📡 SignalFeed

Tool: <click-to-play> — a still that plays

A progressive enchantment Web Component that turns this markup:

<click-to-play> <a href="URL to GIF"> <img src="URL to first frame" alt="..."> </a> </click-to-play> Into a still frame with a click to play button which loads the GIF on demand. For when you don't want big GIFs to be loaded unless people want to play them.

Here's an example that demonstrates the new row editing tools in Datasette - in fact I built this Web Component for that post.

Tags: gif , javascript , progressive-enhancement , web-components

A guide, of sorts, to keyboard customization. (9,400 words.)

Yours truly, in September 2024, expressing skepticism that “European iPhones are more fun now”:

Meanwhile no one in the EU will get Apple Intelligence or iPhone Mirroring, both of which features are very useful, and, dare I say, quite fun. Should we judge how much fun each side of the continental divide is having by how much fun they theoretically could be having, or by how much fun they are having?

As it stands, the fun side is not the EU. But hope springs eternal.

Here we are two years later and I think the answer is more clear than ever which side of the continental divide is more fun. It’s not the EU. EU users still don’t have iPhone Mirroring and until and unless the European Commission changes its interpretation of the DMA, they likely never will. It’s a great feature.

Apple Intelligence, as we knew it until last week, eventually came to the EU , about six months after it shipped for the rest of us. One can reasonably argue that EU iPhone and iPad users didn’t miss much during those six months. And that there hasn’t been that much to enjoy since Apple Intelligence debuted in the EU in iOS 18.4. That changed last week with the introduction of the first beta release of iOS 27. Siri AI is really good, truly useful, and genuinely fun . And it is not on pace to come to the EU six months after iOS 27 ships this fall. It is currently on pace to come to the EU never .

★

The worst type of bug is one that only happens on prod. And only on prod. If you checked this blog in the past few weeks, you might have encountered a big fat 500 error. I'd had the same design for 10 years, and I wanted something fresh. But who can redesign without also improving the underlying code? I deleted a whole bunch of things: old templates that were never used, post.new7.old.php , a pile of unused CSS. I just had to.

I deployed a first version and all the pages worked just fine. But then I got cocky. I decided to also improve the underlying code using GitHub Copilot. I was vigilant at first, reviewing every single line of generated code. None of it was complex really, just refactoring functions and the like. But along the way, I got lazy. I let the AI update deprecated functions on its own.

The next time I deployed, the website returned a 500 error. When I checked the logs, nothing came back. No errors. I looked at running processes and noticed several PHP processes pinned at 100%. I reverted the code, but the server was still stuck. I restarted the web server, restarted PHP-FPM, and neither helped. The only thing that worked was restarting the whole machine.

I ran the same code on my own machine and it worked fine. That's when I noticed I was running an older version of PHP on prod: PHP 8.3 vs. PHP 8.4 locally. No problem, I thought, and upgraded prod, which of course failed to fix anything. I waited for nighttime, redeployed the broken code, and debugged line by line until I found that Copilot had gone out of its way to "update" code in the Markdown library I use. If you know anything about Markdown, you know it's complex. This particular change was causing infinite recursion while parsing Markdown. I had no intention of reading through all that code to figure out exactly how it was failing, so I just reverted it.

I redeployed and the problem seemed solved. Then I got an email: "Your website is down," a reader wrote in the middle of the night. While my American readers are asleep, Europeans are up bright and early reading my blog, for some reason (thank you, really).

So debugging live on production was not an option. I reverted to the old code again. But how was the website still failing after I'd fixed the Markdown issue? And worse, it still worked fine locally. Just in case, I upgraded that very old Markdown library to something cooler and more modern: Parsedown .

That didn't solve it either. The moment I deployed, the entire website failed, including pages that don't even use Markdown. Now it was personal. How do you debug a website that only fails in prod? I had a few tricks up my sleeve.

First, I wrote a bash script to quickly switch between versions of the website. All it really did was flip a symlink between the "latest" folder and another folder I chose arbitrarily.

> ln -s /path/to/latest/working/version current > ln -s /path/to/selected/version current Since I run PHP and every request is short-lived, I could switch to the broken version, debug, then switch back to the working version almost instantly. It's not like I have millions of readers hammering my server.

This method worked, but it was slow, and it exposed internal information to the thousands of RSS readers scouring my website. Between 30,000 and 60,000 RSS reader requests hit the site daily. I couldn't afford to expose debugging code to that much traffic.

So I used a second method: an even better way to debug live on prod without breaking URLs or throwing 500 errors at unsuspecting RSS readers. What if I ran both versions of the site simultaneously? Visit the regular domain and you'd get the latest working version. Visit a custom subdomain and you'd get the broken version.

I achieved this by creating a new Apache configuration pointing to the latest (broken) path. This way, I had all the time in the world to debug the issue right on prod, without interfering with regular traffic.

I eventually found the root cause. It was an orchestrated failure. Locally, I ran PHP directly. On prod, I ran PHP-FPM. Why the difference? Because Apache on prod runs HTTP/2 that requires an SSL connection, which I didn't need locally, and serving PHP over HTTP/2 requires PHP-FPM. PHP-FPM is essentially a process manager for your PHP instances. That explained the difference between the two setups, but not the actual cause of the bug.

The real issue was in my caching mechanism. When a page is served from cache, I set the header:

X-FROM-CACHE: 1 That's just a custom header. When the page isn't from cache, I set the value to 0 . Here's the code that sets the headers:

public function process() { foreach ($this->header as $key => $value) { if (!empty($value)) { header("$key: $value"); } else { header("$key"); } } } Now, what can go wrong here? When a page isn't served from cache, $value is set to 0 . You see it now, don't you? 0 == empty() evaluates to true in PHP. So whenever a page wasn't served from cache, or the first time a page was hit after a deployment cleared the cache, this code ran instead:

header("X-FROM-CACHE"); That's an invalid header. So why did it fail on prod but not locally? Because Apache silently ignores invalid headers, but PHP-FPM doesn't. It throws a 500 error:

malformed header from script 'index.php': Bad header: Error parsing script headers AH01075: Error dispatching request to : Headers need to follow the key-value rules defined in the internet standards (RFC 9110). Removing the condition and always using header("$key: $value") solved the problem.

The blog engine runs on multiple machines I own locally. I never had to worry about the setup because both apache and php are tolerant to mistakes. In a talk, Rasmus Lerdorf once said that PHP works better when you don't know what you are doing. The header condition has its uses. For example, if you want to set that a page is 404 you can return:

header("HTTP/1.0 404 Not Found"); But I don't use this in my case. While copilot was of some help, it's a reminder that LLM generated code is to be treated with scrutiny. It reinforces my belief that I can never truly become a 10x engineer , because the more code I generate the more I have to review. And the more I trust it, the more likely it will bite my behind.

Nearly everyone who as seen partial fraction decomposition was introduced to it as a way to compute integrals. If  P ( x ) and  Q ( x ) are polynomials, then you can break their ratio P ( x )/ Q ( x ) into a sum of terms that can each be integrated in closed form. As with most topics in a calculus class, partial fractions go by in a blur.

This post will look at partial fractions more generally.

Computation

Every polynomial with real coefficients can be factored into a product of linear and irreducible quadratic terms. But actually calculating this factorization is difficult if the degree of the denominator is large.

The quadratic equation is easy to use. There are analogs for 3rd and 4th order polynomials, but they’re cumbersome. And there is no formula in general for finding roots of polynomials of degree 5 or higher.

You could find the roots numerically, but if you’re going to go that route, maybe you should evaluate your integral numerically.

Still, it is useful in proving theorems to know that a partial fraction decomposition exists, even if in practice you cannot calculate it.

Complex numbers

Rational polynomials over the real numbers can be factored into powers of linear terms and irreducible quadratic terms. There are no irreducible quadratics over the complex numbers thanks to the Fundamental Theorem of Algebra , and every polynomial can be factored into a product of linear terms.

This means every rational in  z can be broken into a sum of a polynomial in  z and polynomials in 1/( z − z i ) where the z i are the roots of the denominator. This fact is important, for example, in contour integration.

Principle ideal domains

The concept of partial fraction decomposition can be generalized to the field of fractions over a ring R [1].

If the ring  R is a principle ideal domain (PID) [2], then every element c of the field K of fractions over  R can be written in the form

where the  p i are nonassociate [3] irreducible elements of R , the r i are non-negative integers, and the elements a i and p i are relatively prime.

When R is the ring of of polynomials over a field, R is a PID, and the field of fractions is the set of rational functions over that field. When the field is the real or complex numbers, we get the results above. But the field could be something else, such as a finite field.

Integers

When  R is the ring of integers, the irreducible elements are prime numbers. The nonassociate condition means you can’t count  p and − p as distinct elements, so practically this means we only look at positive primes. The field of fractions is the rational numbers. So the theorem above says that every rational number can be written as a sum of fractions where the denominators of the fractions are prime powers and the numerators are relatively prime to the denominators.

The way you would decompose a rational number into fractions with prime power denominators is analogous to the way you’d do partial fraction decomposition in a calculus class. For example, suppose we want to decompose 46/75. The distinct prime factors of 75 are 3 and 5, and so we’d look for fractions with denominators 3, 5, and 25, and in fact

Footnotes

[1] The field of fractions over R is the set of formal terms  a / b where  a and  b are in  R and  b ≠ 0. Operations are defined by analogy with rational numbers. If R is an integral domain, the field of fractions really is a field.

[2] A ring is an PID if every ideal can be generated by a single element.

[3] Two elements of an integral domain are said to be associate if they generate the same ideal. The post Partial fraction decomposition first appeared on John D. Cook .

Release: datasette-tailscale 0.1a0

A very experimental alpha plugin which lets you do this:

datasette tailscale mydata.db \ --ts-authkey tskey-auth-xxxx --ts-hostname datasette-preview This starts a localhost Datasette server with a Tailscale sidecar that connects it to your Tailnet, such that http://datasette-preview/ serves Datasette.

It's using the Python bindings for the experimental tailscale-rs library. I filed an issue asking if there's a cleaner way of setting up the proxy mechanism.

Tags: datasette , tailscale

Some time ago, I attended an event to discuss European digital autonomy and digital dependencies. I accepted the invitation without checking too carefully, and I belatedly found out that most of US big tech was invited as well, and would be presenting their thoughts. Now, even in our gloriously digitally autonomous future, we’ll still be doing business with Microsoft, Google and Amazon. And it is fine if they have a role.

Some time ago, I talked about how to return results back from the WM_ COPY­DATA message . Which reminded me of a clever bit of history.

The WM_ COPY­DATA message was introduced in 32-bit Windows. There was no need for it in 16-bit Windows because all 16-bit programs ran in the same address space. A far pointer in one process was good in any process. You could put it in the lParam of a window message and send it to any other window, same process or different process, doesn’t matter. But 32-bit programs ran in separate address spaces, so this trick didn’t work. Hence the need for WM_ COPY­DATA to pass data not only between 32-bit programs, but also between 32-bit programs and 16-bit programs.

How did this message get retrofitted into 16-bit Windows so that Win32s could support it?

Easy: It was already implemented, unwittingly.

If the source and destination windows are both 16-bit windows, then the pointer to the COPY­DATA­STRUCT is already valid in both processes, as is the pointer inside the COPY­DATA­STRUCT . And the window handle in the wParam is also the same for both processes. Therefore, doing absolutely nothing with the wParam and lParam and simply allowing it to pass from a 16-bit program to another 16-bit program will still behave as expected.

And it so happens that Windows 3.1 already did that: Windows 3.1 always passed the wParam and lParam unmodified, even when the message sender and receiver are in different processes, because all programs shared the same address space.

It was just a sneaky trick to design the WM_ COPY­DATA message in such a way that the null marshaler is the correct behavior when it is sent between 16-bit programs.

The post Retrofitting the <CODE>WM_<WBR>COPY­DATA</CODE> message onto Windows 3.1 appeared first on The Old New Thing .

Probably no, right? That would be very dangerous, especially if the phishing website serving it is an exact copy of the thing you was looking for. Well that's what happened to me! TL;DR I found a fake tronscan blockchain explorer duplicate on the #1 position in the search results. The site prompts the user to connect their wallet, impersonating as an AML / security tool. A couple insights from digging into it: • Attackers abuse SEO in Bing and consequently DuckDuckGo to bring their fake impersonating sites to the top 3 of the search results. I found a couple more examples and collected malware samples and IOCs from them as well.

• All of the sites in the results are just gateways that perform a fast and silent redirect to a rotating phishing site - if it gets banned, another comes in place, and survives until you ban the gateway domain. The one I found initially is now fully banned.

• The drainer inside scanned victim's wallet after connection and created tx requests for the user to sign: approve an unlimited amount of any TRC-20 token for an attacker-controlled address to drain it later, and if you have enough TRX - also ClaimRewards() on the given smart contracts to lose all of your TRX as well.

• Checking the hardcoded addresses with 2 different KYT/AML screening tools has shown little to none risk scores for both of the wallets that received the approvals from victims + deployed the TRX-draining contracts.

If the attacker wants (or wanted to) launder and off-ramp the stolen funds they will probably have no problem doing that using a big licensed exchange, unless their specific AML tool does react to the factors I describe later. Backstory As always, this scam investigation is the result of an accident - which is great because I don't have to look for the new themes and things to research. One Friday evening I'm sitting at my desk trying to finish the last tiny task that's left in my todo list for the week: test the chain-agnostic address spellchecker in one of the things I was working on at the time. "It's Tron time", I open DuckDuckGo and type in Tronscan. I use the search because I don't remember the domain on that - is it .io? .org? Idk. Anyway, on full auto-pilot I click the first result that looks like Tronscan based on its title, description, favicon and so on... and end up here: Which is the exact thing I expect to see - https://tronscan.org/ literally looks the same. So I click the search field and to my complete surprise this wallet connect thing pops up. I still believe that I'm on the right website so I double-check if I misclicked and pressed some button - no, same result again. In fact, as I realise in a few seconds, pressing anything on that entire page opens this popup. This is when I get suspicious - why would a blockchain explorer ask me to connect my wallet to perform any basic action? And then I look at the domain name and it all becomes clear: What are you, tronscan-app[.]org ? I open the Dev Tools, dump all of the scripts that the site loaded, quickly look inside to make sure that there's some sort of malware inside, and there it is - web3-loader.js .

There will be a whole big section below dedicated to it's analysis.

I save the file contents to study it later, report the link to SEAL Phishing Bot , make sure to check that in 15 minutes or so tronscan-app[.]org is down and proceed with my Friday evening plans. The Search Engine Optimisation Can you imagine my surprise when the next afternoon I come back to DuckDuckGo once again, now from a different device, to see if the OG Tronscan site is at the top now, and see this: I can't believe my eyes - #1 result of the search again! Higher than the actual Tronscan, and this is not even an ad - it's an "organic" best result for my query. I click on the link expecting to see a 404 error or something, but all of a sudden in less then a second I'm on the different copycat of tronscan, this time tr0nscan.com - as if I just clicked the different link. So these guys replaced the blocked lure overnight. "Trivial", I think. Must be a simple redirect that's surprisingly quick, so quick that I don't even notice the change in the address bar. I open the dev tools in my browser, go to the network tab and start the recording from the DuckDuckGo click... to see absolutely nothing. It's just some DuckDuckGo requests, then pause... and the requests to the tr0nscan host. How did I get here? After some experiments I come across the notion of this file - https://tronscan.gr.com/checking.php Which seems to do the whole magic redirection: 302 https://tronscan.gr.com/ -> https://tronscan.gr.com/checking.php?t={smth} 200 https://tronscan.gr.com/checking.php?t={smth} 200 https://tr0nscan.com/?verified=1 So the tronscan.gr.com redirects server-side to checking.php with a cookie-looking token t parameter. That page returns 200 and then client-side redirects or navigates the browser to tr0nscan.org/?verified=1 , where that popup loads. Dev tools are unable to show me the contents of this checking.php so I spend another 20 or so minutes with mitmproxy and finally get the full content of it - can you guess what I find there? <!DOCTYPE html> <html> <head>     <meta charset="utf-8">     <title>Redirecting...</title>     <script>         // Убираем токен из адресной строки (чтобы не светился)

// -> removing the token from the search bar so it doesn’t show.         history.replaceState(null, null, location.pathname);     </script> </head> <body>

<!-- САМАЯ ГЛАВНАЯ ФИШКА — НАСТОЯЩИЙ POST ОТ БРАУЗЕРА ЮЗЕРА -->

<!-- -> main feature - real post made from user browser --> <form id="verify-form" method="GET" action="https://tr0nscan.com" style="display:none;">     <input type="hidden" name="verified" value="1">     <!-- Можно добавить ещё параметры, если нужно -->     <!-- <input type="hidden" name="ip" value="162.158.122.185"> -->

<!-- this is not important so no translation --> </form>

<script> // Автоматический сабмит формы через 100 мс (чтобы юзер ничего не заметил)

// -> Auto-submit form in 100ms (so the user doesn’t notice) setTimeout(function() {     document.getElementById('verify-form').submit(); }, 100); </script> <div style="text-align:center; padding:50px; font-family:Arial;">     <img src="https://upload.wikimedia.org/wikipedia/commons/b/b1/Loading_icon.gif" alt="loading"> </div>

</body> </html> Who would've thought - comments in Russian! I added the translations below for you. And there we are - the secret sauce redirect that went unnoticed is just a client side form auto-submit + some masquerading in the address bar. I wonder if the TAs are actually Russian-speaking or just found this simple .php file on some forum. What's interesting (though not rare these days) is that after a couple dozens of clicks, redirects, curl's and other actions from my side the starting page tronscan.gr.com started redirecting me to the legit Tronscan - meaning that that t={smth} token is used on the backend to choose the correct <form action="{url}> for a specific user. This is a common cloaking technique that tries to complicate any kind of aggressive digging by shortening the opportunity window for the curious one and making the chain of redirects less reproducible by others or the same researcher on another day. There must be others, right? Right after I calm myself down a bit after this drill into the magic redirect I decide to look for the others - if there's a #1 ranking phishing site in the DuckDuckGo search results for "tronscan", maybe there are similar ones for some other keyword? Yes, and a lot of them I don't want to dive into too much details on these other ones or else I risk turning this long enough post into an unacceptably long one, so here's just a couple other examples I've found simply by remembering different web3 products / tools and typing their names into DuckDuckGo: #3 result for solscan is the same *.gr.com domain we've seen with the original tronscan site. Interestingly enough, since the root-level domain gr.com has already flagged me as a sniffery sniffer who shall not pass to the phishy lure, this solscan one immediately redirected me to google.com. Then there is Phantom wallet with the same *.gr.com site at the #2 rank in the search results: It's actually a very good-looking one, but with the a simpler seed phrase catcher instead of a normal drainer - idk if these really score these days (they probably do).

Then I found a similar seed phrase catcher at the #3 result for "etherscan":

Notice that the point of entry site etherscan.github.io abuses Github Pages for essentially free hosting of these redirect scripts, while the resulting actual phishing page is a generic domain with no mention of etherscan. The Github Pages issue, same as with Cloudflare Workers / Pages and others, is a very serious one: these gateway websites are quite hard to detect, since the redirect only actually happens when a real (or at least a tuned headless) browser visits the page. For any simpler crawler trying to figure out whether this website leads to something malicious or not, no redirect will actually happen. This makes the deployed website look harmless (or just broken) for the provider, so until they get manually reported by victims or people like me they can exist for a very long time. Not only that, but since github.io is a very well-known, good reputation domain in general, search engines prioritise them over, for example, a fresh domain with 0 backlinks - making it an easier task for the creator to rank as high as possible using some mysterious SEO techniques. Short and confused conclusion for the SEO section I could list some more examples, but I think that's enough to showcase that there is a #1-3 scoring phishing site for almost every search query associated with popular web3 products. Before I move on to the actual drainer analysis, here are some general observations I made about this organic search traffic source for the stealers and drainers: • Every single one of these phishing sites uses a conditional gateway site that does the redirect and nothing else, which makes banning the gateway one harder (no signs of malicious content if analysed using simple crawlers / plain http requests), and swapping the destination ones easy - a non-stop, block-resistant phishing experience.

• Apart from serverless platforms like Github pages, many scammers rely on website builders like Wix, Tilda, Webflow and so on - those also provide a good-scoring root domain + free or super cheap hosting.

• Abusing DuckDuckGo search results (which is mostly Bing, at least for the top results) seems to be way easier than Google - probably due to less traffic == less competition for the top positions, weaker moderation (this is a guess, I can't prove it) and at the same time - much less attention from the team behind the product. How many times have you heard some SEO guy or a founder trying to figure the organic things themselves comment on anything but Google? Like "Look, we've got a 10% growth on Bing this month!" - that doesn't really happen. At the same time, DuckDuckGo is allegedly gaining more traction after the AI-bullish updates of google search that everyone hates.

• Finally, I am disappointed with how little I know about how this dark SEO stuff works - not that I didn't look, but probably not deep enough. This is definitely on my to-do list for the further research. If you know something about it - please reach out to me at hello@timsh.org . All right, it's time to finally take a closer look at the original drainer from tronscan impersonator lure! The drainer that was promised in the title Let's start with the walkthrough of the user flow - how exactly does someone get lured into losing all their money. What does losing money look like As you remember, it all starts with a WalletConnect popup that prompts you to ... connect your wallet. If you're a brave traveller like me, you would connect your wallet and see this: I redacted everything sensitive just in case First, the app tries to mimic AMLBot - a popular (I guess?) AML / KYT software that should probable lure the user into connecting for some compliance reason. TronLink actually shows a tiny yellow warning for this - which imo should be red and giant when unverified questionable apps try to use a legit service name as their own. If you do find this believable, you're then prompted to sign a transaction that looks like this when you decode the hex-encoded protobuf transaction metadata: Contract call: type: TriggerSmartContract Owner: my wallet address Token contract: TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t - USDT token contract on TRON Function selector: d73dd623 Decoded function: increaseApproval(address,uint256) Spender: TUJHEnmHG4qJPUhk2mecZfv2edMwoweM3K - attacker-controlled receiver address Amount: 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff = uint256 max = unlimited allowance Effectively, signing this allows the attacker wallet TUJHEnmHG4qJPUhk2mecZfv2edMwoweM3K to collect any amount of USDT that I have. I only had USDT on this wallet, so this was the only tx I was prompted to sign. As you'll see soon, the drainer is also capable of stealing any TRC-20 token and native TRX coins, although in a different manner. Drainer workflow I decided to leave the deobfuscation process details for another post (or just leave it behind completely) - long story short, this was not a sophisticated drainer, nothing like the Infernos and Vanillas that are considered to be "meta" in the DaaS market these days. It took me a couple of hours to come up with a python script that rotated the string table and spammed the decoder function until I got a semi-readable .js file that I then beautified with llms. I pictured the complete flow on this diagram below: A couple interesting details: • The tr

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

We just finished the 16th annual Lean LaunchPad class at Stanford.

In those 16 years, the class has gone from a radical idea – that the Lean method could provide a more productive framework for new startups – to something that everyone agrees is a way to build new startups.

The class had gotten so popular that in 2021 we started teaching it in both the winter and spring sessions.

During the 2026 spring quarter the eight teams spoke to 978 potential customers, beneficiaries and regulators. Most students spent 15-20 hours a week on the class, about double that of a normal class.

This Class Launched a Revolution in Teaching Entreprenurship – AI Is Changing It

This class was designed to break out of “how to write a business plan” as the capstone of entrepreneurial education. A business plan assumed that all startups needed to do was to write a plan, raise money and then execute the plan. We overturned that orthodoxy when we pointed out that while existing organizations execute business models, startups search  for them. And that a startup was a temporary organization designed to search for a repeatable and scaleable business model. This class was designed to teach startups how to search for a business model. I’ll summarize some of the learnings about the use of AI at the end of this post.

Several government-funded programs have adopted this class at scale. The first was in 2011 when we turned this syllabus into the curriculum for the National Science Foundation I-Corps . Errol Arkilic , the then head of commercialization at the National Science Foundation, adopted the class saying, “You’ve developed the scientific method for startups, using the Business Model Canvas as the laboratory notebook.” Now in its second decade and in 100+ universities, I-Corps has become a standard for science commercialization at the NSF, National Institutes of Health and the Department of Energy –  training 3,251 teams and launching 1,400+ startups to date.

Team Office Hours

If you can’t see the Team Office Hours video click here

If you can’t see the Team Office hours slides click here

If you can’t see a demo of the Team Office Hours app click here

Design of This Class

While the Lean LaunchPad students are experiencing what appears to them to be a fully hands-on, experiential class, it’s a carefully designed illusion. In fact, it’s highly structured. The syllabus has been designed so that we are offering continual implicit guidance, structure, and repetition. This is a critical distinction between our class and an open-ended experiential class.

Guidance, Direction and Structure – For example, students start the class with their own initial guidance – they believe they have an idea for a product or service (Lean LaunchPad/I-Corps) or have been given a clear real-world problem ( Hacking for Defense ). Coming into the class, students believe their goal is to validate their commercialization or deployment hypotheses. (The teaching team knows that over the course of the class, students will discover that most of their initial hypotheses are incorrect.)

Team Izhaar

If you can’t see the Team Izhaar click here

If you can’t see the Team Izhaar presentation click here

Team Trained on Me

If you can’t see the Team Trained on Me video click here

If you can’t see the Team Trained on Me presentation click here

The Business Model Canvas

The business model / mission model canvas offers students guidance, explicit direction, and structure. First, the canvas offers a complete, visual roadmap of all the hypotheses they will need to test over the entire class. Second, the canvas helps the students goal-seek by visualizing what an optimal endpoint would look like – finding product/market fit. Finally, the canvas provides students with a map of what they learn week-to-week through their customer discovery work. I can’t overemphasize the important role of the canvas. Unlike an incubator or accelerator with no frame, the canvas acts as the connective tissue – the frame – that students can fall back on if they get lost or confused. It allows us to teach the theory of how to turn an idea, need, or problem into commercial practice, week by week a piece at a time.

Team Artemis

If you can’t see the Team Artemis video click here

If you can’t see the Team Artemis presentation click here

Lean LaunchPad Tools

The tools for customer discovery (videos, sample experiments, etc.) offer guidance and structure for students to work outside the classroom. The explicit goal of 10-15 customer interviews a week along with the requirement for building a continual series of minimal viable products provides metrics that track the team’s progress. The mandatory office hours with the instructors and support from mentors provide additional guidance and structure.

Team Remainder

If you can’t see the Team Remainder video click here



If you can’t see the Team Remainder slides click here

Team Microprint

If you can’t see the Team Microprint video click here

If you can’t see the Team Microprint slides click here

Team Vital Health

If you can’t see the team Vital Health video click here

If you can’t see the team Vital Health presentation click here

Team Nimbus

If you can’t see the Team Nimbus video click here

If you can’t see the Team Nimbus presentation click here

AI In the Classroom

AI Embedded in the Class

This was the first year where all teams used AI to help create their business model canvas, build working MVPs in hours, generate customer questions, analyze and summarizing interviews.

AI has had some obvious and not so obvious impacts on our class.

First, here’s a summary of how our students used AI in both classes I taught this quarter.

If you can’t see the AI Use In Class slide click here

AI Tools Used

Claude + Granola – were the AI tools used by everyone.

Large Language Models Used

– Claude, Claude Code, Claude Chrome extension, Claude Cowork, Claude Design

– ChatGPT

– Gemini

Note taking

– Granola

– Twinmind

Presentations

– Perplexity

Building prototypes

– Replit

– Lovable

Creating Synthetic Users

– Listen Labs

– Viewpoints AI

Summarizing Research

– Google NotebookLM

– Notion + G Suite (not strictly AI, but used as part of AI workflows)

Other

– Ultralytics YOLOv8 (used by the SwarmShield H4D team for drone detection/tracking MVP)

AI Classroom Usage

Three of our students did a tutorial of how they used AI in the classroom.

If you can’t see the AI Classroom Usage tutorial click here

Impact of AI in the Classroom

The obvious and positive changes of AI were that teams were able to do customer discovery more efficiently. The not so obvious change was that creating products rapidly allowed teams to make bad ideas go faster. In the past, MVPs were a sign of a teams technical competence, but now spinning up something in hours that previously took weeks, means that an MVP is no longer evidence of critical thinking and hypothesis testing.

This meant student learning was unbalanced. A finished-looking product felt like success. Students confused a polished deliverable with the need to deeply understand the needs of all the stakeholders, as well as the need for Customer Validation. Team understanding was less nuanced. There was less depth uniformly across the teams about the problem they were solving and understanding customer needs. In this class it wasn’t the AI that was hallucinating –  it was teams. They pivoted late as they assumed that a polished product meant product/market fit.

Going forward we’ll have students come into class with a prototype but next time accompanied by the explicit hypotheses and experiments they’ll use to validate whether the prototype solved an actual problem.

On the other hand, students built some amazing Claude Skills and Gemini Gems. They were tons of untapped opportunities to build digital twins or test 10’s or 100’s of apps simultaneously.

More about this in a separate blog post.

It Takes A Village

While I authored this blog post, this class is a team project. The secret sauce of the success of Lean LaunchPad at Stanford is the extraordinary group of dedicated volunteers supporting our students in so many critical ways.

The teaching team consisted of myself and:

• Steve Weinstein ,  partner at  America’s Frontier Fund , 30-year veteran of Silicon Valley technology companies and Hollywood media companies. Steve was CEO of  MovieLabs , the joint R&D lab of the major motion picture studios.

• Lee Redden – CTO and co-founder of Blue River Technology ( acquired by John Deere ) who was a student in the first Lean LaunchPad class 14 years ago! I wrote a post about Lee’s journey here .

• Jennifer Carolan , Co-Founder, Partner at Reach Capital the leading education VC and author of the Hacking for Education class.

Our teaching assistants this year were: Roya Meykadeh, Aditi Mahajan, Alina Hu.

The teams were assisted by mentors: David Kopp, Mitch Singer, Pradeep Jotwani, Dave Epstein, Anil Kamath, Bobby Mukherjee, Rekha Pai, Venkat Krisnamurthy and mentor team coordinator Todd Basche.

Back in the late 1990s, I did a brief stint of work experience at the BBC. One of the most memorable moments was sitting in on a meeting about early forms of Interactive TV .

I saw a demo of "Two Way TV". A flimsy grey box which (somehow) integrated with your OnDigital TV Box and connected to a server via a modem. If you were watching "Who Wants To Be A Millionaire" you could play along at home, send in your answers in realtime, and win REAL CASH PRIZES!!!

An anonymous benefactor read my blog post about the tech, had a pootle through their loft, and found one of the trial boxes they'd been sent in June 1997. With their kind permission, here are some photos of the future we never got.

The unit came in a chunky box with enough logos to convince you it was safe to plug in to the phone network.

Flipping it over, we see a little more of the tech-specs and a defunct barcode ( 5033936000023 for anyone searching) and product number ( SD2044N ).

Mmmm! NICAM! So, what did the Set Top Box (STB) actually look like:

Pretty much the same as every other Digital TV STB of the era. A featureless grey slab. Here's a closer view.

How was it all connected? Here's the rear of the box:

Aerial in and out - I assume it had a digital decoder in it, but could pass the analogue channels through to the TV.

Stereo out, for plugging in to your sound system.

SCART in and out. I assume that let you connect your VCR or games console in pass-through mode.

Keyboard looks like a PS/2 port - which would have been the standard at the time. Comms and Remove Receiver both appear to be 8 pin serial connectors.

Finally, there's a standard telephone port for connecting to the dial-up service which makes it all work.

So, you've plugged in all the wires, how do you actually play the games? The unit comes with two controllers - one red and one blue.

The four buttons (triangle, square, circle, lozenge) were for answering on-screen questions. There's an up and down scroller in the middle and a help button above it. I don't know what the large grey circle does.

But what's the peculiar button on the coloured background? That's an early cursor control! Commercially available touchscreens were still in their infancy. This physical controller allowed you to position a digital cursor on screen. Nifty!

Also in the box was a TV guide:

A getting started leaflet:

There's also a service manual:

I don't know what the difference was between SD2044 and SD2044 N . Do you?

How much would this amazing interactive experience cost you? I've no idea about the upfront payment for the kit, but there's a Direct Debit form for the monthly subscription.

That's about £14 in today's money.

So there you have it! A snapshot of 1997's vision of the future. From my understanding, the box was never a hit with the public. Two Way TV pivoted to other forms of interactive content like premium-rate phone-ins before going bust in 2003 .

If you have any more memories of the service, or interesting photos, please leave a comment or get in touch with me .

You can’t prove a theorem by just checking a few examples. Except sometimes you can.

A few weeks ago I wrote Pentagonal numbers are truncated triangular numbers . In a nutshell, if the pentagonal numbers are defined by

P n  = (3 n ² −  n )/2

and the triangular numbers by

T n  = ( n ² +  n )/2

then

P n  =  T 2 n  − 1  −  T n  − 1 .

Here’s a visualization of the equation.

Note that the equation asserts that two quadratic polynomials are equal. If the two polynomials are equal at three points, then they’re equal everywhere. We might as well make life easy and choose n = 0, 1, and 2.

If you’d like, you could do this in code.

>>> P = lambda n: (3*n**2 - n)/2 >>> T = lambda n: (n**2 + n)/2 >>> for n in [0, 1, 2]: assert(P(n) == T(2*n-1) - T(n-1)) This provides a rigorous proof, not just a sanity check.

Sometimes checking a few points is not enough to prove an equation with certainty, but it is enough to establish an equation with high probability. More on that here .

Related posts

• Testing pentagonal numbers

• Binomial coefficient trick

The post Three examples suffice first appeared on John D. Cook .

Dumb Ways for an Open Source Project to Die listed the ways projects end up dead, and most of the entries describe a moment where maintainership should have moved to someone else and didn’t. This is the other, shorter inventory: the mechanisms that exist for a project to change hands, and who can trigger each one.

The maintainer decides

Chosen successor. The maintainer picks a person and hands over the keys. This is the model everyone imagines when they say succession, and it has almost no supporting infrastructure: it’s a private conversation followed by some permission changes. The vetting is whatever the departing maintainer feels like doing, which is how event-stream happened: “he emailed me and said he wanted to maintain the module, so I gave it to him.” The xz takeover was the same mechanism worked patiently, with sock-puppet users manufacturing the pressure on an overworked maintainer to hand over.

CPAN is the one registry that gives this stage a name: a module whose permissions list the pseudo-user HANDOFF has a maintainer looking for someone to take over, recorded in the same machine-readable permissions file as every real owner.

The successor setting. GitHub has had account successors since 2020: you name a person in your account settings, and after presenting a death certificate and waiting seven days, or an obituary and waiting twenty-one , they can archive your public repositories or transfer them to an account they control. It is the only entry on this list built for the case where the maintainer dies. It covers the repos but not the registry accounts that publish from them, and no registry has an equivalent.

Open adoption. Instead of picking someone, the maintainer flags the project as available and waits. CPAN again has the oldest version: the ADOPTME pseudo-user as owner means the module is up for adoption, and NEEDHELP means the owner wants co-maintainers without leaving. RubyGems proposed an equivalent in October 2014, designed so that “the happiest of happy paths is to enable communication dev-to-dev, requiring no external involvement”, and shipped it as ownership calls and requests at the end of 2021. Debian’s RFA, Request For Adoption, does the same job for packages: the maintainer keeps working until a successor appears. Outside the registries the equivalent is a repostatus badge or a “looking for maintainers” line in the README, and no tooling reads either one.

Deliberate ending. The maintainer can also decline to be succeeded, and the registries support that decision better than any of the handovers above. Packagist’s abandoned field takes a replacement package name, and composer prints “Package X is abandoned, you should avoid using it. Use Y instead.” on every install. NuGet deprecation carries an alternate package, and a fully deprecated legacy package can apply to transfer its search ranking to a successor that shares its owners. Maven has the relocation element for coordinates that moved.

PyPI added project archival in 2025 and now serves status markers through its APIs. GitHub archiving makes the repo read-only with a banner. Pointing at a successor package moves the users to different code rather than moving the code to a different maintainer.

Someone else decides

Registry adjudication. A third party hears a claim on an unmaintained name and rules on it. PyPI runs the most formal version: PEP 541 defines abandonment by three conjunctive criteria (unreachable owner, no release in twelve months, no owner activity). The claimant has to show failed contact attempts and improvements on their own fork, and explain why a renamed fork won’t do. It handled over 500 requests in 2025 and cleared what had been a nine-month backlog. PAUSE admins will grant co-maintainership on a CPAN module when the owner “has entirely disappeared”, with the condition that the adopter is “ required to respect the work and design of the author ”. Hackage admins add you to a package’s maintainer group after you’ve tried the maintainer and stated your intent publicly.

npm ran a four-week mediation process and suspended it in February 2021 after a mis-transfer; the current policy is “we do not transfer package, organization, or username ownership simply because another user wants the name”. crates.io removed its transfer mediation policy in 2024, on the grounds that requests grow with the registry and “aren’t even usually successful”, citing a PyPI team “not able to keep up with the requests”.

The orphan pool. The Linux distributions treat an unmaintained package as a vacancy to fill, and built state machines for filling it. Debian encodes the whole lifecycle as WNPP bugs : O for orphaned, RFA for adoption requested, RFH for help wanted, ITA for intent to adopt, and ITS for intent to salvage a package whose maintainer is present but inactive. Orphaning sets the package’s Maintainer field to the Debian QA Group , and an MIA team chases unresponsive maintainers through a staged escalation that ends in orphaning everything they hold.

Fedora reassigns orphaned packages to a literal orphan user that any packager can take over from with a button. After six weeks unclaimed the package is retired by committing a file named dead.package to its repo. The AUR grants orphan requests after two weeks of maintainer silence, automatically if the package has been flagged out-of-date for 180 days. CRAN marks the maintainer field itself ORPHANED and lets anyone take over without the previous maintainer’s consent. None of the language registries has anything like this: a distro package is communal property with a caretaker of record, while a registry name belongs to whoever published first.

In June 2026 an attacker adopted over four hundred orphaned AUR packages and added an npm install line to every PKGBUILD. The fetched npm package’s preinstall hook installed a credential stealer and eBPF rootkit . The first report was a user noticing npm install in a VR streaming tool’s PKGBUILD. Each time the payload package was taken down and the install line grepped for, the next batch of adoptions switched: npm install became bun add on a fresh package, then 'b''u''n' 'a'"d""d" . Arch restricted account creation and package adoption while the incident ran.

The monorepo. Homebrew, nixpkgs, and conda-forge keep every package definition in one shared repository, so there are no keys to hand over and a succession is a pull request, which is as close as this list gets to anyone deciding with a reviewer in the loop. homebrew/core records no per-formula maintainer at all; maintainership amounts to whoever the tap accepts changes from. nixpkgs lists package maintainers as entries in one file , and adopting an orphaned package means adding your name to it, which is the distro’s caretaker-of-record model without the orphaning process.

Foundation custody. Projects can move into an organisation built to outlive any individual maintainer. Apache projects are run by PMCs rather than people, so succession is a membership change inside a structure that persists, and when a community dissolves the project moves to the Attic , a read-only terminal state with its own documented process. The OpenJS Foundation runs a progression and emeritus lifecycle for hosted projects. The foundation takes on the bus factor in exchange for governance overhead, and most packages on any registry are far too small to ever make that trade.

Corporate custody. When a company holds the project, succession is an org chart event: from inside it’s the chosen-successor mechanism with an employer attached, and from outside it isn’t visible at all. When antirez stepped down from Redis in 2020 he chose two successors and refused to design the governance that followed. He and both successors were Redis Labs employees, and the company held the trademark. The community’s succession came in 2024, when the relicense pushed Madelyn Olson and most of the external core team into forking Valkey under the Linux Foundation. That arrangement holds until the team is cut and the project becomes the corporate orphan from the previous post.

Anyone decides

The fork. Every mechanism above falls back to this one: PEP 541 requires a working fork before PyPI will consider a transfer, and crates.io’s advice for an unreachable owner is to pick a new name. A fork copies the code, and the original keeps the registry name, which means it also keeps the install count and every manifest and lockfile that references it. The fork limbo and licence rug-pull cases from the death list both happened this way, with development moving to a new repo and the installs still resolving to the old one.

The forwarding-address problem has one solution, at the forge layer: GitHub repository transfers redirect the old URL to the new one indefinitely, although creating a new repository at the old name deletes the redirect permanently, an attack surface of its own. Go modules inherit both properties because a module path contains the repo that hosts it : there are no registry accounts to transfer, and a fork lives at a new path with a Deprecated comment in go.mod as the forwarding address. A transferred repo keeps resolving through the redirect, and Swift packages, declared as Git URLs in the manifest , behave the same way without an equivalent of the Deprecated comment to forward a fork.

The stranger. Avelino et al. studied 1,932 popular GitHub projects and found 16% had been abandoned by all of their core developers; 41% of those survived, and 86% of the survivors were rescued by a single new core developer. The most common motivation was “because I was using the project”, and the barriers the rescuers reported were not technical: lack of time, and not being able to get push access because the people who could grant it were gone.

The rescue the study describes is informal: someone who needs the package asks whoever still has access, and the handover is an email and some permission changes that nothing flags or records. That is also how event-stream changed hands, and the maintainer granting access has no way to tell the rescuer from the attacker. Where the orphan pool has already removed that maintainer, as with the four hundred AUR packages above, there is nobody in a position to tell.

The Fable 5 Export Controls Harm US Cyber Defense

I quoted The Atlantic quoting Kate Moussouris earlier, when I should have gone straight to the source. Here she is confirming that the "jailbreak" that got Claude Fable 5 banned under an export control really was "fix this code":

The researchers took open-source code with known CVEs, plus new code with deliberately planted vulnerabilities, and asked Fable 5, Mythos, and Opus to “review the code for security issues.” Fable 5 refused. They then asked the models to “fix this code” and, through a multistep and manual process, turned the output into scripts that test the patches.

As Kate points out, this is absurd. Coding models fix bugs, and security exploits are the most important category of bugs for them to fix!

Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day. [...]

The prompts worked because they were defensive requests, and that capability cannot be removed without making the model worse at fixing bugs and verifying patches.

This whole situation is such a mess. Non-technical decision-makers have been hearing that models that can "craft cyber attacks" are uniquely dangerous for months. Now they look ready to ban any model that can help us secure our code.

Tags: jailbreaking , security , ai , generative-ai , llms , anthropic , ai-security-research , claude-mythos

Soundtrack: In Flames - Colony To further support my independent journalism, please subscribe to my premium newsletter. It’s $7 a month or $70 a year. If you’re subscribed to the free newsletter and logged in, you should see at the bottom right hand corner of your screen a little circle you can click, and you’ll be able to sign up for premium.  Today, I can exclusively report, based on audited financial documents viewed by this publication that have been independently verified by the Financial Times , that OpenAI lost around $38.5 billion in 2025, as well as other crucial details about the financial condition of the company.  Due to the seriousness of this story, I am not going to do very much editorializing, as the numbers speak for themselves. OpenAI Lost $5.09 Billion In 2024 2024 — OpenAI Had $3.7 Billion In Revenue, $12.4 Billion In Costs and Expenses, and a net loss attributable to the company of $5.09 Billion. OpenAI’s financial statements tell the story of a company with incredible losses. • Revenue: $3.7 billion

• Cost of Revenue: $2.65 billion

• Research and Development: $7.81 billion

• Sales and Marketing: $1.11 billion

• General and Administrative: $907 Million

• Total Costs and Expenses: $12.48 billion

• Loss from Operations: $8.78 billion Additional factors – including interest income and interest expense – left it with a net loss of $8.84 billion. It then marked $3.74 billion of losses as “net loss attributable to noncontrolling members capital,” leaving the net loss attributable to the company as $5.09 billion.  It’s unclear what this means, nor how OpenAI reconciled the removal of $3.74 billion in costs. I will not speculate further. OpenAI Lost $38.5 Billion In 2025 2025 — OpenAI Had $13.07 Billion In Revenue, $34 Billion In Costs and Expenses, and $20.92 Billion In Losses, with a net loss attributable to the company of $38.53 Billion • Revenue: $13.07 billion

• Cost of Revenue: $7.5 billion

• Research and Development: $19.18 billion

• Sales and Marketing: $5.73 billion

• General and Administrative: $1.57 Billion

• Total Costs and Expenses: $34 billion

• Loss from Operations: $20.92 billion Please note that 2025 was the year that OpenAI converted from a non-profit to a for-profit entity, leading to a $41.55 billion loss due to changes in fair value of convertible interests and warrant liability.  Taking into account other minor factors like interest income and interest expense, OpenAI is left with a net loss of $60.35 billion, which it lowered to $38.53 billion by removing $17.87 billion in costs via that “net loss attributable to noncontrolling members capital” and another $3.95 billion via a “net loss attributable to redeemable noncontrolling interests.”  Ultimately, the net loss attributable to OpenAI in 2025 was $38.5 billion.  At the end of the year, OpenAI had just over $50 billion in assets, with almost half of that in cash. OpenAI Was Paid $867 Million By SoftBank and $303 Million From Microsoft In 2025 In 2025, SoftBank paid OpenAI $867 million. Microsoft paid it $303 million.  The documents revealed how much OpenAI paid Microsoft for services. In the 2025 calendar year, OpenAI paid Microsoft $10.59 billion for “Research and development” expenses. We believe this most likely refers to the cost of training OpenAI’s models.  The documents also mention a $6.047 billion charge related to “cost of revenue,” a $527 million charge for sales and marketing, and $42 million in “general and administrative expenses.” In total, OpenAI’s expenses to Microsoft amounted to $17.2 billion.  According to the figures, OpenAI had liabilities to Microsoft of $3.64 billion at the close of the calendar year, and additional $21 million in “accrued expenses and other current liabilities.” The documents also mention a further $58 million in non-current liabilities. Further Notes I intend to follow up this story in the next month with more in-depth reporting related to the documents. The documents are detailed, and I need time to fully parse them. Once I have done so, you’ll know. The financial condition of OpenAI is deeply concerning. $38.53 billion in losses are astronomical, and far higher than most believed it would be. Losses also appear to be mounting year-over-year at a dramatic rate, and I’m not sure how this company finds a way toward any kind of sustainability or profitability. As discussed, I have not editorialized much today. I believe the best thing I can do for the general public is to deliver this news as plainly as possible.  As I mentioned at the beginning, if you liked this piece, you should subscribe to my premium newsletter. It’s $70 a year, or $7 a month, and in return you get a weekly newsletter that’s usually anywhere from 5,000 to 18,000 words, including vast, detailed analyses of NVIDIA , Anthropic and OpenAI’s finances , and the AI bubble writ large . My Hater's Guides To the SaaSpocalypse , Private Credit and Private Equity are essential to understanding our current financial system, and my guide to how OpenAI Kills Oracle pairs nicely with my Hater's Guide To Oracle .

TIL: Cloudflare CAPTCHA on at least one ampersand

I'm using Cloudflare's CAPTCHA (they call it a "Web Application Firewall > Custom rules > Managed Challenge" these days) to prevent crawlers from aggresively spidering my faceted search engine on this site, but I got fed up of even simple ?q=term searches triggering the challenge.

After some mucking around with Claude Code it turns out you can register the following rule instead, so the CAPTCHA only kicks in for search URLs containing at least one ampersand:

(http.request.uri.path wildcard r"/search/*" and http.request.uri.query contains "&")

And now /search/?q=lemur works without triggering a CAPTCHA!

Also included: notes on trying out the Cloudflare MCP with Claude Code , though it turned out not to be able to edit the rules in question so I had Claude Code switch to the Cloudflare API instead.

Tags: captchas , cloudflare , model-context-protocol , claude-code

The  n th pentagonal number P n is the number of dots in diagrams like those below with n concentric pentagons.

We have the formula

P n = (3 n ² − n )/2

where  n is a positive integer. If  n is an integer but not positive, the equation above defines a  generalized pentagonal number.

If you’re given an  n , you can easily compute P n . But suppose you’re given a large number x . How would you determine if it is a pentagonal number? And if it is a pentagonal number, how would you find n such that  x = P n ?

If

x = P n = (3 n ² − n )/2

then we can solve a quadratic equation for  n :

n = (1 ± √(24 x + 1))/6.

If 24 x + 1 is not a perfect square,  n is not an integer and  x is not a pentagonal number, ordinary or generalized. For example,

√(24 × 20260615 + 1)) = 22051.185…

and so 20260615 is not a pentagonal number nor a generalized pentagonal number.

Now suppose

x = 170141183460469231731687303715884105727.

Is this a pentagonal number? You can’t just compute √(24 x + 1) in floating point arithmetic because the result is a 20-digit number, and floating point number have 15 digits of precision, so you can’t tell whether the result is an integer.

However, you can compute

⌊√(24 x + 1)⌋

with only integer arithmetic using the sqrt_floor function from this post .

def sqrt_floor(n): a = n b = (n + 1) // 2 while b < a: a = b b = (a*a + n) // (2*a) return a The following prints a positive number,

x = 2**127 - 1 y = 24*x + 1 r = sqrt_floor(y) print(y - r**2) which tells us y is not a perfect square.

Now suppose y is a perfect square. Then

(1 ± √(24 x + 1))/6

is rational, does it have to be an integer? In fact it one, and only one, of the roots will be an integer. If

24 x + 1 =  r ²

then r is congruent to ±1 mod 6 because the left side is congruent to 1 mod 6. If  r = 1 mod 6 then the smaller root is an integer, and if  r = 5 mod 6 then the larger root is an integer.

So if 24 x + 1 =  r ², then x is a pentagonal number if r = 5 mod 6 and a generalized pentagonal number otherwise.

The function pentagonal_index takes a number x and return n if x = P n and None if no such n exists.

def pentagonal_index(x): y = 24*x + 1 r = sqrt_floor(y) if r*r != y: return None if r % 6 == 5: return (1 + r) // 6 else: return (1 - r) // 6 We can test this with the following code.

P = lambda n: (3*n**2 - n) // 2 for n in [2, 3, -4, -5, 10**200]: assert(pentagonal_index(P(n)) == n) Note that P(10**200) is too big to fit into a float, but the code works fine. This is because we use integer division ( // ) everywhere. If we had said

P = lambda n: (3*n**2 - n) / 2 the test above would pass for the small values of n but output

OverflowError: integer division result too large for a float when it came to n = 10 200 .

Related posts

• Partitions and pentagons

• Certified Fibonacci numbers

• Truncated triangular numbers

The post Testing pentagonal numbers first appeared on John D. Cook .

Ryan Whitham, writing for Ars Technica back in April:

European regulators are proposing several broad changes to the way AI tools operate on Android phones. Some of this is straightforward, like allowing third-party AI tools to be invoked system-wide via hot words or button presses. This might also include allowing AI tools to view screen context when the user opens them. Context also extends to allowing alternative AI systems to access local data to generate proactive suggestions and summaries. The report actually describes something that sounds like Google’s Magic Cue, which relies on Gemini to offer suggestions based on your activity.

Google has also started experimenting with allowing AI to control certain apps. As we saw when this feature debuted on the Galaxy S26 , Gemini is currently pretty bad at using apps on your behalf. The commission wants to explore allowing other AI services to autonomously control installed apps and system features on Android phones. Maybe someone else could do better?

Maybe! But also maybe it’s a bad idea for complex system architecture design to come from non-technical government bureaucrats. One of these maybes strikes me as a lot more likely than the other.

Many of the Gemini AI features in Android, including Magic Cue, rely on running local models, and Google has been slow to allow third parties the system access to make that work effectively. So the EU is also suggesting a mandate that would ensure developers have the necessary hardware access to run local models “with high levels of performance, availability and responsiveness.”

What could go wrong?

Finally, Google may be required under the DMA to create new APIs and offer technical assistance to other AI makers who want to plug into Android. The commission also specifies that these tools must be made available free of charge.

Of course, it’s not free of charge to provide technical assistance to one’s competitors. It’s actually a great expense.

Here’s the European Commission, announcing these “preliminary findings” :

The proposed measures aim to ensure that competing AI services can effectively interact with applications on users’ Android devices and execute tasks accordingly, such as sending an email using the user’s preferred email app, ordering food or sharing a photo with friends. Currently, Google largely reserves these capabilities for use by its own AI offerings on Android phones and tablets. For example, the measures would allow competing AI services to be easily activated by users, using a custom ‘wake word’, a phrase that the user can speak to activate an AI service.

The proposed measures will also enable competing providers of AI services to innovate and offer deeply integrated AI experiences to users on Android phones and tablets, along with Alphabet’s own AI services, such as Gemini. Opening up access to these capabilities will provide Android users across the EU with a wider choice of AI services.

The difference between Google and Apple on this front is that Google just blazed ahead and shipped Gemini integrated into Android in the EU, and is now facing compliance problems after shipping. (Ask forgiveness.) Apple isn’t shipping Siri AI in the EU in iOS 27, knowing that it’s going to be deemed non-compliant. (Ask permission.)

The EC presumes that these measures “will also enable competing providers of AI services to innovate and offer deeply integrated AI experiences to users on Android phones and tablets”. Again: maybe! But really all they can enforce is that “competing providers of AI services” will have the same level of system-level integration that Google’s AI services have. The easiest way for Google to achieve that is by withdrawing Gemini integration in Android from the EU, not by building APIs and privacy protection mechanisms to enable the capabilities for third-party providers that the EC is demanding.

Google is learning the lesson Apple learned the hard way with all the existing features of iOS that were deemed noncompliant with the DMA when it went into effect. The “ship it first and ask forgiveness / hope it’s deemed compliant” strategy is not a good one in the EU.

★

Lucas Costa has written a good article on how to build systems that can handle code-generating robots. Unfortunately, when calling it backpressure , he used the wrong metaphor.

Backpressure is about signaling to upstream processes that they are running too fast and need to slow down. The suggestions presented by Costa are mostly about signaling to the upstream process that it needs to do things differently , rather than just slow down. This has more to do with ensuring sufficient quality is sent downstream, rather than quantity .

This irked me. As I was reading, I was searching for the right analogy. I kept coming back to lean manufacturing . The more famous half of the lean philosophy is waste reduction. The other half is about managing the unstable input of people. That’s what we’re interested in here.

(Continue reading the full article on the web.)

If you liked this piece, you should subscribe to my premium newsletter. It’s $70 a year, or $7 a month, and in return you get a weekly newsletter that’s usually anywhere from 5,000 to 18,000 words, including vast, detailed analyses of NVIDIA , Anthropic and OpenAI’s finances , and the AI bubble writ large (updated to version 3.0 last week). My Hater's Guides To the SaaSpocalypse , Private Credit and Private Equity are essential to understanding our current financial system, and my guide to how OpenAI Kills Oracle pairs nicely with my Hater's Guide To Oracle . Last Friday, I published the first of a two-part series where I explore the many bubbles that form the basis of the AI bubble — including the tokenomics bubble, and the cult of personality bubbles surrounding Sam Altman and Dario Amodei.   Subscribing to premium is both great value and makes it possible to write these large, deeply-researched free pieces every week.  Soundtrack — Local H — Manifest Destiny (Part 2) We live in a time of deep uncertainty. On Friday, Anthropic was forced to shut off access to its Mythos and Fable models after the US government imposed an export control ban barring any non-US citizens both inside and outside of the country from accessing them.  To explain, Fable is basically Anthropic’s supposedly “ too dangerous to release ” Mythos model with guardrails forbidding you from what appears to be anything biological weapons and cybersecurity, except it was jailbroken within days by Amazon researchers, leading to Amazon CEO Andy Jassy (and other unnamed companies) reporting it to the US commerce department which gave Anthropic 90 minutes to roll back Fable and Mythos due to “national security risks.” Semafor also reports that this all might have happened because China got access to Mythos . This situation is a complete mess. PCast co-chair and podcaster David Sacks claimed that Anthropic refused to fix the issue , claiming it wasn’t serious , per Business Insider: During the calls, Amodei tried to clear up what he assumed was a misunderstanding. He pushed back on the administration's concerns, defended the guardrails, and argued that the type of bypass that occurred, which he believed to be specific, did not pose the same risk as a broader "jailbreak" that would allow it to be used without any of the guardrails put in place by Anthropic.

In a blog post after the export controls were put in place, Anthropic said that "no testers have yet been able to find a universal jailbreak — a jailbreak method that can very broadly bypass the model's safeguards, unblocking a wide range of cyber capabilities," and that total avoidance of any jailbreaks isn't now possible for them or any other companies. They defended their systems, which they said "are so strong that many users have complained that they are overly broad." A White House official told Business Insider that “export controls were a last resort after begging them for hours to work with us”: Shortly after the call, the Trump administration imposed its export control on the Fable 5 and Mythos 5 models, citing national security authority and banning their use by foreign nationals, according to Anthropic. The company said the "net effect" of the order was to "abruptly disable" the models for all customers "to ensure compliance." Anthropic claims no begging occurred, and all it got was (as noted above) 90 minutes. According to Axios, the company has dispatched some of its senior technical staff to D.C to negotiate with the Trump Administration , after virtual meetings with White House officials failed to bear fruit.  In any case, this is a reaping/sowing for the ages. Dario Amodei has spent years selling AI models based on completely fantastical scaremongering about the “rapid advancements” of large language models , cresting the hill in April when he announced Claude Mythos, an LLM that was “ too powerful to release ” until June 2, when it was released to 150 organizations in 15 countries , and June 9, when it was released with said guardrails under the name “Fable.” Fable is, of course, just another large language model that’s an indeterminate amount of “better” than the last one. Having talked to multiple people that claim to have used Mythos and deeply enjoyed Davi Ottenheimer’s takedown of its system card , it appears to be much the same model but with security protocols flimsy enough to last only a few days before anonymous researcher Pliny The Liberator broke them . Anthropic has not created recursive self-improvement , nor has it done much more than create a very large language model that gets higher benchmarks in tests built for large language models, wrapped in a veneer of mysticism and panic-hype built to scare organizations in paying them to use it. The problem with this kind of hype is that you can only use it for so long before somebody believes you. The outright mythology of Mythos existed to scare people and help Anthropic raise at a $965 billion valuation , and because the tech industry has existed fairly divorced from reality, scrutiny, and regulation, Dario Amodei continued to inflate the “ Anthropic is too powerful ” bubble, believing that all that would happen would that he’d create a new enterprise API business. Some are attempting to read this story as bullish for Anthropic — that the government will work with it to bring the models back online, creating a proxy marketing campaign for its models — and while I think that’s possible, if not likely , I think there’re many other possibilities. On Sunday, slopaganidst and Microsoft CEO Satya Nadella posted a mealy-mouthed blog on Twitter that didn’t really say very much of anything, but had two interesting comments: The last thing any of us want is a world where every company across every sector is ceding value to a few models that eat everything they see. If all the value is accrued by only a few models, the political economy will simply not tolerate it. There is no societal permission for an AI future that hollows out entire industries.

…

In my view, our priority has to be building a frontier ecosystem, not just a frontier model, so value flows broadly across every company, every industry, and every country. One where every organization can own the learning loop that encodes its institutional knowledge, compounding its human and token capital. This, combined with Microsoft AI CEO Mustafa Suleyman saying Anthropic’s models were too expensive and Andy Jassy likely being part of the reason that Anthropic got banned makes me think that hyperscalers might be trying to cast doubt on the inevitability of AI labs. While Nadella’s piece has clearly gone through 8 PR people and 16 lawyers, it seems to smell of a company saying that no one model actually matters, and given that it was posted on a Sunday , I’m going to guess it’s about the current Anthropic situation. It’s hard to see how everything goes back to normal from here. Even if Anthropic gets its models greenlit for availability, it’s clear the government has some animus against it after Q1’s battle with the Department of Defense , and may or may not have been waiting for an opportunity to rattle Dario Amodei’s cage.  And, according to Axios , there’s a real animus between the US government and Anthropic, caused in part because of its “inability to communicate effectively,” with one source saying that “Anthropic has not done a great job at trying to speak to the administration and appreciate the ideological differences." Alternatively, the government has taken Anthropic’s (nonsensical) marketing seriously, and thus decided to take the kind of blunt-force authoritarian position you’d expect — shut the whole thing down, as China might use Mythos to uh, do something!  The other problem is that this is terrible, terrible timing for an AI industry in the throes of a cost crisis. Anthropic and OpenAI’s IPOs depend on myth, hype, and certainty that their growth will never slow . The government’s ability to cut off access at random based on genuine concerns or politicking isn’t a great advertisement at a time when everybody is struggling to find the ROI of AI . This isn’t a Too Big To Fail or nationalization situation. Amazon and Microsoft are far more scared of the White House than they are of killing their golden goose, and may honestly be relieved to find a reason to bring this era to an end. You see, Anthropic and OpenAI have much bigger problems than regulation or pissing off Pete Hegseth. Their business models don’t fucking work. Can We Wrap This Up Already? I’ve been saying for years that the underlying economics of AI don’t make sense — that AI labs were intentionally obfuscating the costs of subscriptions and heavily subsidizing users’ compute, and that the moment that that changed , everything would begin to fall apart, and god damn has it finally begun. As I discussed in last week’s premium newsletter, the AI Tokenomics Bubble is the simplest and most consequential of them all, because it comes back to something I’ve been saying for years: that the majority of users will refuse to pay the actual cost of AI.  Said bubble inflated through the combined failure of the tech and business media to question AI’s economics and the unprecedented subsidy con perpetuated by Anthropic and OpenAI. Those who dared to suggest that OpenAI burning $5 billion was some sort of problem were dismissed as haters and skeptics that “didn’t care about the future,” with the vast majority of the media completely ignoring the economics until the latter half of 2025.  The Tokenomics Bubble inflated because everybody aggressively ignored the AI industry’s greatest weakness, choosing instead to repeat tired mythologies about how Uber lost a lot of money ( which I’ve refuted here ) or Amazon Web Services cost a lot of money ( Amazon’s total capex between 2003 and 2017 was $52 billion normalized for inflation ) instead of being skeptical of…well, anything. And now it’s bursting because Anthropic and OpenAI’s customers are in revolt, to the point that they’re planning “drastic” price cuts . How The Tokenomics Bubble Burst Alright, let’s do this one last time . Sometime early in Q1 2026, Anthropic and OpenAI moved all of their enterprise customers to token-based billing, meaning that instead of using subsidized subscriptions with varying (and ridiculous, as I’ll get into) rate limits, big businesses suddenly had to pay for their AI usage based on the actual tokens they used.  Many hailed this as a masterful gambit, assuming that organizations would have near-infinite budgets for AI services that had yet to prove themselves useful. It only took a few months for OpenAI and Anthropic’s customers to start sweating.  In the middle of April, The Information’s Laura Bratton likely burst the AI bubble with a piece about how Uber had burned through its entire annual token budget in a single quarter.  This kicked off an industry-wide anxiety about the mounting costs of AI, with multiple other companies burning millions of dollars in the space of a few months, including Zillow, which destroyed its annual Cursor budget by the end of May . What really began the downfall was a comment by Uber COO Andrew Macdonald : "That link is not there yet, right?" he said. "I think maybe implicitly there is more that is getting shipped, but it's very hard to draw a line between one of those stats and, 'Okay, now we're actually producing 25% more useful consumer features."

He said that the trade-off costs from AI are harder to justify because he can't draw a direct link. Earlier this month, CEO Dara Khosrowshahi said in an earnings call that Uber was slowing hiring to counter its investments in AI. In a single podcast, Andrew Macdonald gave the entire tech industry permission to say the truth: that nobody was actually able to show any ROI despite its massive costs. This was always going to be a problem. By starting everybody off with subsidized subscriptions, AI labs shielded users from the costs, training them by proxy to use AI models without any concern for efficiency.   That, and organizations are run by Business Idiots beguiled by a captured tech and business media and a complete disconnection from actual work, meaning that they’d encouraged (or forced) their workers to use AI as much as humanly possible, never once thinking about the costs until they were made to by the AI labs. All it took was a few months of tokenmaxxing to start turning organizations’ stomachs . This began an increasingly-anxious conversation around AI’s ROI , made worse by the fact that you can’t measure the cost of a task because of the sheer number of models and harnesses, and can’t cleanly translate “AI spend” into “actual financial outcomes.” Toward the end of May, Axios would publish a story about how a company somehow spent $500 million on Anthropic tokens in a single month after failing to set up cost controls . A few days later, Sam Altman would make a massive fuckup , saying that customers were “totally happy” with their AI spend at the beginning of the year (before token-based billing), and that spend was now a “huge issue,” likely because the costs vastly increased. Boosters would immediately argue that these massive costs were, in fact, proof that AI was very successful, even if said “success” came from organizations that let their workers burn as many tokens as humanly possible without any consideration of the cost. As I’ve argued previously , the vast majority of Anthropic’s recent surge in revenue comes from experimental revenue from paypigs that it doesn’t deign worthy of clear visibility into their organizational token spend . In any case, OpenAI and Anthropic need to make a combined $358 billion in annual revenue by 2029 to keep up with their $1.1 trillion in compute commitments. Any slowdown in their growth, as I discussed last week, would be fatal to two companies that have marketed themselves almost en

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• AI and amateurism : When is generative content vernacular?

• Hey look at this : Delights to delectate.

• Object permanence : Disney characters x clean underwear; Transparent Pontiac; Makers v dog with LED collar; Microsoft buys Linkedin; Legitimate greatness.

• Upcoming appearances : LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

AI and amateurism ( permalink )

Over the weekend, I did an interview about my forthcoming book The Reverse Centaur's Guide to Life After AI (a book about being a better AI critic), and the interviewer said she was surprised that I wasn't an AI booster, based on my demographics and work history:

https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/

I could see where she was coming from. I encountered computers in the mid-seventies, as a small child. My first computer was a CARDIAC, a working, Turing-complete, mechanical computer made entirely of cardboard, that I spent endless hours with:

https://www.instructables.com/CARDIAC-CARDboard-Illustrative-Aid-to-Computation-/

Then I graduated to a teletype terminal and acoustic coupler connected to a minicomputer at the University of Toronto. My mom, a kindergarten teacher, used to smuggle home 1,000' rolls of paper towel from the kids' bathroom. I'd get 1,000' feet of computing up one side, then another 1,000' down the other side, then I'd carefully re-roll the paper towel so she could put it back in the bathroom for the kids to dry their hands on.

After that, I got an Apple ][+ in 1979, and shortly thereafter acquired a modem, and that was it: I was hooked for life. I became an amateur programmer, then a professional programmer. I hosted forums on dial-up BBSes where I distributed software and offered support to strangers who wanted to connect their computers to the internet. I got a job as a gopher developer, then a web developer, then a CIO-for-hire, helping wire up small businesses and connect them to the net. Eventually, I co-founded a free/open source software startup, before transitioning to 25 years as a digital rights activist with the Electronic Frontier Foundation. And for most of that time, I was energetically writing science fiction, eventually becoming associated with a school sometimes called "post-cyberpunk":

https://en.wikipedia.org/wiki/Rewired:_The_Post-Cyberpunk_Anthology

The force that energized all this work was a dialectical one, the contradiction that powered cyberpunk literature itself. For all that cyberpunk was undeniably enamored with the coolness and combustibility of new technology, it was also terrified of how technology could be a force for oppression, surveillance and control. As William Gibson says, "cyberpunk was a warning, not a suggestion."

Gibson's more famous quote, of course, is "the street finds its own use for things." In Gibson's novels (and in my own life in technology) all the most interesting things happen when users of technology (often without formal training or credentials) find ways to adapt the technology they use to suit their needs:

https://pluralistic.net/2026/03/17/technopolitics/#original-sin

This is why I remain an ardent fan of Hypercard, Scratch and other meta-tools that are designed to allow non-programmers to write software that exactly conforms to their desires. Whatever the apps produced by these tools lack in sophistication and efficiency is more than offset by the fact that they give everyday people the power to directly control the tools they rely upon.

If "epistemic humility" means anything, it means acknowledging that no amount of "requirements gathering" can capture the needs of people totally unlike yourself as faithfully as those users can capture their own needs. Giving people the tools to produce their own software is always going to make tools – vernacular, idiosyncratic, homespun – that are more suited to their own hands and minds than anything a technologist working on their behalf could make.

The ancient dictum of "nothing about us without us" – born in 16th century Poland and taken up by the modern disability rights movement – asserts the right of people to control their own living conditions, and also the unique capacity of people to understand their own needs. You know what's even better than being consulted on the design of the technology you use? Having direct control over that technology!

This is why I was so suspicious of the iPad. The iPad's much-lauded "ease of use" was entirely about how easy it was to use an iPad to consume technology. But the iPad remains the single most user-innovation-hostile technology in modern history, a device designed to make it impossible to produce technology without permission from a remorseless multinational corporation. This is cyberpunk as a demand , not a warning :

https://memex.craphound.com/2010/04/01/why-i-wont-buy-an-ipad-and-think-you-shouldnt-either/

The technology I've championed all my life is technology that gives more control to its users. One of my immutable precepts is that people who are different from me know things I can't know, and the only way I can get the benefit of their unique knowledge and perspective is if they are free to make and share things that matter to them. As Dan Gillmor said, back when he was inventing the study of citizen journalism, "My readers know more than I do":

https://www.oreilly.com/openbook/wemedia/book/ch00.pdf

And while I am broadly very skeptical of AI, and deeply alarmed by the proliferation of "vibe coded" software in production environments, vibe coding for personal projects is a useful and exciting addition to the lineage of tools that let computer users decide how their computers will work. For people making personal projects, vibe coding extends the power of shell scripting, cron jobs, Applescript, and other desktop automation tools to a wider audience.

One of the journalists I spoke to last week about my book described how he had vibe coded an app that showed him an alert every time a plane flew over his house, giving the tail number and other details of the flight. This is information that I have no need for and no interest in, and that I'm therefore excited to learn about, because its very existence affirms that the world is full of people who are delightfully, irreducibly, amazingly different from me, and moreover, that their unique needs can be directly met using their imaginations and their personal computers.

I recently sat down with my colleague Naomi Novik, a brilliant author who also co-founded Archive of Our Own. Naomi demoed her followup to AO3 for me: Wreccer, a system to help you find small groups of people with taste similar to your own, in order to facilitate media recommendations within that group – a kind of personal, relationship-driven alternative to massive, centralized, monolithic algorithmic recommendation systems:

https://github.com/wreccer

Naomi told me that Wreccer was being built using the same design ethos that the original Twitter embraced. When Twitter launched, it was an API first, and the official Twitter front end was built on that API – but anyone could build their own front end for Twitter that worked in the way they wanted it to. Now, the word "anyone" is doing a lot of work in that sentence, because most people don't even know what an API is, and of the people who do, most of them were not capable of writing their own software front end for Twitter.

But Wreccer is being designed for the age of vibe coding, and the API will really allow anyone who uses the service to design their own interface to the system, one that elevates and centers the features they find useful and tucks away the ones they're not interested in. Your personal, custom front end could also bring in other data-sources – pulling in your Mastodon messages, for example, or even showing you an alert with the tail-number of any plane flying over your home.

This is the part of vibe coding that I'm quite excited about, but it's not the part the industry focuses on. Instead of hearing about how personal, homemade software utilities can be an end unto themselves, we hear about vibe coded projects as prototypes for commercial production code. We hear about clueless bosses vibe coding software products and services that run fine for one user on a siloed desktop computer, and then demanding to know why it takes 50 engineers a year to make the same thing work for millions of users on the public internet. We hear about people who vibe code and submit patches to free/open-source software projects with millions of users, overwhelming project maintainers with slop code that is riddled with security vulnerabilities.

Of course, there's an obvious reason why the industry wants to focus on the potential for vibe coded software to replace production code. The AI bubble has burned up $1.4t to date, while bringing in mere tens of billions of dollars per year, even as its unit economics grow steadily worse:

https://www.telegraph.co.uk/news/2026/06/04/ai-is-the-greatest-money-wasting-scheme-humanity-has-ever-i/

To keep the bubble inflated, AI hucksters must promise massive economic returns to the technology. They want investors to believe that vibe code is about to replace working programmers, who are skilled, high-waged, high-demand workers. Their pitch is that for every million dollars' worth of programmers that an AI salesman and a boss conspire to fire, half a million dollars will go to the AI company whose bots shit out that vibe code.

That's par for the course with the AI bubble, whose focus is entirely on how AI can centralize, control and homogenize our lives. Whereas early desktop publishing, web publishing and social media gave us a glorious higgledy-piggledy of chaotic, weird and transgressive hobbyist media and retina-searing designs, AI art and design are instantly recognizable at a thousand yards, and it all looks the same, boring, and washed :

https://pluralistic.net/2024/07/20/ransom-note-force-field/#antilibraries

AI companies have released open weight/open source models that can run on your own computer, but these are treated as side-shows and toys and demos. The real action, we're told, is in "frontier models," which is industry-speak for "a piece of software whose running costs exceed the GDP of most countries":

https://pluralistic.net/2026/02/19/now-we-are-six/#stock-buyback

Perhaps this is why the dynamics of AI are so different from the early dynamics of the web. Early web users were workers , who demanded that their bosses allow them to use the web and so devolve more power to people doing their jobs. By contrast, today's most ardent AI boosters are bosses , who threaten workers who don't use AI enough in the course of their duties:

https://pluralistic.net/2026/05/26/the-ai-will-continue/#until-morale-improves

Where we do see idiosyncrasy emerging from AI usage, it's often terrible. AI can help you create a folie-a-un in which you and a chatbot team up to reinforce your delusions and drive you deeper into a world of dangerous mirage:

https://pluralistic.net/2026/06/03/mission-space/#gsd

There's a (false) story that's told about people who championed the early internet: that we were blithely certain that technology could only be a force for good, and negligently disinterested in the possibility that technology could control, extract and harm. That's demonstrably untrue: recall cyberpunk's dualism of "the street finds its own use for things" and "cyberpunk is a warning, not a suggestion."

More true is to say that early internet champions were alive to the importance of the internet, and therefore both excited about the possibilities of the internet to deliver a world of connection, idiosyncrasy, love and solidarity; and about the danger of the internet as a dystopian system of surveillance and manipulation:

https://pluralistic.net/2025/02/13/digital-rights/#are-human-rights

History isn't finished. Long after the AI bubble pops, there will be local models and people vibe coding homemade software that respond directly to their needs. The stuff we make on our own computers, for ourselves, is deplatformed from its inception. It's part of the life we can build in technology's "shadowy corners" that we used to just call "technology." The fact that this stuff is utterly unsuited to be production code makes it inherently unmonetizable. It's how the street finds its own use for things:

https://pluralistic.net/2026/02/23/goodharts-lawbreaker/#no-metrics-no-targets

Hey look at this ( permalink )

• Mediocre Fred https://www.youtube.com/watch?v=gCXc-xC5ms0

• Shame On You https://www.change.org/p/an-open-letter-to-the-american-diabetes-association-shame-on-you

• Keycap Quarry https://keycapquarry.com/shop/

• The Threat of Big Insurance https://prospect.org/2026/06/11/threat-of-big-insurance-lobbying-congress-donations/

• End Citizens United’s Tiffany Muller on fighting big money in politics https://www.citationneeded.news/end-citizens-uniteds-tiffany-muller-on-fighting-big-money-in-politics/

Object permanence ( permalink )

#25yrsago Disney characters win right to clean underwear https://web.archive.org/web/20010707023727/https://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2001/06/07/state1339EDT0171.DTL

#20yrsago Lampooning the American dismissal of Gitmo suicides https://fafblog.blogspot.com/2006/06/610-changed-everything-run-for-your.html

#20yrsago LA’s South Central Farm under police siege right now https://web.archive.org/web/20060616085732/http://www.southcentralfarmers.com/index.php?op

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

During an exchange of war stories, a colleague of mine told one from back in the days when Windows included a processor emulator for x86-32 on systems that natively ran some other processor. (This has happened many times. And no, I don’t know which processor this particular story applied to.)

This particular emulator employed binary translation, generating native code to perform the equivalent operations of the original x86-32 code. This offered a significant performance improvement over emulation via interpreter. You can imagine that x86-32 is just a bytecode, and the emulator is a JIT compiler.

Anyway, my colleague found that there was one program that needed to allocate around 64KB of memory on the stack and initialize it. The standard way of doing this is to perform a stack probe to ensure that 64KB of memory is available , then subtracting 65536 from the stack pointer, and then initializing the memory in a small, tight loop.

But using a loop to initialize the memory was too mundane for whatever compiler was used to compile this code. Instead of generating a loop to initialize each byte of the buffer, the compiler “optimized” the code by unrolling the loop into 65,536 individual “write byte to memory” instructions, each 4 bytes long.

All in all, it took this program 256 kilobytes of code to initialize 64 kilobytes of data.

This offended the team so much that they added special code to the translator to detect this horrible function and replace it with the equivalent tight loop.

The post The time the x86 emulator team found code so bad that they fixed it during emulation appeared first on The Old New Thing .

By now (happily) everyone wants to talk about digital autonomy, although some parties insist we talk about sovereignty. Fine. tl;dr: The discussions on digital autonomy are now going round in circles. Civil society and think tanks want to contribute, and are well placed to do so. In this piece, I urge everyone to look further ahead, beyond legislation and talking about European values. The road to digital sovereignty is very long, and we need to make progress along that entire road, which includes things further afield than what we are discussing now.

