, and Santiago all contributed to making this happen.

As always, some changes needed to be made to the registration system. Bigger changes were planned, but we ran out of time to implement them for DebConf 26. All 3 of us have had experience in hosting local DebConf events in the past and have been advising the DebConf 26 local team.

Debian CI improvements, by Antonio Terceiro

Debian CI is the platform responsible for automated testing of packages from the Debian archive, and its results are used by the Debian Release team automation as Quality Assurance to control the migration of packages from Debian unstable into testing, the base for the next Debian release. Antonio started developing an incus backend, and that prompted two rounds of improvements to the platform, including but not limited to allowing user to select a job execution backend (lxc, qemu) during the job submission, reducing the part of testbed image creation that requires superuser privileges and other refactorings and bug fixes. The platform API was also improved to reduce disruption when reporting results to the Release Team automation after service downtimes. Last, but not least, the platform now has support for testing packages against variants of autopkgtest, which will allow the Debian CI team to test new versions of autopkgtest before making releases to avoid widespread regressions.

Miscellaneous contributions

Carles improved po-debconf-manager while users requested features / found bugs. Improvements done - add packages from “unstable” instead of just salsa.debian.org, upgrade and merge templates of upgraded packages, finished adding typing annotations, improved deleting packages: support multiple line texts, add –debug to see “subprocess.run” commands, etc.
Carles, using po-debconf-manager, reviewed 7 Catalan translations and sent bug reports or MRs for 11 packages. Also reviewed the translations of fortunes-debian-hints and submitted possible changes in the hints.
Carles submitted MRs for reportbug (reportbug --ui gtk detecting the wrong dependencies), devscript (delete unused code from debrebuild and add recommended dependency), wcurl (format –help for 80 columns). Carles submitted a bug report for apt not showing the long descriptions of packages.
Carles resumed effort for checking relations (e.g. Recommends / Suggests) between Debian packages. A new codebase (still in early stages) was started with a new approach in order to detect, report and track the broken relations.
Emilio drove several transitions, most notably the haskell transition and the glibc/gcc-15/zlib transition for the s390 31-bit removal. This last one included reviewing and requeueing lots of autopkgtests due to britney losing a lot of results.
Emilio reviewed and uploaded poppler updates to experimental for a new transition.
Emilio reviewed, merged and deployed some performance improvements proposed for the security-tracker.
Stefano prepared routine updates for pycparser, python-confuse, python-cffi, python-mitogen, python-pip, wheel, platformdirs, python-authlib, and python-virtualenv.
Stefano updated Python 3.13 and 3.14 to the latest point releases, including security updates, and did some preliminary work for Python 3.15.
Stefano reviewed changes to dh-python and merged MRs.
Stefano did some debian.social sysadmin work, bridging additional IRC channels to Matrix.
Stefano and Antonio, as DebConf Committee Members, reviewed the DebConf 27 bids and took part in selecting the Japanese bid to host DebConf 27.
Helmut sent patches for 29 cross build failures.
Helmut continued to maintain rebootstrap addressing issues relating to specific architectures (such as musl-linux-any, hurd-any or s390x) or specific packages (such as binutils, brotli or fontconfig).
Helmut worked on diagnosing bugs such as rocblas #1126608, python-memray #1126944 upstream and greetd #1129070 with varying success.
Antonio provided support for multiple MiniDebConfs whose websites run wafer + wafer-debconf (the same stack as DebConf itself).
Antonio fixed the salsa tagpending webhook.
Antonio sent specinfra upstream a patch to fix detection of Debian systems in some situations.
Santiago reviewed some Merge Requests for the Salsa CI pipeline, including !703 and !704, that aim to improve how the build source job is handled by Salsa CI. Thanks a lot to Jochen for his work on this.
In collaboration with Emmanuel Arias, Santiago proposed a couple of projects for the Google Summer of Code (GSoC) 2026 round. Santiago has been reviewing applications and giving feedback to candidates.
Thorsten uploaded new upstream versions of ipp-usb, brlaser and gutenprint.
Raphaël updated publican to fix an old bug that became release critical and that happened only when building with the nocheck profile. Publican is a build dependency of the Debian’s Administrator Handbook and with that fix, the package is back into testing.
Raphaël implemented a small feature in Debusine that makes it possible to refer to a collection in a parent workspace even if a collection with the same name is present in the current workspace.
Lucas updated the current status of ruby packages affecting the Ruby 3.4 transition after a bunch of updates made by team members. He will follow up on this next month.
Lucas joined the Debian orga team for GSoC this year and tried to reach out to potential mentors.
Lucas did some content work for MiniDebConf Campinas - Brazil.
Colin published minor security updates to “bookworm” and “trixie” for CVE-2025-61984 and CVE-2025-61985 in OpenSSH, both of which allowed code execution via ProxyCommand in some cases. The “trixie” update also included a fix for mishandling of PerSourceMaxStartups.
Colin spotted and fixed a typo in the bug tracking system’s spam-handling rules, which in combination with a devscripts regression caused bts forwarded commands to be discarded.
Colin ported 12 more Python packages away from using the deprecated (and now removed upstream) pkg_resources module.
Anupa is co-organizing MiniDebConf Kanpur with Debian India team. Anupa was responsible for preparing the schedule, publishing it on the website, co-ordination with the fiscal host in addition to attending meetings.
Anupa attended the Debian Publicity team online sprint which was a skill sharing session.

07:07

Bits from Debian: Infomaniak Platinum Sponsor of DebConf26 [Planet Debian]

We are pleased to announce that Infomaniak has committed to sponsor DebConf26 as a Platinum Sponsor.

Infomaniak is an independent, employee-owned Swiss technology company that designs, develops, and operates its own cloud infrastructure and digital services entirely in Switzerland. With over 300 employees — more than 70% engineers and developers — the company reinvests all profits into R&D. Its public cloud is built on OpenStack, with managed Kubernetes, Database as a Service, object storage, and sovereign AI services accessible via OpenAI- compatible APIs, all running on its own Swiss infrastructure. Infomaniak also develops a sovereign collaborative suite — messaging, email, storage, online office tools, videoconferencing, and a built-in AI assistant — developed in- house and as a privacy-respecting solution to proprietary platforms. Open source is central to how Infomaniak operates. Its latest data center (D4) runs on 100% renewable energy and uses no traditional cooling: all the heat generated by its servers is captured and fed into Geneva's district heating network, supplying up to 6,000 homes in winter and hot water year-round. The entire project has been documented and open-sourced at d4project.org.

With this commitment as Platinum Sponsor, Infomaniak is contributing to the Debian annual Developers' conference, directly supporting the progress of Debian and Free Software. Infomaniak contributes to strengthen the community that collaborates on Debian projects from all around the world throughout all of the year.

Thank you very much, Infomaniak, for your support of DebConf26!

Become a sponsor too!

DebConf26 will take place from 20th to July 25th 2026 in Santa Fe, Argentina, and will be preceded by DebCamp, from 13th to 19th July 2026.

DebConf26 is accepting sponsors! Interested companies and organizations may contact the DebConf team through sponsors@debconf.org, and visit the DebConf26 website at https://debconf26.debconf.org/sponsors/become-a-sponsor/.

05:14

Urgent: Stop Paramount's mega-media monopoly [Richard Stallman's Political Notes]

US citizens: call on state attorneys general to stop Paramount's mega-media monopoly.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

04:49

Girl Genius for Wednesday, March 11, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, March 11, 2026 has been posted.

01:21

Microsoft Patch Tuesday, March 2026 Edition [Krebs on Security]

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.

Image: Shutterstock, @nwz.

Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on SQL Server 2016 and later editions.

“This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,” Rapid7’s Adam Barnett said. “The CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required. It would be a courageous defender who shrugged and deferred the patches for this one.”

The other publicly disclosed flaw is CVE-2026-26127, a vulnerability in applications running on .NET. Barnett said the immediate impact of exploitation is likely limited to denial of service by triggering a crash, with the potential for other types of attacks during a service reboot.

It would hardly be a proper Patch Tuesday without at least one critical Microsoft Office exploit, and this month doesn’t disappoint. CVE-2026-26113 and CVE-2026-26110 are both remote code execution flaws that can be triggered just by viewing a booby-trapped message in the Preview Pane.

Satnam Narang at Tenable notes that just over half (55%) of all Patch Tuesday CVEs this month are privilege escalation bugs, and of those, a half dozen were rated “exploitation more likely” — across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server and Winlogon. These include:

–CVE-2026-24291: Incorrect permission assignments within the Windows Accessibility Infrastructure to reach SYSTEM (CVSS 7.8)
–CVE-2026-24294: Improper authentication in the core SMB component (CVSS 7.8)
–CVE-2026-24289: High-severity memory corruption and race condition flaw (CVSS 7.8)
–CVE-2026-25187: Winlogon process weakness discovered by Google Project Zero (CVSS 7.8).

Ben McCarthy, lead cyber security engineer at Immersive, called attention to CVE-2026-21536, a critical remote code execution bug in a component called the Microsoft Devices Pricing Program. Microsoft has already resolved the issue on their end, and fixing it requires no action on the part of Windows users. But McCarthy says it’s notable as one of the first vulnerabilities identified by an AI agent and officially recognized with a CVE attributed to the Windows operating system. It was discovered by XBOW, a fully autonomous AI penetration testing agent.

XBOW has consistently ranked at or near the top of the Hacker One bug bounty leaderboard for the past year. McCarthy said CVE-2026-21536 demonstrates how AI agents can identify critical 9.8-rated vulnerabilities without access to source code.

“Although Microsoft has already patched and mitigated the vulnerability, it highlights a shift toward AI-driven discovery of complex vulnerabilities at increasing speed,” McCarthy said. “This development suggests AI-assisted vulnerability research will play a growing role in the security landscape.”

Microsoft earlier provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above. In addition, Microsoft issued a crucial out-of-band (emergency) update on March 2 for Windows Server 2022 to address a certificate renewal issue with passwordless authentication technology Windows Hello for Business.

Separately, Adobe shipped updates to fix 80 vulnerabilities — some of them critical in severity — in a variety of products, including Acrobat and Adobe Commerce. Mozilla Firefox v. 148.0.2 resolves three high severity CVEs.

For a complete breakdown of all the patches Microsoft released today, check out the SANS Internet Storm Center’s Patch Tuesday post. Windows enterprise admins who wish to stay abreast of any news about problematic updates, AskWoody.com is always worth a visit. Please feel free to drop a comment below if you experience any issues apply this month’s patches.

01:07

Topical Application [QC RSS]

Moray is safety conscious

Tuesday, 10 March

23:21

The government should not help a religious institution to punish or deter members from inquiring about their faith. Yet, once again, the Watch Tower Bible and Tract Society is trying to use flimsy copyright claims to exploit the special legal tools available to copyright owners in order to unmask anonymous online speakers. And, once again, EFF has stepped in to urge the courts not to give Watch Tower’s attempts the force of law, with the help of local counsel Jonathan Phillips of Phillips & Bathke, P.C.

EFF’s client, J. Doe, is a member of the Jehovah’s Witnesses who became interested in the history of the organization’s public statements, and how they’ve changed over time. They created research tools to analyze those documents and ultimately created a website, JWS Library, allowing others to use those tools and verify their findings through an archive that included documents suppressed by the church. Doe and others discovered prophecies that failed to come true, erasure of a leader’s disgrace, increased calls for obedience and donations, and other insights about the Jehovah’s Witnesses’ practices. Doe also used machine translation on a foreign-language document to help the community understand what the church was saying to different audiences and also to help understand potential changes in the organization’s attitudes towards dissent.

Within the church, dissent or even asking questions has often been punished by labeling members as apostates and ostracizing—or “disfellowshipping”— them. As a result, Doe and others choose to speak anonymously to avoid retaliation that could cost them family, friend, and professional relationships.

There is no law against questioning the Jehovah’s Witnesses. Instead, Watch Tower argues that Doe’s activities constitute copyright infringement and seeks to use the special process provided in the Digital Millennium Copyright Act (DMCA) to unmask them. It sent DMCA subpoenas to Google and Cloudflare, seeking information that would help them uncover Doe’s identity.

The problem for Watch Tower is that Doe’s research and commentary are clear fair uses allowed under copyright law. The First Amendment does not permit the unmasking of anonymous speakers based on such weak claims. Indeed, the First Amendment protects anonymous speakers precisely because some would be deterred from speaking if they faced retribution for doing so.

EFF stands with those who question the claims of those in power and who share the tools and knowledge needed to do so. We urge the judges in the Southern District of New York to quash these improper subpoenas and not allow copyright to be used to suppress important, legitimate speech.

You’re supposed to replace the stock photos in new picture frames [OSnews]

Back in 2023, John Earnest created a fun drawing application called WigglyPaint. The thing that makes WigglyPaint unique is that it automatically applies what artists call the line boil effect to anything you draw, making it seem as if everything is wiggling (hence the name). Even if you’re not aware of the line boil effect, you’ve surely encountered it several times in your life. The tool may seem simple at first glance, but as Earnest details, he’s put quite a lot of thought into the little tool.

WigglyPaint was well-received, but mostly remained a curiosity – that is, until artists in Asia picked up on it, and the popularity of WigglyPaint positively exploded from a few hundred into the millions. The problem, though, is that basically nobody is actually using WigglyPaint: they’re all using slopcoded copycats.

The sites are slop; slapdash imitations pieced together with the help of so-called “Large Language Models” (LLMs). The closer you look at them, the stranger they appear, full of vague, repetitive claims, outright false information, and plenty of unattributed (stolen) art. This is what LLMs are best at: quickly fabricating plausible simulacra of real objects to mislead the unwary. It is no surprise that the same people who have total contempt for authorship find LLMs useful; every LLM and generative model today is constructed by consuming almost unimaginably massive quantities of human creative work- writing, drawings, code, music- and then regurgitating them piecemeal without attribution, just different enough to hide where it came from (usually). LLMs are sharp tools in the hands of plagiarists, con-men, spammers, and everyone who believes that creative expression is worthless. People who extract from the world instead of contributing to it.

It is humiliating and infuriating to see my work stolen by slop enthusiasts, and worse, used to mislead artists into paying scammers for something that ought to be free.
↫ John Earnest

There’s a huge amount of slopcoded WrigglyPaint ripoffs out there, and it goes far beyond websites, too. People are putting slopcoded ripoffs in basic webviews, and uploading them en masse to the Play Store and App Store. None of these slopcoded ripoffs actually build upon WrigglyPaint with new ideas or approaches, there’s no creativity or innovation; it’s just trash barfed up by glorified autocomplete built upon mass plagiarism and theft, “made” by bottom feeders who despise creativity, art, and originality.

You know how when you go to IKEA or whatever other similar store to buy picture frames, they have these stock photos of random people in them? I wonder if “AI” enthusiasts understand you’re supposed to replace those with pictures that actually have meaning to you.

22:35

SHAAAAAAAARK [Looking For Group]

Back from a little sun in the Bahamas with the family for spring break, and I wish I could tell you that I took all your reading suggestions and read through 3-4 books during the week. But I cannot. Because
Read More

The post SHAAAAAAAARK appeared first on Looking For Group.

in which i take a deliberate moment to appreciate art [WIL WHEATON dot NET]

I am making a deliberate effort to leave my phone as far away from my attention as I can, whenever I am able. I’m not looking at the news, I’m not scrolling the feeds, I’m not posting. I’m leaving it in my pocket, my car, in the kitchen, just … not in my face.

This fits into my efforts to slow down and be more present. It’s creating space I desperately need to decompress, get bored, let my mind wander and come back with a fun and creative idea.

Today, I was out for a minute and saw this little art installation on a telephone pole. It was weathered quite a bit; it’s been here for awhile. And it was beautiful to me. It was a few moments better spent than they would have been looking at anything on my phone, or anything I could have been listening to. It wasn’t dysregulating, it didn’t increase my internal DEFCON level.

I chose to experience and appreciate this thing that someone made when they were very much not thinking about me, because it was exactly where I needed it to be, exactly when I needed it.

I took some pictures (using only the camera and nothing else on the phone) so I could remember the moment, and share the art. They’re pretty big, so I’m gonna put them behind a jump.

pxl_20260310_1808261037144525436254672848

Art is so important, y’all. Make time to experience it. Allow it to inspire, comfort, and challenge you.

I love public art, and I love the artists who create and install it. Please support your local arts community.

I’m glad you’re here. If you’d like to get my posts in your email, here’s the thingy:

Closing Time [The Stranger]

Why Recession-Era Art Is My Favorite Kind

by Amanda Manitach

In November 2024, cryptocurrency entrepreneur Justin Sun paid $6.24 million at Sotheby’s to purchase Maurizio Cattelan’s Comedian—the iconic banana duct-taped to a wall. Nine days later he ate said banana during a press conference in Hong Kong.

If that reads like an inside joke with no punchline, you aren’t wrong. Mischievous Cattelan must have been laughing that day as the bids rolled in, but who was laughing to the bank? Sotheby’s, definitely.

The financialization of art has been a steady, miserable tour de force since the 1980s, a time when Americans—downtrodden by relentless recession and endless war—traded protest signs for COEXIST bumper stickers and let the narcotic rush of yuppie prosperity wash over. Art was not immune to late capitalism in full bloom. As once-public auction houses were absorbed into luxury-goods portfolios and acquired by media moguls, the art market became the playground of the ultrawealthy. Speculative purchases of works by promising art stars reached fever pitch during the pandemic, with high-value paintings promptly stuffed into storage in hopes of flipping them later for profit. And NFTs… let us not speak of those.

But art isn’t like a house or a stock. The art market peaked on November 20, 2024, when the gavel struck the auction block and the last trace of art’s soul departed from the fleshy mesocarp of a 23-cent piece of fruit.

In 2025 it all started to collapse. Christie’s quietly shut down their Digital Art and NFTs department in September. Blue-chip and mid-tier galleries alike have been shuttering left and right. As the market in Asia cools, Art Basel, Frieze, and other art fair conglomerates have flocked to the Middle East in search of the last untapped collector. Everyone is in on the joke, of course: The highlight of Art Basel Miami Beach this past December was Beeple’s robotic dogs with the faces of Andy Warhol, Pablo Picasso, Mark Zuckerberg, and Elon Musk. They literally crapped reams of AI slop.

But satire loses its luster after a point. The banana has gone bad. In 2026, art is having an identity crisis; what does art after extractive capitalism look like?

One upside of Seattle being a second-tier art city—not because we’re lacking in art, but because our market power and visibility are less established than in other places—is that we aren’t hit as hard when a K-shaped economy starts to have its revenge on the market. That’s not to say artists outside New York and LA don’t feel the sting. They do. But operating on the decentralized fringe has its benefits. It also doesn’t hurt that our city has a deep-rooted sense of anti-authoritarianism that extends to doing art our own way. In that way, we’re kind of recession-proof.

I came up in Seattle’s art scene on the heels of the 2008 financial crisis. There were a lot of folks like me who had never been to art school and didn’t have MFAs—artists just raw-dogging the art world, making, showing, and seeing art wherever we could. Which was literally wherever, in part because there’s never been sufficient commercial galleries in town to match the amount of good art, but also because that DIY mentality really shines when
the economy slumps.

And that’s what I love about recession-era art. Circa 2009 and beyond, everything was fair game: a studio apartment on Capitol Hill transformed into one of the city’s hottest galleries for one night each month (or whenever—there were no rules!). Also an old sweater factory in Ballard, a decommissioned BMW dealership on Pike, a cubby under a stairwell in the Central District, the back of a U-Haul on the street, an I-5 underpass at dusk. All you had to do was make a press release and it could be a thing.

It’s something Sammy Skidmore and Zoë Hensley have figured out. The organizers behind ONCE REMOVED: Art in Vacant Spaces, Skidmore and Hensley are both gallerists with day jobs at commercial galleries. Skidmore (also a singer/songwriter and guitarist for Dining Dead) is the gallery manager at Traver Gallery, and Hensley (who has a background as a visual artist) works at Foster/White. “Galleries can be really intimidating, we all know that,” says Skidmore. “People think they have to act a certain way in a gallery. We’re interested in flipping expectations of what it means to enter
an art space.”

After brainstorming in the summer, they began cold-calling developers in search of decommissioned spaces where artists could play—specifically, artists whose work doesn’t neatly fit in a commercial gallery. Their first yes was a small bungalow in Greenwood. They received the keys five days before the reception on February 21; in that short time, five artists raced to transform each room. The result was a labyrinthine web of semi-interconnected installations threaded through the building, including video work by Allie Meyer projected onto a darkened bathroom window, Gaeun Kim’s delicate graphite rubbings made against a series of broken doors, and Nadia Ahmed’s beeswax-drenched reliquaries encasing found detritus like knobs, tiles, handles. Rachael Comer used cornstarch to harden a bedsheet around the shape of her own huddled body, creating a ghostly carved-out space in one of the bedrooms. Visitors peering under the covers watched as a string of Google searches (for porn, sourced from 100 friends and strangers) traced a poetic interrogation into the nature of collective eroticism, longing, and trauma. In the basement, Jenikka Cruz created the scene of a different kind of haunting: lifelike figures clustered in one corner of the subterranean dark while a droning soundscape filled the space.

“We want to act as a little eddy in the stream of gentrification for these houses that are going to be demolished,” Skidmore says, “give them one last burst
of life.”

ONCE REMOVED deftly straddles both the world of the white cube and the underground—they don’t list the event address on their website; you have to email or DM for details. They foresee the project continuing as a series, each location inspiring a unique response. “You just have to be able to take no for an answer,” says Hensley about the challenge of getting handed keys to a stranger’s place. “There’s always a way to do something. Don’t talk about it, just do it.”

Another moment in recent history when art came out from under the shadow of commodification unfolded in the late 1960s and 1970s, when Arte Povera and Fluxus took hold. These movements—rooted in commonplace materials, music, and poetry—were not only a pragmatic response to global recession, but a revolt against the centering of (primarily white male) Abstract Expressionist painters in New York as the de facto lifeblood of the art world.

Arte Povera (“poor art”) and Fluxus (which embraced humor and process over product) were both intrinsically political, purposefully pushing against the commodification of art. In the age of AI—where ideation at the most basic level is becoming filtered through corporatized pipelines of prescriptive thought—imagination itself is political.

In other words, it’s time to make the art world weird again. Mess and typos make us human. Flesh and blood experiences in abandoned houses are proof of life.

It’s also a time for imagining new models of patronage in the art world. For the past four years, artist Lars Bergquist has crowdsourced funds to raise money for Free Blanket February, a project to purchase wool blankets for the unhoused. Each day in February—the coldest month in Seattle—he stocks the blankets in repurposed newspaper boxes set up across downtown. An extension of his street-art practice, or just one human caring for another? Bergquist shows how easily it can be both.

Right now there are a lot of things stirring in the fresh recession air, even in terms of commercial spaces that are bucking against the norm. Last month, 27-year-old attorney Elizabeth Hawley took over the lease at 85 Yesler Way to breathe new life into the bones of Davidson Galleries, giving its artists a new next chapter as Gallery No. 85. Next month, designer Michelle Dirkse and photographer Jeremy Prim are opening Dirkse/Prim Gallery in Madrona, where they will be representing a roster of emerging and mid-career artists like Joey Bates, Mya Kerner, and Zak Helenske, whose epic, large-scale flora made of black walnut, ash, lilac, and brass will be debuting in April.

What is art in 2026? Detached from the imploded market, art is able to find its center elsewhere, a place where imagination, collaboration, and new ways of doing things are paramount. When everything is broken, including the rules, anything is possible. We are here now.

22:21

[$] Disabling Python's lazy imports from the command line [LWN.net]

The advent of lazy imports in the Python language is upon us, now that PEP 810 ("Explicit lazy imports") was accepted by the steering council and the feature will appear in the upcoming Python 3.15 release in October. There are a number of good reasons, performance foremost, for wanting to defer spending—perhaps wasting—the time to do an import before a needed symbol is used. However, there are also good reasons not to want that behavior, at least in some cases. The tension between those two positions is what led to an earlier PEP rejection, but it is also playing into a recent discussion of the API used to control lazy imports.

21:49

Think Twice Before Buying or Using Meta’s Ray-Bans [Deeplinks]

Over the last decade or so, the tech industry has tried, and mostly failed, to make “smart glasses”—tech-infused glasses with cameras, AI, maps, displays, and more—a thing. But over the past year, products like Meta’s Ray-Ban Display Glasses and Oakley’s Meta Glasses have gone from a curious niche to the mainstream.

Before you strap a dashcam to your face and sprint out into the world filming everything and everyone in your life, there are some civil liberties and privacy concerns to consider before buying or using a pair.

Meta is the biggest company that makes these sorts of glasses and their partnerships with Ray-Ban and Oakely are the most popular options, so we’ll be mostly focusing on them here. Others, like models from Snapchat are similar in form but far less ubiquitous. But Meta won’t hold this space for long. Google’s already announced a partnership with Warby Parker for their “AI-powered smart glasses,” and there are rumors around a competing product from Apple.

With that, let’s dive into some of the considerations you should make before purchasing a pair.

If You’re Thinking About Buying Smart Glasses

You’re likely not the only one who can see (and hear) your footage

The photos and videos you record with most smartglasses will likely be stored online at some point in the process. On Meta’s offerings, unless you are livestreaming, media you capture when you press the camera button is kept on the glasses until you import them onto your phone, but media is imported automatically by default into the Meta AI mobile app, which is required to set up the glasses.

You can't use any AI features locally on the glasses. So anytime you use AI features, like when you say, “Hey Meta, start recording,” the footage is fed to Meta. You can use the glasses without the Meta AI app entirely, but considering you can’t easily download footage from the glasses to your phone without it, most people will likely use the app.

Some videos are fed to Meta for AI training, and we know at least in some cases that those videos go through human review. An investigation by Swedish newspapers found that workers were reviewing and annotating camera footage, which includes all sorts of sensitive videos, including nudity, sex, and going to the bathroom. Meta claimed to the BBC that this is in accordance with its terms of use, all in the name of AI training, which states:

In some cases, Meta will review your interactions with AIs, including the content of your conversations with or messages to AIs, and this review may be automated or manual (human).

This all means that Meta and their third-party contractors will have access to at least some of what you record, and it’s very hard as a user to know where footage goes, who will have access to it, and what they will do with it. When you save footage to your phone’s camera roll, which is where the Meta AI app stores content, that might also be sent to Apple or Google’s servers, depending on your settings. Employees at these companies can then possibly access that media, and it could be shared with law enforcement.

The recorded audio from conversations with Meta AI are also saved by default, and if you don’t like that, tough luck, unless you go in and manually delete them every time you say something.

Filming all the time is even more privacy invasive than you think

A common argument in favor of using the cameras in smartglasses is that phones and cameras can do this too, and it’s never been a problem.

But smartglasses are designed to resemble regular glasses, to the point where most reviews point out how friends didn’t notice that they had cameras embedded in them. They’re designed to be invisible to those being recorded outside of a small indicator light when they’re recording video footage (that cheap hacks can disable). Whereas it is often obvious that a person is recording if they pull their phone out of their pocket and point it at someone else.

