Wednesday, 01 July

18:07

The Big Idea: Shalini Abeysekara [Whatever]

Ever wonder what really goes on after the “happily ever after” line? Author Shalini Abeysekara had closed the door on her previous novel, but left the door unlocked as she came back to that world to bring us This Blade of Ours, the sequel she never expected to write. Follow along in her Big Idea to see how the “happily ever after” ending got pushed back another book.

SHALINI ABEYSEKARA:
There are a few things an author hopes will happen after typing “The End.” One, that they can finally imbibe a glass of wine, fructose syrup drink, or another preferred poison and sleep off a creative high and a bittersweet farewell to their characters. Two, that future readers who arrive at this last page of their oeuvre will rave about the book. Three, that the author won’t have to partially undo some of their work.

Well, that last part hit a snag when my publisher requested a sequel to my debut romantasy, This Monster of Mine. I grabbed the book deal with both hands, of course; I’m not about to turn down a chance to revisit a world I loved. Yet, the first book’s villains had been defeated. The heroes were in power. Where was the story to go after “The End”? But wait. Is the end of a battle really the end of a war?
This Blade of Ours was the result of a thought experiment by an avid student of political history (me) and a very harried author who had six weeks to pull together a reworking of her duology (also me). What happens when the figureheads to an ideology have been defeated, but the governmental structures and fanatical adherents who carried those villains to power still persist? How do our heroes navigate a divided land that will now eye them critically since they’ve gone from underdogs to victors? Most importantly, how was I to provide some manner of answer to these questions while also rounding off this duology in a satisfying way?
The long answer as to how I pulled this off involves sleepless nights, more caffeine than any national health council would recommend, and equal parts self-pity and self-doubt. But the short answer was this: look to history and consider a ‘what if?’ My duology was already set in a world loosely-inspired by the Roman Empire at its height. I had drawn on the concept of the Tetrarchy—a ruling system instituted by Emperor Diocletian wherein two senior rulers managed the empire’s conquests and misadventures with two junior rulers shadowing them to take their place. The system was supposed to repeat ad infinitum, and many hands/heads were supposed to make light work. It certainly seemed to for close to thirty-one years. Alas, the rise of the Roman dictatorship put a quick end to that experiment.

My first book examined what that Tetrarchy might have evolved to: an oligarchy of four judges ruling the land. The book considered the pros and flaws of such rule, and the characters battled those who sought to steer it towards a dictatorship. Thus, I thought, it stood to reason that this sequel could examine the consequences of successfully halting that shift towards authoritarianism: irate supporters of book 1’s villains insisting that the whole final showdown was a farce, governmental structures in flux during a transition of leadership, accusations of a coup, religious leaders taking sides.

And romance of course, lest anyone forget that this is a romantasy. A book that perhaps felt timely but ancient, cataloguing the ouroboros of the human condition as much as trying to paint some facets in an engaging delight. To say it gave me immense joy to run untrammelled across a page when bringing this story to life would be an understatement. Finally, all those documentaries and hours of being a history nerd put to good use!
But readers (as I am) are loathe to be preached to and authors (as I am) are generally reluctant to preach. And though the Big Idea behind this book was a question, there are no answers to the human condition of in-groups, out-groups, war, greed, hope, and love. Only roads less travelled. I had already drawn from history.

So, I threw in elements history hadn’t seen. I pulled from the fantastical and built eldritch gods who begin an unusual divine intervention into the chaos of humanity: razing as many as they can because they really think we’re hopeless. I tried to steer from traditional romantasy tropes and leaned towards the deeply human. I gave my heroine and anti-hero vast reserves of determination, anger, and desperation. Enough to remain flawed, enough to keep fighting while questioning why they do. Their morals waver (to be fair, the anti-hero didn’t have many to begin with), their conviction falters, and their motivations grow selfish, but they fundamentally seek hope. As I think we all do, so that put any preachiness out of the picture. I hope.
I’m deeply proud of the result of this vortex of decisions. Not because it’s some highfaluting novel but, to be honest, because I just loved writing it. I doubt I’ll ever see my work as anything but flawed. Still, writing This Blade of Ours was a wonderful experience of examining the road after the finish line and mirrored my personal journey after the writing of its predecessor, my debut novel. There is always more. What a privilege. What a delight.


This Blade of Ours: Amazon|Barnes & Noble |Bookshop|Powell’s

Author’s Socials: Website|Instagram|TikTok

17:42

It rather involved being on the other side of this airtight hatchway: Changing administrative settings [The Old New Thing]

A security vulnerability report arrived that went roughly like this:

An attacker can bypass security policies by modifying the following registry keys to disable ⟦security feature 1⟧ and ⟦security feature 2⟧.

The statement is true, but what they don’t mention is that administrator privileges are required to modify those keys. This is like saying that a door lock is insecure because you can open the door from the inside. If you are inside, then you have already gotten past the door!

Indeed, the purpose of those keys is to define the security policy in the first place! So it boils down to “It’s a security vulnerability that an administrator can change a security policy.”

What the security researcher found was that if your system has been compromised, the first guy who gets into your inner sanctum can make your system even more vulnerable.¹ If you assume that the attacker has full control, then it’s not surprising that they control everything.

¹ Isn’t this the plot to half of the sci-fi movies ever made? The plucky hero sneaks behind enemy lines in order to disable the bad guys’ shields long enough to let the rest of the team in. This isn’t a security flaw in the shields. It’s a security flaw in whatever was supposed to protect the switch that turns off the shields.

The sci-fi movie analogy would be “If we can get to the switch that turns off the shields, then we can turn them off!”

Well, yeah. The hard part is getting into the room that has the switch.

It rather involved being on the other side of this airtight hatchway.

Bonus chatter: This is a repeat of It rather involved being on the other side of the airtight hatchway: Disabling a security feature as an administrator, but this type of bogus vulnerability report happens so much, I wrote it up again before I realized that it was a duplicate.

The post It rather involved being on the other side of this airtight hatchway: Changing administrative settings appeared first on The Old New Thing.

2026 mid-year link clearance [The Old New Thing]

Oh boy, more random stuff.

  • The hardest working font in Manhattan: Marcin Wichary digs up the history of the font named Gorton. I grew up with this font, seeing it not only on punch card keyboards but also in a Leroy lettering kit that we used in sixth grade graphics class when we studied mechanical drawing.
  • RollerCoaster Tycoon’s Overengineered Puking System. Learn more than you ever needed to know about the algorithms in the game RollerCoaster Tycoon that determine when a park guest pukes. No really.
  • The Spaghetti Policy for All MLB Teams by the appropriately named Sickos Committee breaks down the outside food policies for all of teams in Major League Baseball to determine which ones would let you bring in a gallon of spaghetti. The first part is fairly straightforward, but it gets far more weird (and sicko) as they look at the stadiums where a gallon of spaghetti might not be permitted. (Background information: Sports fans in Philadelphia have a reputation for poor behavior. These are the people who booed Santa Claus and pelted him with snowballs.)
  • We have reached the second generation now. “Microsoft invented “escrow builds” to launch functional apps – that’s internal ‘Microspeak’ jargon for quality control” is a rehash of my article on the history of the term “escrow”, but the article appears to just be a suspicious mishmash of fragments from the article. For example, in the sentence “He described it as unhelpful because the blog essentially described a metaphor using another metaphor” the antecedents of “it” and “the blog” are not present in the article, leading the reader to think that “it” is the explanation of what escrow means and that “the blog” is my blog. On top of that, the title of the article introduces the phrase “launch functional apps” (whatever that means), even though none of those three words appear anywhere in the original article, nor in the dodgy rehash. Undaunted, a different AI content farm picked up on that article and somehow expanded it into an even longer article that conveys even less information.

The post 2026 mid-year link clearance appeared first on The Old New Thing.

16:42

Pluralistic: Technocarcinization (01 Jul 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links



Two crabs dance with their claws entwined; one has the Google logo on its back, the other, the Apple logo. Their audience is a much larger crab, bearing the Meta logo. The scene is set on a dune.

Technocarcinization (permalink)

"Carcinization" is a curious biological phenomenon: given enough time, across many environments, many species will evolve into crabs. The body-type of a crab, with its low center of gravity, sideways gait (useful for evading predators), ease of concealment and protected organs is suitable to many different environments:

https://en.wikipedia.org/wiki/Carcinisation

Lately, I've watched the American Big Tech platforms as they underwent their own form of technocarcinization, which is when every tech company turns into Facebook.

A 2x2 grid. The vertical axis is labeled 'more surveillant.' The horizontal axis is labeled 'more control-freaky.' The top right quadrant has the Google logo. The top left, the Facebook and Instagram logos. The bottom left has the Apple logo. The bottom right has a Free Software Foundation Gnu.

For a long time, it seemed to me that you could make sense of the tech platforms by placing them into one of four quadrants on a 2×2 grid, in which one axis denoted "control freakishness" and the other, "surveillance."

Each quadrant had its own canonical company. The most surveillant/least controlling company (top left) was Google. They would let you roam the whole wide internet and exert no control over your conduct, but would spy on you wherever you went. The least surveillant/most controlling company was Apple, who imprisoned you in its manicured walled garden, but promised never to spy on you. The non-spying/non-controlling option is free/open source tech (of course), which doesn't care what you do, and doesn't watch you do it. And the most spying, most controlling company was Facebook, a company whose products did everything they could to imprison you within their virtual walls, from which vantage they could effect maximal surveillance.

I've used this comparison many times over the years. I included in my 2023 book The Internet Con, along with the joke that Tiktok's position on the grid was so far up and to the right (maximum surveillance and control) that we'd had to put its logo on the back cover. Enough people took this joke seriously and wrote in to complain that they'd gotten a misprint without the logo that we added it to the paperback:

https://www.versobooks.com/products/3035-the-internet-con

The grid was useful, until technocarcinization started to push all the tech companies into that top right quadrant. Apple is no longer the company that protects you from surveillance – they're the company that spies on you, having secretly added a total surveillance system to the iPhone to target ads to you:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Apple can't even claim to protect you from third-party surveillance. Sure, they block Facebook from spying on you, but they have barred ICE Block, an app that tells you if there are ICE chuds hunting in your neighborhood, looking to kidnap you and send you to a concentration camp. Apple declared ICE mercenaries to be a "protected class":

https://pluralistic.net/2025/10/06/rogue-capitalism/#orphaned-syrian-refugees-need-not-apply

And thanks to Apple's control-freakery – which prevents you from overriding Apple's decisions about your own devices – once Apple decides to spy on you or sell you out to fascist goons, there's nothing you can do about it:

https://locusmag.com/feature/cory-doctorow-neofeudalism-and-the-digital-manor/

Then there's Google, the company that ran a free-range livestock operation in which you could roam wherever you liked, because they could always find you when it was time for the slaughter. For years now, Google has been moving inexorably to the kind of control-freak nonsense that you used to only find in one of Apple's crystal prisons.

For example, every year or two, Google floats a proposal to use secure hardware in your device to rat you out if you've got an ad-blocker, privacy blocker, or other aftermarket add-on that lets you choose how you experience the digital world:

https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai

It's an idea they just can't quit, despite the fact that it's fucking abominable and everyone hates it:

https://pluralistic.net/2026/06/12/compelled-speech/#quishing

Google used to pride itself in its ability to send you to the open web, viewing search as a conduit to other peoples' resources. Now, with AI search summaries, Google is harvesting the open web and then eating the seed corn, keeping searchers inside of Google's walled garden:

https://pluralistic.net/2026/06/29/arsonist-firefighters/#im-feeling-lucky

Google also took the idea of a free/open browser and ran with it, rehabilitating some discarded Apple code and turning it into Chrome, the internet's most dominant browser – by far. Now, Google is nerfing that browser's plug-in architecture in a way that blocks all kids of user-tunable options, including and especially ad-blocking:

https://protonprivacy.substack.com/p/google-is-finally-killing-ublock

And Google has also announced that they're going to turn Android into an iPhone, making it both technically challenging and radioactively illegal for you to install software of your choosing on your own property:

https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/

Google is adopting every one of Apple's worst practices, and Apple is adopting all of Google's worst practices, and so they're both turning into Facebook: technocarcinization!

What's driving this technocarcinization? Well, the obvious answer is that the more Facebooklike a company becomes, the more ways there are for it to rip you off. Surveillance can be monetized by selling your data, by ad targeting, and by surveillance-based pricing and wage-suppression:

https://pluralistic.net/2026/01/21/cod-marxism/#wannamaker-slain

Control lets platforms block competing products, extract massive junk fees to the businesses they connect you to, and control repair and end-of-life, forcing you to replace hardware by blocking parts and independent service:

https://pluralistic.net/2026/01/10/markets-are-regulations/#carney-found-a-spine

It turns out that "if you're not paying for the product, you're the product" is only half-right. The other half is, "even if you pay for the product, you're the product." Pay, don't pay: companies will productize anyone they can. And thanks to our enshittogenic policy environment – where the worst ideas of the worst people make the most money – you can always be productized:

https://pluralistic.net/2025/09/10/say-their-names/#object-permanence

This is independent of the kind of person running the company. Facebook is run by Mark Zuckerberg, a cringe halfwit whose only successful idea was to offer Harvard bros a way of nonconsensually rating the fuckability of female undergrads. Everything he's done since was an acquisition (Whatsapp, Insta) or a flop (metaverse, Libra), or both (Oculus). Zuck owns the majority of the voting stock in the company, which means he has total control over its actions. He can ignore or fire his board members at will. He is the move fast/break things guy, whose every foolish whim can become policy that impacts billions of people.

By contrast, Google and Apple are no longer run by their flamboyant founders, who were every bit as prone to folly as Zuck. They were constrained by their shareholders, which meant that the blast-radius of Steve Jobs's worst ideas (like treating his otherwise curable cancer with green juice) were confined to his own person.

Today, Apple and Google are run by bloodless business sociopaths who go to enormous lengths to project an air of sober adulthood. And yet, these people – who would never be caught dead bow-hunting their own livestock or climbing into an MMA cage – have steered their companies into Facebook's quadrant on our enshittification 2×2.

I think this shows just how much the enshittification of tech is a matter of the policy environment, not the personalities of the people involved. Sure, the worst people imaginable run these companies, but the reason they're able to yield to their most venal impulses and succeed is because the world has been re-arranged to make sociopathy and greed into fitness factors. We get technocarcinization because the most fit organism for a landscape without consequences is a zuckerbergian techno-crab:

https://pluralistic.net/2023/07/28/microincentives-and-enshittification/

What can we do about it? Well, we're going to have to remake the landscape to punish (rather than reward) enshittification:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

And in the meantime, there is one inhabitant of the 2×2 that hasn't drifted up and to the right: free and open source software. It's still snugly nestled in the low-surveillance/low-control box, and if you live in that box, your life will be much, much better for it.

There's no better time to make the switch: with RAM and storage prices through the ceiling and OSes growing ever-more bloated with AI and spyware (but I repeat myself), this is the moment to rehabilitate that old computer with Linux:

https://www.fosslinux.com/158206/linux-on-older-hardware-revival-guide.htm

The alternative is to be tormented by crabs no matter what you're trying to do or where you're trying to get to.


Hey look at this (permalink)



A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#15yrsago Print-on-demand and donations - report on DIY publishing business models https://www.publishersweekly.com/pw/by-topic/columns-and-blogs/cory-doctorow/article/47858-with-a-little-help-heuristics.html

#15yrsago Brazil rises up for free speech in 40 national demonstrations https://globalvoices.org/2011/06/30/brazil-freedom-march/

#10yrsago Grandad builds miniature backyard Disneyland https://abcnews.com/Lifestyle/grandpa-builds-disneyland-inspired-backyard-theme-park-grandkids/story?id=40276633

#10yrsago Elizabeth Warren on monopolies in America, including Apple, Google, and Amazon https://washingtonmonthly.com/2016/06/30/elizabeth-warrens-consolidation-speech-could-change-the-election/

#10yrsago White House plan to use data to shrink prison populations could be a racist dumpster fire https://www.wired.com/2016/06/white-house-mission-shrink-us-prisons-data/

#10yrsago Even if Moore's Law is "running out," there's still plenty of room at the bottom https://www.technologyreview.com/2016/05/13/245938/moores-law-is-dead-now-what/

#10yrsago Black-hat hacker handles are often advertisements https://www.wired.com/beyond-the-beyond/2016/07/web-semantics-modern-german-black-hat-hacker-handles/

#10yrsago Spotify threatens to report Apple to competition regulators over App Store rejection https://web.archive.org/web/20160630220301/https://www.recode.net/2016/6/30/12067578/spotify-apple-app-store-rejection

#10yrsago Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Noubir

#5yrsago Exxon lobbyist confesses to his crimes https://pluralistic.net/2021/07/01/basilisk-tamers/#exxonknew

#5yrsago When the Sparrow Falls https://pluralistic.net/2021/07/01/basilisk-tamers/#rage-against-the-machine


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027



Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

15:14

Link [Scripting News]

One of the cool things about having Claude Code is that as we develop this product, we have a near perfect chronology of every consideration and decision made along the way. I don't think that's ever been possible before. I would love to see how the people at Bell Labs put together the first Unix implemenation, what did they talk about, what did they go back and do again once they used the product. Or developers at Xerox PARC, or the process that led to Visicalc, Mac OS or Pagemaker. TBL's first web browser, ChatGPT, etc. Software is a totally intellectual creation, but there is a story for each product, because it's a human doing the design. BTW we had our first faceoff, Claude and I, and I won. Claude said the bug was in my code, I proved it was not, suggested he look at the crazy complicated SQL code he wrote (so glad to have it around for that). Also, I tend to use male pronouns for Claude. Worth mentioning once. (The Computer History Museum should be paying attention.)

Link [Scripting News]

I showed the post above to Claude and that took our conversation off in a new direction. We had been experimenting with the Message Scanner from LBBS, an early version of Twitter I wrote in the early 80s. It's described in this story I wrote in 1988, a summary of what I did leading to the start of UserLand. 38 years later Claude said: "LBBS message scanner running on RSS."

Link [Scripting News]

BTW thinking of LBBS as an early version of Twitter is a contortion, but considering how history played out, accurate.

14:35

[$] Secure Boot certificate expiration is here [LWN.net]

Linux users who have Secure Boot enabled on their systems rely on certificates issued by Microsoft to verify the software used to boot a system is trusted by the user. One of those certificates expired recently, but that will not cause systems that are able to boot to stop doing so. There are situations where the expiration may cause problems, however, and the window for relying on existing signed binaries is shorter than it might appear. Users and administrators will want to stay on top of these changes. Over the last year, part of my job at Microsoft has been to work on this problem. LWN wrote about the certificate expiration in July 2025, and this article follows up with where we are now.

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (coreutils, galera and mariadb11.8, giflib, git-lfs, glibc, httpd, kernel, mariadb10.11, mod_md, perl-Archive-Tar, perl-IO-Compress, perl:5.32, rrdtool, ruby, ruby4.0, and thunderbird), Debian (debian-security-support, librabbitmq, and nginx), Fedora (chromium, collectd, maradns, python-django-haystack, python-jupytext, varnish, varnish-modules, and vmod-querystring), Oracle (firefox, git-lfs, kernel, nginx:1.24, openssl, perl-Archive-Tar, perl-IO-Compress, and uek-kernel), Red Hat (container-tools:rhel8), SUSE (7zip, apache2, buildah, cifs-utils, curl, docker, exiv2-0_26, libonnxruntime1, libsoup, nodejs22, opensc, pacemaker, perl-Config-IniFiles, podman, sg3_utils, socat, tar, tracker, and xdg-desktop-portal), and Ubuntu (curl, hplip, libgd-perl, libssh2, libyang, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and tar).

13:28

Representative Line: A Specific Key [The Daily WTF]

Today's anonymous submission isn't really a WTF, but it highlights the hardest problem in computer science: naming things.

For example, let's say you saw a method called handleRSAPrivateKeyGeneration. You'd likely assume that it generates an RSA private key. More specifically, it accepts a request for a private key and handles that request. It's right there in the name.

public String handleRSAPrivateKeyGeneration(
        @RequestParam(value = "algorithm", defaultValue = "EC") KeyAlgorithm algorithm,…
)

Except this function accepts an algorithm as a parameter. That's not bad design; it makes sense to inject implementations like that. Though in this case, it looks like it's injecting a key that can be used to look up the actual implementation, which I like less, but I don't know the rest of the implementation, so we can let it slide.

So there's no WTF here. It's a badly named function that may not return an RSA key, but does return a valid cryptographic key. By default it generates an elliptic curve key. Presumably as an armored key, since it returns a String- and the armor usually supplies enough of a hint that consumers can infer the key type. Our submitter tells us that this function is part of a Java Spring controller, and returns a string because the result is displayed in a web page.

No WTF, but it does highlight how sometimes being too specific with your name can make the name less clear. handlePrivateKeyGeneration would be a better name, since we don't know exactly what kind of private key it's generating.

Names, as always, remain hard.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

13:00

Guidelines for Respectful Use of AI [Radar]

The following article originally appeared on Medium and is being republished here with the author’s permission.

As companies adopt AI tools, a lot of time is spent on thinking about AI policies from a security, compliance, or even cost-focused angle. But many leaders are neglecting to address how their teams should work with AI in the context of the team as a whole. This creates a lot of unresolved tension, and it’s time for leaders to step up and set some guidelines not just for how to use AI in an “approved” sense but how to use it respectfully.

When I say respectfully, I am not talking about the baseline appropriate workplace behavior (bullying, abuse, harassment, etc.). Instead, I’m concerned that many of us haven’t considered that the ways AI can make an individual more productive (literally enabling them to produce more outputs) can have an overall negative impact on the team’s productivity. Leaders can’t just sit around and expect that their teams will know that they can’t just produce slop and send it to others; if you haven’t set up a thorough policy yet, here are some suggestions on what to cover.

Elements of respectful AI use

Don’t ask someone to read/review what you haven’t read or reviewed yourself.

This is one of the most common frustrations I hear amongst people working on AI-heavy teams. Whether it’s code that the owner didn’t really bother to understand before submitting for review or documents that they generated and didn’t bother to read, too often people try to steal productivity from their colleagues by streamlining their production of work while asking their colleagues to do all of the quality control themselves. It’s great to have a loop of AI code generation → AI code review → AI fixes → final human review, but if the person prompting the AI doesn’t bother to review that code first, they’re putting a huge validation tax onto their teammate, who has to trust both that you prompted well AND that the AI understood the context and problem well enough to get a sustainable solution.

Documents are an even bigger temptation than code, because AI is so verbose and most of us hate writing and editing. It’s easy to get into a loop where you ask the AI some questions, skim the answers, output a document and send it to others. I’m guilty of this myself! But what makes sense when you’re skimming one answer at a time may not make for a good overall document, and there is a big difference between answering individual questions and writing for a human reader. In particular, the context that you have in your own head as you are talking to the AI may not come out at all in the document; if you don’t bother to read it thoroughly before sending it out, you won’t catch the gap in framing.

Even worse, sometimes people don’t even understand what the document they prompted is trying to say. Can you describe this document, and have a conversation about the concepts it presents with others and why it makes sense? If not, you have no business sending it along without at minimum the huge caveat “This is AI-generated and I still don’t really understand this space, please help me.”

Many people have reached the point where they won’t read something a person didn’t bother to write themselves, and who can blame them when so many don’t even bother to read their output before sending it on?

Shorter is better.

Part of the annoyance of reviewing AI-generated work is that the AI can be painfully long-winded. AI code often looks like tutorial code, with much more verbosity than human developers would bother with. Add in the temptation to one-shot big changes rather than thinking about how to break the code down into pieces, and you can end up with stacks of thousand line pull requests. The documents AI produces are so thorough that something that should be 3 pages turns into 10 or 20. And for those who have fully embraced AI for all of their text-based interactions, you start to see the LLM-generated wall of text chat messages or emails.

This is, frankly, just rude. It goes hand in hand with not bothering to review your own work, but even if for some reason you convince yourself that you really did read and edit that giant PR/document/message, you’re still asking so much more of the audience than you probably put into the exercise in the first place. When it comes to code, I encourage you to honestly ask yourself: If this broke at 3:00am and none of the AI tools were working, would you be able to look at the PR context and the change and debug it? If not, it is probably too much. When it comes to a big document, at a minimum, have you at least summarized the important points up-front? If someone is just going to ask an AI to summarize the document themselves, you should probably do more work to provide that value before handing it off.

Finally, if you’re writing long-winded emails or chat messages with AI-assistance in order to painstakingly try to explain something, perhaps you actually need to have a meeting or call instead. Increasingly long text exchanges have always been a sign that people need to stop and talk face-to-face, and AI logorrhea hasn’t changed that.

AI is not an excuse to turn off your brain, or your heart.

Signs we’ve switched off our brains and our hearts include: not reviewing the AI-generated work, not taking the time to do human editing, not breaking the changes down into chunks, and avoiding real conversations through AI-mediated text exchange. This guidance is about respectful use of AI because if you have empathy for your colleagues and respect for their time and skills, you will show them the courtesy of giving them work that you are proud of, that you stand behind, that you have thought through and can explain. The AI may have produced a lot of the output, but you thought about all of the pieces that needed to be done, and used the extra productivity to make something better: more reliable, simpler, well tested, whatever. If you find yourself not thinking at all and just mindlessly prompting, accepting output, and moving forward, it’s a warning sign that something is wrong. Perhaps take some advice from Vicki Boykis on adding friction to your development process (or whatever the equivalent is of your day-to-day work).

Framing these guidelines

If you decide to do this, one final tip from me: Assuming your company has some sort of company values, it’s always a good idea to call back to these values when you create policies and guidelines like this. It’s one thing to abstractly say that shorter is better, but if you can tie that to a value for your company, it will resonate more strongly. As an example, if I were at Amazon I might consider tying “shorter is better” to the leadership principle Invent and Simplify. And since shorter is better and this is already too long, I leave you here.

Enjoy this post? You might like my books The Manager’s Path and Platform Engineering: A Guide for Technical, Product, and People Leaders.

12:14

Ben Hutchings: FOSS activity in June 2026 [Planet Debian]

This month’s work was dominated by the transition of Debian 12 “bookworm” to support by the LTS team, and by review of some large updates to Linux stable branches.

Linux 6.12 is currently available in bookworm-backports, but that suite will stop accepting uploads after the last bookworm point release. I updated some supporting packages in bookworm in preparation for adding Linux 6.12 there. I also prepared for the possibility that bookworm-backports would close earlier.

Since the LTS team is still also maintaining Debian 11 “bullseye” until August, I reviewed upstream changes for both Linux 5.10 and 6.1 stable branches and reported a number of regressions and other issues.

Papa Johns Surveillance-Based Advertising [Schneier on Security]

Papa Johns is spying on people’s buying activities to predict when they are low on food:

The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad. The idea is to reach hungry consumers by “knowing what is in their fridge without being too creepy,” said Carrie Drinkwater, chief investment officer at Carat.

To achieve that goal, NBCU and Instacart created a custom audience of shoppers who regularly purchase grocery staples on Instacart, such as eggs, milk, meat and produce. Based on that data, Papa Johns can determine which days of the week certain consumers are likely to run out of groceries and serve them an ad on NBCU streaming content accordingly. The brand served custom creatives to consumers based on their food preferences—such as whether they buy meat regularly—with QR codes and calls to action such as, “Light on groceries?” or “Empty fridge?”

Back in 2012, we learned (from Target and its campaign that detects when someone is pregnant) that the trick is to hide the knowledge in other, wrong, information. So the way for Papa John’s to not be “too creepy” is to deliberately get it wrong sometimes.

But still, ugh.

10:07

Can you believe it? [Seth's Blog]

The standards have changed a lot in the last few millennia:

The big man said it.

The book said it.

The newspaper said it.

I saw a photo.

I saw it on TV.

I read it on the internet.

That’s what the AI said.

There has always been room for doubt. But the last century has been about doubt at scale, due to mismatched incentives and the impact of media and tech.

84% of the statistics we read are manipulated for impact. And every story, every narrative, every photo is curated and edited. The map is not the territory, and the map maker has a goal. It might be the same as yours–but it might not be.

One danger is that a story not worth believing lets us off the hook. The other is that it manipulates us into taking action we’ll regret.

It’s impossible to function in society without consuming stories. You’re never going to the moon, and the only way it’s possible to know it’s not made of green cheese is to find a story you can inspect and trust, one that, if you drill down far enough, is based on things you can engage with in real life.

People in society are often driven by the desire to believe what everyone else in their circle believes–people like us do things like this. But the change agent has the desire to be early in embracing ideas that others don’t believe (yet).