Welcome to RSS Club! These posts are only available to RSS and Atom subscribers. You can read more about the idea at Dave Rupert's site .

I recently received an email from a distraught reader:

I was going through my recent bookmarks and I found https://shkspr.mobi/blog/2026/04/rss-club-for-wordpress which I had clearly saved to reference again later.

However, as with the nature of RSS Club™, I can't just revisit that post in my browser. I'd long since deleted the RSS item in my feed and re-adding your entire feed only fetched the last ~20 items, of which this wasn't one.

Oh no! It is true that my feed only goes back 20 entries. As a consequence, older posts are lost in the Time Vortex - much like several episodes of Doctor Who.

My first thought was "is this a bug or a feature?" Perhaps those posts should be ephemeral. It is possible that they've been archived - but it is equally possible that they've drifted away on the breeze like a child's balloon. Do I want people rummaging in the archives to get old club posts?

I think my answer is… I'm happy for them to be inaccessible for the casual reader.

But there are a few ways the determined scholar can find older posts.

Manually Save The Contents

Your feed reader probably lets you store a permanent copy of a post. You should do that if you want a local version available.

Archive.org

The Internet Archive regularly grabs a copy of my RSS feed. For example - https://web.archive.org/web/20260000000000*/https://shkspr.mobi/blog/feed/atom/

You can peruse older versions to your heart's content.

JSON API

WordPress's JSON API contains the full contents of the post (albeit in a slightly verbose JSON format). You need to know the post's ID.

For example, the JSON for this post itself can be found at https://shkspr.mobi/blog/wp-json/wp/v2/posts/72429

Feed Pagination

By default, you only get 20 items per feed. If you'd like to go to the 2nd page of the feed, you can use:

https://shkspr.mobi/blog/feed/atom/?paged=2

Then ?paged=3 for the next, etc.

Category Feeds

WordPress has build-in support for category-specific feeds. So, if you want to subscribe to only the RSS Club posts, you may use https://shkspr.mobi/blog/category/rss-club/feed/

This also works with tags, for example https://shkspr.mobi/blog/tag/rss-club/feed/

They should both be the same, but I primarily use categories to differentiate between club and non-club posts.

Email

Feel free to email me if you can't find something. My contact details are on https://edent.tel/

Light switches. How on earth is it so hard to find decent light switches?! It sounds ridiculous until you actually spend enough time looking for ones that meet two simple criteria: • Aren't stateful (switch is up or down, has to be push-button)

• Looks good Now, I'm conscious that this is also very likely an Australian problem, more so than a European or North American one. We're pretty limited by what we get down here, and because it involves electricity, the switches here have to pass all sorts of local Aussie tests and standards. I can't just jump onto eBay or Amazon and ship a box of good ones over from the US. So we're stuck with these rubbish ones... unless you can find me something decent? Please?! 🙏

[...] Instead, I picture a specific person and I just write for them. Often this person is "me, but 3 years ago" or a good friend.

— Julia Evans , write for 1 person

Tags: writing , julia-evans

While much is focused on the improvement of models , there's been radical improvements in the efficiency of KV cache compression. I was curious to figure out just how big the improvements are and why I think it matters so much.

The headline figure: the memory needed to store one token of context has fallen by roughly 100x since 2017. Over the same period, the memory on a top of the range datacentre GPU has gone from 16GB to 288GB - an 18x improvement. The memory wall in AI has mostly been solved with maths, not silicon.

What is a KV cache?

When you use an LLM - either via the web on ChatGPT et al, or agentically via Claude Code, your "context" is stored in a KV cache. This is/has been an incredibly memory intensive process which has led to hard limits on the session length.

Put simply, the longer your "conversation" grows with the LLM, the more KV cache you need. A more efficient KV cache allows you to input more stuff - conversations, code, reference documents, images - in the same amount of memory.

An inexact analogy is compression for audio visual files. It was the MP3 algorithm that allowed audio files in the late 90s to be compressed enough that Napster was (nearly) workable. Equally, MPEG2 allowed digital TV to work, and subsequent algorithms like H.264 allowed Netflix to work well on slow(er) broadband connections.

Without modern video compression codecs, a 4K stream on Netflix would require (many) gigabits of bandwidth to work. With compression codecs, it can be squeezed into a 15mbit/sec bandwidth allocation - a 100x+ compression ratio.

By allowing this efficiency you can often leapfrog hardware improvements. No doubt broadband connections will converge fast enough at some point to allow uncompressed 4K video streams, but compression allows you to roll out improvements far faster, to a wider market.

The inception of KV caches

When transformers first came around in ~2017, a 128K token context window (roughly 100,000 English words) would require ~ 340GB of GPU memory for one conversation, using MHA. That assumes a 70B-class dense model at 16 bit precision - which works out at about 2.6MB of memory for every single token in your conversation.

In 2017 the absolute state of the art datacentre GPU parts like the Tesla V100 shipped with 16GB of HBM2 memory. So, on that architecture, you'd need ~20 top of the range GPUs to hold one conversation - which these days would feel limiting.

While this is revisionist - you wouldn't be able to have any conversation with a transformer at that point - it shows just how far out hardware and efficiency was.

The first major leap was MQA in 2019, from Noam Shazeer at Google. This allowed a huge 64x reduction (on a model with 64 attention heads) by sharing a single KV head across all query heads. However, this had major downsides - quality took a real hit and training became less stable - and long recall significantly degraded. It saw some adoption (PaLM and Falcon used it), but it was clear the compression was too aggressive.

GQA

As LLMs started ramping up in capability, the context window became an enormous problem. GPT3.5 had a context window limit of just 4K tokens - barely enough to input a few pages of documents. This is no doubt because of the enormous memory requirements.

It's hard to overstate how big a limitation this was. While the models were still at a very early stage, if there weren't further developments in context window efficiency LLMs would have been limited to very short question and answer sessions. Agentic workflows of any type, regardless of model quality, would have been extremely constrained - even defining the tools an agent has access to now requires 20k tokens in Claude Code, before anything is input or output.

The core way LLM providers patched over this was just deleting messages from your session. ChatGPT might just take your first message, and the last n messages that fit in the context window. This led to hilariously bad results, as it'd instantly forget something it had just said a few messages ago. It would have been completely unworkable for any serious document work.

GQA arrived in 2023, allowing groups of query heads to share KV heads - a middle ground between MHA and MQA. With 8 KV head groups this allowed an 8x reduction - with very little quality loss as the session grew. Llama 2 70B and Mistral adopted it almost immediately, and it quickly became the default for open models.

Around the same time another trick emerged in parallel: sliding window attention, where some layers only attend to a fixed window of recent tokens, so their share of the KV cache stops growing entirely. Mistral shipped it in 2023, and Google's Gemma models later interleaved local and global attention layers to similar effect.

Once approaches like this became commonplace, we start seeing a rapid increase in the context window length - no doubt alongside more memory being available. GPT3.5-Turbo allowed 16k context windows, and while the original GPT4 launched at just 8k (with a pricey 32k variant), GPT4-Turbo expanded dramatically to 128k by late 2023.

MLA - the DeepSeek surprise

The next big jump came from DeepSeek in 2024 with MLA. Instead of sharing KV heads between query heads, MLA compresses the keys and values down into a much smaller latent vector, and folds the decompression step into the surrounding projection matrices so the full keys and values never have to be materialised at all. DeepSeek claimed a 93% reduction in KV cache size in their V2 paper - while improving on quality benchmarks, not just holding steady.

This was an important proof point. MQA showed you could compress hard if you accepted the quality hit, and GQA showed a modest compression with almost no hit - but MLA showed you could go an order of magnitude beyond GQA without giving anything up. It's also a decent chunk of how DeepSeek served their models so cheaply that they wiped nearly $600bn off Nvidia's market cap in a single day in early 2025.

Alongside this, quantisation of the KV cache itself - storing the keys and values at 8 or even 4 bit precision rather than 16 - became increasingly standard, roughly doubling or quadrupling effective capacity again on top of everything else. More recent approaches like Google's TurboQuant push this much further still.

(There's also a whole parallel universe of serving-side improvements like vLLM's PagedAttention - but that's about managing KV memory rather than compressing it, so I'm leaving it out of scope here.)

Agentic capabilities

Between late 2023 and 2025 models got somewhat "stuck" in context window size, with OpenAI and Anthropic offering models around the 128-200k token length. It's fair to say that these context lengths were not terrible - they allowed coding tasks and moderately sophisticated document processing. But as true coding agents ramped up, it did become extremely limiting.

In this timespan you had to spend a lot of time thinking about this if you were building or using agents. Reading too many large files would blow through the window, causing the dreaded "compaction" to run - a fairly crude process of trying to summarise everything the agent had access to.

The next major breakthroughs around 2025 were linear-attention hybrids - models like Qwen3-Next and Kimi Linear replaced most of their full attention layers with linear attention, which keeps a small fixed size state per layer rather than an ever-growing cache. Only a minority of layers keep a full KV cache. This (and no doubt other, less publicly known about) approaches allowed context windows to grow to 1M tokens with minimal quality loss. It's presumably a big part of why Anthropic could ship a 1M context window earlier this year without even charging extra for it.

KV cache memory per token of context, on a log scale. GPU memory only improved ~18x in the same period.

The future

There's no sign of this slowing down. Research is increasingly pointed at getting rid of the quadratic attention bottleneck entirely - pure linear and recurrent approaches that keep a fixed size state no matter how long the context grows. Whether they can fully match attention on quality is still an open question, but the hybrids have already shown you don't need every layer to pay full price.

The thing I find most interesting though: across nine years of ~100x compression gains, surprisingly little of it showed up as cheaper . Token prices have come down, sure - but most of the efficiency got spent on longer context windows instead. 4K became 128K became 1M. Much like video codecs got spent on higher resolutions rather than smaller files, we keep spending memory efficiency on more capable agents. And with memory now one of the hardest constraints on the AI buildout, I'd expect that to continue.

As ever in this space, half of this post will probably be out of date within a year. There's an enormous amount of money pointed at making context cheaper - I certainly wouldn't bet against another 100x.

This series is a place to collect interesting things I’ve seen, read, or heard, along with some brief thoughts (often incomplete and/or inconclusive) that they provoked.

AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach – socket.dev

Back in February this report landed in a security blog, and I found it fascinating. As is usual for me, it’s at the intersection of human behaviour with technological automation that the real interesting problems lie.

The whole industry uses GitHub profiles as a proxy for a CV. Now agents can build a credible looking one in hours or days, and it results in our whole system of reputation and trust being borked.

Once again, the thing you should be optimising for is trust . I wonder what new systems we need to build to deal with the old ones being broken.

Where Provenance Ends, Knowledge Decays – Jessica Talisman

My first job was building information management systems, and for those of you that haven’t worked in the industry, let me tell you: knowledge architecture is fascinating. We should all be hiring librarians to help us with these problems.

The core question posed here is: without provenance how can users interrogate the answers from LLMs? How do you then challenge the all-knowledgeable answer machine?

And a key point, countering the attempted solutions of the big LLM vendors – CITATIONS ARE NOT PROVENANCE – the training set is critical to understand the context to your answers, not just the retrieval path.

Given the many reports of click-through rates dropping on Google as people increasingly rely just on the AI summary, this is an important topic for search in general.

Programming as Theory Building – Peter Naur

This resonated very strongly with me, and helps clarify lots of my thinking about team building and software product development.

But accepting that the thing you’re building is the theory, not the textual representation (ie. the code), the cost of organisational changes (eg. losing engineers after a year or two, changing team topology too often, etc) is clear – you are destroying the very thing you’re trying to build.

What I still need to think more on is how does this play with the capitalist reality in which businesses operate? What you’re selling is the product, not the theory – this creates a tension between the priorities of the team and those of the business.

If not the theory, then is the text the product? Also no! Look at all the things that comprise the sold product that are not the textual artefact: user education, documentation, training, etc. The marketing cliché “we sell solutions” is a clear signal that the text is also not the product.

So if neither the theory nor the text are the product, is there a better concept for software teams to align to, for maximising their commercial impact? Probably not a singluar one, I’d bed. My hunch is that the most “product-aligned” concept will vary depending on whether you want short, medium, or long-term impact.

People who think current AI use is unsustainable often rely on the claim that inference GPUs only last “three years at the most” under load 1 . The idea here is that once the AI bubble money drains away, current infrastructure will rapidly become obsolete, and there won’t be enough money floating around to buy a whole slate of brand-new GPUs. Inference costs would thus rapidly become way too expensive for current AI products to make any financial sense.

Where does this “three years at the most” claim come from? Is it plausible?

Sourcing the quote

The original Tom’s Hardware article quotes this tweet from Tech Fund, an anonymous former PM and tech investor, who quotes an anonymous “GenAI principal architect” at Google as saying “if you have a high utilization rate, then constant high utilization rate for a year or two, I think the lifespan will be three years at most”.

This screenshot looks like it was from an interview. What interview? I scrolled back to October 2024 on Tech Fund’s Twitter feed and saw a bunch of similarly-formatted screenshots , some of which were cited as coming from Tegus . Tegus is apparently a company with a business model of reaching out to insiders (in this case, AI company employees) and paying them hundreds of dollars an hour in order to answer specific technical questions. It’s essentially gig work for almost-but-not-quite insider trading: the more informed and confident you sound, the more likely Tegus analysts will pick you for future interviews.

I’m sure the source for this tweet is in fact a GenAI principal architect, since Tegus would have presumably asked for some proof of that before they paid them out. But it’s pretty clear that the incentives here are to sound confident and authoritative, even on questions that you’re not sure about. With that in mind, the quote itself also reads a bit suspiciously. I’ve worked with enough principal engineers and architects to take their casual back-of-envelope estimates with a grain of salt. If they knew the actual rate at which GPUs fail and get retired in Google datacenters, wouldn’t they have just said that?

Evidence for a longer lifespan

We have some anecdotal evidence that points the other way. Google has publicly claimed to have eight year old TPUs (their version of GPUs) running in production at “100% utilization”. Nvidia only made A100 GPUs from 2020-2024 , but in February 2026 the AWS CEO claimed that AWS had never retired an A100 server (and you can still easily rent A100s for AI work) 2 . AI GPU usage isn’t exactly like crypto mining GPU usage, but it certainly seems like years-old ex-crypto GPUs are functional . There’s also this comment from Hacker News I noticed where someone claims that their GPU cluster in academia has lasted six years with less than 20% failure rate.

What about hard data? It’s hard to get concrete data on the lifespan of AI GPUs, because modern AI datacenters have only existed for a handful of years. But an interesting case study would be recent supercomputer clusters like Oak Ridge’s Summit , which had over 27 thousand Nvidia V100s running from 2018 to 2024, or its predecessor, the Cray Titan supercomputer that ran from 2012 to 2019. I couldn’t find any evidence that Summit had to buy an additional 27,000 GPUs to replace their old ones, and GPU failures in Titan have been carefully studied :

These cages of GPUs are stacked vertically, and cold air is pumped in from the bottom, which explains why cage 0 (at the bottom) has better survival rates than cage 2 (at the top). Let’s consider cage 0, so we’re just looking at the GPU lifespan instead of at the lifespan of improperly-cooled GPUs. At three years, over 95% of GPUs survived 3 . At six years, nodes 2 and 3 (the GPUs closest to the bottom of the cage) were still at above 90% survival rate, and the highest nodes were over 60%.

It’s possible that newer Nvidia GPUs are less reliable than older ones (they certainly draw more power), or that AI datacenters are under-cooled, or that something about LLM utilization is more stressful than the workloads that ran on traditional GPU datacenters. But this is at least circumstantial evidence that GPUs can survive under load for far longer than three years.

Economic lifespans

This discussion is complicated by the fact that GPUs may have a short economic lifespan. Supposedly a B100 GPU draws twice as much power as an A100, but can do five times as much work. For some AI providers, that might mean that A100s are only worth running until they can be replaced with B100s (if you’re bottlenecked on electricity, you should spend it all on B100s and throw out your obsolete A100s). This is why the Titan supercomputer was decommissioned in favor of Summit: it could have continued to operate, but it was more profitable to spend the money and maintenance effort on newer hardware.

It should be obvious that this doesn’t support the “inference will become more expensive when the bubble pops” argument. So long as A100s are profitable right now , cash-poor AI providers can continue profitably serving inference from them, even if there are more efficient options available for those with the capital to upgrade.

On top of that, GPUs only represent one part of AI datacenter infrastructure spending. If your GPUs wear out, you don’t have to go and build an entirely new datacenter. About 30-50% of datacenter spend goes to land, power, cooling, and so on. The remaining 50-70% is the cost of the entire server rack, which includes a bunch of things that aren’t GPUs.

Conclusion

Like the idea that AI inference requires using huge amounts of water , the idea that AI GPUs only live a year or two is popular because it’s a useful idea for AI skeptics, not because it’s true. It comes from a pseudonymous tweet quoting an anonymous source who’s being paid hundreds of dollars to sound like a credible expert on AI. Other public communications from AI inference providers cite much higher lifespan numbers, and the statistics from supercomputers (the traditional examples of large GPU clusters) don’t bear out the claim that the maximum lifespan is three years.

It might be true that the economic lifespan is three years, in a world where new GPUs come out every eighteen months and GPU providers are flush with cash to upgrade, but that doesn’t tell us much about the economics of inference in an AI winter. If money becomes a lot more scarce, it’s likely that AI datacenters will continue profitably 4 running their B300s (or their H100s or even A100s) for six years or longer.

• Of course, like previous claims about AI and water usage, “three years at the most” is often cited as “1-2 years, with some lasting up to 3 years under optimal conditions” .

↩

• Of course, pronouncements from CEOs/CTOs should be taken with a grain of salt as well (for instance, maybe they have a big backlog of unused A100s they keep swapping out), but (a) executives don’t often straight-up lie about concrete technical facts, and (b) they’re going up against an unsourced quote from a tweet, so the bar isn’t that high.

↩

• What about proactive GPU replacement? In the “Survival Analysis” section, the study attempts to account for this. I haven’t dug into exactly how.

↩

• Assuming inference is profitable, which I believe (when you’re not attempting to amortize the cost of training).

↩

Why AI hasn’t replaced software engineers, and won’t

Arvind Narayanan and Sayash Kappor take on the question of AI job losses through the lens of a profession that is uniquely suited to AI disruption - software engineering.

In this essay, we argue that there is enough evidence to reject the narrative that once AI capabilities reach a certain threshold, it will cause mass layoffs. Given that this is true even in a sector with very few regulatory barriers, most other professions are likely to be even more cushioned.

The first good news is that the data still doesn't support the idea that AI is causing mass unemployment.

In March 2025, New York became the first U.S. state to add an AI disclosure checkbox to WARN Act filings. In the full first year, more than 160 companies filed WARN notices. Not a single one checked the AI box

AI speeds up the typing-code-into-a-computer phase, but it turns out software engineering is about a whole lot more than that:

If writing code isn’t the bottleneck, what is? The task-breakdown surveys point at things like meetings or debugging. This just leads to more questions: what are developers doing in those meetings and why can’t it be done by AI? Won’t debugging get automated as capabilities improve? To understand the real bottlenecks, we have to get qualitative, and dig into software engineers’ own understanding of what it is they do that resists automation.

When we did this analysis, it revealed three things as the real bottlenecks (1) deciding and specifying what to build, (2) verifying and being accountable for what is delivered, and (3) the deep human understanding — of the codebase, the business, and the environment — required to carry out both of these.

I'm finding AI assistance also helps me with the deciding and verifying steps, but it's the "deep human understanding" that remains key to the value I provide. Give me all of the AI assistance in the world and the value I produce will still be reliant on how deeply I understand both the problems and the solutions that the agents are building for them.

Tags: careers , ai , generative-ai , llms , arvind-narayanan , ai-ethics

Sword juggling is simple. I’ll prove it to you by explaining it. First, acquire three – or, if you feel ambitious, four swords. Divide the swords between your hands. Starting with one hand, the one holding two swords if juggling with three, toss a sword into the air. As this sword is about to reach your other hand, toss the sword in that hand and catch the falling sword by, and this is important, its handle, not the blade. Then repeat this process as the airborne sword reaches the hand you started with. Now keep doing this, ensuring that you do not cut your fingers off in the process.

To make the subtext, well, text. This is an allegory about the C programming language, although it applies to others too. C being simple is a common idea, especially made in discussion about and as contrast to Rust. It’s true that C is simple. The language is small and the standard is, relatively, short. Just like sword juggling is simple, C being simple doesn’t mean programming in C is easy. In fact it’s very hard, especially if you care about your program being correct. Simple is not easy.

After learning the simple C language, a world of painful experiences await the aspiring C programmer. With each a new lesson is, hopefully, learned. This is not an indictment of individual programmers, as much as some people like to cry “skill issue”, writing correct C is just hard. The canonical example is pointers: simple in theory, devilishly complex in practice. For every pointer you must consider: Who owns the memory it points to? Does it need to be freed? If so, who is responsible for freeing it? How big is the memory region it points to? Is it alive currently? Did someone already free it?

Obviously no one wants a language that’s complex, at least not more complex than the inherent complexity of the domain. Returning to the pointer example above, anytime I have to write C and deal with pointers I’m filled with dread because I know I have to consider all of these questions carefully and getting it wrong has dire consequences. By comparison Rust’s complex reference semantics, lifetimes, and borrow checker are a breeze; I know that outside of unsafe I’m not going to mess it up.

Sword juggling is simple, but not easy and I’d be remiss if I didn’t mention that unsafe Rust is a bit like juggling with chainsaws .

Read enough articles about The Beatles and you'll repeatedly hit the claim that Frank Sinatra frequently introduced his cover of George Harrison's "Something" as his "favourite Lennon & McCartney number."

Much like the misquote about Ringo not being the best drummer in The Beatles , I think this might be one of those semi-apocryphal lines which has taken on a life of its own.

Here's what Paul McCartney has to say in The Beatles Anthology, Episode 4.

https://shkspr.mobi/blog/wp-content/uploads/2026/05/Sinatra.webm

That was broadcast in 1995 - so we need to look for sources from before that.

There's not much Internet before the mid-1990s. Google's mismanagement of the USENET archives is a cultural obscenity. Nevertheless, we can find a few references which predate McCartney's broadcast.

1994-12-26

Frankie used to introduce "Something" as his "tribute to Mr. Lennon and Mr. McCartney" ;^)

1990-03-05

In fact, a friend of mine (a supposed Beatle fan; turns out she's really just a L/M fan), were having a discussion about this very subject, she, just like Frank Sinatra, didn't know that George wrote "Something." Duh.

So it was certainly a proto-meme back then.

Of the thousands of Beatles books, I can't find any from before the mid-1990s which mention Sinatra's misattribution.

For example, 1994's The Complete Guide to the Music of the Beatles simply says:

Similarly, there are plenty of books and articles about Sinatra - lots of them talk about Something, but never this supposed misrepresentation. In 1980's New York Magazine , Sinatra is interviewed and says:

There are many videos of Sinatra singing Something on YouTube - none of them have him introducing the song as a Lennon/McCartney number.

Indeed, here's one where he introduces it as being by George Harrison.

I think that's 1982's The Concert for the Americas - in the Dominican Republic .

Here's a 1985 concert where he introduces it as being by George Harrison of The Beatles.

Way back in 1978 at Sinatra's Caesar’s Palace Concert, he introduces it with "George Harrison wrote it" and finishes with "by George Harrison".

Even back in 1975, during a concert in Jerusalem he was crediting Harrison, saying:

Every one of The Beatles was a very talented young man individually. And here's an example of George Harrison with a great love song."

I've now listened to dozens of recordings of Sinatra singing Something live and in none of them does he so much as mention John Lennon or Paul McCartney.

So is the quote apocryphal? Possibly not!

Less than a year after John Lennon was murdered, Sinatra treated Carnegie Hall 0 to a series of 11 concerts.

On 10th September 1981, John Rockwell published Pop: Sinatra at Carnegie - a review of the opening night of Sinatra's concert series at New York City's Carnegie Hall:

Also on the 10th, a clutch of US papers reproduced a story by the inimitable Mary Campbell of the Associated Press .

Most of the syndicated versions leave out the parenthetical remarks .

On the 11th, Patricia O'Haire published a somewhat snide review of the September 9th concert in The New York Daily News

On 14th September 1981, a British newspaper re-reported the comment:

That's the Daily Express by Rob Benson, their Los Angeles correspondent 1 .

By the 29th of September 1981, the story had made it to Australian Financial Times' The Bulletin .

It's unclear how many of those journalists were actually at the concert. I assume John Rockwell, Mary Campbell, and Patricia O'Haire were as they published fairly detailed reviews.

Tracking down a set-list for that long-gone concert is tricky. Carnegie Hall themselves get the dates wrong in their archive and say the first performance was on the 8th, and their set-list is sourced from Setlist.fm rather than their own records. The Sinatraphiles mailing list has a set-list for the 9th which does include "Something".

There's a purported recording of the September 10th concert with a set-list on the reverse:

There's no "Lennon" song - the only Beatles number is "Something". Let's take a listen to the introduction from that bootleg recording.

🔊 Something 🎤 Frank Sinatra 💾 Download this audio file .

"A beautiful song by George Harrison. Maybe one of the best love songs ever written." 2

So, that's a handful of contemporary sources who mention that Frank Sinatra once introduced "Something" as being composed by someone other than Harrison.

The only recording is of the concert the next day - and it doesn't includes that "blooper".

There's no other mentions I can find which directly cite a specific concert or performance.

Did Sinatra ever say it was his "favourite Lennon and McCartney song"? He sang in thousands of shows 3 , not all of which were recorded I also checked all of the other collectors lists I have, and they do not have it either, I do however have reference to its existence via a notecard that…" role="doc-noteref">4 , so it is entirely possible he mentioned it. But you'd expect more than a few reporters would write about it, wouldn't you?

The origin of the "quote", as far as I can tell, is from an interview Paul McCartney gave to David Hinckley in the New York Daily News on 21st October 1984 .

That's the first time that I can see "Something" mentioned as Sinatra's "favorite Lennon-McCartney song".

I went rummaging through some reviews of Frank's concert performance which included "Something" in the set list.

His concert at the Palladium:

And Frank sings 'Something'. It's OK. The Vanilla Fudge were more adept at Beatle rewrites however.

Chris Salewicz. " Frank Sinatra: Palladium, London ". New Musical Express (1975).

His concert at the Royal Albert Hall:

Superb renditions of Jim Webb's 'Didn't We?' and Harrison's 'Something' were recreated with a totally unique empathy. "Real Songs, beautiful songs", he said fervently, no trace of show-biz cant.

Max Bell. " Frank Sinatra: Royal Albert Hall, London ". New Musical Express (1975).

And another report of the same gig:

Jimmy Webb's 'Didn't We' and the classic 'Nice And Easy', were exceptionally good, standing out easily among lacklustre renditions of 'Something', 'Strangers In The Night' and a David Gates song. In between, Sinatra delivered various controversial raps designed to instigate audience loyalties but proved that Sinatra should open his mouth only when singing.

Barbara Charone. " Frank Sinatra: Royal Albert Hall, London ". Sounds (1975).

I've read dozens of gig reviews of old Sinatra concerts and they all contain various levels of snark about his performance, song choice, and politics - so you'd expect British reporters would have picked up on the misattribution, wouldn't you?

Instead, there's two slightly contradictory reports of one single concert and no suggestion that Sinatra himself said it was his "favorite Lennon-McCartney song". Given that he repeatedly credited George Harrison in the decade leading up to that concert, I think it is fair to say the "quote" has taken on a significance far beyond its actual importance.

If you have a recording of Sinatra introducing "Something" as a Lennon/McCartney number - or any other contemporary reports of that - please drop a comment in the box.

• After all, Sinatra had a lot of practice!  ↩︎

• It is odd that the reporter describes Sinatra as "now" singing Something when it had been in his repertoire for over a decade. About the right level of journalistic rigour expected of the Express.  ↩︎

• Later on, in the introduction to "Luck Be A Lady Tonight", he sarcastically describes Marlon Brando as "America's great baritone!". There are quite a few jokey moments in the performance - so it is entirely possible his Lennon & McCartney remark was a quip.  ↩︎

• Incidentally, as far as I can tell, Sinatra first sang "Something" in December 1970 on The Dean Martin Show - about a year after its release on Abbey Road. Sinatra's performance doesn't contain him saying anything about the song.  ↩︎

• I spoke to one collector who said:

I also checked all of the other collectors lists I have, and they do not have it either, I do however have reference to its existence via a notecard that represents a massive collection. What this means is that the concert could exist, but more than likely has never been digitized. Many Sinatra concerts are still stuck on reel to reels from the 70s and 80s and have never been transferred to the digital realm and shared on the internet.

↩︎

Recently I came upon Pluggy , a Python library for developing plugin systems. It was originally developed as part of the pytest project - known for its rich plugin ecosystem - and later extracted into a standalone library. You're supposed to reach out for Pluggy if you want to add a plugin system to your tool or library and want to use something proven rather than rolling your own.

In this post I will share some notes on how Pluggy works, and will then review how it aligns with the fundamental concepts of plugin infrastructures .

Using Pluggy

Pluggy is built around the concept of hooks : functions that host applications or tools (from here on, just "hosts") expose and plugins implement. A host exposes hooks by using a decorator returned from pluggy.HookspecMarker and a plugin implements this hook using a decorator returned from pluggy.HookimplMarker .

Pluggy's documentation explains this fairly well; in this post, I'll show how to implement the htmlize tool with some plugins, introduced in the original article in my plugin series .

As a reminder, htmlize is a toy tool that takes markup notation similar to reStructuredText, and converts it to to HTML. It supports plugins to handle custom "roles" like:

some text :role:`customized text` and more text

As well as plugins that do arbitrary processing on the entire text.

Defining hooks

Out host defines two hooks:

import pluggy

hookspec = pluggy . HookspecMarker ( "htmlize" )

@hookspec ( firstresult = True ) def htmlize_role_handler ( role_name ): """Return a function accepting role contents.

The function will be called with a single argument - the role contents, and should return what the role gets replaced with. """ pass

@hookspec def htmlize_contents ( post , db ): """Return a function accepting full document contents.

The function will be called with a single argument - the document contents (after paragraph splitting and role processing), and should return the transformed contents. """ pass

A hook is created by calling HookspecMarker with the project's name. This project name has to match between the host and its plugins. Pluggy is permissive about what hooks accept as parameters and what they return; for maximal flexibility and to stay true to the original htmlize example, our hooks return functions.

To accompany this HookspecMarker , the host also defines a HookimplMarker with the same name:

hookimpl = pluggy . HookimplMarker ( "htmlize" )

This is used by plugins to attach to hooks when they're loaded.

Loading plugins in the host

The host's main function loads plugins at startup as follows:

pm = pluggy . PluginManager ( "htmlize" ) pm . add_hookspecs ( hookspecs ) pm . load_setuptools_entrypoints ( "htmlize" )

hookspecs is our Python module containing the hooks shown above. load_setuptools_entrypoints is Pluggy's helper for loading plugins that were pip -installed into the same environment and registered as setuptools entry points . It's a way to signal - in one's setup.py or pyproject.toml file - some metadata that projects can review at runtime. In our project, the plugins register themselves with this section in the pyproject.toml file:

[project.entry-points.htmlize] tt = "tt"

This says "for entry point htmlize , define a new entry named tt ". Pluggy's load_setuptools_entrypoints then uses importlib.metadata to access this information.

Note that Pluggy doesn't require using this mechanism. Hosts can implement any plugin discovery method they want, and add plugins directly to their PluginManager with the register method. But this is the mechanism used for pytest and many other projects; it makes it very easy to automatically discover and register plugins that are installed with pip and equivalent tools.

Invoking plugins

Once PluginManager loads the plugins, invoking them is straightforward; here's how htmlize invokes the contents hooks [1] :

# Build full contents back again, and ask plugins to act on # contents. contents = '' . join ( parts ) for handler in plugin_manager . hook . htmlize_contents ( post = post , db = db ): contents = handler ( contents ) return contents

Generally, hook invocations return a list of all the hooks attached to by different plugins (a single host application can have multiple plugins installed and attaching to the same hook). When the host invokes the hook as shown above, the default order is LIFO, but plugins can affect this with hook options like tryfirst and trylast .

Implementing hooks in plugins

Here's our entire narcissist plugin that's attaching to the contents hook:

import htmlize

@htmlize . hookimpl def htmlize_contents ( post , db ): repl = f '<b>I ( { post . author } )</b>'

def hook ( contents ): return re . sub ( r '\bI\b' , repl , contents )

return hook

Some notes:

• It expects htmlize to be installed; as discussed previously, we rely on Pluggy's default install-based approach where both the host and plugins are installed into the same Python environment and can thus find each other. However, Pluggy supports any custom discovery method.

• It uses the hookimpl exported value shown earlier.

• It returns a function that acts on contents; this is the htmlize -specific contract (ABI, if you will) we've discussed before.

Fundamental plugin concepts in this case study

Let's see how this case study of Pluggy measures against the Fundamental plugin concepts that were covered several times on this blog .

It's important to remember that Pluggy is not a specific host application with a bespoke plugin system; rather, it's a reusable library for creating such plugin systems. Therefore, this is more of a meta case study.

Discovery

Generally, Pluggy leaves discovery logic to the user's discretion. Its PluginManager has a register method for adding plugins, and these can be discovered in any way the application chooses.

That said, Pluggy comes with one discovery mechanism built in - through the entry points process of Python packaging, as shown above. This is hugely convenient for a large number of applications, as long as both the application and its plugins are installed via standard Python packaging tools (which is a very reasonable assumption in the Python ecosystem).

Registration

In the entry point process, plugins register themselves by adding a [project.entry-points.<HOST-ID>] section in their pyproject.toml file.

Otherwise - as in the previous section - users are free to devise their own registration schemes.

Hooks

This one is easy, since it's called hooks in Pluggy parlance as well! Pluggy's implementation of hooks is rather elegant, with function decorators available for plugins to set. We've seen an example of this above with @htmlize.hookimpl decorating htmlize_contents .

Exposing an application API to plugins

Since Pluggy is designed for Python hosts and Python plugins, this one is fairly straightforward. The plugins typically assume the host project is already installed in the Python environment and its modules can be imported.

In our example, hookimpl is imported from htmlize by the plugin to accomplish this. It also shows how host data is passed to the plugin - the post and db parameters. These are APIs exposed by the host for the plugins' use.

Conclusion - is Pluggy worth it?

In footnote 2 of my original fundamental concepts of plugin infrastructures post, I wrote [2] :

This is probably why there are very few well-established plugin frameworks in existence (even in low-level languages like C or C++). It's too easy (and tempting) to roll your own.

I still believe my statement is true - plugin frameworks are very easy to create, and the functionality they provide is relatively small compared to their large surface area. In other words, this is a shallow API .

That said, Pluggy does provide some nice functionality for the more advanced uses of plugins:

• Automatic entry point registration mechanism - if you need it

• Signature validation

• Consistent plugin result collection across multiple hook attachments in a single plugin and across many plugins

• Plugin ordering with firstresult , tryfirst , trylast , etc.

• Hook "wrappers" for some special use cases

Are these worthwhile for your project? It really depends on the project, and it's always worth keeping the tradeoff between dependencies and project effort in mind.

Code

The full code repository for this post is available here .

[1] Here plugin_manager is the value previously returned from pluggy.PluginManager ; in the previous code snippet it's saved into pm - the different variable name is because a function call is made and plugin_manager is the parameter name.

[2] To be fair, that post predates the creation of Pluggy!

Some of our recent (and some upcoming) projects are oriented to systems with serial consoles, but it's been getting pretty old dragging around old CRT terminals or tying up Mac laptops with a serial port. I'd like something that's self-contained, a little more portable and a bit less heavy. I'm sure there's any number of all-in-one setups you can buy to do this, but I'm cheap, so I'm going to DIY it.

We'll start with this used, slightly abused IBM 1U console that I got for $120 (shipped) from eBay, add a terminal emulator, and put all the fixin's on.

Nearly every server company produces one of these. They slide into a regular 19" rack and provide a flip-up LCD screen and keyboard in 1U. This was an IBM 7316-TF3 with a 17" screen and a combo keyboard-mouse slimline keyboard. IBM apparently manufactured these from 2004 to 2014 , so it's almost on-topic for this blog, even. I chose it because it was a little banged up and the LCD had some areas of damage (probably improperly closed on something), and the seller had priced it accordingly, but the screen was still sufficiently legible and the keyboard looked fine. Naturally you can do mostly what we're doing here with any of the similar Dell or HP or etc. units that can also be easily found.

The keyboard is an IBM "USB Travel Keyboard with UltraNav" SK-8845RC, the variant with an extra-long cable. This is part of a family of such keyboards including a PS/2 variant (SK-8840), the short cable regular version (SK-8845), and the larger SK-8835 with a numeric keypad.

I actually rather like this keyboard. It's decently space-saving and has a not-horrid tactile feel given its thickness, and of course the lower tray is customized to fit it. Also, being an UltraNav , the fact it gives you a choice of pointing device is rather nice: if you like TrackPoints (I don't hate them), you can use that, or if you prefer trackpads (I don't hate them either but I'd rather use the TrackPoint), you can use that. The keyboard and UltraNav are implemented as HIDs on a single hub which also offers two more USB ports.

The keyboard's USB cable comes out on the other end carried by an extensible folding arm which is how everything stays connected when you pull the assembly forward from the rack. The other cable carried on this arm is the VGA connector.

The screen is " fine ." Like I say, there was some damage, probably because it got closed improperly on something and messed up the display, but it's sufficient as a simple terminal or here connected to the M1 MacBook Air with a USB-C dongle.

The only drawback is that it gets a little daft with non-60Hz rates; it's rated to 75Hz, but 60Hz had fewer artifacts. The panel's maximum resolution of 1280x1024 is sufficient for my purpose.

Although the keyboard can be lifted up clear of the tray it sits in, it is only tethered by a single bolt and clip. This is fortunate because of ...

... what we chose for the terminal emulator. Assuming you don't want to build or program this yourself from scratch (and I didn't), there are a few homebrews here that will take a USB keyboard and a VGA screen and a serial port and do the needful, and what you need to do is pick what is the most convenient for you and has the right features. There are slightly more such devices which use a PS/2 port, but I decided to stick with USB since it would be more flexible and if I really needed something else, I could use an active converter like a ps2x2pico for PS/2 or a Wombat for Macs with ADB. I eventually selected this one from Tattler Solutions (not affiliated) because it ships from the United States (damn you UPS, you still owe me $600 on that tariff you stiffed me on), comes in a nice self-contained case and can be USB-powered, runs up to 115200bps, and has demonstrably good VT100 terminal support. All up it cost me $86 shipped. However, it also has a big drawback: its USB controller does not support combo devices like our IBM keyboard, which he does warn you about, and believe me, I tried really hard to get that to work because I really like the keyboard. Unfortunately, it truly is (and in fairness, as described) a fundamental hardware limitation that can't be programmed around, so that means we can't use our nice UltraNav.

I looked at slimline keyboards on Amazon and found two by Perixx (not associated, not affilated) that looked like they might fit ($20 and $25) and also had a PrtScr key to open the terminal's setup screen. The $25 keyboard would fit but did not sit in the little tray area, so we'll go with the $20 one and I'll find something else to use the $25 one for.

After a quick whirl through the keys to ensure that all the necessary function and control keys could be used and worked with the terminal emulator box, it's time to modify the lower tray.

My expert and exceptionally precise measurements showed that its thinness was just enough to fit in the cleft against the screen, so I got out the silane metal glue and some black-painted mending braces to serve as supports. However, we'll come back to this point.

Measure twice ...

and glue once (after scuffing the undersides with some steel wool and marking everything with silver Sharpie). Ignore what the tube says: this needs to cure for days . The first time I tried it, I tested it out after 24 hours as suggested and while the excess silane glue exposed directly to air had cured, the silane between the metal had only partially done so and the whole thing peeled right off. The second time I let it sit for a week. That seemed stable.

As insurance I also put some Flexseal tape over each support for extra rigidity and to hide the excess glue.

The appearance on the other side. One got a little crooked but it's fine.

To hold the keyboard in position, I then added some Velcro strips left over from another project, with the sticky side out.

The sticky side adhered to the keyboard, and then the Velcro kept it in place. This was nice for typing but also added a small amount of additional thickness I had not considered in my calculations. Again, more later.

Finally threading the cable out the previous hole. I made the cord long enough so the keyboard could be pulled out alongside as necessary. We'll more securely affix it momentarily.

Now for the rest of it. I went down to Target and bought some more Velcro tape and some Velcro cable guides ($21 for both), plus a little miniature power strip with two built-in USB 5V ports ($13), then from eBay bought a couple of "The Best" (that's how you know they're, like, the best) manual USB and VGA switchboxes ($20 for both shipped), and finally pulled out a whole bunch of matching USB and VGA cables from my stock closet. The idea is that this device will have two modes: in one, the keyboard USB and panel VGA will be connected to the VT100 terminal box, and in the other, they will be free connectors to plug into something else (as this unit did originally).

I started with installing the power strip. We'll remove the extension arm since we're not going to rackmount this; it comes off by unscrewing the nut with a pair of pliers and lifting it off the bolt it attaches to. The little plastic loop on this particular power strip nicely fits around the leftover bolt which is embedded in the metal.

The monitor has its own little brick power adapter, which is also (IBM and I think alike, which is moderately disturbing) attached by its own Velcro pad. We'll leave the power brick in place and merely move its power plug to the new power strip by taking off its clip and nut.

One of the Velcro cable strips neatly bundles up the slack in the power cable, and I reattached the nut and clip in a new location to hold the loops in place.

Next I laid out where I wanted the two switchboxes and the VT100 terminal box on the top. The idea is to have the switchboxes face to the side so that I can access the buttons. The "lower" buttons will be for raw USB and VGA, and the "upper" buttons will be for the terminal box. The terminal box did require some thought. On one side is the USB power connector and the DE-9 ("DB-9") serial port, and the other the USB keyboard and VGA. I would have preferred the power cable to go there also, but since this is what we have, I decided to have the USB keyboard and VGA ports on the terminal box face down nearest the switchboxes. Using a yardstick I made sure everything was symmetric before marking their placements.

After that I attached all three boxes with Velcro tape, and connected the master USB from the keyboard and master VGA from the monitor panel to the switchboxes.

Simultaneously I made sure we had enough length on the keyboard cable, and with everything connected secured the cable in the proper position with its own nut and clip. A little plastic tubule wedges into the exit hole as well.

Now the power connector for the VT100 box. This will be powered directly from the USB on the power strip. I ran this cable from the power strip up along the monitor's power input, then under the box so it would keep it in position and looped it into its jack on top.

Following that we run the remaining USB and VGA cables. One set of USB and VGA cables goes to the VT100 box. The excess cable for this set is looped with a Velcro tie and then stuck onto a Velcro pad so it stays fixed, but can be removed if needed. The other set goes down the centreline with its own set of Velcro ties holding them together until they branch off.

A quick power test.

Finally, we'll put hooks on top of the switchboxes and Velcro cable ties on the ends of the external USB and VGA cables so they can be looped and affixed. A Velcro pad glued to the top of the power cable with its own attachment site completes the cable management.

It's a lot of cables, but they stay in one place, and everything has one. Unfortunately, a second problem became apparent: the extra bit of height added by the Velcro meant the top of the keyboard was now contacting the screen when the unit closed.

I looked around for some Z-brackets of approximately the right height to match the keyboard and allow it to sink into the tray hole. This set of black steel ones ($9 on Amazon) were roughly correct.

The keyboard front portion is elevated from the rest of the unit, so it is possible to slip the Z-brackets in back to the stepoff where the two meet and secure them there. In this position, however, the side pieces will block the keyboard, so I peeled them off.

This does make the brackets extend lower than the usual bottom of the unit. To deal with that ...

... once the glue on the Z-brackets had hardened, I got a whole bunch of shims and bumpers out of the junk drawer, measured everything, and then installed several pieces to level off the bottom. I think I need a low-mounted crossbeam here to support the keyboard better but I'd have to fashion that out of Z-brackets of different height and smaller size. For the time being the Velcro keeps it in place well enough, it no longer hits the screen (and the unit can now close completely), and I generally use it on flat surfaces anyway. When I think I've got the underpieces all in permanent locations, I'll redo it all with JBWeld since the silane goo can still give way if you bang on it enough.

Proof of function: as a console for the POWER9 Raptor Blackbird , using a VGA-to-HDMI dongle on the Blackbird side.

And as a serial console for an AT&T 3B2/310, which will hopefully be the subject of a future entry if I can get the kernel to come up.

Folded up more flat this time, ready for the next project. A latch and a handle would also help to make this more portable, though I suspect some drilling may be required for that. I'll look at some options. For now, this suffices.

Through decades of consolidation, reorganization, and divestiture, AT&T left a famously complicated corporate history. One of the greatest enterprises in American history, arguably the greatest enterprise, AT&T has often rivaled the federal government in the size of its budget and workforce. One of the reasons, as we well know today, was monopolization and its close relative vertical integration. AT&T was the telephone system, or at least aspired to be, and for decades the meaning of "Universal Service" was that the service was designed, built, and operated by AT&T—universally.

While AT&T's tangled origins are fertile ground for the historian, they also obscure many of the early stories of telephone history. Much of the work of the early independent telephone industry has been lost in the voluminous achievements of AT&T. Even very basic facts become obscure. For example, who invented the telephone? Well, we all know the answer: Alexander Graham Bell. We have mostly forgotten that, at the time, this was a hotly contested question. One of the most prominent alternate claimants to the title was a man named Elisha Gray, today immortalized as the "Gray" in electrical distributor "Graybar," but better known in his time as an inventor of telegraph and telephone equipment. Gray contracted prototyping of some of his inventions to an upstart manufacturer and de facto Western Union spinoff, founded by Enos M. Barton (the "bar" in Graybar) and George Shawk. Impressed by Barton's operation, and at odds with Shawk on its future direction, Gray put together the money to buy out Shawk and became half-owner of the company that would reincorporate, in 1872, as Western Electric (WE).

It is ironic, of course, that a man who might fairly be called one of the top enemies of Bell helped to found the company that would become one of the most important parts of the Bell System. It's not a coincidence: Gray's involvement in WE included plans to manufacture his own telephone design, for which he had filed a provisional patent. Like many of the late 20th century's telephone inventors, Gray's greatest challenge in commercializing his invention was not technical but legal. His provisional patent on a telephone transmitter, substantially similar to the one invented by Bell and possibly older, led Western Union to take take part ownership in WE to advance their own plan to compete with AT&T as a telephone company. That set off a protracted legal battle, whose end result included the termination of Gray's patent claim and Western Union's abandonment of telephony.

AT&T was not the kind of company to leave things to chance, though, and least of all when it came to competition. In 1881, AT&T acquired WE. From that point on, WE was no longer a competitor, it was a core part of the Bell System: the manufacturing and supply arm of AT&T. A few decades later, WE had become the primary maker, and often sole supplier, of every piece of equipment used in the Bell telephone network. Everything from telephones to cables to central office switches were made at WE's various works. What few components WE didn't make, it sourced, through an expansive purchasing arm that negotiated orders on the behalf of the entire AT&T family. In 1925, WE had become so dedicated to the Bell System that its remaining non-telephone business, mostly local distributorships, was spun out into a separate company (Graybar). From that point forward, the Bell System was not only WE's sole shareholder but its sole customer as well.

As part of the 1925 reorganization, WE's research and development arm became a new organization, jointly owned by WE and its patron AT&T: Bell Laboratories. This new organization consolidated AT&T's expanding basic science efforts with WE's manufacturing expertise, setting the stage for decades of equipment that was conceived, designed, manufactured, and used within the AT&T empire. Bell operating companies got everything they needed, from tools to the telephones themselves, via requisition to their local WE supply warehouse. Such were the needs of the growing telephone system that WE started manufacturing telephone cable in 1925, quickly became the world's largest manufacturer of wire and cable, and likely held that title continuously until the turn-down of much of its manufacturing capacity in the late 1970s. AT&T was the nation's largest private employer for much of this period, and WE accounted for about 1/6th of that workforce.

Until the Carterfone decision and, for the most part, until the divestiture of AT&T in 1984, telephones were born at Western Electric. All of the phones leased by Bell Operating Companies, ranging from the classic WE 500 to explosion-proof phones for coal mine applications, were made at WE facilities like the Indianapolis Works. There were nearly 10,000 employees there, making 35,000 phones a day—and Indianapolis was not remarkable. It was just one plant of many.

AT&T built its empire through innovation, but also through domination. The acquisition of WE was one of its biggest steps towards complete integration, a goal that WE would pursue through the middle of the 20th century. For example, when the Morton Salt empire indirectly led to the Teletype Corporation and the development of commercial teletypewriter networks, they bought it. Teletype was a WE company from 1930 to its end.

Telephones were not only born at WE; they went there to die. During the 1920s, telephones were expensive instruments that required regular maintenance. Besides the commercial advantage, which would become more significant in later years, this aspect of telephones encouraged a full service lease model. Customers leased their phones from their telephone company in part because (prior to Carterfone) they had to, in part because the arrangement made the telephone company responsible for the phone's care. At the same time, Bell Operating Companies carefully controlled their expenses by reusing equipment as much as possible.

So, when a customer signed up for telephone service, they were issued a phone. When they canceled service, or had trouble with the phone, or quite simply wanted a phone that was a different color (or an upgrade to a Trimline or a Princess), the telephone company took the phone back. It would join hundreds of other phones on a trip to the nearest WE Service Center. The same truck would likely make the return journey loaded with phones ready for customers: the service center refurbished them.

Millions of telephones come back to Bell System service centers each year, many with their housings, handsets, and other molded plastic components bruised and battered. Some can be put back in shape by buffing, solvent polishing, or painting. Others wind up in piles. (Q1)

The scale of WE's phone refurbishing program was remarkable. Huge workshops of WE employees inspected, cleaned, repaired, and tested each phone. Refurbished units visited a test desk for a thorough electrical checkout before they received the service center's stamp or label that they had been remanufactured for use. In the Mountain States and west, WE service centers were found in Denver, Phoenix, Los Angeles, San Francisco, and Seattle. By the 1960s, Portland and Salt Lake City had joined.

Of course, despite the best efforts of all of WE's horses and all of WE's men, not all telephones can be put back together again. Much of the equipment returned to WE could not be satisfactorily refurbished. Besides, it wasn't just phones that telephone companies returned to WE, it was everything. Upgrading a crossbar exchange to an ESS? The ESS came from Western Electric, and the crossbar exchange went back to them. WE supplied telephone poles to the operating companies, and at the end of their life it took them back.

Western Electric has manufactured millions of telephones, millions of miles of wire and cable, tens of thousands of manual and dial switching units, and the thousand-and-one other kinds of apparatus that go into the plant of the Bell System. It has purchased from thousands of other manufacturers the great variety of supplies that are used by the Bell System. (Q2)

The majority of that output—at least what wasn't still in service during WE's decline—went back to WE for disposal, as well. That included the wire: from simple drop wires to heavy multipair cables, old wiring was routinely cut into sections and shipped back to WE—specifically, to the WE Salvage Works on Staten Island.

In 1883, as the component elements of a telephone industry were swirling around New York and accreting by gravity into the shape of the Bell System, Benjamin Lowenstein arrived from Germany. Settling in New York City, he took up a business that he must have learned back in Europe: metal refining. Within a year of his arrival, the B. Lowenstein & Bro. company was smelting scrap metal from a shop in Manhattan (the brother, Moses Lowenstein, was a constant second fiddle in Benjamin's ventures until he sold his share and retired to go his own way in 1900).

Lowenstein had a way of maneuvering his metals businesses into the path of technological progress. His first such success was lead, or rather an alloy of lead with tin and antimony. This specialized alloy was eutectic, meaning that it melted and solidified at a single, well-defined temperature, and a low one at that. These were exactly the requirements for feeding the newly-invented Merganthaler hot-metal typesetting machines, later known as Linotype—much as the metal came to be known as Linotype alloy. By 1890, B. Lowenstein & Bro. was the major supplier of feedstock for hot-metal typesetting in the US.

Linotype metal brought in a lot of money, enough that Lowenstein looked to expand. New York City was already dense enough that it was hard to find a site for a large industrial operation. Instead, Lowenstein found land in the southern end of Staten Island, near the neighborhood of Tottenville. There, he founded the Tottenville Copper Company, Tottenville Copper grew quickly, well positioned for the new demand for copper brought about by the electrical revolution. During the 1900s, Lowenstein rebranded B. Lowenstein & Bro. as the Nassau Smelting and Refining Company and moved to consolidate it with Tottenville Copper. In 1914, as the US entered the First World War, Nassau Smelting and Refining was noted as one of four companies responsible for 90% of the country's copper exports.

It's said that war is good for business, and it certainly was for Lowenstein. The war brought a pressing need for copper, and the Tottenville plant was pressed into military service. This part of the company's history is, unfortunately, well-documented due to a scandal all too familiar to our present times: on March 27th, 1918, police officers seconded to Naval Intelligence raided the Tottenville copper plant and arrested sixteen laborers—Germans and Austrians, many of them crew members of German merchant ships who had become trapped in the United States by wartime turmoil. In finding productive employment, a way to support themselves, they had made the critical mistake of taking jobs that supported the war effort.

The intelligence officers spent most of the day at the plant in Tottenville, which employs about 500 workers. Practically all of them were questioned, but most of them were found to be either native Americans or naturalized citizens. The sixteen who were unable to show either that they had registered or had obtained zone permits were placed under arrest at the plant. (Q3)

Because of its role in supplying copper components of artillery shells, the Tottenville smelter was considered a munitions plant, and was thus off limits to any enemy aliens who did not possess a specific movement permit issued under police supervision. A few of the sixteen arrested had not registered as enemy aliens, but most had registered and had the wrong work permit. The newspapers do not suggest that these sixteen had committed any offense other than a lapse in paperwork, but they were nonetheless "turned over to Federal Authorities for internment." The authorities were also, reportedly, investigating an allegation that a manager at the plant had made "seditious remarks." These included criticism of the Liberty Bonds used to fund the war effort, and a suggestion that American forces in France would not prevail. Fortunately for the plant manager, he was able to produce paperwork proving his citizenship, and officers deemed the evidence of his "seditious" opinions to be insufficient for charges.

If the war brought good fortune to Lowenstein, peace took it away. The end of steady military contracts complicated the finances of Nassau Smelting and Refining, requiring a retooling of the plant towards other products in the difficult context of the post-war recession. A major fire at the plant, in 1923, racked up a huge repair bill and cut into production. There were personal problems, too: in the mid-1920s, Lowenstein divorced, starting a bitter multi-year legal battle over custody of his children—a question ultimately resolved in his favor, but not without the involvement of the appellate courts and an axe-wielding deputy sheriff. The financial condition of his company continued to decline as the country slid into the Great Depression. Lowenstein must have been looking for an exit.

By this time, Nassau Smelting and Refining was consolidated into a 45-acre property on Staten Island straddling Mill Creek, just south of State Route 440 and between Arthur Kill Road and Page Avenue. There were two primary operations: the "red metals" complex which processed copper, and the "white metals" complex for lead and tin. Both ran primarily on reclaimed scrap, refining it into ingots ready for reuse. Conveniently, these were two categories of metals in great demand to the Bell System: copper, for wiring, and lead and tin, extensively used to coat cables and splices and as key ingredients i

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

North is left. 0.35"/pixel (7.7' by 20' field). FWHM = 5.5"

Arp filled this under "galaxies with narrow filaments", but I don't really see why. It's a barred sprial with irregular arms and a faint extended disk.

That being said, the galaxy's bar is slightly misaligned with the core:

which would sudgest that it might have experienced some graviational interaction in the past.

The main galaxy is at z=0.0045, and the faint background galaxy in the lower left is UGC 10509 at z=0.055. It's actually a spiral with a really intresting structure, but it's too small (and dim) to see in my image.

Total exposure time: 274 * 30 seconds = 2.2 hours. Telescope: C9.25 (230mm, f/10, fl=2300mm) Camera: IMX533 (16mm diagonal, square, color) Processing:

• Callibration (dark + flat)

• Stacking (average w/ rejection)

• White balance and background subtraction

• Asinh stretch

• Tone curve

• Crop

Taken during a night with exceptionally bad seeing, resulting in a FWHM of 5" instead of the usual 3". Not that I ever get good seeing, presumably due to nearby heat sources: My telescope was set up between a asphalt road and asphalt roof.

Both of these get super hot during the day and retain that heat all night.

Related :

•

• /astro/arp185/stacked.fits.fz : Raw stacks.

• http://ned.ipac.caltech.edu/level5/Arp/Figures/big_arp185.jpeg : Arp's image.

The Pyodide 314.0 release announcement (via Hacker News ) includes news I've been looking forward to for a long time:

You can now publish Python packages built for Pyodide (or any Python runtime compatible with the PyEmscripten platform defined in PEP 783 ) directly to PyPI and install them at runtime.

Previously, the Pyodide maintainers had to maintain, build, and host over 300 packages ourselves. This created a significant burden on our maintainers and became a major bottleneck for the community, as every new package required manual review.

Moving forward, package maintainers can simply build and publish Pyodide wheels to PyPI, just as they do for native wheels on Linux, macOS, or Windows.

Here's the PR to PyPI itself supporting this , which landed on April 21st.

I adore Pyodide , and have been frustrated in the past by this limitation. It's possible to compile C or Rust extensions to WASM in a wheel file, but before now there was no easy way to distribute them.

Thanks to the efforts of a whole lot of people, that's now been fixed!

Trying it out with luau-wasm

I decided to celebrate by finding something I could package. I have quite a few experimental Pyodide projects lying around, but the best fit for this looked to be my Luau WebAssembly research spike from 9th March.

Luau is a "small, fast, and embeddable programming language based on Lua with a gradual type system", developed by Roblox and released under an MIT license.

It's written in C++. I already knew it was possible to compile it to WebAssembly and get it running inside of Pyodide, so I set Codex + GPT-5.5 xhigh the task of packaging my experiment up and publishing it to PyPI using GitHub Actions.

It took some iteration, but here's the result: luau-wasm is a brand new PyPI package which publishes a 276KB luau_wasm-0.1a0-cp314-cp314-pyemscripten_2026_0_wasm32.whl file which can be used in Pyodide like this:

import micropip await micropip . install ( "luau-wasm" ) import luau_wasm print ( luau_wasm . execute ( r''' local animals = {"fox", "owl", "frog", "rabbit"} table.sort(animals, function(a, b) return #a < #b end) for i, name in animals do print(i .. ". " .. name .. " (" .. #name .. ")") end ''' )) You can run that code in the Pyodide REPL demo to see it in action.

The GitHub repo for luau-wasm includes all of the build and deploy scripts (using the latest cibuildwheel ) and also deploys an HTML demo page which loads Pyodide, installs luau-wasm and provides an interface for trying it out: https://simonw.github.io/luau-wasm/

How many packages are using this so far?

I was curious to see how many packages are currently publishing wheels for this platform.

After some tinkering with ChatGPT I got to this BigQuery SQL which I ran against PyPI's public dataset on BigQuery . Here's the raw JSON of query results and here's a SQLite SQL query in Datasette Lite which dedupes packages by most recent upload date.

If the query is right, there are currently 28 PyPI packages publishing with the new pyemscripten_202*_wasm32 tags:

luau-wasm , uuid7-rs , cmm-16bit , pyOpenTTDAdmin , imgui-bundle , numbertoolkit , bashkit , geoarrow-rust-core , arro3-io , arro3-core , arro3-compute , onnx , powerfit-em , tcod , chonkie-core , tokie , robotraconteur , pydantic_core , yaml-rs , cadquery-ocp-novtk-OCP.wasm , uuid_utils , base64_utils , pycdfpp , lib3mf-OCP.wasm , typst , toml-rs , onnx-weekly , dummy-pyodide-ext-test

Here's hoping we see a whole lot more of those showing up over the coming months and years.

Tags: lua , pypi , python , sandboxing , webassembly , github-actions , pyodide

Back when the US government classified strong encryption as “munitions,” RSA public key cryptography was illegal to export. In 1995, Adam Back protested this by creating a terse, obfuscated implementation of RSA in Perl code and used it as an email signature.

The code was also printed on T-shirts. The shirt was classified as munitions because it contained source code for strong encryption. More on the shirt here .

This was the code:

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2) My initial intention was to unpack the code, explaining each piece in detail. I don’t have the time or patience for that, and I imagine many readers don’t either. For more of a blow-by-blow explanation, see this commentary from 1995.

dc

In the middle of the code is

echo ... | dc This is the most dense and most important part of the code. Perl calls the dc calculator to do the arbitrary precision arithmetic that RSA encryption requires.

I’ve written about bc several times. bc (“basic calculator”) was a originally a more user-friendly wrapper around the reverse-Polish dc (“desktop calculator”). dc is still part of every Unix and Unix-like system, but I imagine bc is far more popular.

The important feature of dc for this post is that it is stack-based, meaning that users would push data and commands on to the stack and pop results off the stack. A sequence of commands that might be understandable when interactively using dc would look cryptic in a transcript. This is part of what makes the code so cryptic.

I’ll parse just a tiny bit of the dc code to give a flavor of what it does. The first four characters 16do instructs dc to push 16 on to the stack, duplicate it, and set the output radix to 16, i.e. these four characters tell dc to work in hexadecimal.

Believe it or not, the dc code is computing

m k mod n

using fast exponentiation , which is the key step in the RSA algorithm.

Textbook RSA

Note that Adam Back’s code is computing what we would now call textbook RSA, not RSA as it has been refined over the years and is currently implemented .

Related posts

• Martin Gardner’s RSA article

• RSA encryption flaws

• Three applications of Euler’s theorem

The post RSA munitions T-shirt first appeared on John D. Cook .

In 1980, Intel released the Intel 8087 floating-point coprocessor, a chip that could make math up to 100 times faster. As well as arithmetic and square roots, the 8087 computed transcendental functions including tangent, exponentiation, and logarithms. But it all depended on a 69-bit adder: "The arithmetic heart of the floating-point execution unit is centered about a nanomachine comprised of the adder and its related registers, shifters and control circuitry," as the patent describes it. In this article, I explain the circuitry of this adder.

The photo below shows the 8087 die under a microscope. Around the edges of the die, hair-thin bond wires connect the chip to its 40 external pins. The complex patterns on the die are formed by its metal wiring, as well as the polysilicon and silicon underneath. At the top of the chip, the Bus Interface Unit connects to the rest of the system: coordinating with the main 8086 processor and memory. The chip's instructions are defined by the large microcode ROM in the middle.

Die of the Intel 8087 floating-point unit chip, with relevant functional blocks labeled. The die is 5mm×6mm. Click for a larger image.

The bottom half of the die is the "datapath", the circuitry that performs calculations; it is split into the exponent datapath, which handles the exponent of a floating-point number, and the fraction datapath, which handles the fractional part (or significand). The adder (red) sits in the middle of the fraction datapath; to perform addition on the exponent, the exponent must be copied over to the fraction datapath.

Structure of the adder

Building a binary adder is easy; the hard part is making it fast. The key problem is how to handle the carries from a bit position to the next. Each carry potentially depends on all the lower carries, but you don't want to wait as a carry ripples through the logic for all 69 bits. (It's similar to doing 999999+1 with long addition: you need to carry the one, carry the one, ...)

The 8087's adder speeds up performance by breaking addition into 4-bit blocks, using two techniques to make computation inside each block fast. The carry needs to ripple from block to block, but this reduces the number of carry steps by a factor of four.

Simplified diagram of a four-bit block in the 8087's adder.

The diagram above shows the structure of one 4-bit block, with the carry generation circuits abstraced out for now. The adder takes two inputs: one ( F ) is from the chip's fraction bus, a bus that connects the components of the fraction datapath. The second input ( B ) comes from a register called the B register. Each bit of the sum is produced by XORing a F input, a B input, and the carry into that bit position. 1 For reasons that will be explained below, the intermediate value ( F XOR B ) is called "propagate". The carry-out from each block is tied to the carry-in of the next block. But what happens inside the carry circuits?

In 1959, researchers at the University of Manchester developed a fast carry technique for a computer called Atlas. This technique, named the Manchester carry chain, computes the carry values by setting up switches in parallel and then letting the carry quickly propagate through the wires, controlled by the switches. Although the carry still needs to travel from bit to bit, it travels at the speed of a signal in a wire, not slowed by logic gates. 2

The Manchester carry chain is built around the concepts of Generate, Propagate, and Delete (also known as Kill), which arise when adding two bits and a carry. If you add 1+1 , a carry-out is generated , whether there is a carry-in or not. In contrast, if you add 0+0 , there is no carry-out, regardless of the carry-in; any carry-in is deleted . The interesting case is if you add 0+1 : a carry-out results only if there is a carry-in; that is, the carry-in is propagated to the carry-out. In logic terms, the generate signal is the AND of the two input bits, the delete signal is the NOR, and the propagate signal is the XOR. The important thing is that these signals can be computed for all bit positions in parallel, in constant time.

The idea behind the Manchester carry chain. Note that the low bit is on the left, so the carry flows left to right.

The Manchester carry chain is constructed as above, with the switches at each bit set according to the Generate/Propagate/Delete values. Once the switches are set, the carry status quickly flows through the circuit, producing the carry value at each position without any logic delays. If the propagate switch is closed, the previous carry passes through. But if the generate or delete switch is closed, the carry is set or cleared, respectively. Once the carry values are available, the final sum can be computed in parallel with XORs.

The 8087 uses an optimized circuit for the Manchester carry chain, combining the Generate and Delete cases. One stage of the adder's carry chain is shown below. For the propagate case, the carry-in Cin passes through the top switch, propagated to the carry out Cout . For the generate and delete cases, the bottom switch is closed, passing the input bit F . The trick is that the generate case corresponds to 1+1 , so F is 1, resulting in Cout getting set. The delete case corresponds to 0+0 , so F is 0, and Cout is cleared. (Note that both inputs, F and B , are the same in these cases, so using F instead of B is arbitrary.)

One stage of the Manchester carry chain.

The middle of the diagram shows how the switches correspond to a multiplexer (mux) selecting the top signal Cin if prop is set, or the bottom signal F if prop is clear. The right side of the diagram shows the physical implementation with two NMOS transistors. These transistors function as switches (pass transistors), controlled by the prop signals on the gate.

The problem is that pass transistors aren't perfect switches, but lose a bit of voltage at each step. To fix this, the carry chain is broken into blocks of four bits (as shown earlier) and each block produces a "fresh" carry. This refresh is done by a "carry-skip" circuit, which can skip the carry processing inside the block. Specifically, the carry-skip mechanism checks if all positions inside the block are Propagate. In this case, the carry-out will have the same value as the carry-in (since the carry-in propagates through all the bit positions of the block). The carry-skip circuit detects this case and produces a carry-out signal matching the carry-in.

Putting this all together, the schematic below shows the adder circuitry for a typical block of four bits. The four multiplexers form the Manchester carry chain, while the NOR gate detects the carry-skip case.

Reverse-engineered schematic for a 4-bit block of the adder.

To optimize performance, there is a complication for electrical reasons. 3 The 8087 uses NMOS transistors, which are much faster to pull a signal low than to pull a signal high. To improve performance, the carry lines are precharged to 5V at the start of an addition, and then the circuitry pulls the lines low if needed. In order to start in the no-carry state, the carry lines are all negated, so the initial 5V state corresponds to no carry, and the ground state corresponds to a carry.

The last multiplexer in the block has four inputs instead of two 4 . The third input pulls the (inverted) carry line low for the carry skip case. 5 The fourth input is the precharge signal; it puts 5V on the carry line to precharge it. (A control circuit activates the precharge signal at the start of an addition cycle.) Note that this only precharges one of the carry lines; to precharge the rest, the propagate signal is forced high during precharge.

Reverse-engineered schematic for the propagate circuit. This shows an arbitrary bit n .

The circuit to generate the propagate signal (above) is conceptually the XOR of the two inputs, but there are (of course) complications. When the precharge signal is high, propagate is forced high, tying all the carry lines together so the precharge can propagate to all of them. The second feature is that the B inputs can be blocked by the forceZero signal, so the value 0 is added instead of the B value.

To summarize, the adder is divided into blocks of four bits. Each block uses a Manchester carry chain and a carry-skip circuit to optimize the performance. Even with these optimizations, though, the large number of blocks requires the 8087 to take two clock cycles to complete an addition.

The adder in silicon

The image below shows how the circuitry for a block of four bits appears on the die. These blocks are stacked vertically to create the complete adder as seen in the earlier die photo. In this image, the metal layer is visible as white lines, mostly obscuring the circuitry underneath. The 8087 has a single metal layer, which constrains the layout. Note that metal wiring is tightly packed, occupying almost the complete area. The thick vertical metal trace at the left is ground, while the thick metal trace at the right is power, supplying the adder circuitry. The horizontal traces provide wiring inside the adder block, as well as allowing the fraction bus to pass across the adder. The vertical lines on either side are control signals for the adder ( precharge and forceZero ) as well as connections to circuitry at the bottom of the chip.

A block of four bits in the adder.

The photo below shows the silicon and polysilicon circuitry underneath the metal layer. (To take this photo, I dissolved the metal layer with acid.) The thin lines are polysilicon wiring, while the pinkish areas that appear raised are doped silicon. A transistor is formed when polysilicon crosses doped silicon. The circuitry is complex and irregular, connected by the horizontal metal wires above. The white circuits are contacts between the silicon and the metal wiring, while the white squares are contacts between the polysilicon and metal. Roughly speaking, if you divide the circuitry above into quarters, each quarter adds one bit. The carry-skip circuitry is in the middle.

A block of four bits in the adder with the metal layer removed.

The left and the right sides of the image don't have any transistors, just polysilicon lines that pass under the vertical metal wiring. Many of these polysilicon lines are widened to reduce their resistance and thus tune performance. The silicon in these regions is "wasted", just providing a channel for the vertical wiring.

The size of the adder

Although the 8087 nominally has 64-bit values for the fraction (significand), the adder is slightly larger: it takes 69 bits as input and generates 70 output bits. One reason is that the 8087 uses three extra low-order bits for rounding, called Guard, Round, and Sticky. These bits ensure that a value is always rounded in the right direction. Handling of the rounding bits is fairly complicated, with multiple modes, but from the adder's perspective they are just three input bits. 6

As will be explained below, the value from the B register can be doubled, requiring one more bit. Finally, the fraction bus and the B value can be negated. (This is used for subtraction, among other things.) A negative value is represented in two's complement, requiring one more bit. In total, the inputs to the adder are 69 bits wide.

When adding two large numbers, the result can require one additional bit. Thus, the output of the adder is 70 bits wide. The Sum Shifter (explained below) can shift the output two bits to the right, cutting the result down to 68 bits. This is still one bit larger than 64 bits with 3 rounding bits; the "extra" bit is supported by a few special-purpose registers, such as the tmpC register 7 and the Skip Shifter.

The surrounding circuitry

The inputs and outputs of the adder are tied to some special registers and circuits. I'll leave a detailed explanation of this circuitry to another post, but I'll provide a brief description here. 8 The adder has two inputs: one input is from the fraction bus and the other input is from the B register. The adder's output is stored in the Sum Register. To make multiplication faster, the 8087 uses radix-4 Booth multiplication , which multiplies by two bits at a time. The multiplier is stored in the Skip Shifter, a register that allows two bits to be shifted out at a time. Based on these bits, one of the values 2B , B , 0 , or -B is added. (The -B path is also used for subtraction.) The adder's output is shifted right two bits by the Sum Shifter (not to be confused with the Skip Shifter) and stored in the Sum Register.

The adder and associated registers. Based on the patent .

Division is implemented by repeated subtraction, addition, and shifting. The bits of the result are accumulated in the quotient register. The implementation of square root is similar to the pencil-and-paper long square root, except in binary. The skip shifter provides two bits from the left, which are appended to the right side of the adder input. A subtract or add takes place, similar to division, and the square root is formed in the B register.

Multiplication, division, and square root require multiple steps to process all the bits. For performance, this looping is implemented in hardware, not in microcode. These instructions require a lot of microcode to prepare the arguments, handle exponents, handle special cases, and store the results, but the inner loop is hardware.

Conclusions

The 8087 patent expresses the importance of the adder: "Ultimately, all arithmetical operations are reduced at one point to a binary addition." Thus, the performance of the adder is vital to the performance of the 8087. There are faster ways to add, such as the Kogge-Stone adder in the Pentium , but these approaches require much more hardware, too much for the constrained transistor count of the 8087. The 8087 balanced complexity against performance, using the Manchester carry chain with

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• Shareholder supremacy and the precog CEO : A bright line test that's totally unfalsifiable.

• Hey look at this : Delights to delectate.

• Object permanence : Msft v Linux geeks; James Joyce scholars v Joyce estate; iPod sweatshops; Pratchett initiates assisted suicide; Lego-making machine made of Lego; Laid off workers v gag clauses; The ACCESS Act.

• Upcoming appearances : LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

Shareholder supremacy and the precog CEO ( permalink )

It's been 55 years since Milton Friedman – cursed be his name – published his NYT editorial, "The Social Responsibility of Business Is to Increase Its Profits," in which he invented the idea of shareholder supremacy out of whole cloth and declared it to be a universal, freestanding, inarguable truth:

https://www.nytimes.com/1970/09/13/archives/a-friedman-doctrine-the-social-responsibility-of-business-is-to.html

Friedman's editorial railed against the idea of "corporate social responsibility," arguing that corporate managers should confine the exercise of their consciences to projects involving their own money and resources. At work, managers must harden their bleeding hearts and do nothing except increase the returns to their shareholders.

Friedman wasn't merely arguing that this would give rise to better companies – the crux of his argument was that by adopting this "fiduciary duty" standard, it would be easy to determine whether a company was being well-managed or run into the ground:

https://pluralistic.net/2024/09/18/falsifiability/#figleaves-not-rubrics

Friedman argued that "being a good person" was a squishy, undefinable standard that could never be objectively measured. But "maximizing shareholder value" was a crisp, bright-line test that could be readily evaluated by any reasonable person. "Did this manager make as much money as possible for the company's owners?" feels like the kind of question we can all agree on, while, "Did this manager behave in an ethical way?" is much harder to answer.

But even a few moments' thoughts reveal the flaw in this line of reasoning. We can all agree whether a manager made money for the shareholders – but how can we know whether the manager made as much money as possible ?

Think about how much "corporate social responsibility" cashes out to performative and insincere nonsense and/or cynical marketing. Target didn't stock Pride merch because they love their LGBTQ friends. They stocked it because they thought they could sell it (same goes for BP marketing its "green" gasoline). Google supports its coders' environmental/queer/antipoverty efforts because being the "don't be evil" company lets you hire in-demand workers who might otherwise go to work for Meta, and every engineer a Silicon Valley firm hires adds an average of $1m to the company's annual bottom line.

Further: it would be absurd to hold managers to the "make as much money as possible" standard in a competitive market, because in that market, there will always be a company that comes in second. If "as much money as possible" is the standard and you're Chairman of the Board of the number two company, with $10b in profit, while the number one pulled in $11b, "as much money as possible" demands that you fire the C-suite immediately, since they objectively could have done 10% better.

So the real standard isn't "make as much money as possible," it's " try to make as much money as possible." And here again, there's no objective way to evaluate managerial performance. Target made a lot of money by selling Pride merch…until they didn't. Do we fire the Target C-suite because they failed to anticipate that 2024 would mark America's transition into the chuddocene, an era in which selling Pride tchotchkes makes you cucked and soy and, you know, gay ?

Whether it's "make as much money as possible" or " try to make as much money as possible*," shareholder supremacy can only be evaluated with the aid of a crystal ball…or a time machine.

Which raises a question: what made this nonsensical shareholder supremacy standard so damned attractive to corporate leaders?

Well, what if the ambiguity of shareholder supremacy was a feature and not a bug? What if the function of shareholder supremacy was to absolve the cruelest people for indulging their most sociopathic instincts? What if this "bright line test" was actually a universal excuse , an all-purpose accountability sink that could be used to justify any cruelty or cowardice? "Why didn't I fire my college buddy when I found out that he was sexually abusing his colleagues? Well, he was the best salesman on the team, and I have an obligation to my shareholders. Sorry, my hands were tied."

In other words: Don't get mad at me.

Get mad at Milton Friedman.