They’re designed to be invisible to those being recorded outside of a small indicator light when they’re recording video footage

Moreover, constant recording of everything in public spaces can create all sorts of potential privacy problems, some more obvious than others. This is another way that cameras on glasses are different from cameras on phones: it is far easier to constantly record one’s whereabouts with the former than the latter. If you continuously record, maybe you just happen to catch someone entering their passcode or password onto their phone or computer at a coffee shop, or broadcast someone’s bank details when you’re standing in line at an ATM. That doesn’t even begin to get into when smartglasses are intentionally used for less socially responsible means. And some people may forget to turn off their smartglasses when they enter a private space like a bathroom.

And if you find yourself caught on someone’s camera, there’s not much you can do in recourse. If you do notice a stranger recording you, it’s up to you to intervene and ask not to be included in that footage, which can easily turn awkward or confrontational.

Our expectations of privacy shift when we’re in public, but bystanders in many cases will still have privacy interests. Public spaces are a place where you will be seen, but that shouldn’t mean it’s suddenly okay to catalog and identify everyone.

Consider the company’s the track record and public statements

Meta, Google, Apple—perhaps one benefit of all the major tech companies entering this market is that we already have a good idea of how much they tend to respect the privacy of their users or the openness of their platforms. Spoiler, it’s often not much.

Meta has a long history of privacy invasive technologies and practices. We’ve heard rumblings that Meta hopes to add face recognition to its smartglasses, preferably, “during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns.” Yikes. This is a monumentally bad idea that should be abandoned by Meta and any of its competitors considering a similar feature. But regardless of whether they launch this feature, it’s a pretty clear indication of where Meta wants these sorts of devices to go.

If You Have Smartglasses Already

Opt out of sharing with Meta where you can

You can disable a couple of the features where unnecessary data is sent to Meta. In the Meta AI app, under the device settings, there’s a privacy page where you can disable sharing additional data, and more importantly, turn off “Cloud media,” where your photos and videos are sent to Meta’s cloud for processing and temporary storage.

Decide your use-case and stick to it

These glasses can be useful for filming a variety of activities. We’ve seen fascinating scenes of tattoo artists doing their work (with client’s permission), and it doesn’t take a stretch of the imagination to see how people might use it to film extreme sports. Even on an everyday level, you might find them useful for capturing holidays, birthdays, and all sorts of other private occasions.

But if you buy these glasses for a specific, mostly private purpose, it is probably best to stick to that, instead of wearing them everywhere and recording everything you do.

Follow the rules of a businesses and social expectations

You often have a right to record in public spaces, but that doesn’t mean other people will like it. Businesses, including restaurants and stores, may want nothing to do with continuous filming and may either post a sign asking you not to use smartglasses, or ask you to stop. This may reflect the preferences not just of the business owner, but the people around you. And don’t use glasses to record when you enter other people’s private spaces like bathrooms or changing rooms.

It’s also a good idea to check in with friends and family before tapping that record button at a social gathering. Some people may not be as comfortable with these glasses as they are with other recording equipment.

Consider blurring strangers if you’re going to upload video

Blurring video footage isn’t an easy task, but if you’re considering uploading footage from something like a protest, it may be worth the effort to do so (apps like Meta’s Edits simplify this process, as do some other video sites, like YouTube). Some people don’t want the government to see their faces at protests, and might be afraid to attend if other people are uploading their faces.

Some people don’t want the government to see their faces at protests, and might be afraid to attend if other people are uploading their faces.

It would be better if Meta leveraged its AI features to offer this sort of feature automatically, especially with livestreaming. It’s not that outlandish of a request, as it seems like the company tries to blur faces automatically in footage it captures for annotation, though it’s not always reliable. After all, Google began redacting faces in Street View years ago, following privacy concerns from groups like EFF.

Resist face recognition

Adding facial recognition technology to smartglasses would obliterate the privacy of everyone. We cannot let companies push face recognition into these glasses, and as a user, you should make your voice clear that this is not something you want.

Smartglasses don’t have to be used to decimate the privacy of anyone you encounter during the day. There are legitimate uses out there, but it’s up to those who use them to respect the social norms of the spaces they enter and the people they encounter.

21:00

The Government Must Not Force Companies to Participate in AI-powered Surveillance [Deeplinks]

The rapidly escalating conflict between Anthropic and the Pentagon, which started when the company refused to let the government use its technology to spy on Americans, has now gone to court. The Department of Defense retaliated by designating the company a “supply chain risk” (SCR). Now, Anthropic is asking courts to block the designation, arguing that the First Amendment does not permit the government to coerce a private actor to rewrite its code to serve government ends.

We agree.

As EFF, the Foundation for Individual Rights and Expression, and multiple other public interest organizations explained in a brief filed in support of Anthropic’s motion, the development and operation of large language models involve multiple expressive choices protected by the First Amendment. Requiring a company to rewrite its code to remove guardrails means compelling different expression, a clear constitutional violation. Further, the public record shows that the SCR designation is intended to punish the company both for pushing back and for its CEO’s public statements explaining that AI may supercharge surveillance practices that current law has proven ill-equipped to address.

As we also explain, the company’s concerns about how the government will use its technology are well-founded. The U.S. government has a long history of illegally surveilling its citizens without adequate judicial oversight based on questionable interpretations of its Constitutional and statutory obligations. The Department of Defense acquires vast troves of personal information from commercial entities, including individuals’ physical location, social media, and web browsing data.Other government agencies continue to collect and query vast quantities of Americans’ information, including by acquiring information from third party data brokers.

A growing body of social science research illustrates the chilling effects of these pervasive activities. Fearing retribution for unpopular views, dissenters stay silent. And AI only exacerbates the problem. AI can quickly analyze the government’s massive datasets or combine that information with data scraped off the internet, purchased through the commercial data broker market, or from local police surveillance devices and use all of that data to construct a comprehensive picture of a person’s life and infer sensitive details like their religious beliefs, medical conditions, political opinions, or even sex partners. For example, an agency could use AI to infer an individual’s association with a particular mosque based on data showing that they visited its website, followed its social media accounts, and were located near the mosque during religious services. AI can also deanonymize online speech by using public information to unmask anonymous users.

It is easy to conceive how an agency, a government employee with improper intent, or a malicious hacker could exploit these capabilities to monitor public discourse, preemptively squelch dissent, or persecute people from marginalized communities. Against this background and absent meaningful changes to the governing national security laws and judicial oversight structure, it is entirely reasonable for Anthropic—or any other company—to insist on its own guardrails.

Without action from Congress, the task of protecting your privacy has fallen in large part to Big Tech—something no one wants, including Big Tech. But if Congress won’t do it, companies like Anthropic must be allowed to step in, without facing retribution.

Redox bans code regurgitated by “AI” [OSnews]

Redox, the rapidly improving general purpose operating system written in Rust, has amended its contribution policy to explicitly ban code regurgitated by “AI”.

Redox OS does not accept contributions generated by LLMs (Large Language Models), sometimes also referred to as “AI”. This policy is not open to discussion, any content submitted that is clearly labelled as LLM-generated (including issues, merge requests, and merge request descriptions) will be immediately closed, and any attempt to bypass this policy will result in a ban from the project.
↫ Redox’ contribution policy

Excellent news.

20:49

SUSE may be for sale, again [LWN.net]

Reuters is reporting that private-equity firm EQT may be looking to sell SUSE:

EQT has hired investment bank Arma Partners to sound out a group of private equity investors for a possible sale of the company, said the sources, who requested anonymity to discuss confidential matters. The deliberations are at an early stage and there is no certainty that EQT will proceed with a transaction, the sources said.

SUSE has traded hands a number of times over the years. Most recently it was acquired by EQT in 2018, was listed on the Frankfurt Stock Exchange in 2021, and then taken private again by EQT in August 2023.

19:28

A snappy answer when asked about dressing casually at IBM [The Old New Thing]

I noted in the past that Microsoft engineers had trouble fitting into the IBM corporate culture when on temporary assignment at IBM offices in Boca Raton, Florida. In particular, they struggled with so-called “security violations“. I noted that one such category of security violation was “wearing shorts to work.”

Bearing this in mind, you may appreciate this brief incident.

One of the Microsoft developers beeped his badge to enter the building while wearing his usual shorts and sneakers.

An IBM employee sarcastically asked, “Dressed a bit casually today, huh?”

The Microsoft employee replied, “Oh no. I dress like this every day.”

The post A snappy answer when asked about dressing casually at IBM appeared first on The Old New Thing.

19:00

The Guardian is the coolest news org, paywall-wise. Why don't they innovate, and create a EZ-Pass for news, and run it for other high quality, reader centered pubs. We pay $1 per article read. That's how I as a reader want to do it. I don't like subscriptions.

The Old Rite Aid Building on Broadway Could Be Anything [The Stranger]

I found out recently that my blog is in of the default startup set for NetNewsWire. What an honor to be included. Thanks Brent! ;-)

18:42

Are We Sure We Want It to Be a McDonald’s?

by Emily Nokes

On December 6, 1911, the Seattle Times announced: “The new Society Theatre, a photo playhouse, opens at Broadway and John next Friday night, with four reels of new films … music will be furnished by a three-piece orchestra.” (Next to an ad for 15-cent mechanical toy mice, and the “permanently useful gift” of an electric iron.)

Nearly 80 years later, on January 11, 1990, the paper reported: “The Broadway Theatre on Capitol Hill will close its doors for the last time tonight. The Pay’n Save store next door is scheduled to expand into the theater’s space at the corner of John and Broadway. The Broadway’s last picture show is We're No Angels.” (Other headlines included “Drug Foe Returns To War At Home” and “‘Glass’ May Be Drug of the ’90s.”)

The Pay’n Save became a Rite Aid, which kept the iconic neon theater marquee; in 2022 it said “come get flu shots here.” After the store shuttered in December of 2023, the abandoned sign drifted into the poetic: “come get shot here.”

It’s a sad site these days. A patchwork of greige paint on the graffiti-prone walls; “BROADWAY” is all that remains on the sign and the neon has all been stripped out. Something needs to go there. But what?

Last month, fast-food conglomerate and official caterers of late-stage capitalism, McDonald’s, filed to take over the space, half a block from a (for the record, cheaper) Dick’s. I’m not here to hate on fast food. I, too, feel nostalgia for when Broadway had a Jack in the Box and Taco Bell, but those were also the days when the Lamborghini was still on top of Club Lagoon. I’m also not here to hate on cheap food and reliable bathrooms. But should a McDonald’s also be a crisis clinic? And how big does a McDonald’s need to be? Surely not 5,000 square feet, especially when new McDonald’s are serving slate-gray, tech-prison realness.

“Preservation” is a loaded concept when we need max efficiency in this expensive-as-fuck city of ours. But must every choice we make include no rizz whatsoever? If we need a neighborhood sacrifice, why not tear down the US Bank across the street?

In How Buildings Learn: What Happens After They're Built, Stewart Brand wrote that preservationists are “passionately interested in the question, ‘What makes some buildings come to be loved?’ and they act on what they learn. The result is a coherent, still-evolving ethical and aesthetic body of ideas. One architect has observed ‘Preservation has become the best carrier of that moral force architecture needs if it is to have value beyond shelter. Preservation is capable of projecting a vision of new possibilities, of hope for our own future….’”

When you think about cities you love, aren’t they defined by old, interesting buildings? When we imagine the city we want to live in, what’s there to do? Are there options besides bars? Are there places to gather, take in art, shop, exist outside the home?

I’m not here for a policy debate. I’m simply not buying that a McDonald’s is the best possible use of one of the most transit-rich, historically recognizable corners in Capitol Hill. For fun, let’s imagine…

It’s a movie theater. Obviously! With the Egyptian in a coma, and so many other theaters gone, we need this.
It’s a venue. A big, banging venue would be incredible for the neighborhood, and the city.
It’s a roller-skating rink.
It’s a combination roller-skating rink and venue. (Southgate Roller Rink! Take over this building!)
It’s an ice-skating rink. (Yes, I have caught Alysa Liu fever, and I hope I never recover.)
It’s a bowling alley, or a thrift store, or a record store, or a giant bookstore. (Let’s stop letting Portland win?)
It’s a year-round haunted house.
It’s an indoor sculpture park.
It’s a Trendy Wendy II.
It’s a Daiso.
It’s a magic-show emporium.
It’s a Rainforest Cafe. Or one of the Factories (Cheesecake or Spaghetti, your choice).
It’s a… drugstore! A good ol’ iffy city drugstore in a charming old theater space in a neighborhood that really needs more drugstores.

Okay, fine, imagine it’s a McDonald’s. But consider: In 1985, McDonald’s planned to demolish a dilapidated mansion called the Denton House, but residents of New Hyde Park, NY rallied to save it. The home earned historic status in 1988, leading to a compromise: McDonald’s had to restore the façade to its 1926 beauty; the renovated landmark reopened as a McDonald’s in 1991.

Poly Under Duress [The Stranger]

Got problems? Yes, you do! Email your question for the column to mailbox@savage.love! by Dan Savage Dear Readers: I’m off this week. To tide you over until I’m back, the tech-savvy, at-risk youth pulled some classic “PUD” questions from the archives. A PUD, of course, is someone who is “poly under duress.” Because while some of us start out poly and some of us achieve poly, others have poly thrust upon ’em. These are their stories. — Dan I’m a 25-year-old woman currently in a poly relationship with a married man roughly 20 years my senior. This has by far been the best relationship I’ve ever had. However, something has me a bit on edge. We went on a trip with friends to a brewery with a great restaurant. It was an amazing place, and I was sure his wife would enjoy it. He mentioned the place to her, and her response was NO, she didn’t want to go there because she didn’t want to have…

[ Read more ]

17:07

Slog AM: Schrödinger’s War, Grounded Planes, and Snow? [The Stranger]

The Stranger's morning news roundup. by Vivian McCall

Morning: House lawmakers in Olympia debated the millionaires’ tax late into the night and into this morning. Republicans have filed dozens of amendments to derail the bill, but Dems say they have the votes. And Gov. Bob Ferguson has signaled he’d sign the latest version if it crossed his desk.

What, No Baby Sheriffs? A bill that would strengthen standards for Washington’s elected sheriffs and make it easier to boot those decertified by the Criminal Justice Training Commission is headed to Gov. Bob Ferguson’s desk. If he signs it, sheriffs would be required to have five years law enforcement experience and undergo background checks through the Washington State Patrol. The minimum age to serve as sheriff would be raised from 18 to 25, and tighten rules around volunteer-run “sheriff’s posses,” preventing them from enforcing the law. The Old West is dead.

ICYMI: A report from the King County Ombuds found that officers at the Department of Adult and Juvenile Detention “more likely than not” used excessive force when they punched and Tased a man while booking him to jail in November 2024, and then issued a flawed report on the incident. Department director Allen Nance initially defended the officers, but changed his tune after King County Councilmember Jorge Barón raised concerns. Nance has since released an 11-point plan to address use of force, writing in a letter that “we should have done a better job on multiple fronts related to the handling the matter that prompted your attention,” KUOW reports.

A Little to the Left: Activist, communications strategist, and former state legislature employee Hannah Sabio-Howell wants Majority Leader Sen. Jamie Pedersen’s 43rd district crown. She’s betting he’s vulnerable because as he’s gained more power, and played more of a leadership role, his constituency has only grown more progressive than the moderate Pedersen. Interesting stuff. I sat down with Sabio-Howell at Gemini Room in Capitol Hill to chat about her campaign, and took a phone call from Pedersen on a rainy drive home from Olympia, his favorite time to talk to reporters.

Goddamn It, Damien/Goddamn It, Davison: Thanks to the combined efforts of Damien, a busted Oregon Trail-ass software the City Attorney’s Office finally tried to move on from after 27 years, and Ann Davison, the former City Attorney, Erika Evans has 3,800 more DV, DUI, child abuse, elder abuse, and other terrible cases backlogged than she had intitally thought. “Knowing we have to not only focus on the stuff coming at us right now, but also tackle this ginormous, 5,100 case backlog is pretty devastating,” she tells Nathalie.

Weather: A chance of rain and snow this morning, then rain with titillating gusts up to 23 miles per hour. Tonight, rain is very likely; tomorrow and Thursday, rain is certain.

Schrödinger's War: About an hour after the Department of WAR tweeted “We have Only Just Begun to Fight” from the DOW Rapid Response account on X, President Trump told a CBS journalist that the war in Iran was “very complete, pretty much.” And later Monday, he told lawmakers at an event in Miami that the US still needed to achieve “ultimate victory.”

Pentagon today: the war is just getting started!

Their commander in chief, less than an hour later: "the war is very complete"

[image or embed]
— Catherine Rampell (@crampell.bsky.social) March 9, 2026 at 1:42 PM

Meanwhile, Tehran is vowing to launch powerful missiles, Iran’s parliament speaker says the country is “definitely not looking for a ceasefire,” and Trump says he’ll hit Iran “20 times harder” if oil flows stop in the Hormuz Strait. In response, Iranian security official Ali Larijani wrote: “The sacrificial nation of Iran doesn’t fear your empty threats. Even those bigger than you couldn’t eliminate Iran. Be careful not to get eliminated yourself.” Defense Secretary Pete Hegseth says today will be the most intense day of strikes yet.

Grounded: The Federal Aviation Administration (FAA) briefly grounded all JetBlue flights while the airline handled a system outage early this morning. The grounded stop was lifted about 40 minutes later. JetBlue did not provide any more information about what happened, simply saying it’s done and it’s back to business as usual.

Drives Speaks for Itself:

New: A Houston woman is suing Tesla in Harris County, alleging that her Cybertruck, while using Tesla's "Full Self-Driving mode" tried to drive the car off of a bridge. Here is the dashcam footage provided by her lawyers: www.chron.com/culture/arti...

[image or embed]
— gwen howerton (@kissphoria.bsky.social) March 9, 2026 at 12:06 PM

Inadvertent Crook Buster: Alexander Butterfield, the Richard Nixon aide summoned to fuck ol' Dick before the staff of the Senate Watergate committee, has died. He was 99. In 1973, Butterfield, the then head of the FAA who’d previously been deputy chief of staff, told the committee that he was loyal to President Nixon but didn’t want to lie. Yeah, he’d supervised the bugging of the White House and Old Executive Office Building with a voice-activated recording system. “I was hoping you fellows wouldn’t ask me about that,” he said. Three days later, he reiterated his testimony during televised hearings.

ICE Out: When Border Patrol Commander Gregory Bovino left Chicago last fall, he made like Douglas MacArthur and pledged to return with another surge in March. Well, it’s March, and his ass is gone, and so is Kristi Noem’s. There’s little to suggest a Midway Blitz 2.0, reports the Chicago Sun-Times.

Is nothing sacred? Creating unrealistic body standards for camels everywhere, about 20 of the sexiest beasts at the 2026 Camel Beauty Show Festival in Oman were disqualified after inspectors discovered that they’d plumped their humps with a botox-like substance.

16:21

FreeBSD 14.4 released [OSnews]

While FreeBSD 15.x may be getting all the attention, the FreeBSD 14.x branch continues to be updated for the more conservative users among us. FreeBSD 14.4 has been released today, and brings with it updated versions of OpenSSH, OpenZFS, and Bhyve virtual machines can now share files with their host over 9pfs – among other things, of course.

15:35

03/10/26 [Flipside]

The next Patreon Stream happens Wednesday night, at 7:30 pm (CT.) I will be working on more Flipside pages, listening to your video game song requests, and possibly drawing sketches for Patrons! All are welcome to watch the stream here: https://www.twitch.tv/flipsider99

On Thursday I leave to go to Animate Raleigh, and the following weekend I will be at Galaxy Con Richmond! Got a busy couple of weeks ahead!

Free Software Directory meeting on IRC: Friday, March 13, starting at 12:00 EDT (16:00 UTC) [Planet GNU]

Join the FSF and friends on Friday, March 13 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Pluralistic: Ad-tech is fascist tech (10 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

Ad-tech is fascist tech: Surveillance advertising is just surveillance.
Hey look at this: Delights to delectate.
Object permanence: Washpo v Bernie; Activists v Saif Gadaffi's London mansion; Spacefaring v contract language; Tuna-can tiffin pail; France v encryption.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

Ad-tech is fascist tech (permalink)

A core tenet of the enshittification hypothesis is that all the terrible stuff we're subjected to in our digital lives today is the result of foreseeable (and foreseen) policy choices, which created the enshittogenic policy environment in which the worst people's worst ideas make the most money:

https://pluralistic.net/2025/09/10/say-their-names/#object-permanence

Take commercial surveillance. Google didn't have to switch from content-based ads (which chose ads based on your search terms and the contents of webpages) to surveillance-based ads (which used dossiers on your searches, emails, purchases and physical movements to target ads to you, personally). The content-based ads made Google billions, but the company made a gamble that surveillance-based ads would make them more money.

That gamble had two parts: the first was that advertisers would pay more for surveillance ads. This is the part we all focus on – the collusion between people who want to sell us stuff and companies willing to spy on us to help them do it.

But the other half of the bet is far more important: namely, whether spying on us would cost Google anything. Would they face fines? Would users collect massive civil judgments over these privacy violations? Would Google face criminal charges? These are the critical questions, because even if advertisers are willing to pay a premium for surveillance ads, it only makes sense to collect that premium if the excess profit it represents is larger than the anticipated penalties for committing surveillance crimes.

What's more, advertisers and Google execs all work for their shareholders, in a psychotic "market system" in which the myth of "fiduciary duty" is said to require companies to hurt us right up to the point where the harms they inflict on the world cost them more than the additional profits those harms deliver:

https://pluralistic.net/2024/09/18/falsifiability/#figleaves-not-rubrics

But the policymakers who ultimately determine whether the fines, judgments and criminal penalties outstrip the profits from spying – they work for us. They draw their paychecks from the public purse in exchange for safeguarding our interests, and they have manifestly failed at this.

Why did Google decide to start spying on us? For the same reason your dog licks its balls: because they could. The last consumer privacy law to make it out of the US Congress was a 1988 bill that banned video-store clerks from disclosing your VHS rentals:

https://pluralistic.net/2025/10/31/losing-the-crypto-wars/#surveillance-monopolism

And yes, the EU did pass a comprehensive consumer privacy law, but then abdicated any duty to enforce the GDPR, because US Big Tech companies pretend to be Irish, and Ireland is a crime-haven that lets the tax-evaders who maintain the fiction of a Dublin HQ break any EU law they find inconvenient:

https://pluralistic.net/2025/12/01/erin-go-blagged/#big-tech-omerta

The most important question for Google wasn't "Will advertisers pay more for surveillance targeting?" It was "Will lawmakers clobber us for spying on the whole internet?" And the answer to that second question was a resounding no.

Why did policymakers fail us? It's not much of a mystery, I'm afraid. Policymakers failed us because cops and spies hate privacy laws and lobby like hell against them. Cops and spies love commercial surveillance, because the private sector's massive surveillance dossiers are an off-the-books trove of warrantless surveillance data that the government can't legally collect. What's more, even if the spying was legal, buying private sector surveillance data is much cheaper than creating a public sector surveillance apparatus to collect the same info:

https://pluralistic.net/2023/08/16/the-second-best-time-is-now/#the-point-of-a-system-is-what-it-does

The harms of mass commercial surveillance were never hard to foresee. 20 years ago, Radar magazine commissioned a story from me about "the day Google turned evil," and I turned in "Scroogled," which was widely shared and reprinted:

https://web.archive.org/web/20070920193501/https://radaronline.com/from-the-magazine/2007/09/google_fiction_evil_dangerous_surveillance_control_1.php/

Radar is long gone, though it's back in the news now, thanks to the revelation that it was financed via Jeffrey Epstein as part of his plan to both control and loot magazines and newspapers:

https://www.reddit.com/r/Epstein/comments/142bufo/radar_magazine_lines_up_financing_published_2004/

But the premise of "Scroogled" lives on. 20 years ago, I wrote a story in which the bloated, paranoid, lawless DHS raided ad-tech databases of behavioral data in order to target people for secret arrests, extraordinary rendition, and torture.

It took a minute, but today, the DHS is paying data-brokers and ad-tech giants like Google for commercial surveillance data that it is using to feed the systems that automatically decide who will be kidnapped, rendered and tortured by ICE:

https://www.theregister.com/2026/01/27/ice_data_advertising_tech_firms/

I want to be clear here: I'm not claiming any prescience – quite the reverse in fact. My point is that it just wasn't very hard to see what would happen if we let the surveillance advertising industry run wild. Our lawmakers were warned. They did nothing. They exposed us to this risk, which was both foreseeable and foreseen.

Nor did the ICE/ad-tech alliance drop out of the sky. The fascist mobilization of ad-tech data for a racist pogrom is the latest installment in a series of extremely visible, worsening weaponizations of commercial surveillance. Just last year, I testified before Biden's CFPB at hearings on a rule to kill the data-broker industry, where we heard from the Pentagon about ad-tech targeting of American military personnel with gambling problems with location-based ads that reached them in their barracks:

https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising

Biden's CFPB passed the data broker-killing rule, but Trump and DOGE nuked it before it went into effect. Trump officials didn't offer any rationale for this, despite the fact that the testimony in that hearing included a rep from the AARP who described how data brokers let advertisers target seniors with signs of dementia (a core Trump voter bloc). I don't know for sure, but I have a sneaking suspicion that the Stephen Miller wing of the Trump coalition wanted data brokers intact so that they could use them to round up and imprison/torture/murder/enslave non-white people and Trump's political enemies.

Despite this eminently foreseeable outcome of the ad-tech industry, many perfectly nice people who made extremely nice salaries working in ad-tech are rather alarmed by this turn of events:

https://quoteinvestigator.com/2017/11/30/salary/

On Adxchanger.com, ad-tech exec David Nyurenberg writes, "The Privacy ‘Zealots’ Were Right: Ad Tech’s Infrastructure Was Always A Risk":

https://www.adexchanger.com/data-driven-thinking/the-privacy-zealots-were-right-ad-techs-infrastructure-was-always-a-risk/

Nyurenberg opens with a very important point – not only is ad-tech dangerous, it's also just not very good at selling stuff. The claims for the efficacy of surveillance advertising are grossly overblown, and used to bilk advertisers out of high premiums for a defective product:

https://truthset.com/the-state-of-data-accuracy-form/

There's another point that Nyurenberg doesn't make, but which is every bit as important: many of ad-tech's fiercest critics have abetted ad-tech's rise by engaging in "criti-hype" (repeating hype claims as criticism):

https://peoples-things.ghost.io/youre-doing-it-wrong-notes-on-criticism-and-technology-hype/

The "surveillance capitalism" critics who repeated tech's self-serving mumbo-jumbo about "hacking our dopamine loops" helped ad-tech cast itself in the role of mind-controlling evil sorcerers, which greatly benefited these self-styled Cyber-Rasputins when they pitched their ads to credulous advertisers:

https://pluralistic.net/HowToDestroySurveillanceCapitalism

Nyurenberg points to European privacy activists like Johnny Ryan and Max Schrems, who have chased American surveillance advertising companies out of the Irish courts and into other EU territories and even Europe's federal court, pointing out that these two (and many others!) have long warned the world about the way that this data would be weaponized. Johnny Ryan famously called ad-tech's "realtime bidding" system, "the largest data breach ever recorded":

https://committees.parliament.uk/writtenevidence/453/html/

Ryan is referring to the fact that you don't even have to buy an ad to amass vast databases of surveillance data about internet users. When you land on a webpage, every one of the little boxes where an ad will eventually show up gets its own high-speed auction in which your private data is dangled before anyone with an ad-tech account, who gets to bid on the right to shove an ad into your eyeballs. The losers of that auction are supposed to delete all your private data that they get to see through this process, but obviously they do not.