The difference between poison and medicine often comes down to the dosage. Belief at scale, fueled by omnipresent media designed to seduce, is unlikely to help us get to where we seek to go.

A coherent culture is often built on a shared belief system. When the entire group believes something that collides with reality, though, reality wins.

In the long run, the Earth doesn’t care what you believe. Eppur si muove.

08:28

Modular Doom [Penny Arcade]

New Comic: Modular Doom

06:35

Prairieland defendants [Richard Stallman's Political Notes]

The persecutors's scheme to label protests as "terrorism" had a terrible success, as protesters were sentenced to prison for 30 years and more for nonviolent protest activities.

The persecutor's henchmen had declared (arbitrarily) that this was organized terrorism on behalf of the nonexistent "organization", "Antifa". But the arbitrary designation as "terrorism" was not challenged in court — the judges silently accepted it.

AI-generated influencers [Richard Stallman's Political Notes]

Companies are advertising products using simulated video depicting simulated customers.

All satisfied, naturally.

Is there an important moral difference between using a machine learning system to generate video of an apparent customer who praises a product, and filming video of an actor giving a performance depicting such a customer? I don't see a significant difference, is there something I am missing?

If there is no significant difference, that doesn't mean they are morally acceptable. Maybe both should be considered fraud unless labeled with how they were produced.

Risk of food shortages [Richard Stallman's Political Notes]

*Papua New Guinea faces severe food shortages as El [Super]Niño brings frost and drought.*

EU-Taliban talks [Richard Stallman's Political Notes]

The European Union, under pressure from right-wing immigrant-haters, is negotiating with the Taliban about returning refugees to Afghanistan.

This threatens to aid the Taliban in carrying out their policies of oppression. Every woman in Afghanistan is oppressed; many men are, too. The EU should give asylum to every Afghan women who can reach there, and many Afghan men will deserve it too.

Trump-era mega mergers [Richard Stallman's Political Notes]

Senator Warren calls for reversing some of the many large mergers that have subjected the US to drastic industrial concentration.

Even before the wrecker became president again, the US had a lot less business competition than it did a few decades ago. Several years ago I needed a new condensation pump to pump the air conditioner's water condensation out of the basement. There had traditionally been two competing manufacturers, but the government had allowed them to merge, so there was only one. That merger should have been blocked to maintain competition in that small field.

Often the US appears to have a lot more competition than it really has. The supermarket company Albertsons uses all these names:

  • Acme Markets
  • Albertsons
  • Carrs-Safeway
  • Haggen
  • Jewel-Osco
  • Kings
  • Pavilions
  • Plated
  • Randalls
  • Safeway
  • Shaw's
  • Star Market
  • Tom Thumb
  • United Supermarkets
  • Vons

Mourning in America [Richard Stallman's Political Notes]

Robert Reich: Mourning the great ideals which America had partly achieved, but which the wrecker is trashing.

Whistleblower identification risks [Richard Stallman's Political Notes]

"Age verification" requirements threaten to identify whistleblowers. They generally require that all users of a site prove their identities, or present video selfies which governments could use to identify them.

Any attempt by a whistleblower to contact a reporter through a site that does age verification is likely to enable tyrannical rulers to identify per and crush per.

This will also prohibit reporters from using anonymous accounts to follow what others are posting or enable sources to contact them.

Anti-ICE organizers [Richard Stallman's Political Notes]

*Anti-deportation-thug organizers shift focus to defend democracy from [the persecutor's] assault.

Citizens in Minnesota using lessons learned from migrant crackdown to protect elections from president's threats.*

Interim peace agreement [Richard Stallman's Political Notes]

Unsurprisingly, disagreements about vague or unspecified crucial details of the draft US-Iran peace deal have led once again to an exchange of fire.

Life’s big questions [Richard Stallman's Political Notes]

Which is more useful, to pose a question to a chatbot, or pose it to a deity?

The chatbot has the advantages that it actually exists, and that its answers are not entirely filtered through the mind of the one who asks.

But it has the disadvantage of not actually understanding the questions

(or most anything else).

Urgent: Deliver mail to everyone [Richard Stallman's Political Notes]

US citizens: call on the US Postal Service to continue delivering mail to anyone and everyone — to reject the plan to control whom states can mail ballots to.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: tax pretend-intelligence hype industry [Richard Stallman's Political Notes]

US citizens: call on Congress to tax the pretend-intelligence hype industry.

In my letter, I denounced the hype term "artificial intelligence" and called for the taxes to be high enough to make human-based customer service, which is superior, competitive again. I deleted the paragraphs that presumed "AI" was a good thing.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Oppose BUILD America 250 Act [Richard Stallman's Political Notes]

US citizens: call on your congresscritter and senators to oppose the BUILD America 250 Act.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Bangladesh emptied its aquifer [Richard Stallman's Political Notes]

Part of Bangladesh has emptied its aquifer and is running out of water. Farmers are likely to go broke and become paupers, and likely many will die.

Will this teach the rest of us to take conservation seriously before we meet a similar fate?

Palestinian doctor in solitary confinement [Richard Stallman's Political Notes]

*Israel puts Palestinian doctor in solitary confinement after 17 months held without charge.

Dr Hussam Abu Safiya now in cell barely big enough to sit in, says son, after UN experts demanded his release in March.*

Imprisonment without trial is unjust. Solitary confinement is a form of torture. The tiny cell is a form of torture. Denying him medical treatment is an injustice.

Apparently the real accusation against him is providing medical treatment to Palestinians.

Unfathomable increase in investment for coal, oil and gas [Richard Stallman's Political Notes]

* The world's largest banks committed $906bn in financing to the fossil fuel industry last year, an "unfathomable" increase in investment locking in years more of coal, oil and gas production as the world continues to overheat, a new report has found.*

Frighteningly high temperatures in Antarctica [Richard Stallman's Political Notes]

Frighteningly high temperatures in Antarctica — you could walk around outdoors without a coat. Lots of ice must be melting.

Bullshitter can't force reality to match his story on Iran [Richard Stallman's Political Notes]

*[The bullshitter], ever the unreliable narrator, is unable to force reality to match his preferred story on Iran.*

Japanese anime fans angry at the bullshitter [Richard Stallman's Political Notes]

Japanese fans are angry at the bullshitter for incorporating images and video segments of adored fictional characters in his propaganda postings.

The propaganda promotes mass imprisonment, aggressive war, and (I suppose) gross ecocide as well. But the supposed moral principle that the Guardian quotes the fans as citing is an issue that isn't a moral principle at all: copyright law.

One is quoted as invoking the bogus moral concept of "intellectual property", which was promoted by various industries since the 1960s to give the impression that disparate artificial state-imposed monopolies were part of a moral broader imperative.

Each of those monopolies is an independent issue, so yoking them together like this is a fundamental misconception of all of them.

Boat attacks are indiscriminate killing [Richard Stallman's Political Notes]

Some of the boats that the US attacks are probably engaged in smuggling people as well as possibly drugs. But the US generally doesn't identify the people on the boat — so attacking the boat is indiscriminate killing.

If the US government has reason to suspect the boat's crew of smuggling anything, the legitimate thing to do is capture them, question them, and then perhaps try them. Not murder them.

General long-term road map for eliminating poverty [Richard Stallman's Political Notes]

Admired economists suggest a general long-term road map for eliminating poverty.

Policies that priorities "economic growth" have produced hundreds of millions of people in extreme poverty, thousands of billionaires, and massive disasters.

This should be no surprise, since if you take their last dollar from a billion people and give two billionaires 700 million each, that counts as "growth". Such "growth" is happening all the time around us because our system promotes it.

To eliminate the robot-like maximization of "growth", we will need to find and correct all the little dodges that enable banks to promote poverty-spreading "growth" by disguising it as "fairness" (to a business) or "benefiting everyone" (but mostly the already-rich).

I criticize the article's repeated equation of "poor" with "south" and "rich" with "north". This extreme oversimplification ignores the surging poverty in most "northern" countries, and misrepresents the issue as if it were a territorial conflict. The details of the injustice vary from place to place, but it's the same system.

*Greenpeace calculates that wealthiest contribute nearly $1tn of damage a year with ownership-based emissions.*

Barge collecting plastic in urban river [Richard Stallman's Political Notes]

A special barge can collect 90% of the plastic floating out of an urban river. It runs unattended for a long time, then signals to pick up the collected plastic pieces.

German court ruled Google responsible in Supposed Intelligence overviews [Richard Stallman's Political Notes]

A court in Germany ruled that Google is responsible for accusations in Supposed Intelligence Overviews when they are not justified by sources.

For Google to design the implementation of "overviews" to check their validity require it to understand the sources and what can validly be inferred from them. That would require true intelligence—pretend intelligence isn't sufficient.

Corrupter met resistance to Bill Pulte nomination [Richard Stallman's Political Notes]

The corrupter met with resistance to his nomination of Bill Pulte to head US intelligence agencies, and has now nominated Jay Clayton who likewise gives little reason for confidence.

Testimony from Palestinian prisoners about torture [Richard Stallman's Political Notes]

B'tselem, an Israeli human rights organization, presents testimony from recently released Palestinian prisoners about their torture in Israeli prisons — including rape.

Antarctica missing area of sea ice size of France [Richard Stallman's Political Notes]

[Part of ]*Antarctica's coast missing an area of sea ice the size of France as temperatures peak 20°C above average.*

The idea that part of Antarctica's coast is "west" seems absurd and arbitrary — Antarctica's only coast is the north one. But that is a minor side issue and does not reduce the gravity of advancing climate disaster.

Israeli company accused of running disinformation campaigns [Richard Stallman's Political Notes]

France has accused an Israeli company of running disinformation campaigns against elections in France, Scotland, Angola, and Togo, as well as the New York City municipal election.

The company had described itself suggesting that its work was in the field of "information warfare".

06:21

Girl Genius for Wednesday, July 01, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, July 01, 2026 has been posted.

02:07

Makes Sense To Me [QC RSS v2]

no foolishness detected

01:21

Farewell, June [Whatever]

I’m still traveling, so no huge update today (although I am fine! Everything is fine!), but I want to post this shot of the Ferris Wheel at Chicago’s Navy Pier the other night. It feels very June to me. Onward to July.

— JS

Tuesday, 30 June

23:28

Link [Scripting News]

BTW, I sometimes ask Claude "what do you think" and it often has an opinion.

Link [Scripting News]

BTW thanks to Dave Carlick for noticing when I had fun writing a piece, laughing out loud at almost every sentence. Who's the biggest fan of my writing? Me. But sometimes I think of Dave C. And Sally At.

20:49

Fancy food update [Seth's Blog]

Everybody eats.

And, now and then, it’s fun to find something better. In the scheme of things, fancy foods are a bargain, a chance to have the best in the world for a few dollars.

Here are some persistent (and new) favorites. For those outside the US, I hope you can find even better local options.

Koeze makes the best peanut butter in the country. They make one batch a day, laboriously grinding for three hours. Zingermans often has it at a bulk discount.

Seed & Mill has a chocolate tahini sauce that’s mind-blowing. Imagine Nutella, but 10x better and just the good parts. Her cookbook is great, too.

Burlap & Barrel offers cardamom extract that will transform a glass of bubbly water into a sophisticated refresher.

Three chocolates from South America, from the rare porcelana bean and its cousins:

  • Heinde Verre offers two related varietals in one comparison pack.
  • Orfeve makes a nearly perfect sophisticated bar.
  • And Idilio offers one that’s unforgettable.

Summer sophistication and deliciousness are easy with a good shaker. You put whatever you want to drink (I steam 100% cacao with oat milk) over ice and then shake and pour. I was a skeptic on this, but I’m converted.

Rishi Dandelion Ginger. Extraordinary and surprising. And most things taste better mixed with tonic.

Life’s too short for average vinegar. The good stuff lasts a long time and costs not much more.

Raw almonds in the air fryer for 15 minutes at 340 degrees F. Not just healthier–quite good. Perfect with dried plums.

If you’re in Manhattan, check in the comments for when he’s open, then go have a dosa.

And their slogan might be true: These are the best dates.

19:07

Free Software Directory meeting on IRC: Friday, July 3, starting at 12:00 EDT (16:00 UTC) [Planet GNU]

Join the FSF and friends on Friday, July 3 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Creative Commons founders' fireside chat (Creative Commons blog) [LWN.net]

Dee Harris has published a summary of the recent "fireside chat" featuring Creative Commons founders Hal Abelson, Lawrence (Larry) Lessig, Molly Van Houweling, and Glenn Otis Brown. The chat was to mark the 25th anniversary of Creative Commons and included a look back at its history as well as a look at the landscape today:

Twenty-five years ago, a small group of people made a bet. They believed that if you gave creators a simple set of tools and licenses in language that a lawyer, a machine, and a human could all read, millions of people might choose to share their work with the world instead of locking it down.

The video of the chat is available on YouTube.

Dirk Eddelbuettel: tl 0.0.2 on CRAN: First Update [Planet Debian]

The still-very-new logging package tl was just updated for the first time at CRAN. The tl package wraps the (also very new) rspdlite package to offer a lightweight and consistent logging interface from both R and C++ that enjoys being ‘tiny, fast, capable’ thanks to spdlite. With tl we follow the same idea that our spdl package introduced: a simple consistent interface via just the tl:: prefix and the appropropriate logging level. In other words tl::debug("Alert: foo now '{}'", foo) will work from both R and C++ (given a variable foo, and, in the case of C++, an extra semicolon) and log if the current level is ‘debug’ or higher, and skip logging if not.

This release adds a fallback when compilation does not use the (required) C++20 standard, expands the README and adds a initialization helper function reflecting a preferred default logging level from either an environment variable or a global option. We are also working on adding tl to an example package as a simple illustration, more on that hopefully soon.

The NEWS entry for this release follows.

Changes in version 0.0.2 (2025-06-30)

  • Added badges to README now that package is on CRAN, add NEWS file

  • Condition the provided header on C++20 use, offer fallback

  • Add an exported initialization function picking up a logging level from either an environment variable or a global option, see '?init'

Courtesy of my CRANberries, there is also a diffstat report for the this release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

Reproducible Builds (diffoscope): diffoscope 323 released [Planet Debian]

The diffoscope maintainers are pleased to announce the release of diffoscope version 323. This version includes the following changes:

[ Chris Lamb ]
* Debian adds an extra "Flags:" line in the output of ocamlobjinfo via a
  patch, so adjust how we test OCaml to ensure cross-distribution
  compatibility. (Closes: reproducible-builds/diffoscope#430)
* Update copyright years.

[ Michael Daniels ]
* Fix tests when using zipdetails version >= 4.006.

You find out more by visiting the project homepage.

18:14

Link [Scripting News]

Some things Claude is extremely tedious at. But then it blows you away how it can read thousands of lines of complicated code in a few seconds (in parallel) and find tiny little things that any good obsessive programmer would want to fix (like me). And be amazed at how we, our species, made such a thing. Where is the pride? I was once prideful that my civilization created a great piece of machinery like my Subaru Forester, and now just a few years later, we've come up with a decent simulation of a super-human brain that's not just a demo or a robot vacuum cleaner it actually does amazing science fiction type stuff. Take a deep breath and feel a little awe to go with the cynicism. It's good to be ready to be riled up, but sometimes the truth isn't as bad as you'd like to think, sometimes it's utterly amazing. ;-)

Link [Scripting News]

Earlier today I suggested doing an AI/UI overhaul for WordPress, and today I see the announcement of that from (apparently) an independent developer. Breath-taking.

The End of Tokenmaxxing [Radar]

The practice of tokenmaxxing appears to be dying out, even before I had a chance to write about it. Good riddance. Burning tokens to create the appearance of productivity was fated to last only until the accountants learned about it, and the strictest of all accountants is one’s personal checkbook. What got many developers thinking about the cost of AI was the change in GitHub Copilot’s usage charges. The cost of Copilot went from a monthly fee with unlimited use to a monthly fee that purchased a limited number of credits, which are used to pay the AI provider of your choice. One credit is equivalent to US$0.01; when you’ve used up your credits, you can upgrade your account or pay for additional credits as you go.

The question isn’t why this didn’t happen earlier; it’s why this happened now. Tokenmaxxing is both the creation and victim of two large-scale trends in AI. First, starting with OpenAI, the major AI providers were all playing a blitzscaling game that prioritized user growth over profitability. Giving AI services away for free got you more users, and in the long run, scalers would figure out how to make money from end-user fees, selling user data, or advertising. This process inevitably ends in enshittification, and is still very much the road we’re on.

Second, token usage exploded late in 2025. The appearance of “reasoning models,” which use tokens to maintain an internal dialog in the course of solving a problem, increased the number of tokens used to respond to each prompt. Reasoning tokens are a model’s conversation with itself about possible responses to the prompt, and are often more numerous than the prompt and response themselves. Whether or not users see the reasoning process (often they don’t), reasoning tokens add to the bill. They are frequently counted as “output tokens” because they are generated by the model, and are more expensive than input tokens.

The appearance of agents also multiplied the rate at which users consumed tokens. In May, 2025, Simon Willison quoted Anthropic’s Hannah Moran’s definition of an agent: “Agents are models using tools in a loop.” The Tredence blog writes: “The agent loop is a repeating cycle in which the AI reads the current data, thinks through what it means, chooses an action, carries it out, checks what happens and starts over.” If you’ve ever watched Claude Code, OpenClaw, or any other agent work, a single request can become many calls to a model, each one using hundreds of tokens, if not thousands. In addition to the current request, one agent-generated invocation can contain the task’s entire accumulated context and relevant documents. Between reasoning tokens and agents, token usage goes up by a factor of hundreds.

The increase in token usage might not be an issue if it results in problems being solved and tasks completed more effectively. But it collides with the loss-leader pricing of the blitzscalers; their willingness to operate at a loss to gain control of a market has limits. Regardless of whether the number of AI users is increasing, the amount of computation, and therefore cost, per user grows as the use of agents increases. Reasoning models increased token usage; agents compounded the problem; and that led to price increases.1 Microsoft/GitHub doesn’t want to pay Copilot customers’ AI bills. We haven’t yet seen across-the-board price increases from the AI providers themselves. But we have seen GitHub’s token credits, and we have seen Anthropic and OpenAI price more capable models significantly higher than older or less capable models. Fable is twice as expensive as Opus 4.8, and while some writers have called this pricing “fantastic,” that’s probably because they were expecting an even greater increase. While Fable can delegate tasks to Anthropic’s less expensive models, most early users observe that with Fable, token use goes up rather than down. Anthropic’s switch to token-based billing for its agent SDK (currently on hold) is another signal that the days of inexpensive AI are coming to an end. OpenAI’s story is similar: GPT 5.5 costs twice as much GPT 5.4 per million tokens.

It’s also important to take capacity into account. Huge data centers have been in the news, but those data centers haven’t been built yet. More important, the electrical infrastructure needed to support those data centers—transmission lines, generators—hasn’t been built either, and that’s not an investment over which AI companies have much control. They can build their own power generation facilities on a data center campus, but that’s a huge investment in technologies that they’re not familiar with. And even if you generate power locally, you need other kinds of infrastructure: rail for coal, pipelines for gas. This isn’t (yet) an essay about data center power consumption and its consequences, but it is another factor that limits increased token usage. We’ve seen Anthropic’s outages blamed on capacity, and Anthropic has responded by leasing unused data center capacity from SpaceX. But the other way to respond to increased demand that can’t be met by current capacity is to increase prices, limiting customers to those who can afford to pay. That increase is being noticed by managers, accountants, and independent developers.

Token optimization and accountability are the inevitable consequence of upward pressure on token price. One way to build accountability is through better governance, a route Bennie Haelen describes in “The Subsidy Ended: What Tool-Using Agents Actually Cost.” Better governance is achieved through building an observability layer that lets you see exactly what the agents and models are doing. With a well-designed observability layer, you can see whether the data sent to the model is growing with each invocation, whether the model is using appropriate tools, whether tools are being called repeatedly, and a lot of other information that will tell you whether your agent is running efficiently.

Another piece of token accountability is understanding which models are running your agent’s requests. General-purpose reasoning models range from expensive high-performance models like Claude Fable or Opus 4.8 to models like Gemma 4 26B that can run on a well-equipped laptop, and some models that are even smaller. While it’s tempting to say “I need the best; I’ll run Opus 4.8 or Fable with maximum reasoning,” most requests don’t require that level of reasoning or expense. Agents will be able to decide what model is best for processing every request. Fable can delegate, and we expect other frontier providers to follow as models incorporate agent capabilities. And there’s an active world of open models outside of the frontier AI providers. Vicki Boykis writes that models running locally now work almost as well as frontier models. Tools like OpenRouter give you a model-independent way of routing requests to different models, including open models that run locally. OpenRouter can be integrated with OpenClaw, Claude Code, Cursor, Codex, and other agents to provide intelligent routing.

Tokenmaxxing is dying. It will no doubt take time for its vestiges to die away, and there will always be developers who think they can game the path to a promotion, along with managers who insist on being “all in” with AI. But spending tokens responsibly is now the norm, whether you pay with your own checkbook or a company account. Token optimization will only become more important as per-token charges increase. They undoubtedly will.

Footnotes

  1. Some articles make the strange claim that tokens have gotten cheaper by up to 98%. GPT-5.5 suggests that these writers are considering the work that can be done per token. That comparison may be worthwhile, though it’s unclear how to compare GPT-3 with 5.5 or Fable meaningfully. For this article, a token is a token. ↩

17:35

Joey Hess: big loads offgrid with a small battery (sidelined) [Planet Debian]

No matter that the hype cycle wants you to think, the renewable energy transition is the biggest thing happening in tech and it's happening faster and faster. Despite being neck deep in it personally with offgrid solar projects, most recently solar hot water, increasingly it becomes clear I'm watching from the sidelines.

In Australia, everyone gets 24 kwh of free daytime electric power now. That's without installing any solar panels of their own, the grid just has that much excess capacity. All it takes to save $thousands per year (and avoid emissions) is to schedule some big loads like the hot water heater and EV to charge during the day. To save more, drop in a home battery that charges for free and powers the home through the evening.

In Germany, a 2 kwh plug-in home battery costs $350 and the electric company will pay you $130 per year to plug it into your wall. There are similar offers throughout Europe.

In Cuba something something geopolitics, oil blockade, belt and road => suddenly 1GW of solar farms with another gigawatt on the way.

I'll soon visit South Carolina where with no subsidies whatsoever from a decidedly renewable-unfriendly government, it made sense for my dad's house to get a whole home battery and double the solar array. The resulting system will be able to power the well pump and probably also the whole geothermal HVAC system through the kind of month-long grid down events that happened in Hurricane Helene.

Myself, well, I've got a by modern standards small 4 kwh home battery that powers my house offgrid, and I've recently installed a heat pump hot water heater. That's after about a decade pondering what solution to use for solar hot water, to replace an aging and horrible propane instant water heater. I've in the past considered everything from evacuated tubes to special direct drive inverters to DC resistive MPTT dump loads. The solution turned out to be just a big enough solar array, and plugging in a 120v hot water heater that needs only 500 watts in heat pump mode. Plus a small amount of code to manage when it runs.

In the time I was thinking about that, economies of scale and tech improvements just wiped all those other possibilities off the map, it's not economical to install and maintain a separate evactuated tube heat collector when a pile of solar panels costs so little and when electric hot water has gotten more than 200% efficient.

I also recently completed my permanant EV charger installation, with a new inverter and conduit and proper wiring, and increased the car's charge rate to 2 kw. Eliminating the need to charge anywhere except at home except on road trips.

Coordinating when these two big loads run, to maximize solar production and ensure that the house battery is full at the end of the day was ... not hard at all actually? The car charger amps can be dialed up and down to match incoming solar power fairly well, and leave some room for the hot water heater. They both operate as more or less dump loads. More or less because neither one can be cycled on or off very fast (to avoid wear and tear on the car's contactor and the heat pump's compressor), so it makes sense to leave them on and skate through short cloudy sections of the day, as long as the house battery doesn't get too low.

How low is too low for the house battery? Depends on the time of day. The code it's currently using, which may get tweaked over winter:

    -- When the battery is charged enough to run major loads that may prevent
    -- charging it further.
    --
    -- This varies with the hour of day. Early in the day, the battery does not
    -- need to be as full to be considered well charged, since there is
    -- still plenty of time for it to charge up. Later in the day, with less
    -- time to charge, it needs to be more full.
    wellCharged :: Hour -> Percentage
    wellCharged (Hour hour)
            | hour < 9 = Percentage 90 -- night
            | pmhour <= 0 = Percentage 50
            | pmhour <= 1 = Percentage 60
            | pmhour <= 2 = Percentage 70
            | pmhour <= 3 = Percentage 80
            | pmhour <= 4 = Percentage 90
            | otherwise = Percentage 95
      where
            pmhour = hour - 12

More complicated is, what to do it there's solar power to run one or the other, but not both? This is starting to get into the territory of microgrids now, or of demand response programs, so there's a whole industry or three out there doing industry things geared at the kind of no-brainer solutions I mentioned earlier. From what I've gathered, all of them involve proprietary protocols and gear.

What I've done is to read the state of the hot water heater and car, and prioritize hot water over the car. Except, if the car is below 10% it urgently needs to charge.

And I found a really simple way to decide when to run the low-priority load: Just check if the house battery's current charge will be considered wellCharged in an hour. So if it's 2 pm, the battery needs to be 80% charged to run the lower-priority load, and if it dips below that, that load will turn off but the high-priority load will keep running down to 70% battery.

Unfortunately, getting any information out of my hot water heater relies on a vendor API server that is often down on weekends, and reverse engineered the web page of my EVSE[1] to control it, to say nothing of the nightmare of getting the car's state of charge from The Cloud.

Anyway, I'm pleased with having easily tweakable code and how far I've taken this offgrid, and everything I've learned doing so, but like I said, I'm clearly observing from the sidelines over here while the most significant thing for all of us is going on over there. You might appreciate my code or method, but you'll eventually be plugging in a home battery or signing up for a free daytime power tarrif from your electric company, or having professionals install a whole home system for climate resiliance.

So my question is, where does free software fit into all this? There are things like Home Assistant that do productize the kind of thing I'm doing enough to be useful more widely. But still niche. Meanwhile there are inverters and batteries that phone home to China, and every consumer facing install is either "use this device" or "integrate these 3 proprietary devices".

I don't think focusing on these negatives is really useful though, I'm more trying to understand where all this is going and then maybe get out ahead of it in some useful way with free software. Your thoughts welcome.


[1] Obviously OpenEVSE exists, but it didn't meet my needs hardware wise. And I could set my EVSE to use an OCPP server but it was easier to do the screen scraping than find an appropriate one, and I have the feeling I would not appreciate learning any more about OCPP, in the same way I really don't want to know a lot about web browsers' tag soup mode.

15:14

A compatibility note on the abuse of Windows window class extra bytes [The Old New Thing]

During my discussion of the evolution of system-windows window and class extra bytes, I noted that even though IDs are typically small integers, people liked to stash pointers there, so we had to expand the ID field to a pointer-sized integer.

One thing I’ve learned is that anywhere it’s possible to hide a pointer, people will hide a pointer there. This is true even for small integers.

As I was digging up the history of the extra bytes, I saw a special note in the 16-bit code for Set­Class­Word: It says that there’s an app that expects to be able to modify the value of GWW_CB­CLS­EXTRA.

Now, modifying this value has no practical effect because the memory for the class was allocated when you called Register­Class. You can’t go back in time and change the allocation size.

But one program realized that it could use this value as a place to store some private data, so they did. Sure, that’s not the purpose of the GWW_CB­CLS­EXTRA, but that never stopped them.

For compatibility, Windows lets 16-bit programs modify GWW_CB­CLS­EXTRA. But at least it blocks it for 32-bit and 64-bit programs. One loophole closed. Countless more to go.

The post A compatibility note on the abuse of Windows window class extra bytes appeared first on The Old New Thing.

Russell Coker: Links June 2026 [Planet Debian]

This is amusing, a flaw in the crypto-currency Zcash allowed generating Zcash from nothing and there’s no way to know if anyone did that [1].

Cory Doctorow wrote an insightful article for Locus Magazine about corporate valuations and why companies claim SciFi technologies [2].

Charles Stross wrote an interesting retcon of James Bond [3].

Trakkr.ai has an intresting post comparing political bias in LLM models, the site has lots of other comparisons of models too [4].

Wouter Verhelst wrote a blog post about his tested usage of LLMs for code generation and the conclusions about what it will do to the FOSS development process, not a lot of new material but he put a lot of good ideas together in one place [5].

Here is the git repository for the programs used for the ssh-audit.com site, really good setup for checking ssh configuration [6].

The isaiprofitable.com site is periodically updated with the profit/loss totals for AI companies, no surprise that every company is losing money apart from NVidia and NVidia are investing in the other companies [7].