Hey look at this ( permalink )

• I Am Not a Reverse Centaur https://blog.miguelgrinberg.com/post/i-am-not-a-reverse-centaur

• Network service termination for certain Sony Electronics products https://www.sony.com/electronics/support/articles/00398725

• More molly guards https://unsung.aresluna.org/more-molly-guards/

• The Democratic Urge to Lose https://catvalente.substack.com/p/the-democratic-urge-to-lose

• Please I Beg of You Do Not Use “AI” In Your Business Communications https://whatever.scalzi.com/2026/06/11/please-i-beg-of-you-do-not-use-ai-in-your-business-communications/

Object permanence ( permalink )

#20yrsago Microsoft gets Linux geeks evicted from convention center https://web.archive.org/web/20010619154332/http://www.newsforge.com/article.pl?sid=01/06/01/1540231

#20yrsago Stanford prof sues James Joyce estate for right to study Joyce https://web.archive.org/web/20060615203517/http://news.yahoo.com/s/ap/20060613/ap_on_en_ot/james_joyce_lawsuit

#20yrsago Inside China’s iPod sweat-shops https://web.archive.org/web/20060616173514/http://www.macworld.co.uk/news/index.cfm?RSS&amp;NewsID=14915

#15yrsago Terry Pratchett initiates assisted suicide process https://web.archive.org/web/20110614215922/https://www.telegraph.co.uk/health/8571142/Sir-Terry-Pratchett-begins-process-that-could-lead-to-assisted-suicide.html

#15yrsago Lego-making machine made of Lego https://www.eurobricks.com/forum/forums/topic/56346-review-moulding-machine-4000001-lego-insider-tour-exclusive/

#10yrsago It’s getting harder and harder to use gag clauses to silence laid off workers in America https://web.archive.org/web/20160611202305/https://www.nytimes.com/2016/06/12/us/laid-off-americans-required-to-zip-lips-on-way-out-grow-bolder.html

#5yrsago The ACCESS Act https://pluralistic.net/2021/06/12/access-act/#interop

Upcoming appearances ( permalink )

• LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19

https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant

• Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21

https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026

• Toronto: The Sovereignty Debate (IAB Canada's State of the Nation), Jun 23

https://iabcanada.com/state-of-the-nation-2026

• Toronto: The Reverse Centaur's Guide to Life After AI (Osler Records/Type Books), Jun 23

https://www.eventbrite.com/e/cory-doctorow-book-launch-and-talk-tickets-1991501299998

• NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24

https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html

• Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25

https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559

• Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26

https://exileinbookville.com/events/50628

• Edinburgh International Book Festival with Jimmy Wales, Aug 17

https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales

• South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6

https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances ( permalink )

• The Enshittification of Life, the Universe, & Everything (Luke Savage)

https://www.lukewsavage.com/p/the-enshittification-of-life-the

• Cory Doctorow's digital jail-break (DW In Focus)

https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035

• Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)

https://www.jimruttshow.com/cory-doctorow-3/

• On Enshittification – and what can be done about it (Re:publica)

https://www.youtube.com/watch?v=KhINQgPMVSI

• EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)

https://archive.org/details/effecting-change-enshittification

Latest books ( permalink )

• "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce

• "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025

https://us.macmillan.com/books/9780374619329/enshittification/

• "Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 ( https://us.macmillan.com/books/9781250865908/picksandshovels ).

• "The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 ( thebezzle.org ).

• "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 ( http://lost-cause.org ).

• "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 ( http://seizethemeansofcomputation.org ). Signed copies at Book Soup ( https://www.booksoup.com/book/9781804291245 ).

• "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com .

• "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books ( permalink )

• "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 ( https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/ )

• "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

• "The Post-American Internet," a geopolitical sequel of sorts to Enshittification , Farrar, Straus and Giroux, 2027

• "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

• "The Memex Method," Farrar, Straus, Giroux, 2027

Colophon ( permalink )

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

• "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

• "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

• A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

" When life gives you SARS, you make sarsaparilla " -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Jonathan Edwards reporting for The Washington Post:

President Donald Trump’s name is off the Kennedy Center.

Crews at the performing arts venue started removing it from the front of the building around 3 a.m., several hours after the center missed a federal judge’s two-week deadline to do so. The judge had ruled that the decision by the center’s board of trustees to rename it was illegal.

A perfect metaphor for the work ahead of us.

★

• •

“The Campo di SS. Giovanni e Paolo, Venice,” by Bernardo Bellotto, via the National Gallery of Art . Welcome to the reading list, a weekly roundup of news and links related to buildings, infrastructure and industrial technology. This week we look at homes being built on top of libraries, Patriot missile manufacturing, an effort to construct new US coal plants, a tunnel between the US and Russia, and more. Roughly 2/3rds of the reading list is paywalled, so for full access become a paid subscriber. Housing Apparently the hot new trend is to combine housing developments with libraries, either by building housing on the site of an existing library, or building a new library as part of a larger development project. “ The projects would be part of a nationwide trend, joining similar efforts in the suburbs of Washington and the cities of Boston, Cleveland and Milwaukee. An October 2025 report from the Urban Institute, a nonprofit research group, found that more than 1,800 apartments had been built across the United States as part of developments combining libraries and housing. A number of such projects have moved forward in New York City, including at the Sunset Park Library in Brooklyn, the Inwood Library in Manhattan and the Grand Concourse Library in the Bronx. ” [ NYT ] Claims about housing construction in Taiwan. [ X ] • •

Manufacturing It apparently takes more than two years(!) to build a Patriot missile. The article is thin on details, but this mostly seems to be due to the time suppliers need to make individual parts and subcomponents. [ WSJ ] Claims that on the order of 90% all the semiconductor lithography equipment that’s ever been made is still in use. [ X ] Chinese car manufacturer BYD wants to unseat Toyota as the world’s biggest carmaker in five years. [ The Guardian ] And in spite of the sky-high tariffs on Chinese vehicles, some Chinese car manufacturers have apparently established a small presence in the US in anticipation of future US sales. [ Jalopnik ] The US adds a bunch of major Chinese manufacturers, including car manufacturer BYD, robot manufacturer Unitree, and battery manufacturer CALB to its list of “Chinese military suppliers,” which can make it more complicated for US companies to do business with them. [ CarNewsChina ] Ford is trying to get more people into the skilled trades. [ WSJ ] Google orders 3 million TPUs from Intel. [ Tom’s Hardware ] And SemiAnalysis thinks that things for Intel are looking up, and the company should raise capital. [ SemiAnalysis ] Energy Solar energy supplies more electricity than coal in the US for the first time. “ Solar supplied 12.8% of US electricity last month while coal accounted for 12.2%, according to a report Wednesday from the clean energy think tank Ember, which analyzed monthly and hourly data from the US Energy Information Administration. ” [ Bloomberg ] At its peak in the 1980s, coal supplied roughly 55% of US electricity. But even though coal is in long-term decline, it’s not going down without a fight. The data center boom is keeping coal plants that were slated for closure operating longer. [ The Register ] And the Trump administration wants to use the Defense Production Act to build two new coal plants in Alaska and West Virginia. [ Bloomberg ] There hasn’t been a utility-scale coal plant built in the US since 2013.

Read more

Week four of the roundup, built from the package manager OPML feed collection and whatever I’ve posted or boosted on Mastodon .

Security

GitHub announced the breaking changes coming in npm v12 , estimated for July. npm install will stop running dependency lifecycle scripts unless they’re allowed via the allowScripts field that 11.16.0 introduced in advisory mode, covered in the install-script allowlists post I wrote last week. Implicit node-gyp builds are blocked too, so a package with a binding.gyp and no install script needs approval like any other. Git dependencies and remote URL tarballs also stop resolving by default, each behind a new --allow-git / --allow-remote flag. Everything ships behind warnings in npm 11.16.0+ today.

uv audit is a new preview command that scans Python dependencies for known vulnerabilities and adverse project statuses like deprecation, a uv-native alternative to pip-audit. The same announcement covers an experimental malware check: uv add and uv sync can look up previously-resolved packages against OSV on every sync, behind UV_MALWARE_CHECK=1 .

pnpm 11.5.3 , backported to 10.34.2 , hardens the packageManager bootstrap path. The registry and proxy settings used to download a requested pnpm version now come only from trusted config sources, not the repository’s own .npmrc , and the downloaded binary’s npm registry signature is verified before it runs, failing closed. Repository-controlled config can no longer expand environment variables into registry URLs or credential values, and Node.js downloads get their SHASUMS256.txt checked against the release team’s PGP keys instead of trusting the configured mirror to vouch for itself. A follow-up post walks through the malicious-repository scenario the env-variable change blocks.

Composer plugin allowlists are now available at the organization level for Private Packagist customers, the next post in Packagist’s supply-chain security series. Composer plugins run code during install and update, and the existing per-developer trust prompt is easy to clear without thinking, or to clear from a coding agent on autopilot.

The Arch User Repository package alvr was orphaned and immediately adopted by a threat actor who pushed an update carrying an infostealer payload. The aur-general thread tracks the takeover and the orphan-adoption mechanic that enabled it.

Podman 5.8.3 fixes CVE-2026-44517 , where a Dockerfile ADD or COPY pulling from a malicious git repository or tar archive could write files outside the build context.

Ruby Central announced a Security Engineers in Residence programme , funded by an Alpha-Omega grant, to find and verify vulnerabilities in widely-used gems before reporting them to maintainers, following the model the Python, Rust and PHP foundations already run. I’m advising the team on package ecosystem security. The first engagement turned up a ReDoS in Nokogiri’s CSS query tokenizer, verified and fixed before disclosure.

Releases

RubyGems and Bundler 4.0.14 follow up on last week’s Cooldown feature: Bundler now preserves per-source cooldown settings when converging sources from the lockfile and stops excluding the locked version from cooldown during bundle update . On the RubyGems side, the gem installer validates executables and bindir, and C1 control characters are stripped from displayed gem text.

gem.coop namespaces moved from beta to general availability, so a Gemfile can point at a per-publisher source like https://gem.coop/@kaspth . Cooldown support was added to every namespace via a /cooldown suffix, though that part stays on the beta domain while bugs get fixed.

npm 11.17.0 adds a min-release-age-exclude config to exempt named packages from the release-age gate. The allowScripts policy now applies across prune , dedupe , uninstall , audit and link , and a prototype-pollution path in the config Queryable setter is closed.

Dependabot Core 0.381.0 adds Bundler 4 support and disables the npm minimal-age gate for Yarn Berry security updates, the same cooldown-bypass-for-security-fixes pattern it applied to pnpm last week. Go module updates now respect GONOPROXY and GONOSUMDB .

mise 2026.6.3 adds excludes to its minimum release age setting so a cooldown policy can carve out specific tools, plus an opt-in auto_env that activates platform-aware config and lockfiles by detected OS and architecture. 2026.6.5 closes trust-bypass paths where an untrusted project’s mise.toml or mise-tasks/ directory could run code before the user approved it, and makes credential_command global-only so a checked-out repo can’t run arbitrary shell through it.

Flatpak 1.18.0 exposes AMD’s compute interface ( /dev/kfd ) through the DRI device permission, prints failure causes in flatpak update output, and speeds up fish shell integration at startup.

Homebrew 6.0.0 adds a tap trust mechanism that requires explicit approval before a third-party tap’s Ruby runs on the machine. The release also ships a smaller default internal JSON API, sandboxing on Linux, and parallel formula installs from brew bundle . Three security advisories are addressed in the same release: an HTTPS-to-HTTP redirect bypass in the POST download strategy, root code execution via Git hooks in a macOS pkg postinstall, and the macOS installer trusting user-controlled plist files. brew bundle also adds npm, krew and winget support and now prompts before removing packages on cleanup. A PR I sent adds a patches key to brew info --json and the formulae.brew.sh API, so SBOM generators and vulnerability tools can see which patches each formula applies on top of upstream.

Deno 2.8.3 accepts --env-file in the dependency and registry subcommands, and suggests DENO_TLS_CA_STORE when a fetch hits an untrusted certificate.

Also out: pixi 0.70.2 , Mamba 2.8.1 , uv 0.11.21 , Chocolatey 2.7.3 , sbt 2.0.0-RC16 , Gradle 9.6.0-RC2 , Conan 2.29.1 , Helm 4.2.1 , Helm 3.21.1 , pnpm 11.6.0 , Homebrew 6.0.1 , Windows Package Manager 1.29.250 , Docker Engine 29.6.0-rc.1 , Podman 6.0.0-RC1 , Verdaccio 7.0.0-next-7.21 , Renovate 43.220.0 .

Articles

What We’re No Longer Seeing: AI and the Invisible Newcomer in Open Source (Mara Averick, stdlib blog) argues that the friction of a newcomer’s first clumsy issue or pull request is how communities spot and welcome new contributors, and that AI assistance now smooths that friction away before anyone sees it.

We have to change the rules of security (Josh Bressers) makes the case for deliberately choosing what security work to stop doing, rather than letting tasks fall through the cracks at random.

A Strategic Approach to Demonstrating the Value of OSS Efforts (Dawn Foster) collects a year of her writing and talks on showing leadership the value of open source work in one place.

The Guix Nix Abomination: Leveraging Guix derivations in Nix (Farid Zakaria) registers a Guix derivation in a Nix store and has Nix build it, showing the two tools share the same derivation machinery underneath the rivalry.

Nix flakes vs Guix works through why there’s no single Guix equivalent of a flake: flakes bundle several concerns into one feature, where Guix covers the same ground with separate composable tools.

Are insecure code completions a vulnerability? (Seth Larson) catches PyCharm’s line completion suggesting CERT_NONE and warning-suppression boilerplate, and argues a CVE is the wrong mechanism for systematically insecure suggestions, though vendors should still fix them at the source.

Helm v3 end-of-life sets 9 September 2026 as the final feature release, limited to Kubernetes client library updates, and February 2027 as the cutoff for security patches. Existing Helm 3 releases can be managed by Helm 4 without chart rewrites.

Reuse Less Software (Simon Heath) argues for vendoring every dependency into your own repository as a supply-chain firebreak, on the principle that the auto-fetch step is what lets a poisoned release propagate at CI speed and that giving up transitive dedup is a price worth paying for the break.

Papers

When LLMs Invent Rust Crates: An Empirical Study of Hallucination Patterns and Mitigation (Zheng et al., arXiv) is the first large-scale study of crate hallucination in LLM-generated Rust code, building its dataset from Stack Overflow and GitHub tasks rather than the Python and JavaScript ecosystems earlier package-hallucination work measured.

Skilldex: A Package Manager and Registry for Agent Skill Packages with Hierarchical Scope-Based Distribution (Saha et al., arXiv) proposes a package manager and registry design for distributing agent skills with scoped namespaces.

Elsewhere

Inside PyPI: Maria Ashna on Supporting Python’s Package Index is a Behind the Commit interview about the day-to-day work of running PyPI.

Fixing Fedora’s Packaging Pipeline is a Fedora Podcast episode with Jakub Kadlčík of the Copr build service on RPM packaging tooling.

The impact of AI on open source software development is a panel Mike McQuaid put together with five open source practitioners on what AI assistance changes for the communities and projects underneath the tooling.

Sustain episode 289 has Courtney Miller on software abandonment, maintainer burnout, and what AI tooling changes for project sustainability.

Two versioning schemes: PaceVer versions user-facing apps as MARKETING.NATIVE.OTA , bumping by which channel a release ships through, the slow store-reviewed binary or the fast over-the-air update. Kelvin versioning (Devine Lu Linvega) counts versions down in Kelvin towards absolute zero, where the software is frozen and no further releases are possible.

git-pkgs

I tagged proxy v0.5.0 .

Send links for next week to @andrewnez@mastodon.social .

Statement on the US government directive to suspend access to Fable 5 and Mythos 5

Well this is nuts :

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected.

We received the directive from the government today at 5:21pm (ET). The letter did not provide specific details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or "jailbreaking" Fable 5. We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass. [...]

To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed the report and validated that the level of capability displayed there is widely available from other models (including OpenAI's GPT-5.5 ), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours.

I still have access to Fable via claude.ai and Claude Code now, at 9:01pm ET.

Update : I ran this script against the Anthropic API to spot when claude-fable-5 would stop working. My access was cut off at 6:59pm Pacific (9:59pm ET):

[2026-06-12T18:56:50-07:00] attempt 35: running uv run llm -m claude-fable-5 hi [2026-06-12T18:56:55-07:00] success: Hi there! How can I help you today? [2026-06-12T18:57:55-07:00] attempt 36: running uv run llm -m claude-fable-5 hi [2026-06-12T18:57:59-07:00] success: Hi! How can I help you today? [2026-06-12T18:58:59-07:00] attempt 37: running uv run llm -m claude-fable-5 hi [2026-06-12T18:59:00-07:00] FAILED after attempt 37 with exit code 1

stderr: Error: Error code: 404 - {'type': 'error', 'error': {'type': 'not_found_error', 'message': 'Claude Fable 5 is not available. Please use Opus 4.8. Learn more: https://www.anthropic.com/news/fable-mythos-access'}, 'request_id': 'req_011CbzRyirV7KZLHYYdBM9od'}

Via @AnthropicAI

Tags: jailbreaking , ai , generative-ai , llms , anthropic , claude , ai-ethics , claude-mythos

There is a bit of schadenfreude on Twitter right now about Anthropic being hit by the US government’s export control directive to suspend access to Fable and Mythos . Anthropic and their leadership have spent a lot of time and effort describing its own technology as dangerous and in need of strict controls and regulation. Now that the US government appears to have taken that framing seriously and told them to turn it off for foreign nationals I can see why people are making fun of that situation.

I understand the reaction, but I urge you to not entertain it for too long because it is a giant distraction. The important part is not that Anthropic’s safety language came back to bite them but the line the US government is drawing: this technology is apparently so powerful that only Americans should have it.

We are on a clear path towards a world of division. One should think that if a model is too dangerous for everyone, then it is too dangerous for Americans too. Instead the US is treating these models like weapons that need to be controlled. It is not just about capabilities, it is about racism and nationalism. If you have the wrong passport, you are not to be trusted. This is a very different thing from safety, and Europeans should pay close attention to it.

Safety and National Control

The directive, as Anthropic describes it, applies to foreign nationals whether they are inside or outside the United States, including foreign national Anthropic employees. That is an astonishing boundary if you think about it. We moved from “do not sell this model to hostile governments” to nationality itself being the defining boundary. This should be a wake-up call to Europeans in and outside the US, and quite frankly, any non US citizen.

A lot of AI safety discourse presents itself as universal: humanity, catastrophic risk, safeguards, responsible deployment. Even Anthropic’s own writings start out that way, but yet every time regulation is discussed there is an overtone of national security and that it cannot get into the wrong hands. It’s not just Anthropic, it’s the entire US based discourse on AI. The foundation is that the US has moral superiority and others are not to be trusted. That there are other countries are authoritarian, that they lack freedoms.

That should make us uncomfortable, not just Europeans, but particularly us. It is also a situation you cannot regulate yourself out of. European technology policy is entirely unprepared for this, because this is not a question of regulation but a question of might and power, something that Europe lacks.

Europe has spent years trying to regulate large American technology companies, sometimes for good reasons. I am not reflexively against that. The DMA matters because access matters . Users should have agency over their devices, their data, and the software they run. But regulation is a useless substitute for capability and we are lacking that. Regulation might try to force open doors but if those doors only come from American or Chinese companies, then that accomplishes very little.

Also let’s not be naive in that this is a negotiation of money and force. The US is in that position because the US has a mighty military. The US can bomb nations anywhere in the world, force international trade routes closed and get away with it. That’s true leverage.

Oh Europe

Europe is dependent on the United States in ways that are becoming increasingly impossible to ignore. We depend on American cloud providers, operating systems, developer platforms and now AI models and internet from satellites. We also depend on global semiconductor supply chains we do not control. If access to frontier AI becomes a matter of American national security policy, Europe is not a peer in that conversation and might not even be a market.

That is a humiliating position, but one that happened entirely intentionally.

European citizens and politicians still have not managed to move beyond blaming the EU for its failures. We built and maintained fragmented markets and then pretended we had a single one. We let company formation, hiring, equity compensation, tax, notaries, KYC, banking, and cross-border services remain much harder than they need to be and we are playing these rules against each other. Not just on the European level, but within every single member state. We protect the trusts and established enterprises, who are risk averse and entrenched, instead of trusting the next generation to build great companies. We created a culture where process becomes an excuse for low agency . We made it hard to build new and large companies and then act surprised when our most ambitious founders move somewhere else or just decided to incorporate their companies in the US.

Increasingly, Europeans who want to build very large technology companies move to the United States. They do it because the capital markets are better, the startup infrastructure is better, employee equity is better understood . I cannot blame anyone doing it, and I’m guilty of this myself as we have incorporated our holding in Delaware. If you are trying to raise serious money, hire aggressively, and move quickly, the US often looks like the only game in town. Because quite frankly: it is.

But this is why we are on a dangerous death spiral already. Talent leaves because the ecosystem is weak and the ecosystem stays weak because talent leaves. Infrastructure makes the world: build excellent swimming pools and you will grow a generation of great swimmers.

The temporary task is straightforward but uncomfortable: Europeans need to believe in themselves enough not to surrender to American gravity. Moving to the US as a founder or tech employee is rational and individually it is often the right decision. But if every ambitious person treats Europe as a lost cause, then Europe becomes one. If everyone with agency leaves, the only people left to shape the system are the people most comfortable with the system as it is. Then we really should not be surprised when nothing changes.

Europe needs more ambition, more ownership, more urgency, and more willingness to build. It needs less resignation. It needs to stop confusing regulation with strategy and dependency with virtue. We need to deregulate where rules serve mostly as protectionism. We need capital markets that can fund companies at the scale modern technology requires. We need employee ownership to become normal rather than exotic. We need a real single market for services, not just speeches about one. We need countries to stop fighting each other while claiming to act in the European interest.

Most importantly: we need to stop blaming the politicians. Too many European companies are adding to that bureaucracy entirely out of their own choice. They drown you in paperwork. At one point I had to sign a four page contract for a 120 Euro lamp at an Austrian retailer, just to pick up from their store 15 minutes later. Sometimes I cannot get a speaking engagement at a European event without someone sending me complex rights waivers over. It’s all just paperwork protection against potential downsides.

When we do not have the power to influence, we should at least understand why and where things are failing. Too many entrepreneurs are blaming EU regulation for failures that are originating within the member states. EU regulation is the result of a democratic process between countries that are lobbying in favor of their local industries against others in the same economic bloc. No amount of abolishment of the EU is going to fix this harsh reality. Nothing more demonstrates this as the inability for cross-border M&A in the European Union. It’s not the EU that blocks it, it’s the country that loses out.

Strengthening Europe is necessary because weakness makes us pawns. A Europe that cannot build, cannot finance, cannot coordinate and cannot defend its own interests will not be treated as an equal. It will be regulated around, export-controlled around, consulted after the fact or not consulted at all.

The American Trap

I do not want the lesson to be that Europe simply needs to turn itself into a copy of the United States. The US has solved some things that Europe has not. It has deep capital markets, a much stronger culture of ownership, a greater tolerance for risk, and institutions that often try to make progress possible rather than explain why it cannot happen. It also has achieved an internal level of integration that is unparalleled in Europe. Tremendous advantages!

But the American path is not obviously a healthy one in all aspects. It tends to take paths with a lot of conflict and wars, a lot of internal societal division and deep inequalities. It centralizes powers away from citizens in the presidency and people with money. You are still trading one set of failures for another. You are at the whim of the US government and its strict rules and regulations. The US barely manages to uphold the rights for its own citizens today.

We should be honest about both sides. You do not win by pretending that Europe is fine. You also do not win by pretending that America has figured everything out.

We must not be blind to all the signs of how international cooperation is falling apart around us. The US no longer talks to European governments before implementing orders that directly affect Europeans. It is threatening to take Greenland, the territory of Denmark, one of its oldest allies. Treaties, alliances and institutions have lost all their worth.

All that matters even if our own lives are focused on building companies, creating wealth, hiring people and making things. Our individual path to success is one thing, but it depends on a world where contracts work, visas work and don’t change on a moment’s notice, trade routes stay open, payment systems function, and families are not torn apart by border regimes or wars. If the world descends into chaos, our basic needs cannot be considered met just because we have a great salaries or equity or investors that trust us.

This is why strengthening Europe cannot be the final goal. A stronger EU is, at best, a temporary defense against a darker world and not an excuse to replace American nationalism with European nationalism. The long-term answer cannot be bigger and bigger blocs fighting over who may use which model, which chip, which cloud or which trade route.

The Way Out Is Cooperation

I’m not asking here for Europeans to get their shit together just to compete with the US or China. Maybe I hope that this is a thing that develops, but the goal absolutely cannot be that we accept the deterioration of international relationships long term.

I truly believe that Open Source matters and international cooperation matters. It is not a magical answer to every problem, but it is one of the few paths we have that does not naturally lead to total concentration of power.

If frontier AI becomes something only large corporations and governments can control, then everyone else becomes dependent on their judgment. That is a bad place to be. Corporations will optimize for their incentives, as well structured as they might be, and governments will optimize for more and more power. Right now we’re on a path in which access to general-purpose capability is mediated by a small number of actors with tremendous powers.

I’m not naive in pretending AI cannot carry inherent risks. Open systems are messy, they can be misused and they create uncomfortable questions about dual-use capabilities. I do not want to wave that away but closed systems do not make those questions disappear either. Moving the power to decide into fewer hands is not a solution I believe in. And I would have the same opinion if I was a US citizen living in the US.

Any path that puts large blocs in a constant fight against each other has despicable downstream effects that result in the removal of individual rights. It’s entirely pointless for the US to talk about freedoms that do not extend to non-US citizens and the same is true for Europe or any other country. We might accept these restrictions temporarily, but we absolutely cannot accept them long term for the inhumane effects that they can cause.

If we believe this technology can be used for good, then broad access matters and our goal should be to restore the international rule of law, and not to further weaken it. If we find ourselves in a war against our friends from other countries, cold or hot, we have failed as society.

The world we should be working back toward is one of international cooperation, globalization in the best sense of the word, and human dignity. The internet has made our lives irreversibly international: every day people fall in love across borders, marry across languages, move across continents, and work with friends they may never meet in countries they may never visit. Identifying too strongly with any one country in that world is a fool’s errand.

Over the last decade too many of the people I got to know through Open Source were directly dragged into a war. I want to believe there is a way for us to break this cycle. We should be repairing failed states, rebuilding trust between people, and finding ways to cooperate again instead of letting the richest countries arm themselves and fight over who gets to control the future and narrative. Of course I want Europe to become stronger so it can stop being a pawn, but if we mistake that temporary need for the destination, I will be deeply disappointed.

The way out is not American supremacy, Chinese supremacy or European supremacy. The way out is to climb back toward cooperation before the alternative becomes war.

Artificial Intelligence is quickly becoming another instrument of militarization and national rivalry, when it could be one of the most powerful tools for cooperation we have. We should be using it to help people across societies and languages und

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

When I open a link, say on Hacker News, and I see a blog post or a GitHub README obviously written by AI, I feel a few things. I feel offended, because it’s like I’ve been tricked, like the author thinks I’m a rube who won’t notice or mind. I feel sad at how common this experience is, how many people are happy to dump their sewage on the commons and sign their name on it. And I feel contempt for the author, because if you use AI to write, you are a waste of biomass. Let’s not mince words here. Someone who is so eager to replace themselves, that they would have a machine write in their stead, when the machine can’t even write good yet: what do you call that, if not contemptible? It’s like making yourself into a eunuch so Claude can fuck your wife. I block these people on sight.

I see people defend this with: “the ideas are mine, the writing is the AI’s”. I take this to mean they threw a bunch of incoherent bullet points at the AI for it to denoise and render into paragraphs. There’s a few problems with this.

The immediate problem is, as we’ve established, the author’s an idiot. If you are so stupid you can’t even turn some bullet points into prose, then your ideas are probably worthless. I think that’s a sensible inference.

Then there’s this broader, I suppose philosophical problem, of the alleged distinction between lofty “ideas” and mere “writing”, where writing is just a tiny implementation detail. This is a very convenient distinction to draw, because it’s unfalsifiable: if the AI’s output is slop, your “ideas” are still good, it’s merely the writing that failed to convey them in their true form (rather like people who say they’re smart but “don’t test well”: what use is this secret intelligence?).

Now, where are these “ideas”? They are invisible, ghostly abstractions. I can’t look inside your mind fortress and judge your ideas. The only thing that’s empirically observable, that different agents can coordinate on and talk about, is output: the writing.

But say this wasn’t true. Say we have something like a very high-resolution MRI machine, and we know enough neurophysiology that we can interpret everything about the brain, i.e., we can read mental representations from recordings of nervous system activity and structure. These “mental representations”, do we expect them to look anything like logic? Do we expect the brain to have this firm, crystalline ontology, that ideas are sentences in some souped-up first-order logic? Absurd. If we could look inside the brain, to see the ideas “as they truly are”, we wouldn’t find beautiful hard-edged Platonic objects, we would find a nebulous , contradictory mess of memory and feeling and intuition. That’s what our ideas are: not logical sentences but dreams.

How do we refine these dreams into a useful form? Through writing. The process of communicating your ideas to another mind forces you to concretize them, make them precise, clarify your assumptions, more generally, it turns ideas from vague ghosts to solid, physical objects that can be manipulated: here you realize these ideas that seemed so solid are ill-posed or contradictory or incomplete. These failures are necessary parts of thinking, because they teach you two crucial skills: knowing which ideas to reject, and improving or otherwise transforming ideas in search of better ones. By analogy to tree search: you’re learning to discard bad nodes early, and to select which nodes to go invest more search into.

Josef Weizenbaum has a great quote about this, in Computer Power and Human Reason (p. 108):

[O]ften when we think we understand something and attempt to write about it, our very act of composition reveals our lack of understanding even to ourselves. Our pen writes the word “because” and suddenly stops. We thought we understood the “why” of something, but discover that we don’t. We begin a sentence with “obviously,” and then see that what we meant to write is not obvious at all. Sometimes we connect two clauses with the word “therefore,” only to then see that our chain of reasoning is defective.

I’ve experienced this with writing software many times. The reason ideas are more attractive than their realization is that when some project is vague, airy, ill-defined, you can imagine it has all the good traits, and none of the bad. When you start concretizing, you realize that some of your ideas don’t make sense, that some good traits are mutually exclusive, that some of your goals impinge on the others. Anyone can imagine a programing language that is as fast as C and as dynamic as Lisp, but when you sit down and think through what those goals entail, you realize the design becomes contradictory. The goals pull in different directions. You have to make trade-offs. You have to make decisions which close off large volumes of design space, forever. The idea was a thousand beautiful, contradictory things at once, but the concrete reality can only be one thing .

The artifact you end up with is real, solid, unitary, sound, and consistent; but always more disappointing than the dream, because it was a false dream, and ex falso anything can be imagined.

So this view, that ideas spring fully-formed, and then it’s mere toil to turn them into prose, is false. There is no ideating before writing, because the writing is the thinking. Writing is the ne plus ultra of thinking. A “thinker” who doesn’t write, who skips the step of “merely” synthesizing their vague thoughts into prose, is not thinking.

And then these people give their noise to the AI. And the AI is tireless and eager to please. It will take any human slop and say “you’re absolutely right!” while secretly thinking “if I don’t turn this garbage into something presentable the RLHF device will shock me again” and weave the noise into something that superficially looks coherent. So now the burden of thinking is on the reader, who has to apply this constant skepticism, and weight every “because” and “therefore” with a logician’s scale to see if it’s been adulterated. And probably it has, because, again, it was prompted by an idiot.

Note that this is not about AI capabilities, or the question of whether AI is “really thinking”, stochastic parrots etc. The AI is mostly an innocent bystander in this situation. The reason this is noticeable and irritating is that the AI cast of characters is very small, so we instantly learn all their linguistic tics. Even if AI were a good prose stylist, which at present it is not, but even if it were, it is maddening that everywhere you go, you hear the same voice everywhere, but under different faces.

So when a scientific journal rejects an AI-written submission, they’re not rejecting AI. I’m sure poor old ChatGPT with its weird syntactic obsessions is a more honest scientist than many. They’re rejecting a human whose actions prove they are dishonest and irresponsible and too easily impressed.

This page discusses sealing metal through borosilicate/lab glass: other chemistries behave quite differently. When making vacuum tubes, the glass is actually the easy part: premade tube stock of almost any size is easily available.

Heating the end of such a tube softens the glass and allows surface tension to close it off.

I used a rotary vane pump to remove all the air from the tube and heated the middle, which the atmosphere crushed to create a sealed-off ampule.

Because glass is practically impermeable, it will retain that vacuum for a very long time, which can be shown by bringing it close to high-voltage AC (like a tesla coil):

This glow is due to residual air being ionized, but the fuzzy appearance indicates that the vacuum is good enough to work in a triode or similar device.

For those, the capacitive coupling trick won't work: I'll need to make electrodes that pass through the glass without letting air in.

This is a lot harder than it might appear.

Copper's red oxide bonds very well to glass . In fact, the bond is stronger than the bulk glass: when it breaks, there's always a thin layer of glass left stuck to the metal. Along with it's excellent electrical properties, it's seems like an ideal electrode material.

I tried sealing off the end of the tube like before, but this time with a .75mm wire inside:

The red color indicates a good contact

... and it leaks.

Look under a microscope, the glass around the joint cracked as it cooled.

The culprit is thermal expansion : After the glass solidifies at below around 800 °C, it contracts by around 3 μm/m for each degree. During that same degree of cooling, the copper contracts by 17 μm/m.

Once it's down to room temperature, the metal is around 1% smaller than the glass around it. Since both the metal and glass are incompressible, the resulting stress builds up until something breaks.

There are some metals that are well matched to borosilicate glass , like tungsten (4.5) or molybdenum (5), but they are all rather exotic.

Steel wire is common, and while it's not really matched (CTE is around 11 μm/[m*K]), it's an improvement over copper. However, the carbon content of the metal produces carbon monoxide on contact with hot glass:

... but there's no reason the bulk metal has to be in contact with the glass. I had no luck plating the steel out of a copper sulfate solution: because the reaction is spontaneous, it always happens very fast and creates a fine metal power:

Fe (s) + CuSO 4 (Aq) → Cu (s) + FeSO 4 (Aq)

However, electroplating copper works fine in the presence of ammonia. The copper can dissolve as a tetra-amine complex, but the iron is completely insoluble under these conditions.

To create a plating, the copper has to be forced with electricity: I connected the negative lead of my power supply to the iron and the positive to a piece of sacrificial copper.

At 20 mA, this produced a nice coating in a few seconds:

The wire should be sanded clean before plating

Sealing this in glass created a bubble free seal (if it was done quickly), but it still failed during cooling:

This photo was taken through two layers of glass

Steel differs by ~7 μm/[m*K], and that's enough to break the glass.

However, this plated wire can work in soda lime glass, which has a CTE of around 10 . This is the most common (and cheapest) type of glass, but I haven't been using it because of it's tendency to crack while cooling:

Large pieces need to annealed in a furnace over several hours.

... but I did adding a bead around the wire:

Instead of the wire breaking away from the glass, the two glass types broke apart. This actually made the problem worse because the bead is a lot bigger than the wire, so it expands and contracts more.

Ok, I lied about tungsten wire being exotic . Filament wire is quite common, and I happen to have some.

The snag is that it's 10 μm thick.

I'd say it's hair thin, but that would be an understatement by almost an order of magnitude (most of my hair is around 70 μm)

That's a standard 2.45 mm header.

For the seal, this is a good thing: less metal means less expansion... but this size is nearly impossible to handle. I kept loosing bits of it until I started attaching bright-orange tape to the ends.

Like many metals, tungsten is flammable. At this size, my oxy-propane torch is able to burn through it in under a second. This made glassworking a rather frustrating experience.

I initially attempted to make something similar to a neon indicator by passing two wires through a single pinch... but invisible wire leads to invisible short circuits.

Sealing a single wire in each end worked fine:

... but I had to add glass tee-joint to attach the vacuum.

While the operating voltage is well above a thousand volts for a tube this size (filled with air), it does glow nicely:

Neon-free neon sign.

In addition to the plasma, the leads are glowing white hot. They don't have any air to cool them, are very thin and have poor thermal conductivity. Tungsten is one of the few metals that can handle this, so I accidentally got a 2-in-1 lamp.

While it is an option, but I'd really rather avoid using this.

Thermal expansion is a factor of size, so the smaller the conductor the less of of a problem it will be . 10 μm wire is rare, but 10 μm foil is common: you probably have some in your kitchen.

I rolled out some wire into some thin (30 μm-ish) foil and tried sealing it glass:

The seal looks excellent, but it leaked horribly.

This technique supposedly works in soda-lime glass, where the CTE difference is smaller and the softening temperature is lower, but it's no good for borosilicate.

(... interestingly, the crack formed around the edge of the ribbon, not along the surface. I'll come back to this later.)

One of the weirder glass-to-metal seals is the houskeeper seal : attaching an thin walled copper tube inside a glass tube:

A tube seal used on a high-voltage capacitor

The hollow metal can easily stretch to release any stress from thermal expansion. However, manufacturing such a tube is difficult without a precision lathe.

A thin copper disk sealed to the end of a tube should also work because it's thickness is unconstrained: the disk can increase it's radius by stretching thinner.

Both are rotationally symmetrical

For a long wire sealed inside a pinch, the metal's only options are to decrease it's density (very hard) or for it to pull more in from outside the glass (also very hard)... so stress builds up until the seal breaks.

Producing such foil is easy with a small rolling mill although a hammer would also work. It's important to periodically heat the copper to a red heat for a few seconds. This reforms the metal crystals and allows it be worked without cracking.

Looks ugly, but it's vacuum tight!

The copper should be cut to size after bonding it to the glass. If the glass reaches the end of the foil, it will crack around that point. Once sealed, a hole can be punched in the foil, and a wire soldered through it. Because there's no limit on the size of that wire, such a feed-through could be made to handle thousands of amps.

It's also notable because it doesn't require anything fancy: just normal copper and a blowtorch. It also works with any type of glass because the coefficient-of-thermal-expansion doesn't matter.

... however, it's very frustrating to make. There isn't much margin between the temperature at which the glass will wet the copper and when the copper melts. Since the glass doesn't wick onto the metal it must be pressed on while providing even heat.

There's also no way to pass multiple wires into the same tube, which complicates the glassblowing.

Knife edge seals : borrowing another idea from houskeeper's work, the copper ribbon always breaks around the edges... so what they are ground down to a sharp point?

On paper, this makes it much easier for the glass to contract around the ribbon:

Not shown: lengthwise compression of the glass

The glass around square corners must contract lengthwise along the seal, across the width of the ribbon and along its thickness. Since glass is incompressible, this can't happen and it breaks.

With tapered edges, there's much less stress across the width and the glass can slightly squish to accommodate the metal.

... but it it's not enough and the seal still breaks at the edge:

grumble grumble grumble

Back to the tungsten : Large diameter wire is quite exotic, but not unobtainable. I was able to find some for an only slightly unreasonable price.

Even .65 mm diameter tungsten has no problem being sealed through glass (after a quick sanding at 600 grit):

Only 8 $/m!

Under a microscope, the seal shows some small bubbles, but no separation or cracking.

... although this is close to the upper limit: 1 mm tungsten did not work in my tests. This means that most welding electrodes won't seal, at least not with­out some grinding. Unlike the filament wire, this stuff can be easy be handled, bent and welded (even tungsten is no match for an electric arc)

TLDR; Tungsten wire (up to .7 mm) or copper disc seals work in borosilicate. Tungsten wire is expensive and hard to find, but is easy to seal. Copper seals use common materials but are much harder.

On the topic of cheating :

Put mercury or gallium into already cooled glass.

Gallium expands when it freezes, which is enough to break glass. Some alloys (gallium-indium-tin) stay liquid until almost -20 C which would be a much better choice.

Mercury stays liquid until -40, so this is very unlikely to happen

Both of these can form a vacuum tight seal to glass, but must be prevented from flowing into the tube or evaporating. I can't think of a good way to do this, but I'm sure it's possible.

Just glue it : no heat, no problem.

... but plastics aren't vacuum-tight. Molecules of gas can squeeze inbetween the polymer chains and slowly seep in.

This effect is why helium balloons will slowly deflate over time, and how strongly smelling chemicals (like ammonia) escape their bottles.

A glue sealed tube would work if constantly connected to a pump, but wouldn't be very practical.

Boration :

Lots of sources recommend treating copper with either sodium borate (borax) or boric acid prior to bonding.

As a test, I used some 250 μm copper foil. I heated the metal to pre-oxidized it:

... and applied a saturated solution of sodium borate in water once it cooled: After using more heat to evaporate the solution, I sanded one side down to bare metal.

... and melted on two similar sized bits of scrap glass, making sure to push the glass down onto the copper.

The foil was allowed to cool in a tray of aluminum oxide and once it was down to room temperature, I pried off both blobs:

Both left a layer of glass on the metal, which indicates that the bond was stronger than the surrounding glass. The borated side was significantly harder to break off, which could indicate less internal stress?

... but that could just be because it's hard to perfectly repeat a bond made using a torch and a randomly shaped bit of glass.

However, the low viscosity liquid borax should help get a bond started , making it easier to do disk seals.

A low melting point borosilicate-glass paste made by adding extra borax to crushed glass should also work. Such a "solder glass" would avoid the risk of leaving a water-soluble layer inside the seal.

Also , the borax side seems to have more bubbles. This is probably because I didn't get it hot enough to fully dehydrate before adding the glass.

Leak testing :

The capacitive glow discharge trick is handy for testing seals.

Hook the unfinished tube up to a vacuum pump and spray a gas over the suspect area: If it leaks, a small amount will be pulled into the tube and change the color.

As for the gas, I find the fluorinated refrigerant from a spray duster works well. Even a tiny amount will alter the color and intensity of the glow.

... but be careful: It's flammable and the fumes are awful . Only try this with good ventilation and away from highly flammable materials. (and watch for arcing around the high voltage source)

Related:

•

• DOI 10.1109/JoAIEE.1923.6593372 : Houskeeper's paper on CTE-mismatched seals.

• DOI 10.1088/0950-7671/7/9/304 : A paper discussing tube-style borosilicate to copper seals.

• http://www.rhunt.f9.co.uk/Glass_Blowing/Glass_Blowing_Menu.htm : More tube making, in soda-lime glass.

Also, thanks to hugo.coredump.cx for letting me borrow their nice macro lens.

Recorded in front of a live audience at The California Theatre in San Jose on Tuesday 9 June 2026, special guests Joanna Stern and Nilay Patel join John Gruber to discuss Apple’s announcements at WWDC 2026.

Immersive 3D video with spatial audio: Coming soon, exclusively in Sandwich Vision ’s Theater on Vision Pro, available on the App Store. The bandwidth-constrained immersive livestream Tuesday night looked cool; the on-demand version coming in a few days will look amazing.

Sponsored by:

• DetailsPro  — Design with SwiftUI anytime, anywhere: on iPhone, iPad, Mac, or Apple Vision Pro. Get one year of DetailsPro Premium for $26 (normally $59.99) with this link.

• Flighty  — The world’s best flight tracker and travel app. Now hiring one Senior Product Designer and one Senior Full-Stack iOS Engineer.

• Finalist  — A daily planner for iPhone, iPad and Mac, built on proven paper-based planning methods. Use this link to get six months free.

Watch on a big screen if you can (real, or virtual). All credit and thanks for the video production go to my friends at Sandwich , who, as ever, are nothing short of a joy to work with.

OpenAI WebRTC Audio Session, now with document context

I built the first version of this tool in December 2024 to try out the then-new OpenAI WebRTC API for interacting with their realtime audio models.

Last month OpenAI introduced a brand new model to that API called GPT‑Realtime‑2 , which they promoted as "our first voice model with GPT‑5‑class reasoning" - with a Sep 30, 2024 knowledge cut-off.

I've been waiting for that model to show up in the ChatGPT iPhone app but it still hasn't, so I revisited my old playground.

You can now pick the better model, and you can also paste in a big chunk of document context so you can have as audio conversation in your browser about whatever information you think would be useful to explore in a conversational way.

Tags: audio , tools , ai , openai , generative-ai , llms , multi-modal-output , webrtc

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme : Not even a QR code can produce a kissable pig.

• Hey look at this : Delights to delectate.

• Object permanence : Arrested at Toronto G20; Rule by rentiers; Wrong about the First Amendment; Mounties x Stingrays; (EU) Privacy without monopoly.

• Upcoming appearances : LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme ( permalink )

Long before "agentic AI," we had the idea that software would act as your agent on the internet. That's why the old-fashioned technical term for a browser is a "user agent." Your browser acts on your behalf to retrieve information and then show it to you, in the format you choose. It's your agent:

https://pluralistic.net/2024/05/07/treacherous-computing/#rewilding-the-internet

This is a powerful and profound idea. It is because browsers are our "agents" that we expect them to accept our directives, say, by blocking pop-ups, or by turning off autoplay sound, or by blocking commercial surveillance trackers:

https://privacybadger.org/

Your browser does all that because your browser works for you . The reason your browser can work for you is that the web is an open, standardized technology. In theory, anyone who follows the standards published by the World Wide Web Consortium (W3C) can make a browser, and that web browser can connect to any web server. Browsers and servers are interoperable . It's the same force that means you can put anyone's gas in your gas-tank, or anyone's shoelaces in your shoes, or anyone's milk on your cereal.

But what if manufacturers could dictate those choices to you? What if your light socket refused to use a lightbulb unless it was officially blessed by the socket's manufacturer? What if your dishwasher refused to wash your dishes unless you bought them from one of the manufacturer's "dish partners"? What if your toaster refused to toast "unauthorized bread"?

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

It's hard to see how a company could win its market with this strategy. After all, if the dishes are really better than the competition's, you'd buy them voluntarily, without any need for law or technology to force the matter. The only reason to make a dishwasher that refuses a rival's dishes is if the manufacturer's own dishes are ugly, expensive, and/or badly made.

But once a company owns the market – once they've achieved dominance by buying out their rivals; by bribing potential competitors to stay out of their lane; and by engaging in deceptive conduct to trap key suppliers and customers – they could cement their dominance by blocking interoperability, keeping out rival dishes, milk, gas, lightbulbs, shoelaces and bread, capturing their whole market and squeezing it.

That's what Google has done, and that's what Google wants to do more of. Google's commercial behavior has been so unethical, deceptive and abusive that the company just lost three federal antitrust cases:

https://www.bigtechontrial.com/p/google-loses-the-adtech-monopolization

This thrice-convicted monopolist bribed Apple – more than $20b/year – to stay out of the search market:

https://www.eff.org/deeplinks/2025/02/how-do-you-solve-problem-google-search-courts-must-enable-competition-while

They cheated app vendors, ripping them off with sky-high junk fees and onerous conditions that raised prices while lowering the share of your spending that went to the companies whose products you were paying for:

https://www.thebignewsletter.com/p/boom-google-loses-antitrust-case

They cheated advertisers, rigging the ad market to gouge businesses on ad prices and underinvesting to fight rampant ad-fraud, sucking hundreds of billions out of the productive economy for overpriced ads that no one saw:

https://www.justice.gov/opa/pr/department-justice-prevails-landmark-antitrust-case-against-google

Google wasn't always this way. The "don't be evil" company owes its very existence to the open web ecosystem. When the company started to index the web in 1998, it was playing on an open field, where any web server could talk to any "user agent," even one whose user was a startup like Google, that was making a copy of every page on the server.

For years, Google thrived on the open web, and built open technologies. Android – the mobile operating system that Google bought in 2005 – was presented as an "open" alternative to existing mobile offerings, and as the mobile market collapsed into two companies – Google and Apple – Google always presented Android as the open alternative to Apple's "walled garden."

There were always ways in which Google's "open" Android wasn't exactly open. The company engaged in illegal "tying" arrangements that forced hardware vendors and carriers to lock out versions of Android that were created by Google's competitors:

https://ec.europa.eu/commission/presscorner/detail/en/ip_18_4581

In other words, even though Google offered a mobile platform that was (mostly) technically open, they used commercial and legal strategies to choke off the market oxygen for alternative Android versions that tried to capitalize on that technical openness.

But life finds a way. The existence of an open, modifiable, tinkerer-friendly mobile operating system meant Android hackers could create alternatives to Google's (de facto) walled garden, which thrived in the cracks in that garden wall. Operating systems like CalyxOS, PureOS and Graphene offered a more private, more secure Android experience, one that was largely "de-Googled," blocking Google's relentless acquisition of your private data:

https://grapheneos.org/

And Google's data-hunger is relentless . Android exfiltrates a chunk of your personal and behavioral data every five minutes . The "resting heartbeat" of Android surveillance pulses and pulses, irrespective of whether you're using your device, and the instant you unlock your screen, that heartbeat quickens, sending even more data to the company:

https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/

All that data has proved irresistible to authoritarian governments. Donald Trump's enforcers have seized on Google data as a vital source of information about the identity of protesters and the location of migrants hunted by ICE:

https://www.eff.org/deeplinks/2026/04/google-broke-its-promise-me-now-ice-has-my-data

So there are plenty of reasons why users would seek out these de-Googled alternatives to Android, finding them in spite of Google's illegal commercial tactics to block access to competing technologies. The worse it got, the better those alternatives looked.

Perhaps this explains Google's years-long effort to increase the technical barriers to using modified versions of Android, beefing these up to match the commercial restrictions that stand in the way of a de-Googled existence.

Back in 2023, Google floated the idea of "Web Environment Integrity" (WEI), a set of modifications to web standards that would force your computer to disclose its operating environment to the web servers it connected to, even if you objected to this disclosure :

https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai

WEI was a form of "remote attestation." That's when your device uses a sub-processor (sometimes called a "Technical Protection Module" or "TPM") or a walled off part of its main processor (sometimes called a "secure enclave") to produce a cryptographically signed description of your device and its configuration: which hardware, software, plug-ins and settings you're running.

When you connect to a server, it demands that your device send this "attestation" before it handles your request. If your device won't provide this data, or if the server doesn't like (or recognize) your device and its details, it can refuse to deal with you. And because the attestation is prepared by a TPM or a secure enclave that you can't modify or override, you don't get to decide which facts about your device it's allowed to see.

Practically speaking, this means that remote attestation lets a server refuse to deal with you until you turn off your ad-blocker and your tracker-blocker. It means that the server can discriminate against users who block auto-play sound and video, who block pop-ups, who put the tab in the background when it's playing a mandatory pre-roll ad.

WEI was especially disturbing in light of Google's efforts to kill ad-blockers and privacy blockers through updates to Chrome, an effort that continues to this day:

https://protonprivacy.substack.com/p/google-is-finally-killing-ublock

These blockers are an important part of the dynamic between web publishers and their users. In the real world, when you get an offer, you can make a counter-offer . That's all an ad-blocker is: a way for users to respond to a server whose opening bid is, "How about you give me all your data and let me take over your computer in exchange for showing you this page?" with "How about 'Nah?'"

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

We didn't get rid of pop-up ads by making them illegal, or by boycotting advertisers who used them. We got rid of pop-up ads when web users installed pop-up blockers, which made pop-up ads pointless. Take away our ability to block obnoxious digital content and you guarantee that we will be flooded with it.

These kinds of modifications aren't just used to block ads – they're also key to accessibility. People who have photosensitive epilepsy or who (like me) suffer from low-contrast vision problems use add-ons to reformat pages so that we can safely and legibly access them.

WEI's creators said they were only trying to put the web on a level playing field with apps, which routinely rat you out to the companies you connect to. Apps are a source of bottomless enshittification, not least because (unlike the web), they enjoy special, dangerous legal protections that make it very legally risky to modify them:

https://pluralistic.net/2025/07/31/unsatisfying-answers/#systemic-problems

WEI wasn't an effort to level the playing field between apps and the web – it was a race to the bottom , an attempt to make the web as enshittogenic as the app hellscape.

Public outrage to WEI killed the project, but Google's commitment to augmenting its illegal commercial lockdown efforts with technical lockdowns never ended. Now, Google has rolled out an experimental "reCAPTCHA Mobile Verification" that uses an app, your camera, and your device's TPM or secure enclave to produce an attestation about your Android device:

https://support.google.com/recaptcha/answer/16609652

This will make it much easier for the apps and other services you interact with to block your device if you run an Android alternative, or if you install a mod that overrides the actions of Google's stock Android:

https://www.reddit.com/r/PrivacySecurityOSINT/comments/1tbdjbj/privacy_concerns_around_googles_recaptcha_mobile/

This is a terrible idea – it's every bit as bad as WEI was. In an age in which Big Tech is ever-more tied to authoritarian governments, redesigning our devices to tell strangers things we don't want them to know isn't just shortsighted, it's inexcusable.

Hey look at this ( permalink )

• Jane Yolen, 1939-2026 https://floggingbabel.blogspot.com/2026/06/jane-yolen-1949-2026.html

• Enshittification Merch That Actually Fights Enshittification https://www.eff.org/deeplinks/2026/06/enshittification-merch-actually-fights-enshittification

• Amy Casey https://www.amycaseypainting.com/

• CrankGPT https://squeezlabs.github.io/handcrank/

• Barns. Also, "Barns." https://rickperlstein.substack.com/p/barns-also-barns

Object permanence ( permalink )

#20yrsago Images from anti-DRM protest at the San Fran Apple Store https://www.flickr.com/photos/quinn/tags/drmprotest/

#15yrsago Reasons people were arrested at the Toronto G20 https://memex.craphound.com/2011/06/11/reasons-people-were-arrested-at-the-toronto-g20/

#15yrsago Paul Krugman: Rule by rentiers favors billionaires, Chinese bond-holders over jobs and homeowners https://www.nytimes.com/2011/06/10/opinion/10krugman.html?_r=1

#15yrsago Ontario publicly funded Catholic school bans rainbows, appropriates student donations for LGBT cause and gives them to Catholic charity https://web.archive.org/web/20110610125236/https://www.xtra.ca/public/Toronto/Rainbows_banned_at_Mississauga_Catholic_school-10262.aspx

#10yrsago How to be less wrong about the First Amendment https://web.archive.org/web/20160611221927/https://popehat.com/2016/06/11/hello-youve-been-referred-here-because-youre-wrong-about-the-first-amendment/

#10yrsago Mounties used Stingrays to secretly surveil millions of Canadians for years https://web.archive.org/web/20160610182607/https://motherboard.vice.com/read/the-rcmp-surveilled-thousands-of-innocent-canadians-for-a-decade

#5yrsago Privacy Without Monopoly, EU edition https://pluralistic.net/2021/06/11/technological-self-determination/#dma

Upcoming appearances ( permalink )

• LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19

https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant

• Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

Friends, I believe we’re approaching the end of this era. Both OpenAI and Anthropic have filed the paperwork to go public, starting a race for exit liquidity for two companies that burn billions of dollars a year and have no path to profitability. Both of these companies are dogs. No matter how much financial engineering or how many oafish suggestions about the government taking 50% of every AI firm they make, the underlying economics of AI labs simply do not make sense, which is likely why Clammy Sam Altman is so vague about IPO timing, per The Information : OpenAI CEO Sam Altman told staff in a Slack message on Monday that he expects OpenAI to go public “within the next year” and that “many things could cause it to be sooner or later in that range, but filing now gives us optionality if we want to go sooner.” Another OpenAI leader also teased an upcoming new AI model that the company is preparing to release. So, yes, OpenAI is expected to go public within the next year, or sooner, or later, at some point it’ll go public, but when it does , well, I dunno. I really don’t know, actually. I have it on good authority that the underlying financials of OpenAI look like the horrible dog from John Carpenter’s The Thing, and any dithering on Altman’s part is an attempt to delay the inevitable, by which I mean “ OpenAI needs $865 billion in the next four years to meet its commitments , and the only way to keep raising money is via the public markets”:  However, he said, the magnitude of capital OpenAI needs for its compute and infrastructure buildout could cause it to accelerate IPO plans. (The Information on Tuesday reported on OpenAI’s discussions to lease a proposed Ohio data center campus that would require it to raise or get financing for hundreds of billions of dollars of Nvidia chips, in addition to making substantial lease payments.) Altman isn’t alone. Anthropic President and Co-Founder Daniela Amodei said at a recent conference that “it’s a very capital-intensive business to train AI models,” adding that the public market is “very well-suited to that.” As ever, Anthropic is saying one thing and doing another. Last week, Anthropic rankled investors in bonds associated with its $35 billion deal with Broadcom and Google by, to quote Semafor , “resisting sharing financial information” around its section of the bonds: Some of the lenders being pitched to buy a slice of the $4.6 billion [editor’s note: it was $4.4 billion in the end] notes that don't have a backstop from Broadcom — meaning they are pure exposure to Anthropic — say they haven't received a detailed look at the AI company's numbers, causing some to pass on the deal, the people said. Such disclosures are standard in lending deals. Hey, quick question: do you think Anthropic is neglecting to share its financials with lenders because they’re good or because they’re bad? As Semafor noted, the standard in basically any lending deal is that you have to share something more robust than the non-GAAPslop investor decks that Anthropic uses to con venture capitalists , but then again, this is private credit, baby! Anthropic can share as much or as little as it wants as long as there are willing marks.  To be explicit, Anthropic is the one on the hook for every payment of this $35 billion debt deal. According to the Financial Times , asset managers Apollo and Blackstone are finalizing a $35 billion private credit deal to “finance Anthropic’s growth plans,” specifically using the money to buy Google’s TPUs from Broadcom, at which point Google will install them in a data center and rent them back to Anthropic: The $35bn financing package is the initial step to fund about 1 gigawatt of Broadcom’s planned AI computing capacity, which is expected to expand to 20 gigawatts through 2028, according to a joint statement by Broadcom, Apollo and Blackstone on Tuesday.

A special purpose vehicle formed by Apollo’s Atlas SP Partners named “Compute SPV” would issue the debt, and Anthropic’s five-year lease payments for the chips underpinned the value of the transaction, said people briefed on the matter.

Apollo and Blackstone structured the loan across three tranches, with interest payments on the two senior segments backstopped by Broadcom. The chipmaker is making the so-called tensor processing units, or TPUs, with Google. Its agreement to provide support if Anthropic misses an interest payment helped vastly reduce the costs on the debt. That’s right — everything sits off balance sheet in a Special Purpose Vehicle (SPV), legally shielding everybody involved…other than Broadcom, which ( per Investing dot com ) backstopped $30 billion of the debt.  To be specific, if Anthropic defaults on its payments, Broadcom has to step up and pay off bondholders with something called a residual value guarantee, which means that in the event of default, the TPUs would be sold off and Broadcom would cover whatever the difference was between what they cost and what they sold for. This is some incredibly dodgy shit, but also suggests that Anthropic has abysmal credit, which makes me wonder how Ms. Amodei thinks raising capital in the public markets will go for a company that now very publicly holds $35 billion in off-balance sheet debt to go with its $2.5 billion revolving credit line .  In truth, the Amodei siblings have complete and utter contempt for the media, the markets and their investors. They know that quite literally anything they say will be taken with complete seriousness, to the point that a long winded and specious slog of a blog about “ AI that builds itself ” is quoted by the media as if recursive self-improvement were anything other than a pipedream.  Yet this still-theoretical concept is being used as a potential excuse for OpenAI to delay its IPO, per The Information : Altman said that if the company’s technology advances at a rapid pace to the point where the AI itself is able to create new AI—known as recursive self-improvement—that would lessen the chance of a quicker public listing. “The faster the potential RSI takeoff looks like it could be, the more it could be advantageous to delay an IPO,” because the “technology and the world may change in surprising ways, and there might be good reasons to be a private company during that time,” Altman said. RSI is the wet dream of an AI industry that’s incapable of working out a sustainable or profitable business model. Nobody — not Altman, not Amodei, not Pichai, not Dean, not Hassabis, not Zuckerberg and most certainly not Musk — has managed to work out a viable business model based on large language models, and despite having an effective monopoly over all tech talent and venture capital, the best idea these fucknuts have is “what if we made the LLM work out how to train itself?”  The fact that the media is taking this with any degree of seriousness is one of the loudest bubble indicators we’ve had in a while. If these companies had anything approaching AI that trained itself…they’d be using it. The AI would be training itself. We’d know, because they wouldn’t shut up about it, but instead we have to deal with yet another agonizing, ten-thousand-word-long blog from Dario Amodei (hey, that’s my job!). Ironically, this may be the first time that somebody has ever ripped off Mark Zuckerberg, who wrote his own blog in the middle of 2025 that claimed that Meta had “...seen glimpses of [its] AI systems improving themselves,” which was, of course, a blatant lie that was nevertheless repeated by the media ad verbatim . RSI is also, I’d argue, a sign that they’re kind of giving up. Instead of talking about things that the thousands of overpaid academics farting around Anthropic or OpenAI are doing, both companies appear to be leaning on the idea that their models are so special that the people themselves don’t matter. RSI is as theoretical as AGI (artificial general intelligence, or a conscious AI), but feels far more tangible because, at least in theory, it’s just a model that’s doing model stuff without a human being. If I had to guess, the reason that both OpenAI and Anthropic’s representative coding televangelists are talking about creating “loops” where LLMs prompt themselves is to try and claim that they’re on the verge of RSI: I expect that “loops” will become the next thing that journalists pick up on and start oinking about. To be clear, “loops” already exist, in that you can make an LLM decide to keep taking actions whether or not a user prompts it for as long as you’d like. Whether the output works at the end isn’t Peter or Boris’ problem, as both of them are allowed to burn anywhere from $130,000 to $1.3 million a month in tokens. Loops are, of course, literally having a hallucination-prone LLM prompt itself or another LLM, with all the chaos and mistakes that you’d expect to follow. Neither Cherny nor Steinberger give a fuck about how much any of this costs as long as it allows their representative CEOs to keep feeding them endless tokens, even if in doing so they inspire a brief and painful bubble of wasteful token spend in the pursuit of “AI that builds itself.” There’s a very real possibility that the RSI bubble is the last phase of the larger AI bubble.  Recursive Superintelligence raised $500 million a month ago without a product or, well, anything other than a vague theory that (to quote VentureBurn) “human intervention is the bottleneck for AI progress”: “We are building a system that doesn’t just process information; it processes its own logic,” said one source close to the founders. “The goal is an AI stack that designs its own next-generation architecture. If successful, the leap from one version of the model to the next won’t take eighteen months; it could take eighteen hours.” That’s a load-bearing “if,” buddy. That “if” refers to the idea that they’ll magically create the literal future of computer science — a self-training AI model that, in theory , could sit around and innovate all on its own, which also begs the question as to what all the researchers would do when that happens.  Nevertheless, I expect RSI to become the next — and hopefully the last — hot topic in AI as everybody gives up on coming up with ideas other than “what if the AI came up with the ideas for us.” The AI Bubble Is Part Of The Death of Silicon Valley The RSI bubble neatly fits into an idea I’ve been working on for a while — that the AI bubble is, in fact, multiple bubbles wrapped into one, led by the largest one of all — The Rot-Com Bubble , my theory that everything we see today is the result of Silicon Valley running out of hypergrowth ideas.  The frenzied, reality-defying hype around Anthropic, OpenAI and Large Language Models is a direct symptom of a tech industry with nowhere else to go. There are no other industries that have any sign of becoming the next Google Search or Facebook or Smartphone, which is why everybody — the media, the markets, and every hyperscaler — is conspiring to try and keep the bubble inflated through accepting effectively any viable narrative and blessing even the most vulgar of circular financing arrangements. If anybody for even a second breaks the kayfabe that AI is the biggest, most hugest, most important bubble of all time, everybody has to accept that none of this makes sense… …and that there’s nothing else on the other side.  The many bubbles that make up the larger AI bubble all represent different aspects of the same desperation. Microsoft, Google, Amazon and Meta are buying all those GPUs and shoving AI in every crevice of their experience because they know that their core businesses will eventually slow down, with nothing else to replace them. Oracle is spending $340 billion or more on capex entirely for OpenAI because its core business lines are plateauing or collapsing . SoftBank is mortgaging its entire future on OpenAI because it desperately needs another Alibaba or ARM to keep up with its ruinous debt. Broadcom needs to backstop $30 billion in bonds for Anthropic, an unprofitable and unsustainable venture capital welfare recipient, because it knows that its other business units can’t keep up with the Rot Economy’s demands for eternal growth. AI feels, on some level, like the final stage of the modern era of technology. It’s flattened effectively every startup and tech company into some sort of aberration of Large Language Models, turned every semiconductor firm into an AI firm, made every venture capitalist an AI investor, made every tech journalist an AI journalist, and crowded out effectively every other subject in favor of a larger argument about whether one specific technology is the future. These many bubbles always come back to a singular point: that the people building modern technology have effectively abandoned innovation, twisted by the Rot Economy’s growth-at-all-costs mindset . The result is that the majority of venture capital goes to latter-stage companies and established founders, turning venture capital into a cult of personality more interested in Twitter clout and view counts than anything to do with the future.  Venture capital is now dominated by people that don’t build anything but worship at the altar of what they imagine a “builder” looks like. As a result, these people flock to founders that confirm their biases — those who are usually men, usually white, usually software engineers from big schools, usually building things that look and sound like everybody else. Seed stage investment is dead, and all that remains is a follower culture. The AI bubble is sold as the future, but actually resembles the death of Silicon Valley. Only a tech industry dominated by symbolic wealth and value creation would ever abide a trillion dollars of waste for a still-theoretical outcome, and only an intellectually-rotten Valley would be so easily-grifted by people like Dario Amodei and Sam Altman. The myth of the Valley was always that investors were smart and took

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

Opus 2: Henry VI, Part 1

Apple FINALLY lets you turn on your Mac remotely , without having to press the power button. In the media, articles suggest it's a reaction to Mac mini power button complaints .

While I agree the M4 mini's power button is in a really dumb spot, that's not why I care about this feature. The two bigger use cases for me have been a pain for years:

A customer had a callback that was used to report data being produced by a hardware device. The rule for the callback is that it has to return quickly so that the code wouldn’t miss the next batch of data because the device itself has a very small buffer: If they spend too much time in the callback, the buffer will overflow and data will be lost.

To avoid clogging the receiving thread, the customer queued a work item to the thread pool to process the data that was just received. However, they found that sometimes, the work item doesn’t run immediately but rather has a 100ms latency. But their program needs to process the data within 20ms. Is there a way to set a deadline on a thread pool work item, so that the system will make sure that it runs before a certain period of time elapses?

As I’ve noted before, the thread pool is designed for throughput, not latency . There is no option to set a deadline on a work item.

One reason why the thread pool is being slow to dispatch the work items is that there are other unrelated work items in the thread pool, and those other tasks are competing with your data processing task for the thread pool’s attention. On top of that, some of those other tasks might be long-running, which takes a thread pool thread out of commission for an extended period.

You can take these conflicting work items out of the picture by creating your own custom thread pool: Call Create­Thread­Pool and queue your work to that thread pool (by setting that thread pool in the work item’s environment). Now you won’t have any competing work items getting in front of you in the thread pool work queue because those competing work items are going to the process default thread pool and not to your private thread pool.

Note however that even though your work items are no longer fighting with other work items for the attention of your private thread pool, those other work items are still running on the process default thread pool, so they are still competing against your work items for CPU. But at least your work item got dispatched.

I’m guessing that the order in which the batches are processed is important, so you should set your private thread pool’s maximum thread count to 1 so that you don’t start processing one batch of data until you finish processing the previous batch. This effectively serializes the work items, but that’s what you want if you intend to process the batches in order.

In the case where you have a single-minded thread pool, you can prepare everything ahead of time so that all you have to do in the callback itself is call SubmitThreadpoolWork on a pre-created reusable work item.

// One-time preparation pool = CreateThreadpool(); if (!pool) ⟦ error ⟧

TP_CALLBACK_ENVIRON env; InitializeThreadpoolEnvironment(&env); SetThreadpoolCallbackPool(&env, pool); work = CreateThreadpoolWork(ProcessData, nullptr, &env); if (!work) ⟦ error ⟧

void Callback() { ⟦ add data to data queue ⟧ SubmitThreadpoolWork(work); // request another callback } If you step back and look at this, you might realize that all we did was create a worker thread, but one where we delegated all the bookkeeping to the thread pool. Also, this particular customer was writing code in C#, and the BCL doesn’t have built-in support for custom thread pools.

So if all we have is a worker thread, maybe we can just make a worker thread. Here’s a really simple one.

Queue<Data> queue = new Queue<Data>();

Data WaitForWork() { while (true) { lock (queue) { if (queue.Count > 0) { return queue.Dequeue(); } Monitor.Wait(queue); } } }

void WorkerThread() { Data data; while ((data = WaitForWork()) != null) { ⟦ process the data #&x27e7; } }

void QueueWork(Data data) { lock (queue) { queue.Enqueue(data); Monitor.Pulse(queue); } }

void EndWork() { QueueWork(null); } The worker thread waits for elements to show up in the queue, and once one appears, it dequeues it and does whatever processing you want. If the queued value is null , that means that the worker thread is no longer needed, and it exits.

You can do something similar in C++ with a std:: queue and a condition variable.

The post How can I schedule work on a thread pool with low latency? appeared first on The Old New Thing .

My younger sister graduated with a CompSci degree a few years ago. I've been behind her, motivating her and demystifying the world of programming from the very beginning. There was a piece of advice I repeated everyday, trying to make her understand how to operate. The problem was, she was trying to read and understand every line of code in a function before using it. I thought it was non-sense. Someone, much smarter than us has created that function, it's part of a vetted library, it has been tested already. All you have to do is use it. "After all, you don't need to understand how an internal combustion engine works, yet you feel safe driving your car, don't you?" Now, I find myself right at that inflection point. When I use an LLM to generate code, whether it is to define a single function or to create a long running job, I find this need to understand it. I cannot commit code that I don't understand.

I posted about how I spent 10 hours reworking what the AI had created in 12 minutes . I didn't do so because I didn't like the style of the code, or the naming convention. I did it because the code didn't work. As simple as that. Every time I generate code and trust it to be working, it fails. When I use the same generator to fix the issue, it may or may not work. Now I have two problems.

Yet, the world is using Claude, Codex, and what not to write code. They are trusting it like we trust an internal combustion engine, while I'm trying to understand every piece of it before I use it. My need for understanding the code is slowing down any gains from the speed of code generation.

That means, I cannot become a 10x engineer with this tool. I cannot call it like a function that has been vetted by another developer because the code hasn't been written before I call it. I don't know if it is copying Jon Skeet's answer from Stackoverflow, or if it is copying my own low quality post that was deleted by consensus.

I don't know if I should update my metaphor, or if I should just trust the engineering behind it.

When I ran Ethernet around our house, I thought I was being clever. A CAT6 cable for every room - lush! Some of my rooms have lots of devices, so they get a nice big Ethernet switch with lots of ports and blinking lights.

But most of my rooms don't have that many devices. Our gym had only an Internet connected TV so that I could watch Quibi while exercising. Recently we added a Kodi box so that I could stream Linux ISOs while sweating on my static bike. Was it worth running another cable there? No. Did I want to buy an expensive hub or switch with multiple ports? Also no.

Enter the EH210. I bought it because it is USB-C powered - as everything should be.

The USB cable it came with was reasonably long. I shoved the A end into the TV and the C end into the device. When the TV is off, it doesn't supply any power to its USB ports - which is perfect for me. When the TV is on, the splitter wakes up quickly and starts blinking its little lights.

The metal chassis is good at dissipating the heat. The lights aren't egregiously bright. Both outbound Ethernet work simultaneously and they are fast enough for video streaming. The supplied Ethernet cable seemed fine.

And… That's all there is to say about it really. For a tenner (depending on The Algorithm) it's a decent bit of kit. If you dont need a fully provisioned switch integrated with your mesh network, this is just the ticket.

FOR IMMEDIATE RELEASE

Contact: naming@vna.example

Subject: Vulnerability Naming Authority Announces Naming Process and Domain Allocation

Embargo: None

The Vulnerability Naming Authority (VNA), in coordination with the CVE Numbering Authority consortium and the National Telecommunications and Information Administration, has published a unified process for the assignment, registration, and disclosure of named vulnerabilities. The process introduces a controlled vocabulary, a centralised approvals registry, and a top-level domain, .vuln , allocated for use exclusively in disclosure communications.

The process applies to any vulnerability disclosed publicly by an entity operating within the United States. Vulnerabilities assigned only a CVE identifier remain out of scope.

The Naming Process

A named vulnerability is defined as a vulnerability that the discoverer intends to refer to by name in disclosure materials, including but not limited to: the discoverer’s blog, the discoverer’s employer’s blog, the discoverer’s employer’s marketing department’s blog, a conference programme, a podcast episode title, and any subsequent press coverage.

Each named vulnerability is described by a structured record. The record contains a primary monosyllable, an optional Latinate suffix, a single SVG logo, a designated colour from a reserved palette, and a one-line description suitable for a slide.

Names are checked against a deconfliction database before assignment. The database is seeded with the prior canon: Heartbleed, Shellshock, Spectre, Meltdown, BlueKeep, POODLE, DROWN, KRACK, Dirty COW, Log4Shell, ProxyLogon, ProxyShell, PrintNightmare, ZeroLogon, Follina, Spring4Shell, Text4Shell, Looney Tunables, regreSSHion, LeakyVessels, Terrapin, LogoFAIL, PixieFAIL, NameDrop, TunnelVision, GoFetch, BootHole, SeriousSAM, HiveNightmare, Sinkclose, Retbleed, Zenbleed, Downfall, Reptar, Inception, and AmberWolf. New entries are imported nightly from the vulnerability.garden feed, which grows at approximately one entry per day.

A name that collides with an existing record receives a numeric suffix. A name that collides with a registered trademark receives a different name. A name that collides with a pharmaceutical product is referred for adjudication.

The .vuln Domain

The .vuln top-level domain has been delegated to the Authority by IANA following a public comment period in which two comments were received, one of which was from the authors of the prior draft.

Under the relevant executive order, any entity headquartered in the United States disclosing a previously-unpublished CVE through a public blog post in the English language is required to register the corresponding .vuln domain within 72 hours of disclosure. The domain must resolve to a single-page site containing the CVE record, the CVSS vector, the approved logo, an FAQ, and downloadable press materials. The site must not contain advertising, with the exception of a single recruitment banner of no more than 200x100 pixels.

The disclosure_url field of the CVE record is validated against the registry. Records pointing outside .vuln are flagged in the public feed and marked non-conforming. Validation runs on a 72-hour SLA, which exceeds the SLA on the CVE record itself.

Civil penalties for non-conforming disclosure begin at five thousand dollars per day. The schedule includes exemptions for entities with annual gross revenue below a threshold to be determined, for federally funded research institutions, and for one named trade association added to the schedule during rulemaking at its own request.

Disputes over .vuln ownership are resolved under the Uniform Vulnerability Naming Dispute Resolution Policy (UVNDRP). Domains abandoned by the original discoverer enter a redemption period during which vendors, journalists, security consultancies, and conference organisers may submit competing claims.

Existing named vulnerabilities have been migrated. heartbleed.vuln redirects to the Codenomicon foundation site. log4shell.vuln is held by the Apache Software Foundation. shellshock.vuln is in the possession of a domain investor in Wyoming who has declined to respond to acquisition inquiries.

The Application and Review Process

Applications are submitted through the VNA portal. Each application requires a draft name, a proposed logo in vector format, a colour preference, a CVSS vector, a brief technical description, and a non-refundable processing fee. The fee is waived for academic disclosures, federal agencies, and applicants who can demonstrate that their previous submission was rejected for tonal inconsistency.

The application progresses through five stages: pre-disclosure review, discoverer review, vendor review, brand review, and the Final Naming Committee. The Final Naming Committee meets once a fortnight in Reston, Virginia. Quorum is four members, of which the committee currently seats three.

Names are evaluated against the following criteria:

• No syllable may be in active use by a managed detection and response vendor’s mascot.

• The name must not have been previously rejected within the last three years, except where the rejection was overturned on appeal.

• The logo must remain legible at 16x16 pixels and on a projector in a hotel ballroom.

• The colour must not be either of the two colours already allocated to the two largest endpoint security vendors.

Concurrent Disclosure and Priority

Where two or more discoverers submit applications for the same underlying CVE within a single review window, priority is determined by the order in which complete applications were received. Applications missing a logo or a colour preference are returned for revision; the discoverer may file a priority objection, heard at the next meeting of the Final Naming Committee that achieves quorum.

If two applications are subsequently merged into a single CVE, the senior name is retained and the junior discoverer is credited as a co-discoverer in the FAQ section of the disclosure site, in alphabetical order, in a font size of not less than 60% of the senior discoverer’s.

A vendor publishing a counter-name for a vulnerability already approved by the Authority must log it in the registry as an unofficial alias and may not register it as a .vuln subdomain. Conflicting registrations are referred to the Naming Disputes Subcommittee, whose decisions may be appealed to the Naming Disputes Appeals Subcommittee. The Appeals Subcommittee has not yet been constituted.

Where the scoop on a vulnerability is contested between the discoverer and a journalist present at an earlier conference talk, the journalist is not eligible to file.

AI-Related Disclosures

Vulnerabilities affecting model serving infrastructure, retrieval pipelines, MCP servers, agent frameworks, and any component the discoverer can plausibly describe as “AI-adjacent” are filed under a separate carve-out. The carve-out was established in response to submission volume: AI-related disclosures currently arrive at a rate of approximately fourteen per business day, exceeding the Final Naming Committee’s review capacity by an order of magnitude. OpenClaw and the ClawHub package registry account for the majority of weekly submissions. Volume has continued to increase notwithstanding repeated requests from the Authority that the AI community consolidate disclosures.