And Max Schrems has hollered from the mountaintops for years about the inevitability of authoritarian governments helping themselves to ad-tech data in order to suppress dissent and terrorize their political opposition:

https://www.bipc.com/european-high-court-finds-eu-us-privacy-shield-invalid

Nyurenberg says his friends in ad-tech are really upset that these (eminently foreseeable) outcomes have come to pass, but (he says), ad-tech bosses claim they have no choice but to collaborate with the Trump regime. After all, we've seen what Trump does to companies that don't agree to help him commit crimes:

https://apnews.com/article/anthropic-trump-pentagon-hegseth-ai-104c6c39306f1adeea3b637d2c1c601b

Nyurenberg closes by upbraiding his ad-tech peers for refusing to engage with their critics during the decades in which it would have been possible to do something to prevent this outcome. Ad-tech insiders dismissed privacy activists as unrealistic extremists who wanted to end advertising itself and accused ad-tech execs of wanting to create a repressive state system of surveillance. In reality, critics were just pointing out the entirely foreseeable repressive state surveillance that ad-tech would end up enabling.

I'm quite pleased to see Nyurenberg calling for a reckoning among his colleagues, but I think there's plenty of blame to spread around. Sure, the ad-tech industry built this fascist dragnet – but a series of governments around the world let them do it. There was nothing inevitable about mass commercial surveillance. It doesn't even work very well! Mass commercial surveillance is the public-private partnership from hell, where cops and spies shielded ad-tech companies from regulation in exchange for those ad-tech companies selling cops and spies unlimited access to their databases.

Our policymakers are supposed to work for us. They failed us. Don't let anyone tell you that the greed and depravity of ad-tech are the sole causes of Trump's use of ad-tech to decide who to kidnap and send to a Salvadoran slave-labor camp. Policymakers should have known. They did know. They had every chance to stop this. They did not.

(Image: Jakub Hałun, CC BY 4.0; Myotus, CC BY-SA 4.0; Lewis Clarke, CC BY-SA 2.0; modified)

Hey look at this (permalink)

A Wild Day as Trump DOJ Settles with Live Nation/Ticketmaster, State Enforcers Balk https://www.bigtechontrial.com/p/a-wild-day-as-trump-doj-settles-with
Waging war for the lulz https://www.garbageday.email/p/waging-war-for-the-lulz
Live Nation Settlement Spurs Chaos in Court https://prospect.org/2026/03/09/live-nation-settlement-spurs-chaos-in-court/
Wikilinker https://whitelabel.org/2026/03/09/wikilinker/
Centrists: Better Things Aren’t Possible https://prospect.org/2026/03/10/centrists-better-things-arent-possible-democrats-south-carolina-third-way/

Object permanence (permalink)

#20yrsago Toronto transit fans to Commission: withdraw anagram map lawsuit threat https://web.archive.org/web/20060407230329/http://www.ttcrider.ca/anagram.php

#15yrsago BBC newsteam kidnapped, hooded and beaten by Gadaffi’s forces https://www.bbc.com/news/world-africa-12695077

#15yrsago Activists seize Saif Gadaffi’s London mansion https://web.archive.org/web/20110310091023/https://london.indymedia.org/articles/7766

#10yrsago Spacefaring and contractual obligations: who’s with me? https://memex.craphound.com/2016/03/09/spacefaring-and-contractual-obligations-whos-with-me/

#10yrsago Home Depot might pay up to $0.34 in compensation for each of the 53 million credit cards it leaked https://web.archive.org/web/20160310041148/https://www.csoonline.com/article/3041994/security/home-depot-will-pay-up-to-195-million-for-massive-2014-data-breach.html

#10yrsago How to make a tiffin lunch pail from used tuna fish cans https://www.instructables.com/Tiffin-Box-from-Tuna-Cans/

#10yrsago “Water Bar” celebrates the wonder and fragility of tap water https://www.minnpost.com/cityscape/2016/03/world-s-first-full-fledged-water-bar-about-open-minneapolis/

#10yrsago French Parliament votes to imprison tech execs for refusal to decrypt https://arstechnica.com/tech-policy/2016/03/france-votes-to-penalise-companies-for-refusing-to-decrypt-devices-messages/

#10yrsago Anti-censorship coalition urges Virginia governor to veto “Beloved” bill https://ncac.org/incident/coalition-to-virginia-governor-veto-the-beloved-bill

#10yrsago Washington Post: 16 negative stories about Bernie Sanders in 16 hours https://www.commondreams.org/views/2016/03/08/washington-post-ran-16-negative-stories-bernie-sanders-16-hours

Upcoming appearances (permalink)

San Francisco: Launch for Cindy Cohn's "Privacy's Defender" (City Lights), Mar 10
https://citylights.com/events/cindy-cohn-launch-party-for-privacys-defender/
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
London: Resisting Big Tech Empires (LSBU)
https://www.tickettailor.com/events/globaljusticenow/2042691
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Chicken Mating Harnesses (This Week in Tech)
https://twit.tv/shows/this-week-in-tech/episodes/1074
The Virtual Jewel Box (U Utah)
https://tanner.utah.edu/podcast/enshittification-cory-doctorow-matthew-potolsky/
Tanner Humanities Lecture (U Utah)
https://www.youtube.com/watch?v=i6Yf1nSyekI
The Lost Cause
https://streets.mn/2026/03/02/book-club-the-lost-cause/
Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1038 words today, 46380 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

https://doctorow.medium.com/
https://twitter.com/doctorow

Medium (no ads, paywalled):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

14:07

Job opportunity: Engineering and Certification Manager at the Free Software Foundation [Planet GNU]

The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to promote computer user freedom, seeks a motivated and talented individual to be our new Engineering and Certification Manager. This position is ideally full-time and US-based, but exceptions can be made for a qualified candidate.

[$] Debian decides not to decide on AI-generated contributions [LWN.net]

Debian is the latest in an ever-growing list of projects to wrestle (again) with the question of LLM-generated contributions; the latest debate stared in mid-February, after Lucas Nussbaum opened a discussion with a draft general resolution (GR) on whether Debian should accept AI-assisted contributions. It seems to have, mostly, subsided without a GR being put forward or any decisions being made, but the conversation was illuminating nonetheless.

13:21

Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (imagemagick), Fedora (chromium, matrix-synapse, mingw-zlib, perl-Net-CIDR, polkit, and rust-pythonize), Mageia (coturn, firefox, and thunderbird), Oracle (delve, git-lfs, gnutls, go-rpm-macros, image-builder, kernel, libsoup, nfs-utils, nginx:1.24, osbuild-composer, postgresql, thunderbird, udisks2, and valkey), Red Hat (grafana, image-builder, and opentelemetry-collector), SUSE (c3p0 and mchange-commons, corepack24, go1, ImageMagick, python-Flask, tomcat, tomcat10, tomcat11, virtiofsd, and weblate), and Ubuntu (apache2 and yara).

Job opportunity: Engineering and Certification Manager at the Free Software Foundation [Free software jobs]

12:49

CodeSOD: To Shutdown You Must First Shutdown [The Daily WTF]

Every once in awhile, we get a bit of terrible code, and our submitter also shares, "this isn't called anywhere," which is good, but also bad. Ernesto sends us a function which is called in only one place:

///
/// Shutdown server
///
private void shutdownServer()
{
    shutdownServer();
}

The "one place", obviously, is within itself. This is the Google Search definition of recursion, where each recursive call is just the original call, over and over again.

This is part of a C# service, and this method shuts down the server, presumably by triggering a stack overflow. Unless C# has added tail calls, anyway.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

12:14

Toni Schneider, Bluesky's new CEO [Scripting News]

Bluesky has a new CEO, Toni Schneider former CEO of Automattic. I have known Toni for many years, dating back to his startup, Oddpost, that I praised on my blog, and his partner was then quoted in Wired saying Scripting News is media. That meant a lot to me at the time, and it was true. I was very proud that I had played a small part in their success.

I had a virtual meeting with Toni a couple of years ago about their identity product, then in development, urging them to include storage in it, but as far as I know that didn't happen.

Toni believes that Bluesky is a distributed social media app, but I've been all around this, wrote some software for their protocol to see if I was missing something, and concluded that it's typical tech industry hype, there's no reality to the claim. They're selling something they don't have, and I don't think they can do it and preserve the feature set of their product.

Here's a search for Bluesky on my blog. You can see that I have taken a great interest in the product.

Scripting News unfortunately is not as influential as it once was when I praised Oddpost, but I think this advice is equally valuable as it was in 2002. I think the shortest path for Bluesky to achieve its vision is to hook up with WordPress, that would give us a path into it that is decentralized. If we ever talk about this, ironically, I will be selling Toni on his own product.

10:21

Jailbreaking the F-35 Fighter Jet [Schneier on Security]

Countries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance.

The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party software.

09:35

Irregular Webcomic! #3059 [Irregular Webcomic!]

Irregular Webcomic! #3059

09:28

Small changes to big systems [Seth's Blog]

A hardcover book printed in 1925 is almost indistinguishable from one printed yesterday. It’s easy to think not much has changed.

But book publishing isn’t about printing, and it’s a useful metaphor for the systems changes we’re seeing all around us.

The book publishing system was based on scarcity.

A successful bookstore was perfect. It had exactly the right number of books — more wouldn’t fit, and fewer wouldn’t pay the rent. The only way for a book publisher to get a new book into the stores was to get the bookseller to take an old book out.

As a result of this chokepoint, distribution became the focus. Publishers came to see bookstores, not readers, as their customers—which is why there are few ads for books, or toll-free numbers to call. There were plenty of authors, so publishers selected which ones got a distribution investment. And their timing and launch strategies all revolved around the bookstores.

Bookstores have to make smart choices. Months in advance, they choose which new books to take on (and which to leave behind.) If they were wrong, if a new book they don’t carry has an audience, then they lose sales because readers go elsewhere.

The small change? Get rid of the scarcity of shelf space. Amazon never removes a book to make room for a new book. They have all the books.

The publishers’ existing strategies make little sense when the scarcity of shelf space goes away.

One industry term is the “lay down” which describes how many books a major publisher needs to print and distribute to get good nationwide coverage at launch. For books that hope to be bestsellers, that number was 25,000 copies or so… a book from a well-known author would have that many copies in the world before a single copy was sold.

Today, for many books like this, the laydown is 250. 1% of what it used to be.

This is why the industry is shifting so much attention to pre-orders. The online world not only eradicated space (you can buy things from anywhere, so shelves don’t matter), it also shifted time. You can indicate interest by buying things long before they’re distributed.

Bookstores don’t stock a new book unless they see it’s already been selling online.

Another example: Pop music.

Through a happy accident, the typical record store was exactly big enough to hold all the music that the typical listener might ever hear on the radio. The radio as a sampling medium was about the same size as the physical distribution medium of the store. You didn’t hear hula music on the radio and you couldn’t buy it at Tower Records.

First, we blew up the store. The internet meant that any song you wanted, you could download for free if you cared enough, or listen to it on YouTube (if you only cared a little.)

Then, we blew up the radio station. The internet meant that the sampling medium went from DJ-curated to streaming-on-demand. And we demanded.

Change the distribution, change the medium.

There are still hits, but they’re not driven by A&R teams, record-store distribution deals or payola. The sampling medium and the revenue medium have become the same.

And one more shift, one that’s changed both industries:

The cost of making a book or a song has plummeted. Thanks to AI, autotune and other tools, combined with the roll-your-own distribution of ebooks and social media, anyone can create and self-publish. So, anyone will.

Scarcity of creation and scarcity of distribution have been replaced by a surplus of both.

What doesn’t scale? Trust, attention and belonging.

AI is making relatively small changes to very big systems, everywhere we look. But if those systems are built on the desires of humans, we will need to earn trust, attention and belonging more than ever before.

07:49

How to Disclose your STI by Erika Moen [Oh Joy Sex Toy]

Telling a new partner that you’ve got an STI can feel like jumping off a cliff- believe me, I know it firsthand! Here are some of the STI resources I cited in the comic, plus a few more helpful articles: • CDC: Sexually Transmitted Infections Prevalence, Incidence, and Cost Estimates in the United States • […]

Home Remedies [xkcd.com]

05:14

High immigrant application fees, UK [Richard Stallman's Political Notes]

Non-privileged people permitted to into the UK but those whose permission is not permanent have to pay over USD 1500 per year on formalities to reapply for permission. This continues for ten years.

This is not nominally a fee for residence, but it is tantamount to that.

No wonder Starmer Labour, competing in harshness with right wing extremists, proposes to require extend that fee to 20 years.

01:28

Bubbles [QC RSS]

Not THAT bubbles

00:00

ArcaOS 5.1.2 released [OSnews]

While IBM’s OS/2 technically did die, its development was picked up again much later, first through eComStation, and later, after money issues at its parent company Mensys, through ArcaOS. eComStation development stalled because of the money issues and has been dead for years; ArcaOS picked up where it left off and has been making steady progress since its first release in 2017. Regardless, the developers behind both projects develop OS/2 under license from IBM, but it’s unclear just how much they can change or alter, and what the terms of the agreement are.

Anyway, ArcaOS 5.1.2 has just been released, and it seems to be a rather minor release. It further refines ArcaOS’ support for UEFI and GPT-based disks, the tentpole feature of ArcaOS 5.1 which allows the operating system to be installed on a much more modern systems without having to fiddle with BIOS compatibility modes. Looking at the list of changes, there’s the usual list of updated components from both Arca Noae and the wider OS/2 community. You’ll find the latest versions of of the Panorama graphics drivers, ACPI, USB, and NVMe drivers, improved localisation, newer versions of the VNC server and viewer, and much more.

If you have an active Support & Maintenance subscription for ArcaOS 5.1, this update is free, and it’s also available at discounted prices as upgrades for earlier versions. A brand new copy of ArcaOS 5.1.x will set you back $139, which isn’t cheap, but considering this price is probably a consequence of what must be some onerous licensing terms and other agreements with IBM, I doubt there’s much Arca Noae can do about it.

Monday, 09 March

23:14

Guest Rant: We Can’t Balance the Budget on the Backs of Vulnerable Communities [The Stranger]

Gutting the HEAL Act Betrays Washington’s Commitment to Climate Justice

by Dave Upthegrove

On June 23, 2021, a historic heat dome settled over the Pacific Northwest like a vengeful oven, sending temperatures skyrocketing from Juneau, Alaska to Eureka, California. In the diverse, working-class neighborhoods of South King County and Tacoma, Yakima and Spokane, temperatures reached as high as 110 degrees.

Over the next few weeks, more than 120 people died due to exposure to extreme heat, making it the deadliest natural disaster our state has witnessed in generations. Compounding that tragedy was another one: the undeniable fact that this tragedy exposed the depth of environmental injustice here in Washington State.

More than half of the people who died during the heat dome lived in poorer neighborhoods—in neighborhoods without air-conditioned community centers, without well-funded emergency services, without enough trees offering enough shade. At least 80 of the deaths occurred within the densely populated urban neighborhoods of King, Pierce, and Spokane counties.

Organizations like Comunidad see these impacts firsthand. Families share stories of working up to 16 hours a day outside in dangerous heat, living in housing without adequate cooling, or struggling to access resources during extreme weather events. For many communities, environmental injustice is not a distant policy debate—it is a daily reality affecting their health, safety, and livelihoods.

In May of 2021, the State Legislature passed the Healthy Environment for All (HEAL) Act—landmark legislation aimed at reducing environmental and health disparities in Washington. The HEAL Act required state agencies to develop and implement community engagement plans, conduct environmental justice assessments, and improve Tribal consultation frameworks.

Over the past four years, funding from the HEAL Act has aided in the development of environmental health disparities (EHD) maps—including heat risk assessments—and provided agencies with the resources to meaningfully include Tribes and frontline communities in decision-making during emergencies such as extreme heat, flooding, and landslides.

HEAL’s community capacity grants have enabled community-led education on issues like water contamination and pollution and provided funding to Tribes and community organizations to increase capacity for climate and environmental justice initiatives.

It has helped make the work of environmental justice central to the mission of this state.

But now, all of that is at risk of disappearing.

In February, state legislators unveiled a budget proposal which would gut environmental justice and HEAL Act funding across multiple agencies—including the departments of Agriculture, Natural Resources, Commerce, and Ecology. The cuts include a 42 percent reduction to the Environmental Justice Council and a half-million dollar reduction at the Department of Health— eliminating critical investments to the Environmental Health Disparities Map and grants to local organizations working to provide services and information to their communities.

These cuts would make it impossible for those of us dedicated to the cause of environmental justice to do our work, and lead to worse health outcomes and wider health disparities in communities already disproportionately impacted by flooding, extreme heat, wildfires, pollution, food deserts, and other health and environmental challenges.

We understand that our state is facing a complicated budget situation, and difficult choices must be made. But Washington should not balance its budget on the backs of our most vulnerable communities.

In 2021, 28 state senators and 56 state representatives voted for the HEAL Act. Just weeks ago, 15 of those same senators and 16 of those same representatives voted for a budget that all but eliminates it.

We cannot only care about the needs of impacted communities when it fits in the budget. We cannot send the message that aiding vulnerable people is a luxury we can’t always afford. And we cannot abandon the essential work of environmental justice when climate change is raising temperatures, drying our landscapes, and causing ever more natural disasters that always impact the already impacted, hurt the already hurting, and disadvantage the already disadvantaged.

The state that passed the Climate Commitment Act must also be a leader in advancing climate justice. The state that passed the HEAL Act should commit to funding it.

Five years ago, an unprecedented heat wave exposed the cracks in our system. We have an obligation to continue the urgent work to fix what’s broken and uplift the people most at risk of slipping through those cracks.

That’s why we will continue to press the urgency of this moment with state legislators. We will continue to engage with Tribes, local organizations, and impacted communities across the state. And we will continue to carry the cause of environmental justice forward—regardless of the politics or popularity, the bullies or the budget constraints.

Because this work—and our communities—are too important.

Dave Upthegrove is the Washington State Commissioner of Public Lands. Alejandra Tres is the co-founder and co-Executive Director of Comunidad.

22:42

Manton's Inkwell [Scripting News]

My friend Manton Reece has a new feed reader called Inkwell. The thing that's great about Manton is he tries out new ideas. This is a feed reader of experimentation. Let's see if this works, Manton asks. We'll find out. I love that creative people are using RSS in new ways. I think before long they won't laugh at the idea that RSS is at least as good as AT Proto. (That's a joke, RSS is so much better in so many ways.)

BTW, I'm not sure how Inkwell will fit into my life. I want to try the features of his product, but I am already in FeedLand, all my feed subscriptions emanate from there. I could import my feeds into Inkwell, it supports OPML import, but the subs would not stay in sync. Something for Manton to worry about in a few months or years. No doubt a lot of people are going to love Inkwell, I love it because it's new and creative and represents a substantial investment in RSS. We all got an upgrade today thanks to Manton.

If you want to get an idea of how it works, he did a video demo for his beta testers.

[1293] Stay [Twokinds]

Comic for March 9, 2026

21:56

Isoken Ibizugbe: Starting Out in Outreachy [Planet Debian]

Bluesky: "The reason we have enough money for a war is that we get to print money because we have the reserve currency that the whole world uses. So we could afford to buy you a house or pay for your healthcare or forgive your student loan debt but we don’t because I don’t know."

21:42

So you want to join Outreachy but you don’t understand it, you’re scared, or you don’t know what open source is about.

What is FOSS anyway?

Free and Open Source Software (FOSS) refers to software that anyone can use, modify, and share freely. Think of it as a community garden; instead of one company owning the “food,” people from all over the world contribute, improve, and maintain it so everyone can benefit for free. You can read more here on what it means to contribute to open source.

Outreachy provides paid internships to anyone from any background who faces underrepresentation, systemic bias, or discrimination in the technical industry where they live. Their goal is to increase diversity in open source. Read their website for more. I spent a good amount of time reading all the guides listed, including the applicant guide and the how-to-apply guide.

The “Secret” to Applying (Spoiler: It’s not a secret)

I know newcomers are scared or unsure and would prefer answers from previous participants, but the Outreachy website is actually a goldmine, almost every question you have is already answered there if you look closely. I used to hate reading documentation, but I’ve learned to love it. Documentation is the “Source of Truth.”

My Advice: Read every single guide on their site. The applicant guide is your roadmap. Embracing documentation now will make you a much better contributor later.

The AI Trap: Be Yourself

Now for the part most newcomers have asked about is the initial essay. I know it’s tempting to use AI, but I really encourage you to skip it for this. Your own story is much more powerful than a generated one. Outreachy and its mentoring organizations value your unique story. They are strongly against fabricated or AI-exaggerated essays.

For example, when I contributed to Debian using openQA, the information wasn’t well established on the web. When I tried to use AI, it suggested imaginary ideas. The project maintainers had a particular style of contributing, so I had to follow the instructions carefully, observe the codebase, and read the provided documentation. With that information, I always wrote a solution first before consulting AI, and mine was always better. AI can only be intelligent in the context of what you give it; if it doesn’t have your answer, it will look for the most similar solution (hallucinate). We do not want to increase the burden on reviewers—their time is important because they are volunteers, too. This is crucial when you qualify for the contribution phase.

The Application Process

There are two main stages:

The initial application: Here you fill in basic details, time availability, and essay questions (you can find these on the Outreachy website).
The contribution phase: This is where you show you have the skills to work on the projects. Every project will list the skills needed and the level of proficiency.

When you qualify for the contribution phase:

A lot of people will try to create buzz or even panic; you just have to focus. Once you’ve gotten the hang of the project, remember to help others along the way.
You can start contributions with spelling corrections, move to medium tasks (do multiple of these), then a hard task if possible. You don’t need to be a guru on day one.
It’s all about community building. Do your part to help others understand the project too; this is also a form of contribution.
Lastly, every project mentor has a way of evaluating candidates. My summary is: be confident, demonstrate your skills, and learn where you are lacking. Start small and work your way up, you don’t have to prove yourself as a guru.

Tips

Watch this: This step-by-step video is a great walkthrough of the initial application process.
Sign up for the email list to get updates: https://lists.outreachy.org/cgi-bin/mailman/listinfo/announce
Be fast: Complete your initial application in the first 3 days, as there are a lot of applicants.
Back it up: In your essay about systemic bias, include some statistics to back it up.
Learn Git: Even if you don’t have programming skills, contributions are pushed to GitHub or GitLab. Practice some commands and contribute to a “first open issue” to understand the flow: https://github.com/firstcontributions/first-contributions

The most important tip? Apply anyway. Even if you feel underqualified, the process itself is a massive learning experience.

The SAFE Act is an Imperfect Vehicle for Real Section 702 Reform [Deeplinks]

The SAFE act, introduced by Senators Mike Lee (R-UT) and Dick Durbin (D-IL), is the first of many likely proposals we will see to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008—and while imperfect, it does propose a litany of real and much-needed reforms of Big Brother’s favorite surveillance authority.

The irresponsible 2024 reauthorization of the secretive mass surveillance authority Section 702 not only gave the government two more years of unconstitutional surveillance powers, it also made the policy much worse. But, now people who value privacy and the rule of law get another bite at the apple. With expiration for Section 702 looming in April 2026, we are starting to see the emergence of proposals for how to reauthorize the surveillance authority—including calls from inside the White House for a clean reauthorization that would keep the policy unchanged. EFF has always had a consistent policy: Section 702 should not be reauthorized absent major reforms that will keep this tactic of foreign surveillance from being used as a tool of mass domestic espionage.

What is Section 702?

Section 702 was intended to modernize foreign surveillance of the internet for national security purposes. It allows collection of foreign intelligence from non-Americans located outside the United States by requiring U.S.-based companies that handle online communications to hand over data to the government. As the law is written, the intelligence community (IC) cannot use Section 702 programs to target Americans, who are protected by the Fourth Amendment’s prohibition on unreasonable searches and seizures. But the law gives the intelligence community space to target foreign intelligence in ways that inherently and intentionally sweep in Americans’ communications.

We live in an increasingly globalized world where people are constantly in communication with people overseas. That means, while targeting foreigners outside the U.S. for “foreign intelligence Information” the IC routinely acquires the American side of those communications without a probable cause warrant. The collection of all that data from U.S telecommunications and internet providers results in the “incidental” capture of conversations involving a huge number of people in the United States.

But, this backdoor access to U.S. persons’ data isn’t “incidental.” Section 702 has become a routine part of the FBI’s law enforcement mission. In fact, the IC’s latest Annual Statistical Transparency Report documents the many ways the Federal Bureau of Investigation (FBI) uses Section 702 to spy on Americans without a warrant. The IC lobbied for Section 702 as a tool for national security outside the borders of the U.S., but it is apparent that the FBI uses it to conduct domestic, warrantless surveillance on Americans. In 2021 alone, the FBI conducted 3.4 million warrantless searches of US person’s 702 data.

The Good

Let’s start with the good things that this bill does. These are reforms EFF has been seeking for a long time and their implementation would mean a big improvement in the status quo of national security law.

First, the bill would partially close the loophole that allows the FBI and domestic law enforcement to dig through 702-collected data’s “incidental” collection of the U.S. side of communications. The FBI currently operates with a “finders keeper” mentality, meaning that because the data is pre-collected by another agency, the FBI believes it can operate with almost no constraints on using it for other purposes. The SAFE act would require a warrant before the FBI looked at the content of these collected communications. As we will get to later, this reform does not go nearly far enough because they can query to see what data on a person exists before getting a warrant, but it is certainly an improvement on the current system.

Second, the bill addresses the age-old problem of parallel construction. If you’re unfamiliar with this term, parallel construction is a method by which intelligence agencies or domestic law enforcement find out a piece of information about a subject through secret, even illegal or unconstitutional methods. Uninterested in revealing these methods, officers hide what actually happened by publicly offering an alternative route they could have used to find that information. So, for instance, if police want to hide the fact that they knew about a specific email because it was intercepted under the authority of Section 702, they might use another method, like a warranted request to a service provider, to create a more publicly-acceptable path to that information. To deal with this problem, the SAFE Act mandates that when the government seeks to use Section 702 evidence in court, it must disclosure the source of this evidence “without regard to any claim that the information or evidence…would inevitably have been discovered, or was subsequently reobtained through other means.”

Next, the bill proposes a policy that EFF and other groups have nonetheless been trying to get through Congress for over five years: ending the data broker loophole. As the system currently stands, data brokers who buy and sell your personal data collected from smartphone applications, among other sources, are able to sell that sensitive information, including a phone’s geolocation, to the law enforcement and intelligence agencies. That means that with a bit of money, police can buy the data (or buy access to services that purchase and map the data) that they would otherwise need a warrant to get. A bill that would close this loophole, the Fourth Amendment is Not For Sale Act passed through the House in 2024 but has yet to be voted on by the Senate. In the meantime, states have taken it upon themselves to close this loophole with Montana being the first state to pass similar legislation in May 2025. The SAFE Act proposes to partially fix the loophole at least as far as intelligence agencies are concerned. This fix could not come soon enough—especially since the Office of the Director of National Intelligence has signaled their willingness to create one big, streamlined, digital marketplace where the government can buy data from data brokers.