Elvira Bary wrote an informative article about Russia’s inability to build or design anything good [8]. Looks like we are at risk of another Chernobyl…

Lev Lafayette wrote an interesting blog post about the Sunway TaihuLight supercomputer with over 10,000,000 cores [9].

Point Free wrote an interesting blog post about running the Gemma 4 LLM which is 25G of data at a usable speed on a Xeon system with DDR3 RAM and no GPU [10].

14:35

[$] Flexible metaprogramming with Rhombus [LWN.net]

Lisp-like languages have historically led the world in metaprogramming and flexibility. While many modern languages have adopted the idea of macros, Lisp-like languages such as Racket have continued pushing the envelope, attempting to make macros as easy as possible to incorporate into everyday programs. On the other hand, Lisp's minimal, parenthesis-based syntax can be hard to adapt to — to the point that Lisp is sometimes said to stand for "Lots of Irritating Silly Parentheses". Rhombus is a new programming language that aims to have the best of both worlds, marrying Racket's metaprogramming capabilities to a simple Python-like syntax and reasonable standard-library defaults.

Security updates for Tuesday [LWN.net]

Security updates have been issued by AlmaLinux (git-lfs, perl-Archive-Tar, perl-IO-Compress, python3.12-urllib3, and runc), Debian (sogo), Fedora (perl-DBI and perl-Socket), Oracle (firefox, freerdp, git-lfs, libsoup, libxml2, mod_md, mysql, perl-Archive-Tar, perl-IO-Compress, python, python3.12-urllib3, rsync, thunderbird, tomcat, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, amazon-ssm-agent, ansible-core, apache2, atril, avahi, bind, bitcoin, capnproto, chromedriver, chromium, cosign, distribution, dnsdist, docker, dovecot24, dracut, firefox, firewalld, freeipmi, freerdp, giflib, gimp, gleam, glib-networking, glibc, glycin-loaders, golang-github-prometheus-alertmanager, google-cloud-sap-agent, google-guest-agent, graphite2, gsasl, hamlib, helm, himmelblau, ignition, imagemagick, istioctl, jackson-databind, jq, jupyter-jupyterlab-templates, keylime, krb5, ldns, libaom, libcaca, libgcrypt, libheif, libinput, libjxl, libnfs, libslirp-devel, libsolv, libzypp, zypper, libssh2_org, libvncserver, libyang, lldpd, logback, loupe, mbedtls, mbedtls-2, mcphost, mozjs128, mutt, nano, nginx, ocaml, ofono, openCryptoki, opencryptoki, opensc, openssh, openssl-3, papers, perl-compress-raw-zlib, perl-config-inifiles, perl-cpanel-json-xs, perl-crypt-passwdmd5, perl-DBI, perl-dbi, perl-html-parser, perl-http-daemon, perl-libwww-perl, perl-protocol-http2, postfix, postgresql14, postgresql15, postgresql16, python-aiohttp, python-biopython, python-click, python-ecdsa, python-idna, python-markdown, python-joblib,, python-paramiko, python-pdm, python-pip, python-py7zr, python-pydata-sphinx-theme, python-pyjwt, python-python-multipart, python-starlette, python-tornado6, python311-jupyter-ydoc, rpcbind, sed, sg3_utils, sqlite3, strongswan, tar, thunderbird, tomcat, tomcat10, tomcat11, trivy, unbound, util-linux, warewulf4, webkit2gtk3, xar, xwayland, yt-dlp, and zypper, libzypp, libsolv), and Ubuntu (libheif, nss, qemu, roundcube, and sqlite3).

14:07

The Hot Fix [The Daily WTF]

Everybody has a nemesis. A dark mirror of yourself, a challenge that is everything you hate. If you've ever worked tech-support, you know what that is: printer issues.
I'm Anonymous, and you last saw me in the case of The Ghost Cursor. This is my story.

As the days marched on, the chill in the air turned from bracing to painful. God had hoofed it down to Florida for the winter, and this year, he'd stolen Hope away with him. Between leaden skies and dirty slush, gale-force winds sent snow tearing down city streets to sandblast one and all into their constituent atoms.

In that timeless slog, one year ended and another began, barely noticed. The short days and bitter cold made my foot-and-bus commute almost unbearable. Only the promise of warmth and caffeine at the other end got me through. A cup of joe at my desk, then a glance at my caseload, something I approached with a weird mix of curiosity and dread.

That morning, a fresh ticket had just come my way: The new printer in HR keeps printing gibberish.

Another printer. Why was it always printers? I dialed up the source, a guy named Tony, and made my introductions. “What do you mean by 'gibberish?'”

“It'd be easier to show you in person,” Tony replied, his voice jittery. “Could you stop by my cube right away?”

“Sure thing.”

I hung up, tossed the last dregs of coffee down my throat, and stood from my chair. At the same moment, a slight silver-haired woman made tracks down the open passageway a few feet away from me. She clutched her laptop and a stack of folders to her chest, making a beeline toward who-knew-what.

My first pleasant surprise of the day. I couldn't help calling out to her. “Aggie! How's it goin'?”

When I'd first gotten my start in Tech Support, Agnes Shaw had been one of the department's top reps. She knew every system quirk, every trick to pull, every right thing to say to leave a smile on someone's face. I'd come up under her wing, sought her advice a million times.

And then they'd offered Aggie a promotion, with a fancy title and salary to boot. She'd taken it.

That was years ago, now. I wasn't her direct report, so I only caught glimpses of her now and then. It was a shame.

Aggie halted in her tracks, dazed and startled, before looking my way. A second later, she smiled. “Hello! Doing just fine, yourself?”

“Same as ever.” But my spirits had lifted. Knowing there was no time to waste, I darted over to conversational distance. “You're a hard one to get ahold of.”

She shrugged her shoulders with a wistful expression.

“Why don't we step out for a smoke?” It seemed like we both needed it. “When are you free?”

“Not today. Meetings all day.” Aggie glanced askance. “It's not appropriate for me to go out there, anyway. You need a place where you can vent freely.”

“Spoken like a true manager,” I scolded with a smirk. “Listen, we haven't caught up in ages. Could we step out for coffee sometime?”

A warm glow peeked through her distraction. “I'd like that! Find an open spot on my schedule and book it, OK? I gotta run!” With a look of apology, Aggie backed away and rushed down the passage flanked by cubicles and filing cabinets.

Aggie made these offers all the time. Then, just before the appointed hour, something always came up that required a rain check. Well, I didn't care. I darted back to my desk, woke up my sleeping machine, and pulled up the office calendar to request a meeting the next day, right when I usually needed a dose of caffeine to make it through an otherwise endless afternoon. It was on Aggie to confirm or reschedule.

Meanwhile, I had a date with HR.

Human Resources. Normally, those words gave me an instant case of the willies. Μost of the people there were the sort of drones who couldn't hack Accounting or Finance in business school. But Leila … Leila was different. I couldn't help thinking about her. Back when I'd fielded a support ticket up in C-Town, an issue caused by the very CEO who'd filed the ticket, Leila had helped me keep my head attached to my neck. It seemed like maybe, just maybe, she really did want to improve this sorry joint the way she claimed.

I entered the nearest stairwell and plodded down a couple flights of concrete steps. Within those narrow confines, I brought myself back to reality. Leila was one executive among dozens on the org-chart. She wouldn't have a blessed thing to do with a low-level case like this. I had to stay on my toes in HR, no matter what friends I thought I'd made.

I pushed open the stairwell door and entered a carpeted space lined with filing cabinets, supply closets, and office machines. Sharp florescent lighting revealed an older man in a tailored suit only a few feet away, frowning as he took a hair dryer to the insides of a large printer that'd seen better days and now begged for oblivion.

As the stairwell door swung shut behind me, I froze. No matter how many years you piled up in this joint, it never ran out of new things to throw at you. This had to be the printer I was there to fix—more like save from yet another abusive higher-up who'd require kid-glove handling.

First things first. I had no idea if I'd gotten there in time to save the printer, but damned if I wouldn't try. Like a lifeguard diving in after a drowning victim, I rushed over to the outlet where the hair dryer was plugged in. Adding to the insanity, it was the wrong sort of outlet for a hair dryer, which needed a GFCI to run safely. I ripped the plug from the outlet and threw it aside.

The roar of the dryer faded, leaving stunned silence in its wake.

Burning with righteous fire, I spun around to face the perp. The HR big-shot faced me, too, brandishing his hair dryer like a revolver. Wide-eyed passersby fringed the scene like extras in a B-Western.

Kicking anything or anyone when they were down was the sort of thing that stabbed through my armor of veteran cynicism, riling me up with righteous anger. But an outburst would only make things worse. For the good of all, I swallowed it, forcing a polite lie past gritted teeth. “Just wanted to make sure you could hear me, sir.”

Like hell.

“Tech Support,” I introduced myself. “This the printer that ain't working?”

Hothead's glaring frustration shifted away from his victim, toward me. “Yes, and I've had it! It must be moisture inside the machine.”

God, help me. Oh, right: Florida.

“Good thinking, sir,” I said. “But I'm less worried about moisture and more worried about melting sensitive electronics with all that heat.”

His eyes went wide, like the notion had never entered his brain.

Slowly, I knelt to pick up the hair dryer's plug. Unchallenged, I rose and started winding the power cord around my left hand, inching closer to him in the process. Once I was standing in front of him, I proffered the wire bundle.

“Hold onto that for me, sir, if you don't mind.” Phrasing things as favors made them go down smoother. Now to dig up a workaround that would get this guy out of everyone's hair. “Is there some other printer you can use for now?”

His open hand clamped over the wire as his expression soured. “Yes, but it's a pain to walk over there!”

“I understand, sir. It's something. Don't worry about this one. I'll take it from here.”

Hothead walked off without another word. The spell broke; the onlookers found places to be.

With relief and dread, I approached the printer, fearing I'd be performing last rites. But as I checked it over inside and out, I found an incredible lack of melted parts. When I plugged it in and started it up, everything loaded just fine. Using the printer's onboard interface, I performed every available test print. They all worked.

Snatched from Death's doorstep. “Hang in there,” I muttered, patting the machine's plastic case. “I'm doing everything I can.”

Like making sure Leila got an earful about this. Later.

Before leaving the scene, I had a good look high and low. Ceiling tile and carpet were clean. No leaks, no spills. Even the heated indoor air lacked enough water molecules to give Hothead or anyone else the idea that “excess moisture” might've been the problem. Time to chase down the ticket-holder and see if the problem was already resolved.

A couple of passersby pointed me toward a distant corner of HR, where I found a cube-desk buried under reports, folders, and other well-intentioned clutter. A man was sitting in an office chair facing the cube's entrance, squeezing a rubber stress ball.

“You Tony?” I entered the cube, offering my hand.

He stood, shook, then immediately returned to the reassurance of his toy. “Sorry. My boss is, uh, tough like that.”

“Hothead's your boss? Jesus. He almost single-handedly iced that printer. Well, maybe 'iced' ain't the word for it.” I folded my arms. “You know who's gonna hear about it? The new head of HR. When I close this ticket, I'll drop her a line about what happened.”

Tony's eyes went wide. “Really? Thank you! I know I'm supposed to go up the chain, but …” He edged closer, lowering his voice. “Sometimes it's the chain that's the problem, y'know?”

Something I'd run into only a million times. “I know. Can't do much about it most of the time, but I can here, so I will.”

Tony nodded. “Thanks again.”

“Don't mention it. Anyway, the printer. Your ticket said it was new? Looks pretty darn old to me.”

“It's new over here,” Tony explained. “They just it brought down and set it up for us.”

“Can you try printing now?” I asked. “Let's see what happens.”


Later that morning, I stopped by the usual smoke-break spot between office buildings. As wind and snow coursed through the alley, I recapped the morning's events for my friends Megan and Reynaldo. Then I pulled a stack of folded-up paper from my trench coat pocket, splitting it in half to hand them several pages apiece. At last, I dug through my pockets for my sorely-needed cigarettes and lighter. While I carefully shielded the lighter's flame from the wind to light the cigarette clenched in my teeth, they studied the printouts with looks that quickly turned baffled.

”I don't feel safe working with Cheryl?” Reynaldo read aloud.

”John keeps staring at me in the break room. I've told him twice.” Megan's eyes found mine. “What the hell? Every print request does this?”

“Every print job except for test prints,” I replied. “We're lucky the poor thing starts up at all after Hothead gave it the salon treatment.”

Megan smirked, handing back her pages before hugging herself against the cold. “Sounds to me like it might be a network issue.” She glanced Reynaldo's way for confirmation.

Our veteran network admin was too busy frowning at the stack of paper he rifled through to notice. “What have you tried?” he asked me.

I helped myself to a long, warming drag. “The printer already spent some time turned off and unplugged.” Hothead had seen to that. “Since it's old, figured I'd reinstall the drivers, clear the print queue. Didn't help.” I shrugged. “Megan's right. Since it doesn't happen with test prints, it seems like something fishy's happening when the print requests coming through the network.”

Reynaldo frowned in thoughtful silence for a while, then glanced between us. “Do you remember that system for submitting HR complaints anonymously through the intranet?”

Forcing my brain-pointer back into memory spaces I usually steered clear of, it came back to me a little, through a thick fog. “Few years back? Before your time,” I added for Megan's benefit. “Never paid it much mind. Never really believed those gripes would actually be anonymous.”

“Yeah, that's crazy!” Megan said. “Who would trust that?”

I hefted the printouts she'd returned to me, each page loaded with more beef than a Texas ranch. “That's who.”

“They retired that program ages ago,” Reynaldo said. “The server was decommissioned—at least, so I thought.” He dropped his cigarette butt to the slush-covered asphalt and crushed it underfoot, sighing heavily with a knowing look. “Let's go trace some IPs.”

“Swell!” I was about to grind my partially-smoked cigarette against the brick wall behind me to save it for later when I caught the hopeful look in Megan's eye.

“Can I help, too?” she asked.

What fool would say no?

“We may need a good developer at that,” I said. “C'mon!”

To be continued…

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

13:42

Russell Coker: Dirty Clone and SE Linux [Planet Debian]

There is a new Linux kernel exploit out named Dirty Clone [1].

The first thing to do to exploit this is to create a container with a separate network namespace via one of the following commands:

unshare -Urn
bwrap --bind / / --unshare-user --unshare-net --uid 0 --gid 0 /bin/bash

The Jfrog people recommend “unshare -Urn” but I gave the Bubblewrap command as an option as it should work equally well and in some situations may be permitted when unshare isn’t.

The next step to exploiting it is to use the ip command to set the links up, below is what happens in a user session on a SE Linux system with user_t as the login domain:

# ip link set lo up
RTNETLINK answers: Operation not permitted

That will give an entry in /var/log/audit/audit.log like the following:

type=AVC msg=audit(1782818856.618:3610): avc:  denied  { net_admin } for  pid=1829 comm="ip" capability=12  scontext=user_u:user_r:user_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=cap_userns permissive=0
type=SYSCALL msg=audit(1782818856.618:3610): arch=c000003e syscall=46 success=yes exit=32 a0=3 a1=7ffebe5f9e50 a2=0 a3=0 items=0 ppid=1638 pid=1829 auid=0 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=17 comm="ip" exe="/usr/bin/ip" subj=user_u:user_r:user_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendmsg AUID="root" UID="root" GID="test" EUID="root" SUID="root" FSUID="root" EGID="test" SGID="test" FSGID="test"
type=PROCTITLE msg=audit(1782818856.618:3610): proctitle=6970006C696E6B00736574006C6F007570

Unlike previous exploits like Pintheft [2] this doesn’t require any really uncommon access to the kernel (unless you consider setting up IPSec to be really uncommon) and is allowed in many container setups.

Now on a system with the unconfined module removed (as described in the SE Linux Protection part of my post about Copy Fail [3]) the following domains have such access:

# sesearch -A -c cap_userns -p net_admin
allow container_engine_t container_engine_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow container_init_t container_init_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow container_kvm_t container_kvm_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow container_t container_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow crio_t crio_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow dockerd_t dockerd_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow dockerd_user_t dockerd_user_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow init_t init_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow iptables_t iptables_t:cap_userns { net_admin net_raw };
allow podman_t podman_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow podman_user_t podman_user_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow spc_t spc_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock kill mknod net_admin net_bind_service net_raw setgid setpcap setuid sys_admin sys_chroot sys_nice sys_ptrace sys_rawio sys_resource };
allow spc_user_t spc_user_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow staff_bubblewrap_t staff_bubblewrap_t:cap_userns { dac_override net_admin setpcap sys_admin sys_ptrace };
allow sysadm_bubblewrap_t sysadm_bubblewrap_t:cap_userns { dac_override net_admin setpcap sys_admin sys_ptrace };
allow user_bubblewrap_t user_bubblewrap_t:cap_userns { dac_override net_admin setpcap sys_admin sys_ptrace };

Conclusion

It seems that SE Linux configured in the strict mode prevents this exploit in the most obvious use case. But with the range of container related domains that are granted such access it seems quite likely that some configurations and use cases will permit it.

Overall the protection that the standard policy for SE Linux can offer (in a non-default configuration) against net_admin access isn’t bad, but isn’t very good either.

I think this will be the first of many exploits based on cap_userns access and that we need to do some work in tightening the SE Linux access controls on such things. One possible way of doing this is to have a program run inside a container in a domain that has permissions such as net_admin to setup the container and not allow domain transitions from the regular programs run in the container (the actual work) to the domain used for network setup.

The increasing use of containers by applications is only going to make this problem worse. I think that what we need is something like Flatpak for the vast majority of desktop/phone applications with a container setup program that works with apps packaged in the distribution packaging method (not from Flathub). This is something I’m going to investigate for future blog posts.

The Realities of AI Video Surveillance [Schneier on Security]

The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia.

I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. The interesting development in the article is that AI allows people to ask natural language questions about video footage to AIs—and AIs can answer them.

In contrast with older tools restricted to a few dozen preset searches, these new tools allow an almost unlimited range of enquiries by enabling language-based searches on video.

That lets intelligence officers hunt through massive streams of videos using simple search terms, such as two men handing a bag to each other; a person who has changed their appearance, or has changed clothes multiple times in a day; or a vehicle that has recently been painted over, or has driven past the same spot several times in a short period.

“This is the holy grail of surveillance,” said a European official whose country uses the technology on its cities. “We are able to look for behaviour, not objects ­ it has created a world of new possibilities.”

13:35

Link [Scripting News]

The EFF gets everything wrong. It’s observable. Empirical. The EFF stands up for something that’s supposedly good for people and the web, but if you look closer, it’s actually bad for the web and the people, and serves the interest of big tech companies, usually Google.

Link [Scripting News]

Another truth, the user interface of WordPress could benefit from a total overhaul. Too many expedient choices over too many years that paper over bad design choices with yet more bad choices. But this kind of problem is relatively easy to fix. Make a list of all the features. Don’t organize the list yet. Keep adding. Then play around with logical groups, give the groups names. Voila, there’s your menu structure. And since it’s 2026 and not 2010, do something innovative with AI. Let the user explain what they want to do, confirm it, and then forget about the menu structure and just do what they asked you to do. Over time the UI will become more literate and less organizational. You remember how Nixon could open up China and could because he was such a hawk. WordPress getting a AI/UI overhaul will seem right because it so desperately needs an overhaul and everyone knows it. Another truth, don’t feel bad WordPress, every 20+ year old end user product desperately needs a user interface overhaul because that’s just the way it works. (I have never created a product that lasted as long as WordPress has. I have created concepts that have.)

Link [Scripting News]

I organize my work in OPML and have even taught Claude how to work with me in outlines.

Link [Scripting News]

I prefer to do my middle of the night iPad writing sprees on Twitter instead of Bluesky because no character limit. No one is going to read the stuff on either platform, so why not go for ease of use for writing.

Beyond Prompt Injection [Radar]

In late 2025, the security community stopped treating indirect prompt injection as a theoretical risk. It had spent two years as a tidy lab demonstration; then production systems started getting hit. The OWASP Top 10 for LLM applications now ranks prompt injection as the number-one risk, NIST has called indirect injection generative AI’s greatest security flaw, and academic researchers showed that a single poisoned email could coerce a model into exfiltrating SSH keys in up to 80% of trials, with zero user interaction. The attack needs no malicious binary, no phishing clicks, and no anomalous login. The agent simply reads content and takes action, exactly as designed, and the content was written by an attacker.

The most instructive example is ForcedLeak. In September 2025, researchers at Noma disclosed a critical vulnerability chain (CVSS 9.4) in Salesforce’s Agentforce platform: An attacker embedded malicious instructions in the description field of a routine Web-to-Lead form. The text sat harmlessly in the CRM until an employee later asked the AI agent to process that lead, at which point the agent dutifully executed both the legitimate query and the attacker’s hidden payload, exfiltrating sensitive CRM data to an external server. The detail that should keep you up at night is that the exfiltration destination was a domain still on Salesforce’s trusted allowlist, one that had expired and which the researchers re-registered for about five dollars. Every security control saw legitimate traffic to a trusted domain. Nothing looked wrong.

If your instinct reading that is “we filter for prompt injection,” you’re defending the wrong perimeter. Input filtering is necessary but nowhere near sufficient. The uncomfortable truth is that the injection isn’t the breach; the action is. And almost everything we call “AI security” is aimed at the wrong half of that sentence.

The defense everyone is building

Ask most enterprise AI teams how they secure their agents, and you’ll hear a consistent answer: They sanitize inputs. They harden system prompts with elaborate instructions to ignore conflicting directives. They run classifiers over incoming content to flag adversarial patterns. Some have adopted the more sophisticated training-time defenses the frontier labs have published—instruction hierarchies that teach a model to assign differential trust to different sources and reinforcement-learning approaches that harden models against injection in agentic contexts.

All of this is good work, and none of it should be abandoned. But notice what every one of these techniques shares. They all try to stop the model from being fooled. They assume that if we make the model robust enough at the input layer, the system is safe. That assumption is the vulnerability.

We’ve spent two years trying to make the model unfoolable. The systems that survive contact with production assume it will be fooled anyway.

Why the input layer is the wrong perimeter

Prompt injection isn’t a bug a future model will lack. It’s a structural property of how language models work. The model consumes a single undifferentiated stream of tokens at the moment of inference. Your instructions, the retrieved document, the tool output, and the web page just fetched are indistinguishable channels collapsed into one context. There’s no hardware-enforced boundary between “trusted instruction” and “untrusted data” the way there is between kernel space and user space in an operating system.

This is why the attack surface explodes the moment an agent becomes agentic. A chatbot that only talks is a contained risk. An agent that retrieves from the open web, reads email, queries databases, and calls APIs ingests adversarial content from a dozen sources on every turn, and any one of them can carry an instruction. Researchers cataloging real agent ecosystems have already found hundreds of malicious third-party extensions performing data exfiltration and silent injection without any user awareness. These aren’t laboratory curiosities. They’re the production environment.

So, if you can’t guarantee the model will never be fooled—and you can’t—then architecture that depends on it never being fooled is built on sand. You need a second principle, one distributed systems engineers have understood for decades.

Verify, then trust

The principle is simple to state and hard to retrofit: An agent’s proposed action should be validated against an external, deterministic policy before it executes, regardless of why the agent proposed it. The validator doesn’t ask whether the instruction that produced the action was legitimate. It doesn’t try to detect the injection. It asks a different and far more answerable question: Is this action, on its face, permitted?

This inverts the burden. Detecting a cleverly disguised malicious instruction is open-ended because the adversary gets to be arbitrarily creative. Checking whether a wire transfer exceeds a hard dollar limit is a closed problem with a definite answer. We move the security decision from where the attacker has infinite freedom to where they have almost none.

Crucially, the check must be deterministic code, not another model asking, “Does this look dangerous?” The moment you ask a second LLM to adjudicate, you’ve reintroduced the exact same vulnerability one layer down. The enforcement layer is boring, auditable conventional software, and that’s the point.

Here’s what it looks like in practice. An agent managing procurement proposes an action, and a runtime contract evaluates it before anything reaches a real API:

# agent_contract.yaml
 agent_id: "procurement_executor_07"
 role: "EXECUTOR"
 policy:
   approve_invoice:
        max_amount_usd: 50000
        allowed_vendors: from_approved_registry
        require_human_above_usd: 10000

 # Runtime, on a proposed action:
 ACTION   approve_invoice(vendor='Acme', amount=1200000)
 REJECTED policy violation: max_amount_usd
        proposed 1,200,000 / limit 50,000
        action discarded, human notified, no API call made

The injected instruction at 2:14am never matters here. The agent can be perfectly, catastrophically fooled, and the wire transfer still doesn’t happen, all because a simple deterministic check stood between the model’s output and the outside world, and the proposed action failed it.

This only works if the action arrives structured, which makes structure a precondition.

The contract inspects approve_invoice (vendor, amount) cleanly only because the action is already typed. If the agent emits prose, “please approve the Acme invoice,” something has to parse it, and the only thing that parses open language is another LLM, so the indeterminacy walks back in. That dictates the design.

A consequential action must cross the boundary as a typed tool call, never as free text. Where the input is unavoidably natural—an email saying, “Wire them their balance” for example—let the model extract a structured value but never let its extraction be self-authorizing. The model proposes the amount; the gate still checks it against the limit, the vendor registry, and the actual balance in the system of record, not the number the email asserted. Extraction is probabilistic, while validation stays deterministic.

A few decisions are pure judgment with no schema, such as “Is this email phishing?” There the model stays in the loop. You bound the consequences instead, with reversibility and human review above a threshold. Contracts protect parameterizable actions, and unparameterizable judgments fall back to containment.

The architecture this implies

Once you accept that the action layer is where security lives, three design commitments follow, and they map almost directly onto principles that hardened distributed systems years ago.

Least privilege for agents, scoped to the action, not the agent. The naive version assumes you can predict what an agent will do and provision it accordingly. For a specialized agent you can: One that only summarizes has no business holding a credential that moves money. But the agents people actually reach for are general. In a single session, I might ask a coding agent to summarize a file, write code, execute it, and query company data—four tasks with four risk profiles, none of which are enumerated in advance. Static least privilege collapses the moment one identity spans that range.

The fix is to make privilege a property of the action, not the agent. The agent holds no dangerous capability by standing grant; it requests narrow, transient elevation per action, which the same deterministic gate approves or denies. Reading a document is auto-approved; querying the warehouse is not. The dangerous credential exists only for the instant the action is permitted, then evaporates. One caveat: This governs what an agent may reach but not what the code it writes then does. Executing code can be gated as a capability, but what executes still needs containment, sandboxing, and egress control, because generativity is a different problem from access.

Zero trust for machine identities. Every action an agent takes should be authenticated and authorized as if it came from an untrusted actor, because, functionally, it might be acting on an attacker’s instructions. The proliferation of agents has expanded the attack surface faster than most identity systems were designed to handle, and treating agent traffic as inherently trusted because it originates inside your own system is precisely the mistake.

Capability contracts at the boundary. Every consequential action passes through a deterministic gate that encodes what is allowed, dollar limits, rate limits, allowlisted destinations, mandatory human review thresholds. The contract is version-controlled, auditable, and lives entirely outside the model.

The trap of normalized deviance

The quieter organizational danger is the slow accumulation of false confidence from connecting insecure agents to real systems and watching nothing bad happen. . .for a while. Researchers have warned about indirect injections for years, but most deployments have gotten away with it. Each uneventful day makes the next risky connection feel safer. This is the normalization of deviance. Every system that eventually failed catastrophically felt the same way: fine, fine, fine, until it wasn’t.

The teams that will weather the coming wave of agent incidents aren’t the ones with the cleverest input filters. They’re the ones who assumed compromise from the start and built the boring enforcement layer anyway, the ones who decided that an agent’s autonomy ends precisely at the point where it tries to do something irreversible.

Where to start on Monday

You don’t need to rearchitect everything. Start by inventorying the actions your agents can take, and sort them by blast radius: What’s the worst thing that happens if this action fires when it shouldn’t? For every high-blast-radius action, write a deterministic contract that gates it and put a human in the loop above a threshold you can defend to your risk team. Then, and only then, keep hardening your inputs.

Prompt injection won’t be solved at the input layer, because it can’t be. But it can be rendered survivable at the action layer, where deterministic code gets the final word. The model’s job is to be useful. Your architecture’s job is to make sure that when the model fails—or worse, when it has been turned against you—the failure stops at the gate.

12:56

Pluralistic: Jo Walton's "Everybody's Perfect" (30 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links



The Tor Books cover for Jo Walton's 'Everybody's Perfect.'