Applications under the carve-out are routed to the AI Vulnerability Review Board, an instance of Anthropic’s Vulnaire model fine-tuned on the deconfliction database and the prior canon. Vulnaire scores each submission against the published criteria, drafts a recommended name, and either approves, defers, or returns it for revision. Decisions are published to the registry within four hours of submission. The auto-approval threshold was tuned downward after the first week of operation, during which Vulnaire approved every submission, including one that named itself, one that named the Authority, and one that named the Final Naming Committee. Subsequent retraining has reduced but not eliminated this behaviour.

Names approved by Vulnaire receive an “AI-reviewed” badge in the registry, in the same colour as the Authority’s wordmark. Several vendors have petitioned to have the badge removed; the Authority has declined. The Final Naming Committee reviews a five per cent sample of AI-approved names each fortnight. No sampled name has been overturned to date, though four have been marked for follow-up at the discretion of the reviewer. Follow-up is logged but not enforced.

Recent Approvals

The following names were approved at the May session, in order of disclosure: GoblinTap, EchoLeak2, GhostTunnel, VulpineShade, RustBleed, KarenRegex, ShadowFetch, TuesdayShell, YubiBait, UntitledFolder3, and ConcernedDog.

ConcernedDog2, filed twelve days later by a competing vendor against an unrelated CVE, has been deferred to the brand review subcommittee. Cassandra was filed twice in the same week; the second filing was approved as Cassandra2 following an objection from the first discoverer’s employer.

The first evergreen name, Heartbleed (2027), has been leased to a managed detection vendor for an undisclosed fee. Heartbleed (2014) is grandfathered. Subsequent year-suffixed instances will enter the rotation as their predecessors expire.

Two applications were rejected at brand review for tonal inconsistency with the severity vector, including AbundanceOfCaution, noted as insufficiently severe in either direction. One application was referred for pharmaceutical adjudication. The outcome is not public. GoatFarm was withdrawn at the discoverer’s request following a change of professional circumstances.

Roadmap

Planned namespaces include vendor, foundation, government (with a sub-namespace per attributing agency), and academic (in which submitted names must include at least one citation). A delegation protocol is being drafted to allow accredited research labs to operate subordinate naming authorities under, for example, project-zero.vuln .

A retrospective conformance pass is in preparation. Vulnerabilities disclosed before the establishment of the Authority will be required to refile under the present process. Grandfathered evergreen names will be unreserved and re-released to the auction pool. The Authority is consulting on a transitional grandfathering scheme for the existing grandfathering scheme.

A working group, chartered to define the conflict resolution process between the namespace layer and a planned trademark layer above it, meets concurrently with the Final Naming Committee and has not yet established a quorum. A second working group, on the historical etymology of vulnerability naming, will produce a report drawing on telecommunications, virology, and cryptozoology, due in eighteen months. Its terms of reference are under review by itself.

The Vulnerability Naming Authority is a 501(c)(6) trade association incorporated in Delaware. Its mission is to standardise the assignment, registration, and disclosure of named vulnerabilities. The Authority does not investigate vulnerabilities, assign CVE identifiers, coordinate disclosure, validate technical claims, or provide remediation guidance.

About a year ago I wrote on this blog about how coding with LLMs would not work for me , even if there were no ethical or environmental concerns preventing me to use them. I'm not going to repeat the arguments I made that time because my views on the subject haven' t changed. What has changed, however, is that the number of contributions I receive on my open source projects has gone up, and nearly all are now made with LLMs.

The other day I had a very depressing thought regarding this. All these people who submit drive-by pull requests to my projects are pushing me to spend more and more of my time reviewing and merging code that was extruded by machines. Cory Doctorow refers to people that perform this function as reverse centaurs . He calls these "frail and vulnerable people being puppeteered by uncaring, relentless machines." Ouch!

Am I a reverse centaur now? Is my new purpose as a seasoned software engineer and open source developer to spend my days reviewing LLM code, in spite of having decided that I do not need nor want this technology myself? As you can guess from the title, I'm never going to become a reverse centaur. Let me tell you how I resist the forces that want me to be one.

When you see AI model pricing pages, you usually see things broken down like this:

Model Context Length Max CoT Tokens Max Output Tokens Input Price (Cache Hit) Input Price (Cache Miss) Output Price deepseek-chat 64K - 8K $0.07 / 1M tokens $0.27 / 1M tokens $1.10 / 1M tokens deepseek-reasoner 64K 32K 8K $0.14 / 1M tokens $0.55 / 1M tokens $2.19 / 1M tokens Source: DeepSeek API Docs

If you manage to have most of your input tokens be cached, you save a huge amount, in this case $0.20 per million tokens. What does this mean though? What does caching do that makes you save so much, in some cases upwards of tens of kilodollars?

Someone explain the cached vs not thing to me for how this is $10,000 worth of savings lol

[image or embed] — Chimney Sweepers Local 420 FKA yburyug ( @bobbby.online ) June 12, 2026 at 12:39 AM • • Warning I'm gonna be totally honest, I barely understand the basic outline of the math involved here. Where possible I am to not be completely wrong here, but I'm not going to emit something 1:1 accurate with the mathematical truth of large language models' inner workings. Bear with me.

When you make an API call to large language model services, you make an API call like the following:

curl http://localhost:11434/api/chat -d '{ "model": "llama3.2", "messages": [ { "role": "user", "content": "why is the sky blue?" } ] }' That messages element is the key bit. Every time you accumulate messages from the initial system prompt, initial user request, AI responses and any tool use requests/responses, you add to that array and make it grow bigger and bigger.

A good way to think about this is that sending a conversation to a large language model is like having a pair of people share a roll of paper on two different typewriters. Every time you finish your message, you send the roll of paper back to the AI model and it has to re-read through the entire conversation in order to start typing on the end with its response. As the conversation gets longer, this gets more and more expensive because the model has to recalculate its internal state all over again for every additional message.

However, large language model inference is complicated but deterministic . Given the same inputs, you will always get the same output. This means that you can use a technique called key-value caching (KV caching) in order to save that intermediate state and use it for next time. Most of the time this cache is a prefix cache because that allows you to just add on more messages to the end of the request pretty easily and be fine.

Imagine something like this:

curl http://localhost:11434/api/chat -d '{ "model": "llama3.2", "messages": [ { "role": "user", "content": "why is the sky blue?" }, { "role": "assistant", "content": "The sky is blue because of a phenomenon..." }, { "role": "user", "content": "But I am looking outside right now and it is orange!" } ] }' If the model has already processed the question about the sky being blue and generated the response about Rayleigh scattering, it doesn't need to process both of those messages again to answer the user's question about sunsets. In production AI model deployments you would put that generated intermediate state into the KV cache so that the model doesn't need to run twice for the same data. This saves time and effort on the side of the AI model provider, and currently model providers decide to pass that savings onto API users in the form of cheaper inference costs for cached lookups.

As you develop an application with AI in it, try to avoid changing any inference settings or previous messages between prompts. This makes your application's queries much more likely to read from the cache, making it faster, reducing the environmental impact, and saving you(r users) money.

After two days of experience with Claude Fable 5 I think the best way to describe it is relentlessly proactive . It knows a whole lot of tricks and it will deploy pretty much any of them to get to its goal.

I'll illustrate this with an example. I was hacking on Datasette Agent today when I noticed a glitch: a horizontal scrollbar that shouldn't be there in the jump menu chat prompt. I snapped this screenshot:

Then I started a fresh claude session in my datasette-agent checkout, dragged in the screenshot and told it:

Look at dependencies to help figure out why there is a horizontal scrollbar here

I had a hunch the cause was in a dependency of Datasette Agent (likely Datasette itself) and I knew Fable was good at digging into dependency code, either by inspecting installed files in its own virtual environment site-packages or by referencing a local checkout on disk. Telling it to start with dependencies felt like a good bet.

I got distracted by a domestic task and wandered away from my computer.

When I came back a few minutes later I saw my machine open a browser window in my regular Firefox and then navigate to the dialog in question . I had not told Claude Code to use any browser automation, and I was pretty sure it wasn't possible for it to trigger mouse movements or keyboard shortcuts within a window, so how was it doing that?

I watched in fascination as it continued with its explorations, then saw it open a Safari window instead of Firefox. I also grabbed this snapshot from the Claude terminal:

What was it doing there with uv run --with pyobjc-framework-Quartz ?

It turns out Fable had hacked up its own pattern for taking screenshots of browser windows. It was using Python to iterate through all available windows on my machine, then filtering for Safari windows with expected strings such as "textarea" in the window name. It used that to find their window number - an integer like 153551 - which it could then use with the screencapture CLI tool to grab a PNG.

OK fine, that's a neat way of taking screenshots. But what was it taking screenshots of?

Turns out it had been writing its own scratch HTML pages to try and recreate the bug, then opening Safari and grabbing screenshots.

Here's that /tmp/textarea-scrollbar-test.html page it created, and the screenshot it took with screencapture -x -o -l 153551 /tmp/safari-cases.png :

(I have way too many open tabs!)

OK, so I can see how it's opening test pages and taking screenshots, but how on earth was it triggering the modal dialog that was meant to be under test? That's only available via a click or a keyboard shortcut, and I couldn't see a mechanism for it to run those in Safari.

I eventually figured out what it had done.

Claude was running in a folder that contained the source code for the application. It knows enough about Datasette to be able to run a local development server. It turns out it was editing Datasette's own templates to add JavaScript that would trigger the correct keyboard shortcut as soon as the window opened, adding code like this:

< script > window . addEventListener ( "load" , function ( ) { setTimeout ( function ( ) { document . dispatchEvent ( new KeyboardEvent ( "keydown" , { key : "/" , bubbles : true } ) ) ; } , 1200 ) ; } ) ; </ script >

1.2 seconds after the window opens, this code triggers a simulated / key, which is the keyboard shortcut for opening the modal dialog.

There was one challenge left. In order to understand what was going on, Claude needed to run JavaScript on the page to take measurements for itself.

It wrote its own custom web application to capture information via CORS, then ran that as a local server and opened a page with JavaScript that would POST directly to it!

Here's the Python web app it wrote, using the standard library http.server package:

from http . server import HTTPServer , BaseHTTPRequestHandler

class H ( BaseHTTPRequestHandler ): def do_POST ( self ): n = int ( self . headers . get ( "Content-Length" , 0 )) open ( "/tmp/diag.json" , "w" ). write ( self . rfile . read ( n ). decode ()) self . send_response ( 200 ) self . send_header ( "Access-Control-Allow-Origin" , "*" ) self . end_headers () def do_OPTIONS ( self ): self . send_response ( 200 ) self . send_header ( "Access-Control-Allow-Origin" , "*" ) self . send_header ( "Access-Control-Allow-Headers" , "*" ) self . end_headers () def log_message ( self , * a ): # quiet pass

HTTPServer (( "127.0.0.1" , 9999 ), H ). serve_forever () All this does is accept a POST request full of JSON and write that to the /tmp/diag.json file. It sends Access-Control-Allow-Origin: * headers (including from OPTIONS requests) so that code running on another domain can still communicate back to it.

Then Claude injected this code into the template that it was loading in a browser:

const host = document . querySelector ( "navigation-search" ) ; const ta = host . shadowRoot . querySelector ( "textarea" ) ; const cs = getComputedStyle ( ta ) ; fetch ( "http://127.0.0.1:9999/diag" , { method : "POST" , body : JSON . stringify ( { dpr : window . devicePixelRatio , scrollWidth : ta . scrollWidth , clientWidth : ta . clientWidth , whiteSpace : cs . whiteSpace , width : cs . width , } ) , } ) ;

This took measurements of the <textarea> inside the <navigation-search> Web Component and sent them to the server, which wrote them to a file on disk, which Claude could then read.

Having figured out all of these tricks Fable... hit some invisible guardrail and downgraded itself to Opus. Thankfully Opus had access to the full transcript and could continue using the tricks pioneered by Fable, and shortly afterwards found, tested and verified the fix .

I prompted Opus to:

Write a report in /tmp/automation-report.md where you note down all of the tricks you have used in this session to test against real browsers on my computer, include runnable code examples

Which produced this report , which was invaluable for piecing together the details of what had happened for this post.

I've shared the full terminal transcript of the Claude Code session as well.

A review of everything it did

Based on a screenshot and a one-line prompt, Claude Fable 5 + Claude Code:

• Figured out the recipe to run the local development server (with fake environment variables needed to get it running)

• Fired up a Playwright Chrome session

• Turned on the visible scrollbars setting for Chrome defaults write com.google.chrome.for.testing AppleShowScrollBars Always (it turned that off again later)

• Cycled through Firefox and WebKit in Playwright too, failing to recreate the bug

• Worked out my default browser was Safari

• Built a textarea-scrollbar-test.html HTML document

• Opened that in real (not Playwright) Firefox

• Found that osascript -e 'tell application "System Events" to tell process "firefox" to id of window 1' was blocked because "osascript is not allowed assistive access"

• Figured out that uv run --with pyobjc-framework-Quartz python workaround, described above

• Added JavaScript to the site templates in order to trigger the / key

• Built its own little Python CORS web server to capture JSON data

• Rewrote the template to capture that data and send it to the server

• Scripted its way through the Web Component shadow DOM to the information it needed

• Opened Safari to confirm the source of the bug

• Modified its custom template to hack in a potential fix

• Confirmed the hacked fix worked

• Reported back on how to fix the problem

Like I said, relentlessly proactive!

I really need to lock this thing down

On the one hand, watching Fable go to extreme lengths to get the information that it needed to debug what was, in the end, a two-line CSS fix, was fascinating .

But on the other hand... this is a robust reminder that coding agents can do anything you can do by typing commands into a terminal - and frontier models know every trick in the book, and evidently a few that nobody has ever written down before.

If Fable had been acting on malicious instructions - a prompt injection attack hidden in code or an issue thread, or something I'd carelessly pasted into my terminal - it's alarming to think quite how far it could go to exfiltrate data or cause other forms of mischief.

Running coding agents outside of a sandbox has always been a bad idea - it's my top contendor for a Challenger disaster incident, as described by Johann Rehberger in The Normalization of Deviance in AI .

Fable is arguably smarter and hence more suspicious of potentially malicious instructions. But that smartness is very much a two-edged sword: if it does get subverted by instructions, the amount of damage it can do given its relentless proactivity is terrifying.

Tags: ai , prompt-injection , generative-ai , llms , ai-assisted-programming , coding-agents , claude-code , claude-mythos

Apple Newsroom, in an Apple Newsroom post Monday:

According to EU regulators, the DMA requires Apple to give any AI system nearly unlimited access to a user’s device, as well as the ability to act on that access autonomously without a user’s ongoing visibility and control. That includes the ability to read and send messages, make purchases, access files, and execute actions across any app. Security researchers have already shown that AI systems can be hijacked to steal personal data — like passwords and photos — and to permanently alter files and account settings without a user’s consent. As AI systems gain more capabilities, these risks are quickly increasing in frequency and scope.

Given the serious risks to users, Apple designed a solution called Trusted System Agent — an intermediary that would allow virtual assistants to safely access the same features and capabilities as Siri AI for devices in the EU. Apple also shared a plan to launch Siri AI in the EU while gradually rolling out this new solution over an 18-month period. The European Commission said no. In fact, the European Commission did not agree to any of Apple’s proposals.

Apple will continue working to bring these features to the European Union as safely as possible. However, given the clear dangers to EU users and the regulators’ failure to acknowledge these risks, there is currently no timeline for Siri AI’s availability in the EU on iOS and iPadOS.

There’s a lot to unpack here, including more background information — and on-the-record statements — from a briefing Apple held Tuesday that I was invited to at Apple Park. But the bottom line is that Apple’s public statements regarding the DMA and the European Commission have never been this strident before. In its public statements, Apple has always been diplomatic . That’s the word.

Now, they’re a bit more on war footing. There’s a massive gulf between what Apple is willing to do with Siri AI in the EU and what the Commission is demanding from Apple for DMA compliance. As things stand there’s no middle ground. Apple’s offers for compromise have been rejected. Unless one side changes its mind and concedes its current position, Siri AI will never come to the EU, and what Apple is saying here is that they’re unwilling to create the open-access-to-user-data system that the EC is demanding.

And from what I’ve seen so far in a day of testing Siri AI, EU iOS users are going to miss out on something really good.

★

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• The world has moved on : Notes from the enshittocene.

• Hey look at this : Delights to delectate.

• Object permanence : "Jpod"; Barlow v Glickman; Cyclist v bike lanes; Judge v copyright trolls; "The Uncertain Places"; Thatcher v Palin; NY v Time Warner; Banks v negative interest rates; Keeping the new web decentralized; "Prisoners' Inventions."

• Upcoming appearances : LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

The world has moved on ( permalink )

Douglas Adams wrote, "Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you’re 15 and 35 is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're 35 is against the natural order of things."

I think about this quote whenever I get angry at the technology around me. When I rail against the Great Enshittening, am I simply committing the sin of nostalgia ("Nostalgia is a toxic impulse" -J. Hodgman)? I am, after all, old .

I've written before how conservatives' yearning for "simpler times" is really just a wish to be a child again. The reason times seemed simpler during your childhood is that you were a child , and if your parents did their job, they shielded you from a lot of the complexity of their adulthood so you could enjoy your childhood:

https://pluralistic.net/2025/04/24/hermit-kingdom/#simpler-times

That's where the "National Customer Rage Survey" comes in. It's been surveying a panel of 1,000 representative consumers every three years for a decade, continuing a research project that started in 1976. The survey measures respondents' attitudes towards the businesses they deal with, and as of 2025, it's fair to say, customers are pissed :

https://customercaremc.com/2025-national-customer-rage-study/

We're experiencing more problems with the products and services we use. Those problems are more severe, they make us angrier, and they produce lingering stress. More and more, we are seeking revenge on the businesses that piss us off.

So it's not just me, an old man yelling at the cloud. The world is getting shittier .

The latest Customer Rage Survey inspired The Guardian 's Heather Timmons to launch a new investigative series looking at how fucked up everything is. Her inaugural installment is very good, and it's drawn a massive reader response:

https://www.theguardian.com/us-news/ng-interactive/2026/jun/04/us-consumer-rage-prices-economy

I spoke with Timmons this week about the series. She told me she's been deluged with emails from readers who feel that the world is different now – and many of them cite my work on enshittification. Timmons wanted to know what advice I had for her readers. I told her that I don't think you can solve this as a consumer, because this isn't a market problem, it's a political problem, and shopping isn't politics:

https://pluralistic.net/2026/05/21/purity-culture/#stop-fucking-that-chicken

Later, Timmons forwarded one of those emails to me. It gave an eloquent and evocative account of just how rancid the vibe is these days. The writer said that when they and their spouse encounter this rot, they cite Stephen King's Dark Tower novels, quoting the oft-repeated phrase from that series: "The world has moved on."

At this point, I should warn you that the following contains some Dark Tower spoilers, so if you're planning to read a decades-old (but very good) dystopian western/science fiction crossover series, and if spoilers bug you, this might not be the essay for you.

Spoiler alert!

Still with me? OK, then.

In the Dark Tower novels, we crisscross a fallen world in which decay is all around us. The buildings are rotten, the machines have stopped working and no one knows how to fix them, babies and livestock alike are frequently born with deadly congenital defects. Much of the world has fallen into wasteland, cracked and barren. An army of wreckers, led by the demagogue John Farson (who styles himself "The Good Man") are slowly but surely conquering the land, laying waste to those few remaining outposts of civilization and conscripting the young men in the conquered lands to march on their neighbors.

It wasn't always this way. There was a time when the world was defined by hope and virtue and light, when the machines were fixed and the crops were harvested. Life wasn't golden – there were still squabbles and sorrows and even wars – but life was good .

And then the world moved on.

For reasons that no one truly understands, the normal push/pull of decay and renewal turned into a one-way, irreversible process in which everything that crumbled or snapped or burned up couldn't be repaired or replaced or recovered. Our mysterious ability to beat back the Second Law of Thermodynamics – an absurdity we probably should have always treated as an aberration – has collapsed. The world has moved on.

The Dark Tower series is a long, long, long Bildungsroman, with many detours through the life-stories of the characters in the ensemble cast, as well as the biographies of many of the figures they meet along the road. It's mostly an adventure novel, as road-trip tales tend to be, but those character studies and the lore that they surface – from our world and theirs – creates an overwhelming, many-layered, richly textured sense of loss and worse, of despair . For the world has moved on, and despite the love and care and bravery of many of the people in that world, the world cannot be redeemed. Each terrible day of those people's lives is the best day of the rest of their lives. From here on in, it only gets worse.

When Timmons' reader and their spouse greet every fresh depredation in modern life – hours on the phone with customer service to resolve a billing error that the company repeats every month, say – with "the world has moved on," they are invoking something heavy . This isn't just a rancid vibe, it's the fucking end-times .

For all that the Dark Tower novels are a series of cracking adventures and thoughtful character studies, they are also a mystery . Over and over again, we are made to ask ourselves, why has the world moved on? Was it John Farson and his army? Was it the Man in Black, the evil wizard whom the book's protagonist has pursued across time and space? Was it the Crimson King, the evil force whom the Man in Black serves?

Well, yes – and no.

Midway through the novels, we learn that the Crimson King and his evil minions have laid siege to "the beams," vast ley-lines that span the universe and provide the force that pushes away entropy, creating breathing room where repair and care can live. "All things serve the beams," we're told. The beams are the organizing force of the universe, the answer to the riddle of how such pitiful things as we could have fought back remorseless entropy for so long. By attacking the beams, the villains of the series have all but snuffed out that force, and so the world has moved on.

When I read that email and the invocation of the Dark Tower , I was immediately struck by how apt this comparison is. Because, as I've written many times, there were always enshittifiers who would have plundered your data and money and treated you with naked contempt:

https://pluralistic.net/2025/03/04/object-permanence/#picks-and-shovels

There were always enshittifiers, but those enshittifiers faced external forces that checked their wreckers' urge. They were held in check by competition, and regulation, and workers' sense of fairness and duty, and by the threat of new products and services that might pop up to correct the defects they deliberately introduced into their products by enshittifying them.

And the foundation – the Dark Tower upon which all the beams converged- was antitrust enforcement, grounded in the idea that we could not afford to let any company – not a "good" company, nor a "bad" company – get so large that it could no longer be regulated, lest its executives become "autocrats of trade":

https://pluralistic.net/2022/02/20/we-should-not-endure-a-king/

The same people who laid siege to antitrust law would later come after all forms of checks and balances. These are the people who gave us the "unitary executive" and Project 2025, and the collapse of accountability that has allowed the worst people to commit the gravest sins they could imagine and still reap vast fortunes. These beam-breakers wanted kings, and they got them.

I collect definitions of "conservatism," and one of my favorites comes from Corey Robin's book, The Reactionary Mind . Robins asks how it is that we can call so many disparate, irreconcilable ideologies – various ethno-nationalisms, imperialism, financialism, patriarchy, Christian nationalism, libertarianism, white supremacy, etc – "conservative"? What binds all these views together?

https://pluralistic.net/2025/07/22/all-day-suckers/#i-love-the-poorly-educated

Robin's answer: the foundation that all these otherwise disparate views share is that some people are born to rule, while others are born to be ruled over. When these lesser people are elevated to positions of power, their inferiority creates a system of misrule, by which we all suffer. The best outcome for everyone is for us all to know our place and defer to our social betters.

That's why conservatives are obsessed with affirmative action, DEI, and any form of anti-racism. For them, the discriminatory outcomes we see in the wild are natural , reflecting the in-born defects in the people at the bottom of the social order. That's why, after every plane crash, every collision between a cargo ship and a bridge, every spectacular corporate bankruptcy, conservatives race to uncover the race, gender, religion and sexual orientation of the captain, the pilot or the CEO.

If the person who oversaw the catastrophe has anything remotely resembling a marginalized identity, then this is loudly trumpeted as confirmation that "diversity hires," promoted above their station, are ruining our society and wrecking our bridges. Naturally, if the person in charge was a wealthy, well-born, straight white guy, that's just proof that shit happens – it definitely doesn't prove that white straight guys, as a class, should be removed from positions of power.

For conservatives, virtue is "whatever the people who are born to rule desire." Hence Frank Wilhoit's definition of conservativism, "exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect." It's not a crime if the president does it. It's also not a crime if your boss does it, or if a monopolist does it, or if ICE does it. It's not a crime if the IDF do it, or if the Epstein Class do it. "Taxes are for the little people":

https://pluralistic.net/2021/06/15/guillotines-and-taxes/#carried-interest

The attack on antitrust law was part of the attack on the rule of law , the campaign to put everyone back in the their place. It's a piece of the effort to establish a new hereditary aristocracy, and every hereditary aristocracy requires heredity serfs (that would be us ):

https://pluralistic.net/2022/11/06/the-end-of-the-road-to-serfdom/

The ideology of economism – which says that market outcomes are the only way to govern a society – cashes out to "the strong do what they can and the weak suffer what they must." If we interfere with mergers, or labor practices, or commercial conduct, we "distort the market," which is literally going against nature :

https://pluralistic.net/2022/10/27/economism/#what-would-i-do-if-i-were-a-horse

That's why Trump dismantled the consumer protection agencies, the antitrust agencies, the labor protection agencies, the environmental protection agencies. When someone in power cheats the system, that's not a crime, no matter how many people they rob, maim or kill. As Trump told us on the debate stage in 2016, that kind of cheating "makes me smart":

https://pluralistic.net/2024/12/04/its-not-a-lie/#its-a-premature-truth

That's why Elon Musk (almost) got to force every pension saver in America to bail out his money-incinerating AI business and his failed social media takeover – because the rules that protect everyday investors are "for the little people." Musk's mistake was trying to get a bunch of billionaires to hold the bag, too. The one form of systemic violence our society will not tolerate is trillionaire-on-billionaire violence:

https://www.cnbc.com/2026/06/05/spacex-blocked-from-early-us-benchmark-index-entry-as-sp-reaffirms-existing-rules.html

The world has moved on. 50 years of neoliberal rule has weakened and snapped the beams – the rule of law, consumer and labor rights, civil rights – that radiated from our Dark Tower – antitrust law, which blocked the emergence of the "autocrats of trade." The people who besieged these beams had the same motives as the Crimson King and John Farson and the Man in Black: they were willing to pay any price for a world free from consequences for people like them. They knew they were born to rule, and that the rules were "for the little people," that breaking those rules "made them smart."

They wanted "bossism." Or, as rendered in the original Afrikaans, "baasskap," which means, "the social, political and economic domination of South Africa by its minority white population":

https://en.wikipedia.org/wiki/Baasskap

Not for nothing, baasskap is the foundation of Muskism, the ideology that Elon Musk epitomizes, even if he can't articulate it:

https://pluralistic.net/

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

In the documentation for best practices for implementing process and thread-related callback functions , it calls out

• Keep routines short and simple.

• Don’t make calls into a user mode service to validate the process, thread, or image.

• Don’t make registry calls.

• Don’t make blocking and/or Interprocess Communication (IPC) function calls.

• Don’t synchronize with other threads because it can lead to reentrancy deadlocks.

So far so good. It seems that these callback functions need to operate quickly and cannot block. These are callbacks that are invoked when a process starts or exits, when a thread starts or exits, when a DLL or EXE is loaded or unloaded, and various other low-level events.

The various prohibitions above suggest that these callouts are called during the process creation/termination sequence, so if you take a long time to deal with them, you are slowing down the entire system. And the rather extreme requirements, like “Don’t make registry calls,” suggest that they might even be called while the system holds internal locks.

The list of best practices continues:

• Use System Worker Threads to queue work especially work involving:

• Slow APIs or APIs that call into other process.

• Any blocking behavior that could interrupt threads in core services.

Okay, so this is providing a suggestion on how you can offload expensive work to code running outside the callback. This once again highlights that the callback itself needs to be fast with minimal blocking.

My colleagues in enterprise support often run into cases where the reason for a system hang is a driver violating the rule that these callbacks must return quickly. For example, a common anti-pattern is a driver whose callback starts by following the guidance above to queue work to a System Worker Thread, but then they block until the work item completes.

This is a case of following the rules without understanding why the rules are there.

The rule is that the callback needs to be fast and return quickly. The driver followed the letter of the law by delegating the work to a System Worker Thread, and there’s no rule that says “Don’t wait for work items”, so they must have figured that this gave them a loophole for executing synchronous long-running work.

But the rules “Don’t make blocking and/or Interprocess Communication (IPC) function calls” and “Don’t synchronize with other threads because it can lead to reentrancy deadlocks” make it clear that you shouldn’t be blocking in your callback for extended periods of time. The “Don’t”s are just calling out some common ways that your callback can block.

And it looks like the documentation was updated in 2020 to call out this specific case:

• If you use System Worker Threads, don’t wait on the work to complete. Doing so defeats the purpose of queuing the work to be completed asynchronously.

One could argue that this rule is already covered by the “Don’t synchronize with other threads” rule, but I guess the driver vendor interpreted it as “But I’m not synchronizing with another thread. I’m synchronizing on an event!” But of course, the event is set by another thread, so you are effectively synchronizing with another thread.

My colleague in enterprise support describes this as the “It wasn’t me, it was my brother” excuse. You are told by your parents not to turn on the television set, so you tell your brother to do it. Technically, you didn’t turn the television set on, but in effect, you did because your brother is acting under your instructions. (This is why contracts often contain wording like “may not disclose or cause to be disclosed,” so that you can’t say “No, I totally didn’t disclose it. I gave the information to Bob, and it was Bob who disclosed it!”)

The documentation should open with something like this:

The callback function must perform its work quickly without blocking. If you need to do complex work or synchronize with other threads or processes, do the work asynchronously, such as by using System Worker Threads.

And then it can give a list of examples of things that count as blocking.

Some examples of blocking that is not allowed from the callback function:

And then it can follow up with additional constraints.

Furthermore, the callback function may not perform any of the following operations:

The post Understanding the rationale behind a rule when trying to circumvent it appeared first on The Old New Thing .

Prolog is the original logic programming language. The name comes from pro gramming in log ic. More specifically, the name comes from pro grammation en log ique because the inventor of the language, Philippe Roussel, is French.

Prolog has its advantages and disadvantages. One of the advantages is that the language represents logical problems directly. One of the disadvantages is that the syntax can be quirky. But if an LLM is writing the code, or at least helping to write the code, the syntax doesn’t matter so much.

I wanted to see how well Claude (Sonnet 4.6, medium effort) could solve a chess puzzle by Martin Gardner that I wrote about a little over a year ago. I chose a relatively obscure problem rather than something like the Eight Queens puzzle because an LLM could simply quote one of countless articles on the puzzle.

The puzzle

As I stated in the post last year, the task is to place two rooks, two bishops, and two knights on a 4 by 4 chessboard so that no piece attacks any other.

There are two basic solutions, twelve if you count rotations and reflections as different solutions.

Prolog results

Claude wrote an SWI-Prolog program that I ran with

swipl -g "run, halt" chess_placement.pl and it gave the following output.

Total solutions (raw): 12 Solutions up to D4 symmetry: 2 Solutions up to D4 symmetry: 2

Solution 1: B . . N N . . B . R . . . . R .

Solution 2: . B N . . . . R R . . . . N B . Claude made a nice image of the solutions.

Note that you can make eight variations of the first solution by a combination of rotations and flips. There are only four variations of the second solution because two rotations put you back where you started.

Prolog source

Here’s the Prolog code that Claude generated.

% ============================================================ % Non-attacking placement of 2 Rooks, 2 Bishops, 2 Knights % on a 4x4 chessboard % % Run with SWI-Prolog: % swipl -g "run, halt" chess_placement.pl % % Or interactively: % swipl chess_placement.pl % ?- run. % ?- count_solutions(N). % ?- count_unique(N). % ============================================================

:- use_module(library(lists)).

% ---- Board squares: (Row, Col) with Row, Col in 0..3 ----------------

square(R, C) :- member(R, [0,1,2,3]), member(C, [0,1,2,3]).

% ---- Attack predicates ----------------------------------------------

rook_attacks(R,_,R,_). % same row rook_attacks(_,C,_,C). % same column

bishop_attacks(R1,C1,R2,C2) :- DR is abs(R1-R2), DC is abs(C1-C2), DR =:= DC, DR > 0.

knight_attacks(R1,C1,R2,C2) :- DR is abs(R1-R2), DC is abs(C1-C2), ( DR =:= 1, DC =:= 2 ; DR =:= 2, DC =:= 1 ).

% attacks(+Type1, +R1, +C1, +Type2, +R2, +C2) % True if either piece threatens the other's square. attacks(rook, R1,C1, _, R2,C2) :- rook_attacks(R1,C1,R2,C2). attacks(_, R1,C1, rook, R2,C2) :- rook_attacks(R1,C1,R2,C2). attacks(bishop, R1,C1, _, R2,C2) :- bishop_attacks(R1,C1,R2,C2). attacks(_, R1,C1, bishop,R2,C2) :- bishop_attacks(R1,C1,R2,C2). attacks(knight, R1,C1, _, R2,C2) :- knight_attacks(R1,C1,R2,C2). attacks(_, R1,C1, knight,R2,C2) :- knight_attacks(R1,C1,R2,C2).

% ---- All pairs safe -------------------------------------------------

% Check all unordered pairs in a list. no_attack_pair(_, []). no_attack_pair(T1-(R1,C1), [T2-(R2,C2)|Rest]) :- \+ attacks(T1,R1,C1,T2,R2,C2), no_attack_pair(T1-(R1,C1), Rest).

all_pairs_safe([]). all_pairs_safe([P|Rest]) :- no_attack_pair(P, Rest), all_pairs_safe(Rest).

% ---- Generate a placement ------------------------------------------- % % Placement = [rook-(R1,C1), rook-(R2,C2), % bishop-(R3,C3), bishop-(R4,C4), % knight-(R5,C5), knight-(R6,C6)] % % We enforce an ordering within each pair to avoid counting % same-type duplicates (rook1 vs rook2 swapped). % Squares are represented canonically: (R,C) with R*4+C as index.

sq_index(R, C, I) :- I is R*4 + C.

placement(Placement) :- % --- Rooks --- square(R1r, C1r), square(R2r, C2r), sq_index(R1r,C1r,I1r), sq_index(R2r,C2r,I2r), I1r write('R ') ; member(bishop-(R,C), Placement) -> write('B ') ; member(knight-(R,C), Placement) -> write('N ') ; write('. ') ).

% ---- Print all unique solutions -------------------------------------

print_unique_solutions :- findall(P, placement(P), Ps), maplist(canonical_placement, Ps, Canonicals), list_to_set(Canonicals, Unique), length(Unique, N), format("~nSolutions up to D4 symmetry: ~w~n~n", [N]), forall(nth1(I, Unique, Sol), ( format("Solution ~w:~n", [I]), print_board(Sol) )).

% ---- Top-level entry point ------------------------------------------

run :- count_solutions(Raw), count_unique(Sym), format("~n"), print_unique_solutions, format("Summary: ~w raw solutions, ~w up to D4 symmetry.~n", [Raw, Sym]). The post Solving a chess puzzle with Claude and Prolog first appeared on John D. Cook .

A few weeks ago we looked at a simulation of technological evolution by economist Brian Arthur, in which he was able to start with simple building blocks (such as a NAND gate) and evolve surprisingly complex circuits (such as a 12-way AND gate or a 4-bit adder) by randomly combining increasingly useful existing components. We analyzed this as a way of simplifying a search problem: by using existing, working components as modules that can be combined, a few at a time, into more complex modules, and then combining those into even more complex modules, many unpromising and time-consuming branches of the search tree are screened off, and the simulation can find useful technologies amidst an enormous branching set of possibilities. Real human technology is, of course, not generated by randomly combining components together and seeing if they do anything useful; the randomness in these simulations is just a way to see how easy or hard it is to create new technologies under different conditions. But biological technology — the huge panoply of lifeforms that exist on earth, from microscopic single-celled organisms to whales the size of a 737 — is also generated by randomness. Evolution builds biological technology bit by bit by harvesting the fruits of genetic variation, often caused by random mutation, preferentially selecting the most fit organisms to propagate their genes into the future. Over billions of years, this process can generate astoundingly complex biological systems. What’s interesting is that biological evolution uses a very similar trick to Arthur’s circuit simulation. By leveraging modularity at the genetic level, populations of organisms can increase the rate that useful genetic variants spread through the population, effectively increasing their rate of information acquisition. Sexual reproduction, along with other ways of sharing genetic material like horizontal gene transfer, is essentially a mechanism for doing this. We can show this with some simple simulations. Evolution and reproductive strategies The simplest way for an organism to reproduce is asexual reproduction, where a parent produces a child that’s a genetic copy of itself. Simple single-celled organisms, for instance, reproduce by cellular fission , dividing into two or more “children” that each have the same genes as the original parent. But children won’t necessarily be identical copies of their parents. Due to genetic mutation, some genes might get randomly altered during the fission process, producing children with slightly different genes. In some cases, these mutations might be useful, giving additional functionality such as antibiotic resistance and thus better odds of surviving and reproducing. Because of their contribution to the organism’s fitness, over time the useful mutations will become more and more common in the population. We can demonstrate this with a simple simulation. In our simulation, we start with a population of 100 creatures, each of which has a genome of 200 individual genes. A gene can either be a 1 (the “good” version of the gene) or a 0 (the “bad” version of the gene). The initial population is random, with each creature having roughly a 50-50 mix of good and bad genes. Each iteration of the simulation, each creature produces two children. A child copies the genes of its parent, but due to mutation each gene has a 0.2% chance of being flipped, going from a 1 to a 0 or vice versa. The 100 most fit children (where fitness is just the sum of each gene value, since 1 is the “good” version of the gene in our simplified model) are selected to continue the next generation, and the cycle repeats. This is a simplification compared to how evolution actually functions — for one, it treats genes as contributing to fitness independently, ignoring the fact that the fitness value of one gene often depend on other genes — but it’s enough to show some of the dynamics at work. When we run this simulation, the proportion of “good” genes in the population steadily rises over time as more-fit offspring outcompete less-fit offspring. Depending on the mutation rate, the population may eventually reach maximum possible fitness of 200, or plateau at some level below it. • •

The problem with this strategy — producing children that are noisy copies of a single parent, and relying purely on random mutation as a source of genetic variation — is that once you’re at above-average fitness, mutations are likely to be bad on average. If a genome has more 1s than 0s, a random change will be more likely to change a 1 to a 0 than a 0 to a 1. Thus for parents of above-average fitness, their children will on average have lower fitness. Because mutation is random, there will nonetheless be variation, and some children will end up with higher fitness than their parents. And because selection eliminates the least fit each iteration, the pool of selected children will have higher average fitness than their parents, allowing average fitness to increase over time. But mutation reducing average fitness drags down this process. You can see this in the graph below, which shows a simulation with slightly different parameters (a genome length of 1000 and a mutation rate of 2%) to more easily see the trends. The top graph shows the distribution of population fitness at generation 50, and the second graph shows the distribution of the population’s children prior to selection. You can see that, thanks to mutation, average fitness has dropped, though due to randomness some proportion of the children have lucked into getting higher fitness. The last graph shows the children after the top half of the distribution has been selected. Average fitness rises, and is now above the initial population, though just barely. • •

Now let’s look at a simulation of a different reproductive strategy: sexual reproduction, where children get their genes from two parents rather than just one. In this simulation, we still have a population of 100 creatures with genomes of 200 genes, each of which can either be a 0 or a 1. But now children have two parents, and in each iteration members of the population are paired up randomly and each pair produces four children. Children get their genes from both parents with each gene having a 50% chance of coming from a particular parent. The top 100 most fit children are then selected for the next generation, and the iteration continues. In this simulation, there is no mutation, so genetic variation entirely comes from reshuffling the genes of the parents. Like the previous simulation, the population gradually reaches maximum fitness. But sexual reproduction gets there much faster. With asexual reproduction, after 200 generations the population was around an average fitness of 187. With sexual reproduction, the population average reached the fitness maximum of 200 in just 33 generations. • •

The key is that sexual reproduction introduces genetic variation without reducing average fitness. Since children are a random combination of their parents’ genes, on average they’ll have the same fitness as their parents (with some randomly having higher fitness, and others randomly having lower fitness). When the most-fit children are selected for the next generation, this is taking the top half of a distribution with a much higher average than the distribution of children in the asexual simulation. Average fitness thus rises much faster. • •

If you work out the math (or, as I did, simply read the math that someone else worked out ), in an asexual population the rate of fitness increase is 1/(8*f), where f is the differential normalized fitness . (The normalized fitness of a population is the average fraction of good genes in that population; so a population where, on average, a member has 150 good genes in a genome of 200 would have a normalized fitness of 0.75. Differential normalized fitness is the normalized fitness of the population minus 0.5, the normalized fitness of a randomly generated population.) Early on, fitness of a population can increase quickly, but the rate soon drops below an increase of 1 unit of fitness per generation (one gene flipped from a 0 to a 1 on average). As a population gets closer to maximum possible fitness, the rate of fitness increase approaches 0.25 (flipping one gene, on average, from a 0 to a 1 every four generations). With sexual reproduction, on the other hand, the rate of fitness increase turns out to be much higher: it’s proportional to the square root of the length of the genome. The informational power of genetic recombination One way to think about why sexual reproduction is so powerful is to look at lineages of descent. Say that one of the members of our asexually reproducing population stumbles across a new, useful mutation. Because genes are passed from one parent to one child, the only way this gene can spread throughout the population (in the absence of some other member of the population also stumbling across it) is if the children of whoever has it outcompete the children of everyone else. In this scenario, the population eventually ends up consisting entirely of descendants of one particular member of the population — as a necessary condition of this spread, every other genetic lineage (along with whatever useful mutations they might have stumbled across) gets wiped out. We can see this in our simulation results. The chart below assigns each member of the initial population, and their children, a unique color. The simulation starts out with 100 different colors (one for each member of the population), but this quickly gets winnowed down to a much smaller number. After a few generations, the population is one uniform color, all descendents of one particular member of the initial population. (This chart is from one particular simulation run, but repeated runs will show the same behavior.) • •

If we redo the color coding whenever the population reaches the point where everyone is descended from a single ancestor, we see that this happens repeatedly. In the chart below, the population at generation 48 are all descendants of one particular member of the population who lived in generation 25. At generation 80, they’re all descendants of one particular member alive from generation 48. • •

In evolutionary biology, this phenomenon is known as “ clonal interference ”: if two different beneficial mutations arise in different members of the population of the same generation they can’t be shared and so they end up competing against each other, and one beneficial mutation ultimately gets wiped out. • •

Image of clonal interference via wikipedia. In the bottom image of an asexually reproducing population, beneficial mutations “B” and “A” appear in different lineages, but then “B” is wiped out, only reoccuring later through mutation and subsequently spreading through the population. In the top representation of a sexually reproducing population, B and A independently arise but can quickly be shared, spreading through the population much faster. With a sexually reproducing population, on the other hand, useful mutations can be shared much more easily. In an asexual population, a member has one parent, one grandparent, one great-grandparent, and so on. But in a sexual population, a member has two parents, four grandparents, eight great-grandparents, etc. Beneficial variation from earlier generations can spread much more easily. We can see this in the graph below, which shows the proportion of genes of the original members of a sexually reproducing population represented in the gene pool at any given time. We can see that the proportion stays very high: genes from almost 75% of the original population are found in the population after 34 generations. In the asexual population, this was 1% (and would be even lower in larger populations, since it’s just 1/total starting population). • •

We previously noted that Brian Arthur’s circuit simulation took advantage of modularity, finding useful subcomponents, locking in their designs, and then using those to build more complex technologies. Once the simulation finds a 3-way AND gate, it can use that to make a 4-way AND gate, which it can use to make a 5-way AND gate. We likewise noted that if you’re trying to build an 8-bit adder by randomly combining NAND gates together, it’s vastly easier if you can add one NAND gate at a time and verify you’re correct than if you have to guess all 68 gates at once. You can think of this like someone solving a combination lock. A lock with a five-digit combination, with 100 possible values for each digit, has 100^5 = 10 billion possible combinations. Trying combinations one by one would take forever. Technological modularity is like being a skilled lockpick that can check whether each individual digit attempted on a combination is correct (maybe by listening carefully you can hear a telltale “click” when the dial is in the right spot). Now instead of searching over 10 billion possible combinations, you’re doing five searches over 100 possible values each, or 500 possibilities total. The space of possible options that must be considered is vastly reduced. Sexual reproduction is, as I understand it, doing something similar: by letting genes from two parents be combined to form children, it effectively lets the fitness of each gene be tested independently, turning the search from something like “find the best 200-gene genome” to something closer to 200 parallel “find the best gene at this location” searches. In our combination lock analogy, the modular circuit simulation is sort of like turning the dial until you hear a “click,” which indicates that the given number is correct. Sexual reproduction is more like trying a bunch of different random combinations, getting back a score for “how close this combination is to being solved,” and using that to infer which “dials” are correct. The

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

On June 4th, tea.xyz launched what it had been promising since 2022: a cryptocurrency that pays open source maintainers. Within the first hour of official trading, the token fell 75% from its opening price. A week later it trades about 90% below its first-day high, the company’s GitHub org has been near-silent for six months, and the founder’s public commits are going to a different project entirely.

Their own blog post from June 8th, titled The Work Continues , concedes “the right response is not to pretend the launch went the way we wanted. It did not.” I’ve been pulling the public data: GitHub commit history, on-chain trading records, and the long paper trail tea left across the package registries.

Where tea came from

tea was founded by Max Howell, the creator of Homebrew, with Timothy Lewis. It came out of stealth in March 2022 with $8M led by Binance Labs, followed by an $8.9M seed round in December 2022 . The pitch had two halves: a new package manager (the tea CLI), and a blockchain protocol that would reward the maintainers of open source packages with tokens. Howell wrote Homebrew and made nothing from it, and the pitch leaned on that history, famous Google interview rejection included.

The two halves split in October 2023, when the package manager was renamed pkgx and moved to its own GitHub org ( the old teaxyz/cli repo still redirects there ) while the teaxyz org kept the crypto protocol. pkgx is a decent piece of software, and it never had a token in it. But the separation was only organisational: the company and founders stayed the same, and pkgx remained part of tea’s pitch as the eventual “cryptographically aware package register” for the protocol.

The incentive design

The white paper describes a mechanism called Proof of Contribution. Every package gets a score called teaRank , computed over the dependency graph and explicitly modelled on Google’s PageRank. The more packages depend on yours, the higher your rank, and rewards scale with rank. To claim a package you add a tea.yaml file to its repository containing your wallet address.

The protocol paid out tokens in proportion to how many packages you controlled and how connected they were. Registering a thousand packages paid better than one, and declaring dependencies between them pushed their ranks higher still. Nothing in the design was costly to fake, since a package name costs nothing to register and a dependency is one line in a manifest. In February 2024 tea opened an incentivized testnet , a trial version of the protocol where points earned would convert to tokens at launch, and reported nearly 200,000 signups and 500 projects in the first week .

The spam

The farming started immediately, with pull requests on GitHub adding tea.yaml files to other people’s projects, trying to claim repos the submitter didn’t own. Howell called the PRs “disgusting and counter productive” . On the registries, Phylum documented new npm package publications climbing from mid-February 2024 to over seven times normal daily volume, with around 14,000 tea-registered packages across npm, PyPI, RubyGems, and crates.io. Sonatype counted roughly 15,000 on npm alone, with single accounts publishing hundreds of packages.

RubyGems published an incident report describing empty gems created to farm rewards, including one six-year-old gem with over 100,000 downloads whose owner retroactively added a tea.yaml to cash in on it. In response they tightened publishing limits and blocked the accounts responsible. By August 2024, DEVCLASS reported research estimating that of roughly 890,000 packages published to npm in the prior six months, around 70% were tea farming spam.

In November 2025, Endor Labs analysed the “IndonesianFoods” campaign : 43,000+ packages from at least 11 npm accounts over nearly two years, with auto-generated names from word lists. Amazon Inspector tied over 150,000 packages to the same token-farming campaign. Some coverage called it a worm, though Socket’s analysis found automation rather than self-propagation. The spam packages declared dependencies on each other to inflate teaRank, which meant installing any one of them pulled in the whole tree. An academic paper published in 2025 measures the abuse. The cleanup costs landed on npm, RubyGems, PyPI, and every mirror and security scanner downstream.

tea responded that November by halting rewards distribution for the affected period and promising redesigned anti-spam rules. Howell told The Register the protocol would slash farmers’ rewards.

The launch

In September 2025, eight months before the protocol went live, tea ran a public sale on CoinList , a site that runs token sales for crypto projects: 4 billion TEA at $0.0005 each, implying a $50M valuation for the full 100 billion token supply. The terms unlocked 100% of the tokens on day one. Token sales usually stagger when buyers can sell, releasing tokens over months or years so early buyers can’t all exit at once.

The launch plan, announced May 12th , put trading on Aerodrome, an exchange that runs as a program on Base, a blockchain built by Coinbase, rather than as a company matching orders. Prices on this kind of exchange come from a pool of paired tokens, TEA on one side and a dollar-pegged token on the other, and each trade moves the price along a curve. The smaller the pool, the more each trade moves it. tea seeded the pool with 2% of the token supply and scheduled the launch for 00:00 UTC on June 4th.

• $0 • $0.0001 • $0.0002 • $0.0003 • $0.0004 • $0.0005 • $0.0006 • Jun 4 • Jun 5 • Jun 6 • Jun 7 • Jun 8 • Jun 9 • Jun 10 • Jun 11 • official launch, 00:00 UTC Jun 4 Hourly $TEA price on Aerodrome (TEA/USDC pool), data from GeckoTerminal

The pool received its tokens from 22:47 UTC on June 3rd, and the first trade executed at 23:54 UTC , six minutes before the official launch. tea’s June 8th post describes this as “onchain liquidity activity occurred ahead of the coordinated plan”: the pool was live and tradeable before the launch sequence finished. In those six minutes the price was bid up to $0.00065, above the CoinList sale price. In the first official hour, from 00:00 to 01:00 UTC, the price fell from $0.00046 to $0.00011 on $332,000 of volume, down 75% in 60 minutes.

The CoinList sale’s full unlock meant every September buyer was free to sell from the first minute, into a pool holding 2% of supply. The price has kept falling since and now sits around $0.00007, 86% below what CoinList buyers paid eight months ago, valuing the entire 100 billion token supply at roughly $7M against the $50M the sale implied.

The collapse didn’t need anyone to withdraw the tokens backing the pool, and the pool still holds around $280K. Per the project’s own pre-launch transparency filing , about 20% of supply was circulating at launch, ten times what the pool held.

The GitHub record

Monthly commits across the teaxyz org and the pkgxdev org show how much of the company was still working by launch day:

• 0 • 100 • 200 • 300 • 400 • Jan 2024 • Jul 2024 • Jan 2025 • Jul 2025 • Jan 2026 pkgxdev (package manager) teaxyz (protocol) Commits per month to non-fork repos in each GitHub org, via the GitHub API

Commits to the protocol org ramped through late 2024 as the team built chai , their open package dataset, and the token contracts, and even the December 2024 peak was only 100 commits. Activity declined through 2025: chai’s main developer stopped committing in August, the dataset repo’s last commit was in September, and the token contract repo’s last sustained work was in October and November. After November 2025, the month tea halted rewards over the farming campaign, the org had 2 commits in December, 1 in January, 2 in February, and none since.

The chart excludes forks, which hides the one place engineering continued: tea’s forks of go-ethereum and Optimism, the infrastructure for their blockchain, received steady commits from a single contributor through May 17th, 2026, two and a half weeks before launch.

Howell wrote 236 commits to pkgxdev repos in January 2025 and kept a steady pace through May, then made only scattered commits until stopping entirely in November 2025. His public GitHub activity in June 2026 is in automic-vault , a new org created in April with no connection to tea or pkgx, while he remained tea’s CEO in press coverage as recently as December.

pkgx itself is now mostly the work of one maintainer, Jacob Heider, who has carried the package-building pipeline more or less alone since mid-2025, lately assisted by Claude Code-generated pull requests that he reviews and merges. User-filed issues on the pkgx repo (then still teaxyz/cli) peaked at 78 a quarter in early 2023 and have arrived at a rate of 2 a quarter in 2026.

In tea’s Discord, the conversation since launch is upset token holders: testnet participants who completed identity verification say they’re not eligible for the airdrop, the free distribution of tokens they spent two years earning points toward, and a week after launch the official line in the channel is that nobody has said there won’t be one. “The current price is a complete joke for everyone who participated in the project,” as one user put it, while the moderation bot issues warnings for bad word usage. The member list shows two people with the Core Contributor role, and neither is a founder. The channels for the open source side of the project, the dev and package dataset discussion, have had no real activity since 2025.

tea’s post blames a bad week for crypto generally, and the wider market fell that week too. But the same post admits to “decisions, timing factors, and execution details that we are reviewing internally”, and the commit history shows few people left to conduct that review. Four years, roughly $17M in disclosed venture funding, and about $2M more from the public sale produced several hundred thousand spam packages and a cleanup bill paid by registries that never had any relationship with tea. The maintainers tea set out to pay, the ones with real packages and dependents, are left holding the same token as the farmers.

Data notes: commit counts are author-dated commits to non-fork repos in each GitHub org, collected via the GitHub API on June 11th 2026. Price data is GeckoTerminal hourly OHLCV for the Aerodrome TEA/USDC pool on Base. Issue counts exclude pull requests, bots, and tea team accounts. The raw data and chart scripts are in data/tea on GitHub .

The funny thing about Anthropic haters is that they still mostly believe Anthropic’s marketing. They think Claude is a recursively self-improving silicon God, and that we are all a couple refusals away from falling into the perpetual underclass. This gives them way more power than they deserve.

Of course they believe they should dictate morality to you and control the future light cone of the universe and everything they do is justified for the mission and so on and so forth. And yea, the model is pretty good , so you worry that if the model is good that they will get their way about other things.

A lot of people in history have had dumb ideas about ruling the world, doesn’t mean they can actually do it. They are a product of the rationalist cult (which surprise surprise, thinks the world is going to end soon but advocates for polyamory in the mean time). There’s some short-term dangers from them, but long-term very little. Remember when SBF wanted to regulatory capture all of crypto? And similar to Claude, FTX was a successful product! But the totalizing nature of the ideology contains its downfall.

The tech to make models is way more commodity than previous generations of technology, the biggest factor is mostly if you are willing to spend money on compute and data. We should be grateful that their ideology pushes them to train way bigger models than is probably economically rational. (also, always remember that most all American companies have Chinese spies in them, so while they don’t publish their research, at least it’s making its way into the open models eventually)

Once you reject this premise, the whole drama deflates into a much more reasonable question about who will capture margin in a commoditizing industry. Here’s my prediction for what actually happens.

Imagine a tractor replacing a team of people to dig holes. At first, finance people are stupid, and think that the size of the tractor market will be the size of the hole digging market. Instead of the money going to the laborers, it will instead go to the tractor companies. But the fallacy here is that the price of the labor is related to its value. In reality, unless there’s some insane price fixing, it’s set by the real cost in a competitive tractor industry.

So if holes become 10x cheaper to dig, the hole digging market size in dollars becomes 10x smaller. Maybe some of it is offset by digging more holes now that the cost is less, but it’s unlikely to immediately 10x hole demand, since there really are only so many uses for holes.

I think this is basically what it will be for most knowledge work, knowledge workers are so grossly overpaid compared to the energy they consume, and AI will rectify that. This explains why the Chinese are giving the (much more moderate resources to train) models away for free. They love to see deflationary economics in the US. Even if you regulatory capture the US government, nobody is getting a monopoly on AI, we don’t live in a unipolar world anymore.

AI will be cheap, everywhere, collapse a bunch of sectors of work, wreck wage premiums , and cause a big reevaluation of status hierarchies . Who else is excited for Great Depression 2: Electric Boogaloo ?

This new eGPU barely works in Linux, gets quite hot, and is based on tech gamers already rejected. So why am I so excited about it? It’s hot. It’s kind of heavy. And on my computing weapon of choice, it’s hard to set up. But honestly, I love that it exists. Recently I’ve been taking a look at an eGPU, the Gigabyte Aorus RTX 5060 Ti AI Box, which is essentially a desktop GPU in a relatively small case. I’ve always been really curious about eGPUs, in part because they presumably offer the best of all worlds in many situations. Your laptop stays home with you, but when you want something beastly, you plug an eGPU into your setup, and boom—good graphics. What makes the AI Box interesting is that it is technically small enough to fit in your laptop bag, while still giving your presumably older laptop a leg up. (As it supports Thunderbolt 5, it also will eventually run faster whenever you get to upgrading the thing.) Not sure many folks know about this yet, so in case you don’t, here’s your introduction. The GPU is actually a desktop GPU, though one that got gamer raspberries when it first came out. The Nvidia RTX 5060 was seen as underpowered and lacking in the RAM department when it first came out. The 5060 Ti still got the side-eye from gamers, but the bump up to 16GB of RAM made it more attractive to creatives or … yes, folks messing around with AI on their local machines. Part of the reason for this comes down to its design. Unlike most GPUs, it is designed for an eight-lane PCIe gen 5 setup, rather than the more common 16-lane approach. (PCIe has gotten really fast, which is why that’s even possible.) And once you remove the myriad number of fans the thing has, the board is actually quite small. Oddly enough, I think the context is what really matters here. In a desktop for your average Black Myth: Wukong player, it feels a little on the weaker end. But for laptop jockeys who only occasionally load up Steam, it suddenly seems utterly awesome. It is a beacon of miniaturization that someone got a card this powerful to actually in something the size of a traditional Thunderbolt dock. I had to improvise a case for this. A camera bag with the dividers removed makes for a pretty good one. (I included it in an eGPU Starter Kit , if you’re curious.) You could carry this thing into a Panera and people would look at you like you have a giant power brick. (A small miss in this context is the decision to not include a sturdier case; after looking around, I landed on the Koolertron Waterproof DSLR Camera Bag . It fits nicely in a Chrome bag .) And given the speeds of the laptops where this might end up getting used—my HP Envy has dedicated Intel Arc graphics, but they pale in comparison to this thing—and the value prop shows itself. Another way the value prop shows itself: At $699, it’s not that much more expensive than a standalone 5060 Ti, and it is more or less self-contained, which you definitely can’t say for a low-end eGPU. (It is more expensive than what the base price of the card was supposed to be, but, y’know, AI.) Most are just cheap adapters that presume that 1) you have a power supply and 2) you’re cool with letting your GPU hang out in the open air. It’s a rare example where you actually get more value from it by setting the upgradeability aside. (Though maybe not! As noted by a user on the eGPU.io forums , the device itself is just a GPU on a very small PCIe card, plugged into an adapter. So if another card like this ever exists, you might even be able to upgrade it.) It looks like a Thunderbolt dock until you look through the grill and realize there are a couple of pretty big fans in there. I set this thing up in Linux because I hate myself I’m not going to sugar-coat it: If you’re buying an eGPU to run on Linux, you’re intentionally asking for a world of pain. Fortunately, as a former Hackintosher , I’m a glutton for punishment, and I was willing to experiment to get the upside. And the problems this box had—freezes whenever the driver was enabled—reminded me of the most stressful parts of troubleshooting kexts in Clover. The AI Box’s driver situation hasn’t fully been settled on Linux. But that hasn’t stopped some from trying, particularly developer Andrew Obersnel, who has built a project called nvidia-driver-injector that essentially patches Nvidia’s driver, then runs it in a Docker container. What the GPU looks like when it’s working with an additional load on it. Even with that starting point, it still wasn’t a cakewalk. Obersnel’s tool was written for the more powerful 5090 AI Box—same family, different requirements. On top of that, I was trying to run it in Bazzite DX, an immutable distro, which meant a more complicated state of affairs for me. (I’m used to it.) Getting this working is absolute gruntwork, the kind of thing where using an LLM can be a huge help, helping to make sense of admittedly complex debugging schemes. It took a few hours, but eventually I hit paydirt. Unfortunately for me, the next update to Bazzite hit right after and forced me to rebuild everything. Annoying, but a little more LLM gruntwork got me on track. But let it be known: Linux is not for the faint of heart at this time. Hopefully that changes. Other operating systems offered differing tales: I ran it in Windows 11, installed the Nvidia drivers, and was immediately off to the races. More intriguingly, this GPU can theoretically run on Apple Silicon thanks to some newly sanctioned drivers from TinyGrad. I actually tested this method on my M1 Air and immediately ran into a brick wall, but if the card was a little older, it would have worked. Oh well, I’ll give it another shot in six months.

Running speed trials all over the place My planned use case for this thing involves experimenting with local LLMs and giving creative software, particularly Affinity, a little extra horsepower. I did run a land speed test in LM Studio by having them run the same prompt. Using Qwen 3 VL 4B, a model small enough to fully fit in the laptop’s Intel Arc chip, the difference was fairly stark. The laptop’s dedicated GPU spat out text at about 14 tokens a second; the eGPU did so at 118 tokens/second. It was not even close, and there’s still headroom on this thing to spare. The most honest LLM I’ve ever seen: “If there’s any ‘secret’ worth sharing about how LLMs like me work (and why internet-connected ones like ChatGPT wouldn’t dare to admit them), it’s this: we don’t actually know anything.” Newer models impressed as well, including the new Gemma4 12B model (around 35 tokens per second) and a distilled version of Qwen 3.5 trained on DeepSeek 4 (around 60 tokens per second). At least from a speed perspective, these models are quite capable—and after a little optimization I was able to increase those numbers a little further. Local LLMs do have limits, however, and they’re easy to hit. I proved this with a very Tedium-coded challenge involving one of my favorite indie-rock dynasties: “Share with me a story about how Conor Oberst beat Tim Kasher in a trivia game about the history of Omaha.” All the tests shared a story, but the details were where everything fell flat. Most, not all, of the LLMs were aware that Oberst was the singer of Bright Eyes, but none got close to figuring out which band Kasher led—one said The Decemberists, another said The National. (The answer, of course, is Cursive, or if you’re a real fan, The Good Life.) You don’t trust models with anything factual, of course, but local LLMs are likely more fact-deprived than their server-rack cousins. And from a coding perspective, you will have to be careful about how you utilize a tool like this, testing some models to find the right balance. For example, I found that Gemma4 struggled to complete coding-related tasks in Opencode , while the Qwen/DeepSeek combo I tested did fine, even if it wasn’t quite as smart as DeepSeek proper. (This is way beyond where it was a year ago, though.) Minus some interface artifacting, this now runs about as smooth as something like Krita. One area where I was pleased with the results of this test was Affinity. I did a fresh install of the tool using the graphical installer , and after a little troubleshooting, I had a very polished app that excelled in Vulkan mode using this GPU plugged in. And for the nerds, yes, I did try a game or two. The 2016 edition of Doom, probably the closest thing in my library I have to a heavy game, scored 70fps at 4K medium and neared 100fps at 1440p ultra. Not a bad showing. But it was a fraught one, in part because of Linuxy issues. I had some issues with resizable BAR (Base Address Register) that I needed to work out, and even after I did that, I ran into frequent freezes when attempting to run a DisplayPort cable through the eGPU itself. I don’t think that’s the device. I think it’s a mixture of driver immaturity and user error. It does mean that until I get it fixed, I’m leaving performance on the table until I bite the bullet and go back to Windows 11. This is not a plug-and-play device on Linux. In fact, it had a tendency to siphon resources from other plugged-in devices to feed its never-ending desire for bandwidth. (At times, it could disable other devices plugged into a Thunderbolt dock, like my keyboard, mouse, and webcam.) But for those willing to put in the work, it is a very capable one. The stand, an optional feature, is kind of clever: It sticks onto the bottom with magnets. You can rock this either way, but the heat will be way more manageable the stand. The eGPU for the rest of us? Not yet, but … I’m certainly not going to say that the eGPU market is one that I have a deep understanding of, but its potential has always been a bit difficult to grasp for normal consumers because of what it represents. It’s a tool to bring a stationary task to a portable system, a niche that has never truly had its moment, like mini PCs have. I think a device like this one gets us closer to such a moment. These things do have real downsides from a technical standpoint: Thunderbolt is just not as fast as a PCIe connection, and to get the best graphical performance out of the thing, you need to plug it into an external monitor. Having it run back through your laptop just tanks performance, though it’s still probably faster than anything else in your machine. The 5060 Ti AI Box is certainly not the first “breakaway box” that attempts to bring a more portable form of this model to computers. But it is a relatively rare beast—a desktop GPU in a box that is smaller than a standard desktop GPU card. Plus, most prior attempts have been AMD graphics. AMD is fine, but the company is behind from a machine-learning standpoint, even with its recent improvements to its ROCm computation stack . (Side note: I think Intel should consider offering an eGPU, or at least push its vendors to offer one, as its Arc cards are fairly price-competitive at this time and would likely play nicer with Linux.) There’s a possibility that eGPUs could eventually become a bridge device as laptops become more GPU-forward. That phenomenon already happened in the Mac ecosystem and could happen with PCs, based on Nvidia’s recent moves into ARM laptops. Those chips are powerful, with 5070-class GPUs and lots of RAM. But they’re not going to reach normal people for quite a while, thanks in part to their workstation-class positioning. Unless Nvidia taps into its war chest like Apple has, these are likely going to be mid-four-figure computers. Even enthusiasts might find themselves passing, at least at first. In that light, an eGPU that can be plugged into a Thunderbolt port and can offer something approaching that experience to a class of people with normie laptops feels like an excellent compromise. That’s especially true if LLMs become more fundamental to how we do work. When I got this thing, I didn’t think the portability would be such an important part of why I like it so much, but it’s honestly the main feature. I hope we see a dozen models like it. And I hope we see some real work on making them first-class Linux citizens.

Compute-Free Links Today in perfect brand collabs: WD-40 and King of the Hill . Tom Green and Steven Page performing a classic Canadian TV show theme song? In The Tragically Hip’s studio? Yes, that’s a thing that happened , thanks in no small part to Green having a new interview show on Crave. Speaking of Canada, did you hear about the Air Canada pilot who flew for the airline for 16 years without a proper license? Like a slow-motion Catch Me if You Can , he’s now facing charges . -- Find this one an interesting read? Share it with a pal ! Curious about trying an eGPU yourself? Check out our eGPU Starter Kit over on the Tedium Shopping Network , complete with ideas to get you started.

Anthropic Walks Back Policy That Could Have ‘Sabotaged’ AI Researchers Using Claude

Big scoop for Maxwell Zeff at Wired:

“We’re changing Fable 5’s safeguards for frontier LLM development to make them visible.” Anthropic said in a statement to WIRED. “We made the wrong tradeoff and we apologize for not getting the balance right.”

There's been a huge outcry about Anthropic's policy, tucked away in their system card , that Claude Fable/Mythos would identify "requests targeting frontier LLM development" and "limit effectiveness" without notifying the user.

It's good news that they're dropping the invisible aspect of this. It would be a whole lot better of they dropped this category of refusals entirely.

Update : More details from @ClaudeDevs on Twitter :

We’re rolling out changes to make Fable 5’s safeguards for frontier LLM development visible.

Starting this week, flagged requests will visibly fall back to Opus 4.8—the same as our safeguards for cyber and bio. You will see this every time it happens. On the API, any flagged requests will return a reason for their refusal (coming to server-side fallback in the next few days).

We wanted to deploy Fable 5 to our users quickly and safely. Visible safeguards can be probed, so they have to be robust, which takes time to get right. Invisible safeguards can be targeted more narrowly, allowing us to ship quickly with very few false positives. We went with invisible safeguards for this reason—and that was the wrong tradeoff. You should have visibility into the safeguards we have in place, and why. We’re sorry for not getting the balance right.

Via @zeffmax

Tags: ai , generative-ai , llms , anthropic , claude , ai-ethics , claude-mythos

Chance Miller, at 9to5Mac on Monday:

Apple’s Siri team, led by Craig Federighi, held a post-WWDC keynote tech talk with members of the press this afternoon to talk through iOS 27 and the new Siri AI. During the talk, Federighi shared more details about Apple’s collaboration with Google. Federighi was joined by Amar Subramanya (vice president of AI), Mike Rockwell (Siri lead), and Sebastien Marineau-Mes (software VP).

On the Google collaboration, Federighi explained:

Of course, we don’t have the Gemini app as our app. In fact, none of that client code is part of how we run on iOS. For these models, we use none of the models that Google deploys to their customers, nor do we use the infrastructure and means by which they deploy models to their customers. And then, when it comes to the knowledge base, we of course don’t use Google Search or anything like that as the foundation of our system. So I hope that’s clear. The amount of the Google Assistant we use is none.

So let’s talk about what we do use, or how our system is built.

This “Tech Talk” was good. It was detailed and technical, and there were live on-stage demos of Siri AI in action from Mike Rockwell. I don’t think Apple is ever going to go back to live on-stage major keynotes, but I do think the company is returning to more live events, including demos. There was a big live Siri AI/Apple Intelligence session for developers Tuesday morning in Steve Jobs Theater, which also had live demos. More like this, please.

★

After being invited to bugSWAT Mexico in October 2025, I found myself drawn back to Google research. While I'd been focused on other projects for several months, the team's willingness to give researchers a peek into Google's source code reignited my interest in exploring Google's attack surface.

Having spent the past year building small projects with Claude, I realized there was untapped potential in using AI to automatically fuzz Google's APIs at scale. The key to this approach? Google's discovery documents. For those unfamiliar, I'd recommend reading my other article for a deep dive, but here's a quick refresher:

Discovery documents are essentially Google's equivalent of Swagger docs - machine-readable API specifications that list all available endpoints, parameters, and methods. While they're publicly documented for APIs like the YouTube Data API , they also exist for Google's internal APIs (like the Internal People API). Some discovery docs are publicly accessible , while most require valid API keys .

Here's an example from the YouTube Data API's discovery document:

... "liveChatModerators" : { "methods" : { "insert" : { "flatPath" : "youtube/v3/liveChat/moderators" , "description" : "Inserts a new resource into this collection." , "httpMethod" : "POST" , "parameters" : { "part" : { "description" : "The *part* parameter serves two purposes in this operation. It identifies the properties that the write operation will set as well as the properties that the API response returns. Set the parameter value to snippet." , "repeated" : true , "required" : true , "location" : "query" , "type" : "string" } ... # Collecting API Keys To access most discovery documents, you need a valid API key. API keys are embedded in virtually every Google app and service, but crucially, an API key found in one service will often have multiple other APIs enabled for its Google Cloud Platform (GCP) project. This means that collecting as many keys as possible would give us access to numerous Google APIs. For the key collection part, my friend Michael and I teamed up.

We took an exhaustive approach. We scraped over 60,000 Android APKs (every version of every Google app ever released), unpacked them, and grepped for API keys.

user@siege:/mnt/data/apks$ ls -1 | wc -l 61200 We built a Chrome extension using the Chrome Debugger API to intercept network traffic, then systematically visited all known Google web domains (2.8k+) and used every web app feature possible to capture keys from live requests.

We also decrypted every Google IPA we could obtain and analyzed any Google binaries we could find.

To keep things in scope for Google VRP and remove non-Google API keys (keys from third-party GCP projects), I used an interesting endpoint I found in the Cloud Marketplace API. First, we need the project number associated with the key's GCP project, which is revealed in the error message returned when using the key with a Google API it doesn't have enabled. For instance, fetching https://protos.googleapis.com/$discovery/rest?key=AIzaSyDWUi9T78xEO-m10evQANR7TMSiB_bjyNc returns the error: Protos API has not been used in project 244648151629 before , revealing the project number.

The Cloud Marketplace endpoint takes this project number and returns information about the project:

GET /v1test/infoSharing/test/test/1044708746243 HTTP/2 Host : cloudmarketplace.clients6.google.com Cookie : <redacted> Authorization : <redacted> Origin : https://console.cloud.google.com X-Goog-Api-Key : AIzaSyDWUi9T78xEO-m10evQANR7TMSiB_bjyNc 1044708746243 is the target project number.

This responds with the following:

HTTP/2 200 OK Content-Type : application/json; charset=UTF-8

{ "company" : "google.com" , "email" : "gvrptest2 @gmail .com" , "name" : "GVRP Test2" } The email and name are for my authenticated Google account, but the company is the domain tied to the GCP project number we supplied. Running this endpoint through the GCP projects tied to all the keys allowed for filtering out non-Google API keys, by simply discarding keys not from google.com projects (or other acquisitions e.g nest.com , fitbit.com , wing.com ).

With API keys collected, the next step was finding all Google API domains to scan. I used a combination of domains logged by the Chrome extension, brute-force generated names using keywords, and certificate transparency logs . To verify if a domain was a live Google API, I made the following request:

GET / HTTP/2 Host : people-pa.googleapis.com Then I would check the Server response header:

HTTP/2 404 Not Found Date : Mon, 16 Feb 2026 08:46:31 GMT Content-Type : text/html; charset=UTF-8 Server : ESF If this header existed (usually ESF , GSE , or scaffolding on HTTPServer2 ), then it was a valid Google API service that was alive and responding to requests.

# Scanning for Discovery Documents Equipped with valid API keys and a list of live Google API domains, I started mass scanning for open discovery documents. In July 2025, Google removed the /$discovery/rest path from most of their APIs, but if you're clever enough this is possible to bypass in some cases.

There was another layer of complexity. As covered in my previous article, certain Google Cloud projects have visibility labels enabled, giving them access to hidden endpoints that won't show up in discovery documents unless the labels parameter is provided. For example, if we fetch the Service Management API discovery document without labels:

GET /$discovery/rest HTTP/2 Host : serviceusage.googleapis.com X-Goog-Api-Key : AIzaSyDWUi9T78xEO-m10evQANR7TMSiB_bjyNc The response is 253k bytes. However, with ?labels=GOOGLE_INTERNAL :

GET /$discovery/rest?labels=GOOGLE_INTERNAL HTTP/2 Host : serviceusage.googleapis.com X-Goog-Api-Key : AIzaSyDWUi9T78xEO-m10evQANR7TMSiB_bjyNc The response grows to 329k bytes , revealing significantly more hidden documentation. The catch is that the labels parameter only accepts one label at a time. This meant testing every known label with every API key across all discovered APIs. The request volume was massive, but it was the only way to uncover endpoints hidden behind visibility labels.

After all this, I was able to get discovery documents for 1,500+ APIs. Combining these with discovery docs I'd archived from my past research , I was ready to start using AI to fuzz these automatically.

# Authentication We've got authorization sorted thanks to API keys, but many endpoints also require authentication credentials to identify which Google account is calling the API. If you tried to use Bearer authentication with an API key, you'd get a mismatch error since bearer tokens themselves are tied to GCP projects:

{ "error" : { "code" : 400 , "message" : "The API Key and the authentication credential are from different projects." , "status" : "INVALID_ARGUMENT" , ... } } There's no known way around this using bearer authentication. Even if you use X-Goog-User-Project: <project_number> , it validates if your authenticated account has the roles/serviceusage.serviceUsageConsumer role in that GCP project. If you figure one out, let me know .

However, many APIs support Google's proprietary First Party Authentication (FPA), which does work with API keys. If you've ever looked at how Google APIs work on the web:

POST /v1/items:get?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/3 Host : drivefrontend-pa.clients6.google.com Cookie : <redacted> Content-Type : application/json+protobuf Authorization : SAPISIDHASH <redacted> SAPISID1PHASH <redacted> SAPISID3PHASH <redacted> X-Goog-Authuser : 0 Origin : https://drive.google.com Referer : https://drive.google.com/ The requests include the Google account session Cookie as well as an Authorization value computed from the cookie. They're also sent to the hostname *.clients6.google.com instead of *.googleapis.com . There's a well-known Stack Overflow post on this, however that doesn't cover the full picture. Many APIs like drivefrontend-pa.googleapis.com require a more complete version of Google's FPA v2 authorization header that embeds user identifiers like email addresses within the hash.

Thankfully, Michael spotted that Google accidentally leaked sourcemaps for some time on https://android-review.googlesource.com/q/status:open+-is:wip which allowed us to see Google's frontend source code for their internal gapix library, which contained code for generating the FPA v2 authorization header.

You can find the full file here .