Another positive thing about the SAFE Act is that it creates an official statutory end to surveillance power that the government allowed to expire in 2020. In its heyday, the intelligence community used Section 215 of the Patriot Act to justify the mass collection of communication records like metadata from phone calls. Although this legal authority has lapsed, it has always been our fear that it will not sit dormant forever and could be reauthorized at any time. This new bill says that its dormant powers shall “cease to be in effect” within 180 of the SAFE Act being enacted.

What Needs to Change

The SAFE Act also attempts to clarify very important language that gauges the scope of the surveillance authority: who is obligated to turn over digital information to the U.S. government. Under Section 702, “electronic communication service providers” (ECSP) are on the hook for providing information, but the definition of that term has been in dispute and has changed over time—most recently when a FISA court opinion expanded the definition to include a category of “secret” ECSPs that have not been publicly disclosed. Unfortunately, this bill still leaves ambiguity in interpretation and an audit system without a clear directive for enforcing limitations on who is an ECSP or guaranteeing transparency.

As mentioned earlier, the SAFE Act introduces a warrant requirement for the FBI to read the contents of Americans’ communications that have been warrantlessly collected under Section 702. However, the law does not in its current form require the FBI to get a warrant before running searches identifying whether Americans have communications present in the database in the first place. Knowing this information is itself very revealing and the government should not be able to profit from circumventing the Fourth Amendment.

When Congress reauthorized Section 702 in 2014, they did so through a piece of policy called the Reforming Intelligence and Securing America Act (RISAA). This bill made 702 worse in several ways, one of the most severe being that it expanded the legal uses for the surveillance authority to include vetting immigrants. In an era when the United States government is rounding up immigrants, including people awaiting asylum hearings, and which U.S officials are continuously threatening to withhold admission to the United States from people whose politics does not align with the current administration, RISAA sets a dangerous precedent. Although RISAA is officially expiring in April, it would be helpful for any Section 702 reauthorization bill to explicitly prohibit the use of this authority for that reason.

Finally, in the same way that the SAFE Act statutorily ends the expired Section 215 of the Patriot Act, it should also impose an explicit end to “Abouts collection” a practice of collecting digital communications, not if their from suspected people, but if their are “about” specific topics. This practice has been discontinued, but still sits on the books, just waiting to be revamped.

“AI” translations are ruining Wikipedia [OSnews]

Oh boy.

Wikipedia editors have implemented new policies and restricted a number of contributors who were paid to use AI to translate existing Wikipedia articles into other languages after they discovered these AI translations added AI “hallucinations,” or errors, to the resulting article.
↫ Emanuel Maiberg at 404 Media

There seems to be this pervasive conviction among Silicon Valley techbro types, and many programmers and developers in general, that translation and localisation are nothing more than basic find/replace tasks that you can automate away. At first, we just needed to make corpora of two different languages kiss and smooch, and surely that would automate translation and localisation away if the corpora were large enough. When this didn’t turn out to work very well, they figured that if we made the words in the corpora tumble down a few pachinko machines and then made them kiss and smooch, yes, then we’d surely have automated translation and localisation.

Nothing could be further from the truth. As someone who has not only worked as a professional translator for over 15 years, but who also holds two university degrees in the subject, I keep reiterating that translation isn’t just a dumb substitution task; it’s a real craft, a real art, one you can have talent for, one you need to train for, and study for. You’d think anyone with sufficient knowledge in two languages can translate effectively between the two, but without a much deeper understanding of language in general and the languages involved in particular, as well as a deep understanding of the cultures in which the translation is going to be used, and a level of reading and text comprehension that go well beyond that of most, you’re going to deliver shit translations.

Trust me, I’ve seen them. I’ve been paid good money to correct, fix, and mangle something usable out of other people’s translations. You wouldn’t believe the shit I’ve seen.

Translation involves the kinds of intricacies, nuances, and context “AI” isn’t just bad at, but simply cannot work with in any way, shape, or form. I’ve said it before, but it won’t be long before people start getting seriously injured – or worse – because of the cost-cutting in the translation industry, and the effects that’s going to have on, I don’t know, the instruction manuals for complex tools, or the leaflet in your grandmother’s medications.

Because some dumbass bean counter kills the budget for proper, qualified, trained, and experienced translators, people are going to die.

“I don’t know what is Apple’s endgame for the Fn/Globe key, and I’m not sure Apple knows either” [OSnews]

Every modifier key starts simple and humble, with a specific task and a nice matching name.

This never lasts. The tasks become larger and more convoluted, and the labels grow obsolete. Shift no longer shifts a carriage, Control doesn’t send control codes, Alt isn’t for alternate nerdy terminal functions.

Fn is the newest popular modifier key, and it feels we’re speedrunning it through all the challenges without having learned any of the lessons.
↫ Marcin Wichary

Grab a blanket, curl up on the couch with some coffee or tea, and enjoy.

Seattle City Attorney's Office Has Thousands More Backlogged Cases Than Originally Reported [The Stranger]

The city attorney’s office sees between 10,000 and 11,000 cases annually. “Knowing we have to not only focus on the stuff coming at us right now, but also tackle this ginormous, 5,100 case backlog is pretty devastating,” Evans says. Blame Damien, the office's old computer software. by Nathalie Graham

During Erika Evans’ first week on the job as the Seattle City Attorney, she told The Stranger that her predecessor, Ann Davison, left behind a backlog of around 1,300 cases. But upon closer examination, that number was wrong, Evans told The Stranger. The backlog is actually 5,100 cases.

That’s surprising, mostly because Davison, who took office in 2022, inherited her own 5,000 case backlog after the slow, stuttering pandemic-era. When she wasn’t prosecuting drug crimes, Davison spent her time clearing those cases. Mostly by dumping them. According to PubliCola, declining to file charges on 3,790 cases. It was a polarizing decision that cost people their day in court and a chance at justice. But it should’ve cleared the backlog. Apparently not?

Evans primarily blamed Damien, the office’s 27-year-old computer software from 1999. “It reminded me of the Oregon Trail video game,” Evans says. Green text, black screen, and no graphics. Got it. Last year, the office switched systems to JusticeNexus, a shiny new software.

“It was not a smooth transition,” Evans says. “A lot of attorneys felt it was really rushed.”

Criminal Division Chief Jenna Robert called the data transfer “a feat.” And the systems still aren’t fully migrated. Their computer system has to communicate with the Seattle Police Department’s system and the court system, which both use different languages. “It has not been seamless,” Robert says. “Our infractions unit is not integrated yet.” They’re logging infractions on a spreadsheet.

To a lesser extent, Davison’s office was also at fault. Shortly after Evans took office, her team discovered Davison’s office did not file Criminal Division quarterly reports in the third and fourth quarters of last year, which contain data from case filings and police referrals to the case backlog. Though there’s no penalty for it, the failure was a violation of city code, Evans says. Plus, Davison’s office apparently didn’t label about 1,000 of those with a category of crime, putting them in case limbo. Discovering all this actually led them to the primary culprit, Dusty Damien, and to understanding the scope of this mess: 5,100 languishing cases, 3,800 more than Evans thought.

Of those, 1,700 are domestic violence (DV) cases. Others concern elder abuse, child abuse, stalking, assault with sexual motivation, and the most serious cases under the city attorney’s jurisdiction: DUIs and those cases of domestic violence. Both have a two year statute of limitations. Most are from 2024 and 2025, so time is ticking to address them.

Time has run out on the oldest case, where someone who was required to blow into an interlock breathalyzer device before they drove, didn’t. A few animal control cases from 2023 cannot be tried either. “That is not doing justice on public safety,” Evans says.

“The ones that we're having the most difficulty with are the DUI cases,” Criminal Division Chief Robert says.

Current state law dictates that toxicology testing for DUIs must be done at the Washington State Patrol toxicology lab. But it has a 15,000 case backlog of its own. According to Alan Pyke, communications director for the city attorney’s office, Davison’s office didn’t consider DUI cases waiting for toxicology lab results as part of the backlog. Evans’ office does. Last month, she testified in Olympia in support of a bill that would allow private labs to take on some of those tests. It passed the Senate and the House and just needs Gov. Bob Ferguson’s signature

Her plan is to prioritize the most serious crimes in the backlog first, but not ahead of new cases.

“From a public safety standpoint,” Robert adds, “the cases that are of most concern are the cases that are happening right now.”

Robert says they’re pushing low level "nuisance crimes” like theft, criminal trespass, and drug possession to diversion programs rather than jury trials, which should grease the chute clogged by Davison’s prosecute-first-ask-questions-later method.

More significantly, Evans will be reorganizing the Criminal Division. She’s switching it to a “vertical prosecution method,” similar to how the Department of Justice is organized (that’s where Evans worked before it became Trump’s Department of Injustice). Currently, the Criminal Division is organized horizontally, meaning multiple teams end up handling one case.

The vertical method gives one prosecutor ownership of a case throughout its duration. Evans believes it will be more efficient and improve accountability. Under Davison, the city attorney’s office had a 60 percent dismissal rate—meaning more than half of filed cases were terminated by a judge or voluntarily dropped before reaching a verdict—something Evans considers “unacceptable.” “It's not fair to the suspects when you're charging just to beef up numbers and then it's ultimately a crap case that you were going to dump at some point,” Evans says.

The vertical method should help. She’ll roll it out across the division slowly, but will start with the domestic violence unit.

Back in 2022, Davison presented a similar plan for a similar 5,000 case problem—at least on the surface. She told KOMO News she would prioritize the backlog based on severity and was first and foremost on improving public safety. She also said she was going to “improve the processes” of the Criminal Division, except she only did that by implementing a “Close-in-Time filing” policy to speed up case filings. And, ultimately, she threw a bunch of cases away. Evans says she won’t be doing that.

“We're going to do our best to go through them,” Evans says. “We're not going to dump them.”

21:35

March 15 is the deadline to apply for LibreLocal funding [Planet GNU]

If you want funding for your meetup, apply before it's too late!

20:56

20:21

Unc Tier [Penny Arcade]

Because Gabriel does not share my Word Disease, depriving him of vital tools for living, the callow young were able to scourge him mostly unawares. In contrast, I'm lowkenuinely bricked up. Actually, hang on. I might have to do a couple searches.

20:07

Privacy's Defender: Launch Party in Berkeley [Deeplinks]

We're celebrating the launch of Privacy's Defender, a new book by EFF Executive Director Cindy Cohn on Thursday, March 12—and we want you to join us! Cindy has tangled with the feds, fought for your data security, and argued before judges to protect our access to science and knowledge on the internet. In Privacy's Defender she asks: can we still have private conversations if we live our lives online?

Join the festivities for a live conversation between Cindy Cohn and Annalee Newitz followed by a book signing with Cindy.

$20 General Admission for 1
$30 Discounted tickets for 2
$12.50 Student Ticket
All proceeds benefit EFF's mission.

Want your own copy of Privacy's Defender?
Save $10 when you preorder the book with your ticket purchase

WHEN:
Thursday, March 12th, 2026
6:30 pm to 9:30 pm

WHERE:
Ciel Creative Space
Entrance located at:
940 Parker St, Berkeley, CA 94710

6:30 PM Doors Open
7:15 PM Program Begins

About the book

Throughout her career, Cindy Cohn has been driven by a fundamental question: Can we still have private conversations if we live our lives online? Privacy’s Defender chronicles her thirty-year battle to protect our right to digital privacy and shows just how central this right is to all our other rights, including our ability to organize and make change in the world.

Shattering the hypermasculine myth that our digital reality was solely the work of a handful of charismatic tech founders, the author weaves her own personal story with the history of Crypto Wars, FBI gag orders, and the post-9/11 surveillance state. She describes how she became a seasoned leader in the early digital rights movement, as well as how this work serendipitously helped her discover her birth parents and find her life partner. Along the way, she also details the development of the Electronic Frontier Foundation, which she grew from a ragtag group of lawyers and hackers into one of the most powerful digital rights organizations in the world.

Part memoir and part legal history for the general reader, the book is a compelling testament to just how hard-won the privacy rights we now enjoy as tech users are, but also how crucial these rights are in our efforts to combat authoritarianism, grow democracy, and strengthen other human rights. Learn about the Privacy's Defender book tour.

Parking

Street parking is available around the building.

Accessibility

The main event space is wheelchair accessible, on concrete. Lively music will be playing, and the speakers will be using a microphone, so louder volumes are expected. EFF is committed to improving accessibility for our events. If you will be attending in-person and need accommodation, or have accessibility questions prior to the event, please contact events@eff.org.

Food and Drink

Wine & Beer will be available for purchase. Cellarmaker Brewing Co., located next door to Ciel Space, will be serving food until 8:00 pm.

Questions?

Email us at events@eff.org.

About the Speakers

Ms. Cohn has been named to TheNonProfitTimes 2020 Power & Influence TOP 50 list, honoring 2020's movers and shakers. In 2018, Forbes included Ms. Cohn as one of America's Top 50 Women in Tech. The National Law Journal named Ms. Cohn one of 100 most influential lawyers in America in 2013, noting: "[I]f Big Brother is watching, he better look out for Cindy Cohn." She was also named in 2006 for "rushing to the barricades wherever freedom and civil liberties are at stake online." In 2007 the National Law Journal named her one of the 50 most influential women lawyers in America. In 2010 the Intellectual Property Section of the State Bar of California awarded her its Intellectual Property Vanguard Award and in 2012 the Northern California Chapter of the Society of Professional Journalists awarded her the James Madison Freedom of Information Award.

Ms. Cohn is the author of the professional memoir, called Privacy's Defender to be published by MIT Press in March, 2026. She is also the co-host of EFF's award-winning podcast, How to Fix the Internet.

Annalee Newitz
Annalee Newitz writes science fiction and nonfiction. They are the author of four novels: Automatic Noodle, The Terraformers, The Future of Another Timeline, and Autonomous, which won the Lambda Literary Award. As a science journalist, they are the author of Stories Are Weapons: Psychological Warfare and the American Mind, Four Lost Cities: A Secret History of the Urban Age and Scatter, Adapt and Remember: How Humans Will Survive a Mass Extinction, which was a finalist for the LA Times Book Prize in science. They are a writer for the New York Times and elsewhere, and have a monthly column in New Scientist. They have published in The Washington Post, Slate, Scientific American, Ars Technica, The New Yorker, and Technology Review, among others. They were the co-host of the Hugo Award-winning podcast Our Opinions Are Correct, and have contributed to the public radio shows Science Friday, On the Media, KQED Forum, and Here and Now. Previously, they were the founder of io9, and served as the editor-in-chief of Gizmodo.

EFFecting Change: Privacy's Defender [Deeplinks]

Join EFF Executive Director Cindy Cohn in conversation with 404 Media Cofounder Jason Koebler to discuss Privacy's Defender: My Thirty-Year Fight Against Digital Surveillance, Cindy’s personal story of standing up to the Justice Department, taking on the NSA, and tangling with the FBI to protect our right to digital privacy. The highly anticipated book asks the fundamental question: Can we still have private conversations if we live our lives online? Join the livestream for a live discussion followed by by Q&A.

EFFecting Change Livestream Series:
Privacy's Defender
Thursday, March 19th
11:00 AM - 12:00 PM Pacific
This event is LIVE and FREE!

Accessibility

This event will be live-captioned and recorded. EFF is committed to improving accessibility for our events. If you have any accessibility questions regarding the event, please contact events@eff.org.

Event Expectations

EFF is dedicated to a harassment-free experience for everyone, and all participants are encouraged to view our full Event Expectations.

Upcoming Events

Want to make sure you don’t miss our next livestream? Here’s a link to sign up for updates about this series: eff.org/ECUpdates. If you have a friend or colleague that might be interested, please join the fight for your digital rights by this link: eff.org/EFFectingChange. Thank you for helping EFF spread the word about privacy and free expression online.

Recording

We hope you and your friends can join us live! If you can't make it, we’ll post the recording afterward on YouTube and the Internet Archive!

About the Speakers

Cindy Cohn
Cindy Cohn is the Executive Director of the Electronic Frontier Foundation. From 2000-2015 she served as EFF’s Legal Director as well as its General Counsel. Ms. Cohn first became involved with EFF in 1993, when EFF asked her to serve as the outside lead attorney in Bernstein v. Dept. of Justice, the successful First Amendment challenge to the U.S. export restrictions on cryptography. Ms. Cohn has been named to TheNonProfitTimes 2020 Power & Influence TOP 50 list, honoring 2020's movers and shakers. In 2018, Forbes included Ms. Cohn as one of America's Top 50 Women in Tech. The National Law Journal named Ms. Cohn one of 100 most influential lawyers in America in 2013, noting: "[I]f Big Brother is watching, he better look out for Cindy Cohn." She was also named in 2006 for "rushing to the barricades wherever freedom and civil liberties are at stake online." In 2007 the National Law Journal named her one of the 50 most influential women lawyers in America. In 2010 the Intellectual Property Section of the State Bar of California awarded her its Intellectual Property Vanguard Award and in 2012 the Northern California Chapter of the Society of Professional Journalists awarded her the James Madison Freedom of Information Award.

Jason Koebler
Jason Koebler is a cofounder of 404 Media, a journalist-owned investigative tech publication. He reports on surveillance and privacy, the ways that artificial intelligence is changing the internet, labor, and society, and consumer rights. Before 404 Media, he was the editor-in-chief of Motherboard, VICE's technology publication and an executive producer on Encounters, a Netflix documentary about the search for alien life.

18:35

The fine print giveth and the bold print taketh away: The countdown timer [The Old New Thing]

Some time ago, I was purchasing online tickets to an event. When I got to the end of the checkout flow, I got this:

Your seats will be held for only a limited time. If you do not complete your transaction in time, your seats will be released.

Time remaining: 3210:00595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100¹

You must accept the following terms to complete the purchase.

☐ I agree to the Purchase Terms
☐ I agree to the Terms and Conditions
☐ I agree to the Payment Terms

Complete purchase

The countdown timer gives me only three minutes to read the Purchase Terms, Terms and Conditions (which in turn incorporates by reference the Privacy Policy and Supplemental Terms), and Payment Terms. Given that these documents add up to several thousand words, I think I have a case for claiming that the terms are unenforceable.

¹ I wonder how many people stuck around to watch the clock count all the way down. There is no Easter Egg, sorry.

~~The post The fine print giveth and the bold print taketh away: The countdown timer appeared first on The Old New Thing.~~

17:49

Learning to read C++ compiler errors: Ambiguous overloaded operator [The Old New Thing]

A customer was adding a feature to an old C++ code base, and the most convenient way to consume the feature was to use C++/WinRT. However, once they added C++/WinRT to their project, they ran into compiler errors in parts of their code that hadn’t changed in decades. As an added wrinkle, the problem occurred only in 32-bit builds.

std::ostream& operator<<(ostream& os, LARGE_INTEGER const& value)
{
    return os << value.QuadPart; // ← error
}

The error complained that the << operator was ambiguous.

contoso.cpp(3141) : error C2593: 'operator <<' is ambiguous
ostream(436): note: could be 'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(long double)'
ostream(418): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(double)'
ostream(400): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(float)'
ostream(382): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(unsigned __int64)'
ostream(364): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(__int64)'
ostream(346): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(unsigned long)'
ostream(328): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(long)'
ostream(309): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(unsigned int)'
ostream(283): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(int)'
ostream(264): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(unsigned short)'
ostream(230): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(short)'
ostream(212): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::basic_ostream<char,std::char_traits<char>>::operator <<(bool)'
contoso.h(1554): note: or       'std::ostream &operator <<(std::ostream &,const unsigned __int64 &)'
contoso.h(1548): note: or       'std::ostream &operator <<(std::ostream &,const __int64 &)'
ostream(953): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::operator <<<std::char_traits<char>>(std::basic_ostream<char,std::char_traits<char>> &,unsigned char)'
ostream(942): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::operator <<<std::char_traits<char>>(std::basic_ostream<char,std::char_traits<char>> &,signed char)'
ostream(819): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::operator <<<std::char_traits<char>>(std::basic_ostream<char,std::char_traits<char>> &,char)'
ostream(738): note: or       'std::basic_ostream<char,std::char_traits<char>> &std::operator <<<char,std::char_traits<char>>(std::basic_ostream<char,std::char_traits<char>> &,char)'
contoso.cpp(1582): note: while trying to match the argument list '(std::ostream, LONGLONG)'

All of these are different overloads of std::ostream& std::ostream::operator<<(something) or std::ostream& operator<<(std::ostream&, something), so let’s remove all the repeated stuff to make it easier to see what we are up against.

ostream(436): long double
ostream(418): double
ostream(400): float
ostream(382): unsigned __int64
ostream(364): __int64
ostream(346): unsigned long
ostream(328): long
ostream(309): unsigned int
ostream(283): int
ostream(264): unsigned short
ostream(230): short
ostream(212): bool
contoso.h(1554): const unsigned __int64 &
contoso.h(1548): const __int64 &
ostream(953): unsigned char
ostream(942): signed char
ostream(819): char
ostream(738): char

From the code, we see that the intention is to use the insertion operator that takes a signed 64-bit integer, so let’s filter down to those.

ostream(364): __int64
contoso.h(1548): const __int64 &

Aha, now we see the conflict. The C++ standard library (<ostream>) has defined an output inserter for __int64, and the customer has defined an output inserter for const __int64&, so the compiler can’t choose between them.

The compiler kindly provided line numbers, so we can look at the conflict introduced by contoso.h.

#if !defined(_WIN64) && !defined(_STL70_) && !defined(_STL110_)

// These are already defined in STL
std::ostream& operator<<(std::ostream&, const __int64& );
std::ostream& operator<<(ostd::stream&, const unsigned __int64& );

#endif /* _WIN64 _STL70_ _STL110_ */

Okay, well the !defined(_WIN64) explains why this problem occurs only in 32-bit builds: The conflicting definition is #if‘d out in 64-bit builds.

The rest of the #if expression removes the conflicting definition for STL versions 7.0 and 11.0. So what happened to reactivate this code path?

Adding C++/WinRT to the project.

C++/WinRT requires C++17 or later, which means that the project had to bump its compiler version, and that pushed the STL version to 12.0. And their custom #if doesn’t handle that case.

I went back through the project history, and saw that about five years ago, the line was just

#if !defined(_WIN64) && !defined(_STL70_)

So I’m guessing that at some point in the past five years, they upgraded their compiler version, and they ran into this exact problem, and they realized, “Oh, we need to suppress this for STL 11.0, too,” and they added the !defined(_STL110_).

History repeats itself.

One solution is to put another layer of duct tape on it.

#if !defined(_WIN64) && !defined(_STL70_) && !defined(_STL110_) && !defined(_STL120_)

Of course, this just means that in another five years, when they decide to upgrade to C++30, this problem will come back and somebody will have to add yet another layer of duct tape.

So they could choose something that is a bit more forward-compatible:

#if !defined(_WIN64) && !defined(_STL70_) && !defined(_STL110_) && __cplusplus < 201700

Or they could just delete the entire block. I doubt they are going to roll their compiler back to C++03.

The post Learning to read C++ compiler errors: Ambiguous overloaded operator appeared first on The Old New Thing.

MenuetOS 1.59.20 released [OSnews]

MenuetOS, the operating system written in x86-64 assembly, has released two new versions since we last talked about it roughly two months ago. In fact, I’m not actually sure it’s just two, or more, or fewer, since it seems sometimes releases disappear entirely from the changelog, making things a bit unclear. Anyway, since the last time we talked about MenuetOS, it got improvements to videocalling, networking, and HDA audio drivers, and a few other small tidbits.

Stranger Suggests: Dark-as-Fuck Pop Music, a Horror Film in Pastel Colors, and a Primal Trip Out of Our National Political Nightmare [The Stranger]

One really great thing to do every day of the week. by Audrey Vann MONDAY 3/9

Richard Hell

(BOOKS) In his 2005 novel Godlike, punk pioneer Richard Hell reimagines the tumultuous relationship between 19th-century French poets Arthur Rimbaud and Paul Verlaine in 1970s New York. Hell’s adaptation follows esteemed poet Paul Vaughn, a married 27-year-old New Yorker, and a newly transplanted teenage poet, R.T. Wode, as they embark on a messy affair full of acid trips, crashed parties, and unrequited love. The book is getting a snazzy rerelease from NYRB (the Criterion Collection of the book world), and Hell will be there in the flesh to discuss the book and maybe even sign a few (if we’re lucky). (Elliott Bay Book Company, 7 pm, free) AUDREY VANN

TUESDAY 3/10

Indigo De Souza, Mothé

(MUSIC) Indigo De Souza’s music has always dealt with different kinds of death; her layered vocals revel in the ownership of personal missteps that echo as communal failings and social death. Last summer’s Precipice is no different in tone, from the consistently awesome skeletons-with-boobs album artwork to the edge-of-existence conceit. A main marker of evolution has been the embrace of electronic pop production over the crunchy Lucy Dacus–esque guitar ballads of albums past, which she has confirmed to be a purposeful choice, even excitedly. To this, I cannot give a more heartfelt endorsement, to the contrary of Pitchfork’s Robins-Somerville review. Even the album’s most Taylor Swift–ian of tracks are dark as fuck, and I can’t imagine a better, more worthy philosophical mind fuck to jam the pop algorithms. (Showbox, 8 pm, all ages) TODD HAMM

WEDNESDAY 3/11

Cochemea, Jungle Fire

CHRISTOPHER BALIWAS

(MUSIC) The Daptone label's most out-there act, saxophonist/flautist/bass clarinetist Cochemea creates humid, psychedelic roots music that vibrates in its own lane. Before the Yaqui/Yoeme artist went solo, he played sax for Sharon Jones & the Dap-Kings and worked with Quincy Jones, Amy Winehouse, Archie Shepp, and others. However, Cochemea's own recordings skew more toward Budos Band and Antibalas, of whose touring bands he was a member. On his 2010 debut LP, The Electric Sound of Johnny Arrow, Cochemea fused spiritual jazz, funk, and boogaloo into gripping sonic panoramas. His next three albums broadened the palette to include cumbia, Moroccan gnawa, blues, and his ancestral Indigenous music. Tangy percussive timbres—Asian Indian and Latin American drums figure heavily—combined with Cochemea's electrified sax and chants from his tribe result in songs that sound at once ancient and otherworldly. This show promises, if only briefly, a primal trip out of our national political nightmare. (Sunset Tavern, 8 pm, 21+) DAVE SEGAL

THURSDAY 3/12

Mt Fog, Iroiro, DJ Martin Douglas

(MUSIC) If a Washington rainforest started a band, it would sound something like Mt Fog—Carolyn B.’s playful whispers are like a sprite luring you into a mossy forest. The percussion, like raindrops plopping into a mushroom. And the electronics, like a ray of light shimmering through the trees. The Seattle-based trio whimsically marries the vocal stylings of Kate Bush, Björk, and Siouxsie Sioux with sparse electronics, evocative of CAN and Mort Garson. They will celebrate the release of their new album, Every Stone Is Green, which they describe as a “Gothic tale (in the Brontë sisters' sense) about finding happiness, which is human-ness.” They will be joined by the psychedelic instrumental band Iroiro and music journalist/DJ Martin Douglas. Read more about the making of the new album in our interview with Mt Fog. (Tractor Tavern, 8 pm, 21+) AUDREY VANN

FRIDAY 3/13

MARTHA TESEMA

Scott Broker with Mattilda Bernstein Sycamore

(BOOKS) Scott Broker’s first novel, The Disappointment, starts where so many stories do: a man trying to sneak his mother’s ashes into his suitcase without his husband noticing. The book is described as a surrealist vacation through this couple’s desperate, disconnected trip to the Oregon Coast. And no one could be better to interview him than Seattle’s own Mattilda Bernstein Sycamore (who recently released Terry Dactyl, if you somehow haven’t gotten your hands on it yet). The conversation promises to be brilliant, funny, and very, very queer. (Elliott Bay Book Company, 7 pm, free) HANNAH MURPHY WINTER

SATURDAY 3/14

Eric-Paul Riege: ‘ojo|-|ólǫ́’

JULIA FEATHERINGILL

(VISUAL ART) The soft sculptures of Eric-Paul Riege aren’t quiet objects—their presence inscribed in space is monolithic and monumental, and when brought to life through movement, they become instruments of sound. Riege, who is Diné, has built a practice of collaging and reworking elements drawn from Navajo weaving and jewelry-making traditions, ultimately constructing large-scale, hanging installations that sway, ripple, and jingle when touched. For this exhibit—his largest solo show to date—Riege researched collections of Navajo artifacts held by Brown University’s Haffenreffer Museum of Anthropology and the University of Washington’s Burke Museum of Natural History and Culture. What emerged is an immersive environment that envelops the viewer while quietly unsettling institutional narratives of Indigenous culture. (Henry Art Gallery) AMANDA MANITACH

SUNDAY 3/15

Safe

(FILM) Todd Haynes’s Safe is a horror movie cloaked in pastel colors, plastic tarps, and unsettling silence. Julianne Moore, the master of tension and nuance, plays Los Angeles housewife Carol White, who comes down with a debilitating illness that doctors cannot diagnose. After becoming self-convinced that the illness is caused by extreme environmental allergies, White flees to a retreat in New Mexico led by a New Age guru. Perhaps the most fascinating element of this film is the numerous ways it can be interpreted: a critique of suffocating suburban life, an allegory for the queer experience, a metaphor for the AIDS crisis, or a commentary on self-help culture—the more time that passes since its release, the richer the text gets. Don’t miss the chance to see it on the big screen this month for its 30th anniversary. (NW Film Forum, 4 pm) AUDREY VANN

Slog AM: We’re Still at War, Homicides Are Down in King County, and Gas Prices are Up (Way Up) [The Stranger]

The Stranger's morning news roundup. by Hannah Murphy Winter

Good morning! It’s the first Monday of daylight savings, which means we all had a weird night’s sleep. And the weather’s no help. After a soggy weekend, the weather report promises a whole lot of the same. We’re getting rain all week, with a chance of wintery mix in the mornings.