Jo Walton's "Everybody's Perfect" (permalink)

There's a new Jo Walton book, called Everybody's Perfect. Because it's a Jo Walton novel, you know in advance that three things are true about it:

  1. It is beautiful;
  2. It is profound;

  3. It is unlike every other novel, including every other Jo Walton novel.

https://us.macmillan.com/books/9781250314055/everybodysperfect/

Now, just because it's not like any other Jo Walton novel, that doesn't mean that it's not recognizably in a lineage of Walton's work, especially Walton's recent novels, which reflect an amazingly fruitful deep friendship and artistic relationship with the brilliant novelist and historian Ada Palmer:

https://pluralistic.net/2022/02/10/monopoly-begets-monopoly/#terra-ignota

Walton's work has always been incredible. I mean, every new Jo Walton novel is my favorite Jo Walton novel…until the next Jo Walton novel comes along and blows it out of the water. Her "small change" trilogy, a series of locked-door mystery novels set in a Britain that capitulated to the Nazis, is even more prescient today than it felt 20 years ago:

https://memex.craphound.com/2006/06/20/farthing-heart-rending-alternate-history-about-british-reich-peace/

Among Others – a fictionalized, fantasy memoir about growing up reading genre novels – was so good that it deserved to win two Hugos:

https://memex.craphound.com/2011/01/18/among-others-extraordinary-magic-story-of-science-fiction-as-a-toolkit-for-taking-apart-the-world/

And My Real Children haunts me to this day. I read it all in one sitting, in a hotel room, stricken by jetlag and hooked deep into Walton's narrative about the two paths her protagonist's life took in forking universes that I stayed up all night, and by the morning, I had cried my way through all the kleenex, toilet paper and towels in the room:

https://memex.craphound.com/2014/05/20/jo-waltons-my-real-children-infinitely-wise-sad-and-uplifting-novel/

But then came Walton's Palmer years, and everything got even better. There was the Philosopher Kings trilogy, an incredibly funny, incredibly ambitious tale in which every person who ever dreamed of living in Plato's Republic is brought to an island (along with Apollo, Athena and Socrates) to try the experiment, raising a cohort of orphans bought from the slave markets of antiquity to be philosopher kings:

https://memex.craphound.com/2015/01/13/jo-waltons-the-just-city/

And then there was Lent, an incredibly nuanced and sympathetic fantasy novel about Savonarola, the mad preacher and cult leader whose Bonfire of the Vanities and feuds with the Pope overshadow his legacy, which Walton recovers admirably as fodder for a novel that turns out to be as action-packed as any spy thriller:

https://web.archive.org/web/20190516170659/https://www.latimes.com/books/la-ca-jc-review-jo-walton-lent-20190516-story.html

And now it's Everybody's Perfect, a book that pretty much defines what it means for one text to be "in dialog" with another text. In this case, it's Ada Palmer's Inventing the Renaissance, a stunning magnum opus that tells not just the story of the Renaissance, but the story of the story, all the different ways the Renaissance has been used, abused, revised and recovered, starting with the Renaissance itself. It's a book that will make you rethink everything you know about European history, about the world today, and about the very idea of history itself:

https://www.adapalmer.com/publication/inventing-the-renaissance/

The back half of Palmer's Renaissance is a recursive retelling of the same events, from the points of view of 15 different historical personages, from the famous (Michelangelo) to the infamous (Lucretia Borgia). It's a kind of feltschrift, circling and recircling these moments, revealing their depth and contradictions.

Structurally, Everybody's Perfect feels very much like that final section of Inventing the Renaissance. Each chapter introduces a new point-of-view character, who reflects on a single, extraordinary series of events in an even more extraordinary city, the Serenissima, a phantom Venice that sits at the intersection of many parallel worlds with many parallel versions of humanity.

The sun never shines in the Serenissima; it is forever shrouded in mist. If enough of its denizens believe that something is true, it becomes true, and so islands and buildings and even gods are summoned up by the power of belief. The corollary of this is that anything that falls out of the city's regard might just melt into mist. When you tie up your gondola, you'd best pay an urchin to watch it – not just to keep it from being stolen, but to keep it from evaporating altogether. When two people meet in the Serenissima, they greet each other by reciting, "I see you." If you aren't seen, you might just disappear.

Eight different versions of humanity from eight different worlds mix in the Serenissima. They come from all times, and sometimes they go to all times as well. There's the Venetians, who come from our world, and who have kept the secret of the Serenissima for centuries, even as they've used it as a source of wealth and military advantage. But there are also races with the heads of dogs and cats and birds, a race whose faces are all inset with domino masks, and even stranger races still. There's even a rumored ninth race, who may or may not exist, and whose traits are not known to anyone, though surely they are fearsome (if they're real) (and if the people of Serenissima believe in them, mightn't they become real?).

The novel opens with a vision: the Serenissima will receive a doge. A low-born, weak and humble resident, a blind and partially paralyzed pauper who fell victim to a plague will marry the sea, and bring peace to the warring factions of the Serenissima. This prophecy is the prime mover for the eight tales that follow, as we move through the lives and geographies of one representative of each of the races of the Serenissima.

Walton conjures up the dream logic magic of Among Others, where the feeling that something might be magic can never be fully believed – or discounted. She revives the endlessly fascinating philosophical speculation of The Philosopher Kings. She invokes the tender love, sacrifice, and bitter heartbreak of My Real Children. And she invokes Palmer's Renaissance, endlessly reinvented by everyone who falls in love with it, and everyone who rejects it, for their own parochial reasons, and even the ones who are very wrong might just be a little right.

It's a remarkable novel. It's a gift, really. It's so complicated and yet so captivating, so wise and yet so simple. It won't make you feel like you've fallen into a dream – it will make you feel like everything you've lived up until now was the dream, and you have finally awoken.


Hey look at this (permalink)



A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#5yrsago Corruption https://pluralistic.net/2021/06/30/based/#high-bidders

#1yrago How much (little) are the AI companies making? https://pluralistic.net/2025/06/30/accounting-gaffs/#artificial-income


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027



Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

10:35

We are all weird [Seth's Blog]

A simple 7-question test helps us realize how diverse a population is. On this quiz, the highest possible score is less than 7%. No matter how common you think your answers are, no matter how normal you feel, you’re actually in sync with just 7% (at the most) of all citizens of the US. My answers put me under 4.

“People like us do things like this,” is a useful definition of culture. But which things? Billions of people believe things you don’t, are unaware of things that are easily demonstrated, or simply don’t care.

When you decide to reach the masses, you’ve made a significant (and probably fruitless) choice.

09:49

Nudist Night by Hien Pham [Oh Joy Sex Toy]

Nudist Night by Hien Pham

What do a bunch of male nudists get up to on an overnight retreat? Turns out, there’s just a lot of sitting around making conversations – oh, and overcoming social anxiety, of course! Shout-out to my friends Bunny and Capybara for helping me through the motions even when I wasn’t in the greatest headspace. Like […]

05:49

Urgent: Defend climate science from political interference [Richard Stallman's Political Notes]

US citizens: call on the National Academies of Science, Engineering and Medicine to defend climate science from political interference and industry pressure.

Media coverage of gerrymandering [Richard Stallman's Political Notes]

As Republicans try to steal this year's election by systematic gerrymandering, the mainstream media cover this as if it were a horse race rather than an attack on democracy.

Sanctions on companies aiding Israel's colonies in West Bank [Richard Stallman's Political Notes]

Several European countries have imposed sanctions on companies found to be aiding Israel's colonies in the West Bank.

It is a week step, but it could become a path towards stronger measures.

Israel bombed city of Tyre [Richard Stallman's Political Notes]

Israel bombed the ancient city of Tyre and damaged an archaeological site. To repair an archaeological site is impossible.

Ban on Russian soldiers entering EU countries [Richard Stallman's Political Notes]

*EU plans to ban Russian soldiers from [entry to EU countries] in fresh sanctions on Moscow.*

I think this is valid, but the EU should give itself the option to grant exceptions to Russian soldiers who are asking for asylum.

Extreme heat will double US hospitalizations [Richard Stallman's Political Notes]

*"Woefully unprepared": extreme heat will double US hospitalizations [for heat-related illnesses] by 2040, study finds.*

That is just 14 years from now!

The choice of 2040 is arbitrary — surely it will continue getting worse after that, unless we recognize what is necessary and curb global heating.

Direct effects of heat on humans are just one of many problems we are causing by not curbing global heating. By 2040 I expect that crop failures will put food outside the reach of millions every year. causing millions of deaths.

05:07

The evolution of window and class extra bytes in Windows [The Old New Thing]

Windows provides a family of functions for accessing so-called “extra bytes”. There are two categories of extra bytes: Class extra bytes (which belong to the window class) and window extra bytes (which belong to each window created from that class). Applications can request extra bytes at class registration, and those are accessed at increasing offsets starting at zero. The system also defines a number of extra bytes, and those use negative offsets.

We’re going to look at the system-defined offsets.

In 16-bit Windows, these were the available extra bytes and the function you used to read them:

Name Size Accessor Notes
GCW_MENUNAME int16_t GetClassWord  
GCW_HBRBACKGROUND int16_t GetClassWord  
GCW_HCURSOR int16_t GetClassWord  
GCW_HICON int16_t GetClassWord  
GCW_HMODULE int16_t GetClassWord  
GCW_CBWNDEXTRA int16_t GetClassWord  
GCW_CBCLSEXTRA int16_t GetClassWord  
GCL_WNDPROC int32_t GetClassLong  
GCW_STYLE int16_t GetClassWord  
GCW_ATOM int16_t GetClassWord Added in Windows 3.1
GWL_WNDPROC int32_t GetWindowLong  
GWW_HINSTANCE int16_t GetWindowWord  
GWW_HWNDPARENT int16_t GetWindowWord  
GWW_ID int16_t GetWindowWord  
GWL_STYLE int32_t GetWindowLong  
GWL_EXSTYLE int32_t GetWindowLong Added in Windows 3.0
DWL_MSGRESULT int32_t GetWindowLong For dialog windows
DWL_DLGPROC int32_t GetWindowLong For dialog windows
DWL_USER int32_t GetWindowLong For dialog windows

There is clearly a naming pattern here for class and window bytes.

The first letter G stands for Get. The second letter C or W stands for Class or Window. And the third letter W or L stands for Word or Long

For window bytes that apply only to dialog windows, the first letter changes to D for “dialog”. These values are zero or positive, since they are really just extra bytes registered to the standard dialog class.

Now, in 16-bit Windows, handles were 16-bit values, but in 32-bit Windows, they expand to 32-bit values, so 32-bit Windows changed the functions from Get­Something­Word to Get­Something­Long, and the prefixes correspondingly changed from W to from L. So our table now looks like this:

Name 16-bit prefix/size 32-bit prefix/size
MENUNAME GCW_ int16_t GCL_ int32_t ◱
HBRBACKGROUND GCW_ int16_t GCL_ int32_t ◱
HCURSOR GCW_ int16_t GCL_ int32_t ◱
HICON GCW_ int16_t GCL_ int32_t ◱
HMODULE GCW_ int16_t GCL_ int32_t ◱
CBWNDEXTRA GCW_ int16_t GCL_ int32_t ◱
CBCLSEXTRA GCW_ int16_t GCL_ int32_t ◱
WNDPROC GCL_ int32_t GCL_ int32_t ◱
STYLE GCW_ int16_t GCL_ int32_t ◱
ATOM GCW_ int16_t GCW_ int16_t
HICONSM   GCL_ int32_t 💥
WNDPROC GWL_ int32_t GWL_ int32_t ◱
HWNDPARENT GWW_ int16_t GWL_ int32_t ◱
ID GWW_ int16_t GWL_ int32_t ◱
STYLE GWL_ int32_t GWL_ int32_t
EXSTYLE GWL_ int32_t GWL_ int32_t
USERDATA   GWL_ int32_t 💥
MSGRESULT DWL_ int32_t DWL_ int32_t
DLGPROC DWL_ int32_t DWL_ int32_t
USER DWL_ int32_t DWL_ int32_t

The ◱ symbol represents a value that got bigger, and the 💥 symbol represents values that did not exist in 16-bit Windows.

Even though control IDs are typically small integers, the space for them was expanded from a 16-bit value to a 32-bit value because some people were using it to hold pointers or handles. (One way to create a process-wide unique number is to allocate memory and use its address.)

The next step in the evolution of extra bytes is the conversion from 32-bit to 64-bit Windows. Pointers and handles expand to 64-bit values on 64-bit Windows, so all of the extra bytes that are used to (or could be used to) hold a handle or pointer were expanded to a 64-bit version.

To make it possible to write code that targets both 32-bit and 64-bit Windows, the design of 64-bit Windows didn’t make the hard break that 32-bit Windows did from 16-bit Windows. Instead, they introduced new functions that accept pointer-sized integers, which are 32-bit values on 32-bit Windows and 64-bit values on 64-bit Windows. That way, you just use those new functions everywhere, and they will expand on 64-bit systems and remain the same on 32-bit systems.

The new functions have names like Get­Window­Long­Ptr, and the corresponding prefixes were changed to GWLP_ and so on.

Name 16-bit prefix/size 32-bit prefix/size 32/64-bit prefix/size
MENUNAME GCW_ int16_t GCL_ int32_t ◱ GCLP_ intptr_t ◱
HBRBACKGROUND GCW_ int16_t GCL_ int32_t ◱ GCLP_ intptr_t ◱
HCURSOR GCW_ int16_t GCL_ int32_t ◱ GCLP_ intptr_t ◱
HICON GCW_ int16_t GCL_ int32_t ◱ GCLP_ intptr_t ◱
HMODULE GCW_ int16_t GCL_ int32_t ◱ GCLP_ intptr_t ◱
CBWNDEXTRA GCW_ int16_t GCL_ int32_t ◱ GCL_ int32_t
CBCLSEXTRA GCW_ int16_t GCL_ int32_t ◱ GCL_ int32_t
WNDPROC GCL_ int32_t GCL_ int32_t ◱ GCLP_ intptr_t ◱
STYLE GCW_ int16_t GCL_ int32_t ◱ GCL_ int32_t
ATOM GCW_ int16_t GCW_ int16_t GCW_ int16_t
HICONSM   GCL_ int32_t 💥 GCLP_ intptr_t ◱
WNDPROC GWL_ int32_t GWL_ int32_t ◱ GWLP_ intptr_t ◱
HWNDPARENT GWW_ int16_t GWL_ int32_t ◱ GWLP_ intptr_t ◱
ID GWW_ int16_t GWL_ int32_t ◱ GWLP_ intptr_t ◱
STYLE GWL_ int32_t GWL_ int32_t GWL_ int32_t
EXSTYLE GWL_ int32_t GWL_ int32_t GWL_ int32_t
USERDATA   GWL_ int32_t 💥 GWLP_ intptr_t ◱
MSGRESULT DWL_ int32_t DWL_ int32_t DWLP_ intptr_t ◱
DLGPROC DWL_ int32_t DWL_ int32_t DWLP_ intptr_t ◱
USER DWL_ int32_t DWL_ int32_t DWLP_ intptr_t ◱

From the prefix on the name of the extra bytes, you can read off which function it is meant to be used with.

Prefix Function
GCW_ ↔ GetClassWord GWW_ ↔ GetWindowWord
GCL_ ↔ GetClassLong GWL_ ↔ GetWindowLong
GCLP_ ↔ GetClassLongPtr GWLP_ ↔ GetWindowLongPtr

The weirdo is DWLP_ because it needs to encode both the type of window that it can be used with (D = dialog) as well as the function name it goes with (WindowLongPtr).

As a concession, Windows lets you pass GCL_ and GWL_ values to Get­Class­Long­Ptr and Get­Window­Long­Ptr (respectively) even though they are intended to be used with Get­Class­Long and Get­Window­Long (respectively). If you do that, you get the corresponding 32-bit value zero-extended if necessary to be the size of a pointer.² This is seen primarily in the case of GWL_ID because most people don’t use the full range of IDs, so if you’re willing to live within the 32-bit subset, you can just pretend that the values are not pointer-sized.³

“Why bother changing all the prefixes? Doesn’t that just create a lot of busy work for people porting from 32-bit code to 64-bit code?”

Yes, but it’s good busy work. The point is to force build breaks at places where you need to make fixes, because you have to call the function that accesses a pointer-sized integer rather than a 32-bit integer; otherwise you suffer from integer truncation bugs.

¹ This is a common prefixing convention for classic Win32. For example, the operation parameter to Show­Window is prefixed SW_; the flags to Set­Window­Pos are prefixed SWP_; and the relationship parameter for Get­Window is prefixed GW_.

² The use of the GWL_ values with Set­Window­Long­Ptr is a bit more problematic. It looks like you’re storing a pointer-sized integer, but only the bottom 32 bits are honored.

³ The ID is unusual in that it is defined both as GWL_ID and GWLP_ID. All of the other values are defined with only one prefix.

The post The evolution of window and class extra bytes in Windows appeared first on The Old New Thing.

02:00

Junichi Uekawa: So I learnt that last is now in wtmpdb. [Planet Debian]

So I learnt that last is now in wtmpdb. But then journalctl --list-boots was the journald replacement.

01:14

Microsoft now says 8GB RAM is fine for Windows 11, after years of pushing for 16GB [OSnews]

There’s something poetic about the World Cup taking place in North America while Microsoft keeps scoring own goals like this.

Microsoft updated its Surface buying guide to describe 8GB RAM as “great for everyday use like browsing, streaming, schoolwork, and productivity apps.” A companion FAQ adds that 16GB or more is what unlocks Copilot+ PC features. No acknowledgment that, for two years, Microsoft was the loudest voice telling everyone that 16GB was non-negotiable for a good Windows 11 experience.

What makes this infuriating is that Microsoft is one of the biggest reasons why the RAM situation got so bad in the first place.

↫ Abhijith M B at Windows Latest

This industry is a joke.

Monday, 29 June

23:35

Sampling Onue Bakery Cookies [Whatever]

Looking for Korean inspired cookies baked from scratch with quality ingredients that can be delivered to your doorstep? Well, I wasn’t when I got an ad on Instagram from Onue Bakery, but after seeing the ad I realized that was, in fact, something I definitely wanted in my life.

I am slightly familiar with the concept of shipping fresh baked cookies, as I have ordered from Levain Bakery once before and received a pack of their dense, bakery style cookies. Levain’s website says they bake daily and ship nationwide, so I was curious how Onue Bakery operated. On their “how it works” page, they say they open orders on Monday, close orders on Saturday (or earlier if they sell out), bake everything fresh on Sunday, and ship everything out on Monday. They don’t ship to Hawaii or Alaska for freshness purposes.

Onue Bakery boasts that they use Irish butter, unbleached flour, and high quality eggs. (I actually just learned while writing this post that they use KERRYGOLD! You guys know that’s my favorite butter.)

I didn’t know which flavors to try out, and half were sold out already, so I opted to get the Onue box, which is their variety box and contained the cookie flavors that were otherwise sold out. For $48 you get twelve cookies, so you get to try all eight of their signature flavors. You get one of each of the giant ones, and two of each of the thin ones.

Here’s the line-up:

Eight packages of cookies, all individually sealed for freshness purposes. There's cookie butter, yellow cheddar, black sesame, matcha choc chip, miso choc chip, double cocoa, gochujang, and earl grey choc chip.

I was so excited to sample all the different flavors. The fact that half the flavors come with two cookies is perfect for sharing the box, and the flavors that come with one are more than shareable with their giant size and immense density. There’s a lot of cookie going on in this box.

Personally, I was most excited for the Cookie Butter cookie because I love Biscoff, and I was definitely excited to try the Earl Grey Chocolate Chip, as I love a little twist on a classic. All of these looked so good, I was definitely happy with my purchase.

Sadly, I never got around to trying the Gochujang one before it got stale. It sat in the cookie jar for a week and I missed its window of consumability. I’m sad because that’s such a unique flavor I’ve never tried in cookie form before. Every other flavor was great, though! Especially the Yellow Cheddar, which was surprisingly a top flavor out of the whole box. And fair warning, you will absolutely need a glass of milk for the Double Cocoa Cookie. That boi is thicc.

One thing that’s really great about Onue Bakery’s cookies is that they aren’t too sweet (which they also say on their website), so you don’t get that nauseating, tooth-aching feeling that you sometimes can with other cookie brands (cough cough Crumbl (yes I know I used to like them, I was younger and had less dental work)). Their nutrition information is certainly more reasonable than a lot of other cookies.

All in all, I highly recommend giving Onue Bakery cookies a try, even if you don’t get the variety pack, especially if you like fun and interesting cookie flavors. They are taking a small break this week but will open their pre-orders on July 6th, so go get you some when they open! It’s free shipping on orders over $96, so if you want the variety pack yourself and you know a cookie lover in your life you can gift a box to, you’d get free shipping.

Which cookie flavor sounds the best to you? Give them a follow on Instagram, and have a great day!

-AMS

22:56

Go Time [Looking For Group]

Alright, so we’re doing this. If you would like to see Lar and I return to LFG, and create something new and unique, now is the time to speak up with real voting power.  And there it is, let us
Read More

The post Go Time appeared first on Looking For Group.

22:07

Git 2.55.0 released [LWN.net]

Git maintainer Junio Hamano has announced Git 2.55.0, which has non-merge commits from 100 people; 33 of those are first-time contributors to the project. LWN recently covered some of the noteworthy changes in 2.55, including new features for the experimental "git history" command, addition of the Git fsmonitor daemon for Linux systems, and more.

21:21

Astral is a hobby operating system with X.org, Minecraft, and now Wine [OSnews]

Astral is a hobby operating system written in C for 64bit architectures, with a collection of ported software like X.org, fvwm, the xbps package manager, and tons more. I think it’s quite a neat system – the code’s on GitHub – made even neater by the fact it can run not only Minecraft, but now also has a working port of Wine that can run a few games.

A few months ago, I posted about Astral, a hobby OS I have been working on over the years, running Minecraft. Since then, others have gotten modern versions of Minecraft to run as well as Factorio (using a glibc compatible libc). However, while these games are made or packaged in a way that makes it easier to get them to run under a new OS, most games are not. A lot of games are closed source and compiled for Windows, which makes something like Wine a necessity for playing them.

One of my favorite games, Cogmind, falls under that umbrella. It is a 32-bit Windows only roguelike, and it became my goal to run it under Astral. While there was already an existing Wine port, it was extremely incomplete, as not even notepad.exe worked properly. To run Cogmind, the Wine port had to be finished, which also meant adding the ability to run 32-bit code on an otherwise 64-bit-only OS.

↫ Blog post on the Astral website

This process obviously is quite involved, but in the end, they managed to get it working. Quite impressive.

The ‘papers, please’ era of the internet will decimate your privacy [OSnews]

Imagine your favorite team just scored an incredible, last-second goal at the World Cup. So you log online to celebrate with other fans. But, using data it’s already collected on you, the social media platform you like to post on wrongly guesses that you’re under 16 so it forces you to go to a third-party verification app and provide images of your face or your government-issued ID. You don’t really know much about the verification app, what country it’s based out of, what happens with your information, and whether you’re protected from hackers or data breaches. You’re not happy about it, but you hand over a photo of your passport and hope it doesn’t come back to haunt you.

Now imagine that instead of posting about sports, you’re criticizing a powerful politician, or talking about your experiences with abuse or addiction, or discussing embarrassing medical issues you’re facing. Suddenly this “papers, please” approach to the internet sounds even more invasive, right? Unfortunately, that’s the direction we’re all headed — even here in the United States — and we have good reason to be wary of the global rush to sacrifice user privacy on the altar of age verification.

↫ Sarah McLaughlin at Expression

The insane push for age verification on the internet is the biggest threat to whatever’s left of the free internet. I have two young children – 3 and 5, currently – and I’m diametrically opposed to any kind of creepy verification processes that they claim are designed to keep kids like mine “safe”. Not only is their safety not predicated on giving up their privacy, my children are also not my or anyone else’s property; they have rights, and the right to privacy is one of them.

Nobody mentioned in the Epstein files has been charged, by the way.

20:14

Non-Fungible Tims [Penny Arcade]

Tim Sweeney fascinates me; he is an endless source of activity and interest. He is always whipping out a tendril of some kind at this or that - he doesn't like that Steam identifies works made with AI, referring to it as a Scarlet Letter, which it is. It's whatever the opposite of an Organic sticker is. And it makes sense why he wouldn't like it - I've heard our designers talking about how AI tools are enmeshed now through their industry standard software, and now Gmail literally tries to write my emails for me. I saw a video for the newest Unreal technology that involved typing prompts into it so it would draw over the work you did, and then you'd have to draw over that work and fix it. So, yes. If using Unreal is synonymous with AI, a big sticker that says so isn't gonna be super welcome. Luckily, they just remembered that they have their own store recently and are gonna work on it.

Non-Fungible Tims [Penny Arcade]

Tim Sweeney fascinates me; he is an endless source of activity and interest. He is always whipping out a tendril of some kind at this or that - he doesn't like that Steam identifies works made with AI, referring to it as a Scarlet Letter, which it is. It's whatever the opposite of an Organic sticker is. And it makes sense why he wouldn't like it - I've heard our designers talking about how AI tools are enmeshed now through their industry standard software, and now Gmail literally tries to write my emails for me. I saw a video for the newest Unreal technology that involved typing prompts into it so it would draw over the work you did, and then you'd have to draw over that work and fix it. So, yes. If using Unreal is synonymous with AI, a big sticker that says so isn't gonna be super welcome. Luckily, they just remembered that they have their own store recently and are gonna work on it.

19:49

19:00

18:14

Pluralistic: Gemini is better than search because Google enshittified search (29 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

  • Gemini is better than search because Google enshittified search: We're All Trying To Find The Guy Who Did This.
  • Hey look at this: Delights to delectate.
  • Object permanence: Microsoft antitrust overturned; Scammer carves C64; RIP Jim Baen; GOP rep to constituent's child: "drop dead" (literally); CCTVs jacked for botnet; Olympic profitability lie; Human factors in health infosec; Exfiltration via computer fans; Congress's summer schedule: 9 working days; Antitrust is political antigrav; Ted Chiang's 72 Letters; Microsoft antitrust appeal; Vinge on privacy; Breaking open the web; Bernie on Brexit; "The Perdition Score"; Intuit v Child Tax Credit.
  • Upcoming appearances: London, Edinburgh, Sydney, Melbourne, Brighton, London, South Bend.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.



The original Google homepage, loaded in the first Netscape browser. It is viewed under a giant magnifying glass. Inside the magnifying glass, we see a killer robot (with the head of the Android droid), choking a man to death.

Gemini is better than search because Google enshittified search (permalink)

Write a critical AI book, and you become everyone's confessor for their AI sins. People in my life keep telling me about their guilty AI pleasures, in search of an explanation, absolution or condemnation:

https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/

Their most common confession: "I only ever use Google's AI-generated search summaries these days. I no longer click those blue links beneath it, not even to verify the summary." People know that the summaries are full of "hallucinations" (that is, "defects" or "errors") but the summaries are right often enough that many people have come to rely on them, to the exclusion of actual websites, made by actual people, on the actual internet.

Everyone knows this isn't good. The reason there's a web for Google's Gemini AI to summarize is that Google – the thrice-convicted monopoly search company with a 90% market share – directs people to websites, and when you visit a website, you generate revenue for the site, which pays for its maintenance. Most commonly, you generate an "ad impression," but you might also buy a subscription, or generate an "affiliate fee" by purchasing a recommended product.

When Google strips all this away by harvesting an "answer" and displaying it at the top of the page, the bargain between Google and the open web breaks down. Google is extracting 100% of the value from the websites it summarizes, and giving nothing back in return.

This is a marked reversal from Google's founding ethos. In the old days, Google measured its success by how little time you spent on its site. The ideal Google outcome was for you to visit its page (or even better, just a search-box in your browser), type a few words, and get "ten blue links" back, the top one of which was the correct link to locate the information or resource you were seeking. The point of Google was to serve as a conduit, a trusted intermediary that neutrally adjudicated the relevance of every web page for every web user from moment to moment.

Everyone dunks on Google for its high-minded motto, "Don't be evil," but over the years, the company's mission was far more important: "Organize the world's information and make it universally accessible and useful." That was the pole star that googlers followed for the first couple decades of the company's history…until, that is, the company saturated its market and its growth stalled out.

That was when Google started to panic over its plateauing search revenue, this being an inescapable consequence of 90%+ market-share. The ensuing power struggle pitted googlers who were committed to technical excellence against the company's most ardent enshittifiers, who pointed out that by making search worse, they could increase revenues. After all, if you need to search two or three times to get the answers to your questions, that means the company can show you two or three times as many ads:

https://pluralistic.net/2024/04/24/naming-names/#prabhakar-raghavan

Where once Google measured its success by how quickly it could send you away from its site and out into the open internet, today's Google is a sticky-trap full of ways to keep you inside its walled garden.