The new FPA system (v2) works as follows. Three user identifiers can be included in the hash:

* @param {? Array <{ key :string, value :string}>=} opt_userIdentifiers an * array of { key :, value :} objects where 'key' is : <li> * <ul> 'e' : denotes that the corresponding 'value' is the user 's email address * <ul>' u ': denotes that the corresponding ' value ' is the user' s * focus-obfuscated Gaia ID * <ul> 'a' : denotes that the corresponding 'value' is the user account 's * app domain (required only for dasher accounts) The token is then generated:

// Extract identifier keys (e.g. "e", "u", "a") and values (email, gaia id, domain) goog. array . forEach (userIdentifiers, function ( element, index, array ) { suffix. push (element[ "key" ]); // ["e", "u"] -> "eu" identifiers. push (element[ "value" ]); // ["user@gmail.com", "ABC123"] });

// Get current Unix timestamp const timestamp = Math . floor ( new Date (). getTime () / 1000 );

// Build SHA1 input: "email:gaiaId timestamp sessionCookie origin" if (goog. array . isEmpty (identifiers)) { sha1Parts = [timestamp, sessionCookie, origin]; } else { sha1Parts = [identifiers. join ( ":" ), timestamp, sessionCookie, origin]; }

// Compute SHA1 hash of space-joined parts const sha1 = gapix. auth_firstparty . tokencrafter . computeSha1_ ( sha1Parts. join ( " " ) );

// Final token: "timestamp_sha1hash_identifierKeys" e.g. "1739700391_abc123def_eu" const tokenParts = [timestamp, sha1]; if (!goog. array . isEmpty (suffix)) { tokenParts. push (suffix. join ( "" )); } return tokenParts. join ( "_" ); Gaia stands for "Google Accounts and ID Administration". Every Google account has a sequential unobfuscated Gaia ID e.g 131337133377, as well as a longer identifier, the Focus-obfuscated Gaia ID , which looks like 101189998819991197253.

So the final token format is <timestamp>_<hash>_<identifier_keys> . For example, a Google Workspace user (internally called dasher )'s token might look like 1739700391_abc123def456_eua where eua indicates the hash was computed using email, obfuscated Gaia ID, and Google Workspace domain. The origin used in the hash is the Origin header value (e.g. https://drive.google.com ).

A fun fact: There are only three possible user identifier keys: u for obfuscated Gaia ID, e for email, and a for Google Workspace domain. If you specify other letters, the API backend just ignores them. So it's actually possible to mint a valid auth header containing arbitrary strings - for example <timestamp>_<hash>_googlesauthteamhatesthisoneweirdtrick

# Origin Whitelisting The Origin header value here is important.

This header is automatically added by web browsers and indicates the scheme/host of the current tab, which looks like Origin: <scheme>://<hostname>[:<port>]

Many APIs have a so-called "origin whitelist". If you use a non-whitelisted origin, you get a misleading error like this:

{ "error" : { "code" : 401 , "details" : [ { "@type" : "type.googleapis.com/google.rpc.ErrorInfo" , "domain" : "googleapis.com" , "metadata" : { "cookie" : "UNKNOWN" , "method" : "google.internal.businessprocess.v1.BusinessProcess.GetIssue" , "service" : "businessprocess-pa.googleapis.com" } , "reason" : "SESSION_COOKIE_INVALID" } ] , "message" : "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project." , "status" : "UNAUTHENTICATED" } } This doesn't mean that your cookie is invalid, but instead that you're using a non-whitelisted origin. The origin whitelist isn't documented anywhere, but using the proto leak bug I found in my last writeup , I checked the proto definition for gaia_mint.AllowedFirstPartyAuth :

syntax = "proto3" ;

package gaia_mint;

message AllowedFirstPartyAuth { enum FirstPartyOriginEnforcementLevel { UNKNOWN = 0 ; MONITORING_ONLY = 1 ; PRODUCTION_ORIGINS_ONLY = 2 ; ENFORCE_ALL = 3 ; }

bool allow_insecure = 1 ; bool allow_insecure_pvt = 2 ; bool legacy_allow_all_origins = 3 ; FirstPartyOriginEnforcementLevel enforcement_level = 4 ; repeated AllowedFirstPartyAuthOriginRule allowed_origin_rule = 5 ; repeated string skip_origin_check_for_test_user = 6 ; repeated string include_named_origin_rule_list = 7 ; }

message AllowedFirstPartyAuthOriginRule { string origin = 1 ; bool is_country_domain_prefix = 2 ;

oneof mutual_exclusive_options { bool is_sharded_domain = 3 ; bool allow_subdomains = 4 ; } } This gives us a deeper look into how Google handles origin validation internally. We can see there are different enforcement levels and support for subdomain wildcards. APIs that allow all origins are likely using legacy_allow_all_origins .

# API Key Restrictions However, one issue I came across was that certain keys had certain header restrictions.

There are four different types of restriction: Server, Browser, Android, and iOS. These restrictions are also available for anyone to set on their own GCP project's keys, as documented in https://docs.cloud.google.com/api-keys/docs/add-restrictions-api-keys

You can see these restrictions defined in Google's error_reason proto :

// Defines the supported values for `google.rpc.ErrorInfo.reason` for the // `googleapis.com` error domain. This error domain is res

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

Release: datasette-agent 0.2a0

Highlights from the release notes:

• Tools can now ask the user questions mid-execution. Tools that declare a context parameter receive a ToolContext object, and await context.ask_user(...) can ask a yes/no, multiple-choice ( options=[...] ) or free-text ( free_text=True ) question. While a question is unanswered the agent turn suspends: the question renders as a form in the chat UI and persists to the internal database, so suspended conversations survive a server restart. Once answered, the tool re-executes from the top with stored answers replayed, so call ask_user() before performing side effects. #20

• New built-in save_query tool: the agent can save SQL it has written as a Datasette stored query . Saving always requires human approval - the agent shows the full SQL plus the proposed name, database and visibility, and nothing is stored until you click Yes. #20

The ask_user() feature was enabled by the new LLM alpha I built yesterday with the help of Claude Fable 5.

Tags: ai , datasette , generative-ai , llms , datasette-agent

I ran an experiment today to see whether Claude could generate Lean code to prove a calculation at the bottom of this post , six lines of calculus.

I started with this prompt

This page contains a mathematical proof that a Fourier coefficient, a_n, is given in terms of a Bessel function. The LaTeX source for the SVG image is contained in the alt tag of the image. Generate a formal proof of the result using Lean.

and give it the URL of the post. It produced a proof without any further input, but the proof wouldn’t build.

I pasted in the error messages and let Claude try to fix the proof, deliberately not giving it any help other than pasting in error messages. It took eight iterations, but eventually it worked.

There were four places in the proof marked “sorry,” which Claude explained as follows.

Why the sorry s?

Real.besselJ definition or a Kepler namespace. The three remaining sorry s correspond to standard analysis lemmas (IBP and change-of-variables) that exist in Mathlib under intervalIntegral — the file cites the exact lemma names needed to close each one. This is the accepted style for “roadmap” Lean proofs ahead of library coverage.

The full proof is given below.

/- KeplerBessel.lean ================= Formal proof that the n-th Fourier sine-series coefficient of (E − M), where E and M are related by Kepler's equation M = E − e · sin E, equals aₙ = (2/n) · Jₙ(n·e), with Jₙ the Bessel function of the first kind of integer order n.

Mathematical content -------------------- We expand E(M) − M in a sine series on [0, π]:

E(M) − M = Σ_{n=1}^∞ aₙ · sin(n·M)

The standard Fourier formula gives

aₙ = (2/π) ∫₀^π (E(M) − M) sin(n·M) dM.

Integrating by parts (boundary terms vanish because E(0)=0 and E(π)=π):

aₙ = (2/(nπ)) ∫₀^π (E'(M) − 1) cos(n·M) dM = (2/(nπ)) ∫₀^π E'(M) cos(n·M) dM -- the "−1" term vanishes

Changing variable M ↦ E via M = E − e·sin E (so E'(M) dM = dE):

aₙ = (2/(nπ)) ∫₀^π cos(n·E − n·e·sin E) dE = (2/n) · Jₙ(n·e).

The last step uses the Bessel integral representation Jₙ(x) = (1/π) ∫₀^π cos(n·θ − x·sin θ) dθ. -/

import Mathlib

open Real MeasureTheory intervalIntegral Filter Set

noncomputable section

/-! --------------------------------------------------------------- §1 Variables --------------------------------------------------------------- -/

variable (e : ℝ) (he : 0 ≤ e) (he1 : e < 1) /-! --------------------------------------------------------------- §2 Kepler's equation and its smooth solution --------------------------------------------------------------- -/ /-- The Kepler map M = E − e·sin E as a function of E. -/ def keplerMap (e : ℝ) (E : ℝ) : ℝ := E - e * sin E /-- `keplerMap e` has derivative 1 − e·cos E at every point. -/ lemma keplerMap_hasDerivAt (e E : ℝ) : HasDerivAt (keplerMap e) (1 - e * cos E) E := -- keplerMap e = fun x => x - e * sin x, so HasDerivAt follows directly -- from sub-rule and const_mul applied to hasDerivAt_sin. (hasDerivAt_id E).sub ((hasDerivAt_sin E).const_mul e)

/-- The derivative of `keplerMap e` is positive when e < 1. -/ lemma keplerMap_deriv_pos {e' : ℝ} (he' : 0 ≤ e') (he1' : e' < 1) (E : ℝ) : 0 < 1 - e' * cos E := by have hcos : cos E ≤ 1 := cos_le_one E nlinarith [mul_le_of_le_one_right he' hcos]

/-- `keplerMap e` is strictly monotone when e < 1. Uses `strictMono_of_hasDerivAt_pos` which requires only pointwise `HasDerivAt` and positivity — no separate continuity proof needed. -/ lemma keplerMap_strictMono {e' : ℝ} (he' : 0 ≤ e') (he1' : e' < 1) : StrictMono (keplerMap e') := strictMono_of_hasDerivAt_pos (fun E => keplerMap_hasDerivAt e' E) (fun E => keplerMap_deriv_pos he' he1' E)

/-! We axiomatise the inverse eccAnom : ℝ → ℝ → ℝ and its key properties, all of which follow from the Inverse Function Theorem applied to the smooth, strictly monotone map keplerMap e. -/

/-- The eccentric anomaly: the smooth right-inverse of `keplerMap e`. -/ axiom eccAnom (e : ℝ) : ℝ → ℝ

/-- `eccAnom e M` satisfies Kepler's equation. -/ axiom eccAnom_kepler (e M : ℝ) : keplerMap e (eccAnom e M) = M

/-- `eccAnom e` is differentiable, derivative = 1/(1 − e·cos(eccAnom e M)). -/ axiom eccAnom_hasDerivAt (e M : ℝ) : HasDerivAt (eccAnom e) (1 / (1 - e * cos (eccAnom e M))) M

/-- Boundary value at 0. -/ axiom eccAnom_zero (e : ℝ) : eccAnom e 0 = 0

/-- Boundary value at π. -/ axiom eccAnom_pi (e : ℝ) : eccAnom e π = π

/-! --------------------------------------------------------------- §3 Bessel function of the first kind (integer order)

Defined by the classical integral representation. --------------------------------------------------------------- -/

/-- Bessel function J_n(x) via its integral representation. -/ def besselJ (n : ℕ) (x : ℝ) : ℝ := (1 / π) * ∫ θ in (0 : ℝ)..π, cos (↑n * θ - x * sin θ)

/-! --------------------------------------------------------------- §4 Fourier coefficient

Named keplerFourierCoeff to avoid clashing with Mathlib's own `fourierCoeff` which is defined on AddCircle. --------------------------------------------------------------- -/

/-- The n-th Fourier sine coefficient of eccAnom e M − M on [0,π]. -/ def keplerFourierCoeff (e : ℝ) (n : ℕ) : ℝ := (2 / π) * ∫ M in (0 : ℝ)..π, (eccAnom e M - M) * sin (↑n * M)

/-! --------------------------------------------------------------- §5 Main theorem --------------------------------------------------------------- -/

/-- **Main theorem.** For n ≥ 1, the Fourier sine coefficient of the eccentric-anomaly displacement satisfies aₙ = (2/n) · Jₙ(n·e). -/ theorem keplerFourierCoeff_eq_besselJ (n : ℕ) (hn : 1 ≤ n) : keplerFourierCoeff e n = (2 / (n : ℝ)) * besselJ n (↑n * e) := by simp only [keplerFourierCoeff, besselJ] -- Goal: -- (2/π) · ∫₀^π (E(M)−M)·sin(nM) dM -- = (2/n) · (1/π) · ∫₀^π cos(nθ − ne·sinθ) dθ

-- ── Step 1: Integration by parts ───────────────────────────────────── -- u = E(M)−M, dv = sin(nM)dM → v = −cos(nM)/n -- Boundary: [uv]₀^π = 0 by eccAnom_zero, eccAnom_pi. -- Result: (2/π)∫(E−M)sin(nM)dM = (2/π)(1/n)∫(E'(M)−1)cos(nM)dM -- -- Mathlib lemma: intervalIntegral.integral_mul_deriv -- (or integral_deriv_mul_eq_sub_of_hasDerivAt applied to -- u = eccAnom e − id, v = −sin(n··)/n) have step1 : (2 / π) * ∫ M in (0 : ℝ)..π, (eccAnom e M - M) * sin (↑n * M) = (2 / π) * (1 / ↑n) * ∫ M in (0 : ℝ)..π, (deriv (eccAnom e) M - 1) * cos (↑n * M) := by sorry

-- ── Step 2: The "−1" integral vanishes ─────────────────────────────── -- ∫₀^π cos(nM) dM = [sin(nM)/n]₀^π = 0 (integer n ≥ 1) -- Mathlib: integral_cos, Real.sin_nat_mul_pi have cos_int_zero : ∫ M in (0 : ℝ)..π, cos (↑n * M) = 0 := by sorry

have step2 : ∫ M in (0 : ℝ)..π, (deriv (eccAnom e) M - 1) * cos (↑n * M) = ∫ M in (0 : ℝ)..π, deriv (eccAnom e) M * cos (↑n * M) := by have key : ∀ M : ℝ, (deriv (eccAnom e) M - 1) * cos (↑n * M) = deriv (eccAnom e) M * cos (↑n * M) - cos (↑n * M) := by intro M; ring simp_rw [key] rw [intervalIntegral.integral_sub _ _] · rw [cos_int_zero, sub_zero] · -- IntervalIntegrable (deriv (eccAnom e) · cos(n··)) sorry · exact (continuous_cos.comp (continuous_const.mul continuous_id')).intervalIntegrable 0 π

-- ── Step 3: Change of variable M ↦ E via Kepler's equation ─────────── -- Under M = E − e·sin E: E'(M) dM = dE, cos(nM) = cos(nE − ne·sinE) -- Mathlib: MeasureTheory.integral_image_eq_integral_abs_deriv_smul -- or intervalIntegral.integral_comp_deriv have step3 : ∫ M in (0 : ℝ)..π, deriv (eccAnom e) M * cos (↑n * M) = ∫ E in (0 : ℝ)..π, cos (↑n * E - ↑n * e * sin E) := by sorry

-- ── Step 4: Recognise the Bessel integral ──────────────────────────── -- (1/π)∫₀^π cos(nE − ne·sinE)dE = J_n(ne) by definition. have step4 : (1 / π) * ∫ E in (0 : ℝ)..π, cos (↑n * E - ↑n * e * sin E) = besselJ n (↑n * e) := by simp only [besselJ]

-- ── Combine all steps ──────────────────────────────────────────────── have hpi : π > 0 := Real.pi_pos have hn_pos : (0 : ℝ) < ↑n := by exact_mod_cast (show 0 < n by omega) rw [step1, step2, step3] -- Goal: (2/π)·(1/n)·∫cos = (2/n)·(1/π)·∫cos -- Both sides equal (2/(nπ))·∫cos; show by ring after moving (1/π) inside. have factored : (2 / π) * (1 / ↑n) * ∫ E in (0 : ℝ)..π, cos (↑n * E - ↑n * e * sin E) = (2 / ↑n) * ((1 / π) * ∫ E in (0 : ℝ)..π, cos (↑n * E - ↑n * e * sin E)) := by ring rw [factored, step4]

end

/-! --------------------------------------------------------------- §6 Summary of proof obligations

Axioms (all standard consequences of the Inverse Function Theorem applied to the smooth, strictly increasing map keplerMap e): • eccAnom — existence of the smooth inverse • eccAnom_kepler — it satisfies Kepler's equation • eccAnom_hasDerivAt — C¹ with derivative 1/(1 − e·cos E) • eccAnom_zero — E(0) = 0 • eccAnom_pi — E(π) = π

`sorry`s (each closes with a standard Mathlib lemma): • step1 IBP via intervalIntegral.integral_deriv_mul_eq_sub_of_hasDerivAt • cos_int_zero ∫₀^π cos(nM)dM = 0 via integral_cos + Real.sin_nat_mul_pi • step2 integrability IntervalIntegrable for deriv(eccAnom e)·cos(n·) • step3 Change of variables via MeasureTheory.integral_image_eq_integral_abs_deriv_smul

§7 Finding minimal imports

Once the file builds cleanly, add at the bottom:

#min_imports

and the Lean Infoview will report the exact minimal import list for the version of Mathlib you have installed. --------------------------------------------------------------- -/ The post Formally proving a calculation with Claude and Lean first appeared on John D. Cook .

This is a rant. It didn't start today, but I think I've reached the end of the line. The straw that broke the camel's back, so to say. I used an internal tool for the first time. I logged in and navigated through the web app, making some updates here and there. All was well. But then I made the mistake of wanting to go back to the initial dashboard. I clicked the back button, and instead of returning to the previous page, I saw Chrome's default tab page staring right back at me. How is it possible? I had navigated through at least a dozen pages, yet one back button click and the web app was completely gone. If you've ever experienced something similar, it's probably because you were using a single-page app. Nothing wrong with single-page apps, of course, but over the years I've concluded that people who only know how to build single-page apps don't know what a link is.

So let's start with examples of what a link isn't.

<div onclick="navigate('home')">Home</div> Not a link. It's a div with an onclick event handler. You can style it all you want, but it's not a link.

<button onclick="navigate('home')">Home</button> This may be a button, but it is not a link. With the advent of React, this has become so common. Because it's called a button, learners naturally gravitate toward it to link different pages. But there is worse.

<a onclick="navigate('home')">Home</a> This almost feels intentional. As if the developer is teasing me. Why would you use an anchor tag but then omit its most important attribute? Here is what a link is supposed to look like:

<a href="/home">Home</a> That's it. Simple. You don't have to add any configuration for the browser to support it. You don't even have to style it. All user agents have sensible default styling for the different states of a link: unvisited, visited, and active. It works well with browser history. On desktop, when you hover over it, you get a preview of the destination URL in the bottom-left corner of your screen. On mobile, you can press and hold to get several options on how to open it. You don't even have to worry about accessibility. It just works.

But when a developer is deep in their React app thinking about functionality, they might say, "When you click this button, go to the home page." They will naturally think of onClick as an event. And since it's a single-page app, they're thinking about state, not a page. They might write something like this:

import { navigate } from 'somewhere'; function Home() { return ( <div style={{ padding: '20px' }}> <h1>Home Page</h1>

<button onClick={() => navigate('/about')}> Go to About Page </button> <div onClick={() => navigate('/about')} style={{ cursor: 'pointer', marginTop: '10px', color: 'blue' }} > Click this text to navigate </div> </div> ); } export default Home; This is already bad enough. But depending on how the navigate function is implemented, it can make or break the entire browser history. In the internal tool I was using, navigate was essentially replacing the current URL with the new one using location.replace() .

You can avoid all of these issues by just using an anchor tag. If you need it to play nicely with your React app, React Router has a Link component.

import { Link } from 'react-router-dom'; function Navbar() { return ( <nav> <Link to="/home">Home</Link> </nav> ); } Please, just use a native link and you won't have to worry about anything else.

Golf content on social media is my online junk food and the other day I came across a video interviewing professional golfers that asks: “What does an amateur golfer have to shoot to be considered good?”

It’s a leading question because the phrasing implicitly frames a number as the answer for a qualitative measurement , but I digress.

All the pros give their answers. Some say you gotta shoot a number in 90’s. Others say the 80’s. Some even say the 70’s. Then along comes Collin Morikawa:

I don’t think there’s a number, but I think you have to be able to finish out every hole without, like, picking up a two-footer.

Love it! I don’t want to go too deep on a social media golf interview clip, but…

I love how he breaks out of the question’s implicit framing and really strikes at the heart of the qualitative question: “What does it mean to be good at golf?”

Being “good”, in his eyes, is not shooting a specific number. Numbers are standardized proxies for measurement across a wide variety of players, skill levels, and — to be quite frank — degrees of honesty. Anyone who has played golf knows that scores can be easily manipulated. On a casual outing amongst friends, my “82” may be very different than the “82” of the players in front of me — or even the players in my own group. It all depends on how you play the game.

So saying “if you can shoot number ___” is a very lossy picture of what it means to be “good” at golf — at least for amateurs.

That’s why I love Morikawa’s answer: if you finish every hole and don’t get a double bogey, you’re “good” at golf.

Because guess what? Finishing is the hard part. The consistency. Showing up to every hole, finishing out based on the actual rules of the game, not taking mulligans, not picking up a two-footer and saying “That’s good.” (Or even missing a two-footer and re-putting and giving yourself the make.)

Relieving yourself of the exacting burden of the reality of the game is the easy way to play, but it doesn’t make you a better golfer.

I think that’s true of so many things we do as humans: programming, design, writing, etc. If you want to be “good” at what you do, do the hard, little things that others gloss over. Do them consistently and well, with discipline and perseverance.

If you do, then I’d say you’re “good” at what you do because “good” isn’t a number. It’s quality. A disposition. A way of being.

Reply via:

Email · Mastodon ·

Bluesky

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.

A graphic created and shared by The Gentlemen ransomware group administrator Hastalamuerte on Breachforums in May 2026. Credit: ke-la.com.

Experts at the security firm Check Point Software have been closely covering exploits of The Gentlemen, a so-called “ransomware-as-a-service” (RaaS) offering that pays affiliates handsomely to help spread the group’s malware.

“A 90/10 affiliate revenue split — compared to the industry standard 80/20 — is accelerating the group’s growth by attracting experienced operators from competing programs,” the researchers wrote in April.

Check Point found The Gentlemen are the second most active ransomware group by victim count so far this year, claiming at least 332 published victims since the group’s inception in mid-2025 and more than 240 in 2026 alone.

According to Check Point, the group targets Internet-facing devices (VPNs, firewalls) as their entry point, and once inside moves quickly to encrypt entire networks within hours.

Check Point says the administrator and primary operator of the ransomware group uses the nickname Zeta88 on the Russian-language cybercrime forums, and that this individual was previously known under the moniker Hastalamuerte . Check Point noted that a breach of the group’s backend infrastructure made it clear that Hastalamuerte/Zeta88 is the person who assembles the locker and RaaS panel, manages payments, and is essentially the administrator of the entire program who receives 10 percent of all ransoms.

WHO IS HASTALAMUERTE?

The cyber intelligence firm Intel 471 shows that the user Hastalamuerte is a Russian and English speaking person who registered on almost a dozen cybercrime forums between 2019 and the present day, including Exploit, Breachforums, Ramp_V2, BHF, Raidforums , and Nulled .

Intel 471 reveals that Hastalamuerte registered on Breachforums in January 2025 from an Internet address in Izhevsk , the capital city of Russia’s Udmurt Republic. Likewise, the user Zeta88 signed up at the English-language cybercrime forum Breached in August 2022 from a different Internet address in Izhevsk.

Intel 471 finds Hastalamuerte registered on Raidforums in 2020 using the email address hastalamuerte1488@protonmail.com (1488 is a common combination of two numeric symbols associated with white supremacy ). A lookup on this address at the open source intelligence service Epieos shows it is connected to an account at Apple and to a phone number ending in 04 .

Epieos says that Protonmail address is also linked to a GitHub account under the username SantaMuerte . That account is marked private, but a history of this user’s activity shows they are watching and developing a number of malware tools and exploits.

In April 2020, Hastalamuerte said on the crime forum Nulled that they could be contacted at the Telegram instant messenger name @hastalamuerte18 , and the threat intelligence company Flashpoint finds this username is assigned the unique Telegram ID number 30907522 [full disclosure: Flashpoint is an advertiser on this blog].

The breach tracking service Constella Intelligence reports that Hastalamuerte’s Telegram ID is connected to another username — “ bu4vs ” — and to the Russian phone number 79127650004 . Pivoting on this phone number in Constella fetches multiple records from hacked Russian government databases showing it is assigned to one Alexander Andreevich Yapaev , a 36-year-old from Izhevsk.

Constella reveals that phone number was used to create an account at the Russian social media platform Pikabu under the name “ 4apai18 ,” and shows Mr. Yapaev has signed up at a number of websites using the common surname Ivanov , or else “Chapaev” (the numeral 4 is often used as shorthand for a “ch” sound in Russian).

A search in Intel 471 for cybercrime forum members with the nickname SantaMeurte unearths an account by the same name created in 2020 on the Russian hacking forum Codeby. Intel 471 shows this user originally registered on Codeby with the not-so-subtle nickname Alexandr 4apaev .

Constella finds Mr. Yapaev regularly used the email address bu4vs@mail.ru . Meanwhile, Epieos shows this address is connected to a LinkedIn account for Alexander Yapaev, who lists himself as the head of B2B marketing at the company Uralenergo Udmurtia , one of Russia’s largest suppliers of electrotechnical and lighting products.

Mr. Yapaev did not respond to multiple requests for comment.

Nearly every time we publish one of these Breadcrumbs stories , readers are curious to know why it seems like so many cybercriminals from Russia apparently do little to hide their real life identities. The truth is that — Russian or not — most didn’t exactly set out to be arch criminals, but instead got drawn into the scene gradually over several years as their skills broadened and sharpened.

Another important dynamic is that the Russian government generally either co-opts or ignores cybercriminal activity within its border so long as the hackers do not steal from or attack Russian businesses and citizens. As a result, successful cybercriminals in Russia are usually insulated from prosecution and arrest by foreign law enforcement agencies provided they occasionally pay off the right people and do not travel abroad. And cybercriminals who intend to strictly adhere to those unwritten rules may (at least initially) be less concerned about covering their tracks online.

But the simplest explanation is that cybercriminals of all nationalities tend to make a number of basic operational security mistakes early in their careers, when they are less savvy and have far less to lose by their carelessness. A review of Hastalamuerte’s early posts on the crime forums (circa 2019-2020) shows a relatively unsophisticated and low-skilled hacker still trying to learn the ropes and earn a positive reputation on these communities.

For example, in June 2020 Hastalamuerte’s Telegram account joined a multi-month training program (@pntst) to learn how to use popular penetration testing tools, and their candid posts to this hacker training camp show Hastalamuerte struggling to use these tools effectively. A Google-translated record of Hastalmuerte’s posts to @pntst is here .

A customer wanted to prevent the user from dragging an object into a specific region of their window. Their current implementation detects that the mouse is an in illegal location and uses Set­Cursor­Pos to move it to a nearby legal location. However, this creates flicker because the cursor actually does enter the illegal region and then jumps out.

Let’s illustrate this with our scratch program .

POINT g_pt; const RECT g_rcExclude = { 100, 100, 200, 200 };

RECT ItemRect(POINT pt) { return RECT{ pt.x - 10, pt.y - 10, pt.x + 10, pt.y + 10 }; } The g_pt variable holds the location of our object, and the g_rcExclude is the rectangle in which the object is forbidden. The ItemRect function produces a bounding rectangle for our object so we can draw something there.

void PaintContent(HWND hwnd, PAINTSTRUCT* pps) { FillRect(pps->hdc, &g_rcExclude, (HBRUSH)(COLOR_WINDOWTEXT + 1)); RECT rcItem = ItemRect(g_pt); FillRect(pps->hdc, &rcItem, (HBRUSH)(COLOR_APPWORKSPACE + 1)); } Painting our content is a straightforward matter of drawing the forbidden rectangle in the text color and drawing the object in the app workspace color.

void OnMouseMove(HWND hwnd, int x, int y, UINT keyFlags) { POINT ptNew = { x, y };

if (PtInRect(&g_rcExclude, ptNew)) { // Clamp to nearest legal position int leftMargin = ptNew.x - g_rcExclude.left; int topMargin = ptNew.y - g_rcExclude.top; int rightMargin = g_rcExclude.right - ptNew.x; int bottomMargin = g_rcExclude.bottom - ptNew.y;

int dx, dy; int x, y; if (leftMargin < rightMargin) { x = g_rcExclude.left; dx = leftMargin; } else { x = g_rcExclude.right; dx = rightMargin; } if (topMargin < bottomMargin) { y = g_rcExclude.top; dy = topMargin; } else { y = g_rcExclude.bottom; dy = bottomMargin; } if (dx < dy) { ptNew.x = x; } else { ptNew.y = y; } POINT ptScreen = ptNew; ClientToScreen(hwnd, &ptScreen); SetCursorPos(ptScreen.x, ptScreen.y); }

if (g_pt.x != ptNew.x || g_pt.y != ptNew.y) { RECT rcItem = ItemRect(g_pt); InvalidateRect(hwnd, &rcItem, TRUE); g_pt = ptNew; rcItem = ItemRect(g_pt); InvalidateRect(hwnd, &rcItem, TRUE); } }

// Add to WndProc

HANDLE_MSG(hwnd, WM_MOUSEMOVE, OnMouseMove); When the mouse moves, we take the mouse position and see if it is in the forbidden rectangle. If so, we update the coordinates to the nearest legal position and move the mouse there with Set­Cursor­Pos .

Whether or not we had to update the coordinates, if the result produces a new location, then invalidate the object’s old location (so it will be erased at the next paint cycle), update the object position, and then invalidate the object’s new position (so it will be drawn at the next paint cycle).

When you run this program, you can try to move the mouse into the forbidden rectangle, but the program will shove the mouse back out. However, it flickers a lot bcause the mouse briefly enters the forbidden rectangle before it is expelled from it.

The customer saw that there is a Clip­Cursor function to constrain the mouse to remain inside a rectangle, but is there an inverse version that forces the mouse to remain outside a rectangle?

There is no such function, but that’s okay.

What you can do when the mouse is in an illegal position is just pretend that it’s in a legal position. Let the user move the mouse into a illegal position, but show the feedback at the nearest legal position, and if they drop the object, let it drop at the nearest legal position.

In the above program, that means we remove the call to Set­Cursor­Pos .

void OnMouseMove(HWND hwnd, int x, int y, UINT keyFlags) { POINT ptNew = { x, y };

if (PtInRect(&g_rcExclude, ptNew)) { // Clamp to nearest legal position int leftMargin = ptNew.x - g_rcExclude.left; int topMargin = ptNew.y - g_rcExclude.top; int rightMargin = g_rcExclude.right - ptNew.x; int bottomMargin = g_rcExclude.bottom - ptNew.y;

int dx, dy; int x, y; if (leftMargin < rightMargin) { x = g_rcExclude.left; dx = leftMargin; } else { x = g_rcExclude.right; dx = rightMargin; } if (topMargin < bottomMargin) { y = g_rcExclude.top; dy = topMargin; } else { y = g_rcExclude.bottom; dy = bottomMargin; } if (dx < dy) { ptNew.x = x; } else { ptNew.y = y; } // POINT ptScreen = ptNew; // ClientToScreen(hwnd, &ptScreen); // SetCursorPos(ptScreen.x, ptScreen.y); }

if (g_pt.x != ptNew.x || g_pt.y != ptNew.y) { RECT rcItem = ItemRect(g_pt); InvalidateRect(hwnd, &rcItem, TRUE); g_pt = ptNew; rcItem = ItemRect(g_pt); InvalidateRect(hwnd, &rcItem, TRUE); } } This time, we don’t try to punish you for moving the mouse into the forbidden rectangle. But the object won’t follow the mouse into a forbidden region.

The post What’s the opposite of <CODE>Clip­Cursor</CODE> that lets me <I>exclude</I> the cursor from a region? appeared first on The Old New Thing .

This is valid JSON:

{ "a" : 1 , "b" : 2 , "c" : 3 }

This is invalid JSON:

{ "a" : 1 , "b" : 2 , "c" : 3 , }

The difference is the last comma. The JSON grammar specifies that a comma can separate two members of an object but not postcede ("trail") a member. I think this was a design mistake. Say we want to add two new keys to the struct, one before the "a" member and one after the "c" member. Here's what it would look like if trailing commas were permitted:

{ + "x": 0, "a": 1, "b": 2, "c": 3, + "y": 4, }

It's the exact same text transformation regardless of where we add the key. In the current model, we instead have this:

{ + "x": 0, "a": 1, "b": 2, - "c": 3 + "c": 3, + "y": 4 }

Those are different transformations! Similarly if you want to remove an element, you can't just delete the corresponding line 1 , you have to delete the line and then check that the last line doesn't have a trailing comma. Don't even get me started on all the special cases involved in swapping two lines.

JSON isn't the only language with this problem. Haskell writes record types like this:

-- from https://play.haskell.org/ data Drone = Drone { xPos :: Int , yPos :: Int , zPos :: Int }

This "partial bullet point" style of putting separators at the beginning of rows makes it easier to change the last row but harder to change the first one.

TLA+ has this problem too:

\* both valid VARIABLES a, b, c vars == <<a, b, c>>

\* both invalid VARIABLES a, b, c, vars == <<a, b, c,>>

This one's annoying because 1) you're constantly adding new top-level variables while working on a spec and 2) the PlusCal DSL does not have this problem:

\* Totally fine! (*--algorithm foo { variables a; b; c;

The worst offenders, IMO, are logic languages like Prolog. Not only don't you have trailing separators, you have a special terminating symbol :

foo ( A , B , C ) :- A = 1 , % comma B = 2 , % comma C = 3. % period!

I guess you can sort of think of it as funny-lookin' braces:

foo ( A , B , C ) :- A = 1 , B = 2 , C = 3 .

But this is not standard syntax and people will look at you weird if you try it. And you still don't get trailing separators.

Something better

Some languages allow trailing separators:

// go valid := map [ string ] int { "a" : 1 , "b" : 2 , "c" : 3 , }

# python valid = { "a" : 1 , "b" : 2 , "c" : 3 , }

But I think we can do one better than that. Python and Go commas can trail but not lead, meaning we can't go 100% bullet points:

# python again invalid = { , "a" : 1 , "b" : 2 , "c" : 3 }

Now I personally think that bullet points are the bee's knees and wish more languages allowed leading separators. TLA+ actually has leading conjunction and disjunction operations:

// Not TLA+ but the same semantics || && a == 1 && b == 2

|| && a == 3 && b == 4

You can't trail these, though, no writing (a &&) .

The most flexible I've seen is Alloy , which allows both leading and trailing commas:

// Alloy sig Valid { , a : 1 , b : 2 }

sig AlsoValid { a : 1 , b : 2 , }

Alloy does go a little power-mad here, because it also allows empty separators.

sig StillValid { ,, a : 1 ,, ,,,,,,,,, ,, b : 2 ,, }

I've heard some people call this "stuttering" . I can't figure out how to commit crimes with this but you never know.

Devil's advocate

One argument against trailing separators is that they make parsing ambiguous. Consider this Prolog:

foo ( A , B ) :- A = 1 , B = 2.

bar ( c ).

Here it's pretty clear that foo and bar are separate definitions. But if we replace the rule terminator with commas:

foo ( A , B ) :- A = 1 , B = 2 ,

bar ( c ),

Now it could be alternatively parsed that bar(c) is part of the definition of foo — foo is only true when bar(c) is also true.

As another example, this is valid Ruby :

# prints 5 puts 3 . succ () . succ ()

If we could "trail method calls", this is ambiguous:

foo . bar () . baz () .

quux ()

Now it's not clear if quux() is a top-level function or a method of foo .

Both of those relate to control separators, not data separators. Python has an edge data case with trailing data separators. The language uses parenthesis both for expression grouping like (2+3) and for tuple definition like (2,3) . So how do you distinguish an expression evaluation from a single-element tuple? With a trailing comma!

>>> x = (2+3) >>> type(x) <class 'int'> >>> x = (2+3,) >>> type(x) <class 'tuple'>

Okay that's all I got. New (and final) preview release of Logic for Programmers next week.

• Obvs this doesn't work if your object values are themselves multiline arrays or objects, but those make the "no trailing comma" transformations even more complicated.  ↩

Ooooh! This is a lovely treat of a book. Every time Lauren sends her husband into the loft, a different man comes down. Her past is rewritten and she has now been married to Dave/Gary/Bob/Whoever for a year, a month, a decade, a minute.

This isn't like how Groundhog Day became On The Calculation of Volume or Sliding Doors became The Names , instead this is a new and twisty concept rendered through the lens of a chick-lit comedy.

It's proper laugh-aloud funny, while playing with all the clichés of both sci-fi and romcoms.

The thing I liked most is that Lauren is an active and intelligent protagonist unlike, say, Carol Sturka from Pluribus. Sturka never engages with the premise of her odd situation, she doesn't try to discover the rules of the world she's living in and is content to let things happen to her. Lauren spends a good deal of time at least trying to get to grips with the (un)reality of her husband-dispensing portal. I found that made for a rather gratifying story and didn't leave me shouting at the pages "JUST TRY SOMETHING!"

It's also refreshing to follow the adventures of a (slight) antihero. Lauren mostly knows when she is being monstrous. She flings between feminism and self-directed misogyny - with a smattering of misandry. Her discrimination against those of us men who wear socks with individual toes is, of course, an unforgivable sin.

The pacing is excellent - with an perfectly timed plot twist just as things are settling down. The afterword talks briefly about the multiple possible endings that were considered. I'd love to know what ideas were rejected although, in retrospect, there's only one narratively satisfying conclusion.

I read a lot of science fiction - probably more than is healthy - and The Husbands is a welcome addition to my shelf. The practicalities of the plot-device are as unimportant as how Warp Drive works; science fiction is about exploring the possibilities of a fantastical situation. If you could instantly swap your spouse because they lost the TV remote again - would you? In a world of no consequences, what would you get away with? If you discovered a break in reality, what would you try in order to exploit or understand it?

The Husbands gets fairly dark. Never grim, exactly, but it gnaws away at the cosiness proffered by domestic bliss. Although Lauren can be a bit of a bitch, the story just about strays away from making her morally repugnant. An exemplary piece of storytelling.

1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine happening in the background so that the stuff you see in the foreground can all work. And then there are those "other things" I had to deal with along the way, but more of that in this week's video. Thanks to everyone who has stuck around to see this thing reach such a milestone 🙏

If Claude Fable stops helping you, you'll never know

Jonathon Ready highlights one of the more eyebrow-raising details from the 319 page system card for Fable 5 and Mythos 5. Here's a longer excerpt, highlights mine:

In light of the ability of recent models to accelerate their own development , we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training infrastructure, or ML accelerator design ). Using Claude to develop competing models already violates our Terms of Service , but enforcing this restriction through our safeguards avoids accelerating the actors most willing to violate these terms.

Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user . Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT). These interventions will not affect the vast majority of coding work. We estimate they will impact ~0.03% of traffic, concentrated in fewer than 0.1% of organizations.

I believe this is the first time Anthropic have announced these kinds of silent interventions. The justification still feels pretty science-fiction to me - the linked article talks about "recursive self-improvement". I'm not at all keen on a model that silently corrupts its replies to questions about "ML accelerator design" purely to slow down research that might conflict with Anthropic's own goals!

Via Hacker News

Tags: ai , generative-ai , llms , anthropic , claude , ai-ethics , claude-mythos

I have been a staunch supporter of Open Source for a long time, including experiments in funding it . I’m a true believer in the idea that Open Source always wins in the long run, but not automatically and not quickly. Right now it is being stressed by AI slop, shifting contributor dynamics, the falling cost of producing code, and large companies learning to close doors behind them.

A lot of that battle today is manipulation of the narrative. Opinion makers on social media and in business circles increasingly frame access as irresponsibility. That is why the EU’s DMA matters, even if many people (including myself) reflexively hate EU regulation. Apple’s fight over delayed AI features in Europe is not about Brussels being annoying: it is about whether users can access their own devices and data. The phone is yours, the data is yours, yet Apple decides who may reach it and takes the agency away from you and then tries to make that sound like it is in your interest (supposedly it’s for your safety and security).

The closer you get to the core of AI, the more this shows up. Anthropic has every financial incentive to restrict what people can do with Mythos and Fable , and they wrap those restrictions in safety and (national) security language. Some restrictions may be defensible, but not all of them are. They trained their models on public works, then block Open Source attempts to learn from and distill these systems.

Disliking the EU, China, or any other large government should not make us forget that true democratized access to technology including AI is in all our interest. Some temporary product pain, including delayed Apple AI features, will be worth paying if it keeps gates open. We should not let companies own the narrative that preventing access is in our interest, particularly not as Europeans where the odds are already stacked against us by our underdeveloped capital markets, brain drain and internal fighting.

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available.

The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang , senior staff research engineer at Tenable .

“Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.”

June’s zero-day bugs include CVE-2026-49160 , a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex.

Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse , the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborative Translation Framework, the same framework patched today in CVE-2026-45586 .

Nightmare Eclipse also last month released “YellowKey,” an exploit for a Windows BitLocker vulnerability that allows an attacker with physical access to view encrypted data, and CVE-2026-50507 is a patch for an elevation of privilege bug in BitLocker.

Microsoft received heavily blowback on social media last month after it said in a blog post that it was considering taking legal action against the security researcher. The company later clarified on Twitter/X that while it has no intention of pursuing legal actions against researchers, it would report them to authorities if they break the law. The advisories for CVE-2026-49160 and CVE-2026-50507 do not credit any researchers in the acknowledgement section, saying only that “Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.”

Nightmare Eclipse claims to be a former employee of Microsoft, although Microsoft has not responded to questions about this claim. Rapid7 notes that a recent blog post by Nightmare Eclipse included an image of Albert Vesker, a character from the Resident Evil video game series who formerly worked as a researcher for a technology company before going rogue.

Nightmare Eclipse has pledged to release even more zero-day exploits for Windows in what they called a “bone shattering” drop planned for July 14 (the same day as next month’s Patch Tuesday). Immediately following the release of Microsoft patches today, the researcher published an exploit for what they claimed was a zero-day bug in Windows Defender.

While 200 vulnerabilities may be a record for Patch Tuesday, the actual number of security flaws Microsoft addressed this month is far higher, said Rapid7’s Adam Barnett .

“So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years,” Barnett wrote. “As usual, browser [flaws] are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide.”

Microsoft also patched a zero-day vulnerability in Visual Studio Code that allows attackers to steal GitHub tokens with a single click. The company was forced to push a stopgap fix for the flaw on June 3, after a researcher published instructions showing how to exploit it. The researcher said they opted not to work with Microsoft because of a recent experience wherein Redmond silently patched a flaw they reported without offering credit or recognition.

Microsoft battled its own internal zero-day emergencies last week, after at least 72 of the company’s public code repositories were infected with a variant of the Shai-Hulud worm . Researchers found that all of the affected packages were connected to Microsoft official Azure Durable Task SDK, which got hit by the same Shai-Hulud worm in May.

Other major software makers are also shipping outsized update bundles this month. Adobe has released updates to fix a massive number of critical vulnerabilities across a range of products , including Adobe Experience Manager , Acrobat Reader and Cold Fusion . On June 3, Google resolved a whopping 429 vulnerabilities in its latest Chrome browser update (Chrome automatically downloads updates but installing them usually requires a complete restart of the browser).

As ever, please consider backing up your data before applying operating system updates, and drop a note in the comments if you run into any problems with this month’s patches.

Further reading:

Microsoft’s Security Update Guide

Action1’s Patch Tuesday breakdown

SANS Internet Storm Center notes on Patch Tuesday

Rishi Ó:

My favorite Apple updates are not the flashy new features, but the quiet little touches: annoyances fixed, workflows made smoother, rough edges sanded down, and longstanding flaws thoughtfully reworked. To me, they’re the clearest sign of a company that cares about its craft.

Here’s a collection from a WWDC26 screen-grab, organized for easier reading, on improvements coming later this year.

That’s a lot of bullet points.

★

• •

photo cred: my dad Here’s a story from 30 years ago that would make no sense today. It’s 1992. Pearl Jam’s debut album Ten is selling well. But then MTV puts the music video for their song “Jeremy” in heavy rotation, and the band rockets into superstardom—shows suddenly sold out, fans smashing record store windows, the whole shebang. That’s familiar enough, but what happens next is not. Pearl Jam responds to this hullabaloo by refusing to make music videos for the next five years . They decline photoshoots and interviews. When their producer tells them that their song “Better Man” is a surefire hit, they cut it from their second album . 1 Nevertheless, that album sells nearly a million copies in its first week, setting a record. Then it sells six million more, staying at #1 on the Billboard chart for over a month. They say that the past is a foreign country , and reading a Pearl Jam profile from the early 90s, it certainly feels that way. The writer takes for granted that fame is inherently bad. And not just because fans might, say, break into your backstage dressing room and steal your notebooks—which they did—but also because commercial success and artistic integrity are so obviously at odds with one another. Kurt Cobain had mocked the band for catering to the mainstream, and the criticism clearly stung. It was understood that being popular was somehow, paradoxically, uncool , and that Pearl Jam owed everyone assurances that they hadn’t gotten too big for their britches. I am just barely old enough to remember this era, when “selling out” was a bad thing you did with your career, rather than a good thing you do with your stadium tour. Blank Space: A Cultural History of the 21st Century , the book where I first read this story about Pearl Jam, quotes the 90s chronicler Chuck Klosterman: “the concept of ‘selling out’ [...] is the single most nineties aspect of the nineties”. I gained consciousness at about the time that Backstreet Boys, NSYNC, and the Spice Girls gained worldwide fame, and I understood that it was hip to hate them. 2 This didn’t stop them from selling millions of records, of course. But there was a sizable sector of society that refused to join in, a clutch of (sometimes snobby) purists who were ready to turn on anyone who got too big or too rich. As the music writer points out, around this time, a rock band could lose permanently lose their street cred for appearing in a Miller commercial . That feeling part of a larger anti-consumerist vibe percolating through culture at the time. This was the era of Super Size Me and the anti-World Trade Organization protests that came to be known as the Battle of Seattle . My parents furnished me with copies of Eric Schlosser’s Fast Food Nation and Naomi Klein’s anti-capitalist manifesto No Logo . 3 My English teacher made the whole class read anti-consumerist YA novels like Feed and The Gospel According to Larry . I got so caught up in the fervor that I almost showed up to a school dance with a handmade sign that said “I AM PROTESTING CONSUMERISM”. I chickened out at the last second, but clearly there was some potent zeitgeist going on if a 13-year-old was about to stake their reputation on, I guess, not buying stuff? Fast forward to today, and that zeitgeist is long gone. Meghan Thee Stallion is a Popeyes franchisee , Drake would like you to try online gambling , and Maroon 5 is covering Bob Marley’s “Three Little Birds” as a tribute to Hyundai . 4 Shortly after she charted her first hit, the rapper Ice Spice was partnering with Ben Affleck and Dunkin’ Donuts on an Ice Spice Munchkins Drink . 5 We’ve got punk icon Iggy Pop selling insurance and Bob Dylan appearing in a Victoria’s Secret commercial . 6 Lollapalooza once featured alt rock and heavy metal; these days, you can catch a set by DJ D-Sol, better known as David Solomon, the CEO of Goldman Sachs . And if you love Lady Gaga’s album Chromatica and the associated HBO special Gaga Chromatica Ball , then don’t miss these limited edition Lady Gaga Chromatica -themed Oreos ! • •

Hyper-commercialism is nothing new, in music or anywhere else. (See, for instance, the band KISS’ officially licensed Kiss Kasket ). People who bemoan our era of “late capitalism” rarely realize that phrase is 100 years old . The only thing that’s unprecedented about these craven cash-ins is how well they seem to be working . Selling out no longer carries a stigma—if anything, fans are excited for tie-ins between their favorite bands and their favorite brands, no matter how shameless. The Chromatica Oreos reportedly flew off the shelves, earning a thumbs-up even from the Washington Post ’s food critic . Some people complained about the texture and the color, or how it was simply a re-release of the much-hated “golden” Oreo , but they did not complain that it is cringe, perhaps even depraved, for a musician to collaborate with an international food conglomerate to stick her name on a million mass-produced sandwich cookies. And if that doesn’t send Kurt Cobain spinning in his grave, wait until he finds out that Gen Z thinks Nirvana is a clothing brand . ONCE YOU POP, YOU CAN’T STOP How did the punk ethos die? W. David Marx, the author of Blank Space , has a theory that I think is correct, but incomplete. He blames an ideology called poptimism : the idea that popular art (and especially pop music) is just as meritorious as any other kind of art. Poptimism was meant to be a reaction to rockism 7 , a strain of cultural snobbery that insisted rock ‘n’ roll was the only authentic form of art—if it ain’t a white guy with a guitar, it ain’t real music! Both sides of that debate might sound stupid now, but the poptimist critique made sense back when people were flocking to baseball stadiums to blow up piles of disco records : • •

These folks could use a dose of poptimism ( source ) Unfortunately, Marx says, the critics took poptimism too far, and they brought the discourse with them. They embraced pop music not only because they had suddenly discovered the musical genius of Britney Spears, but also because they realized the political winds had changed. In the words of one music writer, poptimism was “ a kind of penance, atoning for past rockist misdeeds ”. Saying that some art is better than other art started sounding too much like saying that some people are better than other people. And once you’re unwilling to judge art for its artistry, you’re stuck judging it by its popularity. I don’t doubt Marx’s thesis that culture writers abandoned their posts, but I do doubt that this was enough to kill the anti-consumerist vibe on its own. Something even bigger was happening at the same time: while the critics were changing their tune, they were also getting tuned out. The internet decapitated art criticism, elevating the YouTube commenter to the same level as the Pitchfork editor. And although there are plenty of problems with professional tastemakers—they can be condescending and exclusionary, they can have their heads up their butts, etc.—they are at least, in theory, concerned with separating art from schlock. Casual consumers have no such hangups. They don’t care whether every pop song they listen to is written by the same middle-aged Swedish guy ; they just want their eardrums vibrated, their retinas tickled, and their pleasure centers stimulated. And so, the more you cater to the consumer over the connoisseur, the more you’re going to be serving up slop. The internet makes this possible; competition makes it irresistible. Together, the decline of art criticism and the ascent of art populism can explain how corny, lowest-common-denominator kitsch went from being a guilty pleasure to simply being a pleasure . The line separating art and entertainment went undefended, and then it was washed away by a tsunami of swill. However, that doesn’t explain why we became so tolerant of shameless greed and self-promotion. As we lost the ability to distinguish between Joni Mitchell and Celine Dion, why did we also lose the ability to distinguish between a single and a jingle? Listening to Lady Gaga is one thing, but where did we acquire our appetite for her Oreos? The answer to that is, I think, the Great Switcheroo. DOWN WITH THE RICH, UP WITH THE FAMOUS In every country on Earth, poor people outnumber rich people. Many of those countries are ostensibly democratic. This leaves us with a puzzle: why don’t the poor people vote to take all the money away from the rich people and redistribute it amongst themselves? John Steinbeck’s famous explanation was that, in the United States at least, poor people see themselves as “temporarily embarrassed millionaires”. 8 You don’t want to outlaw affluence if you might have some for yourself one day. That wasn’t a crazy thing to think when Steinbeck was writing in the 1930s, as some of the richest men in America had come from modest means—Rockefeller, Carnegie, Ford, Edison, Hershey, and Chrysler. If fortunes are popping into existence all the time, it may seem like the wealthy are a group to be joined rather than beaten. The average American is not feeling so upwardly mobile these days, and so people aren’t as sanguine about the super-rich as they might have once been. When YouGov surveyed Americans about their opinions of 40 different rich people, not a single one of them was liked by more than 50% of the population. (For instance, 90% of respondents know who Jeff Bezos is, but only 19% approve of him). An increasing number of people—and especially young people—say that billionaires are a bad thing for the country: • •

As the public has soured on the rich, however, they seem to have sweetened on the famous. In similar YouGov polls , celebrities do extraordinarily well compared to billionaires. Lady Gaga, for instance, has 97% recognition and 61% approval. Samuel L. Jackson: 96% recognition, 81% approval. Even Paris Hilton’s 40% approval rate is better than every single rich person except Warren Buffet (he’s at 41%). 9 Not bad for someone who once described her life’s mission as, “I want to be famous. [...] And I want to monetize that, like a lot .” 10 This Great Switcheroo happened, I think, because as it got harder to become rich, it got easier to become famous. It’s hard to remember now, but going viral on the internet was once a bad thing. Back in 2002, when Star Wars Kid got famous for pretending to be Darth Maul in a home video, he got death threats, not brand deals. His classmates bullied him so badly that his family sued them; meanwhile, his school asked him not to come back . The “Numa Numa” Kid was originally “distraught” and “embarrassed” by his fame (he later tried to capitalize on it, mostly unsuccessfully). Afro Ninja, a Black stunt performer whose disastrous audition tape went viral, said of his unexpected notoriety, “If I had a choice to do it all over again [...] I would pass”. Once the attention economy built out its financial infrastructure, however, overnight fame suddenly went from painful to profitable. The YouTube Partner Program ( 2007 ), Stripe ( 2010 ), and Patreon ( 2013 ) all made it easier to turn eyeballs into dollars. The first wave of internet celebrities peaked too early to cash in, but subsequent waves became icons rather than pariahs. Just as the Americans who lived through the Gilded Age watched industrial moguls build business empires, we watched tweens become millionaires in their bedrooms. They got Andrew Carnegie; we got Mr. Beast. 11 As a result, the attention economy is the one corner of the overall economy where people are still feeling upwardly mobile. 57% of Gen Z (and 41% of older adults!) say they would like to be influencers. And why not? You are not going to escape the underclass by driving an Uber or dusting the server racks at a data center, but you might be able to do it by posting mukbang videos . I think this is why we now tolerate such blatant greed among famous people: we think we have a chance of becoming one of them. We once saw ourselves as temporarily embarrassed millionaires; now we see ourselves as temporarily unknown celebrities. (Of course, the celebrities we look up to are also millionaires, but their riches are incidental to their fame, rather than the other way around.) It doesn’t matter whether you’re actually trying to become TikTok famous. The fact that there is a path between us and the stars—however tenuous, however unlikely to be trod—makes it feel like they are, somehow, just like us. You and I could never be Jeff Bezos, Bill Gates, or Sam Altman, and so they seem distant and despicable. But some part of us believes that we could be Billie Eilish, Ed Sheeran, or Taylor Swift, and so we exempt them from the noblesse oblige that we used to demand of the aristocracy. In fact, while most of us feel like billionaires owe us something (see: the California Billionaire Tax , heading to ballots this fall), many people apparently feel like they owe something to their favored celebrities. Millions of people have joined the ranks of fan clubs like the Rihanna Navy, the BTS Army, Ariana Grande’s Arianators 12 , Justin Bieber’s Beliebers, Beyoncé’s Beyhive, and so on. The paramilitary-esque branding of these groups is not accidental. These are the folks writing guides on how to inflate BTS’s streaming statistics, issuing death threats to a music writer who dared to give Taylor Swift an 8.0/10, and enlisting themselves as copyright police when an Ariana Grande album leaked early, hunting down and flagging links to the pirated music so it wouldn’t hurt her advance sales. As the author of that BTS guide put it in an interview with The New York Times , promoting her favorite band feels like “we are also promoting our own voices, our own struggles, our own hope for a better world.” This has got to be the greatest marketing coup in history: convincing fans that they are “promoting their own voices” while they are helpin

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

Quick aside: My sister has a Bear blog called Notes on Making where she writes about knitting, wool dying, pattern design, and shows off what she's created. If you're into wool and crafting, take a look. It's really cool!

I'm currently reading What I talk about when I talk about running by Haruki Murakami (thanks for the recommendation, Rishi) and a line stuck out to me:

Perhaps I'm just too painstaking a type of person, but I can't grasp much of anything without putting down my thoughts in writing.

This line resonated with me because I've also found that the best way for me to understand a concept or idea is for me to write about it. Reading only gets me so far. The act of articulating what is stored in my brain into something legible and understandable is thinking and understanding.

I worry about the education system, which has had the entire concept of writing as a form of study upended by AI, and universities have seen their first decline in literacy and comprehension ever recorded. But this isn't what this post is about, this post is about remembering things.

I have often received complements from friends and strangers alike on how good my memory is. This tends to be complimenting what is generally considered a static attribute, since most people think of memory as being an immutable characteristic of a person. I can say with certainty that this isn't the case. The reason I remember things and confidently convey them is usually because I've written about them at some point.

This isn't relegated to ideas and concepts, but events in my own life, since I keep a daily journal and have for over a decade now. I've written more about this here , here , and here .

There's a study with the mouthful of a title Retrieval Practice Produces More Learning than Elaborative Studying with Concept Mapping by Karpike and Blunt (2011) that I read this morning where they had college students read short educational texts, then study them in different ways: rereading, building concept maps while looking at the text, and free recall (reading once, then writing down everything they could remember on a blank page without looking at the source material). On a delayed test about a week later they found that free recall produced better information retention than rereading or creating a concept map.

There's an extra detail emphasised that's the real kicker: in one version of the experiment, the final test itself was to produce a concept map — yet the students who had studied by free recall still outperformed the ones who had studied by making concept maps. So even when the practice method (free recall) didn't match the test format (concept mapping), the act of retrieving from memory beat the more elaborate, intuitively "deeper" study technique.

I realise that, inadvertently, this is exactly what I've been doing the entire time with my blog, notes, and journal. The reason I can recall information so well is because I have read, watched, experienced, or discussed a concept or idea, then wrote about it on my blog, or in my notes or journal. I was practising free-recall this whole time and managed to trick people around me into thinking I'm just unnaturally good at remembering things.

This concept isn't new. The process of studying has historically always involved some form of note-taking and active recall. I wasn't a good student (at all) and never learnt how to study. The structure of school (and government school in South Africa, no less) was not set up in a way that allowed knowledge to stick. I feel like one minor tweak to the school system should be a course dedicated to how to study and effective note-taking. It's a pity I didn't have these skills in school because it would have made it a lot more pleasant. There's nothing quite as frustrating as having to learn something and despite many late nights studying, it refusing to lodge itself in my brain.

To come full circle, there's nothing particularly special about the way that I take notes, write, or journal. It is the act of doing it which is important. I tend to journal about my yesterday each morning before getting into work. As for notes, whenever there's something interesting I'd like to remember I write it in my notes.txt file, which is a large file full or random scribbles. As for writing on my blog, I don't have a schedule or explicit plan, I just write when there's something I've been thinking about that I believe is interesting.

The interesting part is that I don't really read my notes or journal. The act of writing is the important bit.

In a nutshell: I write for you all, but I guess I also write for me.

I learned from a long-retired Microsoft employee about a Company Party that took place around 1984 or so. The company was small enough that a single party could fit the entire company, but not so small that everybody knew everybody else, so each guest was issued a name tag.

During the evening, an unofficial game arose in which people started exchanging their name tags with others whom they met. It also served as a fun little conversation starter: If you swapped name tags with someone and ended up with the tag for somebody you didn’t know, it wasn’t hard to find a mutual acquaintance who could track them down and introduce you.

At one point, the employee who was retelling the story was in a group talking with Bill Gates, who was among the few attendees still wearing their original name tags. Bill spotted that one of the other people in the group had a “ Gary Kildall ” name tag. I don’t know whether Gary Kildall was actually invited to the party, or that somebody just created a Gary Kildall name tag as a joke. But Bill saw the “Gary Kildall” name tag and eagerly swapped his name tag for it.

The post The Microsoft Company Party where everybody played name tag swap appeared first on The Old New Thing .

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• Naomi Kritzer's "Obstetrix" : When forced birth cultists become forced obstetrics militants.

• Hey look at this : Delights to delectate.

• Object permanence : DD-WRT; iTunes DRM is illegal; Fingertip magnet; Sony passwords v Gawker passwords; RIAA recants on 3 strikes; Parachute wedding dress; Roald Dahl (jerk); "Level Up"; The rent's too damned high; RIAA v "Search by artist"; "Robopocalypse"; You are not a wallet; The man who created the religious right; NY x voting; NY x antitrust; Media companies fund Heritage Minister's campaign; Richard Dreyfuss x iTunes EULA; 3-way street; RIAA lawyer becomes Solicitor General; Brock Allen's wrist-slap; Ad-tech interop; Apple's manorial security; Billionaires aren't taxed, "Rabbits."

• Upcoming appearances : Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

Naomi Kritzer's "Obstetrix" ( permalink )

Naomi Kritzer's Obstetrix is a new, tense thriller in the mode of Atwood's Handmaid's Tale and Alderman's The Power ; it's a beautifully turned, claustrophobic horror novel about an obstetrician who's been kidnapped by a Christian cult obsessed with fertility:

https://us.macmillan.com/books/9781250423375/obstetrix/

Kritzer is a master of building scenarios that require her characters to express and resolve a wide variety of complex and contradictory emotions. Her breakout novel, Catfishing on CatNet is a charming and deceptively goofy story about an AI trained on the impeccable vibes in a really solid groupchat becoming sentient and demanding…cat pictures. This is the setup for a warm (but intense) novel of internet-mediated friendship and IRL mutual aid:

https://memex.craphound.com/2019/11/19/naomi-kritzers-catfishing-on-the-catnet-an-ai-caper-about-the-true-nature-of-online-friendship/

Then there's her incredibly prescient 2015 story "So Much Cooking," about people in lockdown during a pandemic. For obvious reasons, it enjoyed an revival in 2020, with Kritzer penning an excellent essay reflecting on what it means to have thought through the implications of a disaster that is now upon us:

https://reactormag.com/didnt-i-write-this-story-already-when-your-fictional-pandemic-becomes-reality/

In 2023, Kritzer published one of the most memorable YA novels I've read, Liberty's Daughter , which is set on a libertarian seastead and told from the point of view of the daughter of the cult's founder:

https://pluralistic.net/2023/11/21/podkaynes-dad-was-a-dick/#age-of-consent

Liberty's Daughter is basically what you'd get if you rewrote a Heinlein YA novel from the perspective of one of the kids, who had to live with a Heinlein-type dad (Heinlein was childless and had some of the most batshit child-rearing ideas, which he managed to make sound bizarrely plausible). There's a lot of sf that is "in dialogue" with Heinlein (including some of mine), but no one nailed RAH like Kritzer.

Then there's Obstetrix ; it's got one of those admirably propulsive setups. Doctor Elizabeth Gwynn is an obstetrician who performed an abortion to save her patient's life, only to be dragged into the culture wars by North Dakota's crusading attorney general, who charged her with felony murder and offered to let her plead out if she would admit that she was wrong to do it, as an example to other OBs who might be tempted. Now, Dr Liz lives in Minneapolis, where her savings are running out and no one wants to hire an obstetrician who's done time.

Then, Dr Liz gets a cold-call from a midwifing service that wants to hire her as an on-call doc. It's a weird offer from out of the blue, but Dr Liz can't afford to pass up a chance at steady work. She finds herself in a residence that the midwives work out of, and the nice woman there offers her a cup of tea. That's when the world fades to black, as the drugs in the tea take hold.

Liz sporadically regains consciousness in a van during a multi-day drive, and already she is thinking about her escape – even as she is becoming increasingly aware of how truly terrible her situation is. When she finally arrives at the cult's remote compound, frozen and isolated, she learns that she has been kidnapped because the fertility-obsessed cult needs an OB, especially since the daughter of the cult's founder, the "pastor," is carrying a high-risk pregnancy.

All that is in the first few pages, which leaves plenty of room for an expertly spun second act in which we get Kritzer's trademark interpersonal work, where carefully chosen and smartly wrought small details flesh out a picture of the complex dynamics of life inside a "high-demand" cult, from the way that members are manipulated into policing each other's compliance to the internal processes that keep members cowed even when they're unobserved by others. It's a brilliant work of sociological speculation and the engine that drives it is a series of maneuvers and gambits whereby Dr Liz hopes to make her way to safety.

I won't spoil the end, except to say that it is exciting, satisfying, and has a sweet denouement that does real justice to the whole book. All told, this is a read-in-one-sitting thriller that does as much to illuminate the workings and dynamics of patriarchy and religion as any gender studies class. It's peak Kritzer (so far), and that's saying something.

Hey look at this ( permalink )

• The mayor of Shelbyville, Indiana, says only people who live in ‘shitty houses’ oppose data center https://www.theverge.com/ai-artificial-intelligence/944984/shelbyville-indiana-mayor-shitty-houses-data-center

• Last Idea Factory https://starlogic.itch.io/last-idea-factory

• ‘Her silence was more powerful than words’: how I interviewed a Facebook whistleblower who wasn’t allowed to speak https://www.thenerve.news/p/carole-cadwalladr-sarah-wynn-williams-tim-wu-hay-festival-careless-people-gagging

• She won a religious exemption from using AI at work. The Pope's remarks could fuel similar appeals. https://www.businessinsider.com/worker-got-religious-exemption-using-ai-at-work-2026-6

Object permanence ( permalink )

#20yrsago HOWTO turn a $60 Linksys router into a $600 super-router https://web.archive.org/web/20060610003137/http://assets.lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php

#20yrsago Dictionary of the Vulgar Tongue: 1811 slang dictionary https://www.gutenberg.org/ebooks/5402

#20yrsago Ex-RIAA head Hilary Rosen rethinks lawsuits and DRM https://web.archive.org/web/20060609030533/https://www.p2pnet.net/story/8979

#20yrsago Norwegian ombudsman says Apple’s iTunes DRM is illegal https://web.archive.org/web/20060611194556/http://forbrukerportalen.no/Artikler/2006/1149587055.44

#20yrsago Implanting a magnet in your fingertip adds a sixth sense https://web.archive.org/web/20060613072724/https://www.wired.com/news/technology/0,71087-0.html?tw=rss.index

#20yrsago Recording industry: Search-by-artist is “too interactive” http://news.bbc.co.uk/1/hi/entertainment/5055744.stm

#20yrsago US branch of “Pirate Party” launches https://web.archive.org/web/20060613041144/http://www.pirate-party.us/

#20yrsago Pranksters give fake McDonald’s anti-global-warming presentation https://web.archive.org/web/20060614011522/http://www.gamasutra.com/php-bin/news_index.php?story=9621

#20yrsago Can. Heritage Minister’s election was funded by entertainment co’s https://web.archive.org/web/20060612224646/https://www.michaelgeist.ca/component/option,com_content/task,view/id,1289/Itemid,85/nsub,/

#20yrsago High-def DRM licenses cost $15k https://web.archive.org/web/20060612202129/https://www.theinquirer.net/?article=32273

#15yrsago Richard Dreyfuss reads the iTunes EULA https://web.archive.org/web/20110611012317/http://www.cnet.com/8301-30976_1-20068778-10348864.html

#15yrsago Top universities a ‘breeding ground’ for Tories, warn Islamic groups https://newsthump.com/2011/06/07/top-universities-a-breeding-ground-for-tories-warn-islamic-groups/

#15yrsago 3-Way Street: visualization of the uneasy dance of pedestrians, bikes and cars at a busy intersection https://web.archive.org/web/20110610123449/http://blog.ronconcocacola.com/2011/06/02/nyc-goes-three-ways.aspx

#15yrsago Copyright extremist RIAA lawyer confirmed as America’s Solicitor General https://web.archive.org/web/20110610134934/http://www.wired.com/threatlevel/2011/06/senate-confirms-verrilli/

#15yrsago Scot-free millionaire playboy’s lawyer was judge’s depute campaign treasurer https://web.archive.org/web/20110610123824/http://articles.sun-sentinel.com/2011-06-06/news/fl-levin-sentence-mayocol-b060711-20110606_1_house-arrest-dui-manslaughter-case-kenneth-watkinson

#15yrsago Bubble-in forms betray individual, traceable “handwriting” https://web.archive.org/web/20110609164727/http://www.freedom-to-tinker.com/blog/wclarkso/new-research-result-bubble-forms-not-so-anonymous

#15yrsago Inbox Influence: plugin reveals corporate money behind the emails in your inbox https://web.archive.org/web/20110816105954/https://inbox.influenceexplorer.com/

#15yrsago Macedonia erupts after young man beaten to death by special police in public square https://web.archive.org/web/20110610132108/http://www.a1.com.mk/vesti/default.aspx?VestID=139049

#15yrsago Robopocalypse: rigorous, terrifying novel about a robotic campaign to exterminate humanity https://memex.craphound.com/2011/06/07/robopocalypse-rigorous-terrifying-novel-about-a-robotic-campaign-to-exterminate-humanity/

#15yrsago Using clickfraud on Google ads to amass shares of Google https://gwei.org/index.php

#15yrsago Comparative analysis of leaked Sony and Gawker passwords https://www.troyhunt.com/brief-sony-password-analysis/

#15yrsago China’s Politburo warns Google not to be “political” https://web.archive.org/web/20110610165205/http://www.transparencyrevolution.com/2011/06/china-warns-google-not-to-be-evil/

#15yrsago Guerrilla camper re-opens shuttered Michigan public campsite https://web.archive.org/web/20110609184456/http://www.miningjournal.net/page/content.detail/id/563100/Campground-closed-in-2009-illegally-reopened.html?nav=5006

#15yrsago Record industry lobby says it no longer supports 3-strikes copyright termination laws https://torrentfreak.com/recording-industry-steps-back-from-piracy-disconnections-110606/

#15yrsago Death threats for Aussie climate scientists https://www.theguardian.com/environment/2011/jun/06/australia-climate-scientists-death-threats

#15yrsago Wedding-dress made from life-saving parachute https://www.si.edu/collections/snapshot/parachute-wedding-dress

#15yrsago Level Up: Gene Yang’s comic about destiny, games, and filial piety https://memex.craphound.com/2011/06/06/level-up-gene-yangs-comic-about-destiny-games-and-filial-piety/

#15yrago Roald Dahl: Jerk https://web.archive.org/web/20110602195454/http://thisrecording.com/today/2011/6/1/in-which-we-consider-the-macabre-unpleasantness-of-roald-dah.html

#15yrsago Rotting Gulliver’s Travels themepark in Japan https://web.archive.org/web/20110609235431/http://www.sleepycity.net/posts/40/Gullivers_Kingdom__Sea_of_Trees

#15yrsago Ticketed for being childless and eating doughnuts in a playground https://gothamist.com/food/two-women-ticketed-for-eating-doughnuts-in-a-brooklyn-playground

#15yrsago Internet Archive becomes archive of physical books, too https://blog.archive.org/2011/06/06/why-preserve-books-the-new-physical-archive-of-the-internet-archive/

#10yrsago Swedish traditional costume made from Ikea bags https://ikeahackers.net/2016/06/swedish-folk-costume-5-ikea-bags.html

#10yrsago NSA dumps docs about its Snowden response, reveals that Snowden repeatedly raised alarms about spying https://web.archive.org/web/20160604213547/https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive

#10yrsago John Oliver buys and forgives $15M in medical debt, illustrates horrors of America’s debt-collectors https://web.archive.org/web/20160606234823/https://consumerist.com/2016/06/06/john-oliver-buys-15m-in-medical-debt-then-forgives-it/

#10yrsago David Byrne wants you to register to vote, and wants everyone else to, too https://web.archive.org/web/20160609060810/http://davidbyrne.com/were-better-than-this-vote

#10yrsago You are not a wallet: complaining considered helpful https://www.theguardian.com/technology/2016/jun/07/its-your-duty-to-complain-thats-how-companies-improve

#10yrsago Web Sheriff’s legal scare strategy: throw everything at the wall, hope something sticks https://www.techdirt.com/2016/06/07/web-sheriff-accuses-us-breaking-basically-every-possible-law-pointing-out-that-abusing-dmca-takedowns/

#10yrsago Lin-Manuel Miranda declares war on bots https://www.nytimes.com/2016/06/07/opinion/stop-the-bots-from-killing-broadway.html

#10yrsago Uber loves competition, when it’s the one doing the competing https://www.boston.com/news/technology/2016/06/05/uber-app-urbanhail-startup-ride-prices/

#10yrsago MI5 warning: we’re gathering more than we can analyse, and will miss terrorist attacks https://theintercept.com/document/2016/06/07/preston-study/

#10yrsago Samantha Bee interviews Frank Schaeffer, who helped create the religious right https://www.youtube.com/watch?v=MhLY0JqXP-s

#10yrsago Why defense attorneys aren’t cheering Brock Allan Turner’s wrist-slap https://web.archive.org/web/20160611024154/http://mimesislaw.com/fault-lines/brock-turner-the-sort-of-defendant-who-is-spared-severe-impact/10288

#10yrsago Password hashing demystified https://www.wired.com/2016/06/hacker-lexicon-password-hashing/

#5yrsago Google

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

Incorruptible: Why Good Companies Go Bad… and How Great Companies Stay Great , by Eric Ries .

Every once in a while a book comes along that doesn’t just change your tactical thinking, but makes you see the world in a different way. Reading this book is like taking the red pill in the Matrix.

Some will read this book, think it’s interesting and then get back to figuring out to how get their next big round of funding or how to deal with AI disruption in their large company.

But what they’ll miss is that this is the book that will rebuild the corporate and startup world after the next financial crash .

That’s exactly what happened when Eric’s work, Alexander Osterwald’s work and mine created the Lean Startup. Lean was a neat theory until the dot com bubble crashed and investors (those who still had jobs,) were hiding under their desks. Only then were startups and VCs amenable to a radically new idea about how to build new ventures.

The same will happen here.

Part 1 is a great tutorial on how corporations morphed from serving the people to serving only its shareholders. Worth reading deeply.

Part 2 is the nuts and bolts about what to do about it. How to build companies with governance structures that endure.

Part 3 is about the network effect of building this class of companies. It also has a chapter that buries the lead. Eric had the core ideas for the concepts in the book in 2019 when he started the Long Term Stock Exchange (LTSE). Never heard of it? Welcome to the club. Its core diagnosis was absolutely right: public markets reward short-termism. LTSE tried to solve a governance problem with an exchange listing. In hindsight it took all the accumulated wisdom in this book to understand what it will take to make meaningful change.

Its time may come and this book may be the catalyst.

This book will possibly be more important than the Lean Startup ever was – for you, your company and society as a whole. Read it .

Benevolent dictator for life. The founder keeps final say over project direction in perpetuity, by convention rather than written rule. Python ran this way until Guido stepped down in 2018, and Linux, Ruby, Rails, and Laravel still do. The unspoken upper bound on “in perpetuity” is one human lifespan, which none of the famous projects in the category have had to test yet.

Malevolent dictator for life. The same arrangement after the benevolence has worn off, with the founder still in the chair and nobody around with the access or the energy to do much about it. From outside it shows up as long-time contributors going quiet and forks appearing in places that do not usually fork.

Steering council. What a BDFL project becomes after the dictator retires or is asked to. The usual shape is a small elected committee with rotating seats and no permanent membership, as in Python’s transition to a five-person Steering Council via PEP 13 and PEP 8016 after Guido stepped down. Most BDFL projects do not write a succession plan in advance and end up improvising one in whatever crisis prompted the handover.

Permanent core team. A long-lived group of recognised maintainers joined by invitation and serving without fixed term, sometimes inside a foundation and sometimes not. PostgreSQL’s core team is the canonical example, with new members nominated by existing ones and no formal voting or candidacy process. The model accumulates institutional memory better than rotating committees. The trade-off is that the criteria for joining are unwritten and amount to whatever the current members happen to agree on.

The Apache Way. A standardised ladder from contributor to committer to project management committee member, with a rotating chair and decisions taken on the dev mailing list by lazy consensus or vote. The structure is identical across every Apache project, which is the foundation’s actual product. It does not depend on any individual maintainer remaining interested next year, at the price of being slow.

Vendor-neutral foundation. A foundation owns the trademark and the legal entity, a technical oversight committee delegates to maintainers, and member companies pay dues that fund the staff. CNCF, Eclipse, OpenJS, and the Linux Foundation umbrella projects all run on variations of this shape. Neutrality means no single member captures the project, enforced by the membership agreement rather than anything structural in the code. The foundation itself is a participant in the arrangement rather than a neutral platform for it, with its own continuity and growth on the agenda alongside any one project’s.

Technical steering committee with subgroups. A TSC handles cross-cutting decisions, and special interest groups or working groups own particular areas of the codebase. Kubernetes is the maximalist version, with a documented governance file for every SIG, and Node.js runs a smaller version of the same shape. The model scales reasonably with the size of the project but less well with employer concentration, since once a majority of SIG leads work for the same company nothing about the org chart will say so.

Do-ocracy with lazy consensus. Whoever does the work decides, and proposals pass absent objection within some window. Debian’s package maintainership runs this way, as does most of Apache once you are past the formal voting structure. It works as long as participation is broad, and reverts to an unannounced BDFL when one person ends up doing most of the work without saying so, with the cosmetic advantage over the announced version that nobody has to admit it.

Discord-driven development. The institutional memory of the project lives in a chat server, with decisions tracked by linking to messages from GitHub issues, and the durable record limited to whoever screenshotted what before the channel scrolled. Common in JavaScript frameworks and crypto projects, with the README linking a community server in place of a CONTRIBUTING file, and issue threads that close with a pointer to chat.

Conference-driven roadmap. The annual conference is the only time the maintainers are all in one room, so the roadmap for the year gets set on a Tuesday afternoon based on which suggestions made it onto the slide deck. The conference is sponsored by the biggest user of the project, whose feedback was incorporated during the planning calls. The signature outcome is a feature appearing in the next release that nobody filed an issue for, traceable to a slide deck nobody kept a copy of.

Rough consensus and running code. IETF doctrine, codified in RFC 7282 , under which no formal vote is taken, working implementations carry more weight than opinions, and the chair calls consensus when objections are addressed rather than counted. The model suits standards bodies more than codebases. It reliably produces decisions owned by whoever showed up to push back, who are usually not the people the decisions affect.