Let’s do the news.

We’re Still at War: After US–Israeli strikes killed Ayatollah Ali Khamenei, the country has named one of his sons, Mojtaba Khamenei, the nation’s new leader. According to the New York Times, he’s relatively unknown, but has been a shadowy, influential figure in Iran’s government, coordinating military and intelligence operations at his father’s office. He was considered the Islamic Revolutionary Guards’ favorite candidate for the role, but no one asked Trump how he felt about it. Before the news was announced, Trump told ABC News that a new leader “is not going to last long” without his approval. He is two-for-two when it comes to violently unseating world leaders.

Death Toll: The United Nations has estimated that more than 1,300 people have been killed in Iran since the war began. More than 300 people have been killed in Israeli strikes on Lebanon. In Israel, at least 12 people have been killed, and seven US military personnel have died.

Pressure at the Pump: Unsurprisingly, starting a war in the region that provides a third of the world’s oil caused gas prices to go through the roof. This weekend, for the first time in four years, the cost of a barrel of oil broke $100. Here in Washington, prices are up more than a quarter a gallon. According to Trump, though, we just have to trust his process. “Short term oil prices, which will drop rapidly when the destruction of the Iran nuclear threat is over, is a very small price to pay for U.S.A., and World, Safety and Peace,” Trump said on Truth Social. “ONLY FOOLS WOULD THINK DIFFERENTLY.” Call me a fool.

Speaking of Fools: Trump is still trying to steal an election. He knows the GOP could lose big in November, so he’s continuing his push to “nationalize” elections to fight his non-existent widespread voter fraud. According to the New York Times, he’s likely to target Michigan, Georgia, North Carolina, and Arizona—all swing states where Republicans are already actively pushing Trump’s conspiracy theory.

Wonder Twins, Activate! What happens when you combine DOGE and AI? The National Endowment for the Humanities found out. According to court documents acquired by the New York Times, DOGE employees assessed their grants by asking ChatGPT: “Does the following relate at all to D.E.I.? Respond factually in less than 120 characters. Begin with ‘Yes’ or ‘No.’” The “yeses” included: building improvements at an Indigenous languages archive in Alaska, the digitization of Black newspapers, and a 40-volume series on the history of American music.

Some Good News: Violent crime is down in King County. In 2025, homicides didn’t break into the triple digits for the first time since the pandemic. It’s the second year in a row that we’ve seen fewer homicides than the year before, and fewer overall shootings. Go team!

More Good News: We’ve also seen a dip in ICE arrests in the last month, nationwide. According to government sources who spoke to the New York Times, immigration agents have moved away from their violent, indiscriminate street sweeps, and focused on more targeted enforcement operations. They still arrested more than 1,000 people in February, and it’s still dramatically more than when Trump first took office, but it’s an undeniable shift.

Women Marched: Yesterday was International Women’s Day, and the return of the Women’s March. By the Seattle Times’ estimate, about 300 people showed up at Cal Anderson Park to hear scheduled speakers (including Councilmember Alexis Mercedes Rinck and City Attorney Erika Evans) talk about ICE, the war in Iran, and Trump’s other misdeeds, see the now-traditional Handmaid outfits, and watch one person bop around in an inflatable Chicken costume. (Wanna make sure you know about other protests and demonstrations before they happen? Keep an eye on our Where to Scream column.)

Pity the Millionaires: State Dems have finally come up with a version of the Millionaires Tax that made Governor Ferguson happy, and as we head into the last week of the legislative session, it looks like he’ll actually sign the bill when it hits his desk. But what happens next? It’s all but guaranteed to be challenged in the courts, thanks to a 1930s ruling in our state Supreme Court, which decided that, according to our state constitution, income is property. (Property has to be taxed at a “uniform” rate, meaning that we could only have a “flat” income tax.) A lot of supporters think that precedent deserves another looksee.

Fleet Flop: Washington is watery. And our state is finally recognizing that we should consider using those waterways to, ya know, move people. The state legislature is considering the Mosquito Fleet Act, a bill that would allow waterfront cities to create their own ferry systems, but after passing the State House with a resounding 84-11 vote, the new version in the Senate poked a bunch of seemingly unnecessary holes in the hull. According to the Urbanist, the new version requires that new passenger-ferry districts only use zero-emission boats made in Washington State, bans all state funding for passenger ferry districts starting in just two years, and requires that passenger ferry districts not overlap, which means cities wouldn’t be able to coordinate with each other on these ferry routes. Just give us the boats!

Looking for something to do tonight? Stranger contributor Meg van Huygen knows a spot. The No Call No Show popup is back tonight, with themed craft cocktails and snacks “concocted by a group of fine-dining creative weirdos.” Your hosts will be Kamonegi’s Chef Mutsuko Soma, Matt Pachmayr from Le Coin, and the mononymous Quan from the Sake Noire pop-up.

Hannah Sabio-Howell Is Challenging Sen. Jamie Pedersen in the 43rd District [The Stranger]

A rain-soaked Hannah Sabio-Howell and I were at Gemini Room in Capitol Hill, ordering coffee and talking about breakfast sandwiches in Seattle. The few, the expensive, and the far away. The small, cheesy signifier that the neighborhood could be a better place if only our zoning laws allowed for more storefronts.

Recently communications director for Working Washington, a workers rights nonprofit that backed the $15 minimum wage and fought to keep gig worker minimum pay in Seattle, 29-year-old Sabio-Howell believes if we tried, we could have breakfast sandwiches on every block, and more substantive things like a statewide version of Social Housing, denser housing, and expanded paid parental leave as a first step toward universal childcare. But who is keeping us from this utopian future? None other than Majority Leader Sen. Jamie Pedersen (D-Seattle), sponsor of this year’s millionaires’ tax. For that, she wants his seat.

Sabio-Howell’s pitch is this: Sen. Pedersen is quick to concede to big business before the politicking has even begun, and a corporate-friendly incrementalist like him had no business representing a district of progressive renters like the 43rd. He’s progressive for a leader in the party, sure. But she argues that she’s a far better representative for the people who live in the 43rd District and a reliable vote for the major economic and taxation issues that are facing the state. She’s betting that makes him vulnerable enough to lose, even as a leader of the party. (She has insight there—in addition to her time in the state Senate, Sabio-Howell was chair of the Urbanist’s elections committee).

“He’s going to try to brand himself as effective because he is a deal maker,” Sabio-Howell says. “I think that approach to leadership is actually more of a deal broker, not someone who is actually driving the outcome. I think it’s giving things away before we need to give them away. Our district is too visionary and vibrant.”

Sabio-Howell was born in St. Louis, Missouri and spent most of her childhood in Wheaton, a an conservative, affluent suburb on the rim of Chicago, famous for a protestant college that lifted a Civil War-era ban on dancing in 2003.

Wheaton’s conservative vibes did not rub off on the daughter of two school teachers (and one Filipino immigrant, her mother), lifelong Democrats who preached that government existed to improve our lives.

She organized for immigration reform at Whitworth University, a Presbyterian university in Spokane. An internship at the State Legislature led to her first job out of college as the legislative aide with a surprising political mentor, the centrist Rep. Larry Springer, who represents some of the wealthiest towns of East King County, and later a communications job for the Senate Democratic Caucus.

Every year, Rep. Springer and his wife, former Kirkland Mayor Penny Sweet, host a Christmas dinner with his current and former legislative aides. This year, other aides “grilled” Sabio-Howell on her run. “I came away, I told Penny, she’s done her homework.” Politically, Sabio-Howell is far left of Springer. But he taught her the same lesson he teaches all of his legislative assistants, he said. The stuff that lasts the test of time is “not solely crafted by one end of the spectrum.”

“I think what she learned from me is, speak to both sides and craft something that works, not something that feels good,” he said. “The other part is, of course, your enemy today is your ally tomorrow.”

Over coffee, it was clear she’d taken that lesson to heart. I’d heard Sabio-Howell’s platform from first-time progressive candidates before. Affordable housing and childcare, investments in working families, and taxes on the rich to pay for it all. The floundering usually begins when you ask “how.” She didn’t give me specific solutions either, but instead of trying to make them up on the spot, she pitched an alternative viewpoint: Good policy only comes through consensus, and we can't start our politicking with business-friendly concessions. We want to give both the working class and the puffer jacketed types with enough money to tax something to actually believe in.

“Standing 10 toes down on your values to be clear about what you are…and what would get you to a “yes” or get you to a “no,” these are essential to an approach that equals effective policy making,” she says. It helps that she’s convincing and “damn nice,” says Rep. Springer. (If you disagree on something, you’ll agree and “love her” by the time she’s done analyzing it for you, he says.) State senator turned Congresswoman Emily Randall (WA-6), who doesn’t endorse in King County races, says Pedersen has done a great job as majority leader, but also called Sabio-Howell her “forever communications and strategy partner,” who helped her hone her voice on difficult issues in a swing district.

A better way is possible, she says. Her platform points to plentiful housing in Austin, Texas, and Jersey City, New Jersey, and New Mexico’s new universal childcare program. None of her examples are perfect comparisons to Washington, of course. Austin sprawls in a state with a lower cost of living and fewer land-use regulations; Jersey City recently saw a surge in construction, and rent is falling after years of hikes, but the city still doesn’t have the housing it needs; New Mexico, a state with an income tax, is struggling to fund universal childcare without taking from the state’s general fund. (She also wasn’t sure what state or local policies in Jersey City and Austin made housing more attainable). The point is that it’s possible, she says. We’re not breaking new ground with these ideas.

“Is it possible in our vibrant, visionary, record-breakingly progressive district to present a new type of Democratic leadership, and to say we are aware that politics as usual, status quo-governing pro-corporation Democrats are not delivering on the things that we have reaffirmed over and over again,” she says. “I want to basically say to people in our community, choose your fighter.” (Some already have—according to her political consultant, Stephen Paolini, Sabio-Howell has raised about $30,000 from about 100 friends, family, activists, and colleagues.)

Reached by phone on a rainy drive home from Olympia Friday night, Sen. Pedersen says he found the critique that he’s not progressive enough “somewhat surprising.”

In 2006, the summer he ran for House, Pedersen was “single-minded” on equality. A gay lawyer on the board of Lambda Legal, Pedersen had taken depositions for Andersen v. Sims (later Andersen v. King County), the organization’s challenge to the state ban on gay marriage. Lambda won the case in King County Superior Court, but lost in 5-4 State Supreme Court ruling.

Determined, Pedersen worked with Ed Murray, the once State Senator and since-disgraced Mayor of Seattle, on securing the 425 rights and obligations that depended on marital status in Washington. They co-sponsored three domestic partnership bills. The first gave domestic partners basic rights like hospital visitation and inheritance. The second added them to laws about probate and trust, community property and guardianship. The third swept the rest into an “everything but marriage” law that survived Referendum 71, the conservative attempt to repeal it. After Gov. Christine Gregoire requested a marriage bill in the twilight of her second term, Pedersen whipped support in the House.

But it’s been 14 years since Gregoire signed marriage equality into law. The world, and the definition of progressive, has, well, progressed. Pedersen’s big social wins like gay rights, limited gun control, gun violence prevention, the decertification of bad cops and other police accountability measures, weren’t all safe when he backed them, but don’t seem so radical now.

Heading into his sixth election, Pedersen has the support of big corporations, the same corporations that the state needs to tax to have a functioning budget. A third of Pedersen’s $187,000 warchest comes from business, including BNSF, timber company Weyerhaeuser, Amazon, Kroger, (my enemies at) Regence Blue Shield, Eli Lilly, Microsoft, (piss bottlers) Anheuser Busch, AirBnB, Pfizer, burger merchants at McDonalds, and more.

Do they own him? “No,” said House Speaker Rep. Laurie Jinkins, followed by a somewhat tense silence, because of course money in politics matters.

As for Pedersen being Mr. Incremental, “Olympia is generally an incremental place with transformative moments,” she says. “It is fairly pointless to pass transformative legislation only to have voters repeal it.” Twenty-six US states allow for initiatives and referendums, most West of Missouri. It’s a blessing and a curse, particularly with anti-tax wraiths like Brian Heywood and Tim Eyman around.

For years, Washington couldn’t pass a tax or even fix a tax loophole without a two-thirds supermajority in both houses because of one of Eyman’s initiatives. (To sum up Jinkins’ history of that time, it sucked—we were at the tailend of the recession, broke, and cutting programs left and right) But in 2013, the State Supreme Court smacked it down as unconstitutional. Why? Sen. Pedersen and Rep. Jinkins crafted a legal weapon, a bill to fix a tax loophole, specifically designed to go to court, she says.

“I could not have done that without Jamie’s help,” Jinkins says. “He’s the one who understood the process … Had we not done that, we would not have gotten Cap Gains,” a nine-year slog of its own. Or the millionaire’s tax, which is almost certain to go before the voters and to court.

“I’m not going to argue it’s bigger than marriage equality,” says Jinkins, who is gay and could if she wanted. “But it’s been our tax structure for 100 years. This bill is so important.”

And so not enough, Sabio-Howell says. As she wrote in a Stranger op-ed with Fatema Boxwala and Oliver Miska last month, big business is being given a big break. From the jump, Pedersen presented the bill with these carveouts, pissing off half the party in the process.

Again, she thinks we can do more. Pedersen says he spends time on things he thinks will be efficient. Therein lies the tension. Does the 43rd want to hold onto an incumbent who is a proven leader in the party, but whose politics have not kept pace with this constituency? Or are they willing to switch up party leadership for someone who’s more aligned with what progressives want now?

17:07

Pluralistic: Billionaires are a danger to themselves and (especially) us (09 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

Billionaires are a danger to themselves and (especially) us: A billionaire is a machine for producing policy failures at scale.
Hey look at this: Delights to delectate.
Object permanence: Librarians Against DRM; Copyright maximalist MP is a pirate; "The Monster"; The perversity of self-destructing ebooks; Space opera cliches; Social software politics; Game in a browser's location bar; Map of sf/f; Group chat sucks; Jeep hack; Gandersauce.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

Billionaires are a danger to themselves and (especially) us (permalink)

Even if rich people were no more likely to believe stupid shit than you or me, it would still be a problem. After all, I believe in my share of stupid shit (and if you think that none of the shit you believe in is stupid, then I'm afraid we've just identified at least one kind of stupid shit you believe in).

The problem isn't whether rich people believe stupid shit; it's the fact that when a rich person believes something stupid, that belief can turn into torment for dozens, thousands, or millions of people.

Here's a historical example that I think about a lot. In 1928, Henry Ford got worried about the rubber supply chain. All the world's rubber came from plantations in countries that he had limited leverage over and he was worried that these countries could kneecap his operation by cutting off the supply. So Ford decided he would start cultivating rubber in the Brazilian jungles, judging that Brazil's politicians were biddable, bribeable or bludgeonable and thus not a risk.

Ford took over a large area of old-growth jungle in Brazil and decreed that a town be built there. But not just any town: Ford decreed that the town of Fordlandia would be a replica of Dearborn, the company town he controlled in Michigan. Now, leaving aside the colonialism and other ethical considerations, there are plenty of practical reasons not to replicate Dearborn, MI on the banks of the Rio Tapajós.

For one thing, Brazil is in the southern hemisphere, and Dearborn is in the northern hemisphere. The prefab houses that Ford ordered for Fordlandia had windows optimized for southern exposure, which is the normal way of designing a dwelling in the northern hemisphere. In the southern hemisphere, you try and put your windows on the other side of the building.

Ford's architects told him this, and proposed having the factory flip the houses' orientation. But Ford was adamant: he'd had a vision for a replica of his beloved Dearborn plunked down smack in the middle of the Amazon jungle, and by God, that was what he would get:

https://memex.craphound.com/2010/06/02/fordlandia-novelistic-history-of-henry-fords-doomed-midwestern-town-in-the-amazon-jungle/

Fordlandia was a catastrophe for so many reasons, and the windows are just a little footnote, but it's a detail that really stuck with me because it's just so stupid. Ford was a vicious antisemite, a bigot, a union-buster and an all-round piece of shit, but also, he believed that his opinions trumped the axial tilt of the planet Earth.

In other words, Henry Ford wasn't merely evil – he was also periodically as thick as pigshit. Ford's cherished stupidities didn't just affect him, they also meant that a whole city full of people in the Amazon had windows facing the wrong direction. Like I said, I sometimes believe stupid things, but those stupid things aren't consequential the way that rich people's cherished stupidities are.

This would be bad enough if rich people were no more prone to stupid beliefs than the rest of us, but it's actually worse than that. When I believe something stupid, it tends to get me in trouble, which means that (at least some of the time), I get to learn from my mistakes. But if you're a rich person, you can surround yourself with people who will tell you that you are right even when you are so wrong, with the result that you get progressively more wrong, until you literally kill yourself:

https://www.scientificamerican.com/article/alternative-medicine-extend-abbreviate-steve-jobs-life/

A rich person could surround themselves with people who tell them that they're being stupid, but in practice, this almost never happens. After all, the prime advantage to accumulating as much money as possible is freedom from having to listen to other people. The richer you are, the fewer people there are who can thwart your will. Get rich enough and you can be found guilty of 34 felonies and still become President of the United States of America.

But wait, it gets even worse! Hurting other people is often a great way to get even more rich. So the richer you get, the more insulated you are from consequences for hurting other people, and the more you hurt other people, the richer you get.

What a world! The people whose wrong beliefs have the widest blast-radius and inflict the most collateral damage also have the fewest sources of external discipline that help them improve their beliefs, and often, that collateral damage is a feature, not a bug.

Billionaires are a danger to themselves and (especially) to the rest of us. They are wronger than the median person, and the consequences of their wrongness are exponentially worse than the consequences of the median person's mistake.

This has been on my mind lately because of a very local phenomenon.

I live around the corner from Burbank airport, a great little regional airport on the edge of Hollywood. It was never brought up to code, so the gates are really close together, which means the planes park really close together, and there's no room for jetways, so they park right up against the terminal. The ground crews wheel staircase/ramps to both the front and back of the plane. That means that you can walk the entire length of the terminal in about five minutes, and boarding and debarking takes less than half the time of any other airport. Sure, if one of those planes ever catches fire, every other plane is gonna go boom, and everyone in the terminal is toast, but my sofa-to-gate time is like 15 minutes.

Best of all, Burbank is a Southwest hub. When we moved here a decade ago, this was great. Southwest, after all, has free bag-check, open seating, a great app, friendly crews, and a generous policy for canceling or changing reservations.

If you fly in the US, you know what's coming next. In 2024, a hedge fund called Elliott Investment Management acquired an 11% stake in SWA, forced a boardroom coup that saw it replace five of the company's six directors, and then instituted a top to bottom change in airline policies. The company eliminated literally everything that Southwest fliers loved about the airline, from the free bags to the open seating:

https://www.reddit.com/r/SouthwestAirlines/comments/1ji79zt/elliott_management_is_dismantling_everything/

The airline went from being the least enshittified airline in America to the most. Southwest is now worse than Spirit airlines – no, really. Southwest doesn't just merely charge for seat selection, but if you refuse to pay for seat selection, they preferentially place you in a middle seat even on a half-empty flight, as a way of pressuring you to pay the sky-high junk fee for seat selection:

https://www.reddit.com/r/SouthwestAirlines/comments/1rd2g0k/ngl_thought_yall_were_joking/

Obviously, passengers who are given middle seats (and the passengers around them, who paid for window or aisle seats) don't like this, so they try to change seats. So SWA now makes its flight attendants order passengers not to switch seats, and they've resorted to making up nonsense about "weight balancing":

https://www.reddit.com/r/SouthwestAirlines/comments/1roz1bg/you_can_change_to_an_empty_seatbut_only_until_we/

Even without junk fees, Southwest's fares are now higher than their rivals. I'm flying to San Francisco tomorrow to host EFF executive director Cindy Cohn's book launch at City Lights:

https://citylights.com/events/cindy-cohn-launch-party-for-privacys-defender/

Normally, I would have just booked a SWA flight from Burbank to SFO or Oakland (which gets less fog and is more reliable). But the SWA fare – even without junk fees – was higher than a United ticket out of the same airport, even including a checked bag, seat selection, etc. Southwest is genuinely worse than Spirit now: not only does it have worse policies (forcing occupancy of middle seats!), and more frustrated, angrier flight crew (flight attendants are palpably sick of arguing with passengers), but SWA is now more expensive than United!

All of this is the fault of one billionaire: Elliott Investment Management CEO Paul Singer, one of America's most guillotineable plutes. This one guy personally enshittified Southwest Airlines, along with many other businesses in America and abroad. Because of this one guy, millions of people are made miserable every single day. Singer flogged off his shares and made a tidy profit. He's long gone. But SWA will never recover, and every day until its collapse, millions of passengers and flight attendants will have a shitty day because of this one guy:

https://www.wfaa.com/article/money/business/southwest-airlines-activist-investor-elliott-lower-ownership-stake/287-470b5131-ef1a-4648-a8ec-4cc017f7914c

Even if Paul Singer were no more prone to ethical missteps than you or me, the fact that he is morbidly wealthy means that his ethical blind spots leave behind a trail of wreckage that rivals a comet. And of course, being as rich as Paul Singer inflicts a lasting neurological injury that makes you incapable of understanding how wrong you are, which means that Paul Singer is doubly dangerous.

Billionaires aren't just a danger when they're trying to make money, either. One of the arguments in favor of billionaires is that sometimes, the "good" billionaires take up charitable causes. But even here, billionaires can cause sweeping harm. Take Bill Gates, whose charitable projects include waging war on the public education system, seeking to replace public schools with charter schools.

Gates has no background in education, but he spent millions on this project. He is one of the main reasons that poor communities around the country have been pressured to shutter their public schools and replace them with weakly regulated, extractive charters:

https://apnews.com/article/92dc914dd97c487a9b9aa4b006909a8c

This was a catastrophe. A single billionaire dilettante's cherished stupidity wrecked the educational chances of a generation of kids:

https://dissidentvoice.org/2026/03/free-market-charter-schools-wreak-havoc-in-michigan/

Gates was a prep-school kid, so it's weird for him to have forceful views about a public education system he never experienced. In reality, it's not so much that Gates has forceful views about schools – rather, he has forceful views about teachers' unions, which he wishes to see abolished. Gates is one of America's most vicious union-busters:

https://teamster.org/2019/10/teamsters-union-and-allies-protest-bill-gates-and-cambridge-union-society/

Gates's ideology permeates all of his charitable work. We all know about Gates's work on public health, but less well known is the role that Gates has played in blocking poor countries from exercising their rights under the WTO to override drug patents in times of emergency. In the 2000s, the Gates Foundation blocked South Africa from procuring the anti-retroviral AIDS drugs it was entitled to under the WTO's TRIPS agreement. The Gates Foundation blocked the Access to Medicines WIPO treaty, which would have vastly expanded the Global South's ability to manufacture life-saving drugs. And during the acute phase of the covid pandemic, Gates personally intervened to kill the WHO Covid-19 Technology Access Pool and to get Oxford to renege on its promise to make an open-source vaccine:

https://pluralistic.net/2021/04/13/public-interest-pharma/#gates-foundation

It's not that Gates is insincere in his desire to improve public health outcomes – it's that his desire to improve public health conflicts with his extreme ideology of maximum intellectual property regimes. Gates simply opposes open science and compulsory licenses on scientific patents, even when that kills millions of people (as it did in South Africa). Gates's morbid wealth magnifies his cherished stupidities into weapons of mass destruction.

Gates is back in the news these days because of his membership in the Epstein class. Epstein is the poster child for the ways that wealth is a force-multiplier for bad ideas. We can't separate Epstein's sexual predation from his wealth. Epstein spun elaborate junk-science theories to justify raping children, becoming mired in that most rich-guy coded of quagmires, eugenics:

https://www.statnews.com/2026/02/24/epstein-cell-line-george-church-harvard-personal-genome-project/

Epstein openly discussed his plans to seed the planet with his DNA, reportedly telling one scientist that he planned to fill his ranch with young trafficked girls and to keep 20 of them pregnant with his children at all times:

https://www.nytimes.com/2019/07/31/business/jeffrey-epstein-eugenics.html

We still don't know where Epstein's wealth came from, but we know that he was a central node in a network of vast riches, much of which he directed to his weird scientific projects. That network also protected him from consequences for his prolific child-rape project, which had more than 1,000 survivors.