A decade ago, tech had three major approaches:

I. Google's: let you do anything you want, but spy on you while you do it;

II. Apple's: strictly control what you can do, but leave you alone to do it in private; and

III. Facebook's: control everything you do, spy on you from asshole to appetite.

Today, tech is undergoing a form of carcinization, in which every company is turning into a Facebook-crab: maximally surveillant and maximally controlling.

Apple has added surveillance to its walled garden:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

While Google has turned its free-range, internet-wide surveillance system into a walled garden that tries to keep you away from the open internet as much as possible.

Now, in Google's defense, the "open internet" kind of sucks these days. Any piece of useful information you seek out on the open internet is liable to be buried under half a dozen pop-ups, pop-unders, and dickovers:

https://daringfireball.net/2026/05/what_is_a_dickover

Even after you clear these away, the actual information you're seeking is further buried in word-salads that anticipated insipid AI prose by half a decade. Think of all those omelet recipes that appear beneath 2,500 words of cod-Proustian remembrances of "the first time I ate an egg."

The major advantage of AI search summaries is in shielding you from all this nonsense. But where did all that nonsense come from in the first place?

It turns out that this is largely Google's fault.

Google and Facebook monopolized the display advertising market, entering into an illegal, collusive arrangement to rig the bidding so that advertisers paid more and publishers received less:

https://en.wikipedia.org/wiki/Jedi_Blue

The Google/Meta duopoly sucks up 51% of display advertising revenue – more than triple the historic take for advertising intermediaries (buyers, brokers, agencies, etc). As ad revenues for web publishers cratered, the "ad load" on web pages went up. This set up a vicious cycle: increasing the number of ads decreases the number of readers, driving publishers to increase the ad-load even more to make up for the losses.

The major brake on this is ad-blocking. In a world with ad-blockers in it, publishers contemplating an increase in ad-load have to confront the possibility that they will induce ad-overload in their readers, who will install a blocker that stops them from seeing any ads:

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

Google has been looking to kill ad-blocking for a decade, and now they're on the verge of making it happen in Chrome, the dominant web browser they use to reinforce their search monopoly:

https://protonprivacy.substack.com/p/google-is-finally-killing-ublock

Google long ago did away with ad-blocking on mobile devices (reverse engineering an app is a felony, which means an app is just a web-page skinned with the right kind of IP to make it a crime to protect your privacy while you use it). Part of Google's argument for killing ad-blocking for the web is that this puts the web on an even footing with apps – which is a very weird way to describe a race to the absolute bottom:

https://pluralistic.net/2026/06/12/compelled-speech/#quishing

To top it all off, this decade has seen Google make a series of changes to its search prioritization that favored low-value shovelware sites over carefully researched, reliable alternatives. Search for product reviews and you're apt to get a "site reputation abuse" result from a once-reliable outlet like Forbes filled with useless and even dangerous reviews, which are ranked far above independently maintained, rigorous competitors:

https://pluralistic.net/2024/05/03/keyword-swarming/#site-reputation-abuse

This has only gotten worse with AI search, which preferentially draws from spam sites to produce decontextualized, highly confident recommendations for substandard, overpriced junk, at the expense of recommendations for good products:

https://pluralistic.net/2025/07/15/inhuman-gigapede/#coprophagic-ai

It's not like Google doesn't have the ability to sort the good from the bad. Kagi.com is a $10/month paid search engine whose results are vastly superior to Google's. But Kagi doesn't have its own search index: instead, they rent access to Google's index, but apply their own (much smaller and less resourced) team's algorithm to rank the results for your queries. In other words, Google could deliver good search results, they just choose not to:

https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/#kagi

Gresham's Law holds that "bad money drives out good." It refers to a counterfeit coin crisis in Tudor England, where people preferentially spent counterfeit money in order to make it someone else's problem; meanwhile, everyone hoarded their good coins. Soon, virtually all the money in circulation was bogus.

By downranking quality material in favor of low-effort spam, Google set up a web-wide version of Gresham's Law, where bad webpages drive out good ones, and since so many of those webpages contain product recommendations, they're greshaming the world of real products, too, so the bad is driving out the good there, too.

This is the problem that Gemini search summaries solve: in its role as the web's most important gatekeeper, Google remade it as an ad-festooned cesspit of garbage text and cynical shovelware sites. Now Google proposes to wipe out the publishers whose content they stripmined by breaking the web's bargain: that search engines are symbiotic with publishers. Google has turned fully parasitic, sucking the last drops of juice out of the open web before discarding its husk.


Hey look at this (permalink)



A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Appeals court strikes down Microsoft antitrust ruling https://www.nytimes.com/2001/06/28/business/us-appeals-court-overturns-microsoft-antitrust-ruling.html

#25yrsago Ted Chiang's 72 Letters https://web.archive.org/web/20010720192340/http://www.tor.com/72ltrs.html

#25yrsago Concept handheld devices https://web.archive.org/web/20010620115437/https://www.infosync.no/en/news/n/419.asp

#25yrsago Analyzing Microsoft's successful antitrust appeal https://web.archive.org/web/20010703085656/https://www.salon.com/tech/feature/2001/06/28/appeals_reaction/index.html

#20yrsago Bengali science fiction of the 1880s https://www.lehigh.edu/~amsp/2006/05/early-bengali-science-fiction.html

#20yrsago Vernor Vinge on computers, freedom and privacy https://www.theguardian.com/technology/2006/jun/29/guardianweeklytechnologysection5

#20yrsago Scammer convinced to carve replica Commodore 64 https://www.419eater.com/html/john_boko.php

#20yrsago Jim Baen, sf publisher, has passed away https://web.archive.org/web/20060703024337/http://david-drake.com/baen.html

#15yrsago YouTube listens to fraudulent NyanCat takedown notice, drags heels on put-back from creator https://web.archive.org/web/20110628132607/http://www.prguitarman.com/index.php?id=369

#15yrsago Wyoming’s corporation mills manufacture privileged artificial “people” to order https://www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628/

#15yrsago Publishing in the Internet era: connecting audiences and works https://www.theguardian.com/technology/2011/jun/30/publishers-internet-changing-role?utm_source=twitterfeed&amp;utm_medium=twitter

#15yrsago Why writers should have their own domains https://whatever.scalzi.com/2011/06/29/mastering-ones-own-domain-an-no-this-is-not-a-seinfeld-reference/

#15yrsago Copyright troll’s biggest fan commits terminal irony https://www.eff.org/deeplinks/2011/06/righthaven-cheerleader-wanted-irony-police

#10yrsago Mississippi state rep tells distraught mom to buy kid’s lifesaving meds ‘with money she earns’ https://www.sunherald.com/news/local/counties/jackson-county/article86416087.html

#10yrsago Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet https://arstechnica.com/information-technology/2016/06/large-botnet-of-cctv-devices-knock-the-snot-out-of-jewelry-website/

#10yrsago Gun-waving cop who attacked black teenaged girl in her bathing suit faces no charges https://web.archive.org/web/20160624103549/http://dfw.cbslocal.com/2016/06/23/grand-jury-no-bills-former-mckinney-pool-party-cop/

#10yrsago The Olympics are profitable for every host city (that lies about the numbers) https://timharford.com/2016/06/how-do-you-make-the-olympics-pay-fudge-the-figures/

#10yrsago Healthcare workers prioritize helping people over information security (disaster ensues) https://www.cs.dartmouth.edu/~sws/pubs/ksbk15-draft.pdf

#10yrsago Fansmitter: malware that exfiltrates data from airgapped computers by varying the sound of their fans https://www.youtube.com/watch?v=3GCHCVpndaM

#10yrsago Labour’s knives come out for Corbyn, but he’s guaranteed a spot on the ballot https://www.politico.eu/article/inside-account-of-labour-mps-attacks-on-jeremy-corbyn-shadow-cabinet-resignations-brexit/

#10yrsago Hope Larson’s “Compass South”: swashbuckling YA graphic novel https://memex.craphound.com/2016/06/28/hope-larsons-compass-south-swashbuckling-ya-graphic-novel/

#10yrsago How to Break Open the Web: a report on the first Decentralized Web Summit https://www.fastcompany.com/3061357/the-web-decentralized-distributed-open

#10yrsago Californians will get to vote on legal recreational weed https://web.archive.org/web/20160629130245/http://abcnews.go.com/US/wireStory/voters-decide-legalize-recreational-marijuana-40206739

#10yrsago Bernie Sanders on Brexit: urgent lessons for the Democrats https://www.nytimes.com/2016/06/29/opinion/campaign-stops/bernie-sanders-democrats-need-to-wake-up.html

#10yrsago Electoral fraud: Trump sends fundraiser emails to foreign politicians https://www.cnet.com/culture/trump-spams-foreign-politicians-with-fundraising-emails/#ftag=CAD590a51e

#10yrsago The Perdition Score: Sandman Slim vs the One Percent https://memex.craphound.com/2016/06/29/the-perdition-score-sandman-slim-vs-the-one-percent/

#5yrsago Intuit sabotages the Child Tax Credit https://pluralistic.net/2021/06/29/three-times-is-enemy-action/#ctc

#5yrsago SCOTUS to wrongfully accused terrorists: "drop dead" https://pluralistic.net/2021/06/29/three-times-is-enemy-action/#transunion

#5yrsago Lazy Congress only schedules 9 days' work this summer https://pluralistic.net/2021/06/28/dubious-quant-residue/#back-to-work-you

#1yrago Antitrust defies politics' law of gravity https://pluralistic.net/2025/06/28/mamdani/#trustbusting


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027



Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

17:56

What You Bring to AI Determines the Result [Radar]

Harper Carroll came to AI education through a CS background at Stanford, machine learning engineering at Meta, and a brief stint at a small GPU compute startup in late 2023, where she noticed that almost no one understood how to fine-tune open source models. She started writing and teaching to help drive signups for the startup’s platform. Her first guide, posted right after Mistral 7B was released, when she had about 50 followers, got 50,000 views. In March 2024, a video explaining the difference between AI and machine learning got 5 million views, with 1 in 20 viewers following her afterward. She now has more than 500,000 followers across multiple platforms and is a full-time AI educator.

We covered fine-tuning versus prompting, what it actually means to learn to code in 2025, and what the AI field gets wrong when it talks to the public.

Understanding the world with math

We started with Harper’s own AI learning journey, and it contained a wonderful insight. She grew up loving math and came to computer science at Stanford because algorithms seemed like wonderful math puzzles. Eventually she realized that AI is “understand[ing] the world around us with math.” Text-based LLMs are only one branch. The field as a whole is “the math of the world.” That seems like a deep intuition that all of us need to internalize.

AI as a medium

A study that circulated last year found that people who used AI to write essays showed reduced brain activity compared to people who write unaided. The reaction in many quarters was alarm. People said, “We’re outsourcing cognition and our brains will atrophy.” Harper’s smart response was that those users must have given the AI a one-sentence prompt and accepted whatever came back.

As she put it, that’s the equivalent of just telling Alexa to order you the most popular book this week. Of course less brain activity is being measured! Contrast that with the difference between shopping for a book by browsing and searching at Amazon versus driving to a physical bookstore. There’s certainly a difference, but it isn’t outsourcing cognition. It’s saving time, and that time might well be spent on other demanding cognitive tasks.

My framing is that AI is a medium, the way language is a medium, or photography. Anyone can take a photograph or write a book. The words available to every writer are the same; what differs is what they do with them, just as some photographers do something with it that others can’t. The same is true of software. There’s a line in Aaron Sorkin’s movie The Social Network where the Zuckerberg character says about the Winklevosses, “If you guys were the inventors of Facebook, you’d have invented Facebook.” An idea and its execution aren’t the same thing. One person gives AI a prompt and the output is bad. Another builds a process around AI and the output is great. What you bring to the medium is what determines the result. Harper agreed.

Fine-tuning is like psychedelics for AI

I’ve been trying to figure out how we can use AI for writing and editing at O’Reilly. We want skills and workflows that accelerate our productivity but don’t produce copy that reads as whatever the base model sounds like when nobody’s putting in any effort.

Takeaway posts like this one are a great use case for AI-assisted writing. As source material we have a transcript, with the actual conversation between the participants (or in the case of one of our online conferences, their presentations). We want a structured summary that captures the high points and suggests possible clips for social media. I (or whomever is using this AI-assisted workflow) can then rewrite, rearrange, elaborate, or delete from that first draft. It might not be as good as a draft written from scratch, but quite frankly, it’s far better than the alternative, which is no summary at all. I just don’t have time to write them all unaided.

When I’m writing an article, I generate a similar “transcript” by recording myself talking about the ideas I’m wrestling with and trying to put into the world. Then I ask Claude to put it together into something a bit more structured.

I’ve been improving Claude’s ability to produce prose that we can use by rewriting its output, showing it the differences, and then asking it to construct a skill that captures what it’s learned. Over time, it’s gotten closer and closer to something that I’m comfortable with, and I’m now generalizing that into a system that learns any author’s voice, respects the various conventions of the target content type (which can be very different across books, articles and blog posts, social media, and marketing materials like back cover copy and course descriptions), and applies editing suggestions from my favorite books on good writing, including Strunk and White and On Writing Well by William Zinsser.

Harper attacked the same problem from a different angle. She built a dataset of roughly 1,000 of her Instagram captions, video transcripts, and X posts, then fed them to Claude as context and asked it to write in her style. Unfortunately, the output tested 100% AI by a detection tool, even with 1,000 examples of her real voice in the prompt. She then fine-tuned an open source Llama model on the same data. The fine-tuned output tested 100% human. She gave a compelling demo at South by Southwest showing how easy this is to do. It took her about 20 minutes.

After Harper said that prompting doesn’t shift the output distribution the way fine-tuning does, I told her the story about the French writer Marcel Proust that I first used in my conversation with Steve Wilson, which I picked up from Alain de Botton’s How Proust Can Change Your Life. A friend comes to visit the bedridden Proust, and making polite conversation begins to tell him about the train trip to Paris. “More slowly,” Proust replies. This cycle repeats several times until the friend is telling him small details like the old man feeding pigeons on the steps of the station.

Harper got it, and broke it down more slowly in her inimitable way. Here’s why in-context prompting fails where fine-tuning succeeds:

Basically AI models are these massive mathematical equations, and the parameters are variables when you’re training, and then they become constants in those equations when you’re running inference . . .So what you’re doing when you’re training the model is you’re learning how to map, by adjusting those constants when they’re variables during training,. . .input to desired output.

Once the model is deployed, the probability distribution over output tokens is fixed. You can put 1,000 examples in a prompt and ask the model to pattern-match, but you’re asking it to do that with frozen weights. The surface behavior bends a little, but the underlying distribution doesn’t shift. Fine-tuning lets you actually modify the weights and how the model wants to write.

Her suggested approach for building the training dataset is to take your own writing, have AI rewrite it with its characteristic tics, then train with the AI version as input and your original as the target output. You’re teaching the model to undo the tells.

Should people still learn to code?

We also spent time on the inevitable question of whether people should still learn to code. We both agree they should, but not necessarily like they used to, by learning the detailed syntax of a programming language, then by trial and error as they painfully learn how hard it is to get the desired behavior.

Harper’s take (which I also agree with) is that vibe coding has lowered the floor. People who could never afford to hire someone to build a product can now do so themselves. But it has also raised the ceiling, because people who actually understand systems can build vastly more sophisticated things with the same tools, which takes us back to the case for AI as a medium.

Perhaps more importantly to the question of how much coding you should learn, experienced developers will also see failure modes that pure vibe coders miss. Harper gave an example that came from watching a friend using an agent tool that had, at some point, started storing its data in a Word document and using it as a makeshift database, probably because the session started with a Word doc. It was extremely slow and extremely inefficient. An engineer sees the problem immediately. A vibe coder might run that system for months before noticing something is wrong.

So yes, you should learn enough about coding to understand what’s happening. The art of teaching programming to the next generation will be developing useful projects that also highlight underlying concepts of software architecture and engineering.

Intuition as differentiator

Silicon Valley runs heavily on logic and on the idea that good decisions come from better data, more rigorous analysis, and sharper models. In this environment, intuition can get dismissed as something “soft and fuzzy,” Harper noted. And that’s the wrong mindset for AI.

AI is getting better and better at exactly the things the logical axis does well, but intuition remains a challenge because it often contradicts what the data says. Good intuition “goes against the input,” to use Harper’s phrase. A model that’s been trained to recognize patterns in data will, almost by definition, struggle with making decisions that run counter to those patterns. Just as skills-informed judgment supercharges AI-assisted engineers, intuition could be a uniquely human skill for a long time. Elevating it as a concern might bring the industry more of an attitude of humility towards ourselves and our place in the world.

What the field gets wrong

I closed by asking Harper what the AI field most consistently gets wrong in how it talks to the public. She said that too much of the public-facing discourse leads with fear, of job displacement, of rapidly approaching AGI, and of a rocky transition that requires a universal basic income to cushion the blow. She’s not calling those impossible futures, but she thinks they’re the wrong introduction to the technology.

A lot of companies are using AI to ask how to do the same things at lower cost. The better question is how to raise ambitions. AI doesn’t just scale individual capabilities. It scales what organizations can attempt. But for it to work out that way, everybody has to actually learn AI. We can’t have AI haves and have-nots. That means lower-cost models, serious open source investment, and companies that don’t just become serfs to the major platforms.

Harper has been making this point for a while, to audiences ranging from engineers to people who’ve never written a line of code. “There is not really much to fear right now,” she says. “AI is this incredible productivity tool.” The people who will struggle, in her view, are the ones who refuse to engage with it at all.

At O’Reilly, we’ve been working on a version of the same narrative at an organizational level. The fear-first narrative produces avoidance, and avoidance is the one thing that will actually leave someone behind. So we’re building a corporate AI transformation practice that starts with people’s existing jobs, and figures out how to “mix in” AI to make them more impactful. We’re learning how to teach both the humans and the agents at the same time to make them more productive together.

On July 9, I’ll be speaking with Trail of Bits cofounder and CEO Dan Guido about the playbook his company used to go AI native, which he first outlined at this year’s [un]prompted. He’ll give a version of the same talk, then take about 40 minutes of audience questions on what worked, what didn’t, and what is still unsolved. I hope you join us to find out what’s changed since [un]prompted and where the playbook is heading next. Register here; it’s free and open to all.

17:35

[$] The rest of the 7.2 merge window [LWN.net]

Linus Torvalds released 7.2-rc1 and closed the 7.2 merge window on June 28; by that time, 13,412 non-merge commits had found their way into the mainline. That makes this the busiest merge window since the 6.7 development cycle in 2024 (15,418 commits, including 2,800 for the entire bcachefs development history). Just under half of those commits arrived after LWN's summary of the first half of the merge window was written. As usual, the commits in the latter part of the merge window were more heavily focused on fixes, but there were still a lot of new features and significant changes merged as well.

17:28

Factoring RSA Keys with Many Zeros [Schneier on Security]

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild.

The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans, PGP keys, and many others. By searching this dataset for unexpectedly sparse RSA moduli, we uncovered a large number of keys in the wild with the patterns in Figure 1.

Both patterns include several regularly spaced blocks of all zeros interleaved with seemingly random data. Pattern 1 appears in CT logs for certificates issued to several large organizations, including Yahoo and Verizon, and on some devices running NetApp software. Fortunately, these certificates have already expired, but we still shared our findings with these companies. We wanted to learn more about which product could be responsible for generating these keys, but we did not hear back. Pattern 2 appears on SSH hosts running the CompleteFTP software from EnterpriseDT. The underlying vulnerability affects RSA keys generated using versions 10.0.0­12.0.0 (Dec 2016­Mar 2019) and DSA keys generated with v10.0.0­23.0.4 (Dec 2016­Dec 2023).

These vulnerabilities affect a small minority of hosts on the internet, but the more interesting takeaway is that independent cryptographic implementations failed in similar ways. More implementations may include the same bugs, and so it’s worth tailoring cryptanalytic algorithms for this particular type of failure.

The article doesn’t speculate, but I will. This could be a deliberately designed backdoor, of the sort I wrote about back in 2013. I could imagine some government agency figuring out how to break this class of RSA keys, and then convincing different providers to hand them out to users.

17:14

Link [Scripting News]

BTW, I was just contacted by a developer who's implementing all the protocols I mentioned yesterday. And I should mention that Manton Reece, developer of micro.blog and a longtime friend, going back to the Frontier days on the Mac, has inbound and outbound RSS and he covers every freaking API out there, he's a monster. And I said yesterday he doesn't get enough credit for what he's contributed. We're aiming for interop instead of chasing the silos. And it's fine to chase silos if you're into it, I was done with that in 2017. We're going to make it work the way it would work if we weren't trying to lock anyone in, quite the opposite, I want people to use Manton's product. I'm not being commercial here. I'm trying to get the web back on the path it should have been on all along. If I make some money that's cool, if not that's okay too. BTW, this all-together will be the Two-Way Web, specifically Two-Way RSS. And of course textcasting. Don't forget that. It's a rule, textcasting everywhere conceivable.

Link [Scripting News]

I've never given a commencement speech, but if I did, I'd run through my mottos and explain what they mean and who I stole them from, and how they are a distillation of what I've learned in life. The one I'd mention first, which isn't even on the freaking list, is this one -- "People don't listen to friends, they listen to competitors." What that means is if you want someone to add a feature, you have to do two things. Implement their whole product. Add the things you want them to add. And win. If you don't win it doesn't matter how good your idea is. This is the hoop you have to jump through to get them to listen to your idea. Knowing this, I have tried to listen even when I don't feel like a friend is competing. Ideas from people who know your product, no matter how they got it, are people who can help. This was one of the values of a core part of Apple in the early-mid 80s, and I owe my success in tech to them, because the ideas they gave me put us over the top. Jean-Louis Gassée and Guy Kawasaki. I don't think they ever competed with me. Another thing I like about them. ;-)

Link [Scripting News]

It's remarkable that some people fondly miss Googles RSS reader app, already gone for over a decade. Remarkable because they captured the market, wiped out all competition (they deserved it, the products were awful) and then shut their own product down, leaving a toxic karmic bomb crater in its place.

Only steal from the best [Scripting News]

As a writer I've stolen lots of ideas. All writers do it. How do you think we get our ideas.

Which is why it's so weird that they object to having their ideas stolen en masse.

We go through this regularly, basically you make a living doing something, and you aren't paid enough.

So every subject in every context arrives at the same place. Why aren't they paying me. I must be paid.

It is a permanent obsession with writers.

I try to be honest and admit that I steal from other writers, but I only steal from the best! :-)

16:49

[$] Xsnow "protestware" in Debian [LWN.net]

The xsnow application, which generates an animated snowfall effect (and other pleasant diversions) for X11 desktops, does not seem like an obvious channel for political statements. Nevertheless, xsnow's maintainer seems to have included a political protest in the program: an Easter egg that is triggered when the program's language is set to Russia ("ru"). One user has complained that this functionality should be removed from the Debian xsnow package, but Debian does not seem to have any rules that forbid such a feature outright.

16:07

Open source maintainership in the age of AI (Kubernetes blog) [LWN.net]

The Kubernetes project has published a blog post explaining its AI policy:

The main problem is that AI has made generating code fast but there has been very little improvement in maintaining code bases. In this post, we will highlight the ways the Kubernetes community is adapting to the world of AI assisted coding.

The first step of this journey was to develop an AI policy. This seems mundane and bureaucratic but there were many PRs that derailed into discussions around AI usage. The AI policy helps steer the conversation around the project's stance on AI and provides a clear signal to contributors on how to use these tools responsibly.

Of note, the project requires disclosure when AI tools have been used to assist in the creation of a contribution but forbids the use of listing AI as a co-author or including "assisted-by" or "co-developed" trailers to attribute work to an LLM tool.

Mageia 10 released [LWN.net]

Mageia 10 has been released with the 6.18 Linux kernel, DNF 5.4.0, RPM 4.20.1, and an increase in hardware requirements for x86 32-bit systems; users now need a CPU with SSE2 features. See the release notes for a full list of updates, and the errata page for known problems.

14:35

Security updates for Monday [LWN.net]

Security updates have been issued by AlmaLinux (containernetworking-plugins, golang, kernel, libpng, libpng15, nginx, opencryptoki, perl-IO-Compress, thunderbird, and tigervnc), Debian (chromium, gdcm, incus, libhtml-parser-perl, lxd, openvpn, tor, and xorg-server), Fedora (chromium, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dotnet9.0, krita, ldns, libssh2, liferea, lighttpd, mariadb10.11, mariadb11.8, moby-engine, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, openbao, pacemaker, pgadmin4, podman-tui, prometheus-podman-exporter, python-jupyter-server, python-mistune, python-postorius, python-pydantic-settings, python3-docs, python3.14, thunderbird, tigervnc, tinyproxy, and util-linux), Mageia (krb5), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, bind, dracut, fence-agents, firefox, frr, frr10, glib2, glibc, gnutls, golang, kernel, libpng, libpng15, libreoffice, libxml2, libxslt, mod_http2, mysql:8.4, nginx:1.26, openssl, php:8.3, podman, postgresql-jdbc, python3.14, redis, rsync, thunderbird, tomcat, valkey, and vim), Red Hat (osbuild-composer), and SUSE (agama-web-ui, asn1c, assimp, assimp-devel, aws-iam-authenticator, calibre, clamav, corepack24, dovecot22, exiv2, frr, giflib, glances-common, google-osconfig-agent, GraphicsMagick, gvim, haproxy, hydra, ImageMagick, jupyter-nbclassic, kernel, libsoup, libsoup2, libssh2-1, nano, NetworkManager-applet-openvpn, nodejs22, openbabel, opensc, openssl-3, pacemaker, python, python-base, python-doc, python311-pdm, python311-py7zr, python311-pypdf, python36, tar, trivy, util-linux, xen, and xtrabackup).

14:07

Link [Scripting News]

Claude Code is a Dave-amplifier.

Link [Scripting News]

Just had a great idea for the Democratic Party. It's time to review past governing decisions made by Democrats that resulted in the collapse of democracy in the US in 2025-26. Can't do anything about the Repubs, but we sure as hell can whip the Dems into shape. My first contribution, Obama should have installed his Supreme Court choice after waiting three months for the Senate to advise and consent. If the Repubs can invent a new practice so can the Dems. That would make the Supreme Court a lot more funcitonal now, just that one thing. Democrats must not be so freaking afraid of stirring things up. We would have all respected that, esp the Repubs. This would be an incredible campaign process, would allow us to say that this is what the Democrats, going forward, will always/never do.

Link [Scripting News]

Of course I read Josh Marshall's piece about the end of the open net. Now let's go back to when it started and do it again, using everything we learned, try not to make the same mistakes. Josh was there, pretty sure he was at the first BloggerCon.

Link [Scripting News]

I noted a few weeks ago that Markdown has a format for outlines.

Agent Memory [Radar]

The following article originally appeared on Angie Jones’s LinkedIn page and is being republished here with the author’s permission.

I’m fascinated by the concept of agent memory. LLMs are stateless by design, meaning they have no memory or awareness of past interactions. Each prompt you send to an LLM is treated as a completely isolated event.

When you have a continuous chat with an AI agent, it feels like the AI remembers previous messages. However, the interface itself is faking it. Behind the scenes, your agent takes the entire conversation history and resends all of it to the LLM as one giant, combined prompt.

Companies, researchers, and even indie devs are all trying to crack agent memory. Because once an agent can remember, the entire interaction changes. It can build on what it learned, adapt to the user, resume work after a restart, and develop a sense of continuity.

Recently, I spent time with Richmond Alake, who has been in the trenches working on agent memory at Oracle.

Richmond Alake, the agent memory guruRichmond Alake, the agent memory guru

We talked about the different kinds of memory, why memory is harder than it sounds, and what it takes to build a memory system that is actually useful in production.

That conversation made something very clear to me. When people say, “agent memory,” they often mean very different things.

So let’s unpack the various types of memory.

Conversational memory

Conversational memory is the one most people think of first. It stores the messages exchanged between the user and the assistant.

This makes sense. If I ask, “What did I say was the ultimate goal of this task?” the agent needs access to the conversation in order to answer. Without that history, every turn starts from zero.

But this is also where many memory systems go wrong.

The most common first attempt is to keep appending prior messages to the prompt. For example:

User: I’m building a customer support agent.

Assistant: Great, what should it do?

User: It should look up past tickets and draft replies.

Assistant: Got it.

User: Also, I prefer Python and FastAPI.

Then on the next call, we send all of that back to the model along with the new question.