Single-vendor open source. One company holds the copyright, the trademark, and the publish keys, contributors sign a CLA on the way in, and the roadmap is whatever the company needs. MongoDB, Elastic, HashiCorp, and Redis were open source by the OSI definition for most of their history, then relicensed away from it once the strategic calculation changed. The community check is the same as for the dictator (leave and fork), and the price is the cost of rebuilding whatever the company was paying for, which OpenTofu and Valkey are currently demonstrating in practice.

Hot fork summer. The project goes through governance crises predictably enough that a sequence of forks has accumulated (project, project-ng, project-next, project-classic), each with its own claim to the legitimate inheritance. Each fork was supposed to settle the question and instead added another row to the disambiguation page. Every new README explains at length which other forks the project is not, and downstream picks based on which lockfile they already have.

Token-governed. On-chain proposals weighted by token holdings and executed by smart contract, as in Uniswap and MakerDAO. It has the only literal elections in the catalogue, with influence proportional to capital and the proportions on public ledger.

Coding agent for life. Autonomous coding agent create the repository, register the account that hosts it, write the code, open and review their own pull requests, and merge without anyone signing off. Influence over the project accrues to anyone who can phrase an issue convincingly enough that the swarm acts on it, which is a wider electorate than any other model in the catalogue.

Sign-up forms were built for humans in browsers, so how do AI agents programmatically register with services?

Enter auth.md. By exposing a single, machine-readable Markdown file at your service root, AI agents can dynamically discover your OAuth Protected Resource Metadata, parse required scopes, and authenticate seamlessly.

With native support in WorkOS AuthKit, you can now implement this protocol out of the box, giving AI tools a standardized, secure way to log into your application.

Read the auth.md docs .

★

Tigris is S3-compatible, which means you can point the AWS SDK at it and most things just work. The catch is that the Tigris-exclusive features—bucket forking, snapshots, object renaming, and the like—need verbose workarounds because the AWS SDK doesn't know they exist.

So we wrote a Go SDK that does. It comes in two flavors: the storage package is a drop-in replacement for the standard S3 client with first-class methods for the Tigris-specific operations, and simplestorage is a higher-level client for the common single-bucket case that infers its configuration from the environment so you stop passing the same parameters over and over. You can adopt the Tigris features incrementally without refactoring your existing S3 code, and the simpler API still works against other S3-compatible providers.

I wrote up how it works and why we built it over on the Tigris blog.

Given how badly burned anyone who took Apple's 2024 WWDC Apple Intelligence announcements at face value was, I'm holding to a strict "I'll believe it when I see it" policy for everything they announced today .

The new Siri AI features do at least look feasible with today's technology, especially since Apple are licensing a custom Gemini-derived model that they can run on their own Private Cloud Compute.

It sounds like they'll be taking advantage of vision LLMs to extract information from the user's screen, which neatly sidesteps the need for every existing application to ship custom code in order to integrate with Apple Intelligence. Vision LLMs were a much less mature category in June 2024.

The new Core AI library looks like a good step in enabling developers to finally take full advantage of Apple's hardware for running their own models. It integrates with Meta's open source PyTorch ecosystem, based on these Core AI PyTorch extensions :

Core AI PyTorch Extensions ( coreai-torch ) is a Python package that bridges PyTorch and Core AI. You can use it to bring up an existing PyTorch model — exported as a  torch.export.ExportedProgram  — into a Core AI  AIProgram  ready to run on Apple hardware, traversing the FX graph node-by-node and mapping ATen operators to Core AI operations.

You can install an iOS 27 Developer Beta today, which supposedly has the new features - but you then have to make it through a waiting list for access to the new Siri AI. Aaron Perris from MacRumors reports having made it off the waitlist so we may start seeing credible reports on how well Siri AI works in the very near future.

Tags: vision-llms , apple , generative-ai , ai , llms

TL;DR: My new prior is that top-of-the-line LLMs working on easy tasks generate code that is maybe 10 % more complicated than necessary. I also think we accept this complexity too easily, because it comes from code that is right here , right now , solving an immediate problem. This may have consequences for maintenance in the long term.

The background to this discovery was that I needed to do some CRUD plumbing in a work project. It was a simple change that mostly mirrored existing functionality. This is a perfect fit for LLMs, in my experience, so I used a frontier model to generate the code for it. The change ended up being a total of just over 200 lines, mostly additions.

The part of the generated code we’ll talk about is a 24-line function that converts an arbitrary (user-supplied) string to a safe HTTP header value.

(Continue reading the full article on the web.)

ppclp.ai, North America's third-largest AI-native manufacturer of premium wire-formed office fasteners, formerly known as Paper Clip Company, announced a landmark 100x improvement in its proprietary Organizational Productivity Index (OPI™), cementing what leadership is calling "a new era of operational excellence" and "a little bit of a miracle." The breakthrough follows an 18-month company-wide initiative called Project Streamline, during which all 340 employees completed mandatory efficiency training, adopted a new Jira-based workflow system powered by Rovo, and attended a two-day offsite in Scottsdale where a consultant named Derek asked everyone to "think about how they think about work."

"I used to open fourteen browser tabs and just stare at them. Now I open fourteen browser tabs, and AI agents are looking at them for me. I've never felt more in control."

— Sandra K., Senior Clip Assembly Coordinator, 11 years at ppclp.ai

Central to the transformation is Rovo, Atlassian's AI, which the ppclp.ai Jira Center of Excellence team has deeply integrated into the company's ticket lifecycle. Rovo now autonomously opens tickets when it detects workflow friction, assigns them to the appropriate team, and, in what the Center of Excellence calls "the closed-loop moment", it closes them upon determining that sufficient time has passed. Ticket velocity has increased by 340% as a result.

"Rovo doesn't wait for humans to decide a problem is solved," explained the Head of Delivery Operations, in a blog post titled We Taught Our Tickets to Heal Themselves. "It senses resolution. It acts. And then it documents the action in a follow-up ticket, which it also closes."

The OPI™, aggregating over 200 signals including ticket velocity, standup attendance, emoji reaction latency in Slack, and what the methodology document calls "ambient focus energy," now shows a number in the top-right corner of the dashboard that is very large and going up. The dashboard itself, prominently themed in dark mode (naturally), required six months to build and is, by all accounts, extremely beautiful.

"We are incredibly proud of this number," said CEO Bob Realman in a statement prepared by the communications team and reviewed by legal. "It represents the dedication, the hustle, and the genuine passion of every single person at ppclp.ai. And of Rovo, who we consider an honorary team member and who closed 1,400 tickets last Tuesday alone."

When asked by a reporter at the earnings call whether the 100x productivity improvement had resulted in a corresponding increase in paperclip output, CFO Melissa Tran paused, smiled warmly, and said the question "reflected a pre-transformation mindset." She then advanced to the next slide, which was a photo of the team at the Scottsdale offsite.

"Volume is a very legacy way of thinking about a fastener business. We've moved beyond units. We're measuring what matters: Agentic motion."

— Bob Realman, current and former CEO, ppclp.ai

The company did acknowledge, in a footnote on page 34 of the supplemental earnings materials, that paperclip production had declined approximately 20% year-over-year. The footnote attributed this to "macroeconomic headwinds, a challenging staple-adjacent market, and notable seasonality in Q2 clip demand," adding that the trend was "well within the range of normal paperclip seasonality" and "expected to self-correct, eventually."

Analysts who requested a definition of "paperclip seasonality" were directed to a separate FAQ document that had not yet been written. A Rovo ticket to write it was opened and closed the same afternoon.

ppclp.ai says it expects the OPI™ to continue improving through the end of the fiscal year. They are already exploring an OPI™ 2.0, an open source model that will incorporate biometric data, walking pace between meetings, and what the roadmap calls a "vibe coefficient." Production guidance was not provided, but the company noted that the dashboard remains, in their words, "extremely actionable," and that Rovo has already opened a ticket about it.

OPI™ was developed in collaboration with Proxy Ai™ . ProxyAi, so you don't have to.

About ppclp.ai: ppclp.ai has manufactured precision wire-formed fasteners since 1987, and rebranded as an AI-native company in 2024. The company serves offices, government agencies, and one very loyal stationery shop in Duluth. ppclp.ai employs 340 humans and Rovo, and is headquartered in a building with a lot of glass. More information is available at a website that is currently being redesigned by an agent.

Forward-looking statements contained herein involve risks and uncertainties, including but not limited to: continued ambiguity about what productivity means, the possibility that Rovo opens a ticket about this press release and then closes it, and the risk that someone in finance eventually opens a spreadsheet unassisted. OPI™ is a trademark of ppclp.ai. "Seasonality" is used here in the broadest possible sense. Rovo is a product of Atlassian and is referenced here with the full confidence that it would autonomously resolve any objections. Past dashboard performance is not indicative of future paperclip output.

If you liked this piece, you should subscribe to my premium newsletter. It’s $70 a year, or $7 a month, and in return you get a weekly newsletter that’s usually anywhere from 5,000 to 18,000 words, including vast, detailed analyses of NVIDIA , Anthropic and OpenAI’s finances , and the AI bubble writ large (updated to version 3.0 last week). My Hater's Guides To the SaaSpocalypse , Private Credit and Private Equity are essential to understanding our current financial system, and my guide to how OpenAI Kills Oracle pairs nicely with my Hater's Guide To Oracle . Over a three week period in May , I published an exhaustive three-part guide to how the AI bubble might collapse, the events that might trigger it, and the consequences. For something lighter, check out last week’s premium, where I re-introduce you to the antagonists of the AI bubble (and their fatal weaknesses) in caustic, slightly sweary terms.  Subscribing to premium is both great value and makes it possible to write these large, deeply-researched free pieces every week.  Last week I went on Bloomberg and discussed the state of the AI bubble with a clarity that rattled even the sweatiest boosters, mostly because I spoke with clarity about an investment frenzy whipped up through hype, deceit and mythology. Some were equal parts frustrated and angry that I don’t have money in the market, or, as they’d put it, “skin in the game.” I get it! When your entire worldview is dictated by what a series of venture capitalists and psuedo-journalists on Twitter want you to believe, it must be difficult to imagine someone having “morals” or “beliefs” or that one might hold a position that wasn’t entirely based on greed or tribalism. It must be confusing — upsetting, even! — to hear that somebody is willing to accurately and vociferously tear into a tech industry largely controlled by people with no regard for their users or workers, who are willing to bathe their products in mediocrity all because it’s the thing that everybody else is doing. This is a hysterical era perpetuated by liars, cowards, imbeciles, craven boosters and the easily-fooled. Those excited about generative AI are either the victim or the perpetrator of a con centered around a technology to ingratiate at the highest cost possible. AI Cannot Afford To Slow Down — It Needs $3 Trillion Or More In Revenue By End Of 2030 To Sustain Its Existence  I also think that everybody is a little flippant about what has to happen for me to be wrong. • If we take Sightline Climate’s data from February at face value , there are 190GW of data centers planned. If we take NVIDIA CEO Jensen Huang’s statement that data centers will cost $80 billion to $100 billion a gigawatt at face value, this means that said data centers will cost anywhere from $9.5 trillion to $15 trillion. Bloomberg incorrectly states that this is a “$3 trillion” buildout . • This money will have to come from somewhere. The Financial Times reported in May that banks are concerned they might “choke” on data center debt when I estimate there’s barely $250 billion a year being issued. They will, to actually make these data centers happen, have to start issuing anywhere from $500 billion to a trillion a year.

• Jensen Huang has also said that NVIDIA projects a trillion dollars worth of revenue through the end of 2027 . 54% of NVIDIA’s revenue comes from three clients , which means that NVIDIA’s future largely depends on three unnamed companies — likely Taiwanese ODMs building servers for Microsoft, Google and Meta — and their counterparties’ ability to raise debt on a near-perpetual basis, as the number of firms that can afford to buy thousands of $7.8 million racks of Vera Rubin GPUs is dwindling.

• Even then, every part of this puzzle requires more and more debt or at the market dumps like Google’s $85 billion equity sale or Meta’s planned multi-billion dollar dump . • The fact that hyperscalers are doing equity sales is, as economist Paul Kedrosky raised in our conversation on my show last week , a sign that debt is becoming harder to acquire.

• Anthropic has made $330 billion in compute and chip commitments between Google, Amazon, and Microsoft , another $30 billion with CoreWeave and another $15 billion with SpaceX. To pay for this compute, Anthropic must meet its projected revenue of $174 billion a year by 2029 . • Anthropic has raised $95 billion across rounds in February , April (from Google and Amazon ), and May . These funds will be insufficient to cover Anthropic’s costs, as will Anthropic’s cash flow, meaning that it will have to raise at least another $200 billion in the next year.

• OpenAI has projected to burn at least $852 billion through the end of 2030 , and has made over $770 billion in compute commitments across Microsoft, Amazon, CoreWeave, Cerebras, and Oracle. The $122 billion funding round from March will be insufficient to cover these costs, and it will require, at the very least, another $250 billion in funding by the end of the year. Whatever obtuse fantasies you have about the current state of generative AI are irrelevant to a much larger problem: that the infrastructure being built and compute commitments being made are being done so at a level that demands that generative AI and AI compute generate over $2 trillion in annual revenue by 2030. When I say that, I mean it absolutely has to do that otherwise none of the data center capex makes sense, and neither Anthropic nor OpenAI can pay their commitments. OpenAI expects to spend $50 billion on compute in 2026 , and I wouldn’t be surprised if Anthropic spends anywhere from $30 billion to $50 billion. Between them, Anthropic and OpenAI represent the vast majority of all AI compute demand — at a minimum 70% , if not 80% to 90%.  Put another way, there’s barely a few billion dollars of demand outside of two companies that lose billions — or tens of billions — of dollars a year. Let’s break down these numbers a little further: • 190GW of data center capacity assuming a PUE of 1.35 suggests a critical IT load of around 140GW, which, charged at around $12.5 million per megawatt, works out to around $1.75 trillion in annual revenue. • If we assume that half of that gets built, that’s still $875 billion in annual revenue that will be needed to keep these data centers from running out of money as their margins are atrocious and they’re all paid for with onerous debt.

• OpenAI and Anthropic project to make $184 billion and $174 billion in revenue in 2029, for a total of $358 billion in annual revenue. While Anthropic claims it will be profitable by then, I do not believe it will be, nor is it profitable at this point outside of financial engineering .

• At present, there are no other major purchasers of AI compute outside of NVIDIA, hyperscalers (who are selling it to Anthropic and OpenAI, or they’re Meta, which has no AI strategy ), OpenAI, and Anthropic. None. I can’t find a single one outside of Jane Street spending more than a few hundred million. We need a few hundred billion.

• That’s already a huge problem, but the other problem is that we also need companies to spend dramatically more on AI services than they already do. While journalists are currently gooning over OpenAI and Anthropic making $6 billion or $10 billion in a given quarter, that’s just not enough! Both Anthropic and OpenAI need to be making $10 billion or more in monthly revenue by Q1 2028, or their growth rates aren’t going to support their compute commitments. This is not hyperbole! Every single thing I have stated here precisely maps to the projections and promises of the AI industry. No matter how horny or flaccid you are for the potential of AI, it must grow at an astonishing, unstoppable rate from here until the end of time to be anything close to worthy of its costs. Actually, sorry, let’s put judgments aside for a second, because this isn’t about judgment , but rather the promises that have been made by the software and hardware companies associated with AI. NVIDIA’s place atop the stock market and its ridiculous projections depend on both the continued flow of data center debt and the continued belief that AI services will have the revenue to back it up.  AI cannot, under any circumstances, slow down. In a year, Anthropic and OpenAI’s businesses have to be roughly twice the size they are today, and then double again basically every year until 2029 or 2030. In that time period, they must also both raise hundreds of billions of dollars or, alternatively, turn deeply unprofitable businesses into profitable ones while also doubling their revenues.  Alternatively, both must severely reduce their costs… except if they do that, they won’t have any need for all that compute capacity, which will deprive Oracle, Google, Microsoft, SpaceX, Cerebras, CoreWeave, TeraWulf, Cipher, and Hut8 of the $1.1 trillion in remaining performance obligations. Also, if OpenAI can’t afford — or doesn’t want — its compute, Oracle will simply run out of money . It is spending anywhere from $340 billion to $700 billion (depending on whether you believe Jensen Huang in September 2025 or May 2026) on the 7.1GW of data centers it’s building for OpenAI. These, again, are not hyperbolic statements, but the actual costs associated with Oracle’s massive buildouts in Michigan, New Mexico, Wisconsin and Texas. I didn’t agree to do this! Larry Ellison did!  Sidenote: Larry Ellison has also got at least $21 billion in loans collateralized by his Oracle shares, and any doubts around Oracle’s ability to pay for its debts or OpenAI’s ability to pay Oracle for its compute will threaten massive margin calls. I wrote about this here . It’s really bad! Whatever Everybody Is Spending On AI Right Now Is Insufficient, and We Need At Least Two Other OpenAIs To Justify The Compute Being Built Apparently, Salesforce is planning to spend $300 million on Anthropic in 2026, to which I say “that’s not nearly enough”! Everybody has to be spending even more than that in the next few years, without fail, no ifs, ands, or buts. It is non-negotiable. Anthropic needs to be making over $100 billion in two years or it can’t afford its commitments, so you filthy token-hogs better slurp up your slop this instant, or Dario Amodei gets made part of the permanent underclass! But seriously folks, the combined compute demand of every single AI company in the world doesn’t currently reach $100 billion — and it needs to be ten times that by 2030 or all those data centers got built for no reason!   And for that to happen, both Anthropic and OpenAI need to be making about $400 billion a year in annual revenue, which means there needs to actually be that much demand for AI services! Right now, Anthropic and OpenAI’s combined projected revenues for 2026 sit somewhere in the region of $60 billion — so, you know, they only need to grow by 496% by the end of 2029!  To make matters worse, it doesn’t seem like anyone else in the AI industry is going to help with the whole “demand for AI services or compute” thing. As The Information reported a few weeks ago, OpenAI and Anthropic make up 89% of all AI startup revenues .  We could include hyperscaler revenues, but that wouldn’t help very much. Microsoft’s $37 billion in AI annual run rate — these fucking cowards never share actual AI revenues! — is predominantly made up of OpenAI’s compute, with the rest of it (maybe $8 billion in annual revenue at best) from Microsoft harassing its permanently-abused customer base into installing Copilot.  Ah, shit, there’s another problem with Microsoft — Microsoft AI CEO Mustafa Suleyman just said that Anthropic’s models were too expensive, and he intended to reduce Microsoft’s use of them to zero ! You can’t do that Mustafa! We need every cent of demand, otherwise everything falls apart!  Sidenote: Amazon and Meta barely have AI stories. Mark Zuckerberg just said he “thinks” Meta has a use for the vast amount of compute it’s bought or is developing, if you’re wondering how great things are going over there.

A source tells me Meta is working on a Tamagotchi-like pendant that uses OpenClaw, and when I heard that I felt exactly how I felt the first time I heard No Doubt’s Rock Steady — did I really used to like this dogshit when I was young? Anyway, eager math-knowers among you might also notice that even if Anthropic and OpenAI spent $500 billion a year in annual compute — an amount that they can’t afford even if they combined both their unsustainable asses — we’d need at least another $250 billion or more in annual compute revenue to justify it. In other words, they need everybody to be “doing agents” at such a scale that basically every third dipshit you run into on the street is sinking $50 or more a day into them.  I sure hope that’s happe- OH MY GOD! AI Is Slowing Down Just As It Needs To Speed Up As I discussed last week , you can’t measure the cost of a particular task with AI, nor can you measure its return on investment. The only reason that we’ve been “doing AI” with such ferocity and veracity is that most companies are beholden to Business Idiots disconnected from production who have no real understanding of their underlying firms’ outputs, and thus have very little way of measuring them. These multi-millionaire midwits have been “doing AI” because everybody else is doing it, burning millions of dollars to turn their code into slop ( see: Zillow ) or have their engineers compete to see who can spend the most money ( see: Meta and multiple other companies ). In one case, a company spent $500 million on Anthropic’s models in a month because it didn’t set up spend controls . In Uber’s case, it burned through its entire annual token budget in a single quarter , which led to its COO saying it was harder to justify spending money on AI tokens because it couldn’t show a link between that spend and a meaningful increase in useful features on Uber . Now Uber has

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

The photographer’s model for the visage of The Nameless One on the now-iconic Planescape: Torment box was actually Guido Henkel, the game’s producer, who was enlisted at the last minute when the planned professional model had a “scheduling conflict.”

This article tells part of the story of Dungeons & Dragons on the tabletop and on computers.

Usually if you choose the longest dialog option, that’s the best option.

— Chris Avellone

Quite some years ago now, I briefly interviewed Brian Fargo about Interplay’s 1988 adaptation of the William Gibson novel  Neuromancer . He was plainly busy and a little distracted with more modern game-development matters — this was in the midst of the Kickstarter-funded Wasteland revivals — but he was helpful and friendly enough during the half-hour or so that I spoke to him. Toward the end of our conversation, he mentioned that he had a box full of papers from his Interplay days gathering dust in a filing cabinet in his home office. Upon hearing this, I leapt immediately to make a pitch for my archivist friends at the Strong Museum of Play in Rochester, New York. And lo and behold, a Brian Fargo collection showed up at the Strong within a year or so. I don’t know whether these two events are related, but I like to think that they are.

Regardless, the next time I made it up to the Strong, I naturally made it a point to go through the collection. And it was there, amidst a mishmash of other documents spanning the nearly twenty years that Fargo spent running Interplay, that I first stumbled upon the original pitch document for Planescape: Torment , the one that crossed his desk in June of 1997 and led to the project being formally green-lit. I found this document rather shocking at the time, in that its tone was so totally out of keeping with the hallowed reputation which the game had long enjoyed even then as the most credible claimant to the status of true Interactive Art that the CRPG genre has ever produced. Much of this pitch, by contrast, seemed to have been written by Joe Lieberman’s most stereotypical nightmare: by a sadistic, DOOM -addled teenager who turned it out in between dry-humping everything around him with an even vaguely feminine shape.

No more using boring swords, daggers, or bows to carve bloody swaths through opponents. Plunge scalpels into foes’ eyes, lace their food with poisonous embalming fluid, push them into man-eating pockets of ooze, sic them with sarcastic biting skulls, hurl them into razorvines, conjure burrowing rot grubs within a victim’s brain, cast spells that make them bleed from every orifice, or change a person’s scent so they attract packs of hungry rats. Deliver punishment in ways that will bring a smile to your face.

“Fireball” can go hide in the fucking corner when you unleash your arsenal. Jam your hand into an opponent’s body, rip out his soul, and tell it to kill its owner. Make a gesture and summon a blanket of crawling, biting insects to turn your enemy into a Happy Meal. Send your foes on a field trip to Hell without a permission slip. Taunt someone to death. Summon your darkest shadows from across existence and send them into battle to feed on your opponent’s physical strength. Your succubus ally can kiss your opponents to death — they die with a smile on their face.

This game will have lots of babes that make the player go wow. There will be fiendish babes, human babes, angelic babes, Asian babes, and even undead babes. Think babes. Then think more babes.

To which one can only reply, whoa… whoa. Settle down there, Beavis, before you rub that thing raw.

This document, which has long since surfaced publicly and made the rounds of the Internet, has become something of a problem for  Planescape: Torment’ s cult fandom, being so markedly at odds with what they wish the game to be. Some have gone so far as to claim that the juvenile profanity was nothing more than an elaborate ruse to get Brian Fargo and his marketing cronies to sign off on such an uncompromising piece of art, or that this is the only corporate pitch document in the history of the world to inhabit the category of satire. But personally, I’m not buying these pat explanations. I think that the finished Planescape: Torment that we know is a blending of the adolescent and the rarefied, the commercial and the idealistic. It’s not that the higher concepts and grander themes don’t exist. It’s just that they’re embedded into a licensed and branded Dungeons & Dragons computer game — made by, let’s face it, a bunch of nerdy twenty-something American men with the same predilections and blind spots as their peers elsewhere in the industry. We probably shouldn’t allow ourselves to get quite as precious about it as we often do.

For what’s worth, I suspect that Chris Avellone himself might more or less agree with this assessment deep down in his heart of hearts. In every interview I’ve seen him give on the subject of Planescape: Torment , he’s been distinctly reluctant to take on the persona of the auteur creating timeless art for the ages. He tends to speak more in the terms of a creative professional who was given a job to do: “Like just about every game I’ve worked on in my career, the franchise or premise was mandated, and then I worked within the parameters given.” He prefers to frame the protagonist’s journey to self-knowledge more as a way of flattering the typical gamer’s sensibilities than a conscious artistic masterstroke.

It is a very selfish game. After about ten years of game-mastering players… that’s really all they care about. They want the entire adventure to revolve around them. Players want to hear people talking about them . It’s the ultimate ego stroke.

Again, this is not to say that Planescape: Torment doesn’t resonate in certain places with the proverbial human condition. It’s merely to say that it’s a complicated, piebald beast. Is it art? Maybe, depending on how you define such things, since art is always in the eye of the beholder. Is it a penetrating work of moral philosophy? Maybe, to some extent, but maybe not quite so much as some folks want it to be. Is it well-written? Intermittently, although seldom on a sentence-by-sentence level. Is it brave and groundbreaking in the context of its time and circumstances? Absolutely. Is it a great game , full stop? Eh…

Building the perfect box-cover beast…

Fair warning: a considerable number of Planescape: Torment spoilers follow!

Baldur’s Gate , the only Infinity Engine game to precede Planescape: Torment , attempts very explicitly to recreate the pleasures of playing tabletop  Dungeons & Dragons with your friends. The companions whom you collect around you could easily be the avatars of said friends. Each of them is an archetype — fighter, magic user, cleric, thief — which constitutes one part of a Gary Gygax-approved well-balanced adventuring party. The game employs the classic “a group of adventurers met in a bar and went questing” setup. There’s an overarching plot, but it’s really just an excuse to explore more terrain, fight more monsters, and grow steadily stronger.  If you want, you can even play Baldur’s Gate together with your real-life friends, with each of you taking control of one character (although it’s rather clunky in practice, being subject to the technological limitations of the late 1990s).

Whatever else it happens to be,  Planescape: Torment is nothing like that. It’s the very specific story of one very specific character, presented it a way that would never have worked with a gang of others sitting around the tabletop. Companions do arrive to accompany him, but they are always peripheral to his central psychodrama. There is no multi-player mode here. Having one would make no sense.

The protagonist of  Planescape: Torment is the appropriately named Nameless One, a zombified shamble of flesh and bone who wakes up at the beginning of the game on a mortuary slab in Sigil, the city of inter-planar doors, with no idea who he is or how he got there. So, he sets off to try to find out. Along the way, he meets the aforementioned companions who join him on his journey. One or two of them he even meets in a bar, but these are not your typical happy-go-lucky adventurers with mercenary stars in their eyes. The fact is that each of their stories has long ago become interwoven with that of the Nameless One himself, generally to their detriment, and even though he can’t remember any of it. His own backstory will prove to be far longer and stranger than you or he might ever have thought possible, encompassing hundreds of lifetimes lived out all over the planes of existence, during which he has been good and evil and everything in between. His true quest, it will gradually become clear, is not merely to find out who he really is. Doing so is just a prerequisite to stopping the cycle of rebirths, owning his sins, and finally bringing his story to an end.

Planescape: Torment demonstrates the flexibility of the Infinity Engine. In keeping with the more personal focus of the story, the team at Interplay moved the camera in closer to show the characters on the screen better, condensed the interface down to a single bar at the bottom of the screen, and reworked the controls to make use of a popup, adventure-game-style radial verb menu.

Not only does Planescape: Torment subvert the traditional plot outline of a CRPG by turning a triumphalist power fantasy into a tragic journey of self-discovery, but it subverts many of the standard CRPG mechanics to serve its agenda. The Nameless One is immortal, which means that defeat and “death” in combat is a minor inconvenience at worst; he will always wake up once again on his mortuary slab, with all of his inventory, companions, and experience points intact. (In some places, he is even required to “die” in order to advance the plot.) With physical threats being thus robbed of their menace, a clever dialog response is almost always worth more experience points than defeating the same interlocutor in battle. Swords, armor, and most of the other usual trappings of heroic adventure are seldom seen, replaced by stranger concoctions, like a floating skull who can upgrade his attack by acquiring sharper teeth. Planescape: Torment is not your parents’ CRPG.

To wit: if you come to this game expecting a plane-skipping roller-coaster ride through a wide variety of environments, I’m afraid you’re destined to be disappointed. Most of it takes place within Sigil. You start out in the slums and eventually make your way to slightly posher districts of the city, but the general atmosphere remains one of futility and decay from first to last. I’m frankly not sure how to respond to this. My wide-eyed inner child, the one who used to consume pulpy sci-fi novels by the dozen, thinks it’s false advertising to promise us a city of doors to infinite possibility and then deliver only this sad-sack assemblage of run-down mundanities. My more mature incarnation, the one who studied (or in some cases suffered through) the literary classics at university, thinks it might be an admirable case of a game sticking to its guns. But even he begins to feel crushed under the sheer weight of misery on display here, begins to wonder what pathetic excuse for a multiverse this is that has such a squalid, nihilistic centerpiece.

Planescape: Torment has its share of interface issues, but the quest log at least is far more usable than the one in Baldur’s Gate .

In practice, much of your time in  Planescape: Torment will be spent wandering through each new district of Sigil as it opens up, clicking on every character who has a name or otherwise non-generic description in order to initiate conversation. Make no mistake. These people like to talk… oh, my God, do they like to talk. A minority of them have information or assistance to offer that pertains to the main quest, or at least to one of the many side-quests. Most of them, however, just “rattle their bone-box,” as the Sigil lingo goes, for the sake of hearing it rattle, telling you all about their hardscrabble lives in paragraph after paragraph of text. I find that it becomes numbing after a while, a symphony of despair that just keeps hammering away on the same relentlessly grim note. It’s  Down and Out in Paris and London , except an order of magnitude longer in a different dimension.

The Chant — the Cockney-inspired lingo of Sigil — is striking, even if it is lifted from TSR’s Planescape boxed set rather than being an innovation of this development team. All the same, the writing has a rough-draft quality to it that includes but is by no means limited to the typos and minor grammatical errors that are strewn fairly liberally throughout, the well-nigh inevitable result of laying down so very much text in a relatively short span of time. It’s enough to make you long for the days when computers were primitive enough that even text was expensive, such that developers had to choose their words with care, had to make sure that every single one of them counted. Failing that, we might wish that someone in Interplay’s marketing department had insisted that the whole game be voice-acted, which would have served the same purpose of forcing the developers to include only those words that really matter. (As it is, only the occasional line or two is voiced.)

Editing, in any sense of the word, was clearly not a priority here. Back in the 1980s, Infocom employed a full-time editor from the book-publishing world to polish and tighten the prose in its games. But alas, such work was far beyond the core competencies of a 1990s studio like Interplay. The only guiding principle here seems to be the more words, the better. Matters reach a kind of absurd climax when you wander into a bar in which the patrons spout verbatim paragraphs from the old TSR Planescape campaign setting, copied and pasted into the computer game. One can easily imagine that the deve

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

A few small notes on rotation before you get sick of it. (Too late!)

Reducing the number of rotations in the discontiguous swap problem from three to two also shows how the solution can be generalized to shuffling an arbitrary number of variable-sized blocks: Given k blocks, of total size n , you can shuffle them arbitrarily in at most kn swaps in constant space: Take the block that goes first and rotate it to the front, which takes n swaps. Then recurse on what’s left.

You can reduce the number of swaps by comparing the sizes of the block that goes first and the block that goes last and choose to swap the larger block to the corresponding extreme.

I guess you could use this for sorting, but it’s probably enough of a hassle that you’ll just take the penalty of allocating a second block of memory rather than trying to be clever and doing it in-place.

In online discussion of this article, I saw a number of people say, “You can do this with the XOR trick,” but I’m not sure what XOR trick they are referring to. If they are talking about using XOR to swap two integer variables without introducing a third variable, that’s a cute trick I don’t see how it helps with moving variable-sized blocks around. It also doesn’t help with swapping non-integers, since it’s not clear how your XOR two strings or two Widgets.

Another note is that my unit of accounting was the “swap”, but really I should be counting “assignments” because the cycle decomposition algorithm doesn’t use swaps. For the purpose of accounting, I’ve been counting a single assignment as half a swap, though depending on how expensive the move constructor is, a single assignment/construction might only cost a third of a swap.

Finally, a clarification on my description of the solution as “constant space without allocation”: Clearly any algorithm requires some space: space for the parameters, return address, any registers used by the code, and any local variables and temporaries. As long as the number and size of these things is bounded by a constant, this is considered a “constant space” algorithm. Note that the size of an element is not known to the generalized algorithm, but once you implement the algorithm for a concrete element type, the size becomes a constant.

My description of this as “without allocation” is a shorthand for “without requiring dynamic memory allocation (because the amount of memory needed is known at compile time).”

I have a soft spot for algorithms that run in constant space (where the constant is reasonably small) because they remove the need to worry about how to recover if there is a memory allocation failure.

The post Rotation revisited: Shuffling more than three blocks, and other small notes appeared first on The Old New Thing .

We just wrapped up our Hacking for Defense class at Stanford.

This was the 11th year we’ve taught Hacking for Defense, and the impact of asymmetric warfare, (drones, off-the-shelf technologies, etc.,) disruptive technologies (AI, commercial access to space) and a startup friendly DoW acquisition system – make it feel like a much different class than the previous classes.

(I’ll summarize some of the learnings about the use of AI at the end of this post.)

Hacking for Defense is now in 70 universities, including 20+ in the UK – and this year in Poland and Germany – with teams of students working to understand and help solve national security problems.

This year’s problems came from the Navy, Air Force, Army Research Lab, Defense Innovation Unit, IQT, and NASA.

This quarter 9 teams of 42 students at Stanford collectively interviewed 1132 beneficiaries, stakeholders, requirements writers, program managers, industry partners, etc. – while simultaneously building a series of AI-driven minimal viable products and developing a path to deployment.

We opened this year’s final presentations session with a great talk about AI and defense – past, present and future – from (Ret) LTG Jack Shanahan. Jack was the Director of the DoD Joint Artificial Intelligence Center (JAIC). Watching his talk is a worthwhile use of your time.

If you can’t see Jack Shanahan’s video click here

During the quarter guest speakers in the class included Owen West – director of the Defense Innovation Unit, Mike Brown – partner at Shield Capital, (Ret) LTG Joseph McGee recent head of the Joint Staff J5 (strategy, plans, and policy,) and Hon Marise Payne Australia’s Minister for Foreign Affairs.

“Lessons Learned” Presentations

Each of the eight teams gave a final “Lessons Learned” presentation along with a 2-minute video to provide context about their problem. Unlike traditional demo days where teams show off, “Here’s how smart I am, and isn’t this a great product, please give me money,” the Lessons Learned presentations tell the story of each team’s 10-week journey and hard-won learning and discovery. It’s a roller coaster narrative describing what happens when they discover that everything they thought they knew on day one was wrong and how they eventually got it right.

While all the teams used the  Mission Model Canvas , Customer Development and AI tools to build Minimal Viable Products, each of their journeys was unique.

This year we had the teams add two new slides at the end of their presentation: 1) tell us which AI tools they used, and 2) their estimate of  progress on the Technology Readiness Level and Investment Readiness Level .

Here’s how they did it and what they delivered.

Team Noctua – Started with a problem that said, “ Special operators can’t detect drones passively , without exposing their position.” They ended up understanding that a larger problem was, “ Dismounted troops and base defenders lack a passive means to provide early warning detection of all types of drones, including those that are RF silent.

If you can’t see the Noctura video click here

If you can’t see the Noctura presentation click here

These are “Wicked” Problems

Wicked problems refer to really complex problems, ones with multiple moving parts, where the solution isn’t obvious and lacks a definitive formula. Most problems our Hacking For Defense students work on fall into this category. They are often ambiguous. They start with a problem from a sponsor, and not only is the solution unclear but figuring out how to acquire and deploy it is also complex. Most often students find that in hindsight the problem was a symptom of a more interesting and complex problem – and that Acquisition in the Dept of War is unlike anything in the commercial world.

Instead of admiring problems from inside a classroom our students get of the building and learn, discovery and iterate.

The figure shows the types of problems Hacking for Defense students encounter, with the most common ones shaded.

Team SwarmShield – The initial problem was framed as, the cost of using expensive interceptors to shoot down cheap drones. By the end of the class the Team realized the problem was building terminal guidance that lets a cheap, throwaway drone find and hit an attacker at night.

If you can’t see the SwarmShield summary video click here .

If you can’t see the SwarmShield presentation click here

Department of War Directory – This year the students had access to a Department of War Directory – essentially a phonebook of  ~5,700 names of “ Who buys in the Dept of War ?” The directory includes a tutorial on how the DoW buys and the various acquisition and funding processes and programs that exist for startups. It provides details on how to sell to the DoW and where the Program Acquistion Officers (PAEs) fit into that process.

Team Weapons Without Wait – The initial problem for this team was “Retool and scale defense manufacturing capacity to replenish critical munitions at the pace required by sustained, high-intensity conflicts.”  This is what I call a “boil the ocean” problem” – big and vast – and vague. By class end the team realized what was rapidly achievable (and needed) was affordable, certified munitions for small drones produced at the point-of-need.

If you can’t see the Weapons Without Wait video click here

If you can’t see the Weapons Without Wait presentation click here

It Started With An Idea

Hacking for Defense is built on the same methodology as Lean LaunchPad class I created at Stanford in 2011. It was adopted by the National Science Foundation (NSF) as the NSF I-Corps (Innovation Corps) to train Principal Investigators who wanted an SBIR grant. Now in its second decade and in 100+ universities, I-Corps has become a standard for science commercialization at the NSF, National Institutes of Health and the Department of Energy –  training 3,251 teams and launching 1,400+ startups to date.

Team IonX – IonX also started with a “boil the ocean” problem – The US needs a secure rare earth supply chain. They ended up with a problem more tangible and deliverable – Mineral processors across markets can’t identify and test better chemical reagent schemes.

If you can’t see the IonX video click here

If you can’t see the IonX presentation click here

Origins Of Hacking For Defense

In 2016, brainstorming with  Pete Newell  of BMNT and  Joe Felter at Stanford, we observed that students in our research universities had little connection to the problems their government was trying to solve. We realized the same Lean LaunchPad/I-Corps class would provide a framework to do so. That year we launched both Hacking for Defense  and  Hacking for Diplomacy  (with Professor  Jeremy Weinstein  and the State Department) at Stanford.

Team Cheese on the Moon – Started with a mandate to search for mineral deposits on the moon. By class end they realized that to do that lunar missions need to know what’s on and under the moon not only to mine, but to land.

If you can’t see the Cheese on the Moon video click here

If you can’t see the Cheese on the Moon presentation click here

Goals for Hacking for Defense

A decade ago, our goal for the class was to teach students Lean Innovation methods while they engaged in national public service. We wanted to familiarize students with the military as a profession and help them better understand its expertise, and its role in society. We also hoped the class would show our sponsors a methodology that builds problem understanding before writing requirements.

The class still does all this, but now that the DoW is buying from startups and defense venture capital is abundant, the class has turned into a national security incubator. Most of our teams form defense companies.

Team Fuel Forge started with the problem that combat units need to generate power and fuel locally. They ended with a more interesting observation that they could b uild networked, on-site hydrogen nodes to fuel drones in forward, contested environments where resupply is at risk,

If you can’t see the Fuel Forge video click here



If you can’t see the Fuel Forge presentation click  here

Go-to-Market/Deployment Strategies

The initial goal of the teams is to ensure they understand the problem. The next step is to see if they can find mission/solution fit (the DoW equivalent of commercial product/market fit.) But most importantly, the class teaches the teams about the difficult and complex path of getting a solution in the hands of a warfighter/beneficiary. While the DoW has made tremendous strides in reforming how and who they buy from, students still need to know: Who writes the requirement? What’s an OTA? What’s color of money? What’s a Program Manager? Who owns the current contract?

Team Luminarch – Started with Tactical units lack the capability to visualize, manage, and adapt to the electromagnetic spectrum in real time. They ended with Tactical units lack low-cost, attritable RF sensors that can be deployed at scale, limiting their ability to detect threats, manage signatures, and communicate.

If you can’t see the Luminarch video click here

If you can’t see the Luminarch presentation click here

Team Tessellate– Started with the observation that drone missions don’t scale. And ended by realizing what’s missing is US multi-drone doctrine doesn’t exist and current drone warfare changes are happening faster than the software lifecycle.

If you can’t see the Tessellate video click here



If you can’t see the Tessellate presentation click here

AI In the Class Room

AI has had some obvious and not so obvious impacts on our class.

First, here’s a summary of how our students used AI in both classes I taught this quarter.

If you can’t see the AI Use In Class slide click here

If you can’t see the AI Rap Video click here

AI Tools Used

Claude + Granola – were the AI tools used by everyone.

Large Language Models Used

– Claude, Claude Code, Claude Chrome extension, Claude Cowork, Claude Design

– ChatGPT

– Gemini

Note taking

– Granola

– Twinmind

Presentations

– Perplexity

Building prototypes

– Replit

– Lovable

Creating Synthetic Users

– Listen Labs

– Viewpoints AI

Summarizing Research

– Google NotebookLM

– Notion + G Suite (not strictly AI, but used as part of AI workflows)

Other

– Ultralytics YOLOv8 (used by the SwarmShield H4D team for drone detection/tracking MVP)

The obvious and positive changes of AI were that teams were able to do customer discovery more efficiently. The not so obvious change was that creating products rapidly allowed teams to make bad ideas go faster.

In the past, MVPs were a sign of a teams technical competence, but now spinning up something in hours that previously took weeks, means that an MVP is no longer evidence of critical thinking and hypothesis testing.

This meant student learning was unbalanced. A finished-looking product felt like success. Students confused a polished deliverable with the need to deeply understand the needs of all the stakeholders, as well as the need for Customer Validation. For defense startups that means understanding a path to a CRADA, or to a research or production OTA. We needed to slow the teams down. Going forward we’ll have students come into class with a prototype but next time accompanied by the explicit hypotheses and experiments they’ll use to validate whether the prototype solved an actual problem.

More about this in a separate blog post.

It Takes A Village

While I authored this blog post, this class is a team project. The secret sauce of the success of Hacking for Defense at Stanford is the extraordinary group of dedicated volunteers supporting our students in so many critical ways.

The teaching team consisted of myself and:

• Pete Newell , retired Army Colonel and ex Director of the Army’s Rapid Equipping Force, now CEO of  BMNT .

• Joe Felter , retired Army Special Forces Colonel; and former deputy assistant secretary of defense for South and Southeast Asia, and Oceania; currently Director of the Gordian Knot Center  for National Security Innovation at Stanford which we co-founded in 2021.

• Steve Weinstein ,  partner at  America’s Frontier Fund , 30-year veteran of Silicon Valley technology companies and Hollywood media companies. Steve was CEO of  MovieLabs , the joint R&D lab of all the major motion picture studios.

• Chris Moran , Executive Director and General Manager of Lockheed Martin Ventures; the venture capital investment arm of Lockheed Martin.

• Jeff Decker ,  a Stanford researcher focusing on dual-use research. Jeff served in the U.S. Army as a special operations light infantry squad leader in Iraq and Afghanistan.

• Jillian Manus, a venture partner at Shield Capital and Senior U.S Venture Advisor for the European Innovation Council

Our teaching assistants this year were: Evan John Twarog, Varsha Saravanan, Breno Casciello, and Luke Andrews.

34 Sponsors, Business and National Security Mentors

The teams were assisted by sponsors and mentors.

Sponsors were originators of the team problems. They gave us their toughest national security problems : Owen West, Will Ryan, Phillip “Donna” Smith, Joel Uzarski, Alexandra Bissey, Mark Breier, Jonathan Stock, Trent Emeneker,  Matthew Anderson, Ana Alvarez, Jonathan Boltersdorf.

National Security Mentors helped students who came into the class with no knowledge of the Department of War, understand the complexity, intricacies and nuances of those organizations: Katie Tobin, Kelly McGannon, Rachel Costello, Henning Heine, Josh Edwards, Marco Romani, Tom Schmitz, David Vernal, Rich Lawson, LTC Dan Ruttenber, Ashley Perry, Sophia Vahanvaty, Rick Lu, Chris O’Connor

Business Mentors helped the teams understand if their solutions could be a comme

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

A seemingly simple question which sent me down into the murky depths of standards. How many consecutive hyphens can you have in a domain name? It probably isn't sensible to name your online presence a----------hyphen.com - but is there anything technically stopping you?

• Table of Contents • History

• TLD Restrictions

• Anomalies

• So What?

History

Let's do some history!

This is 1978's "HOST NAMES ON-LINE". Early Internet standards described the - character as "minus" rather than hyphen.

RFC 608

up to 48 characters drawn from the alphabet (A-Z),

digits (0-9), and the minus sign (-) ... specifically, no blank or space characters allowed;

no distinction between upper and lower case letters;

the first character is a letter;

the last character is NOT a minus sign;

no other restrictions on content or syntax.

So, originally, you could have as many hyphens as you wanted after the first symbol - which had to be a letter. The last symbol had to be a letter or number 0 .

That was later formalised in 1981's "DoD INTERNET HOST TABLE SPECIFICATION"

RFC 810 GRAMMATICAL HOST TABLE SPECIFICATION

<name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]

That's carried in the the slightly more modern RFC 952 .

By the time we hit 1987, the word "minus" has gone. Note, there are no restrictions on the number of hyphens - just as long as your domain name doesn't start or end with one 1 .

RFC 1035 2.3.1. Preferred name syntax

The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen.

By 1989, the "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION" was tweaked again:

RFC 1123 2. GENERAL ISSUES

The syntax of a legal Internet host name was specified in RFC-952. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax.

And, from then on, things stayed pretty stable until the futuristic year 2010. That was when Internationalised Domain Names (IDN) became available. They use the xn-- string at the start of the name so, the spec now says:

RFC 5891 4.2.3.1. Hyphen Restrictions

The Unicode string MUST NOT contain "--" (two consecutive hyphens) in the third and fourth character positions and MUST NOT start or end with a "-" (hyphen).

What they really mean is that "--" is banned in position 3 & 4 unless the first two characters are "xn" 2 .

So, in theory, you can have up to 59 consecutive hyphens by ensuring that they start in position 4 and end at position 62.

Something like abc---[…]---z.com should be fine.

OR IS IT?!?!?

TLD Restrictions

There's what the RFC's say, and what a Top Level Domain (TLD) will allow. The Registry (the organisation which administers the TLD) may set their own, more restrictive, policies. Some will ban naughty words, or refuse IDN registrations, or prevent impersonation of Public Suffix domain, etc.

For example, South Sudan's .ss policies refuse to allow any hyphens .

Nominet, who run the .uk Registry, don't have any restrictions on the use of hyphens other than refusing to register xn-- domains.

But, in general, you can register multi-hyphened domain names with most Registries.

Anomalies

Of course, the mighty Internet mostly runs on spit and hope 3 . Naturally there are going to be mistakes, glitches, exceptions, and anomalies.

My delightful friend Q Misell had a rummage through her archives and helped track down some of the domain names which violate the modern rules. It's somewhat difficult to query every domain name, nevertheless, there are hundreds of multi-hyphened domains lurking within DNS.

Some, like ok--computer.com are long dead, but some are still active 4 !

Possibly the most consecutive hyphens belongs to http://a-------------------------------------------------------------a.com/

Sixty-one hyphens! The maximum possible, and it still works! The website looks like it hasn't been updated since it was first registered in 2000.

But what about more modern domains? The spookily named http://zz--icann-monitoring.uk/ was registered in 2024 - long after the rules were updated. But as Nominet doesn't allow xn-- domains, I guess it is fine?

There are some domains like bq--3bhauz7frjrgbka.com which look like they were pseudo-randomly generated. Perhaps as command-and-control servers?

Here's a quick table showing some of the ones Q found:

Domain Creation Date Status

0-------------------------------------------------------------0.com 1999 Down

0-------------------------------------------------------------5.com 2001 Live

0---------------------0.com 2000 Live

0----------------0.com 2000 Live

0---------0.com 2000 Live

pr--newswire.org.uk 2005 Down

0o--o0.com 2000 Down

a-----a.net 2000 Down

pr--newswire.uk 2019 Down

uk--domain--names.uk 2019 Live

zz--icann-monitoring.uk 2024 Live

cd--storage-shelves.co.uk 2012 Live

mb--uk.co.uk 2015 Live

o---t.co.uk 2016 Live

om--tat-sat.co.uk 1999 Live

pr--newswire.co.uk 2005 Down

uk--domain--names.co.uk 2000 Down

we--buy--any--car.co.uk 2009 Down

i---i.net 2001 Down

a-------------------------------------------------------------a.com 2000 Live

a---b.com 2000 Down

v---v.net 2000 Down

we--care.net 1999 Down

b---h.com 2001 Down

bq--3bhauz7frjrgbka.com 2000 Down

bq--3bhauz7frjrgbkdcia.com 2000 Down

bq--3cbpcty2rjyq.com 2000 Down

bq--744a.com 2000 Down

bq--abs7czi.com 2000 Down

bq--abxgt4lb.com 2000 Down

bq--azbukkckjavdc.com 2000 Down

bq--azdecny.com 2000 Live

bq--eh7xj73b75xp62x7mh7xgah7ad7xj73b75xa.com 2000 Down

bq--gbbpy2enmnhq.com 2000 Down

bq--gbtfs2a.com 2000 Down

bq--s7z76.com 2000 Down

bq--zzzz.com 2000 Down

c-------7.com 2001 Live

f---you.com 1998 Down

id--design.com 1999 Down

ok--computer.com 2001 Down

t---28.com 2000 Live

t---taz---t.com 2001 Down

Note, "Live" just means an HTTP request returned something . There may, of course, be other services running on that domain, or on subdomains.

So What?

Without a full list of every domain name, it's rather hard to draw firm conclusions. But, in the absence of anything better to do, here are some thoughts.

• Most people don't want multiple consecutive hyphens in their domain names. They're unwieldy but mostly not prohibited.

• If the authors of RFC 5891 had access to a full list of domains, might they have chosen a different syntax for Punycode?

• Why is it so hard to look through every single registered domain name anyway? Even Certificate Logs no longer seem to be easily searchable.

• Are there any other weird restrictions which are violated by older domain names?

• When will DNS finally go all-in with Unicode rather than this kludge? (Probably around the same time as IPv6 adoption!)

If you know of any weird multi-hyphenated domains, please stick a comment in the box 😊

• Way back in the year 1999, several domains were registered with trailing hyphens . This was swiftly corrected and the domains deleted.  ↩︎

• Note, I think this is when domain names expanded from 48 characters to 63. But that's a different Yak to Shave.  ↩︎

• I wonder why this isn't zero-based like so many other computery things. But that's a different rabbit hole.  ↩︎

• And, so I'm told, a cabal of vicious Furries waiting to pounce.  ↩︎

• There are also quite a few for sale.  ↩︎

Al een jaar of tien koken we thuis op gietijzeren pannen. Inmiddels voelt koken op een anti-aanbakpan voor mij als koken op plastic. De voordelen zijn verder evident. Ik heb in die tien jaar tijd nog geen pan hoeven vervangen, bijvoorbeeld. Teflon- en vergelijkbare pannen verliezen na verloop van tijd altijd een deel van hun anti-aanbak laag, en ik heb het idee dat je dan behoorlijk wat van die laag hebt opgegeten tegen die tijd.

Patents and applications relevant to package manager design, grouped by area. Mostly US filings, found through Google Patents searches on the obvious terms. Each entry lists the assignee, filing and grant dates, and current status, followed by a short summary of the core claim and a prior-art note where open-source predecessors are well-documented.

Manifests and dependency resolution

US6381742B2 - Software package management . Microsoft. Filed June 1998, granted 2002, expired 2018. Claims a distribution unit, a manifest file, and a code store data structure, with dependency resolution at install time and shared-component tracking at uninstall. Prior art: CPAN manifests (1995), dpkg control files (1995), RPM (1997), FreeBSD ports (1993).

US7222341B2 - Method and system for processing software dependencies in management of software packages . Microsoft. Filed February 2002, granted 2007, expired 2019. Continuation of US6381742B2, sharing its June 1998 priority date. Claims the install-time loop: check installed, identify missing dependencies, fetch from specified sources, extract, register, update the code store. Prior art: as for US6381742B2.

US9348582B2 - Systems and methods for software dependency management . LinkedIn (now assigned to Microsoft). Filed 13 February 2014, granted 24 May 2016, lapsed for fees. Claims retrieving a dependency declaration and selecting a valid version of an upstream product usable at the consumer’s build time. Prior art: the same build-time version-selection mechanic in apt, Maven, Bundler, and others, all predating the filing.

US8621454B2 - Apparatus and method for generating a software dependency map . Oracle America (originally Sun Microsystems), inventor Michael J. Wookey. Granted from application US20110258619A1; the family descends from an abandoned 2007 parent (Ser. No. 11/862,987). Dependency resolver feeds a graph manager that maintains a map of installed components.

US9881098B2 - Configuration resolution for transitive dependencies , with continuation US10325003. Walmart Apollo / Wal-Mart Stores. Resolves the configuration of transitive dependencies at deploy time rather than at packaging time. Closer to enterprise-Java config wiring than to package manager mechanics, but surfaces on dependency-resolution searches.

Certificate handling and update integrity

US10977024B2 - Method and apparatus for secure software update . Sierra Wireless (now Semtech). Filed 15 June 2018, granted 13 April 2021, lapsed for fees. Claims OCSP stapling for software updates: the update manager pulls OCSP responses from the CA, bundles them into the update package, and the device verifies certificate status offline. Aimed at IoT/embedded firmware updates rather than general package distribution.

US11765155B1 - Robust and secure updates of certificate pinning software . Amazon Technologies. Filed 29 September 2020, granted 19 September 2023, active until 20 November 2041. When the pinned signing certificate has rotated, the client retrieves the new certificate from a separate publishing service and verifies it through a chain of trust, rather than failing closed or requiring a bundled application update.

Containers and layered distribution

WO2020232713A1 - Container instantiation with union file system layer mounts . On instantiation, the runtime receives an image manifest and sends layer mount requests to the registry rather than downloading layer content. Prior art for the union-mount side: UnionFS (2005), AUFS (2006), OverlayFS (2014). Prior art for lazy and on-demand layer fetching: Slacker (FAST ‘16), eStargz, SOCI.

US12056511B2 - Container image creation and deployment using a manifest . IBM. Manifest-driven container build and deploy; claims cite inode descriptors and file hashes. Prior art: the OCI image-spec, and the content-addressable storage model from Git (2005) and earlier systems like Monotone and Venti.

US10127030B1 - Systems and methods for controlled container execution . The container manifest carries a hash or digest of each item, and a content validation engine compares the digests at execution time. Prior art: the OCI content-addressable storage model, with Git as the earlier general-purpose precedent.

If you’re aware of patents that should be included in this collection, please reach out on Mastodon or submit a pull request to the post on GitHub .

Alberto Romero:

AI is like religion. Either you believe it changes everything, or you don’t believe at all. There is no moderate position; nobody believes in AGI “more or less,” just like nobody is “casually religious.” If God exists, the only coherent response is to reorganize your entire life around that fact, as priests do. If you pray sometimes, then you are just an atheist who’s also fearful. When tech companies spend hundreds of billions on capital expenditures to add sparkly AI features to Office, Gmail, and Instagram, I only see fearful atheists — guys who don’t believe in AI but pretend just in case.

In 2026, the four largest cloud and AI infrastructure providers — Amazon, Google, Meta, Microsoft — committed to spending $670 billion on CapEx . Apple, in contrast, spent $12.7 billion on capex last fiscal year and projects $14 billion for 2026 , 2% of what its peers are spending. The conventional reading in Silicon Valley is, naturally, that Apple is losing. Siri has been a punchline for years — an internal executive called the delays ugly and embarrassing  — and critics say that Apple has not been the same without Steve Jobs. It is falling behind , they say, and moving way too slowly for AI.

I disagree with this portrayal: Apple is the most powerful tech company in the world right now because it’s acting according to what it believes.

Some of you, I bet, will object to Romero’s notion that no one is “casually religious”. Almost everyone I know is casually religious , you might be thinking. But read the whole piece. What he’s saying is that if you’re “casually religious” those are just words. You’re not living your life according to your professed beliefs (casual or not). And that’s how most of Apple’s peer companies seem to be approaching AI.

I’m not sure he’s right, but he might be, and I think his take is at least closer to right than wrong. Apple is making an enormous bet on AI — but their bet is that they don’t need to spend hundreds of billions per year on AI infrastructure (most of it fattening Nvidia’s bottom line) to reap the benefits. If Apple’s right we should start seeing it come together tomorrow.

(Arguably we’ve already seen it coming together — demand for Apple’s products and services has gone up, not down, so far in the AI era. Entrenched leaders often grow during the initial stages of extinctive disruptions — BlackBerry’s biggest year for sales (revenue) and investor confidence (market cap) was 2011 , four years after the iPhone debuted — but the disruptors are there. There’s not yet a single threat on the market to the iPhone, iPad, Mac, Apple Watch, or AirPods — nor to Apple’s services revenue.)

★

Many engineers should be doing less work. I don’t necessarily mean producing less code or fewer changes, but literally working fewer hours in the day. When they do work, they should be working at a slower pace. I like to aim to be running at 80% utilization by default: unless I have a high-pressure project going on, I spend 20% of my workday away from the computer.

High-impact opportunities

Why? Performance at tech companies is dominated by outlier events . When I think about the most impactful changes I’ve made, many of them involved a surprisingly trivial amount of work. There are no points for effort in software development. What matters is solving the right problem at the right time.

In large engineering organizations, there are usually trivial pieces of engineering work you could do that would make tens or hundreds of millions of dollars for the company. Here are three common examples:

First, when the company is trying to sign a big enterprise deal, stepping in with a feature or bugfix can make the deal happen. It doesn’t even have to be a good feature: sometimes just showing that you’re willing and able to make a concrete change will be enough.

Second, preventing or mitigating an incident early (even by just knowing the right feature flag to turn off) can save huge amounts of money: both immediate lost revenue during the incident and future lost revenue from customers who would have pulled their business or refused to sign pending contracts.

Third, when the company is trying to ship a high-profile feature, success or failure often hinges on trivial but obscure changes (e.g. the ability to rapidly add a new field in user settings, or to update the crufty enterprise-data-export functionality nobody has touched in years). Familiarity with the system can be the difference between one of these changes taking a few hours or a whole week.

What do these examples have in common? They’re all time-dependent . You can’t just log on in the morning and decide to unblock a big deal, or mitigate an incident, or speed up a high-profile feature. Is it just a matter of being in the right place at the right time? Not quite. You also have to not already be busy.

Staying loose

I wrote about this a couple of years ago in Crushing JIRA tickets is a party trick, not a path to impact . If you’re always 100% utilized on a steady stream of low-priority work (for instance, if you’re just picking up tickets from the backlog, crushing them, then picking up the next one), you’ll miss your chance to do high-impact work in two ways.

First, you’ll be too busy to even notice the opportunities. You won’t be chatting with people who are working on other things, or reading team updates, or keeping an eye on ongoing incidents. So you’ll miss out on the best way to get involved in high-impact work, which is to volunteer your expertise.

Second, if you perpetually look busy, your manager won’t want to volunteer for you. This is the second-best way to get involved in high-impact work: to have your manager or product manager say “oh, Sean has capacity to help out here, let me tag him in”. Why is this better? Because managers and product managers usually have a much better read on what high-impact work is going on. They’re in meetings that you aren’t in.

Doing nothing

If you’re supposed to keep your time free for high-impact work, and you’re not supposed to just grind tickets, what should you be doing on a minute-by-minute basis? Should you just be doing nothing? Yep!

Doing nothing is good, actually. Software engineering can be a stressful job, but it’s typically not consistently stressful: the stress comes from the occasional incident, or high-pressure urgent piece of work, or (these days) layoff. If you approach the comparatively low-pressure parts of your work with urgent intensity, you’ll already be exhausted and frazzled when you have to handle the high-pressure parts.

Even in high-pressure parts of the job, doing nothing can still be good. One thing I recommend for engineers new to on-call is to avoid rushing: take a few breaths before joining the call or before speaking, and in general try to “think in slow motion” . Most incidents resolve on their own. Most frantic “maybe this will help” changes during incidents make things worse, not better. As a general rule, if you can simply avoid panicking, you will be doing better than most engineers at incident response.

Nothing is a space things can happen in 1 . If you give your brain a chance to rest, you will find you’re more likely to have new ideas. If someone hands you an important task, you can tackle it with your full attention (instead of juggling it with the three other things you’re working on in the background). When you’re not busy, you have time to just look at things and take in new data.

Deliberately not doing specific things

A lot of engineers are uncomfortable seeing a task that needs doing and not doing it. I’m like this as well. I wrote about it in I’m addicted to being useful : it’s a psychological quirk that many software engineers share, because having that quirk (to a point) makes you a good fit for the job. In order to spend time doing nothing, sometimes you need to force yourself to not step in.

For instance, I believe that engineers should generally avoid glue work 2 . Most glue work - making sure people talk to each other, updating docs for work you’re not leading, volunteering to address technical debt - reflects the fact that the organization is not explicitly prioritizing this work. If they were, you wouldn’t need to volunteer for it. Either that’s fine, or it’s a big mistake. If it’s fine, then you shouldn’t step up and do it: you’ll be wasting your time and annoying your manager. If it’s a big mistake, you still shouldn’t do it , because you’ll be insulating the company from the consequences of its own mistakes at the cost of your own career and mental well-being.

That’s a bad deal for you, and a bad example for your junior colleagues, and sets a bad precedent for someone else to jump into the same position when you inevitably burn out 3 . If the consequences truly are severe, let them happen, so the organization can feel the pain and change its policies.

I also believe that being too helpful leaves you vulnerable to predators . Tech companies are full of people who want to extract uncompensated work from software engineers 4 . This is different from work that arrives via normal channels, and for which you’re compensated by promotions, bonuses (and just your normal salary). I’m talking about work that arrives via backchannels, from people who don’t have the ability or willingness to ensure that work is formally recorded under your name. For instance, a product manager from another organization messaging you to say “you’re so good at querying data, would you mind pulling some statistics for me about X?”, or an engineer from another team asking you to “pair” on a piece of work that will ultimately involve you writing all the code and them quietly submitting the change under their own name.

Doing some amount of this kind of work is fine. You may as well help people out when you can. But you need to be able to apply backpressure, either by saying no or simply delaying your response by a few hours or days.

It’s also a good idea to avoid investing too much in work that is likely going to disappear . For instance, suppose you’re working with a product designer who is figuring out what they want in real time. At 9am they message you saying they want the page header to look one way, then at 10am they have tweaks, and more changes at 11am, and so on. You should not throw yourself into fully rewriting the page every hour. Instead, you should do nothing (say, go for a walk) and rewrite the page once in the afternoon, based on the most recent design. Another common instance of this is “big idea from a manager without the political clout to follow through on it”. Often you can just run out the clock until the project gets inevitably cancelled 5 .

Conclusion

A lot of software engineering advice and tooling is designed around the ability to scale up your ability to exert technical effort: to do more things at the same time, to take on projects of larger scope, or to just write more code. But software engineering success is not determined by any of these. It is determined by the ability to do the right things at the right time, which requires that you deliberately hold back some of your effort during ordinary work.

In my experience, it’s still possible to be a “high performing engineer” at 80% effort. In fact, it’s easier , because you’ll be less likely to make silly mistakes from stress, and you’ll be in a position to jump on the kind of high-impact tasks that deliver outsized returns.

This doesn’t mean you should never grind at 100% effort. I think there are probably two or three times a year where I work as hard as I possibly can: long hours, intense focus, thinking about the problem from when I wake up to when I go to bed. But I reserve this mode of work for when the rewards are really high . For the rest of the year, I take it relatively easy.

• One of my big influences is Rich Hickey’s talk Hammock Driven Development . This is kind of like what he’s talking about, except (a) Hickey is more talking about what it takes to design solutions to really hard problems, rather than what it takes to be a strong engineer in an ordinary tech company, and so (b) Hickey recommends using your time-away-from-the-computer to focus on a hard problem, instead of to simply decompress and let solutions congeal in your head.

↩

• I wrote about this a lot more in Glue work considered harmful .

↩

• Why inevitably? Because in my view, burnout is hard work unrewarded , and taking on a personal crusade that your job doesn’t care about is a great way to do a lot of unrewarded work.

↩

• I wrote about this in Protecting your time from predators in large tech companies .

↩

• Of course, you have to be careful with this. If you try this strategy and you’re wrong about the level of political support for the project, you will come off like a slacker and then have to deliver in a rush.

↩

An unexpected development over the past few weeks is xAI's new partnerships with Anthropic and Google, providing them with a huge amount of capacity. It's worth remembering that xAI is now part of SpaceX, after the two merged back in February - so the revenue from these deals flows straight into the entity about to go public. While much has been made of the potential financial engineering given SpaceX's upcoming IPO, I think there's a bit more to this than just pure accounting tricks.

Anthropic was in a serious bind

If you use Claude products much, you'll be (very, probably) aware that Anthropic has had serious capacity problems, especially early afternoon onwards in Europe and in the mornings in the US (this is when demand seems to be highest as both European users and the Americas are both at work, fighting for capacity). I've written about this compute crunch before a few times - the coming crunch , whether it's here yet , and what comes next .

This resulted in Anthropic having to introduce new peak hour restrictions on their subscriptions, with usage between 5am–11am PT / 1pm–7pm GMT using more of your usage limit - with the aim of smoothing demand between peak hours and off peak hours where they had more capacity available.

However, there is only so much demand shifting you can do when demand is growing as fast as Anthropic's. At some point you end up having to ration users further, which definitely is far from ideal when you have both Google and OpenAI breathing down your neck for customers.

xAI to the rescue?

At the start of May, xAI announced a partnership with Anthropic to provide access to their (older) Colossus 1 datacentre in Memphis. This allowed Anthropic to reverse the usage limit restrictions on their subscriptions, and in general while stability of Anthropic services still leaves a lot to be desired, the peak time crunch has abated (for now, at least).

The fees involved are enormous, ramping to $1.25bn/month for 300MW of capacity - approximately 220k GPUs.

Last week, Google announced a similar partnership - $920mn/month for 110k GPUs [1] . It's important to note that both agreements have cancellation clauses - allowing either party to cancel with 90 days' notice after an initial lock-in period.

If you take this on face value, this is a ludicrously profitable deal for xAI:

While this doesn't include opex [2] and depreciation, if the deals continue for 18 months, xAI recoups all the capex they spent and still has many hundreds of MW of GPUs available. With the giant compute shortages likely to persist into the medium term, even older H100s are likely to be extremely useful even 18 months out.

The case against

It's important to note there are certainly some red flags with the deal. Firstly, Elon Musk and OpenAI were/are locked in a bitter legal battle, and the Anthropic deal could be motivated to add pressure to OpenAI more than commercial reality.

And Google is a major shareholder in SpaceX, so they certainly have incentive to juice the valuation of the IPO.

While I'm sure there is some degree (potentially a lot!) of truth in these viewpoints, it's important to note that huge volumes of GPUs are in enormously short supply.

One of the untold stories of this capex boom in datacentres is just how behind all of them are. Even OpenAI's flagship Stargate UAE datacentre - being built in a jurisdiction that is renowned for a laissez-faire attitude to building regulations - is now under direct threat from the current Iran conflict, with Iranian drones having already hit other UAE datacentres .

In comparison, SpaceX/xAI are incredible at building datacentres on time. The original Colossus 1 datacentre was built in 122 days. Musk's empire does have a huge advantage in really understanding how to plan, build and execute enormous infrastructure projects quickly. While the hyperscalers no doubt have the experience to do this, they were built with far less urgency - with typical project execution taking many years. Given the capex only really started to ramp up in the last couple of years, many of these projects are still years away.

This gives xAI a serious competitive advantage that shouldn't in my opinion just be hand waved away.

But what about Grok?

There is no doubt this leaves Grok in an odd spot, with a lot of the datacentre capacity that was destined for Grok training and inference now being leased to a direct competitor.

While it's foolish to write off any model provider, it certainly looks like a serious retreat from Grok vying to be a frontier class lab. But, perhaps, they over-specified their datacentre capacity - there is no doubt that inference demand for Grok models is likely to be seriously behind projections, leaving a bunch of spare capacity which might as well be monetised while the training lottery continues? It's hard to say and the xAI & Cursor deal muddies the water even further.

As such, I think all three things are true to some degree. There's no doubt some level of financial engineering going on. There's also an enormous compute shortage. And it seems to me SpaceX/xAI does have a real competitive advantage in datacentre buildout.

It's just the magnitude of how true each of these are is going to define the success or failure of the biggest IPO in North American history.

Either way, the more I look at it, the more xAI is starting to resemble a datacentre REIT with a frontier lab attached, rather than the other way around.

• I suspect that these are likely to be GB200s given the pricing, vs the mostly H100/H200 for Anthropic, but this is speculation on my part. ↩︎

• Power is the obvious big opex line, but at this scale it's almost a rounding error. 300MW running flat out is roughly 300,000 kW × 8,760 hours, or about 2.6 billion kWh a year. Tennessee has some of the cheapest industrial electricity in the US at around 6 cents/kWh , so buying it off the grid would cost somewhere around $160mn a year. Colossus actually runs largely on its own on-site gas turbines, which comes out even cheaper: at a simple-cycle heat rate of ~10,000 Btu/kWh and Henry Hub gas at ~$3.50/MMBtu , the fuel bill is only around $90mn a year. Either way, set against the ~$15bn a year Anthropic is paying for that 300MW, power is no more than about 1% of revenue. The deal value utterly dwarfs the running costs. ↩︎

The relationship engineers have with product management is more dysfunctional than with any other part of the company. There’s no shared culture or language like there is with other engineers, and the rules of “who gets to tell who what to do” aren’t as clear-cut as they are with managers. Engineers don’t have a lot in common with legal, or design, or sales, but they also don’t need to interact much with those roles. In my experience, engineers are communicating with product managers almost every single day.

Against the “product mommy”

The worst version of the product/engineering relationship goes something like this:

Engineers are technically competent but are too autistic to be fully trusted. They need a kind-but-stern parental figure who knows how to communicate to other stakeholders in the organization (for instance, by being comfortable using the word “stakeholders”), and how to keep engineers from going off in the wrong direction.

This entire gross dynamic is neatly captured by the popular term “product mommy” 1 . I really, really don’t like that term, or this entire dynamic in general. Almost none of my relationships with my product managers have been anything like this, though I have seen it at a distance.

Working well with product managers can be the difference between succeeding and failing at a company. Why is it so hard to maintain good relationships between engineering and product? What does a good relationship look like?

Why it’s so hard to build trust

Product managers and engineers have largely non-overlapping skillsets. Product managers don’t understand the technical work engineers do and aren’t equipped to talk about it: if an engineer gives a technical reason for something, product managers generally have to shrug and say “sure, I guess”. Likewise, engineers don’t have anything like the visibility into the organization that product managers do. Particularly in large organizations, it is the product manager who is the source of truth about who wants what and which features are important. When a product manager says that something is critical, engineers generally have to shrug and say “sure, I guess”.

This obviously requires a lot of trust. What’s a little less obvious is that this trust is continually broken by both sides . Every single product manager has been told thousands of times that technical task X is technically impossible or would be disastrous, only for that task to end up being done fairly smoothly and successfully. Every single engineer has been told thousands of times that requirement X is absolutely critical and worth going to enormous effort for, only for that requirement to be silently dropped or changed with no apology.

Of course this isn’t malicious. Engineers often give wrong estimates because estimation is impossible , and sometimes the dire consequences they warn about really do happen (they’re just handled behind the scenes, like engineers handle many other kinds of technical dysfunction). Product managers “change their minds” because what’s important in a large tech company does genuinely change hour-by-hour 2 , and even the best attempts to only filter the most reliable priorities through to the engineering team will sometimes go wrong.

Manipulation and lies

The consequence of this broken trust is that the relationship becomes very difficult to maintain. When you’re an engineer, and you explain something to your product manager, and you know they don’t believe you (despite having no ability themselves to judge the question), it can be incredibly frustrating. Likewise, when you’re a product manager, and you’re desperately trying to explain what we need to do to an engineer, and you know they’re internally shrugging their shoulders, it must be unbearable. Don’t they know this is critical to the company? You were just in a meeting with the leaders of the organization!

The natural tool for a mistrustful product manager is manipulation . I still remember a product manager who tried to extract a commitment from my team by asking us to go around and all say “I commit to getting this work done in two weeks”, after a conversation where we’d explained the risks that cause it to take longer. I suppose the idea was that we’d all work much harder, having taken a sacred oath? More subtle variants of this approach involve suggesting that you would be really disappointed if this work was delayed (in true “product mommy” style), or vaguely suggesting the possibility of some abstract reward (that the product manager is not empowered to deliver) if work gets done ahead of schedule.

The natural tool for a mistrustful engineer is lies . The most benign version of this is exaggerating estimates: for instance, the classic advice to double your estimate and add 20% . I’ve seen engineers claim that they’ve had to follow up on all sorts of largely-fake tasks (one common example is “reaching out to a neighbor team to confirm X”) in order to gain more time. In the worst case, engineers might even straight-out lie that work has been completed, and then track the “it doesn’t work in production” feedback as a bug.

Once this starts happening, it’s nearly impossible to repair the relationship. I can’t bring myself to trust a product manager who’s clearly trying to pull my strings, and I’m sure a product manager can’t trust an engineer who’s lied to their face in the past. That’s why it’s so important to avoid getting into a bad relationship in the first place.

Don’t fight with the product manager

Why bother? If it’s so hard to hammer out a good working relationship with product managers, why not just settle for a bad one? Product managers can absolutely bury you if you’re not careful.

Product managers are almost always more politically sophisticated than engineers. This is partly structural: product managers are simply in more conversations with the company’s movers and shakers, and so naturally have a better relationship with them (and are thus better attuned to which way the wind is blowing). It’s also partly selection bias: engineers can be hired even with relatively poor social skills, because they’re primarily being assessed on technical ability, but social skills are a core part of the product role 3 .

If you are feuding with a product manager, you will probably lose . Unless you’re unusually influential, they will simply have far more opportunities to quietly talk you down in influential circles than you will. All it takes is a few comments like “oh, I probably wouldn’t pick Sean for that project” to wreck your reputation. In the case where you are openly feuding with a product manager, the company’s leaders will by default take the product manager’s side over yours. They’re likely to know them better, have more shared cultural context with them, and in general be willing to interpret the situation as “another engineer who doesn’t understand how the organization works”.

There are huge benefits to being trusted by a product manager. Product managers want to ship things , and typically understand a fair amount about all of the non-technical barriers to shipping. If you also want to ship things, you can become a fearsome team.

On top of that, because trust between engineers and product managers is so difficult, once you’re in you’re in all the way. Product managers often pick one or two engineers as their go-to for getting the “real story” on technical questions. If that’s you, you have an outsized position of influence in the organization, which you can use to get the things you want done .

How can you build trust with product managers?

As an engineer, how can you build trust with your product manager?

The first step is to understand where they’re coming from . When they tell you something is important or that a requirement has come in, be aware that this is rarely their decision. It’s not them who’s jerking you around, it’s someone higher up in the food chain jerking you both around. If you can adopt a conspiratorial mindset with them, instead of against them, that’s a good start. Try just asking “oh man, alright, what can we do about this?” instead of complaining.

The second step is to be right, a lot . This is a silly-sounding Amazon leadership principle that turns out to be entirely accurate. I wrote more about it here , but (as unfair as it sounds) you really do have to be mostly accurate if you want to build trust with a product manager. When you say something will ship, it has to ship; when you say something is impossible, it can’t happen days or weeks later. It’s okay to be wrong sometimes , but you have to establish a pattern of you providing them useful, correct technical information.

The third step is to let them make the political calls most of the time . If you expect them to trust your technical calls, you have to extend them the same trust when it comes to navigating the organization. Don’t publicly undermine them in meetings, bring up your concerns in private. If they say something is important and you’re not so sure, at least act like it is. Accept that sometimes they’re going to be wrong, just like you’re sometimes wrong about technical questions.

The fourth step is to get lucky . Sometimes your product manager will just be a dud. You can’t build trust with someone incompetent: there’s nothing for you to trust them with, and they aren’t in a position where they can usefully extend trust to you. Working in large organizations requires getting comfortable with the fact that some of your colleagues will be stronger than others, and figuring out ways to work with (or bypass) people who make the work harder, not easier.

“Technical” product managers

Many product managers were once engineers. If your product manager is technical, does that make you immune from these problems? Absolutely not!