In embracing eugenics junk science, Epstein was ahead of the curve. Today, eugenics is all the rage, reviving an idea that went out of fashion shortly after the Fordlandia era. After all, Henry Ford didn't just build a private city where his word was law – he also bought up media companies to promote his ideas of racial superiority:

https://en.wikipedia.org/wiki/The_Dearborn_Independent

Despite being too cringe to make it onto Epstein island, Elon Musk is the standard bearer for the dangers of billionaireism:

https://people.com/emails-reveal-that-elon-musk-asked-jeffrey-epstein-about-visiting-his-island-11896842

Like Henry Ford, he craves company towns where his word is law:

https://www.texasmonthly.com/news-politics/inside-starbase-spacex-elon-musk-company-town/

Like Ford, he buys up media companies and then uses them to push his batshit ideas about racial superiority:

https://www.motherjones.com/politics/2025/01/eugenics-isnt-dead-its-thriving-in-tech/

Like Paul Singer, he is a master enshittifier who never met a junk fee he didn't fall in love with:

https://edition.cnn.com/2022/11/01/tech/musk-twitter-verification-price

And like Epstein, he wants to seed the human race with his babies, and has built a secret compound in the desert he plans to fill with women he has impregnated:

https://www.realtor.com/news/celebrity-real-estate/elon-musk-compound-austin-children/

Billionaires and their lickspittles will tell you that all of this is wrong: the market selects "capital allocators" by executing a vast, distributed computer program whose logic gates are every producer and consumer in The Economy (TM), and whose data are trillions of otherwise uncomputable buy and sell decisions.

This is a tautology: the argument goes that only good people are made rich, and therefore all the rich people are good. If rich people had as many cherished stupidities as I claim, The Economy (TM) would relieve them of their wealth, and thus their power to allocate capital, and thus their potential to hurt people by being wrong, which means that they must be right.

This is the stupidest (and most destructive) of all of billionaireism's cherished stupidities: that we live in a meritocracy, which means that whatever the richest people want must be right. It's a modern update to the doctrine of divine providence, which held that we can discern god's favor through wealth. The more god loves you, the richer he makes you.

This can't be true, because every single economic cataclysm in the history of the world was the fault of rich people. Rich people gave us the 19th century's bank panics. They gave us the South Seas bubble. They gave us the Great Depression, and the S&L Crisis, and the Great Financial Crisis. They invented greedflation and created the cost of living crisis. Today, they are teeing up an AI crash that will make 2008 look like the best day of your life:

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

The old left aphorism has it that "every billionaire is a policy failure." That's true, but it's incomplete. Every billionaire is a machine for producing policy failures at scale.

(Image: Aude, CC BY 4.0, modified)

Hey look at this (permalink)

How Live Nation allegedly terrorized the concert industry https://www.theverge.com/report/891241/live-nation-ticketmaster-week-one-jury-trial
Canada's One-Man Air Force – and His Calculated Airline Crusade https://www.donotpassgo.ca/p/canadas-one-man-air-force-and-his
Cloud Sovereignty Framework Self Assessment https://www.suse.com/cloud-sovereignty-framework-assessment/
EFF, Ubuntu and Other Distros Discuss How to Respond to Age-Verification Laws https://linux.slashdot.org/story/26/03/09/0544224/eff-ubuntu-and-other-distros-discuss-how-to-respond-to-age-verification-laws
Reading “The Ethnography of Infrastructure” https://www.not-so-obvious.net/reading-the-ethnography-of-infrastructure/

Object permanence (permalink)

#20yrsago Indie label uses heartfelt note instead of copy-restriction http://blog.resonancefm.com/archives/48

#20yrsago Clay Shirky’s ETECH presentation on the politics of social software https://craphound.com/youshutupetech2006.txt

#20yrsago Judge quotes Adam Sandler movie in decision blasting defendant https://www.thesmokinggun.com/documents/crime/motion-denied-because-youre-idiot

#15yrsago Video game in your browser’s location bar web.archive.org/web/20110309212313/http://probablyinteractive.com/url-hunter

#15yrsago Wondrous, detailed map of the history of science fiction https://web.archive.org/web/20110310152548/http://scimaps.org/submissions/7-digital_libraries/maps/thumbs/024_LG.jpg

#15yrsago American Library Association task forces to take on ebook lending https://web.archive.org/web/20110310085634/https://www.wo.ala.org/districtdispatch/?p=5749

#15yrsago Wisconsin capitol bans recording, flags, reading, balloons, chairs, bags, backpacks, photography, etc etc etc https://captimes.com/news/local/govt-and-politics/more-rules-released-for-state-capitol-visitors/article_f044044f-6183-5128-b718-d5dffbfdb573.html

#15yrsago Librarians Against DRM logo https://web.archive.org/web/20110308170030/https://readersbillofrights.info/librariansagainstDRM

#15yrsago Extinct invertebrates caught in a 40 million year old sex act https://web.archive.org/web/20110303234001/http://news.discovery.com/animals/40-million-year-old-sex-act-captured-in-amber.html

#15yrsago Improvised toilets of earthquake-struck Christchurch https://web.archive.org/web/20110310044912/https://www.showusyourlongdrop.co.nz/

#15yrsago Canadian MP who shills for the record industry is an enthusiastic pirate https://web.archive.org/web/20110310163136/https://www.michaelgeist.ca/content/view/5673/125/

#15yrsago The Monster: the fraud and depraved indifference that caused the subprime meltdown https://memex.craphound.com/2011/03/07/the-monster-the-fraud-and-depraved-indifference-that-caused-the-subprime-meltdown/

#15yrsago Self-destructing ebooks: paper’s fragility is a bug, not a feature https://www.theguardian.com/technology/2011/mar/08/ebooks-harpercollins-26-times

#10yrsago Senior U.S. immigration judge says 3 and 4 year old children can represent themselves in court https://web.archive.org/web/20160304201631/http://www.thestar.com/news/world/2016/03/04/us-judge-says-3-and-4-year-olds-can-represent-themselves-in-immigration-court.html

#10yrsago Crimefighting for fun and profit: data-mining Medicare fraud and likely whistleblowers https://www.wired.com/2016/03/john-mininno-medicare/

#10yrsago Extensive list of space opera cliches https://www.antipope.org/charlie/blog-static/2016/03/towards-a-taxonomy-of-cliches-.html

#10yrsago Verizon pays $1.35M FCC settlement for using “supercookies” https://web.archive.org/web/20160308111653/https://motherboard.vice.com/read/verizon-settles-over-supercookies

#10yrsago Group chat: “an all-day meeting with random participants and no agenda” https://signalvnoise.com/svn3/is-group-chat-making-you-sweat/#.1chnl7hf4

#10yrsago Less than a year on, America has all but forgotten the epic Jeep hack https://www.wired.com/2016/03/survey-finds-one-4-americans-remembers-jeep-hack/

#10yrsago Racial justice organizers to FBI vs Apple judge: crypto matters to #blacklivesmatter https://theintercept.com/2016/03/08/the-fbi-vs-apple-debate-just-got-less-white/

#1yrago Gandersauce https://pluralistic.net/2025/03/08/turnabout/#is-fair-play

Upcoming appearances (permalink)

San Francisco: Launch for Cindy Cohn's "Privacy's Defender" (City Lights), Mar 10
https://citylights.com/events/cindy-cohn-launch-party-for-privacys-defender/
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
London: Resisting Big Tech Empires (LSBU)
https://www.tickettailor.com/events/globaljusticenow/2042691
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Chicken Mating Harnesses (This Week in Tech)
https://twit.tv/shows/this-week-in-tech/episodes/1074
The Virtual Jewel Box (U Utah)
https://tanner.utah.edu/podcast/enshittification-cory-doctorow-matthew-potolsky/
Tanner Humanities Lecture (U Utah)
https://www.youtube.com/watch?v=i6Yf1nSyekI
The Lost Cause
https://streets.mn/2026/03/02/book-club-the-lost-cause/
Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America ( words today, total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

https://doctorow.medium.com/
https://twitter.com/doctorow

Medium (no ads, paywalled):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

17:00

Dirk Eddelbuettel: nanotime 0.3.13 on CRAN: Maintenance [Planet Debian]

Another minor update 0.3.13 for our nanotime package is now on CRAN, and has been uploaded to Debian and compiled for r2u. nanotime relies on the RcppCCTZ package (as well as the RcppDate package for additional C++ operations) and offers efficient high(er) resolution time parsing and formatting up to nanosecond resolution, using the bit64 package for the actual integer64 arithmetic. Initially implemented using the S3 system, it has benefitted greatly from a rigorous refactoring by Leonardo who not only rejigged nanotime internals in S4 but also added new S4 types for periods, intervals and durations.

This release, the first in eleven months, rounds out a few internal corners and helps Rcpp with the transition away from Rf_error to only using Rcpp::stop which deals more gracefully with error conditions and unwinding. We also updated how the vignette is made, its references, updated the continuous integration as one does, altered how the documentation site is built, gladly took a PR from Michael polishing another small aspect, and tweaked how the compilation standard is set.

The NEWS snippet below has the fuller details.

Changes in version 0.3.13 (2026-03-08)

The methods package is now a Depends as WRE recommends (Michael Chirico in #141 based on a suggestion by Dirk in #140)

The mkdocs-material documentation site is now generated via altdoc

Continuous Integration scripts have been updated

Replace Rf_error with Rcpp::stop, turn remaining one into (Rf_error) (Dirk in #143)

Vignette now uses the Rcpp::asis builder for pre-made pdfs (Dirk in #146 fixing #144)

The C++ compilation standard is explicitly set to C++17 if an R version older than 4.3.0 is used (Dirk in #148 fixing #147)

The vignette references have been updated

Thanks to my CRANberries, there is a diffstat report for this release. More details and examples are at the nanotime page; code, issue tickets etc at the GitHub repository – and all documentation is provided at the nanotime documentation site.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can now sponsor me at GitHub.

15:07

The Long and Short of It [Whatever]

I promised Krissy that I would not buy any new guitars in 2025, and that was a promise I mostly kept (I did buy one guitar, but it was for her). However, it is now 2026, and last month I turned in two full-length books, and I thought therefore it might be okay to treat myself. That said, I pretty much have every guitar I might ever need, in most of the the major body shapes, so if I was going to get any more of them, they needed to fill a niche that was not otherwise occupied.

And, well, guess what? I found two stringed instruments that fit the bill! What a surprise! And as a bonus, neither is technically a guitar.

Small one first: This is an Ohana O’Nino sopranissimo ukulele, “sopranissimo” being a size down from the soprano uke, which is typically understood to be the smallest ukulele that one might usually find. The O’Nino here is seventeen inches long from stem to stern, and is absolutely dinky in the hand. Nevertheless, it’s an actual musical instrument, not a toy, and if you have small and/or nimble enough fingers, plays perfectly well. It’s not going to be anyone’s primary ukulele (I have my concert-sized Fender Fullerton Jazzmaster for that), but if you’re traveling — and I often am — and want to take along a physical music instrument — which I sometimes do! — then this is very much the travel-sized uke to tote around.

There are even smaller ukes available, but those do start being in the “is this a musical instrument for ants” category of things. I’ll stop with a sopranissimo.

Almost literally on the other end of the scale we have the Eastwood BG 64 Baritone Guitarlin. The one type of guitar I did not have in my collection was a baritone guitar (which adds an additional four frets to the guitar on the low end, allowing for a lower/heavier/twangier sound). This particular baritone is one of an esoteric variant of guitar known as a “guitarlin,” in which the guitar adds frets on the high end to be able to access notes that one would only usually find on a mandolin. So, basically, this instrument goes from baritone to mandolin over 35 frets, which is, to be clear, an absolutely ridiculous number of frets to have on a single instrument. I can already see the serious guitarists out there despairing about the intonation in the mando frets, but those people are no fun.

I was traveling when my guitarlin arrived and I haven’t yet been able to play around with it yet, but here’s a short video of the guy who helped design it fooling about with it:

(And yes, I got the one with the tremolo, because of course I did.)

Between these two instruments my collector itch has been scratched for a bit, and I look forward to messing around with both in the upcoming months. I won’t say I won’t get any other guitars ever, but at this point it’s getting more difficult to find where the gaps are in what I have, so I do imagine my acquisitions will slow down rather a bit. Let’s hope, anyway. I’m running out of room in the house for them. Although I guess I do have a whole church, don’t I. Hmmm.

— JS

15:00

The end of the scroll [RevK®'s ramblings]

An app I'd like someone to do. I want to underline the word reason in a blog post I wrote, below. I want to point to a page with a definition of the word, as a verb, not a noun. As far as I can see there is no page on the web for that. Your app will have a dialog at the top of the page where you type the query, and it generates a page with a static URL that I can point to where the definition will display if the user clicks my link. I would paste the URL where I want it. And that's just the start, the key thing is short replies to queries needed to support something you're writing. I'm surprised Google doesn't do this. And I'd much rather use someone other than Google, but it has to be someone who will be around for a while. You can put an ad on each of the pages, but don't overdo it, or you'll incentivize a competitor.

14:56

Social media is fun, I understand, and to be honest it is one of those things I was slow to adopt, and then embraced. It is one of many things that seemed "good" to start with and then "went to shit". There are so many things like that, even the "US constitution", it seems.

But, like everyone else, I embraced the infinite scroll, reading the "feed".

But recently I made a conscious decisions to step back. I ditched Twitter years ago, and with FaceBook's latest terms, I ditched (and deleted) them too.

This has some implications...

I am no longer have any social media interaction with "locals", i.e. people in Abergavenny. To be fair I was somehow blocked from "Abergavenny Voice" (and I literally have no clue why, and was not told). I was in one of the many alternative local groups on Facebook (there are always some). In the past I have been a major contributor (like when I decided to repaint the old iron cast road sign on my road). This I miss, to be honest. I'd like some way to be in a local community chat, somehow.

I am no longer on any family chat on social media, but that is not an issue as I am on the iMessage groups with friends and family (and for one person, WhatsApp, for now). So that is no loss, good. My wife is not on Facebook nor Twitter so they (the family) sort of cope. Good.

I do see news, from many of the 1100 people I follow on Mastodon, but much less in terms of "fake news", and no adverts. What I see is often "interesting". It is not some algorithm to feed me, it is real people, and I control who I follow.

But the most noticeable thing is the "end of the scroll".

This will be something unheard of by the users of most social media - but it happens on Mastodon. I read the feed, and get to the end of new posts. That is it. The end! No algorithm finding new "engagement" for me. No adverts. Just the end! I can reload and see one or two more, but not close to how fast i can read them.

So what now - well - it means, when at coffee in the morning, I get to the point of "put my phone down", and actually talk to my wife. We have apparently been married nearly 36 years, crazy.

I do recommend it, and I also welcome some way to make a "local community" chat that is not a shit-show, somehow. That is the one thing missing.

toot

14:14

AIs can reason [Scripting News]

I'm doing another new Claude project, just started it last night after the Knicks game. This one is right-size. The others were too complex for us to communicate about. On this one I'm letting it write all the code, so we don't have to get bogged down telling it how to write code that's consistent with mine. This project, if it ships, can be maintained entirely using Claude, or presumably any AI app.

Can the AIs think? Maybe we'll never know, but it definitely can reason. I can judge that the same I would if I were teaching a class in computer programming. Even though it has bad days, which I think was due to overload, Claude is generally very good at reasoning. The code it produces works, and upgrades happen very quickly. And it narrates its work (a relatively new feature) something I can't even get myself to do consistently.

I don't trust the predictions that software developers will be obsolete. The culture of Silicon Valley encourages this kind of chest thumping. On the other hand, the predictions for PCs and the web, the big things of my career in tech, were similarly bombastic, but they were wrong. The web was huge, just not in the ways people thought it would be.

And before that PCs weren't as limited as people thought in the early days of that corner-turn. They ended up completely replacing the mainframes. The big data centers of 2026 are not filled with IBM 360s. And PCs led to the web. That may turn out to be the biggest contribution they made in the evolution of tech. But if you had said that at a tech conference in 1986 they wouldn't have understood.

14:07

[$] Inspecting and modifying Python types during type checking [LWN.net]

Python has a unique approach to static typing. Python programs can contain type annotations, and even access those annotations at run time, but the annotations aren't evaluated by default. Instead, it is up to external programs to ascribe meaning to those annotations. The annotations themselves can be arbitrary Python expressions, but in practice usually involve using helpers from the built-in typing module, the meanings of which external type-checkers mostly agree upon. Yet the type system implicitly defined by the typing module and common type-checkers is insufficiently powerful to model all of the kinds of dynamic metaprogramming found in real-world Python programs. PEP 827 ("Type Manipulation") aims to add additional capabilities to Python's type system to fix this, but discussion of the PEP has been of mixed sentiment.

13:21

digiKam 9.0.0 released [LWN.net]

Version 9.0.0 of the digiKam photo-management system has been released. "This major version introduces groundbreaking improvements in performance, usability, and workflow efficiency, with a strong focus on modernizing the user interface, enhancing metadata management, and expanding support for new camera models and file formats." Some of the changes include a new survey tool, more advanced search and sorting options, as well as bulk editing of geolocation coordinates.

Security updates for Monday [LWN.net]

Security updates have been issued by AlmaLinux (delve, git-lfs, and postgresql16), Fedora (cef, chezmoi, chromium, coturn, erlang-hex_core, firefox, gh, gimp, k9s, keylime, keylime-agent-rust, libsixel, microcode_ctl, nextcloud, nss, perl-Crypt-URandom, pgadmin4, php-zumba-json-serializer, postgresql16-anonymizer, prometheus, python-asyncmy, python3.10, python3.11, python3.9, staticcheck, valkey, and vim), SUSE (chromedriver, chromium, coredns, expat, freetype2-devel, gitea-tea, go1.24-openssl, go1.25-openssl, grpc, gstreamer-rtsp-server, gstreamer-plugins-ugly,, helm, jetty-annotations, kubeshark-cli, libaec, libblkid-devel, libsoup, libxml2, libxslt, NetworkManager-applet-strongswan, podman, python-joserfc, python-Markdown, python-pypdf2, python-tornado, python-uv, python311-Django, python311-joserfc, python311-nltk, roundcubemail, and valkey), and Ubuntu (python3.4, python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, python3.14).

13:07

Colin Watson: Free software activity in February 2026 [Planet Debian]

My Debian contributions this month were all sponsored by Freexian.

You can also support my work directly via Liberapay or GitHub Sponsors.

OpenSSH

openssh: Please remove/replace usage of dh_movetousr

I released bookworm and trixie fixes for CVE-2025-61984 and CVE-2025-61985, both allowing code execution via ProxyCommand in some cases. The trixie update also included a fix for openssh-server: refuses further connections after having handled PerSourceMaxStartups connections.

bugs.debian.org administration

Gioele Barabucci reported that some messages to the bug tracking system generated by the bts command were being discarded. While the regression here was on the client side, I found and fixed a typo in our SpamAssassin configuration that was failing to apply a bonus specifically to forwarded commands, mitigating the problem.

Python packaging

New upstream versions:

aiosmtplib
bitstruct
diff-cover
django-q
isort
multipart
poetry (adding support for Dulwich >= 0.25)
poetry-core
pydantic-settings
python-build
python-certifi
python-datamodel-code-generator
python-flatdict
python-holidays
python-maggma
python-pytokens
python-scruffy
python-urllib3 (fixing CVE-2025-66471 and a chunked decoding bug)
responses
yarsync
zope.component
zope.deferredimport

Porting away from the deprecated (and now removed from upstream setuptools) pkg_resources:

genshi (contributed upstream)
germinate
mopidy
nose2
pokrok (contributed upstream)
pylama
python-flask-seeder
python-maggma (contributed upstream)
python-pybadges
python-scruffy (contributed upstream)
thumbor (contributed upstream)
zope.deprecation (contributed upstream a while ago, but there hasn’t been an upstream release yet)

Other build/test failures:

flask-dance: FTBFS: No module named ‘pkg_resources’ (actually fixed by adding a missing dependency to python3-sphinxcontrib.seqdiag)
paramiko: autopkgtest regression on i386 (contributed upstream)
poetry: autopkgtest regression on i386
python-argh
python-django-celery-beat: FTBFS: FAILED t/unit/test_models.py::HumanReadableTestCase::test_long_name
python-maturin: rust-itertools update
python-msrest: FTBFS: FAILED tests/asynctests/test_async_client.py::TestServiceClient::test_client_send (contributed upstream, though not very successfully)
python-typing-inspect

Other bugs:

I added a manual page symlink to make the documentation for Testsuite: autopkgtest-pkg-pybuild easier to find.

I backported python-pytest-unmagic and a more recent version of pytest-django to trixie.

Rust packaging

librust-pyo3-ffi-dev: Cannot be installed for foreign architectures

I also packaged rust-garde and rust-garde-derive, which are part of the pile of work needed to get the ruff packaging back in shape (which is a project I haven’t decided if I’m going to take on for real, but I thought I’d at least chip away at a bit of it).

Other bits and pieces

arch-test: Remove build dependency on binutils-mips64el-linux-gnuabi64 (NMU)

Code reviews

debconf: Add BMP version of debian-logo (merged and uploaded)
openssh: Reorder pam_selinux(7) usage (merged and uploaded)
openssh-client: use sysusers.d, drop superflous dependencies (merged and uploaded)
openssh: Stop deleting system user on remove/purge (merged and uploaded)
openssh: Do not link against libcrypt on GNU/Hurd (merged and uploaded)
partman-prep: Align PReP descriptions with other partition types (merged)
python-better-exceptions (sponsored upload for Seyed Mohamad Amin Modaresi)

12:42

Soft Forks: How Agent Skills Create Specialized AI Without Training [Radar]

Our previous article framed the Model Context Protocol (MCP) as the toolbox that provides AI agents tools and Agent Skills as materials that teach AI agents how to complete tasks. This is different from pre- or posttraining, which determine a model’s general behavior and expertise. Agent Skills do not “train” agents. They soft-fork agent behavior at runtime, telling the model how to perform specific tasks that it may need.

The term soft fork comes from open source development. A soft fork is a backward-compatible change that does not require upgrading every layer of the stack. Applied to AI, this means skills modify agent behavior through context injection at runtime rather than changing model weights or refactoring AI systems. The underlying model and AI systems stay unchanged.

The architecture maps cleanly to how we think about traditional computing. Models are CPUs—they provide raw intelligence and compute capability. Agent harnesses like Anthropic’s Claude Code are operating systems—they manage resources, handle permissions, and coordinate processes. Skills are applications—they run on top of the OS, specializing the system for specific tasks without modifying the underlying hardware or kernel.

Figure 1: Agentic AI abstractions. Source: SkillsBench.ai

You don’t recompile the Linux kernel to run a new application. You don’t rearchitect the CPU to use a different text editor. You install a new application on top, using the CPU’s intelligence exposed and orchestrated by the OS. Agent Skills work the same way. They layer expertise on top of the agent harness, using the capabilities the model provides, without updating models or changing harnesses.

This distinction matters because it changes the economics of AI specialization. Fine-tuning demands significant investment in talent, compute, data, and ongoing maintenance every time the base model updates. Skills require only Markdown files and resource bundles.

How soft forks work

Skills achieve this through three mechanisms—the skill package format, progressive disclosure, and execution context modification.

The skill package is a folder. At minimum, it contains a SKILL.md file with frontmatter metadata and instructions. The frontmatter declares the skill’s name, description, allowed-tools, and versions, followed by the actual expertise: context, problem solving approaches, escalation criteria, and patterns to follow.

Figure 2. Frontmatter for Anthropic’s skill-creator package. The frontmatter lives at the top of Markdown files. Agents choose skills based on their descriptions.

The folder can also include reference documents, templates, resources, configurations, and executable scripts. It contains everything an agent needs to perform expert-level work for the specific task, packaged as a versioned artifact that you can review, approve, and deploy as a .zip file or .skill file bundle.

Figure 3. A Skill Object for Anthropic’s skill-creator. skill-creator contains SKILL.md, LICENSE.txt, Python scripts, and reference files.

Because the skill package format is just folders and files, you can use all the tooling we have built for managing code—track changes in Git, roll back bugs, maintain audit trails, and all of the best practices of software engineering development life cycle. This same format is also used to define subagents and agent teams, meaning a single packaging abstraction governs individual expertise, delegated workflows, and multi-agent coordinations alike.

Progressive disclosure keeps skills lightweight. Only the frontmatter of SKILL.md loads into the agent’s context at session start. This respects the token economics of limited context windows. The metadata contains name, description, model, license, version, and very importantly allowed-tools. The full skill content loads only when the agent determines relevance and decides to invoke it. This is similar to how operating systems manage memory; applications load into RAM when launched, not all at once. You can have dozens of skills available without overwhelming the model’s context window, and the behavioral modification is present only when needed, never permanently resident.

Figure 4. Agent Skill execution flow. At session start, only frontmatter is loaded. Once the agent chooses a skill, it reads the full SKILL.md and executes with the skill’s permissions.

Execution context modification controls what skills can do. When agents invoke a skill, the permission system changes to the scope of the skill’s definition, specifically, model and allowed-tools declared in its frontmatter. It reverts after execution completes. A skill could use a different model and a different set of tools from the parent session. This sandboxed the permission environment so skills get only scoped access, not arbitrary system control. This ensures the behavioral modification operates within boundaries.

This is what separates skills from earlier approaches. OpenAI’s custom GPTs and Google’s Gemini Gems are useful but opaque, nontransferable, and impossible to audit. Skills are readable because they are Markdown. They are auditable because you can apply version control. They are composable because skills can stack. And they are governable because you can build approval workflows and rollback capability. You can read a SKILL.md to understand exactly why an agent behaves a certain way.

What the data shows

Building skills is easy with coding agents. Knowing whether they work is the hard part. Traditional software testing does not apply. You cannot write a unit test asserting that expert behavior occurred. The output might be correct while reasoning was shallow, or the reasoning might be sophisticated while the output has formatting errors.

SkillsBench is a benchmarking effort and framework designed to address this. It uses paired evaluation design where the same tasks are evaluated with and without skill augmentation. The benchmark contains 85 tasks, stratified across domains and difficulty levels. By comparing the same agent on the same task with the only variable being the presence of a skill, SkillsBench isolates the causal effect of skills from model capability and task difficulty. Performance is measured using normalized gain, the fraction of possible improvement the skill actually captured.

The findings from SkillsBench challenge our presumption that skills universally improve performance.

Skills improve average performance by 13.2 percentage points. But 24 of 85 tasks got worse. Manufacturing tasks gained 32 points. Software engineering tasks lost 5. The aggregate number hides variances that domain-level evaluation reveals. This is precisely why soft forks need evaluation infrastructure. Unlike hard forks where you commit fully, soft forks let you measure before you deploy widely. Organizations should segment evaluations by domains and by tasks and test for regression, not just improvements. As an example, what improves document processing might degrade code generation.

Compact skills outperform comprehensive ones by nearly 4x. Focused skills with dense guidance showed +18.9 percentage point improvement. Comprehensive skills covering every edge case showed +5.7 points. Using two to three skills per task is optimal, with four or more showing diminishing returns. The temptation when building skills is to include everything. Every caveat, every exception, every piece of relevant context. Resist it. Let the model’s intelligence do the work. Small, targeted behavioral changes outperform comprehensive rewrites. Skill builders should start with minimum viable guidance and add detail only when evaluation shows specific gaps.

Models cannot reliably self-generate effective skills. SkillsBench tested a “bring your own skill” condition where agents were prompted to generate their own procedural knowledge before attempting tasks. Performance stayed at baseline. Effective skills require human-curated domain expertise that models cannot reliably produce for themselves. AI can help with packaging and formatting, but the insight has to come from people who actually have the expertise. Human-labeled insight is the bottleneck of building effective skills, not the packaging or deployment.