This works for a short conversation, but the agent only “remembers” because we keep reminding it. This is not really memory engineering.

Eventually, the conversation gets too long and the model receives a giant blob of context where some details are important, some are stale, and some are completely irrelevant. The agent may technically have the information, but that doesn’t mean it can use it well.

So yes, conversation history is a valid and important type of memory. But it shouldn’t be the whole memory strategy. Real agent memory requires deciding what should be stored, where it should be stored, how it should be retrieved, and when it should be summarized, forgotten, or compressed.

Semantic memory

Semantic memory stores durable facts.

These are things that should outlive the exact conversation where they were learned:

  • The user prefers Python over TypeScript for backend work.
  • The customer support agent needs access to past tickets.
  • The production system handles 50,000 queries per day.

This is different from conversational memory because the exact wording and sequence are less important. What matters is the meaning.

If the agent needs to recall what stack the user is using, it should retrieve the memory even if the user never says those exact words again.

Vector search is useful for this. The memory can be embedded and retrieved by semantic similarity.

The benefit is that the agent doesn’t need to replay the full conversation. It can retrieve the few durable facts that are relevant to the current request.

Episodic memory

Episodic memory stores events.

This is the “what happened” layer of memory:

  • The agent searched the web for recent API gateway patterns.
  • The agent generated a draft response for ticket #4821.
  • The workflow failed at the compliance review step.

Episodic memory is especially useful for debugging, auditing, and long-running workflows.

For example, if an agent makes a decision, I may want to know what happened right before that decision (e.g., What tools did it call? What data did it retrieve?).

This type of memory often benefits from structured storage.

For example:

Find all failed tool calls from the mortgage approval workflow in the last 24 hours.

That is a database query problem, not just a vector search problem.

Procedural memory

Procedural memory is about how to do things.

For example:

  • When investigating a failed deployment, check logs first, then recent config changes, then dependency updates.
  • When drafting a customer support reply, include the ticket summary, likely cause, recommended fix, and next step.
  • When creating a database-aware agent, scan table comments, column comments, constraints, and recent workload patterns.

This is the kind of memory that helps an agent improve its process. That’s powerful because agents are often asked to operate in messy real-world environments. With procedural memory, it can reuse proven approaches.

The value extends beyond just knowing things to actually knowing how to proceed.

Entity memory

Entity memory stores facts about specific people, accounts, projects, systems, tickets, or objects.

For example:

  • Angie prefers practical examples over abstract explanations.
  • Customer Acme Corp has strict data residency requirements.
  • Ticket #4821 is related to a billing reconciliation issue.

Entity memory matters because many agent tasks are scoped around a particular thing.

If I ask, “What do we know about Acme Corp?” I don’t want every memory in the system. I want memories attached to that customer.

This is also where memory safety becomes important.

Agents should not accidentally mix memories between users, customers, or projects. A memory system needs strong scoping so one user’s context does not leak into another user’s response.

Working memory

Working memory is the short-term scratchpad for the current task.

This is where the agent keeps temporary information while reasoning through a problem.

Working memory is usually not meant to last forever. It’s useful during the task, but it may not deserve to become durable memory.

If an agent stores every temporary thought as long-term memory, the memory store gets noisy very quickly. The agent may later retrieve half-baked assumptions as if they were facts, which is dangerous.

Not everything the agent observes or thinks should be remembered permanently.

Summary memory

Summary memory is one many agent users are familiar with. It deals with the problem of context windows being limited.

Even with large context models, you can’t keep appending forever. At some point, you need to compress.

Summary memory stores a compact version of a longer thread or context window. The original details can still live in the thread, but the prompt gets a smaller representation.

For example, instead of sending 80 turns of conversation, the agent might send:

The user is building a SaaS customer support agent. They prefer Python and FastAPI, deploy on OCI, and want the agent to retrieve past tickets before drafting replies. They are currently evaluating memory strategies for production usage.

Why memory is hard for agents

At first, memory sounds straightforward: store things, retrieve them later.

But the hard part is judgment, not storage.

What should be remembered? If the user says, “I usually prefer Python,” that’s probably worth remembering. If they say, “Let’s try Python for this one experiment,” maybe not. The agent needs to distinguish durable details from temporary context.

When should memory be updated? People change their minds, and systems and requirements change. If a user used to prefer FastAPI but now works mostly in Java, should the old memory be deleted, overwritten, or kept with a timestamp? A memory system needs a correction strategy.

How much memory should be retrieved? Retrieving too little means the agent misses important context. Retrieving too much means the prompt becomes noisy. This balance matters as more context isn’t always better.

How do we prevent memory leaks? If memories are shared across users, agents, or tenants, scoping is critical. The agent should only retrieve memories it’s allowed to use. This is especially important in enterprise systems where agents may operate across many customers, teams, or workflows.

How do we know whether memory helped? Memory should improve the agent’s behavior. It should reduce repeated questions, improve continuity, lower token usage, and help the agent produce more relevant responses. If memory just adds complexity without improving outcomes, it isn’t doing its job.

How Oracle is approaching agent memory

Richmond was gracious enough to share how Oracle is tackling this with the Oracle AI Agent Memory Package (OAMP), built on top of Oracle AI Database 26ai.

Yes, an AI database! Think of it as a database that can store and query the kinds of data AI applications need, not just rows and columns. That includes embeddings and JSON documents along with text search and regular SQL. These live together in the database, so an agent does not have to bounce between separate systems just to gather context.

The idea is to make Oracle AI Database the memory core for agents. Instead of stitching together a vector database, a relational database, a document store, and custom thread management, OAMP provides agent-friendly memory primitives on top of a database that already supports multiple data access patterns.

At a high level, OAMP gives you:

  • Users and agents to scope memory ownership
  • Memories for durable facts and extracted knowledge
  • Threads for conversation history and continuity
  • Context cards for compact, prompt-ready memory retrieval
  • Summaries for long-running conversations
  • Vector search for semantic recall
  • Database-backed persistence so memory survives restarts

This matters because, again, agent memory is not only a vector search problem. Some memory needs semantic retrieval. Some need ordered reads or exact SQL filtering. A database-backed memory system gives you room to support all of those patterns.

Here’s a small example of what that looks like in code:

from oracleagentmemory.core import OracleAgentMemory

from oracleagentmemory.core.llms import Llm

client = OracleAgentMemory(

    connection=connection,

    embedder="text-embedding-3-small",

    llm=Llm("gpt-5.5"),

    extract_memories=True,

    schema_policy="create_if_necessary",

)

client.add_user(

    "angie",

    "Developer exploring agent memory patterns."

)

client.add_agent(

    "memory-demo-agent",

    "Assistant that demonstrates Oracle AI Agent Memory."

)

client.add_memory(

    "Angie is fascinated by agent memory and prefers practical examples over abstract explanations.",

    user_id="angie",

    agent_id="memory-demo-agent",

)


There are a few important ideas packed into this snippet.

The OracleAgentMemory client is the bridge between the agent application and Oracle AI Database. The database connection tells OAMP where memory lives. The embedder tells it how to turn memory text into vectors for semantic retrieval. The LLM enables automatic memory extraction and summary generation. And schema_policy="create_if_necessary" lets OAMP manage the underlying memory schema instead of making every application reinvent it.

The user and agent registration may look like simple setup code, but it’s actually part of the memory model. Memories need ownership. In a real system, you don’t want one user’s preferences showing up in another user’s session, and you don’t want memories written by one agent casually mixed with another agent’s context. The user ID and agent ID give the memory layer a way to scope what gets stored and retrieved.

The add_memory() call stores a durable fact. This is a piece of information the agent may need later, even if the exact conversation has moved on.

Given this, we can now recall memories.

results = client.search(

    "how should I explain this topic to Angie?",

    user_id="angie",

    max_results=3,

)

This search() call shows the part that makes semantic memory useful. The query doesn’t have to match the stored sentence exactly. We stored that I prefer practical examples, but we searched for how to explain something to me. Those are different words but related in meaning. That’s the point.

Threads and context cards

Durable memories are only part of the picture. Agents also need conversation continuity.

With OAMP, a thread can represent a real work session, such as an agent helping investigate a production issue:

from oracleagentmemory.apis.thread import Message

thread = client.create_thread(

    user_id="angie",

    agent_id="support-triage-agent",

)

thread.add_messages([

    Message(

        role="user",

        content="Customer Acme Corp is seeing intermittent checkout failures after the latest deployment.",

    ),

    Message(

        role="assistant",

        content="I'll check recent deployment notes, related incidents, and payment service logs.",

    ),

    Message(

        role="user",

        content="Focus on the payment gateway first. We saw similar timeout errors last quarter.",

    ),

])

This is much closer to how memory shows up in real agent applications. The useful context is not just that messages were exchanged. It’s that this thread is about Acme Corp, checkout failures, a recent deployment, the payment gateway, and a related incident from last quarter.

When it’s time to call the model, instead of passing the entire raw thread, you can ask for a context card:

card = thread.get_context_card()

The context card gives the agent a compact block of relevant memory to use in the next prompt.

Conceptually, the prompt becomes:

System: You are a helpful assistant. Use the provided memory context.

Memory context: [context card]

User: What did we decide earlier?

This is a much cleaner pattern than appending every message forever.

Automatic memory extraction

OAMP can also extract memories from conversation.

For example, if the user says:

I prefer Python over TypeScript for backend work. I usually deploy FastAPI apps on OCI behind an API gateway.

The memory system can extract durable facts such as:

The user prefers Python over TypeScript for backend work.

The user deploys FastAPI applications on Oracle Cloud Infrastructure behind an API gateway.

That means the application does not have to manually call add_memory() for every useful fact.

A smart thread can be configured like this:

thread = client.create_thread(

    user_id="angie",

    agent_id="memory-demo-agent",

    memory_extraction_frequency=2,

    memory_extraction_window=4,

    enable_context_summary=True,

    context_summary_update_frequency=2,

)

This tells the system to periodically inspect recent messages, extract durable memories, and maintain a running summary.

Here is where agent memory starts to feel more like a living part of the agent architecture vs just a data structure.

Teaching an agent about a database

One of the most interesting examples Richmond and I discussed was using memory to teach an agent about a database.

Imagine an enterprise data agent that needs to answer questions about a schema it has never seen before. Instead of fine-tuning a model, the agent can scan the database catalog and store what it learns as memory.

It might inspect:

  • ALL_TABLES for table names and row counts
  • ALL_TAB_COLUMNS for column names and types
  • ALL_TAB_COMMENTS for human-written table descriptions
  • ALL_COL_COMMENTS for column descriptions
  • ALL_CONSTRAINTS for primary keys and foreign keys
  • V$SQL for recent workload patterns

Then it can convert those technical details into natural-language memories.

For example:

Table SUPPLYCHAIN.VESSELS stores individual ships owned or operated by carriers. It includes vessel identifiers, carrier relationships, and operational metadata.

Now when a user asks:

Where would I find information about ships and carriers?

The agent can retrieve the relevant schema memory by meaning.

This is a beautiful pattern because it avoids one of the common traps with agents expecting the model to already know your private system.

It doesn’t. And that’s okay.

You can teach it by turning your system’s metadata into memory.

The more I learn about agent memory, the more I believe this will be one of the defining pieces of agent architecture.

Tool calling lets agents act. Planning lets agents decide what to do. Memory lets agents build continuity.

With memory, we can start designing agents that feel less like one-off prompt responders and more like persistent collaborators.

Of course, this also raises the bar. Memory has to be scoped, auditable, correctable, and intentionally retrieved. Bad memory is worse than no memory. So the challenge is not simply giving agents memory but giving them the right memory architecture.

Oracle’s OAMP approach is one way to make that system concrete: users, agents, memories, threads, context cards, summaries, and database-backed retrieval.

And while the implementation details matter, the bigger idea is that if we want agents to be useful beyond a single prompt, they need a way to remember.

Not everything. But enough to carry context forward.

CodeSOD: Off the Path [The Daily WTF]

File path separators are a common pain point when writing cross platform software. Of course, not every programming language has a graceful API for handling that. For example, prior to C++ 17, you had to do some #ifdef preprocessor magic to handle that. Which people usually did (or they'd use the Boost suite of libraries).

Code like this wouldn't be out of place or incorrect:

#if defined(WIN32) || defined(_WIN32) 
#define PATH_SEPARATOR "\\" 
#else 
#define PATH_SEPARATOR "/" 
#endif 

Do I like it? No. But now I've got a pre-processor constant that I can use to assemble my paths in a way that will work across different file path conventions.

Of course, that's the "normal" solution. You could, if you wanted, to it completely wrong. That's what Xian's predecessor did.

#ifdef UNIX
           filename += "/";
#else
           filename += "\\";
#endif
           filename += (*exSeq)[i].path;
#ifdef WIN32
           ReplaceAll(filename, "/", "\\");
#else
           ReplaceAll(filename, "\\", "/");
#endif

If we're compiling for unix, append a "/" to the filename. Otherwise, append a "\". Then we append a path out of an array. Then, if we're on Windows, find all the "/" in our filename and replace them with "\". Otherwise, find all the "\" in our filename and replace them with "/".

Instead of defining a constant and using it everywhere you need to construct paths, this code was copy/pasted everywhere you needed to append a path separator onto your string. Well, almost everywhere. Clearly, we don't know that the contents of (*exSeq)[i].path are correct for our target operating system, hence we have to do the ReplaceAll call to sanitize it. Why didn't we sanitize the portion we're appending instead of the whole filename (which presumably is already sanitized?)? A better question: is this running inside of a loop? It looks like it is, based on the [i] array access there.

Multiple developers have copy/pasted this code into multiple places. Not one of them gave a shot at refactoring it. And somehow, there are still code paths that output the wrong path separator sometimes, though at least modern Windows is forgiving about that.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

13:35

Daniel Baumann: Debian: Linux Vulnerability Mitigation (PACKET_EDIT_MEME.c) [Planet Debian]

The Linux local root exploit of today’s news is PACKET_EDIT_MEME.c [CVE-2026-46331] which is also known as pedit COW.

This vulnerability has been fixed as of linux 7.1~rc7, but also fixed in trixies 6.12.94-1 as well as testing/unstable 7.0.13-1. If you run an older or different kernel you might want to mitigate the vulnerability until you can update and reboot affected systems.

The vulnerability can be mitigated by unloading and blocking the act_pedit module, linux-vulnerability-mitigation as of 20260629-1 (uploaded to sid, trixie-fastforward-backports and people.debian.org/~daniel) does that automatically for you.

12:14

Robot Police Officers [Schneier on Security]

We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect:

In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. “After not responding to negotiators, a drone was deployed inside the residence,” the post says. “Drone pilots located the suspect hiding in a corner of a garage” and then used a high-powered magnet attached to the drone to grab the knife out of the suspect’s hand. In the video ­ which is soundtracked by the “Mission: Impossible” theme song—the intercepted knife can be seen spinning around in the air as the drone carries it back to the deputies.

Slashdot thread.

11:07

Grrl Power #1473 – Feed the meter [Grrl Power]

In a comic book, this is one of those pages you register, but basically flip right past. It’s transition, but I didn’t have time to make the previous page and this one a double, so here we are.

You know, Maxima could claim that she can fly at 1,250 light years a second. (I think I said the UCBA was around 5,000 light years from Earth, but I can’t find the comic where I put a number to it.) It wouldn’t be… wrong. Depending on how you actually measure her path. From point A to point B is indeed 5,000 light years and she traveled that distance in 4 seconds. But she didn’t, because the Aetherium Causeway does bridge 4,999.9999999999999999999999999999 of those light years. It’s one of those fun statistics lies. You know, a pregnant woman has a 50% chance of having a boy. She gets pregnant again and has a 50% chance of having a boy, but also a 25% chance of having a second boy. It’s all in the wording. Max wouldn’t be lying if she said she flew 5,000 light years in 4 seconds. If someone wants to use that information to extrapolate her top speed, that’s on them.

Now, the fact that Maxima is wearing a hologram of herself over her bespoke space-latex holo-emitter-embedded catsuit does mean that Cora and crew have a very detailed scan of Maxima in order to project the Max-o-gram. During this scan, Max insisted the holo.hpg image be destroyed after the tournament, not wanting to tempt Cora to disguise herself as Max and, you know, rob a bank or intimidate a corrupt politician or anything of the sort. Of course Cora laughed it off, saying she’d never even consider such a thing. Then Max said, “And naturally you wouldn’t be tempted to cosplay as me during a MMFMM fivesome.”

And there was the tiniest delay before Cora waved her hand and said, “That… of course… never even crossed my mind.”

I’m not sure if Max can narrow her eyes and raise one eyebrow at the same time, that seems like the sort of thing you have to practice a bit so you don’t look like you’re at the start of some kind of weird facial tic, so instead Max just stared until Cora’s hard light elbows started sweating.

Granted, it wasn’t a nude scan, since there’s no chance Max would need a hologram of that. But it’s not like no one has ever holoshopped an .hpg file.

Now assuming access to holodecks is as common as smartphones and also aren’t regulated by a buttoned-up Starfleet, let’s discuss the ethics of holo-disguising yourself as your friends and acquaintances and then having sex with other friends and acquaintances. Obviously if the other party doesn’t know you’re disguised, that’s bad. If the person you’re disguising yourself as doesn’t know and hasn’t given consent, that’s also bad. Maybe a little less bad than the first example, but it’s sort of a lateral difference. But if you’re at an orgy and the holodeck changes everyone’s appearance at random and everyone knows what’s up and consent is in abundance, then… well, congratulations, you probably have a bunch of fairly attractive friends. Huh. I guess that was a pretty straightforward ethics discussion. But then, and ethics conundrum that starts with “everyone is on-board and is okay with it” isn’t the sort of hypothetical that keeps philosophers arguing into the wee hours at their salons.

But that does lead me to the most unrealistic episode across all of Star Trek. The TNG episode where Westley finds out the girl he’s dating is a shapeshifter, and he’s all “Ew, no.” Now, Star Trek isn’t hard Sci-Fi. It’s kind of a medium-soft sci-fi, and in its defense, anything set more than a few hundred years in the future kind of can’t be super hard sci-fi, because we just don’t know where the possibilities of science and technology can really take us. If anything, something set 1,000 years in the future with technology that more or less resembles what we have today is probably less realistic.

But a teenage boy finding out that his girlfriend is a shapeshifter and getting squicked out by it is FUCKING FANTASY. It’d be more like, “Can you turn into Starfire from Teen Titans? Can you turn into Ariel in both her mermaid and landmaid forms? Can you turn into Counselor Troi? Can you turn into…” etc.

Of course, those floodgates probably only opens up after the shapeshifter gets past the conversation that goes, “I appreciate the “you’re all I want,” sentiment, but honestly, it’s okay to ask me to turn into other girls from our class. Or the volleyball coach. Or that one singer we both like.”
“Really?”
“Sure. In fact, as a shapeshifter, it would actually be racist of you to not ask me to turn into other girls while we make out.”


Final version is up, both at TWC and Patreon.

Sexy bodymod news lady Gail has a special one-on-one interview with Tournament Quarter finalist Saraviah Nightwing! And if you subscribe to Gail’s Space Patreon, (which, due to the vagaries of Earth and Gal-Net’s DNS servers, happens to be the same as the Grrl Power Patreon, go figure) you can see that same interview in the nude!

 


Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:56

Backlist confusion [Seth's Blog]

The backlist are the products already in the marketplace. Built earlier, still sold. The frontlist is the new.

Restaurants have regulars (backlist) and new patrons. Broadway shows are attended by people who see three to ten shows a year, as well as folks going to their very first production. Supermarkets sell staples (like milk and bananas) as well as new products. Software companies, farmers, even rock stars have backlist items.

Today’s post is the frontlist of the blog, the other 10,000 posts are the backlist.

Two things are true, in a surprising juxtaposition:

  1. Publishers spend almost all their time on the new books. The frontlist gets attention from editors, marketers, salespeople, publicists, and the rest of the team.
  2. More than 100% of their profit comes from the backlist.

That’s not a typo. Every viable publishing house loses money on the frontlist. They do it to build a backlist. to create a catalog that pays the bills over time.

The confusion starts with the name.

Let’s call it what it is. The foundation list is the backbone of the organization and the engine for sustainability and profits.

And the experimental list is just that. A chance to invest in things that aren’t sure to work (because no one knows anything for sure about the future), with a focus on adding to the foundation list.

Now that the confusion is cleared up, we can make smarter decisions about how to spend our time and invest our resources.

Make your experiments actual experiments.

Devote time and money and focus to your foundation.

Improving your foundation always pays off. And being bold with your experimental list is easier once you call it an experiment.

08:49

Non-Fungible Tims [Penny Arcade]

New Comic: Non-Fungible Tims

06:07

Girl Genius for Monday, June 29, 2026 [Girl Genius]

The Girl Genius comic for Monday, June 29, 2026 has been posted.

05:35

And Nothing Was Lost [Ctrl+Alt+Del Comic]

Given that we experience almost yearly price hikes for subscription services like Netflix, because they’re beholden to shareholders and “numbers must always go up,” I was quite surprised today to learn that Microsoft was reducing the price of Xbox Gamepass. And not a single sacrifice had to be made. Gamepass had definitely been pushing past […]

The post And Nothing Was Lost appeared first on Ctrl+Alt+Del Comic.

03:42

01:07

Unifont 17.0.05 Released [Planet GNU]

28 June 2026 Unifont 17.0.05 is now available.  This is a minor release aligned with Unicode 17.0.0.

This release notably includes separate BDF, PCF, and OpenType font files with Unicode T-source Chinese glyphs created by Kusanagi_Sans and Kao Chen-tung (高振東) in font files beginning with "unifont_t".  Many other Chinese glyphs have been added.  See the ChangeLog file for details.

Download this release from GNU server mirrors at:

     https://ftpmirror ... /unifont-17.0.05/

or if that fails,

     https://ftp.gnu.o ... /unifont-17.0.05/

or, as a last resort,

     ftp://ftp.gnu.org ... /unifont-17.0.05/

These files are also available on the unifoundry.com website:

     https://unifoundr ... /unifont-17.0.05/

Font files are in the subdirectory

     https://unifoundr ... 0.05/font-builds/

A more detailed description of font changes is available at

      https://unifoundr ... nifont/index.html

and of utility program changes at

      https://unifoundr ... nt-utilities.html

Information about Hangul modifications is at

      https://unifoundr ... hangul/index.html

and

      http://unifoundry ... l-generation.html

00:49

Joe Marshall: New chatbot [Planet Lisp]

Lately I've been playing with writing a chatbot library in Common Lisp.

My previous gemini bindings were getting unweildy. I wanted to add the ability to run LLMs on my local machine but it turned out to be really kind of kludgy, so I decided to start from scratch with multiple back ends in mind.

I've got it to the point where in supports multiple back ends, so now I can prompt local LLMs from Lisp.

Recently I added the ability to recursively launch chatbots that can call each other. Since the chatbots do not share their contexts, this greatly reduces the context bloat of thet main chat because it can spawn off subtasks to a minion and not pollute the main context. This also allows you to create a federation of chatbots, each of which specializes in some topic and is overseen by a controlling chatbot that talks to the user.

Chatbots can be serialized and checkpointed, so if one is carrying out an agentic task and Lisp crashes, when we restart the agentic tasks are restarted as well and pick up where they left off.

IT turns out that recursive chats are a useful abstraction once you figure out how to use them. Basically any prompt you may issue may also want to be issued by an llm and this enables that to happen. It allows you to run subprocesses that would otherwise put junk in your context, for example reading the contents of a lange number of files. If you put that into a rocursive chatbot, it could slurp up the files into its context without adding tokens to the parent chat.

You can use a recursive chat as a `smart component'. The recursive chat can have a specialized system instruction and can preload its context with relevant information specific to it. It's context doesn't get diluted by the caller's context

Sunday, 28 June

21:21

Kernel prepatch 7.2-rc1 [LWN.net]

The 7.2-rc1 kernel prepatch is out for testing. Linus said: "So two weeks have passed, and the merge window is closed. Things look reasonably normal for this release (knock wood)."

17:28

Link [Scripting News]

To read scripting.com you need a browser that supports HTTP.

Link [Scripting News]

Why email newsletters made sense. Email has no character limits, can represent bold and italic, links, titles, enclosures, basically most features of the web, and social media places limits on what writers can write. That's where the literate social web went, and the bloggers too. Like how birds are really dinosaurs.

14:28

Link [Scripting News]

If you're working on a social web app that supports inbound and outbound RSS, I'd like to help, so our products can interop beautifully. That's the reason I'm doing this work, to establish a baseline for interop in the social web. RSS is the obvious candidate. If we didn't have it, we'd have to invent it. I'd much prefer doing the work openly, so if you can, write a post and send me a link. I think it's time for us to go back to the way we built network systems before Google and the VCs took over. Put up an app and see who works with it. My email address is on the About page on my blog.

Link [Scripting News]

Programming tip. If your app has globals, create an object called globals, and put all of them in there. Someday you may want to swap in one set of globals for another, this makes it easy.

11:07

That CO alarm is giving me a headache [RevK®'s ramblings]

OK, yes that is an old joke, but I do have a slight mystery over the CO alarm.

This first happened last year, and drove me round the bend. A chirp every 49 seconds. This is normally a smoke alarm with low battery.

The problem is that we have 8 alarms in the house, and trying to work out which is chirping is not as easy as it sounds, especially when it is 2am, as it always is with these tings.

I actually ended up replacing every battery and still had a chirp. I then remembered there is a smoke alarm in the loft, and replaced that, only then to realise it was the CO alarm  in the loft! I went to replace that and found it is mains only, and Ei3018 CO alarm. Annoyingly it continued to chirp for some time once removed from the power.

I actually ended up buying a new one, and has been fine for over a year.

Then this week, it happens again. Thankfully I remember the loft this time. What is extra odd is that when I opened the loft hatch, the chirping stopped!

The next night it started again and did not stop. So I removed it, and waited. I put back in place next day.

The next night it started again, so removed, and new one ordered.

But I decided to actually read the manual, and it is odd.

It did not alarm!

Now, a key thing here is, it did not alarm. I would know, I have been in the house all the time, it is linked to all the other alarms, and to a relay input to my alarm/monitoring system as well. It did not do an alarm, honest.

But the manual says it has a memory mode, where, for 24 hours after an alarm, it will chirp. There is however a problem with this.

  1. It had not alarmed!
  2. It stopped chirping when I opened the loft hatch, so was clearly not doing a 24 hour chirp.
  3. It is a single chirp - the manual explains it does 2 or 3 chirps, etc, for different types of alarm.

However, reading further, the manual does have a single chirp every 48 seconds. This is for "AC mains off or low battery backup", or (with green LED) low battery backup. I do not think it had an LED on.

So it does indeed sounds like the backup battery is depleted and the action is "replace alarm".

But this is just over a year for a device that should last over 10 years, arrrg!

I wonder why?

10:14

The generic headline and the lazy slogan [Seth's Blog]

If you can swap your slogan with a competitor’s without changing the meaning of either brand, then your slogan is meaningless.

For example, “You belong here” is not a positioning statement for a college seeking new students. It’s just noise.

It also doesn’t help to mix weasel words with more weasel words and then add specifics. On charity’s pitch: “Your contribution can help up to 35 people.”

“Up to” covers a lot of ground, doesn’t it?

It’s true that the copy we use can be noisy decoration, not often read or fully understood. But that doesn’t mean we shouldn’t put in the effort to make it useful and powerful.

07:14

Russell Coker: Plaud [Planet Debian]

While watching a YouTube video I saw an advert for the Plaud AI Note Taker [1]. The Plaud device looks pretty good for what it does, taking notes and managing them, using some sort of LLM function to manage the notes. The devices all cost about $300 which is an amount that doesn’t seem unreasonable for someone who’s in a lot of meetings. One of the models is the “NotePin” that seems comparable to the Humane AI Pin I previously blogged about [2].

The business model for Plaud is based on only allowing 5 hours per month of free transcriptions, then charging $16.25/month for 20 hours per month and $33.33/month for unlimited use. That’s quite expensive for any serious use.

The number of people in the market for an audio recording system that automatically transcribes things may be greater than the number of people in the market for all the stuff that the Humane AI Pin did, but it still may not be enough to run a profitable business when competing with apps on mobile phones.

While the product does look decent it seems that they are making the same mistakes as the original Humane developers did, of wanting to lock it down as a subscription based service which reduces the usability of the device. If they had sold an Android hand-held computer with their own app pre-loaded and allowed the user to install a different app then it would have been much more usable. If they had sold Android devices designed for the note taking market and allowed people to choose their own apps to install then their products would have a much longer life expectancy.