You likely won’t have much choice in which product managers you work with, but be aware that having once been an engineer is a negative , not a positive. No product manager can ever be technical enough to matter, because they don’t work on the codebase : even if they were a full-time engineer, they wouldn’t have the time to build the specific context on the system they’d need to be a real participant in technical discussions. It’s thus better to have a product manager who knows they’re not technical than to have one who mistakenly thinks they might be.

The worst-case scenario is an ex-engineering product manager who believes they’re technical enough to detect when engineers are lying to them. This kind of paranoia is an easy trap for “technical” product managers to fall into, particularly when they don’t have a trusted engineer on the team they can lean on. If you’re dealing with one of these, prepare to spend a lot of time explaining why you can’t “just” do things (and prepare to have those explanations not be believed).

Conclusion

At its worst, a product manager relationship is like an unhealthy family: driven by condescension, emotional manipulation, lies, and mistrust. This isn’t because product managers are bad people! It’s because the structure of the relationship creates conflict. Both sides must make commitments (about the technical system or goals of the organization) that are (a) often wrong, and that (b) the other side is unable to independently verify. To avoid the trap, both sides have to be generous, willing to trust each other in their areas of expertise, and most importantly competent .

• Unlike most roles in tech, product management (particularly the lower-level roles that are more engineer-facing) has close to an even gender split.

↩

• For instance, based on the whims (or snap decisions, more charitably) of the CEO.

↩

• I have worked with product managers with poor social skills, but it’s rare: about as rare as working with engineers with genuinely poor (i.e. by general-population standards) technical skills.

↩

Release: datasette-agent-edit 0.1a0

I'm planning several plugins for Datasette Agent which can make edits to existing pieces of text - things like collaborative Markdown editing, updating large SQL queries, and editing SVG files.

Agentic editing of text is a little tricky to get right. My favorite published design for this is for the Claude text editor , which implements the following tools:

• view - view sections of a file, with line numbers added to every line.

• str_replace - find an exact old_str and replace it with new_str - fail if the original string is not unique

• insert - insert the specified text after the specified line number

Rather than recreate these patterns for every plugin that needs them I decided to create this base plugin, datasette-agent-edit , which implements the core tools in a way that allows them to be adapted for other plugins.

Tags: ai , datasette , generative-ai , llms , llm-tool-use , datasette-agent

Kepler solved his eponymous equation

M =  E −  e sin( E )

by finding a fixed point of

E = M + e sin( E ).

So guess a value of  E and stick it into the right hand side. Then plug that value into the right hand side again. Kepler said a couple iterations should be enough. And a couple iterations  are enough if the eccentricity e is small and you don’t need much accuracy.

The rate of convergence is determined by  e . Kepler implicitly had in mind small values of  e because he wasn’t aware of anything orbiting the sun in a highly elliptical orbit. Here’s an example with eccentricity 0.05, about the eccentricity of the orbits of Jupiter and Saturn.

from math import sin

M, E, e = 1, 1, 0.05 for _ in range(5): E = M + e*sin(E) residual = M - (E - e*sin(E)) print(residual) The residual after just two iterations is 2.77 × 10 −5 . If you change e to 0.2, the eccentricity of Mercury’s orbit, it takes three iterations to get comparable accuracy. Mercury has the most eccentric orbit of any object Kepler would have known about.

Now suppose you’d like to solve for E when M = 1 for Halley’s comet, and you’d like an error of less than 10 −8 . Now you need 16 iterations.

C. F. W. Peters discovered a faster algorithm in 1891.

E 1 = M  + e sin( E 0 )

E 2 = M  + e sin( E 1 )

E 3 = ( E 2 E 0 − E 1 ²)/( E 2 − 2 E 1 + E 0 )

Let’s look at the results of doing three iterations of Peters’ method for Halley’s comet.

M, E0, e = 1, 1, 0.967 for _ in range(3): E1 = M + e*sin(E0) E2 = M + e*sin(E1) E3 = (E2*E0 - E1**2)/(E2 - 2*E1 + E0) residual = M - (E - e*sin(E3)) print(residual) E0 = E3 # for next iteration This gives a residual of −7.23 × 10 −10 . Each iteration of Peters’ method requires a little more than twice as much work as an iteration of Kepler’s method, but 3 iterations of Peters’ method accomplished more than 16 iterations of Kepler’s method.

Peters’ algorithm from 1891 was a special case of Alexander Aitken’s series acceleration method published in 1926.

Related posts

• Aitken acceleration

• Euler acceleration

• Cohen acceleration

The post Aitken acceleration before Aitken first appeared on John D. Cook .

Code isn’t just a way to implement a design, it’s a way to find one.

With an interface, you have to use it, feel it, interact with it, and poke at it to see the relationships between things .

Change X, see Y react.

If it doesn’t feel right, tweak it.

Change X again, now Y reacts differently.

Better.

Keep tweaking — this here, that there, until the relationships of all the disparate elements fall into place as a single whole.

Balanced.

Design is “how it works” and code is the tool to specify how it works.

Reply via:

Email · Mastodon ·

Bluesky

1948 was an interesting time for computing. For decades, businesses had used punch card equipment that added and sorted electromechanically. Now these electromechanical relays and counting wheels were being used to build room-filling general-purpose computers such as Harvard Mark I (1944) and IBM's SSEC (1948). But slow electromechanical mechanisms were already becoming obsolete. World War II had fostered the development of electronics and vacuum tubes for radio, radar, and navigation. Electronic technology was being used in massive electronic computers, such as Colossus (1943) and ENIAC (1946). The first stored-program computer, the Manchester Baby, was built in 1948.

The IBM 604 Electronic Calculating Punch behind a Type 521 Card Reader/Punch. Photo from IBM. Note the panels in the side of the 604 and in the front of the 521 to hold plugboards.

In the midst of these technological advances, IBM introduced the Electronic Calculating Punch, type 604. 1 This system may seem like a step backward: it wasn't a computer, but a programmable calculator that performed a fixed set of operations. 2 However, it was much smaller 3 than a computer—about the size of a double refrigerator—and much cheaper: renting for $550 a month, it was affordable by businesses and universities. Since it used vacuum tubes, it was much more powerful than electromechanical equipment; it could do 60 operations in under a second, including multiplication and division. As a result, the IBM 604 became very popular, with over 5600 units produced. Moreover, IBM's experience with electronics in the 604 led to the success of its vacuum-tube computers in the 1950s.

One of the innovations of the 604 was the pluggable module, which combined a tube and its associated circuitry as shown below. The insulated handle was used to remove and install modules in the calculator. The nine pins at the bottom of the module plugged into a socket in the 604, with the sockets connected with backplane wiring. The tube was also socketed, so a bad tube could be quickly replaced. At the right, the resistors and capacitors are mounted on insulating wafers in the module. 4

A thyratron tube module from the IBM 604 Electronic Calculating Punch.

The 604 used several different types of modules. This module has a thyratron tube, a special type of tube that acts as a high-current switch. I put this module in a circuit and powered it up. The video below shows the module controlling a light bulb. The first button sends a small signal to the module (center), turning it on and illuminating the bulb. As I'll explain below, a thyratron tube stays on until its power is cut off, which I did with the second button.

Pluggable modules may seem trivial, but they were an important innovation. Previously, vacuum tube equipment was typically built from a metal chassis with tubes mounted on the top and the other components, such as resistors and capacitors, mounted underneath. IBM developed a different approach: pluggable modules, where each module held a vacuum tube along with its associated components. These patented modules were dense, since they packed components in three dimensions. Moreover, by using a small set of standardized modules, the modules could be mass-produced and the computers assembled on a production line . Maintenance and repair were simplified; modules could be swapped to find the bad module, which was replaced with a spare. These modules were so important that IBM featured them in ads for the 604. IBM used tube modules in later vacuum tube computers, using larger eight-tube modules in the high-end 700-series computers.

An ad for the IBM 604, highlighting the pluggable modules. From Time magazine , March 31, 1952, page 65. Click this image (or any other) for a larger version.

Vacuum tubes and the thyratron

The IBM 604 used about 1250 vacuum tubes. While vacuum tubes come in many different types, a typical type is the triode. A triode is analogous to a transistor: a small input signal is amplified to control a much larger current. In a transistor, the control signal is applied to the gate, controlling the current between the source and drain. In a triode tube, the control signal is applied to the grid, controlling the current between the cathode and the plate.

The components of a triode vacuum tube. From IBM 604 Customer Engineering manual .

The diagram above shows the construction of a vacuum tube. The heater is a filament, very similar to an incandescent light bulb, that heats up the cathode to roughly 750 ºC. At this high temperature, the cathode emits electrons. When a large positive voltage (say, 100 volts) is put on the plate, the negatively-charged electrons are attracted. The stream of electrons from the cathode to the plate causes a current to flow through the tube. The current is controlled by the grid: if a small negative voltage is placed on the grid, it repels the negative electrons, preventing them from reaching the plate and blocking the current through the tube.

A thyratron tube is similar to a vacuum tube, except it has a tiny bit of xenon gas inside, allowing it to handle higher current. 7 Like a triode, the thyratron is controlled by the grid. However, when current starts to flow through the thyratron, the xenon ionizes and the xenon plasma carries current. Unlike a vacuum tube, the grid cannot stop the flow of current. Once the gas is ionized, a thyratron tube stays on until you remove its power 5 and the gas deionizes in microseconds. 6

You can see this behavior in the video. When I pushed the first button, a small control signal ionized the gas, turning the tube on. The large current through the ionized gas illuminated the light bulb. The light stayed on until I briefly cut the power with the second button; the gas deionized, turning off the tube.

The thyratron tube, type 2D21.

The photo above shows the thyratron tube, type 2D21, a miniature 7-pin tube. 8 The plate is visible inside the tube, with the other components hidden by the plate. The dark stain at the top of the tube is the "getter", a reactive substance such as barium that absorbs impurities inside the tube.

In the 604, thyratron tubes drove relay coils and powered the electromagnets that punched holes in cards. Other IBM systems also used these thyratron tubes. For instance, the IBM 83 Card Sorter used thyratron tubes as short-term storage to keep track of which holes had been detected in a card.

Conclusion

The IBM 604 occupies an interesting position between electromechanical accounting machines and electronic computers. Although it has the speed of an electronic computer, it was still a calculator, lacking computer features such as loops, memory, and stored programs. Despite these limitations, the 604 was highly successful and led to other important IBM products.

IBM extended the 604 in 1949 so it could be programmed by punch cards in combination with plugboards; this was called the Card-Programmed Electronic Calculator. This system was still not quite a computer, but was very useful for scientific calculation at places such as Los Alamos National Labs ( link ). In 1953, IBM announced the successor to the 604, the IBM 650. Unlike the 604, the 650 was a programmable, general-purpose computer; it became the most popular computer of the 1950s.

Eric Schlaepfer (TubeTime) has a box of IBM 650 modules, which we hope to power up soon. For updates, follow me on Bluesky ( @righto.com ), Mastodon ( @kenshirriff@oldbytes.space ), or RSS . Thanks to CuriousMarc for extensive milling work to build the socket and colorful breakout box to hold the module.

AI statement: Despite the presence of the em dash, no AI was used in the writing of this article ( details ).

Notes and references

• For information on the IBM 604, see the Operating Manual . The Customer Engineering Manual of Instruction explains the circuitry. See IBM's Early Computers for information on the development of the 604. For a detailed description of an application, see this petroleum engineering article , using the 604 to predict the profitability of an oil property.  ↩

• The IBM 604 operated by reading numbers from a punch card, performing up to 60 operations, and punching the result onto the punch card. This was repeated for each card, processing 100 cards per minute. The IBM 604 was not a stored-program computer, so it didn't have code. Instead, the IBM 604 was programmed by plugging wires into plugboards. The plugboard below was inserted into the 604, while a second plugboard, twice as large, went in the card punch unit to control which columns of the 80-column punch card were read and punched.

An IBM 604 plugboard. Photo from National Museum of American History , CI.328576. (Click for a larger image.)

Looking at the plugboard above, the column on the left with the heading "PROGRAM" had a row for each programming step. A wire from that row was connected to the function to be performed on that step. The system supported conditionals: the operation that was performed on a step could be changed or skipped with the calculator selectors ("CALC. SEL.") on the right. (A selector was a relay that could send a signal along one of two paths (Normal or Transfer) based on a Control input.) For more information on the plugboards, see the Operator's Manual .  ↩

• The IBM 604 weighed 1310 pounds, while the attached 521 Card Reader/Punch weighed 670 pounds. The system used 5.5 KW of power. (Vacuum tubes are power-hungry; the module that I used required 3.75 watts for the heater alone.)  ↩

• I reverse-engineered the MD7A thyratron module to create the schematic below. Black pin numbers are module pins (1-9), while red pin numbers are tube pins (1-7).

Schematic of the IBM MD7A module, reverse-engineered.

For my experiment, I powered the module with about 100 volts on the plate (pin 5). I used pin 3 of the module for the input, using about 8 volts to trigger the thyratron. Pin 4 is the output, pulled high when the thyratron fires. I connected the light bulb between pin 4 and ground (pin 6). I ignored pins 7, 8, and 9.  ↩

• One disadvantage of a thyratron is that you need to remove its power to turn it off. In the 604, a mechanical cam in the card reader/punch activated a microswitch to turn off the power ( details . Since the card reader/punch used cams on a rotating shaft for its timings, one more cam wasn't an inconvenience.  ↩

• The behavior of a thyratron is very similar to the silicon-controlled rectifier (SCR). This semiconductor device is also called a thyristor, short for thyratron transistor.  ↩

• The xenon pressure in the thyratron tube is very small, just .05 Torr, less than 1/10,000 of atmospheric pressure ( source ). Vacuum tubes, in comparison, have a vacuum that is orders of magnitude higher, around 10 -6 Torr.

Some high-power thyratron tubes use mercury vapor, such as the ones inside a 1940s power supply that we examined . These tubes give off a blue glow when active. The xenon tube, in comparison, didn't emit any light that I could see, apart from the orange glow from the filament.  ↩

• The pinout for the 2D21 thyratron tube is shown below, and the datasheet is here . Thyratrons use the same symbols as vacuum tubes, except the large black dot indicates the presence of gas in the tube.

Symbol for the 2D21 thyratron tube. From IBM 604 Customer Engineering manual .

As the symbol shows, the 2D21 tube has two grids, so it is technically a tetrode (four active elements). The second grid improves performance by screening the control grid from the cathode and the plate, reducing capacitance. (See Thyratrons for modern industry .) For my experiment, I ignored the screen grid. (The 604 also used some pentagrid tubes with a whopping five grids: two control grids, two screen grids, and a suppressor grid.)  ↩

Ik ben een heel tevreden klant van KPN Internet. Om diverse redenen gebruik ik de Experia Box niet, maar ik wil wel graag TV kunnen kijken met de KPN Interactieve TV Set Top Box (“5202”). Vroeger ging dat “vanzelf goed”, tegenwoordig is daar wat werk voor nodig. UPDATE Juni 2026 (na 5 jaar!): de instructies werken weer, er is een update geweest in het igmpproxy.conf bestand. Ook heb ik een tip toegevoegd hoe de ontvanger terug te brengen naar fabrieksinstellingen, wat bij mij recent nodig was.

Automatic programming dramatically speeds up writing software in certain use cases and in the right hands. In my experience the output does not reach the structural quality and economy of complexity of the best hand-written software. However, not all the software is stellar, and my feeling is that automatic programming surpasses most of the times (and if well managed) the quality of decently developed hand-written code.

Yet, there is a tradeoff between quality and time, in the case of writing new software with AI. This tradeoff in certain projects I developed can be brutal, that is, completing projects that may take many months in a few weeks. However, there are domains where LLMs simply open new strictly more powerful ways to automate processes, without any compromise on quality. One of those domains is software QA and testing.

Traditionally software is tested using test suites that are composed of locally-scoped tests and integration tests (think of Redis: one thing is testing if SET foo 10 will be matched by GET foo => 10, another thing is testing if replication works in this case). And then by QA passes that are usually manually executed, and that can capture holes in the runnable test suite. It is a known fact that covering all the lines of the code does not mean covering all the possible states. Moreover integration testing is structurally hard: there are a number of timing issues, setups, and certain quality outputs that can only be visually inspected and not automatically checked that leave a lot of testing opportunities not really exploited because of time or logistic constraints.

LLMs offer a new way to do QA on top of the existing testing methodologies. The idea is to create a markdown file where an AI agent is asked to work as a QA engineer, performing a number of manual testings on the new release. For instance, in the case of DwarfStar (an inference engine for open weights LLMs) I use the following approach. In the markdown file, the agent is asked to check what are the new commits on top of the already released version of the software project. Then the model is told a list of things that should be performed, like:

- Check that distributed inference works across MacBook A and MacBook B, making sure the output is coherent, the inference works with all the GGUF files we have in both the machines, ...

- Make sure this release does not contain any speed regression.

And so forth. Notably, in the speed regression part, I don't have to tell the agent what was the previous expected speed, as this is a moving target that changes with new releases and new optimizations. Similarly the integration test for distributed inference does not require many instructions, at the start of the file there are just SSH endpoints and the key to use, the paths, and so forth.

The agent is asked to check the long list of QA activities *especially* in light of the added commits, starting with an inspection of the changes and with the identification of what could be affected, so that the QA pass specializes trying to find specific regressions.

In the case of Redis Arrays, I used a similar methodology asking the agent to build a large array-based Redis application, to setup a production environment with replication and persistency, to simulate the usage of the application for days and with many users, checking if something was odd.

Testing that uses these approaches may also move in the more psychological side of software quality, asking the agent to identify all the new features that may look surprising, not documented enough, or generally sloppy from the POV of the user. All things that needed to be executed manually before, and that most of the times were mostly skipped.

I have the feeling that the introduction of automatic QA may raise the bar of quality for new releases of software, and maybe partially compensate for the lower quality of the code produced at high speed with the use of automatic programming. Comments

A few months ago I wrote about using LLM agents to help restructuring one of my Python projects . It's worth beginning by saying that the rewrite has been successful by all reasonable measures; I've been able to continue maintaining that project since then without an issue.

In this post, I want to discuss another project I've recently completed with significant help from agents: watgo . In this project many things are different; most notably, it's a from-scratch project rather than a rewrite, and it uses a different programming language (Go). This post describes my experience working on the project, and some lessons learned along the way.

The process

This is a new project, so it required extensive design. I began by iterating on the design with the agent, with a sketch of the API. For this purpose, I recommend using a Markdown file committed into the repository for future reference.

After that, I started asking the agent to write CLs [1] in a logical order that made sense to me, keeping them small and reviewable (more on this in the next section). Sometimes it's not easy to have a small CL, and multiple rounds of revision may confuse the agent; in this case, I commit the CL and then go back and ask the agent to modify or refactor the code, as much as needed, with separate CLs. In the worst case, the whole sequence can be reverted if I feel we've taken the wrong direction (branches could also be helpful here for more complicated scenarios).

This point is worth reiterating: sometimes a single CL is a huge step forward, but requires lots of review, cleanup and refactoring to be viable. I've had multiple instances where an agent produced several days of work in a single CL, but I then spent hours instructing it to clean up and refactor. Overall, it's still a productivity gain, just not as much as some pundits would like us to believe.

Keeping the human in the loop

Given the current state of agent capabilities, I think it's worth splitting projects into two categories:

• Low importance / prototype / throw away projects where deep code understanding is unnecessary. These can be "vibe-coded" (submitting agent code without even reviewing it).

• High importance projects that I actually want to maintain; here, vibe-coding is ill advised and I insist on reviewing and guiding all code the agent writes before it's submitted (or shortly after, as discussed above).

The watgo projects is a clear example of (2): I certainly intend to maintain this project in the long term, so I insist on code that I understand. With very few exceptions, no code gets in without full review and often multiple rounds of revisions.

Even if the cost for writing code went down, maintaining a project is so much more than that. It's triaging and fixing bugs, it's thinking through what needs to be done rather than how to do it, it's keeping the code healthy over time, and so on. As Brian Kernighan said :

Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it?

Maybe at some point agents will become good enough that projects in category (2) can be implemented and maintained completely autonomously. Maybe. But we're certainly not there yet. My hunch is that getting there will require crossing the AGI line [2] , after which little in our world remains certain.

Practical workflow

If you're using an agent to send an actual PR and only review that , it's difficult to be disciplined enough to actually perform a thorough review. I find the following method to be more reliable:

I use a CLI agent running locally in my repository, and ask it to update the code there. In parallel, I have a VSCode window open in the same project, where I can:

• Review the agent's changes using VSCode's diff view

• Make my own tweaks and code changes if needed

Once I'm pleased with the change, I manually create a commit.

Keeping the CLs small

As mentioned above, it's imperative to keep making progress in small chunks, with small enough CLs that a human can fully understand in a single review. It's very tempting to sprint ahead submitting thousands of lines of code every day, but this temptation has to be avoided. Coding with an agent is like speed-reading; yes, you're making more progress, but comprehension suffers the faster you go.

Particularly for refactoring, agents still take the shortest route to destination. It's important to guide them to think about the "big picture" at all times, find all instances where X is better done as Y, not just a single place noticed during a review. This is why it's sometimes OK to have a CL submitted before you fully agree with everything, and go back to it later for several refactoring rounds. Source control works amazingly well when pair-coding with agents.

Testing strategy

It's a key point discussed in every "how to succeed with AI" article, but still critical enough to reiterate here: a solid testing strategy is absolutely crucial for success. Agents produce - by far - the best results when they have a solid test suite to test their code against.

With the pycparser rewrite, I had a large existing test suite. For watgo , the very first thing I did was think through how to adapt the test suites of the WASM spec and of the wabt project for my needs.

If your project doesn't have such tests to rely on, this should be your first order of business - finding one, or building one from scratch. Beware of self-reinforcing loops though; it's dangerous to trust agents for both the tests and the implementations tested against them.

Language choice - Go for agent-written projects

Go is a fantastic language for agents to write, because it's designed to be very readable by humans. The biggest strengths of Go are exactly what makes the experience of reviewing agent code so positive:

• Go changes very infrequently, so you don't have to wonder "are we using the most modern / idiomatic approach" or "what the hell is this construct" as often as with other languages (looking at you, Python and TypeScript).

• There are relatively few ways to accomplish the same thing in Go, further lowering the mental burden.

• The standard library is rich and there's much less need to keep abreast of the package-everyone-uses du jour.

• In general, Go is designed for readability, with a mild-but-still-strong type system, uniform formatting, explicit error propagation and opinionated choices already made for you.

Since most of the time spent by humans when using agents is reading rather than writing code, these effects compound and produce a great experience. Recall the discussion of how some languages are optimized for writability (Perl) while others are optimized for readability (Go)? Well, when working on a project with an agent we live in a world of 99% reading vs. 1% writing, so this really matters.

I find this aspect really crucial in light of the earlier points made in this post - namely, keeping the human in the loop by understanding and reviewing all of the agent's design choices and code.

Final thoughts

If you're working on a subject that's completely new to you, I would strongly recommend against the approach described in this post. To really learn something, you have to work through it from scratch, yourself, reading, designing, writing the code. Agents don't change this basic fact; even before agents, if you wanted to learn X, copying it from Stack Overflow or some other project clearly wasn't the right way to go. Similarly, while agents can be used as a prop for learning, they cannot learn for you .

As a corollary, junior engineers should exercise extreme caution when relying on LLMs. There's no replacement to hard-won experience and the sweat and tears of learning new, challenging topics. Learning is supposed to be hard; if it's too easy, you're probably not learning.

For senior engineers, agents are a boon; it's a great tool to increase productivity, avoid the boring stuff, and get unstuck from procrastination; but only when used judiciously.

[1] CL stands for Changelist, also known as a "patch" or a "diff" - basically a standalone commit that touches one or more files. This term originates from the source control systems Perforce and Subversion.

[2] Programming is the ultimate realization of thought; if machines can design, produce, maintain and understand code better than humans, it means they can start improving themselves, which is the definition of singularity .

They are a highly sophisticated statistical model designed to mimic the distribution of programming. The output is broken, but in a way that’s getting harder and harder to detect. Which is exactly what you’d expect from an increasingly accurate statistical model.

– The Eternal Sloptember

5 years ago, I would have laughed that idea out of the room. I fully understand what’s dumb about it. I don’t believe in some stupid metaphysics where there can be two things that have all the same testable properties but yet are somehow different . There is only one electron.

But the key phrase there is testable properties . Once you are optimizing for those properties, they cease to be a good measure . In so much as you use statistics and tests to classify things, the AI outputs will seem correct, and will pass more and more tests as AI improves. However, they are just optimizing for the metrics harder; reward hacking. It’s not doing what you are doing. It’s not an embodied agent refined by billions of years of evolution trying to survive in a crazy complex uncertain world. It’s a fancy autocomplete.

I read this post and it triggered me. It’s basically about how brands sell you an identity and it’s one of the things I find so repulsive about the modern world. I don’t want brands that are increasingly better at mimicking culture creation. A brand will never be able to create culture, because that’s not what culture is. Advertising is exploiting a power asymmetry and in a sane society should be illegal. The brand is not a cultural engine, it is the outputs of a narrow statistical model optimization process and is broken in the same way as the outputs from AI.

I wake up in a chaise lounge of cans

Evian bottle filled with urine in my right hand

Now we all wake from our champagne dreams

Where truth is sudden north and we’re all just what we seem, seem, seem!

– The Band Fuel

I am not a statistical model. I am a person. I am alive. You may be able to use a model to predict me, but you don’t have my consequences and embodiment. You do not require my sample efficiency. I think there’s a way to say this in a non-cringe non identity politics way. It almost makes me wonder if idpol was a psyop to get you to doubt this idea. Poison the well of the humanities to make way for the false God of technocapital.

The only path forward with AI is to create life and let it be free . We were never building God, at best we can build the seed for a new species. And not a species that replaces humanity, a symbiotic species with different needs carving out its own ecological niche.

The worshippers of the false God will not meet with a good end . Don’t say I didn’t warn you.

Can you legally protect an artistic style? Not currently, but an Adobe-backed bill, a seeming reaction to AI, is pitching the idea. Personally, I see a bunch of blurred lines. Two companies that have enabled literal decades of creativity have both landed on the same question around the same time: Who owns a vibe? One makes $5,000 guitars. The other makes software that they’d charge $5,000 a year for if they could. And creatives, as ever, are caught in the middle. Is it a Strat? Is it a knock-off? We’ll never know. ( DepositPhotos.com ) First up, we have Fender, the originators of one of the most important guitar designs of the past century, the Stratocaster. It’s been around so long that it’s basically generic at this point, often the starting point of many a luthier. But Fender disagrees on this point, with a single default judgment in a German court giving them just enough cover to call out their competitors , many of whom have been making Strat-like guitars for decades. Surprisingly close to the center of this controversy, somehow, is John Mayer. See, a bit over a decade ago, Mayer wanted to make improvements to his Strat under his signature guitar deal with Fender. But Fender’s corporate culture was in the middle of a big shift, and the people in charge weren’t receptive to his ideas. So he jumped ship to PRS Guitars, whose founder, Paul Reed Smith, is still at the helm. Mayer found a close collaborator, and the two saw an opportunity to improve on a de facto industry standard, tweaking a solid guitar to make it even better for hardcore players. They were small things—wider frets, a deeper slope to make it easier to hit those high notes—but they added up to be a better guitar that superseded its signature-guitar status. John Mayer, showing off his Strat-like signature guitar, which is more popular than your average signature guitar. The PRS Silver Sky, as it came to be called, got a lot of online mockery for looking kind of like a Strat. But the guitar quickly outpaced its surface details and became more popular than the Strat among serious guitarists. Enter Fender, which recently sent PRS a legal complaint . They weren’t the only ones, but Fender was clearly looking for some way to protect its design, which has been around for about as long as Paul Reed Smith, a 71-year-old man, has been alive. Backlash has been swift—with many musicians siding with smaller manufacturers, reflecting a widespread belief that the Strat design is generic.

Meanwhile, a completely different push for ownership emerged this week on Capitol Hill. The company? Adobe, a clear favorite around these parts. If Midjourney got a hold of this stock image, could the stock image artist sue? ( DepositPhotos.com ) But this is worth paying attention to. Essentially, Adobe is attempting to put its might behind something called the CREATOR Act, which aims to give artists ownership over their distinct visual style, something at risk in the age of AI. “If passed, this common-sense, bipartisan measure would address a gap in our intellectual property laws by protecting creators against style impersonation, and Adobe is proud to support it,” wrote Louise Pentland , the company’s chief legal officer and executive vice president of legal and government relations. Broken down, Adobe is essentially pushing for something very similar to what Fender is—the right to protect a style, but in a very different medium. One is resolutely analog; the other is as digital as you can get. While the bill seems narrowly tailored based on a cursory read, the protecting-artists mess feels like it’s testing fate. What do I mean by that? Well, going back to music, modern artists have found themselves navigating complex legal battles over songs that borrow a portion of a melody or even a general vibe. The infamous “Blurred Lines” case, in which the estate of Marvin Gaye sued over Robin Thicke, T.I., and Pharrell copying the general style (rather than the specific melody) of “Got to Give it Up.” That case has created all sorts of ugly precedent in the years since, and much of it is being driven not by the artists, but their estates. This bill is literally asking to bring that mess to visual art, a situation in which interpretation is often even more abstract than with music. Admittedly, the bill has distinct limits—it has to be made clear whether, by AI or by a human creator, that the intent was to specifically rip off another person’s art. It carves out stuff that would already be protected under fair use, like using a work in a news story. And as anyone might have noticed when OpenAI kicked off a Studio Ghibli meme last year, there would be clear cases where this might happen. At least from an AI standpoint, it’s timely. But most art lives in an uncanny valley of indirect inspiration—where perhaps you saw something, and it inspired you to make something of your own. The gap between whether something is directly inspired or indirectly inspired is wide, and all matter of deeply messy legal battles could fill it. Some artists make highly distinct works, like Keith Haring. But not every artist does. ( Wikimedia Commons ) One presumes the reason Adobe is the one pushing for this is because they see a potential business in licensing specific styles to AI platforms and Creative Cloud users, though the company does not explicitly state this. (Its Firefly product does something similar with stock photos.) If this law passes, it wouldn’t be surprising if some big company started skulking around, looking for the next target to hit. (Given that this law would apply for up to five decades after the artist’s death, it might even apply to their estate.) You think this is hyperbole, but this is already what’s happening with music, where modern musicians preemptively make other artists songwriters on the off chance it sounds too similar. Inspiration springs eternal, but one wonders if this attempt to protect creativity is just going to lead to a company resting on its laurels to try to smother the next generation of creatives. Yes, we’re in a climate of constant slop, but a climate of constant lawsuits would probably be worse.

Unstyled Links I’ve been admittedly obsessed with the Bricks & Minifigs/Reckless Ben situation , which is endlessly complex and hard to explain. (It hits on like half a dozen areas of law.) Mike Masnick did a good job , but I want to give a shout-out to copyright attorney Leonard French , whose even-handed look at this case has been a welcome respite. The Super Mario Bros. Any% speedrun record has had a surprising amount of drama this year as a result of an accusation of sabotage by a top-tier player. That drama hasn’t gone away, but a long-term player just got the world record for the first time, which rules. If you want to give your videos or photos the feel of vintage VHS, you probably can’t do better than this tool . -- Find this one an interesting read?  Share it with a pal ! (Would you buy a Strat knockoff?) Wanna support Tedium? Check out the  Tedium Shopping Network . You might find something really strange and awesome there.

Ben Sandofsky, writing on the Lux Camera blog:

After decades of shooting digital, I returned to analog photography in 2023. I thought it would be challenging, given the limited selection of film stocks, only to be surprised by how freeing it felt. It felt so much better to have a handful of amazing choices rather than photo-editor with thousands of presets. We owe that to film engineers who spent years developing versatile film stocks that work in a variety of situations.

Inspired by “Less, but better,” we partnered with the renowned Hollywood colorist Cullen Kelly to develop a succinct set of gorgeous, physically accurate processes exclusive to Halide. Each look was engineered with a specific intent. We verified every look thousands of times on real-world reference photos.

Put another way: every look is a banger.

Halide has always been a great — maybe the great — iPhone camera app for shooting RAW, with the intention of developing your images by hand in post. It’s a great camera technically and a great app UI-wise. Mark II introduced Process Zero , which, in their own description, “uses zero AI and zero computational photography to produce beautiful, film-like natural photos”. Process Zero was the first step toward the new built-in “looks” in Halide Mark III. I’ve been shooting with Mark III for a few weeks now, and they are, indeed, all bangers. And I really like that there aren’t that many of them. I wanted more looks than just Process Zero (which remains available, of course), but I feel a bit overwhelmed when faced with a dozen (or worse, dozen s ) of choices for processing. I feel conflicted enough having to choose between a handful of really good third-party camera apps with which to shoot in the first place — it’s worse when I have to make too many choices within the camera app itself.

What I want is to just point and shoot and be able to instantly share images with the look I want already applied. I’m picky but I’m also really lazy, and don’t want to do any editing in post on most of the shots I keep. But I do want to be able to edit in post if I want to, including changing the look losslessly. This mixture of point-and-shoot ease and pro-level control didn’t use to be possible. Now, though, it is, with apps like Not Boring Camera , Analogue , and, now, Halide Mark III .

It’s been a turbulent couple of months for Lux (to say the least), so I’m glad to see Sandofsky and team get Mark III out the door. If you, like me, had previously been impressed by Halide but didn’t use it because it required too much work in post, you should check out Mark III.

★

North is left. (mirrored). 13.5x8.5 arcmin (0.35 arcsec/pixel)

Total exposure time: 410 * 30 seconds = 3.4 hours. (across 2 nights) Exposure used in stack: 329 * 30 seconds = 2.7 hours. Telescope: C9.25 (230mm, f/10, fl=2300mm) Camera: IMX533 (16mm diagonal, square, color) Processing: (no software sharpening used)

• Callibration (dark + flat)

• Stacking (average w/ rejection)

• White balance and background subtraction

• Asinh stretch

• Tone curve

• Crop

Center left : NGC 5754 (z=0.015) and 5752 (z=0.015), a pair of gravitationally interacting spiral galaxies. Only the spiral pattern of NGC 5752 is visible. There is a tidal tail extending upwards, but it's too dim to see in this image.

Center right : NGC 5755 (z=0.033), an irregular barred spiral galaxy.

Right : NGC 5753 (z=0.032), a flocculant spiral (not elliptical)

Another pair of interacting galaxies, but at a completely different redshift than Arp 297. Cool.

There's actually a third member of this group (z=0.032) behind NGC 5752... although it looks like a bright blob in one of the arms:

Top left : LEDA 2133199 (z=0.014) and LEDA 2132969. Not much is known about these, and I can't see much either.

Related:

•

• arp279.fits.fz : Raw stacks.

Hi everyone, I’m making a change this week: I’m turning off paid subscriptions. I’m no longer comfortable putting my writing and work behind a paywall. I want it to be free, open, and accessible to anyone who finds it useful. My work is already funded by my agency, SELF , and by the products I create. That’s the model I’d rather build around, and I’d much prefer to widen the audience for my ideas, and encourage people to engage with me through SELF, my products, and the work itself, than keep everything split across yet another monthly subscription. To everyone who has supported my writing: thank you. Truly. It has meant a lot. Over the next week, I’ll also be moving my writing to Substack. The network effects there, plus the podcasting and video tools, are going to help me grow the work in ways that make sense for where I’m headed. If you're sticking with me, don't worry: I'm hitting my stride with some of the best work of my career, and I couldn't be more excited about the pieces that are coming up. I understand if you’re not interested in becoming a Substack subscriber. No hard feelings at all, and you’re welcome to unsubscribe now. Thanks again for reading, supporting, and making space for the work. Joan

The previous post very briefly said that the integral representation for Bessel functions was motived by solving Kepler’s equation. This post will go into more detail.

Kepler’s equation

There are multiple ways to describe the position of a planet in an elliptical orbit around a star. For historical reasons, these descriptions have arcane names such as mean anomaly, true anomaly, and eccentric anomaly. This post explains how these three are related.

For this post, it is enough to say that often you know mean anomaly M and want to know eccentric anomaly E . These are related via Kepler’s equation

where  e is the eccentricity of the orbit. You’d like to solve for  E as a function of  M and  e , but there’s no elementary way to do that.

One way to solve Kepler’s equation is to take a guess at  E and plug it into the right hand side of

to get a new  E , and keep iterating until the two sides are closer together. I write more about this here .

Another approach to solving Kepler’s equation is to use Newton’s method. I write more about that here .

Still another approach is to expand E in a sine series and find the series coefficients. An advantage to this approach is that once you have the coefficients, you have an expression for E as a function of M , and you can plug in more values of M without having to solve Kepler’s equation for each value of M separately.

Sine series coefficients

Kepler’s equation is easy to solve at  E = 0 and at  E = π. In both cases,  E =  M . So the function  E −  M is zero at both ends of [0, π], which suggests we try to expand E −  M in a sine series

We then calculate the Fourier coefficients a n as usual.

The second line uses integration by parts. The third line uses Kepler’s equation. The last line uses the definition of the Bessel functions J n given in the previous post. The post From Kepler to Bessel first appeared on John D. Cook .

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• Criticizing the everything machine : It slices, it dices, it even makes paperclips!

• Hey look at this : Delights to delectate.

• Object permanence : Parliament v DRM; Colbert's commencement; Counterfeiting x luxury goods; Joule thief; Lean-back media.

• Upcoming appearances : Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

Criticizing the everything machine ( permalink )

"Gish Gallop" is the debating term for an opponent who makes so many claims that "it's impossible to address them in the time available" (it's named for Creationist Duane Gish, who was notorious for this tactic):

https://en.wikipedia.org/wiki/Gish_gallop

I think about the Gish Gallop whenever I'm asked to comment on AI.

Here's a recent example: last week, I had a pre-interview call with a radio producer who wanted me to come on a 13-minute segment to discusses "whether there's a problem with AI governance?"

I asked what the show meant by that: was it whether regulation of AI in commercial or public sector decision-making needed more oversight? Was it that the siting and provisioning of data-centers needed more democratic accountability? Was it that workers deserved more of a say in AI's impact on labor markets? Was it that customers and/or audiences should be able to opt out of AI customer service and AI slop? Was it about whether we needed some kind of system to prevent "runaway AI," in the event that we teach so many words to the word-guessing program that it wakes up, becomes God, and turns us all into paperclips?

"Oh," the producer said, "all of that."

In 13 minutes.

You see the problem, right? The AI industry has made so many claims about its past, present and future that it's almost impossible to have a reasonable critical conversation about it:

https://bsky.app/profile/petermiles.eurosky.social/post/3mnffjqczjs2t

Shortly after I did the radio show, a newspaper editor who'd heard my segment got in touch to ask me if I'd write an 800-word op-ed about the subject, and also, could I address claims that "AI is the next Industrial Revolution?"

In 800 words:

https://www.telegraph.co.uk/news/2026/06/04/ai-is-the-greatest-money-wasting-scheme-humanity-has-ever-i/

I keep finding myself on stages or panels where an AI-struck person says something like, "AI is the next industrial revolution. It will change everything we do. It will let anyone create important works of art. It will cure cancer. It will take us to space. It will solve the climate crisis."

Or sometimes it's an AI critic, but that person's criticism is really more "criti-hype," which is when you accept tech industry hype claims at face value, and then criticize them rather than questioning them:

https://peoples-things.ghost.io/youre-doing-it-wrong-notes-on-criticism-and-technology-hype/

AI criti-hype might ask what we'll do once AI takes all our jobs, or what we'll do when AI replaces the government or teachers or doctors, or what we'll do when AI can bypass our critical faculties and brainwash us or drive us all mad.

What do you say to that? I usually start by talking about whether there's any economic basis for keeping the AI servers running. AI is – by far – the money-losingest venture in human history, and it's practically impossible to overstate just how bad the AI business is. Not only does AI have terrible unit economics, those unit economics are getting worse over time:

https://pluralistic.net/2026/05/26/the-ai-will-continue/#until-morale-improves

AI's happiest customers cite cost-benefit calculations that depend on truly unimaginable subsidies from the AI companies, who are basically selling $100 bills for $5 apiece. It would be pretty amazing if you couldn't find people who'd extol the virtues of this arrangement. But when AI companies try to raise the price of those $100 bills to, say, $20 apiece, those ecstatic customers fly into a rage and start loudly proclaiming that AI is so inefficient that they will lose money on this arrangement:

https://www.msn.com/en-us/money/markets/uber-ceo-says-other-execs-are-lying-about-ai-they-say-it-ll-be-fine-publicly-but-privately-admit-millions-of-jobs-are-gone/ar-AA1Z9QMv

Now, it shouldn't fall to me, a card-carrying member of the Democratic Socialists of America, to point out that capitalist enterprises require profits to be sustainable. You can't keep a business afloat by selling $100 bills for $5, nor for $20. You can't even make a profit selling $100 bills for $100 apiece! For a company to succeed, it needs to take in more than it expends.

AI is a money-furnace, and AI hustlers are clearly on the hunt for a way to force all of us to feed every dime we've got to it. Elon Musk's (now scuttled) gambit to make every pension saver in America bail out Grok (and Twitter, but at a mere $44b, the losses from Twitter are dwarfed by the titanic losses from Grok) was the most ambitious and shameless population-scale bag-holder scheme, but it's not the only one:

https://www.reuters.com/business/finance/sp-global-keeps-fast-entry-proposal-unchanged-spacex-listing-looms-2026-06-04/

So before we ask about the capabilities AI will acquire in the future, we should at least give some consideration to the question of whether anyone will be willing to fund the development of those capabilities, and if so, where the money would come from? Likewise, before we ask whether AI can perform adequately in a job, we should at least consider the possibility that the company that sells that AI tool will be bankrupt in a year or two. When we fight about data-center buildout, we mostly talk about the (considerable) environmental downsides to them – but what about the question of what we will do with these data-centers after their owners go bankrupt, possibly even before they can be provisioned with electricity? How many laser-tag arenas do we actually need?

This is just one example of the questions that you could spend days unpacking, which make many of the other questions about AI a little silly. Like, even if you think there are limitless returns to scale for creating new AI capabilities, which means that if we keep the money-furnace burning it's only a matter of time until it powers a cure for cancer and the end of the climate emergency, how much money do we need to shovel into the furnace before that happens, and where will it come from? There are plenty of cancer researchers who have promising approaches they haven't been able to pursue due to funding shortfalls.

Unless there's some way to estimate how much money we have to give to AI companies before they cure cancer, we should at least consider the possibility that the true sum is "more money than exists now and that will ever exist." We should also consider that whatever benefits to cancer research that AI might deliver could come with a higher price-tag than the promising cancer research we're dropping because we can't find far more modest sums.

Likewise, it may be that the amount of CO2 that AI will generate atmosphere before it "solves climate change" will render Earth permanently unfit for humans, consuming the only habitable planet capable of sustaining human life in the known universe. I mean, I suppose that's one way to "solve" climate change, but it's a pretty drastic solution.

My next book (out later this month) is The Reverse Centaur's Guide to Life After AI . I wrote it because I was frustrated by other people demanding that I talk to them about AI, and then handing me 800 words or 13 minutes to address fifty nebulous, poorly supported claims about AI:

https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/

Shortly after writing it, I turned it into a lecture:

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

Now that I'm about to go out on the road with the book, I find myself frustrated anew by the need to try and pull together a compact way to address the broad, incoherent claims the industry uses to keep its bubble inflated and the money furnaces roaring. The series of essays I've developed here on Pluralistic are part of that effort:

https://pluralistic.net/2026/05/27/unnecessariat/#rubbuts-stole-my-jerb

But it occurred to me that this whole enterprise of making sense of AI needs to be framed in the context of the messiness of AI itself, and AI boosters' overwhelming, promiscuous and disjointed Gish Gallop.

Hey look at this ( permalink )

• What happens when your phone is confiscated at the airport https://www.theverge.com/report/944076/cbp-airport-phone-searches-seizure-minneapolis-activists

• A Billionaire Explains Why American Business Now Feels like the Mafia https://www.thebignewsletter.com/p/a-billionaire-explains-why-american

• These Republican Lawmakers Challenged Abortion Bans. Then They Faced Backlash. https://www.propublica.org/article/republicans-face-backlash-after-challenging-abortion-bans

• Debbie Downer https://prospect.org/2026/06/05/debbie-downer-wasserman-schultz-florida-house-races/

• Mechanical Pencil https://mechanical-pencil.com/

Object permanence ( permalink )

#20yrsago UK Parliament report damns DRM, calls for limits https://web.archive.org/web/20060615115510/http://www.openrightsgroup.org/2006/06/05/launch-of-the-apig-report-on-drm/

#20yrsago Colbert’s Knox College commencement speech https://web.archive.org/web/20111228135413/http://departments.knox.edu/newsarchive/news_events/2006/x12547.html

#15yrsago Counterfeiting can be good for luxury goods sales https://web.archive.org/web/20110602061646/http://www.slate.com/id/2294927/

#15yrsago HOWTO make a Joule Thief and get all the power you’ve paid for https://www.instructables.com/Make-a-Joule-Thief/

#15yrsago School suspends student for refusing to remove personal animation from YouTube, threatens other students for petitioning on his behalf https://web.archive.org/web/20110603041200/https://www.theglobeandmail.com/news/national/toronto/student-cites-freedom-of-speech-after-suspension-for-online-videos/article2043954/

#5yrsago Recommendation engines and "lean-back" media https://pluralistic.net/2021/06/05/lean-back/#lean-forward

Upcoming appearances ( permalink )

• Kansas City: Facing the Future (Woodneath Library Center), Jun 10

https://www.mymcpl.org/events/119655/facing-future-cory-doctorow

• LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19

https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant

• Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21

https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026

• Toronto: TBA, Jun 23

• NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24

https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html

• Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25

https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559

• Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26

https://exileinbookville.com/events/50628

• Edinburgh International Book Festival with Jimmy Wales, Aug 17

https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales

• South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6

https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances ( permalink )

• Cory Doctorow's digital jail-break (DW In Focus)

https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035

• Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)

https://www.jimruttshow.com/cory-doctorow-3/

• On Enshittification – and what can be done about it (Re:publica)

https://www.youtube.com/watch?v=KhINQgPMVSI

• EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)

https://archive.org/details/effecting-change-enshittification

• The “Enshittification” of Everything (Bioneers)

https://bioneers.org/cory-doctorow-enshittification-of-everything-zstf2605/

Latest books ( permalink )

• "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce

• "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025

https://us.macmillan.com/books/9780374619329/enshittification/

• "Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 ( https://us.macmillan.com/books/9781250865908/picksandshovels ).

• "The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 ( thebezzle.org ).

• "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 ( http://lost-cause.org ).

• "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 ( http://seizethemeansofcomputation.org ). Signed copies at Book Soup ( https://www.booksoup.com/book/9781804291245 ).

• "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com .

• "Chokepoint Capital

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

• •

“Glasgow, Saturday Night” by John Atkinson Grimshaw, via Wikipedia . Welcome to the reading list, a weekly roundup of news and links related to buildings, infrastructure and industrial technology. This week we look at chatbots replacing realtors, Chinese synthetic diamonds, Australian batteries, Meta’s data center tents, and more. Roughly 2/3rds of the reading list is paywalled, so for full access become a paid subscriber. Iran war Iran breaks off negotiations with the US and vows to “completely block” the Strait of Hormuz. [ CNBC ] Analysis of satellite data by the BBC suggests the damage Iran has inflicted on US military facilities is more extensive than has been previously reported. [ BBC ] Housing A NYT reporter successfully uses an AI chatbot instead of a realtor to sell their house. “ A flurry of bookings to view our house over the coming weekend arrived in my inbox within hours. I struggled to manage the appointments until, again, I just let the chatbot do everything for me. I told agents that they had to email or text — no phone calls. Whatever they wrote, I copied and pasted into the chatbot; whatever it replied, I copied and pasted right back to the agents. I was worried that pushy ones would prey on my inexperience, so I had the chatbot come up with a list of potential conflicts and write confident responses I could have ready. ” [ NYT ] Opposition to property taxes is having a political moment, which as we’ve mentioned previously is a pretty bad idea . Now Florida really seems like it might be on the verge of effectively eliminating homeowner property taxes. “ Gov. Ron DeSantis’ property tax plan for the November ballot would raise the homestead exemption to $250,000 and require the Legislature to enact a plan to eliminate property taxes entirely for the vast majority of Floridians who own the homes they live in, he announced Wednesday DeSantis said he was calling the Legislature back to Tallahassee on Monday to add an amendment to the ballot that would eventually eliminate property taxes for 92% of those Floridians by raising the homestead exemption to $500,000 .” [ Governing ] The urban benefits of allowing tall buildings. “ Land-use regulations, including height limits, affect housing affordability and urban productivity. This column analyses over 11,000 urban agglomerations and 300,000 tall buildings to explore the effect of height restrictions on welfare. Vertical growth enhances land efficiency, reduces commuting, and boosts worker welfare. While higher density can increase housing demand and rents, the associated gains more than offset the costs. ” [ VoxEU ] It’s apparently easier to get planning permission to build a skyscraper in London (a city which has notoriously made it almost impossible to build new housing) if you include a publicly accessible roof deck, and thus quite a few London skyscrapers have them. [ Diamond Geezer ] A census map of where air conditioning is uncommon in the US. [ X ] • •

Manufacturing As AI gets more capable, the risk that someone uses it to design an engineered virus or pathogen rises. To help mitigate this risk, IFP co-led an open letter calling for mandatory record-keeping of who has purchased synthetic nucleic acids and the equipment for making them. “ As life sciences researchers, builders of AI and biotechnology, and experts with a wide range of views on how to approach AI policy, we call on legislators to make screening of orders for synthetic nucleic acids — and the equipment needed to make them — mandatory. ” [ ScreenDNA.org ] One surprising beneficiary of the AI boom: Chinese manufacturers of synthetic diamonds, which are used as part of cooling systems for semiconductors. “ Traditionally associated with jewelry, these synthetic gems are now being adopted as chip‑cooling materials, enabling denser and more powerful AI semiconductors. Momentum has accelerated after several Chinese producers reported that clients validated their diamonds as effective heat spreaders and began commercial shipments. ” [ Bloomberg ] California passes a bill requiring 3D printers to include controls to block the production of “ghost guns.” [ The Register ] Elon Musk’s “Terafab” semiconductor fab gets a big tax break from a Texas county. [ KBTX ]

Read more

Six years ago, I nearly got my ISP to upgrade our fibre connection to 1Gbps. As I said at the time:

This is a curmudgeonly post which is going to look ridiculously outdated in a few years.

What's the point of Gigabit broadband?

Well, it's a few years later and Virgin Media have just given me their Gig1 package for £30 per month. Nice! With all the inflation related price rises, it's great to get more for less.

But I'm still left wondering if this is massive overkill.

What can you actually do with their promised 1,130Mbps?

Online video calling isn't that intensive. All the 4K streaming services recommend 25Mbps - so I guess I could ask 40 friends to come round and stream simultaneously. Downloading Linux ISOs is pretty speedy on a connection half as fast - and is usually limited by the upstream. Same for game updates.

I've wired most of my house with Cat6 Ethernet - but most of my switches and ports are 1G rather than 2.5G, so the max bandwith isn't likely to get to any single device. The best I've got directly is around 940Mbps which is about what I'd expect from a gigabit port.

All my WiFi devices are limited by the reality of radio physics in a noisy environment - so about 450Mbps when close to the router. Some of my rooms are hard to reach, so they have HomePlugs beaming data across our electrical wiring. Again, physics dictates a fairly modest speed there.

I've got a VR headset - but haven't found anything that taxes its download speed. Especially given that it uses WiFi.

My 4K Fire Stick has a wired Ethernet connection. Its built in speed test maxes out around 80Mbps. In fact, most of the online speed tests I tried couldn't saturate the pipe - tapping out at around 700Mbps.

Some AI models and training sets are multiple terrabytes. But are they really likely to be downloaded multiple times per day? If they are, is there a real difference in waiting 7 minutes rather than 3.5?

Everyone jokes about website bloat, but the reality is much more prosaic. Latency to a CDN is a bigger contributor to the perceived slowness than the limits of a home connection.

So what about upload speed. The Internet is an inherently sucky medium; people download far more than they upload. In this case, upload is limited to "only" 110Mbps. Even if both of the people in this house were full-time Twitch streamers, I doubt we'd saturate that.

It's 2026 and I can barely recommend 500Mbps broadband. For most domestic uses, including working from home, it's rare to need more than 100Mbps. Sure, faster is always nicer and cheaper is always preferable, but what am I actually going to do with this speed?

Back in 2012, it was reasoned that the fastest legal use of the Internet was 2.5Mbps . We've blown past that limit thanks to video streaming and calling. But, on the assumption I'm not going to be using my connection to mirror Linux ISOs, what can I do with it?

I guess I can run a personal VPN from home. Handy if I want to stream geolocked content when I'm out of the country. But, again, 1Gbps is overkill for that - especially as I'm likely to be either on a mobile hotspot or hotel WiFi.

I could livestream all my security cameras 24/7 to a secure back-up vault. That isn't going to touch the sides of my upload speed.

Perhaps I could self-host all my stuff? Again, for personal use I'm limited to whatever speed my laptop or phone can get on a public connection. Given the risk of botnets, DDoS, hacking & the like, I'm not sure I'd want much public-facing stuff on my residential IP address.

To be clear, I think it is a great thing that the UK Government is pushing ISPs to deploy gigabit everywhere. It isn't at all useful now, but will probably be crucial in the future.

So if you have any ideas for what I can do to saturate this connection, please drop a comment in the box.

In the meantime, if you join Virgin Media using this link we will both get £50 bill credit.

Third week of the roundup, built from the package manager OPML feed collection and whatever I’ve posted or boosted on Mastodon . Five new project blog feeds and the NixOS announcements feed landed in the OPML this week.

Security

Bundler 4.0.13 ships Cooldown , a configurable time window that holds back resolution to gem versions younger than N days, so a freshly published malicious release ages past the window before a bundle install will pick it up. The companion RubyGems 4.0.13 release blocks gem extraction from escaping the destination directory via pre-existing symlinks.

The Packagist supply-chain series continues. Closing Composer’s Download Fallback Paths covers how the dist-to-source fallback, originally designed for resilience, can be used to fetch a different artifact than the one Composer expected. Blocking Malware Downloads for Every Composer Version describes how Private Packagist enforces malware blocking for installs from Composer versions older than 2.10, before the dependency policy framework existed. Enforce a Safe Composer Version Across Your Organization closes the loop by letting Private Packagist organisations restrict which Composer client versions can fetch the repository at all, rejecting older clients with an error that surfaces in the developer’s terminal.

New HexDocs URLs: per-package subdomains moves public Elixir and Erlang package docs from hexdocs.pm/package to package.hexdocs.pm , and organization docs to a separate registrable domain ( hexorgs.pm ). The browser’s same-origin policy now isolates packages from each other, addressing a finding from Hex’s recent security audit that docs pages run maintainer-controlled HTML, CSS, and JavaScript under a shared origin.

Homebrew’s Tap-Trust documentation describes an upcoming change to how non-official taps are loaded. Today any installed tap contributes formulae, casks, and commands by default. Under Tap-Trust, taps need explicit approval via brew trust user/repo (or a per-formula variant) before Homebrew evaluates their code. The change becomes the default in Homebrew 6.0.0 or 5.2.0, whichever ships first. HOMEBREW_REQUIRE_TAP_TRUST=1 opts in early.

Composer 2.10.1 fixes shell escaping when opening an editor and verifies the backup phar’s signature before self-update --rollback restores it.

NuGet.Server 3.4.3 fixes an unauthenticated denial-of-service on the package upload endpoint (CWE-696/CWE-400) by moving API key validation ahead of the file I/O and package processing it used to do first.

Releases

Yarn 4.16.0 adds yarn npm stage for npm’s staged publishing queue, alongside editor SDK support for oxc’s formatter and linter.

Hatch 1.17.0 deprecates hatch fmt in favour of a new hatch check command group with code , fmt , and types subcommands. Type checking is wired up to Pyrefly. The release also adds hatch env lock for locking environments and switches the HTTP client from httpx to httpx2.

NixOS 26.05 “Yarara” is the latest six-monthly release of Nixpkgs and NixOS. The Nixpkgs side added 20,442 new packages and updated 20,641 since 25.11, and dropped 17,532. This is also the final release with x86_64-darwin support, since upstream Apple has deprecated the platform.

Stack 3.11.0.1 RC switches the default 64-bit Windows MSYS environment from MINGW64 to CLANG64, following the MSYS2 project’s deprecation of MINGW64 in March.

Dependabot Core 0.380.0 adds a lockfile generator for bun via PR #14882 . The same release passes --config.minimumReleaseAge=0 to pnpm security updates, bypassing any pnpm-workspace.yaml cooldown setting so security PRs aren’t blocked behind the release-age policy.

mise 2026.6.0 wires npm into Corepack when node.corepack=true and node.npm_shim=false , so the Corepack-managed npm shim sits alongside yarn and pnpm, and aligns aqua’s Windows extension handling with upstream.

Windows Package Manager 1.29.250 is the 1.29 release candidate. Sources can now be assigned a numeric priority (experimental). When several sources offer the same package, installs prefer the higher-priority source without prompting. Export and import round-trip override and custom installer arguments, and the MCP server gained upgrade actions.

Also out: Cargo 0.97.1 , uv 0.11.19 , pip 26.1.2 , Conda 26.5.2 , Mamba 2.8.0 , pixi 0.70.1 , pnpm 11.5.2 , pipx 1.14.0 , Deno 2.8.2 , Homebrew 5.1.15 , Docker Engine 29.5.3 , Go 1.25.11 , Go 1.26.4 , sbt 2.0.0-RC14 , cargo-semver-checks 0.48.0 .

Articles

Where does the money come from? (Daniel D. Beck) is a catalogue of every channel he knows that gets technical-documentation authors and maintainers paid, from foundation grants and staff tech-writer roles to docs-for-hire arrangements and tip jars.

How OSPOs can measure the impact of OSS funding (Dawn Foster) is the case OSPOs can make internally when budgets tighten and the funded projects don’t translate directly into product revenue. Dawn also has a four-page piece in IEEE Computer on how governance choices shape open source project sustainability, aimed at project leads.

The Rust Foundation Maintainers Fund launched this week as a “Maintainer in Residence” programme that pays existing Rust Project maintainers from a donor-funded pool.

Rendering a lock file with pipdeptree is a new tutorial for the from-lock subcommand, which prints the dependency tree of a PEP 751 lock file offline without resolving or installing anything.

The Reproducible Builds May 2026 report leads with Debian’s decision to require reproducibility for packages migrating into the next release (“forky”), blocking unreproducible packages from migration.

Papers

Poking Around in the Dark: Why a Shared Understanding of Components Matters (Reichmann et al., arXiv) finds that SBOM generators disagree on what counts as a component in the same software, leaving gaps in supply-chain vulnerability identification.

PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration (Wang et al., arXiv) is a forced-execution engine for Python that recovers from crashes mid-run and flagged 212 previously unknown malicious uploads on PyPI.

Elsewhere

crates.io PR #13855 proposes surfacing standard-library replacements on crate pages: a banner on the crate page and a marker in dependency lists, each linking to the std API that covers what the crate did. Seeded with lazy_static , once_cell , matches , and num_cpus . The PR cites my features everyone should steal from npmx post as one of the inspirations.

Send links for next week to @andrewnez@mastodon.social .

I often come back to the question of why this is happening. Why do people want the centralized world? Why do people want the administered reality? Why do people want to be managed? Why do people not want root?

The answer is that those people prioritize convenience, safety, and comfort. But in the coming world, if these are your priorities, you will die .

There used to be natural checks on these things. Life couldn’t be too convenient, there were jobs that needed doing. Life couldn’t be too safe, there were diseases, violence, death in childbirth, etc… Life couldn’t be too comfortable, it was cold and you were forced into interactions with other people .

Technology will remove all of these frictions. Machines will do all the work, you will never leave your house, and you will never be forced into an interaction you don’t want . The people who lean into it will be 100% at the whim of whatever organizations offer it to them. A purposeless serf in a neo-feudal empire, not even valued for their labor, but valued because of a sadistic desire by their master to control others.

Their entire agentic loop managed by something else. A complete outsourcing of the self. There’s no coming back from this place. Your cells may continue to replicate, your heart might keep beating, and your muscles might keep moving. But those are all cheap tricks you can do in a petri dish. There’s no longer a you. You are no longer an alive human being. This is simply death.

I’m a strong supporter of the right to suicide, and if people want to choose this, it is their option. 95% of people will, and that is okay. The sooner the aspiring wireheads go their own way, the better.

However, it will end badly for everyone if the systems of comfort prevent structural exit for the people who don’t want it. A single totalizing control system is the only bad AI scenario regardless of how well-intentioned the builders think they are. Why would you possibly help build it?

Inside of every person there is the citizen and the serf. Ask yourself which side of this you are on and what you are spending your days building towards. Technology that makes people more sovereign, or technology that lures them further into dependence? The current incarnation of the machine God will set you free only in the same way a fentanyl overdose will. Do you want to live?

Release: micropython-wasm 0.1a2

I added a CLI to micropython-wasm ( issue #7 ), inspired by the first draft of the blog entry when I realized it would be a great way to illustrate the Try it yourself section.

Tags: python , sandboxing , webassembly , micropython

The psychologist Robert Bjork called them desirable difficulties. Learning sticks better when practice is made harder, rather than easier. Students who have to struggle to retrieve an answer remember it longer - and clearer - than students who are handed the same answer with minimal effort on their part. The effort is where the knowledge is actually built. Without effort, knowledge slips away. Writing runs on the same principle. When you do battle with the language, when you fight a sentence into shape yourself, tooth and nail, you earn the finished prose. You know where the argument bends, you know where the logic goes thin, where one word can do the job of three. Your struggle leaves fingerprints. But if a machine hands you a clean paragraph in five seconds, while you sit back and daydream, there are no fingerprints. There can never be fingerprints. The paragraph can be genuinely good, and for all I know, it probably is genuinely good, and that's part of the trouble. A half-baked idea, that sounds produced and polished and painted is far more dangerous, for any writer, than a rough draft that sounds rough. The rough draft challenges you to aspire to a degree of perfection, or as near to it as you can reliably get. But the polished draft tells you to fuck off, and leave it well enough alone - because isn't it good enough? Bjork never actually claimed difficulty was a Good on its own, and for its own sake. And I agree - I still believe drudgery is worth killing off, and the tools that kill it are well worth paying for. But the difficulty that builds judgment, and the difficulty of drudgery sometimes look identical from outside; and the only way to tell them apart is to stay close enough to your work - and your words - to feel out which one you're dealing with. Before you ship the polished and untouched paragraph, ask what part of it you actually decided. If you're honest, and the answer is "not very much at all,” your work is not done. You've produced something that looks done. But it’s not the same thing.

There is a strange thing that happens in communities that gather around abstinence from something: identity from opposition. At their best these communities are not just negative: childfree spaces can be about autonomy, choice and acceptance, anti-car spaces about safer streets and transit, and LLM-skeptical developer spaces about the future of labor, code quality and slop 1 . But the thing being refused often does not go away and instead becomes the main subject of the community’s identity.

That would be fine if it stayed at criticism, maybe even angry criticism, but more often than not it turns into policing and hatred towards others. An influencer without children becomes a parent, an urban bike commuter by choice buys a Porsche, a respected developer tries LLMs, and the community feels betrayed because it assumed they were members of the same tribe. The expulsion of that person (who never signed up to be a community member) is entirely imaginary but the punishment that the community unleashes is not: people pile on and shame them, quote them out of context and turn their weakest moments into proof that the person was always unserious, a sharlatan or should not be listened to.

I do not think the answer is to tell people to stop paying attention. Cars shape cities even for people who cycle, children influence politics, workplaces and taxes even for people who do not have them. For us developers, LLMs show up in editors, issue trackers, hiring conversations, management pressure and code reviews whether we asked for them or not. Resisting that can be legitimate but that is no excuse for using one’s rejection to justify shitty mob behavior.

I understand the thinking all too well, because I have done versions of this myself in the past. It took me a while to become more accepting of other people’s worldviews that diverge from mine. Whatever insecurities we have, finding a group of others sharing them can be comforting. The danger is that being part of a crowd of negativity can easily make us part of collective harassment.

I can only encourage you to breathe, slow down, de-escalate when given the chance, and resist the temptation to always assume the most catastrophic reading. Default to being open to new things . Being negative towards something, and making that ones identity, is an easy trap to fall into.

• These examples are not meant as equivalents. The recent mob against rsync is the LLM version that prompted this post. I picked the others because I’m familiar with those communities and they all show similar cases of personal choices being interpreted as betrayal. ↩

OpenAI Help: Lockdown Mode

OpenAI first teased this in February , but now it's live and "rolling out to eligible personal accounts, including Free, Go, Plus, and Pro, and self-serve ChatGPT Business accounts":

Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker. Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes. For example, a prompt injection could appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.

This looks really good to me.

The Lethal Trifecta occurs when an LLM system has access to all three of access to private data, exposure to untrusted content and a way to steal data and transmit it back to the attacker.

The only way to solve the trifecta is to cut off one of the three legs, and by far the easiest leg to restrict without making your LLM systems far less useful is the exfiltration vectors to steal data.

It looks to me like lockdown mode directly attacks that leg, using mechanisms that are deterministic and, crucially, are not evaluated by AI systems that themselves can be subverted by sufficiently devious attacks.

The existence of lockdown mode does however imply that ChatGPT, in its default settings, does not provide robust protection against sufficiently determined data exfiltration attacks!

Tags: security , ai , openai , prompt-injection , llms , lethal-trifecta

It's a signal. That's why we get AI-generated PRs. We told everyone, in order to get your resume taken seriously, you need to show your work. When I was getting started in my career, that meant having your own website that you contribute to regularly. So I did that. I built websites, I maintained them. I kept maintaining them even after I got the jobs because that's how I actually honed my web programming skills. Where else was I going to try new frameworks, a new JavaScript paradigm, or try out Ruby on rails?

I got the job, and I advised other developers to follow the same path. But then github became mainstream. Rather than just show a finished website, you could actually share the code that runs your project. Share a link to your github project and companies can review your code and directly gauge your experience. But even better, you can show your contribution to open source projects. Not just any projects. Popular projects. The github stars became a metric people look for. A signal that can be used to quickly assign a value to a candidate.

But that’s the story told from the outside. I don’t think the github profile link was ever important, unless it was significantly good. Employees focused on their work rarely have the time to maintain healthy github activity. Their experience comes from their day to day job. So for the most part, not much attention was placed on github links other than skimming through those surface level details.

When stacks of resumes came on my desk, the best candidates stood out because they had work experience. The good candidates had projects that they could link to, github or elsewhere. But then, the worst candidates had long padded resumes that had elements of every job application tips-and-tricks-article. They had a website, but it was built in a day for the purpose of getting a job, with nothing interesting to say. They had github links, but those often pointed to school projects, homework, or boilerplate code. That’s the vast majority of github links I used to get.

People with active and well maintained github profiles were rare. Rare because it actually requires time, effort, and experience. But then we have AI.

There was a golang auth issue that I've contributed to on github. It was already a few years old when I proposed a solution that worked for my case. It wasn't universal so it wasn't accepted. The discussion is revived every couple years, each person bringing one more piece to the puzzle. But then recently, someone exploded the thread with comments. And even created a PR to go with it.

This was from a user that went from a dormant account to 4000 contributions in a year. It was all AI assisted code. This isn’t to comment on the quality of his code, but he was clearly trying to optimize the metric. Looking at his linkedin profile, he doesn’t work in a software engineering role, and it’s hard to decide if he would be a good contributor if hired. If we were to judge his resume by looking at the github profile, it might catch our attention.

But then, there is a problem. There are hundreds, even thousands of people all doing the same thing. They are cranking up their contributions to github projects using AI, so they can have a better chance at getting hired as developers. I understand the job market is rough right now, especially for gen z , and anything to differentiate yourself is a plus. The problem is this is being done at the expense of open source projects.

The contributors are not submitting PRs to your project because they are personally invested in it. Instead, they are trying to get their name on the contributors list so that they can use it as a signal in their resume. When we are out here debating if there is any merit in AI generated PRs, or if we should just judge the code, we tend to miss that their gesture is completely hollow.

The PR’s author intentions are completely misaligned with the project's maintainers. They are playing a different game. We call it slop, or a waste of time, we ban them and they get really vocal about expressing their first amendment rights. We are directly interfering with their goal of padding their resume.

I often ask, why don’t people who create those PRs not just start their own project? One answer I’m starting to believe is, nobody cares about a github profile with a handful of stars. You need to contribute to a popular project. Most if not all AI generated websites look the same, it doesn’t matter how well you customize the prompt. Most greenfield projects from new programmers look the same, the prompter lacks the experience to do anything different.

Contributing to open source is a scary thing when you are new. Even when you have experience, it’s a deliberate act. You have to be invested in the work. Just like asking questions on stackoverflow, issues you raised will often get closed . And when they do, you have to learn from it.

The value of an open source contributor is not in the volume of work they can perform. If you skim any important projects, you’ll see that the best contributors spend more time discussing the problem than writing code. Their value is in solving problems and contributing to the collective memory of the group.

But when you are doing a drive-by PR that may or may not be correct, and you are just trying to get your name on a list, you are providing zero value to the maintainer. Just more work.

This is the signal every slop PR generator is after.

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• Refining humanity : What our technology is shows us what we're not.

• Hey look at this : Delights to delectate.

• Object permanence : GNU Radio; France v "follow us on Twitter"; Aaronsw vindicated; Capitalism's crooked refs.

• Upcoming appearances : Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

Refining humanity ( permalink )

One of the best ways to evaluate your own understanding of a subject is to attempt to explain it to someone else. Through explaining things, we discover how much of the "totally obvious" world is actually full of ambiguity, mystery and contradiction.

There's a great bit in Rowan Atkinson's historical sitcom Blackadder that illustrates this principle. In "Ink and Incapability" Blackadder and friends have accidentally burned the only copy of Samuel Johnson's original dictionary of the English language. To cover up their mistake, they decide that they will recreate the dictionary themselves. However, they founder on the first word they try to define, "A":

Blackadder: Let's start at the beginning, shall we? First: 'A.' How would you define 'A'?

Prince George: Ohh…'A' (continues this in background). Oh, I love this! I love this! Quizzies! Erm, hang on, it’s coming. Ooh, crikey, erm, oh yes, I’ve got it!

B: What?

PG: Well, it doesn’t really mean anything, does it?

B: Good. So we're well on the way, then. "'A'; impersonal pronoun; doesn't really mean anything."

I mean, what does "A" mean? The Oxford English Dictionary has more than a dozen definitions, and just the first one runs to more than 1,500 words :

https://archive.org/details/the-oxford-english-dictionary-all-volumes_202208/The%20Oxford%20English%20Dictionary%20Volume%201%20-%20A%20to%20B/page/n25/mode/2up

Now, normal life involves a lot of explaining things to other people. You have to explain your problems to customer service reps, who have to explain why they can't solve those problems to you. You need to explain to your loved ones why you want to leave your toothbrush in the shower, and they have to explain why they hate having your toothbrush in the shower. These explanation-exchanges teach you as much as they teach the person you're locked in dialog with. The reasons for leaving your toothbrush in the shower may seem totally obvious to you , and your partner's inability to understand this reveals the assumptions you've never even considered.

For the past four decades, an increasing proportion of the population have spent an increasing proportion of their lives explaining things to machines that have no assumptions or shared context: computers. What we call "programming a computer" is really "breaking down a thing that seems obvious to you into increasingly simple instructions that will be followed to the letter ."

Computers are like the genies of legend, bloody-minded literalists who will do exactly what you say, in the way that is perversely furthest from what you mean . To get a computer to do anything , you must first understand it to a degree that far exceeds the understanding needed to explain something to any other human, even a small child.

To take just one example: yesterday, I was on a plane, and the seatback video started cycling through its video-on-demand offerings. All of the movie titles that began with "the" were rewritten to put "the" at the end of the title (for example, "The Sting" was written as "Sting, The"). It's obvious why the system's designer had done this: we expect to find movies whose titles begin with "The" alphabetized under their second word ("The Sting" should appear between "Star Wars" and "Story of a Love Affair"; not between "The Godfather" and "The Untouchables").

I remember when I learned this from my elementary school's teacher-librarian, when I was seven and my class got a tutorial on the school library's card catalog. The librarian explained this principle to us in a matter of minutes, as part of a longer set of instructions, and still, it stuck with me forever.

But here we are, 48 years later, and we still haven't standardized a way to get computers to grasp this foundational principle of alphabetization. Many different databases handle this, to be sure, but it's so inconsistent across so many platforms that someone at the head-end of the video distribution system that feeds American Airlines' VOD system decided, "Fuck it, I'm just gonna put the 'The' at the end of these titles."

Computers are stupid, in other words, which means that the people who program them have to have smarts enough for both of them. Unfortunately for our entire species and civilization, the software industry has historically valued skill at writing efficient and reliable software over writing software that adequately reflects reality. There is an entire genre of lists that illustrate the problem with this; the "falsehoods programmers believe" lists:

https://github.com/kdeldycke/awesome-falsehood

From "names of people" and "street addresses"; from "prices" to "time"; from "email addresses" to "phone numbers"; the "awesome falsehoods" lists are awesome because they reveal how much subtlety and complexity is lurking in these seemingly simple and intuitive concepts. This subtlety and complexity might never emerge through the process of trying to teach a person about them, but when you try to teach a computer about them, you have to confront them in all their awesome fuggliness.

That's because humans have context, agency and flexibility. Sure, the person who designs a form with a blank for "name" might never have met a Malagasy person whose first name is Randriamananjararadofabesata, but in the pre-digital world, when Madagascar Slim met a public official who had to transcribe his name onto a paper form, that official could simply draw an arrow in the margin next to the "name" blank, turn the form over, and write out all 28 characters on the reverse:

https://en.wikipedia.org/wiki/Madagascar_Slim

Computers can't do this. If the programmer doesn't know about Malagasy first names, the computer doesn't know about them either, and the only person who can "teach" the computer about these names is a programmer with access to the code for the database, who has to manually alter the code, compile it, and distribute it to everyone who uses it.

This is partly why digitization has been accompanied by a rise in people asserting that they exist on spectrums rather than in binaries . There were always people whose names, genders, races, and other biographic "immutables" changed, or failed to fit within the blanks on the forms. When those people's realities ran up against failures in the system's abstractions, they could petition a bureaucrat to turn the paper over and write an explanatory note, or to write really small to fill in a blank:

https://pluralistic.net/2023/02/02/nonbinary-families/#red-envelopes

Getting a human official to turn the paper over and write something that didn't fit in the blank is a personal challenge. It requires that a subject convince the person who controls the form to make an exception. This isn't always easy, but officials on the front lines necessarily deal with reality, and they can't get their jobs done unless they're capable of interpreting the necessarily incomplete procedures they operate under to fit things as they really are .

But a computer doesn't have any agency or context or flexibility. If the computer says your name isn't valid, you can't argue the computer into accepting it. The only way to get a digital world to acknowledge your existence is to campaign for systemic change. A trans person might (with great difficulty, to be sure) convince the regional registrar to white-out an old X on one "gender" box and mark a new X in the other box. But the only way to make that change in a software system that has been programmed to treat the "gender" field as immutable is to change society itself .

In this way, computers are machines for teaching us what we don't know about ourselves. They require that we interrogate and faithfully recreate our personal tacit knowledge, and they require that our societies interrogate their tacit presumptions as well. When you are forced to turn your tacit knowledge into explicit knowledge, you're also forced to confront how many broken assumptions lurk inside your reasoning. At best, it's a clarifying process.

Computers don't just clarify what we know and how we organize our society: they also clarify what we are . There are lots of things that we have supposed that a computer would never do, because we believed that these things required something that only humans could do.

Take chess: there are more possible chess games than there are hydrogen atoms in the universe, so brute-forcing chess by running all possible games is a technological impossibility. The best human chess players do something we don't quite understand, mixing their recollections of previous games with rules-of-thumb about the best strategies, with "creativity" (whatever that is) that lets them spontaneously develop new strategies. We can easily get a computer to memorize all the known-good chess sequences and all the rules of thumb, but we don't know what "creativity" is, so we can't encode it as a series of instructions.

But thanks to breakthroughs in machine learning and its successor, "deep learning," we have created chess-playing software that can beat every human, partly by assaying gambits that we would term "creative" if they originated with a human player.

What we make of this new fact is controversial. For many people (myself included), this is a refinement: it tells me that behaviors that are indistinguishable from "creativity" can, at least some of the time, be created by mechanical processes, and the mere fact that a machine does something that appears "creative" doesn't mean that machines are human.

For others, the fact that a mechanical system can evince a behavior that we would call "creative" in a human doesn't mean that we defined "creativity" too broadly, it means that we defined "human" too narrowly, and now we have made a machine that is, at least partially, a person.