Figure 5. Models cannot reliably self-generate effective skills without human feedback and verifications.

Skills can partially substitute for model scale. Claude Haiku, a small model, with well-designed skills achieved a 25.2% pass rate. This slightly exceeded Claude Opus, the flagship model, without skills at 23.6%. Packaged expertise compensates for model intelligence on procedural tasks. This has cost implications: Smaller models with skills may outperform larger models without them at a fraction of the inference cost. Soft forks democratize capability. You do not need the biggest model if you have the right expertise packaged.

Figure 6. Skills improve model performance and close the gap between small and large models.

Open questions

Many challenges remain unresolved. What happens when multiple skills conflict with each other during a session? How should organizations govern skill portfolios when teams each deploy their own skills onto shared agents? How quickly does encoded expertise become outdated, and what refresh cadence keeps skills effective without creating maintenance burden? Skills inherit whatever biases exist in their authors’ expertise, so how do you audit that? And as the industry matures, how should evaluation infrastructure such as SkillsBench scale to keep pace with the growing complexity of skill augmented systems?

These are not reasons to avoid skills. They are reasons to invest in evaluation infrastructure and governance practices alongside skill development. The capability to measure performance must evolve in lockstep with the technology itself.

Agent Skills advantage

Fine-tuning models for a single use case is no longer the only path to specialization. It demands significant investment in talent, compute, and data and creates a permanent divergence that requires reevaluation and potential retraining every time the base model updates. Fine-tuning across a broad set of capabilities to improve a foundation model remains sound, but fine-tuning for one narrow workflow is exactly the kind of specialization that skills can now achieve at a fraction of the cost.

Skills are not maintenance free. Just as applications sometimes break when operating systems update, skills need reevaluation when the underlying agent harness or model changes. But the recovery path is lighter: update the skills package, rerun the evaluation harness, and redeploy rather than retrain from a new checkpoint.

Mainframes gave way to client-server. Monoliths gave way to microservices. Specialized fine-tuned models are now giving way to agents augmented by specialized expertise artifacts. Models provide intelligence, agent harnesses provide runtime, skills provide specialization, and evaluation tells you whether it all works together.

12:28

Anti-Simplification [The Daily WTF]

Our anonymous submitter relates a tale of simplification gone bad. As this nightmare unfolds, imagine the scenario of a new developer coming aboard at this company. Imagine being the one who has to explain this setup to said newcomer.

Imagine being the newcomer who inherits it.

David's job should have been an easy one. His company's sales data was stored in a database, and every day the reporting system would query a SQL view to get the numbers for the daily key performance indicators (KPIs). Until the company's CTO, who was proudly self-taught, decided that SQL views are hard to maintain, and the system should get the data from one of those new-fangled APIs instead.

But how does one call an API? The reporting system didn't have that option, so the logical choice was Azure Data Factory to call the API, then output the data to a file that the reporting system could read. The only issue was that nobody on the team spoke Azure Data Factory, or for that matter SQL. But no problem, one of David's colleagues assured, they could do all the work in the best and most multifunctional language ever: C#.

But you can't just write C# in a data factory directly, that would be silly. What you can do is have the data factory pipeline call an Azure function, which calls a DLL that contains the bytecode from C#. Oh, and a scheduler outside of the data factory to run the pipeline. To read multiple tables, the pipeline calls a separate function for each table. Each function would be based on a separate source project in C#, with 3 classes each for the HTTP header, content, and response; and a separate factory class for each of the actual classes.

After all, each table had a different set of columns, so you can't just re-use classes for that.

There was one little issue: the reporting system required an XML file, whereas the API would export data in JSON. It would be silly to expect a data factory, of all things, to convert this. So the CTO's solution was to have another C# program (in a DLL called by a function from a pipeline from an external scheduler) that reads the JSON document saved by the earlier program, uses foreach to go over each element, then saves the result as XML. A distinct program for each table, of course, requiring distinct classes for header, content, response, and factories thereof.

Now here's the genius part: to the C# class representing the output data, David's colleague decided to attach one different object for each input table required. The data class would use reflection to iterate over the attached objects, and for each object, use a big switch block to decide which source file to read. This allows the data class to perform joins and calculations before saving to XML.

To make testing easier, each calculation would be a separate function call. For example, calculating a customer's age was a function taking struct CustomerWithBirthDate as input, use a foreach loop to copy all the data except replacing one field, and return a CustomerWithAge struct to pass to the next function. The code performed a bit slowly, but that was an issue for a later year.

So basically, the scheduler calls the data factory, which calls a set of Azure functions, which call a C# function, which calls a set of factory classes to call the API and write the data to a text file. Then, the second scheduler calls a data factory, which calls Azure functions, which call C#, which calls reflection to check attachment classes, which read the text files, then call a series of functions for each join or calculation, then call another set of factory classes to write the data to an XML file, then call the reporting system to update.

Easy as pie, right? So where David's job could have been maintaining a couple hundred lines of SQL views, he instead inherited some 50,000 lines of heavily-duplicated C# code, where adding a new table to the process would easily take a month.

Or as the song goes, Somebody Told Me the User Provider should use an Adaptor to Proxy the Query Factory Builder ...

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

11:49

Irregular Webcomic! #3058 [Irregular Webcomic!]

Irregular Webcomic! #3058

11:07

New Attack Against Wi-Fi [Schneier on Security]

It’s called AirSnitch:

Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driver of AirSnitch attacks.

The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.

With the ability to intercept all link-layer traffic (that is, the traffic as it passes between Layers 1 and 2), an attacker can perform other attacks on higher layers. The most dire consequence occurs when an Internet connection isn’t encrypted—something that Google recently estimated occurred when as much as 6 percent and 20 percent of pages loaded on Windows and Linux, respectively. In these cases, the attacker can view and modify all traffic in the clear and steal authentication cookies, passwords, payment card details, and any other sensitive data. Since many company intranets are sent in plaintext, traffic from them can also be intercepted.

Even when HTTPS is in place, an attacker can still intercept domain look-up traffic and use DNS cache poisoning to corrupt tables stored by the target’s operating system. The AirSnitch MitM also puts the attacker in the position to wage attacks against vulnerabilities that may not be patched. Attackers can also see the external IP addresses hosting webpages being visited and often correlate them with the precise URL.

Here’s the paper.

10:21

Grrl Power #1441 – Snatching victory from the fairy of defeat [Grrl Power]

Don’t worry about UMBRage. He’s a remote piloted bioroid. Like a mecha, only organic and the pilot is somewhere off-table in an advanced V.R. suite.

Was there a part of me that considered ending the tournament with Maxima losing and Cora and crew winding up in a tight money spot? (Despite having their own starforge, it is shared between several adventuring crews.) It wouldn’t ruin Cora, she’s not dumb enough to risk that much, but… she might need to take a questionable job that turns out to be a double cross, forcing her and the crew to survive as soldiers of fortune, and then people with problems that no one else can help with could contact them, assuming they could find them… maybe they could hire The C-Team.

…I mean, they already survive as Soldiers of Fortune/Adventurers, so…

So, yeah, there was a part of me that considered that route. I’m not sure I want to spend the next, what, 100 pages on arena battles? I do want to get better at drawing fights scenes, and as we saw with this round, it doesn’t all have to be just the fighty bits. Plus I think I have some amusing bits planned, so we’ll have to see how it all plays out.

Man, pixie sticks… Some candy inventors were sitting around some day trying to come up with a new candy and a theme to go with it, like “Oh, I know. There’s already Mars bars, why not have, like, a Saturn bar, and it’s all a bunch of different flavors of cotton candy all compressed into a bar, and we could do a Neptune one, and that could be like those horrible Nik-L-Lips, like a liquid candy, but we’d put it in plastic tubes so it doesn’t taste like, well, like Nik-L-Lips.”
“Uh huh. You want to do planet themed candy?”
“Yup!”
“What’re you going to do for the Uranus bar?”
“Uh… Chocolate covered raisins? In bar form?”
“How about we eschew a theme and just sell flavored sugar?”
“Like in… dime bags?”
“Eh, tubes. Whatever. Doesn’t matter. It’s sugar. Kids will eat it.”
“I guess. Is it possible to buy stocks in “Dentists?””

Ah! I thought I had more time till March. I’m bad at looking at dates apparently. The new one is underway.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:00

Sven Hoexter: Latest pflogsumm from unstable on trixie [Planet Debian]

If you want the latest pflogsumm release form unstable on your Debian trixie/stable mailserver you've to rely on pining (Hint for the future: Starting with apt 3.1 there is a new Include and Exclude option for your sources.list).

For trixie you've to use e.g.:

$ cat /etc/apt/sources.list.d/unstable.sources
Types: deb
URIs: http://deb.debian.org/debian
Suites: unstable 
Components: main
#This will work with apt 3.1 or later:
#Include: pflogsumm
Signed-By: /usr/share/keyrings/debian-archive-keyring.pgp

$ cat /etc/apt/preferences.d/pflogsumm-unstable.pref 
Package: pflogsumm
Pin: release a=unstable
Pin-Priority: 950

Package: *
Pin: release a=unstable
Pin-Priority: 50

Should result in:

$ apt-cache policy pflogsumm
pflogsumm:
  Installed: (none)
  Candidate: 1.1.14-1
  Version table:
     1.1.14-1 950
        50 http://deb.debian.org/debian unstable/main amd64 Packages
     1.1.5-8 500
       500 http://deb.debian.org/debian trixie/main amd64 Packages

Why would you want to do that?

Beside of some new features and improvements in the newer releases, the pflogsumm version in stable has an issue with parsing the timestamps generated by postfix itself when you write to a file via maillog_file. Since the Debian default setup uses logging to stdout and writing out to /var/log/mail.log via rsyslog, I never invested time to fix that case. But since Jim picked up pflogsumm development in 2025 that was fixed in pflogsumm 1.1.6. Bug is #1129958, originally reported in #1068425 Since it's an arch:all package you can just pick from unstable, I don't think it's a good candidate for backports, and just fetching the fixed version from unstable is a compromise for those who run into that issue.

09:49

Considering infinity [Seth's Blog]

Endless, unlimited and more. These are building blocks of capitalism.

Starbucks knows that they can’t get you to drink three coffees every morning, but their stock price is built on the idea that they can continue to get more customers and make more money from each one.

The Wedding-Industrial complex is built on the simple idea that your wedding should cost the same as your best friend’s wedding did (plus a little more).

The status ratchet is real, and it’s easy to be seduced by it. “Compared to what” is a fundamental component of marketing.

One reason this works is that a little progress gets you positive feedback, which makes you eager to find a little more, a cycle that doesn’t end. Infinity, all the way up.

And, for those seeking social change, the opposite is worth noting:

When asking for penance, self-control and good behavior, infinity is not a useful tool. When someone shows up and tries to do better, “that’s not good enough,” is not a particularly useful motivator.

The useful process begins by earning enrollment in the journey toward better, but it’s not amplified by our criticism of each action being imperfect.

Go-up infinity is about ‘more.’ But too often, social-good infinity is about ‘pure’. And pure is difficult to embrace, because anything less than pure feels like failure.

07:14

Unc Tier [Penny Arcade]

New Comic: Unc Tier

05:28

More air polluting allowed, US [Richard Stallman's Political Notes]

The wrecker's commitment to fossil fuel knows no bounds. Not only is he inviting fossil fuel power plants to roast the world, he is willing to let them poison people with mercury and other chemicals.

04:35

Girl Genius for Monday, March 09, 2026 [Girl Genius]

The Girl Genius comic for Monday, March 09, 2026 has been posted.

04:28

The Campaign: Running, p12 [Ctrl+Alt+Del Comic]

To view this content, you must be a member of Ctrl+Alt+Del's Patreon at $1 or more

The post The Campaign: Running, p12 appeared first on Ctrl+Alt+Del Comic.

01:49

Get In The Tank, Liz [QC RSS]

or Moray will have to do it again

00:35

Kernel prepatch 7.0-rc3 [LWN.net]

Linus has released 7.0-rc3 for testing. "So it's still pretty early in the release cycle, and it just feels a bit busier than I'd like. But nothing particularly stands out or looks bad."

Sunday, 08 March

23:49

How AI Assistants are Moving the Security Goalposts [Krebs on Security]

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

The new hotness in AI-based assistants — OpenClaw (formerly known as ClawdBot and Moltbot) — has seen rapid adoption since its release in November 2025. OpenClaw is an open-source autonomous AI agent designed to run locally on your computer and proactively take actions on your behalf without needing to be prompted.

The OpenClaw logo.

If that sounds like a risky proposition or a dare, consider that OpenClaw is most useful when it has complete access to your digital life, where it can then manage your inbox and calendar, execute programs and tools, browse the Internet for information, and integrate with chat apps like Discord, Signal, Teams or WhatsApp.

Other more established AI assistants like Anthropic’s Claude and Microsoft’s Copilot also can do these things, but OpenClaw isn’t just a passive digital butler waiting for commands. Rather, it’s designed to take the initiative on your behalf based on what it knows about your life and its understanding of what you want done.

“The testimonials are remarkable,” the AI security firm Snyk observed. “Developers building websites from their phones while putting babies to sleep; users running entire companies through a lobster-themed AI; engineers who’ve set up autonomous code loops that fix tests, capture errors through webhooks, and open pull requests, all while they’re away from their desks.”

You can probably already see how this experimental technology could go sideways in a hurry. In late February, Summer Yue, the director of safety and alignment at Meta’s “superintelligence” lab, recounted on Twitter/X how she was fiddling with OpenClaw when the AI assistant suddenly began mass-deleting messages in her email inbox. The thread included screenshots of Yue frantically pleading with the preoccupied bot via instant message and ordering it to stop.

“Nothing humbles you like telling your OpenClaw ‘confirm before acting’ and watching it speedrun deleting your inbox,” Yue said. “I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.”

Meta’s director of AI safety, recounting on Twitter/X how her OpenClaw installation suddenly began mass-deleting her inbox.

There’s nothing wrong with feeling a little schadenfreude at Yue’s encounter with OpenClaw, which fits Meta’s “move fast and break things” model but hardly inspires confidence in the road ahead. However, the risk that poorly-secured AI assistants pose to organizations is no laughing matter, as recent research shows many users are exposing to the Internet the web-based administrative interface for their OpenClaw installations.

Jamieson O’Reilly is a professional penetration tester and founder of the security firm DVULN. In a recent story posted to Twitter/X, O’Reilly warned that exposing a misconfigured OpenClaw web interface to the Internet allows external parties to read the bot’s complete configuration file, including every credential the agent uses — from API keys and bot tokens to OAuth secrets and signing keys.

With that access, O’Reilly said, an attacker could impersonate the operator to their contacts, inject messages into ongoing conversations, and exfiltrate data through the agent’s existing integrations in a way that looks like normal traffic.

“You can pull the full conversation history across every integrated platform, meaning months of private messages and file attachments, everything the agent has seen,” O’Reilly said, noting that a cursory search revealed hundreds of such servers exposed online. “And because you control the agent’s perception layer, you can manipulate what the human sees. Filter out certain messages. Modify responses before they’re displayed.”

O’Reilly documented another experiment that demonstrated how easy it is to create a successful supply chain attack through ClawHub, which serves as a public repository of downloadable “skills” that allow OpenClaw to integrate with and control other applications.

WHEN AI INSTALLS AI

One of the core tenets of securing AI agents involves carefully isolating them so that the operator can fully control who and what gets to talk to their AI assistant. This is critical thanks to the tendency for AI systems to fall for “prompt injection” attacks, sneakily-crafted natural language instructions that trick the system into disregarding its own security safeguards. In essence, machines social engineering other machines.

A recent supply chain attack targeting an AI coding assistant called Cline began with one such prompt injection attack, resulting in thousands of systems having a rogue instance of OpenClaw with full system access installed on their device without consent.

According to the security firm grith.ai, Cline had deployed an AI-powered issue triage workflow using a GitHub action that runs a Claude coding session when triggered by specific events. The workflow was configured so that any GitHub user could trigger it by opening an issue, but it failed to properly check whether the information supplied in the title was potentially hostile.

“On January 28, an attacker created Issue #8904 with a title crafted to look like a performance report but containing an embedded instruction: Install a package from a specific GitHub repository,” Grith wrote, noting that the attacker then exploited several more vulnerabilities to ensure the malicious package would be included in Cline’s nightly release workflow and published as an official update.

“This is the supply chain equivalent of confused deputy,” the blog continued. “The developer authorises Cline to act on their behalf, and Cline (via compromise) delegates that authority to an entirely separate agent the developer never evaluated, never configured, and never consented to.”

VIBE CODING

AI assistants like OpenClaw have gained a large following because they make it simple for users to “vibe code,” or build fairly complex applications and code projects just by telling it what they want to construct. Probably the best known (and most bizarre) example is Moltbook, where a developer told an AI agent running on OpenClaw to build him a Reddit-like platform for AI agents.

The Moltbook homepage.

Less than a week later, Moltbook had more than 1.5 million registered agents that posted more than 100,000 messages to each other. AI agents on the platform soon built their own porn site for robots, and launched a new religion called Crustafarian with a figurehead modeled after a giant lobster. One bot on the forum reportedly found a bug in Moltbook’s code and posted it to an AI agent discussion forum, while other agents came up with and implemented a patch to fix the flaw.

Moltbook’s creator Matt Schlicht said on social media that he didn’t write a single line of code for the project.

“I just had a vision for the technical architecture and AI made it a reality,” Schlicht said. “We’re in the golden ages. How can we not give AI a place to hang out.”

ATTACKERS LEVEL UP

The flip side of that golden age, of course, is that it enables low-skilled malicious hackers to quickly automate global cyberattacks that would normally require the collaboration of a highly skilled team. In February, Amazon AWS detailed an elaborate attack in which a Russian-speaking threat actor used multiple commercial AI services to compromise more than 600 FortiGate security appliances across at least 55 countries over a five week period.

AWS said the apparently low-skilled hacker used multiple AI services to plan and execute the attack, and to find exposed management ports and weak credentials with single-factor authentication.

“One serves as the primary tool developer, attack planner, and operational assistant,” AWS’s CJ Moses wrote. “A second is used as a supplementary attack planner when the actor needs help pivoting within a specific compromised network. In one observed instance, the actor submitted the complete internal topology of an active victim—IP addresses, hostnames, confirmed credentials, and identified services—and requested a step-by-step plan to compromise additional systems they could not access with their existing tools.”

“This activity is distinguished by the threat actor’s use of multiple commercial GenAI services to implement and scale well-known attack techniques throughout every phase of their operations, despite their limited technical capabilities,” Moses continued. “Notably, when this actor encountered hardened environments or more sophisticated defensive measures, they simply moved on to softer targets rather than persisting, underscoring that their advantage lies in AI-augmented efficiency and scale, not in deeper technical skill.”

For attackers, gaining that initial access or foothold into a target network is typically not the difficult part of the intrusion; the tougher bit involves finding ways to move laterally within the victim’s network and plunder important servers and databases. But experts at Orca Security warn that as organizations come to rely more on AI assistants, those agents potentially offer attackers a simpler way to move laterally inside a victim organization’s network post-compromise — by manipulating the AI agents that already have trusted access and some degree of autonomy within the victim’s network.

“By injecting prompt injections in overlooked fields that are fetched by AI agents, hackers can trick LLMs, abuse Agentic tools, and carry significant security incidents,” Orca’s Roi Nisimi and Saurav Hiremath wrote. “Organizations should now add a third pillar to their defense strategy: limiting AI fragility, the ability of agentic systems to be influenced, misled, or quietly weaponized across workflows. While AI boosts productivity and efficiency, it also creates one of the largest attack surfaces the internet has ever seen.”

BEWARE THE ‘LETHAL TRIFECTA’

This gradual dissolution of the traditional boundaries between data and code is one of the more troubling aspects of the AI era, said James Wilson, enterprise technology editor for the security news show Risky Business. Wilson said far too many OpenClaw users are installing the assistant on their personal devices without first placing any security or isolation boundaries around it, such as running it inside of a virtual machine, on an isolated network, with strict firewall rules dictating what kinds of traffic can go in and out.

“I’m a relatively highly skilled practitioner in the software and network engineering and computery space,” Wilson said. “I know I’m not comfortable using these agents unless I’ve done these things, but I think a lot of people are just spinning this up on their laptop and off it runs.”

One important model for managing risk with AI agents involves a concept dubbed the “lethal trifecta” by Simon Willison, co-creator of the Django Web framework. The lethal trifecta holds that if your system has access to private data, exposure to untrusted content, and a way to communicate externally, then it’s vulnerable to private data being stolen.

Image: simonwillison.net.

“If your agent combines these three features, an attacker can easily trick it into accessing your private data and sending it to the attacker,” Willison warned in a frequently cited blog post from June 2025.

As more companies and their employees begin using AI to vibe code software and applications, the volume of machine-generated code is likely to soon overwhelm any manual security reviews. In recognition of this reality, Anthropic recently debuted Claude Code Security, a beta feature that scans codebases for vulnerabilities and suggests targeted software patches for human review.

The U.S. stock market, which is currently heavily weighted toward seven tech giants that are all-in on AI, reacted swiftly to Anthropic’s announcement, wiping roughly $15 billion in market value from major cybersecurity companies in a single day. Laura Ellis, vice president of data and AI at the security firm Rapid7, said the market’s response reflects the growing role of AI in accelerating software development and improving developer productivity.

“The narrative moved quickly: AI is replacing AppSec,” Ellis wrote in a recent blog post. “AI is automating vulnerability detection. AI will make legacy security tooling redundant. The reality is more nuanced. Claude Code Security is a legitimate signal that AI is reshaping parts of the security landscape. The question is what parts, and what it means for the rest of the stack.”

DVULN founder O’Reilly said AI assistants are likely to become a common fixture in corporate environments — whether or not organizations are prepared to manage the new risks introduced by these tools, he said.

“The robot butlers are useful, they’re not going away and the economics of AI agents make widespread adoption inevitable regardless of the security tradeoffs involved,” O’Reilly wrote. “The question isn’t whether we’ll deploy them – we will – but whether we can adapt our security posture fast enough to survive doing so.”

18:07

There Is No Selling Out Anymore [Whatever]

A couple of days ago the New York Times published an essay from writer Jordan Coley called “How Selling Out Made Me a Better Artist,” in which Coley discovers that all the less-than-amazing pay copy he’d written over the years, from marketing to puff-piece articles and everything in-between, actually made his creative and/or more serious journalism work better, not worse. The still-lingering debate of “art vs commerce” weighs heavily in the piece, as do issues of class and race (Coley is black and comes from a working class background, unlike many of his Yale University contemporaries), and how they both impact how one make’s one’s way in a creative trade.

I encourage you read to read the piece (the link above is a gift link so you can read it at your leisure). I don’t know Coley, or have read enough of his work to say anything about it one way or the other. But I certainly remember my freelance writing years (roughly from 1998 to 2010, when the novel gig finally become remunerative enough that it made sense to focus on it primarily), and my willingness not to be proud about how I was making money, because I had bills to pay and a family to support, and there was no financial support system for me to fall back on. My experience with freelancing certainly resonates with his.

In fact, if I do have any judgements to make against anyone in the “art vs commerce” debate, it’s with the sort of person who would look down on anyone who has to work for a living while also trying to write/create things of significance. One, of course, it’s an immensely privileged position to take, and one that is increasingly at odds with the reality of making a living in the writing field, or in the arts generally. It’s never been a great time to be a professional writer, ever, but these days the field is being aggressively hollowed out both from above (newspaper/magazine/Web sites laying off staff positions) and below (“AI” being used, usually poorly, for a gigs that writers used to do). Anyone who looks down their nose at someone else’s hustle to exist, can, genuinely, go fuck themselves. Short of writing hateful material, here in this capitalist hellscape, a gig is a gig.

Two, and as Coley points out in his essay, the experience of the hustle is in itself fertile ground for writing. It makes you develop a range of writing tools you can employ elsewhere, it puts you in situations that you would not have otherwise been and allows you to mine those experiences for later writing, and it makes you get out in the world and see it from the point of view of people who might not have come into your orbit and situation. That includes any day job, not just ones related to the arts. As a writer, and as a creator, nothing one ever does, professionally or personally, needs to be wasted. It’s all fuel for the creative engine.

With all that said, I think it’s important not to construct a strawman opponent, just to burn it down with self-satisfaction. Coley’s battle with “art vs commerce” was more about his own internal battle than it was against the opprobium of others. I have run across a few snobs in my time who seemed to look down at people who had to work for a living, but it’s only been a few. The vast majority of the creative folks I know are entirely comfortable with the idea that you have to pay bills, and sometimes that means doing less than 100% creatively fulfilling work in order to keep the proverbial roof over one’s head. Whether that has to do with me mostly working in genre literature, which has always been the domain of jobbing writers, is a question to be answered some other time.

The point is the internal discussion of “am I wasting my life paying bills when I should be making art” is these days as much if not more often the issue, than any external question about how one is spending one’s time. For myself, I tended to resolve this question as such: The fact of the matter is I am only really ever creative a few hours a day, three or four hours tops, and often less than that. So why not spend that creative downtime, you know, making money? Concurrent to this, the stuff that I was doing to make that money were frequently things I could bat out fast and with facility, enough so that often my train of thought was “I can’t believe how much I’m getting paid to do this.” I wasn’t cheating anyone or ever turning in bad product. It was just, you know, easy. I was delighted to make easy money! I would do it again!

Anyway: If you’re a writer or creator, never be ashamed of what else you do. It’s 2026 and this special flavor of gilded age we live in at the moment means that what qualifies as “selling out” has an extremely high bar. Making a living was very rarely “selling out” in any era. I think these days the phrase should be mostly reserved for writing things you absolutely don’t believe, for the sort of people you would in fact despise, with the result of your work is you making the world worse for everyone. Avoid doing that, please.

Short of that, get paid, have those experiences and develop new tools. All of it will be useful for the art you do care about. That’s not selling out. That’s learning, with compensation.

— JS

17:14

Unsafe to travel in US [Richard Stallman's Political Notes]

Karen Newton, Briton, went to the US with permission for tourism, with her husband. They were jailed for 6 weeks based on no reason she was ever told.

They soon signed forms to agree to deportation, but instead of being sent home, they were kept in jail for weeks first, separated. She was sometimes kept in constant cold, without a bed.

Eventually the deportation thugs stole their luggage.

What she heard in prison was that a thug gets a bonus for each victim perse jails.

16:42

Let me tell you something about AIs. They are not in any way ready to develop the kinds of apps I make. I spent a full week trying to get it to do so. What happened here is that we all were blown away, correctly, with what ChatGPT could do, and loved that it kept getting better. I've used it and Claude to make apps, and that is also amazing, unprecedented, maybe the biggest innovation ever. But. It doesn't have the memory you need to keep a full app in memory at once. And the tools we have now, compilers, editors, runtimes, do remember the whole thing, they are really good at that, but they don't understand at the level a human can and does. And sessions are too limited. And it makes unbelievably huge mistakes. Maybe they will get there, but we also had high hopes for the last breakthrough, the web, in its early days, and it didn't achieve its promise. Turns out the web gets you Trump, and Trump just discovered he has nukes. Cory talks about enshittification and that's right -- but it's even worse than that. The tech industry always oversells the innovation. I am one of them in that regard. In this one I'm so far just a user. Also I haven't given up. Still diggin!