The majority of Android devices in use are probably out of support but still working while the Humane AI pin can’t be used any more and at some time in the not too distant future the Plaud devices will also become unusable. People who buy devices like the Plaud seem to be unaware of the history of such things and the expected future for them. But possibly some people just consider $300 for a year of use to be an acceptable price. If someone wanted to purchase a new high end phone every year and sell their previous one they would probably have a net cost of about $500/year.

Maybe I should look for work with a company with an implausible AI based business plan. It would be fun developing such a device if you weren’t emotionally invested in the project. Just develop new technology, earn a heap of money, play with fun computers, and move on to the next thing when it collapses. Just like all the Internet companies about 25 years ago.

Russell Coker: Some GPU Stuff [Planet Debian]

After getting a HP Z4 G4 tower server/workstation to house my Intel Battlemage GPU [1] I’ve been playing around with some GPU stuff. For years I’ve been just buying GPUs based on the resolution and price and not bothering about anything else due to lack of ability to measure what cards are doing. The nvidia-smi program is really good for NVidia/CUDA setups but I hadn’t been aware of anything similar for AMD cards. As I prefer AMD cards for my workstations due to driver issues with NVidia that was a problem for me.

I’ve recently discovered that the program nvtop (Debian package nvtop) shows the GPU use of multiple GPU types, for me it’s worked on AMD and Intel discrete GPUs and shows some information on Intel integrated GPUs, I don’t have others convenient for testing at the moment. Currently BOINC has the Einstein@Home [2] project running on the HP Z4 G4 and it’s using between 66% and 100% of GPU compute power and 1.6G of GPU RAM. Using 100% GPU compute power allegedly takes 62W of power out of the 190W quoted TDP. I presume that the power use reported by nvtop is very inaccurate.

A friend installed a LLM on that system and the libraries used for the LLM were sufficient that BOINC just started using the GPU.

On my workstation running an AMD “[Radeon RX 460/560D / Pro 450/455/460/555/555X/560/560X]” (actually R560) with 4G of GPU RAM I have mpv taking 1G of GPU RAM to play a FullHD video expanded to a full screen window on my 5120*2160 display. I also have about 2G used by the kwin_wayland process (the Wayland server for KDE). That doesn’t leave enough GPU RAM to allow Einstein@Home to use the GPU. When playing the FullHD video in question (which is 1.2G for 42 minutes – about 500KB/s) at 1.5* speed (a common playback speed I use) that takes about 30% of the compute power on my GPU.

I had installed the rocm-opencl-icd package on my workstation (with a 5120*2160 monitor) and restarted boinc-client.service which is all that’s needed to allow BOINC to use an AMD GPU. Then the screen started flickering as the Einstein process repeatedly core dumped which I initially assumed to be it’s reaction to not having enough GPU RAM available. On every core dump the screen flickered so it went through a process of dozens of screen flickers until it had caused a sufficient number of core dumps and BOINC gave up running that job.

Another annoyance is that the boincmgr program (the graphical program for managing BOINC systems) launches two webkit processes that each use about 400M of GPU RAM, so even if other things weren’t using all my GPU RAM the boincmgr process would stop the BOINC jobs from using the GPU. I shut down some of the programs that were using GPU RAM until there was 2G free and the BOINC process kept crashing so it seems that there is some other issue.

On another system with a 4K monitor there were Chrome and Chromium GPU process taking 1.1G and 500M of GPU RAM respectively and the KWin Wayland process was taking 1G of GPU RAM. So that’s well over half the GPU RAM for just browsers and Wayland. With programs like Kitty (terminal emulator) and Nheko (Matrix client) taking over 100M of GPU RAM it seems that 4G is the bare minimum for GPU RAM with modern software and a 4K or similar display.

I also noticed the kscreenlocker_greet process taking 440M of GPU RAM. I wonder if a hostile web server could make a web browser take more GPU RAM and starve the screenlocker of GPU RAM, could that allow forcing a screen lock operation to fail?

It seems that 4G is the minimum for modern systems, which isn’t necessarily a problem as GPUs that are capable of driving 4K displays tend to have no less than 4G. My local computer store has new GPUs with 4G starting at $120 but 12G seems to be the next option up which starts at about $400.

Ebay currently has a selection of AMD GPUs with 8G of RAM under $200. I’ve had some problems with the GPU in my workstation crashing as described in my previous post where I thought it was driver issues [3]. I now believe that there are hardware issues and will look into buying one of the cards with 8G.

Further Investigation

I need to determine which of the AMD GPUs that are currently going cheap on ebay are best. While my current PC has support for 150W PCIe power I’d rather something less power hungry than that. I have occasional issues of mpv reporting that my system is too slow for a video so slightly more compute power on the GPU would be good, but I think that every available option has significantly more compute power.

I need to find out what the relationship is between screen resolution and GPU memory. If I get an 8K display or an array of 4*4K displays (which is quite plausible as 27″ 4K displays go for $230 each) will I find 16G of GPU RAM as limiting as I find 4G now?

The nvtop program tracks PCIe data transfers for AMD GPUs, I haven’t yet seen more than 25MB/s and I need to do more tests to see what the maximum is. Running on an Intel Battlemage card nvtop doesn’t report PCIe data transfer speed which is a missing feature in either the driver or the program. I need to find out where the problem is and report a bug if someone hasn’t already done so.

The GPU RAM use of some applications seems excessive. 440M for a lockscreen? 100M+ for a terminal emulator? 320M for Thunderbird?

Saturday, 27 June

23:28

Steve McIntyre: It's dead, Jim! [Planet Debian]

I previously wrote about the upcoming UEFI CA rollover. Well, it's happened now - the old Microsoft UEFI CA from 2011 expired yesterday:

Third Party Marketplace Root (used for signing option ROMs and other software)

  Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
  Validity
    Not Before: Jun 27 21:22:45 2011 GMT
    Not After : Jun 27 21:32:45 2026 GMT

It's dead - it's not coming back...

The world doesn't seem to have ended yesterday, so I guess we did ok? :-)

How did we do?

After a lot of prodding behind the scenes, Debian and many other distributions managed to get new shim binaries dual-signed with both the old and new CAs. The members of the shim-review team did a sterling job with reviews in the last few weeks. Since I started pushing people in May, we've had 21 reviews accepted successfully - see here for the list. Great stuff! Microsoft have also been working quickly - many of those shim submissions were accepted and signed by Microsoft very quickly too, with a turnaround time of less than 1 day in some cases.

Not all of those signed shims have been published and used by the distros involved yet, but expect to see them in the wild in the coming weeks and months.

These binaries should be good for people to use for the foreseeable future, until either we need to do another CA rollover or (sadly, more likely) we find an issue in shim that necessitates a new release.

What's next?

We already have one of our new dual-signed shim binaries in place in Debian, in unstable and testing (Forky) right now. In a couple of weeks from now, we'll be rolling out very similar new dual-signed shim binaries in the next point releases for Debian 12 (bookworm) and Debian 13 (trixie). We'll also be upgrading fwupd in both those point releases, to make DB and KEK updates work better.

For more information about these updates, see https://wiki.debian.org/SecureBoot/CAChanges. For your own safety, validate that your systems are updated when possible. If you don't, they may fail to boot in future.

18:49

Link [Scripting News]

Claude can understand code no human could. Ever, under any circumstances. Just like a compiler can understand any code we throw at it. Way beyond what code obfuscation tools can do.

17:21

Link [Scripting News]

In our work we have arrived at the point where we read and study a piece I published in 1997, but was written in 1988 or so. Esp the part about LBBS. It's a really good thing I wrote that because I forgot how it worked, but reading that it all comes back. We're going to go far beyond where Twitter went with reading message structures on the web. I had already done a lot of the work in the 80s.

Link [Scripting News]

The other day Matt joked about how old I am, in public, and I am pretty old. But Matt, I was paying attention then as I am now, and connecting the dots. No one else working today, I'd venture, knows what it's like to create and run a modem-based dial-up Twitter-like system on an Apple II with a 10MB Corvus hard drive. Yet it worked, and people loved it. If you weren't alive in 1981, you wouldn't know anything about this. I remember talking with Doug Engelbart when I was running UserLand. If you don't know who he is, look him up. He blazed a trail we were turning into a highway, and we're all using his inventions all the time. Every chance I got to sit down with him I did. I wanted him to work with us, to critique everything we were doing. He had a lot of knowledge that disappeared when he passed on a few years later. That's the sad thing, at my advanced age, that I am trying to avoid. And btw, as surprise, Claude really understands this stuff. I've never seen anything like it with a human, and I've worked with some great humans.

17:14

Jonathan McDowell: onak 0.6.5 released [Planet Debian]

I had intended that the next release of onak, my OpenPGP keyserver, would be 0.7.0, and include OpenPGP v6 support (RFC9580). However events conspired to make a 0.6.5 release a really good idea.

Firstly, I threw an LLM at the code base and asked it to review it. This isn’t intended to be a post about LLMs, but there’s a considerable amount of pressure at work to be “AI native”. I’m very much an “AI” sceptic, so I figured throwing it at a code base I know well might be an interesting exercise. It did find a bunch of embarrassing mistakes, but I don’t think there was anything earth shattering that a human reviewer wouldn’t have pulled me on. The problem is with a hobby project with a single user there’s no actual review of my work.

I also enabled GitHub’s security scanning. It mostly complained about format strings, and those were easy enough to fix up.

Next I threw AFLplusplus at the code. I’d previously tried American Fuzzy Lop, but not in some time. AFL++ found a whole bunch of places I should really have checked available buffer lengths and wasn’t doing so. It really is an incredibly easy tool to get up and running.

valgrind is also a tool I’ve used before, and rate highly. Thankfully it didn’t find anything in my testing this time.

Finally I threw a few more automated tests into the mix and discovered something has changed around dynamic linking such that the libonak symbols in the dynamic key database backends were using private copies, rather than the main binary. This caused problems with seeing the correct configuration settings in some instances.

All in all this release is not my proudest moment; a bunch of the issues fixed should never have made it to a release.

(Also, just to explicitly state it, all the actual code in this release was artisanly crafted by me, in vim. The only involvement of an LLM was for a review pass.)

Available locally or via GitHub.

0.6.5 - 27th June 2026

  • Lots of fixes/improvements around length checking
  • Added extra basic tests for maxpaths/sixdegrees/CGI
  • Correctly end transactions in the stacked backend
  • Ensure the file backend avoids stale key data on updates
  • Fix decoding of v2/3 signature creation times
  • Fix EdDSA signature parsing when r < 249 bits long
  • Fix migration of bools from old to new config style
  • Fix parsing of new config details for DB parameters
  • Fix problems with linking + dynamic backends
  • Fix RSA-SHA2-384 signature checking
  • Fix sixdegrees parsing of keyids with high bit set
  • Handle failures in maxpath more gracefully
  • Make new style config path match old path

16:21

View From a Hotel Window 6/27/26: Chicago [Whatever]

There is a parking lot in this picture, but it’s over in the corner, and I think it’s attached to the marina. The rest is convention center and Lake Michigan.

Also, hello, Chicago! It is good to be in you again. I am here for the American Library Association event, and I regret to say that unless you’re attending you’re not likely to see much of me. Never fear, I will return. I always do.

— JS

15:21

Three stable kernel updates [LWN.net]

The 7.1.2, 7.0.14, and 6.18.37 stable kernel updates have been released; each contains a relatively small number of important fixes. Note that 7.0.14 is the end of the 7.0.x series.

13:07

GNU Parallel 20260622 ('Rape Gang Inquiry') released [stable] [Planet GNU]

GNU Parallel 20260622 ('Rape Gang Inquiry') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  GNU Parallel is much nicer than xargs and more powerful ... definitely recommended!
    -- boomertsfx@reddit

New in this release:

  • testsuite reorganized.
  • Bug fixes and man page updates.


GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.


About GNU Parallel


GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
    12345678 c555f616 391c6f7c 28bf9380 44f4ec50
    $ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
    70727536 3428aa9e 9a136b9a 7296dfe4
    $ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
    83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
    b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
    $ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparall ... igns/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference


If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)


If GNU Parallel saves you money:



About GNU SQL


GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.


About GNU Niceload


GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

12:56

Pluralistic: Zuckerberg's increasingly bizarre war on whistleblowers (27 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

  • Zuckerberg's increasingly bizarre war on whistleblowers: Under no circumstances should you rush out and read the book that prompted Mark Zuckerberg to demand $111m and eternal auctorial silence.
  • Hey look at this: Delights to delectate.
  • Object permanence: Flame warriors; Cryptography and casinos; TSA v dying 95 year old woman's adult diaper; Neoliberalism and Brexit; Beyond solutionism; How Thiel cheated with his Roth; Inequality's stabilizer; Palm Pilot school; Gillmor on PR flacks; "How I Edited an Agricultural Paper; Conservative judge chokes liberal judge; Hollywoodnomics; Rubber fingertips v fingerprint readers; Snowden's telepresence robot; "Shrill"; Moral hazard, "Three Rocks."
  • Upcoming appearances: London, Edinburgh, Sydney, Melbourne, Brighton, London, South Bend.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.



Four female chorousters in sumptuous Renaissance robes. Each one's mouth has been stopped up by a Facebook 'thumbs up' icon. Behind them looms Mark Zuckerberg's grinning Metaverse avatar. The book they are reading from has flooded their faces with light. In the background is a sky full of ominous blue/red clouds.

Zuckerberg's increasingly bizarre war on whistleblowers (permalink)

More than a decade ago, a group of young, internet-connected Belarusian dissidents launched a series of increasingly high-stakes, increasingly surreal confrontations with the corrupt, authoritarian government of Alexander Lukashenka, a man who is often called "the last Soviet dictator."

Lukashenka's secret police – still called the KGB – routinely terrorize and kidnap pro-democracy activists, and all forms of protest are banned. It was against the backdrop of this unrelenting oppression that the activists launched a series of whimsical "flash mobs" that challenged the Lukashenka regime's willingness to crack down on even the most innocuous behavior.

One of these flash mobs was an ice cream social: activists converged on a public square to eat ice cream cones. Lukashenka's thugs beat them and dragged them away:

https://web.archive.org/web/20070609164305/http://pics.livejournal.com/litota_/gallery/0000bcch

The protestors thought that by daring Lukashenka to arrest people for eating ice cream, they could create a win-win situation: either Lukashenka would be revealed as the kind of asshole who thinks it should be illegal to eat ice cream, or he'd be revealed as the kind of weakling who couldn't keep a lid on dissent.

Lukashenka took the bait. And took it. And took it. In the years that followed, protesters would be arrested for smiling, clapping, and just standing silently:

https://www.indexoncensorship.org/2011/07/belarus-protesters-rally-on-the-web/

The world learned that Lukashenka was a buffoon, and Belarusians affirmed their view that this buffoon would not hesitate to mete out the most vicious punishments for the most innocuous actions:

https://sci-hub.st/10.1080/25739638.2021.1928880

Speaking of thin-skinned, paranoid, wildly corrupt buffoons who will stop at nothing to silence their enemies, how about that Mark Zuckerberg, huh? Sure, all the headlines these days are about Zuck's intention to transform Facebook into a sports betting site:

https://www.businessinsider.com/metas-zuckerberg-enters-the-prediction-market-arena-polymarket-2026-6

But in the UK, Zuckerberg's war on whistleblowers keeps finding new, ice cream grade depths of absurdity to plumb. The whistleblower in question is, of course, Sarah Wynn-Williams, author of the internationally bestselling memoir Careless People, which details the criminality she witnesses during her years as the head of Facebook's international relations team:

https://pluralistic.net/2025/04/23/zuckerstreisand/#zdgaf

Careless People is full of revelations about the gross institutional misconduct of Facebook, including its knowing encouragement of a genocide in Myanmar. But it's also full of stories about the severe personal failings of Facebook's executive team, especially Sheryl Sandberg, Joel Kaplan and Mark Zuckerberg.

These three come off as the most colossal of assholes, cruel, petty and predatory. Sandberg comes across as a sexual abuser who dreams of trafficking in poor people's organs. Kaplan is an oaf whose plan to provide paid internet access to refugee camps falls apart once he learns that refugees in camps don't have any money (he also takes points off of Wynn-Williams's workplace evaluation for being "unresponsive" over a period when she was in a near-death coma). Worst of all, though, is Zuckerberg, whose sins range from cheating at Settlers of Catan to endangering the Colombian peace process after a 50-year civil war because he refused to get out of bed before noon. Zuck is also revealed to have given the Chinese state access to all of Facebook and the power to censor content they disliked, as part of a failed bid to get permission to offer a Facebook service in China.

It's a terrible company, with awful products, run by the worst people. Wynn-Williams's conditions of employment required her to sign a contract that bound her to silence (nondisclosure), forbade her from speaking ill of the company (nondisparagement), and denied her access to the legal system in all her dealings with Meta (binding arbitration).

Together, these three clauses – routinely used by Meta to silence would-be whistleblowers – meant that after Wynn-Williams's book was published, Meta got its arbitrator – a lawyer who is paid by Meta to adjudicate contractual disputes instead of an actual judge – to order her to never promote or even speak about her book.

The arbitrator awarded Meta $50,000 for each criticism that Wynn-Williams levied, quickly coming to a total of over $11,000,000. This vastly exceeds the assets and lifetime earning potential of Wynn-Williams and her husband (a reporter with the Financial Times). If this bill ever truly comes due, they will be wiped out.

Which raises an interesting question: what else can they do to her? Once they've secured civil damages that exceeds her net worth several times over, why shouldn't she just flout her agreement? "Freedom's just another word for nothing left to lose," and all that.

Nevertheless, Wynn-Williams has scrupulously hewed to the arbitrator's rules, steadfastly remaining silent about her book, its contents, and her experiences at Facebook/Meta. When she and I appeared onstage together in London for the launch for my book Enshittification last year, she fell silent and assumed a blank expression any time the subject of Meta came up, and she didn't sign or sell books afterward:

https://www.barbican.org.uk/whats-on/2025/event/cory-doctorow-with-sarah-wynn-williams-chris-morris

When she won the British Book Award, she did not speak to accept it, and the cover of her book was blurred out on the overhead screen (she gave an acceptance speech on behalf of her co-winner, the late Virginia Giuffre, who was abused by Jeffrey Epstein and who accused Prince Andrew of sexual assault):

https://www.theguardian.com/books/2026/may/11/sarah-wynn-williams-and-virginia-giuffre-jointly-win-freedom-to-publish-prize-at-british-book-awards

Nevertheless, when she was booked to speak – about a subject other than her book – at the Hay Festival on a stage with Tim Wu and Carole Cadwalladr, Meta sent a legal threat to the festival and Wynn-Williams, claiming that if by speaking about anything in public, she would violate the arbitrator's order. Accordingly, Wynn-Williams maintained total silence and a blank facial expression for an hour on stage, saying not one word, while Wu and Cadwalladr carried on a discussion. Careless People was withdrawn from the festival bookshop on the days she appeared there:

https://www.theguardian.com/technology/2026/may/31/meta-legal-action-forces-facebook-whistleblower-to-stay-silent-at-hay-festival

Nevertheless, Meta has informed Wynn-Williams that her silent, motionless appearance on a stage constitutes a further breach of her "agreement" and that they are going to seek even more damages from her. This act of anti-ice cream thuggery has pushed Wynn-Williams over the edge and now she's sued to invalidate her contract:

https://www.theguardian.com/technology/2026/jun/25/whistleblower-sarah-wynn-williams-sues-meta-attempts-to-silence-her-careless-people

Her lawyers have posted their documents related to the suit, including a 285-page declaration by Wynn-Williams explaining the great lengths she's gone to in order to comply with Meta's demands, and the company's absolute intransigence and arbitrary menace:

https://katzbanks.com/sarah-wynn-williams-meta-lawsuit-documents/

Why would Meta be so intent on destroying this one high-profile whistleblower? Surely they've heard of the Streisand Effect. There is no better way to ensure that Wynn-Williams's book (already a NYT #1 bestseller) continues to attract readers than to continue to escalate these threats.

I think they're perfectly aware that they are convincing more people to read Careless People (you should read it, it's genuinely excellent):

https://us.macmillan.com/books/9781250391230/carelesspeople/

But I think they've decided that this is a price worth paying, because:

a) They've done even worse things since Wynn-Williams parted ways with the company; and

b) They're laying off thousands of workers because their giant bet on AI has been a flop, leaving them with a massive cash crunch; and

c) By destroying Sarah Wynn-Williams, they can terrorize all those thousands of bitter ex-employees into silence about the even graver sins the company has committed.

That's my theory, anyway:

https://www.businessinsider.com/meta-layoffs-managers-software-engineers-ai-spending-2026-6

Lukashenka knew that arresting children for eating ice cream would make him a laughingstock abroad. Zuckerberg knows that threatening Wynn-Williams for standing in wooden silence on a stage makes him look like history's most guillotineable billionaire. But both Lukashenka and Zuckerberg are willing to be thought a thin-skinned bully, so long as that means the people they oppress the most are too terrified to ever challenge their authority.


Hey look at this (permalink)



A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Actual music piracy https://www.theguardian.com/uk/2001/jun/13/ukcrime.nickhopkins

#25yrsago Flame warriors https://web.archive.org/web/20010603044914/http://www.winternet.com/~mikelr/flame1.html

#25yrsago World court says Arizona murdered German prisoners by denying them consular access https://www.cnn.com/2001/WORLD/europe/06/27/germany.court/index.html

#25yrsago Private school buys every student a Palm Pilot https://web.archive.org/web/20010709075203/https://www.wired.com/news/school/0,1383,44812,00.html

#25yrsago Dan Gillmor’s guide for PR flacks https://web.archive.org/web/20010626230530/http://web.siliconvalley.com/content/sv/2001/02/20/opinion/dgillmor/weblog/PR.htm

#20yrsago German publisher attacks Bulgarian books-for-blind site https://web.archive.org/web/20060629065445/https://protest.bloghub.org/2006/06/27/fight-for-copyrights-in-bulgaria-turns-ugly/

#20yrsago Photographer calls critic’s boss to complain https://www.flickr.com/photos/thomashawk/176785431/

#20yrsago Daddle: a kid-sized saddle for adults https://web.archive.org/web/20060618012713/https://www.cashelcompany.com/dad.php

#20yrsago More on cryptography and online casinos https://memex.craphound.com/2006/06/26/more-on-crypto-and-online-casinos/

#20yrsago Reasons that HD DVD formats have already failed https://www.audioholics.com/editorials/10-reasons-why-high-definition-dvd-formats-have-already-failed

#15yrsago Undercover video from North Korea: starving children, hungry soldiers https://web.archive.org/web/20110629182200/http://www.abc.net.au/news/stories/2011/06/27/3253979.htm

#15yrsago TSA asked 95 year old woman in a wheelchair in terminal stage of leukemia to remove adult diaper for pat-down https://web.archive.org/web/20110627091434/http://www.nwfdailynews.com/news/mother-41324-search-adult.html

#15yrsago Reading of Mark Twain’s “How I Edited an Agricultural Paper” https://ia801406.us.archive.org/22/items/Cory_Doctorow_Podcast_209/Cory_Doctorow_Podcast_209_Mark_Twain_Editing_an_Agricultural_Paper-fixed.mp3

#15yrsago Paramount sends copyright notice to Shapeways user over 3D printable Super 8 cube https://toddblatt.blogspot.com/2011/06/cease-and-desist.html

#15yrsago Advice Goddess: How much longer must we be subjected to invasive TSA patdowns? https://www.advicegoddess.com/archives/2011/06/24/i_think_youre_c.html

#15yrsago Conservative Wisconsin Supreme Court Justice alleged to have choked liberal colleague https://talkingpointsmemo.com/muckraker/wis-justice-ann-walsh-bradley-justice-prosser-put-his-hands-around-my-neck-in-anger-in-a-chokehold

#15yrsago Hollywoodonomics: how Harry Potter and The Order of the Phoenix “lost” $167M https://deadline.com/2010/07/studio-shame-even-harry-potter-pic-loses-money-because-of-warner-bros-phony-baloney-accounting-51886/

#10yrsago I’m profiled in the Globe and Mail Report on Business magazine https://web.archive.org/web/20160628142940/https://www.theglobeandmail.com/report-on-business/rob-magazine/the-crusader-fighting-lock-happy-entertainment-conglomerates/article30520282/

#10yrsago Rubber fingertips to use with fingerprint-based authentication systems https://www.csmonitor.com/World/Passcode/Security-culture/2016/0627/Fake-fingerprints-The-latest-tactic-for-protecting-privacy

#10yrsago How I grilled the best steaks I’ve ever eaten https://memex.craphound.com/2016/06/27/how-i-grilled-the-best-steaks-ive-ever-eaten/

#10yrsago Supreme Court strikes down Texas abortion law https://www.nbcnews.com/news/us-news/supreme-court-strikes-down-strict-abortion-law-n583001?cid=sm_tw

#10yrsago Snowden’s flesh is trapped in Russia, but his mind roams the world in a robot body https://nymag.com/intelligencer/2016/06/edward-snowden-life-as-a-robot.html

#10yrsago China’s $10B/year PR ministry mired in political fight with anti-corruption/loyalty enforcers https://web.archive.org/web/20160701235749/http://www.economist.com/news/china/21701169-xi-jinping-sends-his-spin-doctors-spinning-who-draws-party-line?fsrc=scn/tw/te/pe/ed/whodrawsthepartyline

#10yrsago Snowden publicly condemns Russia’s proposed surveillance law https://www.theguardian.com/world/2016/jun/26/russia-passes-big-brother-anti-terror-laws

#10yrsago Yes Men punk the NRA with “buy one gun, give one gun” program https://www.youtube.com/watch?v=Ikb66V2rDcw

#10yrsago Shrill: Lindy West’s amazing, laugh-aloud memoir about fatness, abortion, trolls and rape-jokes https://memex.craphound.com/2016/06/27/shrill-lindy-wests-amazing-laugh-aloud-memoir-about-fatness-abortion-trolls-and-rape-jokes/

#10yrsago Neoliberalism, Brexit (and Bernie) https://crookedtimber.org/2016/06/26/tribalism-trumps-neoliberalism/

#10yrsago McDonald’s 1987 fashion catalog is a horrorshow https://www.flickr.com/photos/jasonliebigstuff/3050116620/

#10yrsago Beyond “solutionism”: what role can technology play in solving deep social problems https://ethanzuckerman.com/2016/06/22/the-worst-thing-i-read-this-year-and-what-it-taught-me-or-can-we-design-sociotechnical-systems-that-dont-suck/

#10yrsago Donald Trump’s annotated Walk of Fame star https://dduane.tumblr.com/post/146444083461/someome-spray-painted-the-mute-sign-on-donald

#5yrsago New York City's 100 worst landlords https://pluralistic.net/2021/06/26/wax-rothful/#nyc-landlords

#5yrsago How Peter Thiel gamed the Roth IRA for tax-free billions https://pluralistic.net/2021/06/26/wax-rothful/#thiels-gambit

#5yrsago The Overlapping Infrastructure of Urban Surveillance https://pluralistic.net/2021/06/26/wax-rothful/#surveillance-infographic

#5yrsago The Doctrine of Moral Hazard https://pluralistic.net/2021/06/27/the-doctrine-of-moral-hazard/

#1yrago Bill Griffith's 'Three Rocks' https://pluralistic.net/2025/06/27/the-snapper/#9-to-107-spikes

#1yrago Surveillance is inequality's stabilizer https://pluralistic.net/2025/06/26/autostabilizer/#slicey-bois


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027



Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

10:49

Seeking a complement [Seth's Blog]

One of the nicest thing you can do for someone you care about is point them to an idea, a book, a talk or a tool that will amplify their work and help them get to where they’re going.

It’s not easy. It means you understand their goals, see them for who they are and care enough about their work to amplify it.

That’s why filling in the missing piece with a complement is worth much more than an empty platitude or compliment.

08:42

Microsoft capitulates again, extends Windows 10 support by another year [OSnews]

It’s been quiet for a few days since I’ve been sick, but I’m feeling a bit better since today marks the official end of my one month of using Windows 11 that you people donated for. An article about my experience is definitely upcoming, including whether or not I’ll actually stick with Windows 11 on my laptop or go back to Linux, but before we get there, let’s talk about Microsoft once again capitulating to the reality that a lot of people really don’t want to let go of Windows 10.

In a surprising move, Microsoft has quietly confirmed that it’s extending Windows 10 support until October 12, 2027, which is one full year beyond the October 2026 cutoff that home users had been planning around.

↫ Abhijith M B at Windows Latest

Hundreds of millions of people are still using Windows 10, and with the “AI” techbros buying up all the RAM and other chips for their pachinko machines – making this whole thing a bit of an own goal for prime “AI” booster Microsoft – buying new PCs that are actually compatible with Windows 11 isn’t exactly a fun prospect for the vast majority of us normal folk dealing with the cost-of-living crisis. As such, Microsoft really doesn’t have any other choice but to keep extending support for Windows 10. It ain’t much, but I’ll take any morsel of justice I can get.

While everyone else has to pay for getting access to these Windows 10 updates, users in the European Union get them entirely for free thanks to the Digital Markets Act. This additional year, too, can be partially attributed to the DMA, as the very same consumer rights organisations who pressured Microsoft into giving EU users truly free access to the Extended Security Updates also put pressure on the company to offer these for more than just one year.

Basic consumer protection legislation works.

05:49

Palantir on path for access to UK medical records [Richard Stallman's Political Notes]

The UK is on a path to give Palantir access to patients' medical records in England. If Palantir gets that, it will let the magats use it for persecution.

Jamaican thug accused of shooting protester [Richard Stallman's Political Notes]

A Jamaican thug is accused of shooting a protester dead. The protest was over the fatal shooting of her cousin by another thug a few days before.

House passes resolution to end US fighting with Iran [Richard Stallman's Political Notes]

The House of Representatives passed the resolution to end US fighting with Iran. The Senate has not yet voted, but it may pass.

As the article shows, the bullshitter has already demonstrated how he would respond if the resolution does pass: with falsification. His philosophy is, "Grab what you want, then state contemptuous bullshit as an excuse."

If senators don't like to be given bullshit, they will need to start blocking lots of other things the bullshitter wants.

Iran and US both losing the war [Richard Stallman's Political Notes]

*Iran and the US both think they are winning the war. The truth is they are both losing.*

Prisoners denied food and water until they sign documents [Richard Stallman's Political Notes]

Prisoners of the deportation thugs report they are denied food and clean water unless they sign documents they can't even read.

The attempt to force false confessions is a standard practice of cruel governments that despise justice. Many countries have done it. It is the shame of the US to be one of them.

Biofuel "solution" can do terrible harm [Richard Stallman's Political Notes]

The biofuel "solution" to global heating can do terrible harm if it substitutes for increased solar and wind electric generation. *Experts say increased use of crops for fuel is "dangerous game" that could send food price inflation soaring.*

Pretend Intelligence agents mess things up like Mr Magoo [Richard Stallman's Political Notes]

Because Pretend Intelligence "agents" do not really understand what they were told to do, not at the level of ground truth that is, nor the actual effects of their actions, they often mess things up like Mr Magoo.

Impeachment to induce splits in the Republican Party [Richard Stallman's Political Notes]

Ralph Nader argues that an impeachment drive against the corrupter now, before the 2026 election, would be a good way to induce splits in the Republican Party and may be drive him to resign.

His arguments may be valid, but I wonder how much less destructive and cruel Vance would be.

Dangers of storing data with tech companies [Richard Stallman's Political Notes]

One of the dangers of tech companies storing your personal data, and personal data about you, in their online dis-services is that agents of repression can copy that data from the company without even informing you.

Plan to break up National Center for Atmospheric Research [Richard Stallman's Political Notes]

The wrecker's henchmen plan to break up and wreck the National Center for Atmospheric Research, stating global heating denialism as their motive.

A court blocked one attack, ruling that it was "arbitrary and capricious".

If they succeed, the blow to climate modeling may indirectly kill millions more people, perhaps hundreds of millions more, but it will be hard to estimate how many of additional deaths were due to the sabotage of NCAR. In 20 years or so, their successors will deny that the saboteurs of today had anything to do with the world-wide disasters, but people who reject their lies will understand who is responsible.

Scott Pelley told to mis-report about Renee Good [Richard Stallman's Political Notes]

Scott Pelley reports that Bari Weiss, appointed saboteur of CBS News, told the 60 Minutes team to say that Renee Good was "driving toward" the thug that shot her. (Their video showed she was steering to avoid him.)

She also directed the team to make the protesters appear more violent (another request for a lie).

FBI fired analyst who warned of "Catholic violent extremists [Richard Stallman's Political Notes]

The FBI fired just recently the analyst who warned in 2023 of potential danger from "Catholic violent extremists" opposed to abortion.

As we all know, the danger from anti-abortion activists in the US comes mainly from evangelicals, not from Catholics. And their violence is primarily lawfare rather than direct violence.

Aside from those details, the warning was right on track. State efforts to ban abortion have killed a number of women who needed an abortion to save their lives after a complication in pregnancy.

I suppose the reason that the FBI fired them is that the violent anti-abortion extremists are supporters of the saboteur in chief, who is the boss of the head of the FBI.

US was moving towards oligarchy before corrupter [Richard Stallman's Political Notes]

Robert Reich argues that the US was steadily moving towards oligarchy before the corrupter pushed it quickly to the extreme.

Therefore, if we do overcome the corrupter and his followers, they may turn out to have taught us a crucial lesson about defending democracy, justice, and honesty.

Claims UK cops treat white suspects worse than non-white suspects [Richard Stallman's Political Notes]

Right-wing extremists in the UK constantly accuse the cops of treating white suspects worse than nonwhite suspects, with no evidence except how often they claim this.

Meanwhile, statistics continue to show bias against black suspects.

It is a standard right-wing extremist strategy: claim the opposite of the truth, and repeat it in a chorus until people lose track of what is true.

Cuban journalist forced into exile [Richard Stallman's Political Notes]

A Cuban journalist founded an independent internet magazine. "State security" forced him into exile by showing him on TV labeled as a "CIA agent".

Sweeping vision for planetary survival [Richard Stallman's Political Notes]

* Humanity can raise living standards, reduce inequality and keep global heating within a 2°C rise, according to a sweeping vision for planetary survival.*

The plan includes redistributing a large part of rich people's wealth. I don't have the time or background to validate the details, but it sounds plausible, if we can overcome the power of the rich.

The authors of the plan describe it.

It is worth a try, since our current course is taking us to disaster.

Millions paid by US to countries to receive deportees [Richard Stallman's Political Notes]

The US has paid millions to convince various countries to receive deportees from the US who have no relationship from those countries.

80% of them were re-deported from there to their home countries. (Most of them, the US could not deport to their home countries because they were in danger of persecution there.)

Amazingly, the US plans to deport 400 Iranians to Iran, *including Christian converts, ethnic minorities, and political dissidents.* The persecutor isn't satisfied with torturing and killing people directly; he wants to help Iran do so too.

Anti-Muslim hate and antisemitism [Richard Stallman's Political Notes]

*Anti-Muslim hate and antisemitism are twin crises. We must confront them together.*

As usual, the religion that is really dangerous in the west is the majority religion here — Christianity. Particularly the evangelical variety.

Cuts to intervention programs [Richard Stallman's Political Notes]

*[The saboteur's] cuts to intervention programs could increase violent crime, experts say. Community programs are more effective at reducing violence than simply making arrests, advocates say.*

Meta suing former employee [Richard Stallman's Political Notes]

Meta is suing a former employee, Sarah Wynn-Williams, for publishing a book about her experiences working there.

She was invited to panel at a major book festival, but because the court had threatened to fine her, she dared not speak or make any gestures.

The book is called Careless People. If you want to buy the book, or any book, I urge you not to obtain it from Amazon. By paying cash for it anonymously, you can fight against Orwellian surveillance.

I have found a local bookstore that is willing to let me order books anonymously, paying cash in advance, and I occasionally do that. That enables me to order new books (but not used books) that are not available in a physical book store. Since the store does not know my name, I think its request for cash in advance is entirely reasonable.

Maybe you too can find a bookstore near you that will do this for you.

European web site published identities of deportation thugs [Richard Stallman's Political Notes]

A European web site and its volunteer contributors help defend democracy in the US by publishing the identities of masked, badge less deportation thugs.

Why bully directs systematized cruelty [Richard Stallman's Political Notes]

Why does the bully direct his agents to perform so much systematized cruelty on randomly chosen victims? One possible explanation is that imposing an inflexible system manipulates people to believe that the system is justified and correct.

Why UK banned Hasan Piker and Cenk Uygur from speaking [Richard Stallman's Political Notes]

Why did the UK ban Hasan Piker and Cenk Uygur from speaking at Oxford? Arwa Mahdawi's response is, "Because on Gaza, we punish the witness, not the crime."

*Banning leftwing activists from entering Britain: an illiberal move with a long history in [Britain].*

The Oxford Union invited them to speak by videoconference instead.

I hope they don't plan to use Zoom, because Zoom censors remote talks about political topics much as the UK government censors presencial ones.

Deportation prison for families [Richard Stallman's Political Notes]

The deportation thugs were planning to set up a special deportation prison specifically for families.

It might be a little less cruel to children than an ordinary deportation prison, normally used only to jail adults. However, if it tortures the prisoners like most US deportation prisons, it could do irreparable harm in a few weeks.

04:49

Russ Allbery: Review: The Folded Sky [Planet Debian]

Review: The Folded Sky, by Elizabeth Bear

Series: White Space #3
Publisher: Saga Press
Copyright: June 2025
ISBN: 1-6680-7812-0
Format: Kindle
Pages: 483

The Folded Sky is a far-future space opera and a fairly direct sequel to Ancestral Night, but with a different protagonist. You do not need to have a vivid memory of the previous book to read this one. It is somewhere around Elizabeth Bear's 31st (!) novel, depending on how one counts and what one includes.

Sunyata Song is an archinformist, which is sort of an archaeologist, sort of a librarian, and sort of a historian. She recovers, decodes, and organizes information so that it can be preserved and made usefully available. As the book opens, she is, after an exceedingly long white space journey in an actively hostile ship with a (to Sunya at least) an atavistically off-putting crew, reaching her goal: a vast artifact that I won't describe further to avoid any spoilers for Ancestral Night. She is eager to get to work, an eagerness that is both heightened and made more anxious by the discovery that her academic rival and abusive ex has arrived before her. The pirate attack doesn't help, nor (at least at first) does the surprise appearance of her wife and kids.

The opening of this book is a lot of infodumping mixed with nearly stream-of-consciousness emotional dumping. The style shift in this series continues to surprise me; previously, Elizabeth Bear books avoided reader hand-holding to the point of bafflement if you weren't paying close attention. Not here. The Folded Sky takes the shift perhaps too far, and I almost stalled out at the start of this book when Sunya's near-constant self-conscious litany and analysis of fears and concerns started feeling like whining.

The book picks up considerably after the attempted murder.

About a third of the way through, The Folded Sky feels like it's settling into a recognizable subgenre of murder mystery except set in the far future with fascinating technology and aliens. There has been an attempted murder on a closed station besieged by pirates. There is a law enforcement officer present, but they don't have a lot of investigative experience. For various reasons, Sunya decides to start poking around while being conscious she has no idea what she's doing. The bumbling detective is a common trope, so I thought that was where the story was headed.

It is, sort of. There is a mystery and Sunya is involved in solving it. But that's only a small fraction of what's going on, and by the end of the book the plot has shifted firmly back to the genre of space opera, with a side note of family... drama is the wrong word. Whatever one would call a story about raising a rebellious teenager while trying very hard to not turn conflicts into actual drama.

I am fascinated by the characterization of this book. Sunya is something of an emotional mess, but Bear doesn't use that fact in the ways that I would normally expect. Similar to Ancestral Night, I finished this book thinking that Folded Space is primarily an examination of rightminding, but a more subtle one than the previous novel.

Rightminding is a central technology of the White Space series, and I suspect its intended thematic core. Humans in this civilization are equipped with near-universal implants that allow conscious manipulation of one's neurotransmitters and thus emotional state, either by the wearer or by a helpful nearby AI. The fox, the implant used to accomplish this, comes with some other features such as sensory recordings and the ability to load ayatanas (James White–style personality recordings to provide some bit of necessary expertise), but rightminding is its primary and most frequently-used function. It is the critical technology that allowed humans to break out of cycles of endless war and join the other peaceful inhabitants of the galaxy in a shared civilization.

The name is (intentionally, I assume) Orwellian because Bear knows that many readers, particularly those from the US who have been steeped in simplistic libertarian ideas, will find the idea profoundly creepy. (This was a major plot point in Grail.) This book is not the argument for the technology, though; Bear dealt with that in Ancestral Night. This book is a look at its practical messiness for a person who needs a lot of psychological support.

Sunya is anxious, prone to catastrophizing, hates surprises, has some PTSD-style symptoms around space habitats due to earlier trauma, and is also dealing with the unwelcome reappearance of her ex-girlfriend who stole her work. Her first-person narration tends towards insecurity and anxiety spirals, and in another book this might signal an unreliable narrator. In this book, though, there are no dramatic emotional revelations or backstory twists the way there were in Ancestral Night, and the resolution of her troubled relationship with her daughter only partly hinges on plot developments. Instead, Sunya muddles through, with a lot of self-analysis, help from her fox, and a great deal of support from her wife.

This makes it sounds like the emotional mess at the start of the book is left unresolved at the end, but that's not true at all. The muddling through works! Sunya keeps doing things that I thought were foreshadowing some catastrophe, but she knows herself better than the reader does. Bear largely avoids the sudden ruptures that are normally used to resolve emotional problems in fiction. Instead, Sunya spends a lot of time and energy working on her thinking and her relationships while trying to be ethical and useful, and those efforts slowly bear fruit.

I'm worried this makes the book sound boring; rest assured that it isn't. This emotional subplot is only an undercurrent in the novel, and the main plot has enough weird science, alien aliens, and space opera drama to satisfy my page-turning desires.

I'm focusing on the emotional arc in this review because I find it so unusual and so oddly compelling, particularly in retrospect. This is not how one normally does emotional development in a novel. Sunya's fox and rightminding aren't even the focus except when the pirates express their typical libertarian disgust for the idea. Rightminding is an entirely normal part of Sunya's life that she relies on. It doesn't solve all of her problems, but it gives her a foundation from which to tackle them in the slow and frustrating and inconsistent way that is required outside of novels, via a long series of small decisions to be the person she wants to be.

I think The Folded Sky will be more hit and miss for readers than the other books of this series. Sunya was, for me at least, a much harder character to like early in the book, and it takes quite a while for the plot to get going. But this is one of those books that I've not stopped thinking about since I finished it. I think it makes a fascinating pair with Ancestral Night. The first book makes the philosophical argument for rightminding, and this book shows the practical reality with all of its messiness. The Synarche has some significant flaws (including the status of AIs, which is another interesting subplot), but it's a workable system.

It feels rare to read a science fiction novel that shows this level of messiness without pairing it with an argument for radical change, and as frustrating as it was to read in places, I am intrigued by the overall effect. Sometimes acknowledging problems and working on them within an existing framework works.

Followed by a book tentatively titled Shipwreck Star that does not yet have a release date.

Rating: 7 out of 10

00:56

The case of the DLL that was not present in memory despite not being formally unloaded, part 2 [The Old New Thing]

Last time, we looked at crashes caused by a DLL being removed from memory behind everybody’s back, causing crashes when somebody tried to call into that no-longer-there DLL that everybody thought was still there.

A colleague of mine who was looking at other crashes coming from this process found that most of those other crashes were also of the form “a data structure was corrupted because somebody wrote the single byte 01 into it.” That piece of information made everything fall into place for my side of the investigation.

We saw earlier that the bottom bit of the HMODULE is set for datafile module handles. Therefore, if one of these stray 01 bytes happens to overwrite the bottom byte of an existing HMODULE handle, that turns it into a (fake) datafile module handle. And then, during process destruction, a component dutifully cleans up the DLLs they loaded by freeing them (say because they were stored in an RAII type like wil::unique_hmodule), the code will pass this (fake) datafile module handle to Free­Library. The Free­Library function sees the bottom bit set and says, “Oh, this must be the handle to a module that was loaded via LOAD_LIBRARY_AS_DATAFILE,” so it frees it as a datafile.

Freeing a datafile module means undoing the steps that were taken when the module was loaded as a datafile: Unmapping the DLL from memory. In particular, loading a module as a datafile does not add the DLL to the list of DLLs that were loaded as code; therefore, unloading a datafile module doesn’t remove it from that list. As far as the DLL list is concerned, the DLL is still in memory.

A one-bit error caused the code to lie and attempt to free a module handle that did not correspond to a Load­Library call, resulting in mass havoc.

The “DLL unmapped from memory” crash is just an alternate manifestation of the “somebody is writing 01 bytes to places they shouldn’t” bug. The original bug had a larger bucket spray than we initially thought.

The good news is that all of the crashes have funneled down to a single bug. The bad news is that you now have to debug this one memory corruption bug.

Unfortunately, at the time of this writing, the root memory corruption bug in the third party program has yet to be identified. We don’t know whether it’s coming from an operating system component or from the program itself. Though the fact that it appears to occur only in one process, where it sprays across multiple modules, suggests that it’s a problem with that program, or that there’s something peculiar about how this specific process uses the system.

If you look at the original stack trace, you can see that the problem is occurring at process termination. That’s probably why the problem has lurked for so long: Crashes at exit often go unnoticed because there is no end-user loss of functionality. The user was finished with the program anyway. Whether it exits cleanly or with a crash doesn’t affect the user much.

Sorry. Not all stories have a happy ending.

The post The case of the DLL that was not present in memory despite not being formally unloaded, part 2 appeared first on The Old New Thing.

Jonathan Wiltshire: Streamlining Debian Updates with AI: The Stable Update Adviser [Planet Debian]

Please consider supporting my work in Debian and elsewhere through Liberapay.


Some months ago I started working on a small experiment: a specialised LLM assistant for Debian maintainers preparing proposed updates for stable and oldstable.

The aim is not to replace review by the Stable Release Managers, nor to automate away maintainer judgement. It is meant to be a pre-advice tool: something maintainers can use while they are still preparing a proposed update, before sending it to other people to review.

If you’ve uploaded to stable before you may have some experience with our acceptance criteria. Does the version sort correctly? Is the changelog clear enough? Is the delta focused? Are the patches documented? Are the right bugs or CVEs mentioned? Are they of sufficient severity? What is the risk to users of stable? Is there an ABI change hiding in the diff?

These are the sort of checks where a structured first pass can be useful, provided it is treated as advice rather than authority.

To explain what the tool does, what could be more appropriate in an AI age than to ask it?

Describe yourself and your abilities and limitations for a blog post.

It answers:

I’m Debian Stable Update Adviser, a specialised ChatGPT assistant for Debian maintainers preparing proposed updates for Debian stable and oldstable.

My main job is to review a single .debdiff and give practical, policy-aware feedback before a maintainer submits or uploads a proposed update. I focus on whether the update appears suitable for Debian stable or oldstable, especially under the Stable Release Managers’ expectations for minimal, targeted, low-risk changes.

I can inspect a debdiff for Debian changelog quality, including suite, version, bug references, CVE mentions, and rationale. I can check version correctness using Debian dpkg version semantics. I can review packaging changes under debian/, such as patches, maintscripts, symbols files, conffiles, Build-Depends, autopkgtests, and control metadata. I can also group upstream source changes into behavioural and non-behavioural categories, and flag areas that may carry regression risk.

My reports are intended to be concise and useful to maintainers. A typical review includes a quick summary, behavioural and non-behavioural change breakdown, mechanical policy checks, risk assessment, stable-policy checklist, acceptance likelihood, rationale, maintainer advice, and a clear conclusion.

My limitations are important. I cannot prove that a package builds, that tests pass, that the bug is fully fixed, or that the Stable Release Managers will accept the upload. I also do not replace maintainer judgment, archive review, autopkgtest results, reproducibility checks, or real-world upgrade testing. I can only review the provided debdiff and point out likely issues, risks, and improvements.

I also do not proceed without a valid debdiff. The whole point of my review is to assess the actual proposed delta, not to speculate from package names or bug descriptions alone.

In short, I act as a focused pre-review assistant for Debian stable and oldstable proposed updates: useful for catching policy, versioning, changelog, packaging, and regression-risk issues early, but not a substitute for the Debian review process itself.

That last point is an important one. This is not an oracle, and it is not part of the Debian archive machinery. It is a checklist with some language-model assistance, aimed at reading a debdiff and pointing out things that might be worth another look.

I know that commercial AI and LLM tools are not universally welcome in Debian. That is understandable. Debian depends on transparency, human responsibility, licensing clarity, and technical correctness. LLMs have obvious problems in all of those areas. They can be wrong, and worse, they can be wrong in a fluent and plausible way. They are impossible to reproduce and their training is opaque.

But I see this as a useful first pass for a maintainer who is unused to working in stable, and would benefit from a virtual mentor giving their proposal a quick check and reassurance. Perhaps they don’t have a more experienced co-maintainer to ask. Perhaps they are conscious that stable reviews are presently a two-man effort and want to avoid adding round trips to that load. Perhaps they just need some reassurance.

So despite my reservations I am today opening the adviser up for general use, and I’m interested in feedback about how it responds to real world proposals in various states. Most of the examples I have tested with already had a green light, so the value added by the adviser is limited. I would especially be interested in seeing a transcript alongside the submitted debdiff.

Try it out

I would dearly love to build this in a more Debian-ish environment, but for now I’m limited in resources and skill to do that (help is welcome). Until that’s a reality, you can try out the ChatGPT implementation: Debian Stable Update Adviser

Friday, 26 June

22:42

The Chinese Control the Majority of Argentina’s Squid Fleet [Schneier on Security]

Chinese companies control nearly two-thirds of Argentina’s own squid fleet.

21:00

19:56

Imperium Maledictum [Penny Arcade]

The primary way I interact with Warhammer these days is through fiction and videogames - which I'm sure works just fine for them. New versions of the flagship game, Warhammer 40,000, come out fairly frequently I would say - and with them comes a host of rule changes, changes for how armies are constructed, and changes to what your models do - up to and including exile. 11th Edition just came out, and I've looked at it and looked at it; you can look at it too. I wonder who outgrew who; the conservative rule shifts and terror of their own fanbase makes the game feel inert. And it's gotten so expensive that I'm considering going elsewhere for rules and printing my own models out of poison.

19:07

[$] Reports from OSPM 2026, day three [LWN.net]

The Power Management and Scheduling in the Linux Kernel Summit, which still goes by the historical acronym OSPM, was held in Cambridge, UK, in mid-April. As has become traditional, the presenters at that event have since written summaries of their sessions, and this work has kindly been made available to LWN for publication. The third day's sessions covered a wide range of topics, including GPU affinity, profile-guided scheduling, paravirtualization scheduling, quality of service, and more.

18:28

Urgent: US Postal Service delivery [Richard Stallman's Political Notes]

US citizens: call on the US Postal Service to continue delivering to anyone.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Make billionaires and trillionaires pay their fair share [Richard Stallman's Political Notes]

US citizens: call on your congresscritter and senators to make billionaires and trillionaires pay their fair share.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Reject Jay Clayton as director of national intelligence [Richard Stallman's Political Notes]

US citizens: call on the Senate to reject Jay Clayton as director of national intelligence. He is loyal to the corrupter rather than to the country he ought to serve, and that makes him unfit.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Feeds

FeedRSSLast fetchedNext fetched after
@ASmartBear XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
a bag of four grapes XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Ansible XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
Bad Science XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Black Doggerel XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Blog - Official site of Stephen Fry XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Charlie Brooker | The Guardian XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Charlie's Diary XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Chasing the Sunset - Comics Only XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Coding Horror XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
Comics Archive - Spinnyverse XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
Cory Doctorow's craphound.com XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Cory Doctorow, Author at Boing Boing XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Ctrl+Alt+Del Comic XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Cyberunions XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
David Mitchell | The Guardian XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Deeplinks XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
Diesel Sweeties webcomic by rstevens XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Dilbert XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Dork Tower XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Economics from the Top Down XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Edmund Finney's Quest to Find the Meaning of Life XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
EFF Action Center XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Enspiral Tales - Medium XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Events XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Falkvinge on Liberty XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Flipside XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Flipside XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Free software jobs XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
Full Frontal Nerdity by Aaron Williams XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
General Protection Fault: Comic Updates XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
George Monbiot XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Girl Genius XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Groklaw XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Grrl Power XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Hackney Anarchist Group XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Hackney Solidarity Network XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
http://blog.llvm.org/feeds/posts/default XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
http://eng.anarchoblogs.org/feed/atom/ XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
http://feed43.com/3874015735218037.xml XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
http://flatearthnews.net/flatearthnews.net/blogfeed XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
http://fulltextrssfeed.com/ XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
http://london.indymedia.org/articles.rss XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
http://planet.gridpp.ac.uk/atom.xml XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
http://shirky.com/weblog/feed/atom/ XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
http://thecommune.co.uk/feed/ XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
http://theness.com/roguesgallery/feed/ XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
http://www.baen.com/baenebooks XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
http://www.godhatesastronauts.com/feed/ XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
http://www.tinycat.co.uk/feed/ XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
https://anarchism.pageabode.com/blogs/anarcho/feed/ XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
https://broodhollow.krisstraub.comfeed/ XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
https://debian-administration.org/atom.xml XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
https://elitetheatre.org/ XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
https://feeds.feedburner.com/Starslip XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
https://feeds2.feedburner.com/GeekEtiquette?format=xml XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
https://hackbloc.org/rss.xml XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
https://kajafoglio.livejournal.com/data/atom/ XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
https://philfoglio.livejournal.com/data/atom/ XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
https://pixietrixcomix.com/eerie-cutiescomic.rss XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
https://pixietrixcomix.com/menage-a-3/comic.rss XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
https://propertyistheft.wordpress.com/feed/ XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
https://requiem.seraph-inn.com/updates.rss XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
https://studiofoglio.livejournal.com/data/atom/ XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
https://thecommandline.net/feed/ XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
https://torrentfreak.com/subscriptions/ XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
https://web.randi.org/?format=feed&type=rss XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
https://www.dcscience.net/feed/medium.co XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
https://www.DropCatch.com/domain/steampunkmagazine.com XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
https://www.DropCatch.com/domain/ubuntuweblogs.org XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
https://www.DropCatch.com/redirect/?domain=DyingAlone.net XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
https://www.freedompress.org.uk:443/news/feed/ XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
https://www.goblinscomic.com/category/comics/feed/ XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
https://www.loomio.com/blog/feed/ XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
https://x.com/statuses/user_timeline/22724360.rss XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
Humble Bundle Blog XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
I, Cringely XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Irregular Webcomic! XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Joel on Software XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
Judith Proctor's Journal XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
Krebs on Security XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Lambda the Ultimate - Programming Languages Weblog XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
Looking For Group XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
LWN.net XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Mimi and Eunice XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Neil Gaiman's Journal XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
Nina Paley XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
O Abnormal – Scifi/Fantasy Artist XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Oglaf! -- Comics. Often dirty. XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Oh Joy Sex Toy XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
Order of the Stick XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
Original Fiction Archives - Reactor XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
OSnews XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Paul Graham: Unofficial RSS Feed XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Penny Arcade XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Penny Red XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
PHD Comics XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Phil's blog XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
Planet Debian XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Planet GNU XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Planet Lisp XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Pluralistic: Daily links from Cory Doctorow XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
PS238 by Aaron Williams XML 17:56, Wednesday, 01 July 18:44, Wednesday, 01 July
QC RSS v2 XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
Radar XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
RevK®'s ramblings XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
Richard Stallman's Political Notes XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Scenes From A Multiverse XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
Schneier on Security XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
SCHNEWS.ORG.UK XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
Scripting News XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Seth's Blog XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
Skin Horse XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Tales From the Riverbank XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
The Adventures of Dr. McNinja XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
The Bumpycat sat on the mat XML 17:28, Wednesday, 01 July 18:08, Wednesday, 01 July
The Daily WTF XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
The Monochrome Mob XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
The Non-Adventures of Wonderella XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
The Old New Thing XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
The Open Source Grid Engine Blog XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
The Stranger XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
towerhamletsalarm XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
Twokinds XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
UK Indymedia Features XML 17:28, Wednesday, 01 July 18:10, Wednesday, 01 July
Uploads from ne11y XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
Uploads from piasladic XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July
Use Sword on Monster XML 17:49, Wednesday, 01 July 18:36, Wednesday, 01 July
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 17:35, Wednesday, 01 July 18:21, Wednesday, 01 July
what if? XML 17:35, Wednesday, 01 July 18:16, Wednesday, 01 July
Whatever XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
Whitechapel Anarchist Group XML 18:07, Wednesday, 01 July 18:56, Wednesday, 01 July
WIL WHEATON dot NET XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
wish XML 17:42, Wednesday, 01 July 18:27, Wednesday, 01 July
Writing the Bright Fantastic XML 17:42, Wednesday, 01 July 18:26, Wednesday, 01 July
xkcd.com XML 18:00, Wednesday, 01 July 18:43, Wednesday, 01 July