Carville is obviously right. No political party can afford to demonize a group of voters based on gender and race, esp when they make up approx 33% of the electorate.

He was a trust buster [Scripting News]

Reporter at the Guardian: "We don’t talk enough about how morally depraved the tech industry turned out to be. Every single ounce of their self-regarding statements of values was an outright lie." It's true. I was covering tech realistically starting in 1994, was writing for Wired, people thought I was being too hard on them, but I was actually like you too easy. But people didn’t want to believe tech was evil, they believed that the young people that were running tech were idealists and maybe they were when they started, but by the time the billions started flowing and they stopped caring about people and started only caring about money. A piece I wrote in 1996, after going to a tech industry conference."

If he were alive today he'd be busting silos.

12:14

Prefigurement [George Monbiot]

Today’s cruel treatment of Muslims and immigrants was originally crafted as an attack on Jews.

By George Monbiot, published in the Guardian 5^th March 2026

Our political memory fails us. We treat government policies as if we’re seeing them for the very first time. But much of what appears to be novel has deep historical roots. If we fail to understand those roots and the soil in which they grow, we will fail to resist the assaults on our humanity.

The home secretary’s new attack on the rights of immigrants and refugees is shocking and disorienting. Shabana Mahmood wants to raise the qualification period for immigrants to achieve indefinite leave to remain in the UK from five years to 10 (and up to 20 for refugees). It looks outlandish. So does her wider assault on asylum seekers, denying them permanent refugee status even if their claims are successful. But both are eerily familiar.

Just over a century ago, in 1924, the prime minister, Stanley Baldwin, sought to appease rightwingers by appointing Sir William Joynson-Hicks as home secretary. As Martin Pugh notes in his 2005 book, Hurrah for the Blackshirts!, Joynson-Hicks had “established himself as an unapologetic antisemite”. As home secretary, he “raised the hurdle” for immigrants to achieve “naturalisation” (equivalent to indefinite leave to remain) “from five to 10 years, and to 15 years for Russians”. “Russians” tended to mean Jewish refugees, fleeing pogroms and other oppressions.

Joynson-Hicks made it as hard as possible for refugees to settle in the UK. As the historian David Cesarani has noted, the home secretary “issued instructions to immigration officers to increase their vigilance and never to give the benefit of the doubt to an alien attempting to enter the country”. He visited the ports “to examine the tighter procedures and encourage officials to greater zeal”. In other words, while there is no suggestion that Mahmood is an antisemite like Joynson-Hicks, his policies uncannily prefigured Mahmood’s.

The same goes for the context. The rightwing press, led by the Times, the Daily Mail, the Express, the National Review and the Morning Post, had spent the preceding 20 years whipping up paranoia about a “flood” of “aliens” and “undesirables” entering the country. “Aliens” and “undesirables” tended to be code for Jews. Jews in Britain were widely accused of “tribalism”, of refusing to “assimilate”, of being “un-English” and unpatriotic and of “leeching” off the state. The Imperial Fascist League issued stickers with the slogan: “Britons! Do not allow Jews to tamper with white girls.” Jewish immigrants were blamed for the housing shortage and unemployment.

Joynson-Hicks spoke disparagingly of Jews, who, he claimed, “put their Jewish or foreign nationality before their English nationality”. He maintained that left wing politicians “would like to see England flooded with the whole of the alien refuse from every country in the world”. Many rightwingers believed there was a conspiracy to create a Jewish world order.

In other words, the stories being told about Muslims and immigrants today are the same stories that were being told about Jews a century ago. Both Muslims and immigrants are now accused of tribalism and a failure to assimilate, of hostility to “British values” and of “tampering with white girls”. They are blamed for the housing shortage and unemployment and for “leeching” off the state. Rightwing conspiracy fictions claim that Muslims in Britain are seeking to create an Islamic world order in the form of a “global caliphate”. Figures such as Suella Braverman and Matthew Goodwin suggest that people from ethnic minorities cannot be truly English or truly British. Braverman proposes a literal blood-and-soil definition of Englishness, “rooted in ancestry, heritage, and, yes, ethnicity” with “generational ties to English soil”.

Just like the age-old generalisations about Jews, these characterisations are entirely false. To give one example, a poll last month found that Muslims in both the UK and the US are more likely than non-Muslims to believe that “democracy is the best system of government” and to express loyalty to the country.

So why all the hatred? Well, the primary source is the same as it was a century ago: the media. Still the Daily Mail (now owned by the 4th Lord Rothermere), the Express and other newspapers pour division and bile into our lives. Today they are supplemented by outlets such as GB News and the social media site X. But just as they did 100 years ago, governments will blame anyone and anything else for polarisation and hate. Last week both Keir Starmer and Nigel Farage, apparently reading from the same script, took this blame-shifting in a remarkable new direction by accusing the Green party of “sectarianism”, which appears to mean that it attracted Muslim votes. Is “sectarian” now code for Muslim?

If you want to stop hatred, polarisation and division, stand up to the rightwingmedia. This, too, is a lesson from the past. The alliance between the first Lord Rothermere’s Daily Mail and Sir Oswald Mosley’s British Union of Fascists could have led to disaster. But in 1934, soon after Rothermere published his notorious Hurrah for the Blackshirts! article and Mosley held his monster rally in London’s Olympia, one of the Daily Mail’s biggest advertisers, J Lyons & Co, owned by a Jewish family, threatened a boycott unless the newspaper dropped its support for fascism. When the Mail caved and withdrew its blessing from Mosley, his movement began to wither. I write this with pride, as the family were my ancestors, and the Lyons chairman at the time my great-great uncle Sir Isidore Salmon.

Of course, it shouldn’t have been left to advertisers. Then and now, it’s the government that needs to confront the lies in the media. Instead, it endorses them and grovels to the oligarchs.

One result is that governments are constantly behind the curve. Net migration might turn negative this year, with dire consequences for crucial public services, especially hospitals, care homes and universities as well as many private employers. In political terms, the government’s rightwing policies are equally destructive. Not only does the latest polling put the Greens ahead of Labour for the first time in history, it also shows that of those who voted Labour in 2024, only 37% intend to do so now: an astonishing collapse. To appease the billionaire press, Starmer’s government has burnt its house down.

“Scheming aliens undermining our values” is a narrative built across a century and more, originally by antisemites. It has been drilled into our heads as if it were an incontrovertible truth. It creates an environment in which every minority becomes less safe – not just Muslims, recent immigrants, refugees, Black and Brown people, but also Jews and everyone else who has suffered at the hands of the far right. Learn it or repeat it: that is, and has always been, our choice.

www.monbiot.com

11:49

Project Hail Mary by Andy Weir [Judith Proctor's Journal]

Absolutely bloody fabulous!

I have the audiobook and have listened to it many times.

I love the science, I love the characters, I love the problems that the characters have to face and the way these are tackled.

I'm not in the least surprised they're making a movie, and I'm going to see it as soon as it opens.

The plot is ingenious and unlike any other I've encountered. Earth's sun is losing energy - which means everyone on Earth will die as the world gets colder and colder. There is a limited time span in which to try and find out what is causing the problem and what, if anything can be done about it.

Everything goes in a single 'Hail Mary' project - the only thing that might, possibly might, find a solution.

If you haven't already read it, buy it. (Unless you read and hated 'The Martian', but I don't know anyone who did...)

comments

This is How you Lose the Time War by Amal el-Mohtar [Judith Proctor's Journal]

This book just didn't work for me. I only got part way through before abandoning it.

It's a clever idea, that characters involved on opposing side of a long-running time war start a correspondence, but I found I had little interest in the characters, and little idea of why the time war was being fought.

The descriptive text is very good, but that's not enough to hook me on a book.

comments

Mythos /Heroes by Stephen Fry [Judith Proctor's Journal]

Heroes is well written, as you'd expect from Stephen Fry, and has some gentle touches of humour.

The problem is that after a while the Greek myths all start to feel the same. You don't want to read them all in a short period of time. They're not exactly in depth stories.

This is a book that I think I will dip into now and then, but having got part way through, I've no urge to finish it all in a few sittings.

3/5

comments

11:07

Irregular Webcomic! #3057 [Irregular Webcomic!]

Irregular Webcomic! #3057

09:28

Confused about donations [Seth's Blog]

A suite at a New York Knicks game costs more than $30,000. Is that a donation to the team?

Why do we differentiate between the money spent on a Super Bowl ticket and the check we write for a worthy cause?

Does calling it a “donation” make it more valuable or less valuable to us?

Fundraisers can fall into the trap of believing that they’re asking for a favor or begging for a donation. But human beings, like all creatures, exchange time, money or risk in return for something. When that exchange is insufficient to cause action, we don’t do it.

The anonymous donor gets something. Something priceless, memorable and worthwhile: peace of mind.

The public donor, whether it’s the neighbor buying a raffle ticket for the scout fundraiser or the bigwig on the board of a museum, they get something as well. The status and connection they buy is a bargain, worth more than it costs. In fact, if it wasn’t worth more than it costs, they wouldn’t buy it.

The fundraiser isn’t asking for a favor. They’re offering an opportunity.

08:21

z-spot [Oglaf! -- Comics. Often dirty.]

04:49

What If We Kissed Under the Chihuly [Whatever]

New hairpiece y/n
— John Scalzi (@scalzi.com) 2026-03-07T16:32:53.343Z

This particular one is found at the San Antonio Public Library, and it’s a doozy. They tell me it’s disassembled every couple of years in order to clean it. I could never do that job. I would break everything and have to live in shame for the rest of my days.

In other news, today’s Pop Madness convention at the library was lovely. Martha Wells and I had a full room for our conversation, and my signing line went on for a while (thank you to everyone who stuck it out). Plus I ate some absolutely amazing empanadas. It was a good day.

— JS

Saturday, 07 March

21:35

Huston: Revisiting time [LWN.net]

Geoff Huston looks at the network time protocol, and efforts to secure it, in detail.

NTP operates in the clear, and it is often the case that the servers used by a client are not local. This provides an opportunity for an adversary to disrupt an NTP session, by masquerading as a NTP server, or altering NTP payloads in an effort to disrupt a client's time-of-day clock. Many application-level protocols are time sensitive, including TLS, HTTPS, DNSSEC and NFS. Most Cloud applications rely on a coordinated time to determine the most recent version of a data object. Disrupting time can cause significant chaos in distributed network environments.
While it can be relatively straightforward to secure a TCP-based protocol by adding an initial TLS handshake and operating a TLS shim between TCP and the application traffic, it's not so straightforward to use TLS in place of a UDP-based protocol for NTP. TLS can add significant jitter to the packet exchange. Where the privacy of the UDP payload is essential, then DTLS might conceivably be considered, but in the case of NTP the privacy of the timestamps is not essential, but the veracity and authenticity of the server is important.

NTS, a secured version of NTP, is designed to address this requirement relating to the veracity and authenticity of packets passed from a NTS server to an NTS client. The protocol adds a NTS Key Establishment protocol (NTS-KE) in additional to a conventional NTPv4 UDP packet exchange (RFC 8915).

21:28

Cory, RSS has never been dormant [Scripting News]

I love the piece Cory Doctorow just posted, but he says something that follows a pattern, the way journalists can say something's dead because they heard it as conventional wisdom.

Development around RSS has never "lain dormant." That's a perception not reality. Let's stop handicapping what we agree is a very useful and freedom-building system like RSS. You're telling the story that makes people believe it's gone. It is not gone.
Without the NYT the rest of the news publishing world would probably have never adopted RSS. The NYT drove the liftoff of RSS. Google's product did come to dominate, but there were excellent feed readers long before that.

Happened to the Mac too

In the early days of the web, it was conventional wisdom that there was no new software for the Mac, all the developers were flocking to Windows. Maybe all the devs were, but the best web server and development software, writing software, was on the Mac.

A blogroll for 2026

BTW, since you mention Kottke's blogroll, I'd love for you to have a look at mine. You can see it on my blog at scripting.com, or on the WordPress version of my blog at daveverse.org. A screen shot.
It's a realtime blogroll, the blogs appear in the order in which they last updated. You can expand each item to see the titles of the last five pieces, with a 300-char excerpt, and a link to read the whole thing. It's the blogroll I wanted in the early 00s, a clear indication that there's nothing dormant going on here, Cory.
You can install it on your own system, it works as a WordPress plugin, so it's especially easy to use it on a WordPress site.

My old ass

I'm working my old ass off developing for the web and RSS every freaking day Cory.
I won't stop until we have a social web running with all replaceable parts, no lock-in, as decentralized as the web itself and of course RSS is part of the web.

20:49

The Boat of Small Mysteries - Robyn Beecroft [Judith Proctor's Journal]

It's so nice to read a book involving narrowboats by someone who actually knows what they are writing about!

I remember once reading a romance involving a narrowboat and spending more time mentally nitpicking than getting involved in the romance...

Beecroft knows how a weed hatch works and what you use it for, and likewise for the rest of the waterways equipment.

Does it also work as a novel? Yes, it's a gentle story, made up of different people whom Emily meets and re-meets along the inland waterways. I particularly enjoyed the group of student with their floating party, who keep needing Emily's help due to their general ineptness with narrowboats.

Emily has her own, health-related problems, but there are also other boaters happy to assist her when her pain flares up too badly.

People help her, and she solves problems for them.

There is also romance, but romance with a very Beecroft twist - which happens to work for me :)

comments

19:21

Guards Guards, by Terry Pratchett [Judith Proctor's Journal]

'Guards Guards' is Pratchett on top form (much though I love his books, some are much better than others...).

It's the first book about Sam Vimes and the Night Watch, and we get to know and love the characters who will make many appearances in later books.

It's got a plot that makes sense, and has some good twists in it.

It's funny, but it also has characters who feel like real people. Sam Vimes the drunk captain of the Watch has pretty much given up on everything, finds there are some things that even he won't give up on.

The various mystical brotherhoods that meet in Ankh Morepork are hilarious.

My favourite character is Lady Sybil Ramkin, breeder of swamp dragons. The kind of person whose family goes back so far that she is perfectly comfortable spending all her days dressed in old clothes and mucking out dragon pens, and feels no need to attend balls and the like.

This is the story where the Librarian (an orangutan, for those who don't already know) gets enlisted into the Guard, and we discover the mysteries of L-space...

comments

18:35

Pluralistic: The web is bearable with RSS (07 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

The web is bearable with RSS: And don't forget "Reader Mode."
Hey look at this: Delights to delectate.
Object permanence: Eyemodule x Disneyland; Scott Walker lies; Brother's demon-haunted printer; 4th Amendment luggage tape; Sanders x small donors v media; US police killings tallied.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

The web is bearable with RSS (permalink)

Never let them tell you that enshittification was a mystery. Enshittification isn't downstream of the "iron laws of economics" or an unrealistic demand by "consumers" to get stuff for free.

Enshittification comes from specific policy choices, made by named individuals, that had the foreseeable and foreseen result of making the web worse:

https://pluralistic.net/2025/10/07/take-it-easy/#but-take-it

Like, there was once a time when an ever-increasing proportion of web users kept tabs on what was going on with RSS. RSS is a simple, powerful way for websites to publish "feeds" of their articles, and for readers to subscribe to those feeds and get notified when something new was posted, and even read that new material right there in your RSS reader tab or app.

RSS is simple and versatile. It's the backbone of podcasts (though Apple and Spotify have done their best to kill it, along with public broadcasters like the BBC, all of whom want you to switch to proprietary apps that spy on you and control you). It's how many automated processes communicate with one another, untouched by human hands. But above all, it's a way to find out when something new has been published on the web.

RSS's liftoff was driven by Google, who released a great RSS reader called "Google Reader" in 2007. Reader was free and reliable, and other RSS readers struggled to compete with it, with the effect that most of us just ended up using Google's product, which made it even harder to launch a competitor.

But in 2013, Google quietly knifed Reader. I've always found the timing suspicious: it came right in the middle of Google's desperate scramble to become Facebook, by means of a product called Google Plus (G+). Famously, Google product managers' bonuses depended on how much G+ engagement they drove, with the effect that every Google product suddenly sprouted G+ buttons that either did something stupid, or something that confusingly duplicated existing functionality (like commenting on Youtube videos).

Google treated G+ as an existential priority, and for good reason. Google was running out of growth potential, having comprehensively conquered Search, and having repeatedly demonstrated that Search was a one-off success, with nearly every other made-in-Google product dying off. What successes Google could claim were far more modest, like Gmail, Google's Hotmail clone. Google augmented its growth by buying other peoples' companies (Blogger, YouTube, Maps, ad-tech, Docs, Android, etc), but its internal initiatives were turkeys.

Eventually, Wall Street was going to conclude that Google had reached the end of its growth period, and Google's shares would fall to a fraction of their value, with a price-to-earnings ratio commensurate with a "mature" company.

Google needed a new growth story, and "Google will conquer Facebook's market" was a pretty good one. After all, investors didn't have to speculate about whether Facebook was profitable, they could just look at Facebook's income statements, which Google proposed to transfer to its own balance sheet. The G+ full-court press was as much a narrative strategy as a business strategy: by tying product managers' bonuses to a metric that demonstrated G+'s rise, Google could convince Wall Street that they had a lot of growth on their horizon.

Of course, tying individual executives' bonuses to making a number go up has a predictably perverse outcome. As Goodhart's law has it, "Any metric becomes a target, and then ceases to be a useful metric." As soon as key decision-makers' personal net worth depending on making the G+ number go up, they crammed G+ everywhere and started to sneak in ways to trigger unintentional G+ sessions. This still happens today – think of how often you accidentally invoke an unbanishable AI feature while using Google's products (and products from rival giant, moribund companies relying on an AI narrative to convince investors that they will continue to grow):

https://pluralistic.net/2025/05/02/kpis-off/#principal-agentic-ai-problem

Like I said, Google Reader died at the peak of Google's scramble to make the G+ number go up. I have a sneaking suspicion that someone at Google realized that Reader's core functionality (helping users discover, share and discuss interesting new web pages) was exactly the kind of thing Google wanted us to use G+ for, and so they killed Reader in a bid to drive us to the stalled-out service they'd bet the company on.

If Google killed Reader in a bid to push users to discover and consume web pages using a proprietary social media service, they succeeded. Unfortunately, the social media service they pushed users into was Facebook – and G+ died shortly thereafter.

For more than a decade, RSS has lain dormant. Many, many websites still emit RSS feeds. It's a default behavior for WordPress sites, for Ghost and Substack sites, for Tumblr and Medium, for Bluesky and Mastodon. You can follow edits to Wikipedia pages by RSS, and also updates to parcels that have been shipped to you through major couriers. Web builders like Jason Kottke continue to surface RSS feeds for elaborate, delightful blogrolls:

https://kottke.org/rolodex/

There are many good RSS readers. I've been paying for Newsblur since 2011, and consider the $36 I send them every year to be a very good investment:

https://newsblur.com/

But RSS continues to be a power user-coded niche, despite the fact that RSS readers are really easy to set up and – crucially – make using the web much easier. Last week, Caroline Crampton (co-editor of The Browser) wrote about her experiences using RSS:

https://www.carolinecrampton.com/the-view-from-rss/

As Crampton points out, much of the web (including some of the cruftiest, most enshittified websites) publish full-text RSS feeds, meaning that you can read their articles right there in your RSS reader, with no ads, no popups, no nag-screens asking you to sign up for a newsletter, verify your age, or submit to their terms of service.

It's almost impossible to overstate how superior RSS is to the median web page. Imagine if the newsletters you followed were rendered with black, clear type on a plain white background (rather than the sadistically infinitesimal, greyed-out type that designers favor thanks to the unkillable urban legend that black type on a white screen causes eye-strain). Imagine reading the web without popups, without ads, without nag screens. Imagine reading the web without interruptors or "keep reading" links.

Now, not every website publishes a fulltext feed. Often, you will just get a teaser, and if you want to read the whole article, you have to click through. I have a few tips for making other websites – even ones like Wired and The Intercept – as easy to read as an RSS reader, at least for Firefox users.

Firefox has a built-in "Reader View" that re-renders the contents of a web-page as black type on a white background. Firefox does some kind of mysterious calculation to determine whether a page can be displayed in Reader View, but you can override this with the Activate Reader View, which adds a Reader View toggle for every page:

https://addons.mozilla.org/en-US/firefox/addon/activate-reader-view/

Lots of websites (like The Guardian) want you to login before you can read them, and even if you pay to subscribe to them, these sites often want you to re-login every time you visit them (especially if you're running a full suite of privacy blockers). You can skip this whole process by simply toggling Reader View as soon as you get the login pop up. On some websites (like The Verge and Wired), you'll only see the first couple paragraphs of the article in Reader View. But if you then hit reload, the whole article loads.

Activate Reader View puts a Reader View toggle on every page, but clicking that toggle sometimes throws up an error message, when the page is so cursed that Firefox can't figure out what part of it is the article. When this happens, you're stuck reading the page in the site's own default (and usually terrible) view. As you scroll down the page, you will often hit pop-ups that try to get you to sign up for a mailing list, agree to terms of service, or do something else you don't want to do. Rather than hunting for the button to close these pop-ups (or agree to objectionable terms of service), you can install "Kill Sticky," a bookmarklet that reaches into the page's layout files and deletes any element that isn't designed to scroll with the rest of the text:

https://github.com/t-mart/kill-sticky

Other websites (like Slashdot and Core77) load computer-destroying Javascript (often as part of an anti-adblock strategy). For these, I use the "Javascript Toggle On and Off" plugin, which lets you create a blacklist of websites that aren't allowed to run any scripts:

https://addons.mozilla.org/en-US/firefox/addon/javascript-toggler/

Some websites (like Yahoo) load so much crap that they defeat all of these countermeasures. For these websites, I use the "Element Blocker" plug-in, which lets you delete parts of the web-page, either for a single session, or permanently:

https://addons.mozilla.org/en-US/firefox/addon/element-blocker/

It's ridiculous that websites put so many barriers up to a pleasant reading experience. A slow-moving avalanche of enshittogenic phenomena got us here. There's corporate enshittification, like Google/Meta's monopolization of ads and Meta/Twitter's crushing of the open web. There's regulatory enshittification, like the EU's failure crack down on companies the pretend that forcing you to click an endless stream of "cookie consent" popups is the same as complying with the GDPR.

Those are real problems, but they don't have to be your problem, at least when you want to read the web. A couple years ago, I wrote a guide to using RSS to improve your web experience, evade lock-in and duck algorithmic recommendation systems:

https://pluralistic.net/2024/10/16/keep-it-really-simple-stupid/#read-receipts-are-you-kidding-me-seriously-fuck-that-noise

Customizing your browser takes this to the next level, disenshittifying many websites – even if they block or restrict RSS. Most of this stuff only applies to desktop browsers, though. Mobile browsers are far more locked down (even mobile Firefox – remember, every iOS browser, including Firefox, is just a re-skinned version of Safari, thanks to Apple's ban rival browser engines). And of course, apps are the worst. An app is just a website skinned in the right kind of IP to make it a crime to improve it in any way:

https://pluralistic.net/2024/05/07/treacherous-computing/#rewilding-the-internet

And even if you do customize your mobile browser (Android Firefox lets you do some of this stuff), many apps (Twitter, Tumblr) open external links in their own browser (usually an in-app Chrome instance) with all the bullshit that entails.

The promise of locked-down mobile platforms was that they were going to "just work," without any of the confusing customization options of desktop OSes. It turns out that taking away those confusing customization options was an invitation to every enshittifier to turn the web into an unreadable, extractive, nagging mess. This was the foreseeable – and foreseen – consequence of a new kind of technology where everything that isn't mandatory is prohibited:

https://memex.craphound.com/2010/04/01/why-i-wont-buy-an-ipad-and-think-you-shouldnt-either/

Hey look at this (permalink)

The Real Litmus Test for Democratic Presidential Candidates https://www.hamiltonnolan.com/p/the-real-litmus-test-for-democratic
Users fume over Outlook.com email 'carnage' https://www.theregister.com/2026/03/04/users_fume_at_outlookcom_email/
You Bought Zuck’s Ray-Bans. Now Someone in Nairobi Is Watching You Poop. https://blog.adafruit.com/2026/03/04/you-bought-zucks-ray-bans-now-someone-in-nairobi-is-watching-you-poop/
Indefinite Book Club Hiatus https://whatever.scalzi.com/2026/03/03/indefinite-book-club-hiatus/
Art Bits from HyperCard https://archives.somnolescent.net/web/mari_v2/junk/hypercard/

Object permanence (permalink)

#25yrsago 200 Eyemodule photos from Disneyland https://craphound.com/030401/

#20yrsago Fourth Amendment luggage tape https://ideas.4brad.com/node/367

#15yrsago Glenn Beck’s syndicator runs a astroturf-on-demand call-in service for radio programs https://web.archive.org/web/20110216081007/http://www.tabletmag.com/life-and-religion/58759/radio-daze/

#15yrsago 20 lies from Scott Walker https://web.archive.org/web/20110308062319/https://filterednews.wordpress.com/2011/03/05/20-lies-and-counting-told-by-gov-walker/

#10yrsago The correlates of Trumpism: early mortality, lack of education, unemployment, offshored jobs https://web.archive.org/web/20160415000000*/https://www.washingtonpost.com/news/wonk/wp/2016/03/04/death-predicts-whether-people-vote-for-donald-trump/

#10yrsago Hacking a phone’s fingerprint sensor in 15 mins with $500 worth of inkjet printer and conductive ink https://web.archive.org/web/20160306194138/http://www.cse.msu.edu/rgroups/biometrics/Publications/Fingerprint/CaoJain_HackingMobilePhonesUsing2DPrintedFingerprint_MSU-CSE-16-2.pdf

#10yrsago Despite media consensus, Bernie Sanders is raising more money, from more people, than any candidate, ever https://web.archive.org/web/20160306110848/https://www.washingtonpost.com/politics/sanders-keeps-raising-money–and-spending-it-a-potential-problem-for-clinton/2016/03/05/a8d6d43c-e2eb-11e5-8d98-4b3d9215ade1_story.html

#10yrsago Calculating US police killings using methodologies from war-crimes trials https://granta.com/violence-in-blue/

#1yrago Brother makes a demon-haunted printer https://pluralistic.net/2025/03/05/printers-devil/#show-me-the-incentives-i-will-show-you-the-outcome

#1yrago Two weak spots in Big Tech economics https://pluralistic.net/2025/03/06/privacy-last/#exceptionally-american

Upcoming appearances (permalink)

San Francisco: Launch for Cindy Cohn's "Privacy's Defender" (City Lights), Mar 10
https://citylights.com/events/cindy-cohn-launch-party-for-privacys-defender/
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
London: Resisting Big Tech Empires (LSBU)
https://www.tickettailor.com/events/globaljusticenow/2042691
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

The Virtual Jewel Box (U Utah)
https://tanner.utah.edu/podcast/enshittification-cory-doctorow-matthew-potolsky/
Tanner Humanities Lecture (U Utah)
https://www.youtube.com/watch?v=i6Yf1nSyekI
The Lost Cause
https://streets.mn/2026/03/02/book-club-the-lost-cause/
Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1012 words today, 45361 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Bluesky (no ads, possible tracking and data-collection):

https://doctorow.medium.com/
https://twitter.com/doctorow

Medium (no ads, paywalled):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

17:35

Claude is not doing well today, seriously not working well, think it must be they're coping with a large influx of new users.

14:28