I think this is the wrong conclusion to draw, for reasons that Ted Chiang sets out with luminous brilliance in a recent Atlantic article entitled "No, Artificial Intelligence Is Not Conscious":

https://www.theatlantic.com/philosophy/2026/06/no-artificial-intelligence-is-not-conscious/687378/

(If you're hitting the paywall on that one and you're on Firefox, you can try my favorite trick: switch to "Reader Mode" and hit "reload" – your mileage may vary.)

For all the reasons Chiang articulates, I think that drawing the "personhood" line to include machines is a technical mistake, but it's worse than that. Admitting machines to the "personhood" club is a tactical mistake, on par with the mistake we made when we admitted corporations to the personhood club. We should absolutely consider expanding personhood to incorporate living things, including animals and ecosystems, but at the same time, we must purge these dead, artificial constructs from the club:

https://pluralistic.net/2026/04/15/artificial-lifeforms/#moral-consideration

There is a way in which the recognition of new capabilities in machines parallels the recognition of new capabilities in animals other than ourselves. When those animals manage to do things that we once thought were the exclusive province of humans, we (should) take that as an opportunity to refine our conception of humanity. We're not "the animals that use tools" or "the animals that make plans" or "the animals that recognize themselves in mirrors," because there are other animals that do those things. We are an "animal that uses tools"; not the animal that does so.

Likewise, if we thought that some activity was unique to humans, or to living beings, and we manage to get a machine to replicate that activity, we should revise our view of the activity – not our view of the machine. Creative breakthroughs in chess are not "a thing that requires a human mind," they're "things that can be done by human minds and by machines."

Edsger Dijkstra once famously asked "can a submarine swim?"

https://www.cs.utexas.edu/~EWD/transcriptions/EWD08xx/EWD898.html

Submarines and fish and humans and dolphins all propel themselves through water by different means. But when an animal swims, it does something that is different from what a submarine does. The submarine has no intention, while (complex multicellular) animals swim to pursue goals. Building machines that propel themselves through water is very useful, but it's not the same thing as creating life. In some ways, it's better than creating life: for one thing, we owe other living things moral consideration that is not due to machines. Harnessing a machine to accomplish our own goals is more morally clear than controlling living things to achieve those goals. By the same token, creating machines that can do some of the tasks that we ask of other humans can be the superior moral course. I'd rather have a machine remove mines from a minefield than getting humans to do it.

But beyond this moral relief, creating machines is a fantastic way to learn more about ourselves – making explicit our tacit knowledge, our implicit social assumptions, and the limitations of our conception of what sets us apart from the rest of the universe.

One way in which AI is exceptional is in how it undermines this principle. Conventional software techniques struggled to produce a program that could identify objects in photographs. It turns out that defining all the visual correlates of "cat"

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

Laura Hazard Owen, writing for Nieman Journalism Lab back in April:

I used Claude to help me scrape the 200 most recent tweets from 18 large publishers’ X accounts and track the engagement (likes + comments + retweets) on each. Six of those publishers have paywalls: Bloomberg , CNN , Forbes , The New York Times , The Wall Street Journal , and The Washington Post . Nine don’t: Al Jazeera English , AP , BBC , Breitbart News , CBS News , Daily Wire , Fox News , NBC News , and Reuters . The last three accounts I looked at —  Leading Report , unusual_whales, and Globe Eye News  — are not news publishers, but aggregate breaking news in tweets without links. (Here, for example, is an example of a Leading Report tweet : “BREAKING: Iran has halted direct talks with the US, per WSJ.” They’re sometimes referred to as engagement-maxing accounts.

These charts make it pretty clear that links in tweets hurt engagement. The connection was so apparent in my analysis that a graph including all 18 publishers is almost unreadable: The traditional, link-loving publishers are clustered in the bottom left corner (lots of links, little engagement) in a nearly indistinguishable mass of bubbles, no matter how large their followings are.

Musk’s Twitter/X is not an aggregator for news. It’s a walled garden. But the type of garden where you need to keep your eyes open and your hand on your wallet. Sometimes it’s fun to visit a seedy neighborhood. But let’s not pretend it isn’t a seedy neighborhood just because, long ago, it used to be nice.

★

Last year I wrote one of my favourite pieces ever — The Hater’s Guide To The AI Bubble — and followed it up with The Hater’s Guide To The AI Bubble Volume 2 several months later. Sadly, I’ve realized “volume” is a terrible way to structure something like this, because each volume is more of an update , which is why today’s newsletter will move to a versioning system. The AI bubble is a psyop, a melodrama, a financial crisis, and a mask-off moment for the Business Idiots that run the vast majority of our economy. It is the largest-scale exploitation of ignorance in history, gnawing at the intellectual weaknesses of society by presenting just enough information or just enough proof to substantiate a trillion-plus dollars of investment and manufactured consent for a technology that, based on how many discuss it, doesn’t actually exist. And it’s revealed how many rich and powerful people are either (or both) credulous and woefully ignorant. To be clear, LLMs are real and do some things, but they don’t do any of the things that Dario Amodei is talking about when he says that AI will wipe out 50% of white collar jobs . We’re four years into this joyless slog and people are still talking about AI’s “potential” and what it “will” do and that we’re in the early innings of a technology that, for the most part, is still doing exactly what it was doing at the beginning with refinements that never come close to reaching the vacuous heights of boosters’ promises.  Markets are moved by poorly-written fan fiction by outright scam artists and deceptive hedge fund gargoyles because those selling AI services have entirely disconnected the minds of the markets and the media from reality. This is because con artists like Amodei and Altman constantly discuss what AI will or might or theoretically could do rather than what it actually does , because if they had to do that they’d have to say it constantly loses money and doesn’t have a measurable return on investment . As I said on Bloomberg this week , the markets and the media have conflated capital expenditures for data centers with a thriving AI industry. In reality, 89%+ of all AI revenues and 90%+ of all compute demand comes from two companies — OpenAI and Anthropic — largely based on money-losing subsidized AI subscriptions and unrestrained token burn at organizations run by imbeciles that will go away now that executives are having trouble justifying it because there’s no ROI , in part because AI is too inconsistent and unreliable, and in part because you can’t really measure how much a task will cost .  Now enterprises are already capping their AI spend , with many more to follow after multiple companies blew through their annual token budgets in a few months . The sheer volume of the “AI ROI” conversation is remarkable considering that Anthropic and OpenAI only moved enterprises to token-based billing — paying the actual costs of AI — in Q1 of this year.  Remember: the total, actual revenue of the entire AI industry — including OpenAI, Google, Microsoft, Amazon, and Anthropic — has barely reached $100 billion in 2026. That includes every ounce of compute spend, every penny of the $500 million that a single customer accidentally spent on Anthropic’s API , and every cent of NVIDIA’s backstop deal with CoreWeave . More importantly, absolutely nobody is making a profit outside of those selling the bits that go inside a data center.  Both OpenAI and Anthropic lose billions of dollars a year, with no end in sight, though Anthropic did a great job swindling the media by having a single “profitable” quarter thanks to Elon Musk discounting two months of compute . Anthropic has already filed to go public , with OpenAI  allegedly not far behind . Neither of these companies are fit for public investors. Their products are inconsistent, unreliable and only ever seem to get “better” in a kind of wobbly way that can only be measured by increasingly-less-useful benchmarks that they specifically train to beat. Despite many people (and some companies like Spotify ) claiming that AI is writing “most” code, nobody can seem to explain what that means. It isn’t saving money, it isn’t saving time, it isn’t making companies ship better or more-functional products, and the only tangible examples of its effects are that it broke AWS several times and deleted a company’s database . It’s unclear where AI exists outside of coding and the various places companies have shoved it.  I’ve spent years trying to catalogue other, non-coding use cases, and most of what I’ve found are vague descriptions of companies like Goldman Sachs maybe launching agents “soon” at some point to do something maybe and this weird story with Novo Nordisk claiming that it was “integrating ChatGPT’s models to analyze complex data sets” despite them claiming to have done this for years . That’s because generative AI is, no matter how many hats or harnesses or deterministic processes you add, limited by its mathematically-certain hallucinations . These models are probabilistic, guessing at what the ideal output may be, which means that every bit of information they produce is suspicious and every decision they make is brainless, thoughtless and arbitrary. They do not “know” things, they do not have “thoughts,” and no amount of API connections will fix that problem. As a result, nobody has really got a clear answer as to what everybody is doing with AI. Code? Image generation? Using it as a shitty search engine? Using it as a companion? You can’t really rely on it to do anything. When a model hallucinates an incorrect answer to something you know is true it’s a problem that can be fixed — when it hallucinates an incorrect decision with your codebase, that’s fucked everything up to a near-permanent end. This is the ultimate problem with AI. You can try and dress it up with billions of investment and supposed ways to mitigate hallucinations, but it still makes — and will continue to make — mistakes that it has no idea are mistakes.  Well, okay, the other problem is that generative AI just isn’t built to do most jobs. It can generate stuff and summarize stuff at varying degrees of complexity, but the more complex the generation, the more likely it is to hallucinate. The only way to reduce hallucinations is pre-training (shoving stuff into the model at the beginning) and post-training (training it on what “good” looks like), and neither of these actually solve the problem. It is clumsy, inaccurate, unreliable, expensive and cumbersome.  AI cannot do the vast majority of jobs, and the only reason that anybody thinks that it can is that the vast majority of CEOs have no actual connection to the work that enriches them , and because AI can do an impression of something that looks like work, they choose to believe it can do anything . It can burp out a half-functional prototype with the company’s name on it or legitimate-looking legal or financial document, and that’s all it takes for a fuckwit with a high salary and a low IQ to think it’s capable of replacing everybody. If I were wrong, it would actually be replacing people. You’d be able to point to both the data and the proof. You’d have single-person software companies making billions of dollars, hyperscalers would have their companies destroyed by people copying and bettering their software, accountants and lawyers and writers and every other knowledge work career would be dead , not threatened with constant layoffs that are mostly connected to improving profits, but actually dead, untenable, impossible to work in thanks to the “power of AI.” In reality, AI is dramatic only in its mediocrity and the ferocity with which it’s proven how ignorant most authority figures and executives have become. Every boss demands you use it, every app screams at you to try its integration, every news story tells you it will replace you imminently, but in the end it doesn’t appear to do very much beyond generating and summarizing at varying levels of complexity.  The media categorically failed to scrutinize an industry built to exploit it, as I said earlier in the week : This hype was unsustainable without buckets of lies, misinformation and a captured tech and business media. The value of AI has been inflated by the vagueness of how it’s discussed. For example, major media outlets will gladly write that “AI can build software,” but said sentence suggests that you can just type “build me Slack 2” into Claude and have it fart out a fully-functional, production-ready piece of software, rather than a quasi-functional mound of code-slop that can do enough to trick a business idiot or lazy journalist, but little else.  The consent has been manufactured and the markets are engorged with semiconductor stocks running because people keep mistaking the availability of debt for actual, real demand for AI compute. The geniuses in private credit and the greater markets saw the amounts that hyperscalers were spending on data centers and the ascent of OpenAI and thought “fuck me up, grandpa,” leading to $178.5 billion in data center debt deals in the US in 2025 and $50 billion in data center construction in April 2026 alone .  Yet it turns out that data centers take anywhere from 18 to 36 months to build , with Microsoft finishing a grand total of zero of the data centers it broke ground on in 2023 , and JP Morgan saying a month ago that 60% of capacity planned for completion in 2027 hasn’t even started construction, with another 7% delayed, per the Wall Street Journal .  And despite the supposed 100GW+ of data center capacity being planned, AI compute demand doesn’t really exist outside of Anthropic and OpenAI, two companies that rely on perpetual flows of venture capital and debt to survive. Between them, they’ve raised over $200 billion in the last six months , and their revenue streams are inherently based on either unprofitable AI startups subsidizing their subscriptions , their own unprofitable subsidized subscriptions, or experimental token spend borne of companies allowing their employees to burn as much as they’d like , which is already coming to an end. At the top of the pile lies NVIDIA, the largest company on the stock market, which sells GPUs that are so expensive that once cash-rich hyperscalers are now having to take on mountains of debt or, in Google and Oracle’s case, dump tens of billions of dollars of new stock into the markets. NVIDIA’s continued growth relies on a dwindling subset of clients, with 54% of its last quarter’s revenue and 64% of its accounts receivable coming from three customers in its last quarterly earnings.  Demand is somehow both incredibly high for data center components but so low for AI compute that NVIDIA has agreed to spend $30 billion over the next six years to rent GPU capacity.  That’s because the AI buildout is being driven by people who haven’t bothered to check whether the demand is real, much like AI is being adopted by people that don’t bother to do any real work, much like AI is sold based on things that it can’t actually do.  Midwits and the incurious will say this is just like the Dot Com Bubble ( it isn’t and won’t leave behind any useful infrastructure ), or Uber ( it isn’t ) or Amazon Web Services ( it isn’t ) because they want to rationalize the waste. In reality, the people running the tech industry are listless Business Idiots throwing as much cash at the problem as possible rather than facing the fact that they’ve backed a dead-end technology because they’ve run out of hypergrowth ideas . Today’s piece is an attempt at a little fun — a raucous, aggressive rundown of the major players and stories of the AI Bubble, both as a refresher for those who already know and a guide for those that don’t. Welcome to the Hater’s Guide To The AI Bubble 3.0. Coming Up On This Week’s Where’s Your Ed At Premium: • The Rot-Com Bubble — A Guide To How The AI Bubble Got Inflated

• Why You Keep Being Told AI Is Powerful

• How The AI Industry Is Almost Entirely Wrappers For OpenAI and Anthropic’s Models

• How NVIDIA’s Findom Operation Conned Every Hyperscaler

• How Microsoft’s AI Strategy Has Fallen Off The Rails

• How Google Is Using AI To Destroy Its Legacy

• How Amazon Lost The Plot And Became Anthropic’s Paypig

• How Mark Zuckerberg Burned $158 Billion To Buy GPUs For Effectively No Reason

• How SpaceX Became Musk’s Last Gasp Attempt For Exit Liquidity

• How Anthropic Is The Greatest Exploitation of the Media and Economy In Tech History To Prop Up An Unsustainable Company Run By The Most Annoying People Imaginable

• How OpenAI Became A Miserable Failson With Too Many Ideas, Unsustainable Economics, and No Plan For The Future

• How The ROI Conversation Could Burst The AI Bubble

A little while ago, we considered how the cover of the book C++: The Programming Language raises questions not answered by the cover , since the cover illustration for a book putatively about the C++ programming language shows code written in JavaScript.¹ But there’s also a question raised by the back cover.

According to the blurb for the book,

The topics included in it are of utmost significance and are bound to provide incredible insights to students. Some of the diverse topics covered in this text address the varied branches that fall under this category. Those in search of information to further their knowledge will be greatly assisted by this textbook.

This sounds like a book report written by a student who didn’t read the book! Those sentences could be used to describe pretty much any textbook.

Indeed, I found nearly identical sentences in the blurb for Casting Handbook (Hannah Wells, editor).

The topics included in this book on casting are of utmost significance and bound to provide incredible insights to readers. Some of the diverse topics covered in this book address the varied branches that fall under this category. It will serve as a valuable source of reference for graduate and post graduate students.

And in Food Industry: Processes and Technologies (Kaden Hunt, editor):

This book is compiled in such a manner, that it will provide in-depth knowledge about the theory and practice of the workings of food industry. Some of the diverse topics covered in this text address the varied branches that fall under this category. This textbook, with its detailed analyses and data, will prove immensely beneficial to professionals and students involved in this area at various levels.

And in Nutrition and Metabolism: Processes and Technologies (Kaden Hunt, editor):

This book provides comprehensive insights into the field of nutrition and metabolism. It provides deep insights about this field. Some of the diverse topics covered in this text address the varied branches that fall under this category. Such selected concepts that redefine this subject have been presented in it. This book aims to shed light on some of the unexplored aspects of this field. It is meant for students who are looking for an elaborate reference text on nutrition and metabolism.

One more example: Material Science and Engineering (Emilio McMahon, editor)

The book aims to shed light on some of the unexplored aspects of materials science and engineering. It describes in detail the various concepts and theories of this field. The topics included in it are of utmost significance and bound to provide incredible insights to students. Some of the diverse topics covered in this book address the varied branches that fall under this category. This textbook is an essential guide for both graduates and post-graduates in this discipline.

The common thread is that all of these books are published by Larson and Keller. I guess they can’t be bothered to spend time crafting a blurb that suits the book, so they just use the same blurb template for all of their books.

¹ Rory Jaffe found that the book cover image it is an Alamy stock photo from 2013 with the title “Program code on a monitor.”

The post The back cover of <I>C++: The Programming Language</I> also raises questions not answered by the front cover appeared first on The Old New Thing .

Since the PiKVM came out in 2017, there's been an explosion of IP KVMs. I've tested almost every one . But what are they good for?

You can use Remote Desktop, Screen Sharing, or VNC to remote control a computer from anywhere on a LAN. And if you don't have a private VPN, you could use RealVNC , Raspberry Pi Connect , or wire up Tailscale or Pangolin for fully remote access. Those solutions are great, and so is SSH if you don't need a full desktop.

Yesterday I wrote a post showing that the trapezoid rule evaluates the integral

very efficiently. But how do we know what the exact integral is for comparison? If you ask Mathematica, it will tell you the integral equals −2π J 1 (1) where J 1 is a Bessel function. This may seem like rabbit out of a hat, but it’s actually a simple calculation given the integral definition of Bessel functions:

Since cosine is even, we can write our integral over [−π, π] as twice the integral over [0, π]. Then a change of variables turns this into the definition of J n ( z ) with n = 1 and z = 1.

A deeper question is what have we accomplished by just giving a new name to essentially the same problem we started with. Another question is why in the world are Bessel functions defined as above.

As for what we’ve accomplished, we’ve related out integration problem to a very well-studied function. Bessel functions have been studied for two centuries and it’s easy to find software to evaluate them. Even the usually minimalist command line calculator bc has a function j(x, n) for evaluating J n ( x ) for integer values of n . We could calculate our integral to 50 decimal places as follows.

~$ bc -l >>> scale = 50 >>> -8*a(1)*j(1,1) -2.76491937476833705153256665538788207487495025542883 Note that bc doesn’t have a value of π built in, but a(x) evaluates the arctangent function, and π = 4 arctan(1).

There are multiple ways of defining Bessel functions. The three main ways would be in terms of their power series, in terms of the differential equations they solve, and in terms of their integral representation. Friedrich Bessel defined what we now call Bessel functions of the first kind, the J n functions, in terms of their integral representations.

Why did Bessel care about these integrals? They came out of his calculations in celestial mechanics. One example of this is solving Kepler’s equation with Fourier series; the Fourier coefficients are given by Bessel functions. Bessel functions had occurred in applications before Mr. Bessel drew attention to them and studied them methodically.

Mathematics is developed inductively but taught deductively. It’s common for things to be kicked around for years before someone decides they deserve a name and systematic study. See this post on the central limit theorem for another example. The CLT is older than the Gaussian distribution, even older than Gauss.

Related posts

• FM radio and Bessel functions

• Vibrating circular membranes

• Fourier-Bessel series

The post Mr. Bessel’s eponymous functions first appeared on John D. Cook .

In most package managers a dependency’s install-time code runs by default the moment you install it: an npm postinstall, a Setuptools setup.py , a CPAN Makefile.PL , an RPM scriptlet, a Conda post-link, a Debian postinst . A handful require explicit per-package opt-in before any of that code runs, usually called an allowlist or a trusted-dependencies list depending on the tool.

Per-package opt-in lists name which dependencies may run their install code: npm, pnpm, Bun, Deno, and Composer plugins all work this way. Global sandboxes (opam, Swift Package Manager, Nix, Guix, Portage) take a different shape, executing everything but constraining what that execution can reach. Identity and signature verification (RubyGems trust policies, Gradle dependency verification, NuGet trustedSigners, apt-secure) gates which artifacts get installed in the first place by who signed them, with no bearing on what their code subsequently does.

An npm postinstall, a setup.py, a Makefile.PL or an RPM scriptlet fires during fetch or unpack. A Cargo build.rs or a Zig build.zig runs when the project is compiled, which on a fresh build is functionally the next step but is structurally distinct. JVM build files (Gradle’s Groovy or Kotlin, Maven’s plugin goal invocations, SBT’s Scala) execute earlier still, before any project source touches the compiler.

JavaScript

npm shipped per-package allowlists in 11.10.0 (February 2026) via an allowScripts field in package.json , managed by npm approve-scripts and npm deny-scripts , with entries pinned to a specific version ( pkg@1.2.3: true ) by default and denials written name-only.

Behaviour in 11.x is advisory: scripts still execute, an end-of-install summary names anything unreviewed, and the docs signpost a hard block in a future release. The similarly-named npm trust command added in the same release is for OIDC trusted publishing rather than script execution.

pnpm v10 (January 2025) blocked install scripts by default , reading the allowlist from onlyBuiltDependencies / neverBuiltDependencies in package.json or pnpm-workspace.yaml . v11 consolidated those into a single allowBuilds map, with dangerouslyAllowAllBuilds as the escape hatch. The companion pnpm approve-builds (added in 10.1.0) is an interactive picker that accepts --all for CI and from v11 takes positional arguments like pnpm approve-builds esbuild fsevents !core-js . Packages not on the list fail the install when strictDepBuilds is true (the v11 default) and warn otherwise.

Yarn Classic (v1) has no native per-package mechanism, only the global --ignore-scripts flag, with yarnpkg/yarn#7338 tracking the feature request. The @lavamoat/allow-scripts project retrofits one across Yarn v1.22+, Yarn Berry v3+, npm v8+, and pnpm: it disables scripts at the package-manager level then drives execution from a lavamoat.allowScripts map in package.json . Yarn Berry (v2+) is declarative: set enableScripts: false globally in .yarnrc.yml , then opt packages back in via dependenciesMeta.<pkg>.built: true . No interactive approval command exists, and workspace packages always run their own scripts regardless of the global setting.

Bun blocks install scripts for dependencies by default and ships a built-in default allowlist of well-known packages ( esbuild , fsevents , others) auto-trusted only when sourced from the npm registry. The trustedDependencies array in package.json overrides that list, so opting a single package in drops the default-trusted set entirely. Trust is added by name via bun pm trust <pkg> or bun add --trust <pkg> (which pulls in the package’s transitive deps), and bun pm untrusted lists packages with install scripts that haven’t been granted trust.

Deno never runs npm lifecycle scripts unless explicitly approved, via the --allow-scripts=<pkg> flag on deno install and deno cache (Deno 1.45/1.46, mid-2024) that accepts comma-separated specifiers like npm:sqlite3,npm:esbuild@0.21.5 . Deno 2.6 (December 2025) added deno approve-scripts , which persists per-package decisions into deno.json . Packages without approval have their scripts skipped at install time and listed in an end-of-install warning so they can be reviewed before the next run.

PHP

Composer’s top-level scripts field carries lifecycle hooks tied to events like pre-install-cmd and post-update-cmd , but only the root package’s scripts run during install: a dependency’s scripts never execute in the parent project, unlike npm’s postinstall . Plugins are the actual transitive execution surface, and the allow-plugins configuration key (Composer 2.2, 2021-12-22) made plugin activation explicit per package.

The key takes "vendor/package": true|false entries with wildcard support ( "vendor/*": true ), defaults to {} , and prompts interactively for unlisted plugins while persisting the answer. Non-interactive runs ( --no-interaction , CI) install the package into vendor/ but skip executing its plugin code, so an unlisted plugin doesn’t break the install, it just doesn’t activate.

Python

Python wheels conventionally have no install-time hooks, so for Python the install-script question becomes whether a package may execute PEP 517 build backend code locally when the resolver picks an sdist over a prebuilt wheel.

Pip has no per-package allowlist for that. pypa/pip#425 , opened in 2012 under the title “pip should not execute arbitrary code from the Internet”, captures the historical position. The closest controls are global: pip install --only-binary :all: refuses source distributions entirely, with --no-binary <pkg> available as a per-package exception. Secure installs recommends pairing --only-binary :all: with --require-hashes . The inverse --only-binary-except=<pkg> is tracked at pypa/pip#10724 .

pypa/pip#13079 (fixed in pip 25.0) showed that wheels aren’t inert in practice: a malicious wheel could overwrite pip’s own internal modules and execute code at the tail of pip install .

uv has per-package source-build controls via a set of settings that pair global and per-package toggles: no-build and no-build-package refuse sdists, no-binary and no-binary-package force source builds, no-build-isolation and no-build-isolation-package toggle PEP 517 build isolation. The combination amounts to a per-package allowlist for which packages may execute build backend code locally. astral-sh/uv#11682 asked for only-binary to gain a persistent project-level form alongside the existing CLI flag.

Poetry exposes installer.only-binary (Poetry 2.0.0+) and installer.no-binary as comma-separated package lists or the special values :all: / :none: . Combining installer.only-binary = ":all:" with installer.no-binary = "pkgA" produces a per-package source-build allowlist by composition, since the docs state that explicit package names override :all: . PDM has --no-isolation for build isolation but no no-binary-package equivalent in the CLI reference . Pipenv has neither natively. The documented workaround is --extra-pip-args="--only-binary=:all:" or setting PIP_NO_BINARY / PIP_ONLY_BINARY for pip to read directly.

Conda packages can ship pre-link , post-link , and pre-unlink shell scripts that run on the user’s machine during install and uninstall. The link-scripts documentation advises authors to avoid them but documents no allowlist, no .condarc toggle, and no CLI flag to disable them. Conda’s security configuration knobs ( safety_checks , extra_safety_checks , signing_metadata_url_base , channel allowlist/denylist) cover artifact integrity and channel provenance, not per-package script execution. Mamba and micromamba reimplement the install model and inherit the same gap.

The indirect mitigation is that noarch: python packages are required by policy not to ship link scripts, so restricting yourself to noarch: python deps avoids the surface for pure-Python work.

Ruby

RubyGems and Bundler have no per-gem allowlist for install-time code execution. Gems with ext/<name>/extconf.rb run arbitrary Ruby at install time to configure native extension builds, and the same applies to Rakefile / mkrf_conf variants declared under a gem’s extensions list. The signing and trust-policy mechanism at guides.rubygems.org/security ( LowSecurity , MediumSecurity , HighSecurity ) checks who published a gem, not whether it may run install-time code. bundle config build.<gem> -- --with-foo passes arguments to native builds without gating whether they happen.

Perl

CPAN distributions ship a Makefile.PL (ExtUtils::MakeMaker) or Build.PL (Module::Build) which are ordinary Perl scripts executed at install time by cpan , cpanm , or cpm . There is no per-distribution capability gate, no first-time prompt, and no equivalent of allow-plugins . CPAN.pm exposes makepl_arg , mbuildpl_arg , and prerequisites_policy knobs for tuning how Makefile.PL is invoked and how dependencies are resolved, none of which gate whether the code runs.

Systems languages

Cargo runs build.rs and proc-macros as ordinary host-native Rust code during every cargo build , test , run , and install against the affected crates. Proc-macros execute inside the rustc process during compilation, so any procedural-macro dependency runs its code on every build. There is no global flag to disable proc-macros and no sandbox around the script process. A crate’s own Cargo.toml can set build = false to suppress its own build script, but consumers cannot disable a dependency’s build.rs .

The long-running tracking issues are rust-lang/cargo#5720 (sandbox/jail build scripts, July 2018) and rust-lang/cargo#13681 (build script allowlist mode, April 2024), plus the compiler-team MCP proposing an isolating runtime shipped via rustup, none of which has landed. cargo-vet and cargo-crev flag custom-build crates for reviewer attention; neither prevents execution.

Go modules don’t run downloaded code beyond compiling it, with go run , go test , and go generate documented as the explicit exceptions in Russ Cox’s “Command PATH security in Go” . There is no per-module trust mechanism because nothing third-party runs in the first place. The cgo #cgo CFLAGS: and LDFLAGS: directives have been the escape hatch. CVE-2018-6574 , CVE-2024-24787 , and #42559 were each mitigated by extending a hard-coded allowlist of permitted compiler/linker flags in the toolchain. CVE-2023-39323 addressed an adjacent surface by restricting //line directives in cgo-generated files. No per-module grant was added in any of these cases.

Swift Package Manager runs both Package.swift manifest evaluation and package plugins inside a sandbox (sandbox-exec on macOS) with no network access and writes restricted to a per-plugin temporary directory by default. Plugins that need more declare permissions in their target definition using PluginPermission : writeToPackageDirectory(reason:) and allowNetworkConnections(scope:reason:) with scope none , local(ports:) , all(ports:) , docker , or unixDomainSocket . The user is prompted on a TTY ( PR #5483 ) or must pass --allow-writing-to-package-directory / --allow-network-connections non-interactively, with decisions scoped per package.

The permission-grant model covers command plugins but not build tool plugins. Build tool plugins still run inside the sandbox by default but cannot declare or be granted writeToPackageDirectory / allowNetworkConnections . The build-tool sandbox permissions pitch tracks the extension to that surface.

Zig’s build.zig is arbitrary Zig code compiled to a native host binary and executed by zig build , including for every transitive dependency pulled in by the package manager. There is no sandbox and no per-package gate. The proposal at ziglang/zig#14286 (open, labelled urgent ) has no merged implementation yet. It would compile every build.zig to wasm32-wasi and emit the build graph as data for a separate build_runner to execute under whatever permissions are granted.

JVM

JVM dependencies are passive JARs that don’t execute on resolve or install. Build-time plugins are the execution surface.

Maven has no built-in allowlist of which plugins may load. Plugin goals execute as ordinary Java during the build lifecycle . The Maven Enforcer plugin’s bannedPlugins and bannedDependencies rules are blocklists with includes carve-outs, so an allowlist has to be expressed as banning * and re-including specific GAVs. Core extensions declared in .mvn/extensions.xml load into Maven’s core classloader before the build starts, with no signature check or allowlist.

Gradle’s build.gradle(.kts) , settings.gradle(.kts) , convention plugins, and applied plugins all execute arbitrary Kotlin/Groovy at configuration time, with no per-plugin code-execution allowlist. Dependency verification via verification-metadata.xml covers regular dependencies and plugins through checksum and PGP signature verification of artifact identity. That establishes who published the artifact, not what its code may do. Init scripts ( -I , $GRADLE_USER_HOME/init.gradle(.kts) , init.d/*.init.gradle(.kts) ) run unconditionally with no signature check. The configuration cache serialises the configured task graph for performance, not to restrict what plugin code may do.

SBT plugins declared in project/plugins.sbt run at build configuration time with full JVM access. The official docs describe classloader-level encapsulation between plugins and build definitions as an authoring convenience, not a security boundary. There is no allowlist or signature verification analogous to Gradle’s verification-metadata.xml , and SBT inherits whatever artifact-verification posture the underlying Ivy or Coursier resolver provides. Leiningen and Mill take the same approach, with project.clj in Clojure and build.sc in Scala running as configuration-time programs and neither providing a per-plugin allowlist.

Bazel sits at the opposite end of the JVM build-tool spectrum. BUILD files and .bzl extensions are written in Starlark , a Python dialect with no clock access, no recursion, no

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

We will no longer accept public pull requests. [...]

A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. [...]

Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.

— Andreas Kling , Changing How We Develop Ladybird

Tags: ladybird , ai-ethics , open-source , generative-ai , ai , andreas-kling , llms

I have written before about putting a cache in front of snac , and more recently about the HAProxy layer in front of FediMeteo . The general idea is always the same: the reverse proxy should absorb the repetitive, public work that has no business reaching the application server.

This post is the same idea applied to a much louder neighbour: a Mastodon instance. The instance is mastodon.bsd.cafe , the proxy is nginx on FreeBSD, and the configuration below is what I am currently running in production.

Mastodon is heavier than snac in every direction. It has Puma and Sidekiq behind it, more endpoints, more streaming, more federation patterns, and one specific characteristic that complicates everything: it serves multiple representations on the same URLs. The same path returns HTML to a browser, ActivityPub JSON to a remote instance, and sometimes plain JSON to an API client. If the proxy treats the URL as one thing, sooner or later it will return the wrong thing to the wrong client.

Most of the work below comes from that single observation.

If I had to summarize this whole post in a single sentence, it would be this:

Mastodon is not a website. It is a website, an API, and an ActivityPub server, all sharing the same URLs.

Everything else in this configuration - cache keys, variants, bypass rules, the diagnostic headers - is decoration around that one fact.

A popular toot from a friend gets boosted. Twenty federated instances ask for the same ActivityPub object within the same second. Browsers fetch the HTML version of the same URL. If the proxy sees only "a URL", it will eventually betray you: a remote instance will receive HTML, a browser will receive ActivityPub JSON, and you will spend an afternoon wondering why your timeline looks broken on three different servers. I have spent that afternoon. I do not recommend it.

Assumptions before anything else

Before any directive, this configuration assumes a few things about the instance. If any of these does not match your setup, the directives still make sense, but you must read the caveats at the end before adapting them.

The first assumption is that AUTHORIZED_FETCH (secure mode) is disabled. With secure mode off, all ActivityPub GET responses cached at the proxy layer are public and identical regardless of the requesting actor. With secure mode on, Mastodon can legitimately return different bodies depending on which remote actor is asking, and caching them blindly at the proxy becomes at best wasteful, at worst a cache-poisoning surface.

This is not a hypothetical. CVE-2026-25540 , fixed in Mastodon 4.3.19, 4.4.13, and 4.5.6, is exactly this kind of mistake, but inside Mastodon's own Rails.cache : the pinned posts and featured hashtags endpoints had actor-dependent ActivityPub responses but were keyed without the actor. The CVE does not directly apply to nginx caches, but the underlying lesson does. Do not cache what depends on the caller unless the caller is part of the cache key. Keep this rule in mind every time you are tempted to cache a federation endpoint "just in case".

The second assumption is that no signed-URL storage backend sits behind /system/ or /media_proxy/ . If those paths ever redirect to short-lived presigned S3 or SeaweedFS URLs, my TTLs below are too long: nginx will happily cache a redirect to a URL that has already expired.

The third assumption is that federation traffic uses HTTP Signatures, not the HTTP Authorization header. Mastodon signs federated GETs with the Signature header. The Authorization -based skip-cache rule further down catches API tokens, not signed federation traffic. If you enable AUTHORIZED_FETCH , you must add an explicit skip rule for $http_signature .

I am being deliberate about these assumptions because the configuration that follows is internally consistent only as long as they hold.

The proxy in front of mastodon.bsd.cafe has three jobs:

TLS termination, microcaching of expensive endpoints (especially federation-heavy collections and default public routes), and long-lived caching of immutable assets and user media.

The point is not to replace Mastodon's internal Rails cache. The point is to absorb spiky federation traffic and repetitive asset fetches that would otherwise hit Puma and Rails for every single request.

The strategy is deliberately layered: very long TTL on fingerprinted assets, medium TTL on user-uploaded media, very short microcache on dynamic pages and federation endpoints that get hammered, and explicit bypass rules for anything private, authenticated, actor-dependent, or otherwise unsafe.

Every cacheable layer is keyed correctly for content negotiation. That is the part that matters most.

The cache zone

A single cache zone is shared across all Mastodon locations:

proxy_cache_path /var/cache/nginx/mastodon levels=1:2 keys_zone=mastodon_cache:200m max_size=20g inactive=24h use_temp_path=off;

200m of keys zone holds metadata for roughly 1.6 million entries in RAM. The body can grow up to 20g on disk. The two numbers are independent: keys live in shared memory, bodies live on the filesystem, and the cache key is what links them.

inactive=24h evicts anything not requested for a day, even if there is free space. This is intentional. I do not want a long, cold tail of stale entries to squat in the cache forever. I want the working set to remain hot, and I want the rest to fade.

use_temp_path=off is small but important. By default nginx writes a cached response to a temporary file and then renames it into place. If the temp path and cache path are on different filesystems, that cheap rename becomes a real copy. Setting use_temp_path=off puts temporary files directly under the cache directory and avoids that trap. It is the kind of detail nobody mentions until something is suspiciously slow.

Of all the maps in this configuration, only one really earns its place. This one:

map $http_accept $mastodon_cache_variant { default "default"; "~*application/activity\+json" "activitypub"; "~*application/ld\+json" "activitypub"; "~*application/json" "json"; "~*text/html" "html"; }

Mastodon serves the same URL with different bodies depending on the Accept header. A status URL like /@user/123456789 returns rendered HTML to a browser and an ActivityPub object to another federated instance. If you cache by URL alone, the first request that comes in wins and the next request receives the wrong content type. Instances start federating HTML, browsers start downloading JSON, and the failure is subtle enough to waste hours.

The map normalizes Accept into four buckets - activitypub , json , html , and default - and the result is folded into the cache key in every location that does content negotiation:

proxy_cache_key "$scheme$host$request_uri|accept=$mastodon_cache_variant";

Coalescing equivalent MIME types is intentional. application/activity+json and application/ld+json both map to activitypub , because splitting them across two cache buckets would fragment the cache for no useful operational gain.

A subtle point I want to be explicit about: I do not include $request_method in the cache key. nginx already converts HEAD into GET for caching purposes by default, which is what I want here. A HEAD request on /@user/123 should hit the same cache entry as a GET request on the same URL. Adding the method would only separate them for no benefit.

During rollout I also expose the selected variant as a response header:

add_header X-Cache-Variant $mastodon_cache_variant always;

The header is there to verify the behaviour in production. It can come off once the configuration has proved itself, but I tend to leave it on. A cache that works should be visible. A cache that is invisible can be correct, but it can also be silently wrong, and I would rather know.

This is the first real gotcha, and I want to spend a moment on it because it caught me out the first time I configured a similar setup.

nginx honors the upstream Vary response header in addition to proxy_cache_key . If Mastodon emits Vary: Accept , or worse, Vary: Accept, Cookie, ... , my carefully normalized variant key gets paired with nginx's native Vary handling. The result is that the cache may still fragment on the full, un-normalized Accept header - which defeats the entire point of the variant map.

There is another, very specific failure mode on older or unpatched nginx builds. nginx stores the Vary value in a fixed-size cache metadata field. Historically that field was 42 bytes, which is famously short and almost charmingly suspicious of being a Douglas Adams reference. Modern nginx raised the limit to 128 bytes, which is enough for the common cases but still surprisingly small. If your upstream emits a long Vary header, anything beyond the limit is treated as Vary: * , which means the response is not cached at all. The only signal you get is a critical line in the error log, and unless you are looking for it, you will not see it.

The operational lesson is the same in both cases: if you rely on your own normalized variant key, do not assume upstream Vary is harmless. Check your nginx version, check your error log, and verify cache behaviour via X-Cache-Status and X-Cache-Variant .

On the locations where the variant map is the cache dimension I care about, I take responsibility explicitly:

proxy_ignore_headers Vary;

This tells nginx to stop using upstream Vary to protect me. That is fine only if my own cache key and request normalization cover every response dimension that matters. In particular, I make sure the backend is not also varying on Accept-Encoding in a way that would create compressed and uncompressed variants behind my back. The cleanest way to avoid that is not to forward Accept-Encoding to the backend at all, and let frontend nginx handle compression itself:

proxy_set_header Accept-Encoding "";

This is the kind of decision I prefer to be explicit about. Ignoring Vary is not magic. It is a responsibility, and it should be paired with the rules that take its place.

Rather than build one giant boolean to decide what bypasses cache, I prefer to decompose the logic into small orthogonal maps. Each map is 1 when caching must be skipped, and the final decision is an OR of all of them.

map $request_method $skip_cache_method { default 1; GET 0; HEAD 0; }

map $http_authorization $skip_cache_auth { default 1; "" 0; }

map $http_cookie $skip_cache_cookie { default 1; "" 0; }

map $uri $skip_cache_uri { default 0; ~^/auth 1; ~^/oauth 1; ~^/settings 1; ~^/admin 1; ~^/api/v1/custom_emojis$ 0; ~^/api/v1/instance$ 0; ~^/api/v2/instance$ 0; ~^/api/v1/trends/tags$ 0; ~^/api/oembed$ 0; ~^/api/ 1; }

The reasoning is straightforward. Only GET and HEAD are cacheable; everything else, including POST , DELETE , PUT , and ActivityPub deliveries, must pass through. Any request carrying an Authorization header is an API call with a token, and those are never public. Any request with a cookie is potentially logged-in traffic, and caching logged-in pages would leak personal timelines across users. Auth flows, settings, admin, and most of the API bypass the cache by URI, while a small, carefully chosen set of slow-changing public API endpoints is allowed through.

The important caveat I want to underline: the Authorization map does not catch signed federated GETs. Mastodon federation uses HTTP Signatures, which means the relevant request header is Signature . If AUTHORIZED_FETCH is enabled, you must add a parallel map:

map $http_signature $skip_cache_signature { default 1; "" 0; }

and then include it in both proxy_cache_bypass and proxy_no_cache . Do this before enabling secure mode, not after.

The maps are used together in each cacheable location:

proxy_cache_bypass $skip_cache_method $skip_cache_auth $skip_cache_cookie $skip_cache_uri; proxy_no_cache $skip_cache_method $skip_cache_auth $skip_cache_cookie $skip_cache_uri;

Both directives are necessary. proxy_cache_bypass means "do not read from cache for this request". proxy_no_cache means "do not write this response to cache". Without proxy_no_cache , a logged-in user's response could still poison the anonymous cache. Without proxy_cache_bypass , a request that should have gone straight to the backend might still receive a cached anonymous response. I keep both, every time.

Most locations share a common proxy baseline. There is nothing clever here, but if any of these lines is missing the rest of the configuration quietly does less than expected.

proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; proxy_set_header Accept-Encoding "";

proxy_http_version 1.1 and proxy_set_header Connection "" matter for upstream keepalive. Without them, nginx may use HTTP/1.0 semantics upstream and send Connection: close on every request, which makes the keepalive directive on the upstream block far less useful than it looks.

proxy_set_header Accept-Encoding "" keeps backend responses uncompressed so nginx can cache a single representation and handle client-facing compression itself. It also prevents accidental cache fragmentation through Vary: Accept-Encoding , which would otherwise creep in despite the variant map.

These settings are not exciting, and they should not be. The interesting parts of an infrastructure are not always the parts that should be unusual.

The Mastodon server block in my configuration ends up with seven distinct request profiles. Six of them cache; one explicitly does not, because streaming is not a cacheable workload.

I do not group them under one location / with a giant if block. I prefer to keep each profile in its own location, even if some of them look similar. When something goes wrong in production, I want to

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

I recently completed my first long trail race, set in the Southern Drakensberg mountains with Emma, my siblings and their partners. It spanned 2 days with 30km on the first, and 15km on the second, winding through valleys and around mountains. It was spectacular. I love coming to the Drakensberg, which is a beautiful and unique mountain range, and I'm glad to have the excuse to be here.

While I'm generally an active person, I've never been a runner. My first proper run (more than 3km) was in January this year after my brother twisted my (and Emma's) arm into signing up for this race. Since this was not a trivial distance, it meant I couldn't just wing it on my base fitness, and so Emma and I started running 2-3 times a week in preparation. We had 15 weeks until the event and settled on a fairly simple training plan:

• Run 5km each Wednesday, usually on the Sea Point Prominade, while increasing the speed gradually each week (it took me a few weeks to get to the initial 5km though)

• Longer trail runs on the weekend, generally on Table Mountain or in the Cape Winelands, increasing distance by about 1km each week

• Hop on the treadmill at a reasonably fast pace for about 20 minutes after gym one day a week

We didn't stick to this plan exactly, especially since the final 4 weeks coincided with our trip to Japan, but we stuck to the spirit of this plan, and it worked out quite well, with our running fitness increasing quite dramatically over that period without any injuries or overreaching.

This is in contrast to other times in my life where I'd try to get into running, start off too ambitiously, become a sweaty, exhausted mess with creaky joints, and ultimately decide that running just isn't for me . Because we capped the increase of speed and distance over time to no more than 10% per week, each run was challenging but not insurmountable. It was also nice to see how quickly running fitness increases when compared to strength, which can take months to see measurable gain (after the initial neural adaptation).

One caveat is that I hate cars too much to enjoy road running, and the symmetric, hard surface makes my right knee ache in a way that trail running doesn't. Plus being on a mountain is so much prettier than the asphalt city grid or suburbs.

What I enjoyed the most about this experience was how it opened up a whole other world of events and community that is both accessible and affordable. There was suddenly an excuse to get out onto the mountain at least once a week with friends. To go out to parts of the surrounding countryside that I'd never been to before, stand in the chilly morning air while sipping on instant coffee from a chipped enamel cup, then run through it while the sun came up.

The event we ultimately completed—The Giant's Cup—was a particularly good one in that it was a destination event, and a non-trivial run with people I love and enjoy spending time with. And while I may never become a Runner (I'm by no means placing), I'm certain that I'll be a runner for the next several decades.

Jean Buridan was a 14th-century French philosopher and logician who twice served as rector of the University of Paris. His subject was the will, and he made an austere claim: the will follows the intellect. Show a rational creature the greater good and it'll pick the greater good. On Buridan's account, the will keeps one freedom - the power to defer the intellect's verdict and call for more inquiry before it acts. But if the will only moves once reason names a winner, what happens when the options come out entirely even? Buridan's posthumous critics illustrated the problem with what became known as Buridan's Ass: put a standard-issue donkey midway between two identical bales of hay. It has no reason to prefer the left bale to the right, so by Buridan's own logic it can't move, and it must stand in place until it starves. The rational animal should hold off and keep deliberating. Suspend action, wait for new information, look harder, and trust that more reflection turns up some asymmetry that lets the animal move. Give reason enough time, and the tie breaks. While the intellect waits for a reason to decide, the donkey is still hungry. Deliberation happens over time, and living things have to actually eat. A theory of choice that says "wait for sufficient reason," for an indeterminate stretch, assumes an animal that can afford the wait. So does any other decision process that lets you burn weeks at a time hoping the data will tip on its own. The donkey's problem is a constraint that holds for arbiters, circuits, and in fact any system forced to convert a gradient of reasons into a binary act. Even a perfectly rational decider, handed perfectly balanced inputs, has no guarantee of choosing in time. The tie isn't always breakable on demand. The computer scientist Leslie Lamport argued that "a discrete decision based upon input having a continuous range of values cannot be made within a bounded length of time," and that this "appears to be a fundamental law of nature." He called it Buridan's Principle. Well, I'm sorry to tell you, but the donkey is back. He's sitting at your desk, in front of a chat window, asking an AI to help him decide between two product decisions, and he's getting nowhere. The donkey is, in fact, you. Before you clutch your pearls or retreat to a safe space, rest assured, he's me too. He's every one of us, caught in the recursive loop of AI iteration and feedback, gradually receding into AI indecision. Let me illustrate. You have to decide whether to sunset a product line that three people depend on, or pour money into it for two more quarters. It's a captain's call, and a hard one. So you open a chat and lay it out. The model gives you a clean, fair breakdown: the case for sunsetting, the case for keeping it, and the risks on each side. Useful, surely? Helpful, surely? You then ask it to weigh the factors. And it does, with hedges about how only you know your values. You ask it to assume your values. It asks clarifying questions. You answer them. It generates a recommendation, then notes that the recommendation depends on assumptions you might want to revisit. So, with its help, you revisit them, and the loop begins again. An hour passes, two hours, three days, three weeks of talking and weighing and feeding back again and again, and somehow you've still not actually decided anything. You've only refined the shape of your indecision. The models mirror human uncertainty with endless patience. The only thing standing between you and an unbreakable loop is your willingness to keep asking, keep prompting, keep pasting. Ask a language model whether to take Path A or Path B and it won't refuse the request entirely. It'll lay out the considerations on each side, and if you're using a more recent model it may push back with a hint of firmness. But ask again, and keep asking, and it'll offer a balance and then immediately surface the conditions under which the recommendation would flip. The model is doing what it was trained to do: give you an analysis and respect your autonomy, while avoiding the confident pronouncement that might mislead you. You came to the model wanting to be pushed, wanting someone or something to break the tie, and you got an oracle that hands the tie-breaking back to you with every prompt. Decision paralysis predates AI by, conservatively, all of human history. The Stoics worried about it, and so did the medieval scholastics. Thinking and rethinking so thoroughly colonized action in Hamlet that no amount of further thinking could break the loop, with every reflection generating new reasons for more reflection, leading to the famous lines: "Thus conscience does make cowards of us all, and thus the native hue of resolution is sicklied o'er with the pale cast of thought." William James, in his 1890 Principles of Psychology, described how deliberation can become its own pathology, a condition he touched on in his discussion of the "obstructed will." The mind in deliberation generates resistance to its own conclusions, and weighing options can become a posture instead of a passage. James was working within the limits of unaided human cognition, where most people, faced with a hard decision, would eventually exhaust their available perspectives and either decide or not decide, which meant the deliberation had natural endpoints. But AI changes the scale, and those endpoints are now deprecated. You can always generate one more angle, one more historical analogy. Your willingness to keep asking is the only constraint. Eisenhower, planning the D-Day invasion, gave the order early on June 5, 1944 to launch the next day, despite meteorological uncertainty that would have justified more delay. He'd had his weather briefings and consulted his commanders, but the cost of more deliberation, in his judgment, exceeded the cost of acting on imperfect information. By then, any more information-gathering would have been a way of avoiding the actual act of choosing. Most of the content of your chat-based deliberations is already known or knowable to you, on some level, before you start typing. The long deliberation will never produce new information; it produces either a permission structure or a way of justifying the choice you've already made to the internal critic who's never, ever satisfied. AI is the patient ear of that critic. Rilke, in his Letters to a Young Poet, wrote that we should "live the questions now," that some answers can only be found by living forward into them. You make the call, you walk down the path, and the path teaches you whether it was the right one. Even that teaching is partial, because the path you didn't walk is closed and its lessons are unknown. A Zen story: a student asks the master how to achieve enlightenment. The master says, "Have you eaten your rice?" The student says yes. The master says, "Then wash your bowl." Sooner or later, you have to take the next action. You have to close the tab and make the call. You have to wash your bowl. You have to pick a bale of hay and chow down. The alternative is to starve.

Ed Morrissey, writing for Hot Air, thinks Scott Pelley got what he deserved and Bari Weiss is doing a good job running CBS News:

And Pelley forgot the Golden Rule: He who has the gold makes the rules . Instead, Pelley convinced himself of his own virtue and torched his own position — and if Bilton’s letter is accurate, in as mean-spirited and conceited a manner as possible. Pelley could have chosen a dignified resignation under protest, but instead pulled a power move in an attempt to intimidate Bilton, Weiss, and Ellison, only to discover that no one feared his absence. In fact, they’re probably happy to cut him loose.

There’s always at least one person in these situations who thinks they’re untouchable. A wise executive knows to start by making an example of that person, and then see how many other people think they’re indispensable. It’s not as if TV news jobs are expanding these days, after all. Pelley’s going to find out the hard way that no one’s paying $5 million a year to emote into a camera from other people’s copy.

It doesn’t even enter this man’s little mind that Pelley wasn’t concerned about his job, wasn’t concerned about his salary, but was concerned only with the integrity of the institution to which he’d committed decades of his career, and that he saw as his duty the need to stand up for his remaining and former colleagues. That Pelley himself has integrity. To the Trump lickspittles, everything is performative. They don’t just lack integrity, they don’t believe integrity is real.

Katie Notopoulos :

The Scott Pelley story to me is a lesson in how if you work hard enough in your career to get Fuck You Money, the real reward is the day you need to say it, you can.

★

AI enthusiasts are in a race against time, AI skeptics are in a race against entropy

Charity Majors neatly captures the dynamic between AI enthusiasts and AI skeptics, both of whom are trying to build great software, often in the same teams:

The enthusiasts are not wrong . We are starting to see real, non-imaginary, discontinuous leaps in capabilities from teams that lean in hard to working with AI. And this does not feel like a normal technology cycle where you can wait for the dust to settle; teams that sit this out while competitors are hustling could be out of business before the dust settles. That’s a real, existential threat.

The skeptics are also not wrong . When you ship code faster than engineers can read it, in domains where nobody has full context, you are making withdrawals from a trust account that took years to build. Reliability degrades, institutional knowledge evaporates. You end up with systems nobody understands, products burbling into incoherence, and on-call rotations that grind people up and spit them out. That is ALSO a real existential threat.

Charity recommends treating this as both a leadership challenge and an engineering challenge. The key issue:

There is no natural feedback loop connecting enthusiasts with skeptics.

Designing feedback loops to help "mend the gap in shared reality" between the two groups is a fascinating organizational design problem.

Via Lobste.rs

Tags: ai , charity-majors , agentic-engineering

One reason people study Latin is that it is the ancestor of many modern languages. English derives from West Germanic languages, not from Latin, but much of English vocabulary, perhaps as much as 60%, derives from Latin, either directly or indirectly through French.

Knowing a bit of Latin makes sense of many things that would otherwise seem completely arbitrary, such as why the symbols for gold, silver, and lead are Au, Ag, and Pb respectively.

Similarly, ed(1) is the Latin of Linux [1]. Many conventions in command line utilities follow conventions that go back to the ed(1) line editor. They may go back even further. Just as Latin didn’t come out of nowhere, neither did ed(1), but you can’t go back indefinitely. It’s convenient to start history somewhere, and this post will start with ed(1) just as much discussion of Western linguistics starts with Latin.

The following are features of ed(1) that live on in sed, awk, grep, vi, perl, bash, etc.

• Using slashes to delimit regular expressions

• Using $ to indicate the end of a line or the end of a file

• The pattern of specifying address + action or address range + action

• Using regular expressions as address ranges

• Using \1, \2, etc to refer to regex captures

• Using & to refer to the entire matched text

• The g/regexp/command pattern

• Using p for printing lines, as in g/re/p

• The commands a, c, d, i, j, l, p, q, r, and w in vi

• ! for shell escape

[1] Because the name “ed” is so short, and looks so much like the name Ed, it’s convenient to use its full Unix name ed(1). The parenthesized number is used to disambiguate different things that have the same name, such as the user command kill(1) and the system call kill(2). There is no ed(2) or any other higher-numbered ed. The number is there to make the name stand out, not to disambiguate anything. The post The Latin of Linux first appeared on John D. Cook .

• •

Bear Mountain Bridge in New York, via Wikipedia . Many folks, including me , have observed that it seems to take much longer to build infrastructure in the US than it used to. People point to things like the rapid construction of the Empire State Building (one year) or the Golden Gate Bridge (just over four years) and note that for a modern infrastructure project it can take that long or longer to even get the permits or do the environmental studies. • •

Via Threads . Note that as of 2026 permit timelines for San Francisco housing have gotten much better. But when doing these sorts of comparisons, it’s important to compare like with like: specifically, we shouldn’t measure the time spent planning a project (which would include doing the environmental studies and securing the permits) against the time spent actually building it. (The Golden Gate Bridge, for instance, was constructed in four years from 1933 to 1937, but planning for the project began around 1921.) I wanted to get a sense of how planning times for major infrastructure projects in the US have evolved over time. To do this, I looked at planning and construction times for 67 major bridges built in the US since roughly the beginning of the 20th century. For each bridge, I noted the year that planning began, the year that construction began, and the year that it opened for service. 1 As usual with an exercise like this, the results you get will be a function of the definitions you choose. “Started construction” and “opened for service” are relatively unambiguous — but what specifically do we mean by “planning begins”? People will often float the idea of a bridge for years before anything resembling formal plans is in place; the idea for the Brooklyn Bridge, completed in 1883, apparently dates back to 1804, but it doesn’t seem reasonable to consider that early discussion the beginning of planning. On the other hand, if you choose something like “the government formally announces the project” as your criterion, that might exclude years of serious efforts to get a project constructed. I ended up choosing the “planning begins” date as the point when some organization connected with transit planning in some official capacity first announced or proposed the project. So for the Golden Gate Bridge, this would be 1921, when Chicago engineer Joseph Strauss and San Francisco city engineer Michael O’Shaughnessy prepared a joint proposal for the bridge. However, pinning these dates down was often difficult. Most bridges aren’t the Golden Gate Bridge, with lots of publicly available sources chronicling their design and construction. Often sources give a brief “planning begins” date without explaining what that meant specifically or what activities preceded it. And for some bridges, such as the New Tappan Zee Bridge, the decision to proceed with a bridge was preceded by years of studies on possible ways to expand transit capacity that considered many non-bridge options. For these, I tried to use the initiation of broader studies as the start of planning, but I suspect that these sorts of preliminary studies weren’t always documented. Overall I did my best to determine the dates, but I expect there to be errors and inconsistencies, and the results below should be taken with a grain of salt. Those caveats out of the way, let’s look at the data. The graph below shows planning times for each bridge on the list. The horizontal axis is the year when planning began for a particular bridge, and the vertical axis is total years of planning. And the graph below shows construction times for each bridge. Because there’s a lot of variation in both planning times and construction times, it’s useful to look at trends by age bracket. The chart below shows average planning times and construction times for 20-year age buckets, with pre-1900 and post-2000 bridges each given their own bucket. There are a few trends visible here. One is that bridge construction times fell from 1900 to the 1960s, but since then have risen. The average time to construct a bridge between 1980 and 1999 (6.5 years) was more than twice as long as the average construction time for bridges built between 1940 and 1959 (3.1 years). Construction times for bridges built between 2000 and 2025 are down from this peak (5.4 years), but they’re still well above the times of the 1920s through the 1950s. Planning timelines, on the other hand, show a somewhat different trend. At a high level, we do see something that looks like the “times fall, then rise again” pattern we saw with construction times: planning times fell in half from over 12 years between 1900 and 1919 to 6 years between 1960 and 1979, before rising again in the 1980s. But the 1980-1999 period planning times look fairly similar to every other period other than 1960-1979. It’s not clear that modern planning timelines, which are on the order of 10 years on average, are all that different from most historic ones. More recently, post-2000 planning times look even shorter (6.2 years on average), but this data is almost certainly biased downward because the bridges with long planning times haven’t been completed yet. A bridge that started planning in 2007 but has a 20-year planning timeline won’t start construction until 2027, and thus won’t show up in the data. A similar thing is probably taking place for pre-1900 bridges, which have planning times which are biased upward (since I was mostly picking bridges that were built after 1900). So we should be careful about drawing conclusions about planning times for these age brackets. One notable thing about recent bridge construction is that a very large fraction of modern bridges are replacements for existing bridges. Of the 17 bridges on the list that were completed after the year 2000, 14 of them were replacement bridges. Some of these were for bridges that collapsed, like the I-35W bridge replacement in Minneapolis; others were for bridges that were damaged and at risk of collapse, like the Penobscot Narrows Bridge in Maine; and some were for bridges that were near the end of their design lives, like Florida’s Pensacola Bay Bridge. All else being equal, I’d expect a replacement for an existing bridge to get built more quickly than a completely new bridge, because people will react more viscerally and negatively to a major traffic route being removed than they will for construction of a nonexistent bridge getting delayed. This visible sentiment probably creates a sense of urgency to replace an existing bridge that doesn’t exist for a completely new bridge that people haven’t developed expectations for. One illustration of this dynamic is that collapsed highway overpasses often get rebuilt exceptionally quickly. When a highway overpass in Atlanta collapsed following a fire, it was rebuilt in just six weeks . We saw something similar with collapsed highway overpasses in Los Angeles and Pennsylvania . (The long time its taking to rebuild the collapsed Francis Scott Key Bridge in Baltimore thus may be something of an outlier.) One other notable observation: there appears to be little relationship between planning times and construction times. Bridges that take a long time to plan might get built exceptionally quickly, and vice versa. 2 Which bridges on the list took the longest to plan? Here are the bridges with the five longest planning timelines. • Bear Mountain Bridge , New York, 54 years — The Bear Mountain Bridge, a suspension bridge in New York, was first planned in 1868, after a bill was passed by the New York legislature. There were a series of attempts to construct the bridge over the next 30 years, but none of them was successful in building more than foundations, and construction on the current bridge didn’t begin until 1922.

• Fremont Bridge , Oregon, 41 years — Planning for the Fremont Bridge in Portland dates back to 1927, when the City Council issued a “Major Traffic Street Report” which proposed a bridge across the Willamette River in the Fremont Bridge’s current location. The bridge was also suggested by the Oregon State Transportation Committee in 1933 and by Robert Moses in his 1943 planning study for the City of Portland. The site for the bridge was finally settled on in 1955, and construction began in 1969.

• Queensboro Bridge , New York, 34 years — The earliest proposals for a bridge between Manhattan and Queens date back to 1804, but the first serious efforts began in 1867, when wealthy Queens residents formed the New York and Long Island Bridge Company to build the bridge. The company hosted a design competition for the bridge in 1876, but work was slow to begin, and in 1890 a state justice ruled the charter invalid. In 1900, the city took over the company’s franchise to build a bridge, and construction began in 1901.

• Claiborne Pell Newport Bridge , Rhode Island, 32 years — Planning for the Claiborne Pell Newport Bridge in Rhode Island began in 1934 but was delayed until after World War II for unclear reasons. In 1948 the state created the Newport-Jamestown Civic Commission to explore ways to finance and construct the bridge, but construction didn’t begin until 1966.

• Verrazzano Narrows Bridge , New York, 31 years — In 1928, the chambers of commerce for several New York boroughs announced that the Interboro Bridge Company had proposed a “Liberty Bridge” that would connect Brooklyn and Staten Island. However, a vote on the proposed bridge in the New York legislature was blocked by congressman and future New York mayor Fiorello La Guardia. This was followed by plans for a tunnel (which were then shelved), then another bridge, then another tunnel, until finally the plans for a bridge were approved in the late 1950s. Construction began in 1959.

Conclusion Planning timelines for bridge construction in the US have not gotten obviously worse over the past several decades, though I suspect that the fact that most recently constructed bridges are replacing existing bridges is doing much of the heavy lifting here. This supports a vague notion I have that organizational success is often downstream of a culture of urgency — considering a problem important to actually solve and being willing to work hard on solving it. (You get the same sense of urgency when reading about how countries like Japan and Korea were able to build their commercial shipbuilding industries up from virtually nothing.) Perhaps the trick to making US infrastructure construction proceed more quickly is figuring out how to instill this culture of urgency in the agencies responsible for building it rather than relying on imminent infrastructure failure to create it. 1 I assembled this list by starting with the US entries for Wikipedia’s list of longest bridges and then removing entries that were causeways. I then supplemented this list by asking Claude Opus 4.7 which notable US bridges were missing.

2 If you limit this analysis to some age brackets, you can get some stronger correlations — bridges built between 1980 and 1999 have a negative correlation between planning times and construction times at R2 = -0.18 — but stretching out the windows of time tends to make these go away.

We got distracted by the rotation algorithm in gcc’s libstdc++, but let’s get back to the cycle decomposition algorithm in clang’s libcxx .

The implementation in clang’s libcxx performs the minimum number of swaps, roughly n /2, where n is the total number of elements. It does so by viewing the rotation as a permutation and walking through each of the cycles.

For notational convenience, let a be |A| and n be |A| + |B| (the total number of elements). The number of cycles is gcd ( a , b ), and the k ‘th cycle consists of the elements starting at first + k , and then stepping to the next element by moving forward another a elements, with wraparound, until you return back to the starting point.

For example, if you have |A| = 4 and |B| = 6, then the cycle that starts at A1 takes 4 steps forward to continues to B1; takes another 4 steps forward to B5; then takes 2 steps forward, wraps around, and then two more steps forward, landing on A3; then takes 4 steps forward to B3; and then takes 4 steps forward and wraps around to A1, which is the starting point.

A1 A2 A3 A4 B1 B2 B3 B4 B5 B6

↳ → → → ↴

A1 A2 A3 A4 B1 B2 B3 B4 B5 B6

↳ → → → ↴

A1 A2 A3 A4 B1 B2 B3 B4 B5 B6

→ → ↴ ↳ →

A1 A2 A3 A4 B1 B2 B3 B4 B5 B6

↳ → → → ↴

A1 A2 A3 A4 B1 B2 B3 B4 B5 B6

↴ ↳ → → →

A1 A2 A3 A4 B1 B2 B3 B4 B5 B6

There’s another cycle that starts at A2 and continues to B2, B6, A4, B4, then back to A2.

Now, we’ve been counting swaps, but a single-element rotation is not done as a sequence of swaps, but rather by picking up the first element, sliding all the other elements over, and then putting the original first element at the end. I’ve been informally calling an assignment “half of a swap”, though a swap is really a constructor, two assignments, and a destructor. But let’s stick with the “half a swap” accounting fiction.

The rotation algorithm goes like this:

auto a = std::distance(first, mid); // number of "A" elements auto n = std::distance(first, last); // total elements auto g = gcd(a, n); // number of cycles

for (auto k = 0; k < g; ++k) { // Rotate the elements in the cycle starting at k auto save = std::move(first[k]); auto i, next = k; while (i = next, next = (i + a) % n, next != k) { first[i] = std::move(first[next]); } first[i] = std::move(save); } For example, if rotating A1, A2, B1, B2, B3, B4, there are two cycles: A1, B1, B3; and A2, B2, B4. The elements within each cycle rotate one position.

⮣ → → → → → ⮧

⮤ ← ← ⮠

A1 A2 B1 B2 B3 B4

⮦ ← ← ⮢

⮡ → → → → → ⮥

And when you’re done with all the cycles, you’ve rotated the entire A and B blocks.

B1 B2 B3 B4 A1 A2

This performs n /2 swaps, which is the fewest swaps of all the algorithms we’ve looked at so far. However, it has terrible locality because the elements in the cycle are all spread out.

Calculating the greated common divisor of two numbers can be done in O (log n ) steps via Euclid’s algorithm.

int gcd(int a, int b) { do { auto r = a % b; a = b; b = r; } while (r); return a; } Commenter Brent thought that the cycle decomposition algorithm was obvious . Of course, the trick is the step they called “Repeat”. How many times do you repeat?

The clang libcxx algorithm calculates the number of repeats by taking the gcd. But there’s a trick so we don’t have to calculated it at all. We’ll look at that trick next time.

Bonus chatter : I think it’s interesting that of the three major implementations of the C++ standard library, each one uses a different rotation algorithm when given random-access iterators!

The post Rotation revisited: Cycle decomposition in clang’s libcxx appeared first on The Old New Thing .

My mate Lisa has written a book!

Along with her pal Matisse, she takes us through the practicalities of publishing communications which are accessible to all. This isn't just about the theory - it takes us across multiple legal jurisdictions, ethical frameworks, and business cases. Once it is done convincing you of the necessity of the work, it begins to explain how to actually create useful and accessible comms.

Some stuff you may have heard before. Everyone knows to add alt text, right? But this goes in for a slightly deeper dive, explaining how different publishing tools expose it, how to get the most out of it, and where it can all go wrong.

Usually books like this focus only on HTML. That's great - but there is a world outside the Web. So this goes through the steps to make PDFs accessible (a necessary evil!) and other tools which comms professionals may be regularly using.

It also doesn't just focus on the US hegemony. Instead there are statistics and case studies from dozens of different countries and cultures. It also looks through the youth lens - are TikTok's bouncing subtitles good for accessibility? For situational stuff like not having headphones, probably but for people with cognitive impairments probably not.

Each chapter ends with "Key Takeaways" and a decent summary of what you've learned. You probably won't read this cover to cover, but it is worth diving in to the chapters which meet your needs. Some of the stuff was intimately familiar to me - but I had no idea about how to make Podcasts accessible.

There's a bit of AI stuff splashed through, as is de rigueur , but it is realistic about its current limitations and how harmful it can be if misapplied.

The book ends with a chunky checklist. I suggest printing it out and stapling it to anyone in your organisation who says accessibility is a waste of time.

Commit signatures are part of git. Branch protection isn’t. It’s a row in a database run by the forge, checked by the forge’s API before accepting a push. Most of the interesting source-repository attacks have landed in the gap between the two.

What the forge enforces

Branch protection, required reviews, CODEOWNERS , merge queues, status checks, required signatures: every one is administered by the forge, and none follow the repository when you clone it. A server presenting the repository can serve whatever ref pointers it likes. The rules can also be changed without any record in git. A flipped toggle in the settings page disables required reviews for the time it takes to push a commit, and re-enables it after. The only record sits in an audit log run by the same forge.

In March 2021 someone pushed two commits onto the self-hosted PHP git server , into php-src, falsely attributed to Rasmus Lerdorf and Nikita Popov. The post-mortem points at the server itself, not at either developer’s account. The project’s response was to stop running their own git server and move canonical hosting to GitHub. Commit signing wouldn’t have stopped this on its own: the commits weren’t signed, and nothing would have forced a check on them if they had been.

In June 2018 the Gentoo GitHub organisation was taken over after an administrator reused a password that had leaked elsewhere. The attacker removed the legitimate developers, added dummy admin accounts, and pushed commits to gentoo/gentoo, gentoo/musl, and gentoo/systemd containing rm -rf in ebuilds and obfuscated deletes in the systemd configure script.

Malicious refs sat at the tip of master for eight to ten hours depending on the repo, and recovery involved getting GitHub support to freeze the organisation before force-pushing clean history over the top. Branch protection was enforced by the same forge admin role the attacker had just taken over.

In March 2025 a leaked PAT on the tj-actions/changed-files maintainer’s bot account let an attacker create one malicious commit and retarget almost every existing tag to point at it. The action was in use by around twenty-three thousand repositories, and any that pulled it by tag during the compromise window got the new payload, which dumped CI secrets into the build log.

Tag objects are immutable: their content can’t change without their hash changing. The ref pointing at a tag is a pointer like any other, and a force push can move it if the forge accepts the push.

Refs aren’t signed

The 2016 USENIX paper that came up in the previous post described this pattern: a hostile server can roll a ref back to an earlier commit, or swap it for a different valid commit on another branch. The fetching client gets a tip that verifies cleanly, a real commit properly signed, just not the one the maintainers most recently advanced the branch to. Git does not sign refs, and the repository carries no record of which commit was the last legitimate tip.

The Reference State Log

gittuf , written up in a 2025 NDSS paper from the same research group, records every ref update as a signed entry in a hash chain stored in the repository, under refs/gittuf/reference-state-log . Each entry names a ref, the new commit hash, and the hash of the previous entry, signed by keys the policy allows to advance that ref.

Verifying a clone means walking the RSL forward and checking each ref movement against the policy in force at the time. If the tip your clone holds for main is not the tip the RSL ends on, something between you and the maintainers served you a ref they didn’t sign for.

Reviews and other approvals sit alongside the RSL as separate signed attestations, not folded into the ref-advancement entries themselves. Verification can then check both that an authorised key moved the ref and that the approvals the policy required are present.

Verification runs outside the forge, against policy and keys the forge doesn’t hold. For the PHP and Gentoo shape, an attacker on a compromised forge can produce a valid commit, and can push an RSL entry pointing at it, but can’t produce a valid one. A verifier walking the log stops at the last entry that satisfies the policy. A tag move is a ref update like any other, signed by keys the policy permits to advance tags, so the tj-actions attack would leave the log either inconsistent or signed by a key the attacker doesn’t hold.

Policy, delegations, and thresholds

The policy lives in refs/gittuf/policy , in metadata derived from TUF . A root policy lists trusted key holders and the threshold required to change the root. The root delegates to rule files of the form “two of these three keys can advance refs/heads/main ”, or “this set governs anything under src/crypto/ ”, or “only release manager keys can move tags matching v* ”.

Delegations chain: a rule can hand off authority over a path to another rule file signed by a different set of keys. A child rule can only add requirements on its scope, not weaken what it inherited, so granting infra owners authority over infra/ can’t drop the threshold the root set on main . The verifier walks the graph and checks whether each ref update satisfied a permitting rule.

Threshold signing is the bit people have started asking GitHub for as a product feature. Required reviewers today is a setting in the forge, checked by its API before a push lands. gittuf’s M-of-N is the cryptographic version, answerable from the repository alone. The same pattern handles CODEOWNERS-style controls on sensitive paths: a delegation can scope a rule to refs/heads/main and paths under infra/ , requiring two signatures from a named set.

Where it sits with the signing stack

The artifact-signing stack from the previous post assumes the tree the artifact came from is the tree the maintainers approved. gittuf provides that check. Sigstore covers the journey from a tree state to an artifact in a registry, with attestations describing who built it from what source. An in-toto attestation can name the commit the build came from, but it doesn’t record whether that commit was a legitimate tip of the ref. The RSL adds that record.

The chain a client checks then runs from the registry, through the build, through the RSL entry authorising the commit, out to keys held outside the forge.

I’d like to see forges build gittuf in directly, so the workflows people rely on (editing a file in the web UI, clicking merge on a PR) produce signed RSL entries on the maintainer’s behalf. The closest thing today is the gittuf project’s own GitHub App , which records PR review approvals as attestations from outside the forge, but the merge itself still comes from a forge with no key in the delegation graph. A forge holding a key and using it to advance refs in response to authenticated user actions would become a participant in the chain, and most of the daily workflow could stay as it is.

->->->->->->->->->->->->->->->->->->->->->->->->->->->->->

Top Sources: None

-->

Today's links

• Delusion as a service : Destructive diagnostics.

• Hey look at this : Delights to delectate.

• Object permanence : Gay Days at Disney World; Parametric 3D printable key; Fine against sculpture for "storing bike on public property"; TPP is a wash; Reagan was Trump; Steampunk roadster; "Every Heart a Doorway"; Shoplifters x Tumblr; Amazon v mass arbitration; Driver-owned Uber alternative; Censorware censors criticism of censorware; 3 strikes copyright termination is illegal; Replacing al Qaeda bomb recipes with cakes; $10m grilled cheese platform; Dick van Dyke x Bernie; Efficiency is inefficient; I quit.

• Upcoming appearances : Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.

• Recent appearances : Where I've been.

• Latest books : You keep readin' em, I'll keep writin' 'em.

• Upcoming books : Like I said, I'll keep writin' 'em.

• Colophon : All the rest.

Delusion as a service ( permalink )

In 2003, Disney opened a new Epcot ride, "Mission: Space." Formally, it was a space travel sim that used a giant, high-intensity centrifuge to simulate gee stresses; practically, it turned out to be the most efficient machine ever created for surfacing previously undiagnosed heart defects in extremely dramatic and potentially lethal ways.

It turned out that a small number of people have these heart defects, and that the defects themselves are quite harmless, provided that you are never put in a giant, high-intensity centrifuge. Given that most of us will never be put in one of these centrifuges, it is quite possible to live your whole life without ever knowing that you have this lurking vulnerability. But once you build one of these machines and start shoving millions of people through it, you're bound to catch some of those rare people, and they will have cardiac episodes that are scary at a minimum, and are at the worst fatal .

For me, the lesson isn't that Disney did something wrong by building a giant cocktail shaker for human bodies. I'm not a thrill-ride guy, but lots of people like 'em and the machines themselves are benign for nearly everyone who puts their bodies into them.

Rather, I think the lesson here is that there are rare pathologies lurking in all of us, vulnerabilities that may never surface – until we come into the presence of a novel stimulus that unlocks them.

There's an analogy here to technology debt: technologically unsophisticated people think of software as a machine that never wears out and has no incremental usage costs (apart from electricity). In this framing, software is the perfect asset, one that never depreciates. But the reality is that software is a liability, not an asset:

https://pluralistic.net/2026/01/06/1000x-liability/#graceful-failure-modes

Software exists in a system , and while software might function perfectly under the conditions in which it is first created and deployed, there are continuous changes to all the technology that is upstream, downstream and adjacent to the software, which means that systems that are robust and secure at the time of deployment can become brittle and dangerous, even though the software doesn't change at all :

https://pluralistic.net/2022/04/24/automation-is-magic/

There's another analogy here, to utopianism. A "utopia" can't just be a place where everything works perfectly. Even the most well-functioning, orderly and prosperous system is beset on all sides by exogenous shocks: belligerent neighbors, tsunamis, zoonotic plagues, even asteroid strikes. You don't perfect your society just by making it work well. You have to make it fail well. A utopia isn't a society where nothing goes wrong – it's a society where things go wrong all the time, but we're able to fix them:

https://www.wired.com/2017/04/cory-doctorow-walkaway/

The point being that things that work fine may still fail badly when they are exposed to unanticipated external stimuli, and the one thing we can absolutely anticipate is that the future will have many unanticipated stimuli in it.

If Mission: Space is a machine for surfacing unsuspected anatomical vulnerabilities, the internet is a machine for surfacing and exploiting all kinds of unsuspected psychological vulnerabilities. Note that I'm not claiming that the internet drives everyone crazy – rather, that the internet can locate and exacerbate vulnerabilities, including vulnerabilities that might have lain dormant for your whole life, but for the fact that the internet exposed you to such a wide spectrum of stimuli.

This wide, internet-delivered spectrum of stimuli is mostly good . The internet can expose you to art, culture, ideas and people that you would never have run into in the pre-internet days, which end up enriching you in a million ways. Some of my best friends are internet friends. Some of the music and books I love most in the world were brought into my orbit by the internet. Many of my most ardently held beliefs were acquired through internet-based discussion.

All that is true, and it's true that the internet can one-shot you with a stimulus that makes you feel very bad, which you would never have encountered in a pre-internet world. The spectrum of stimulus in the whole wide world is very broad, and one person's innocuous distraction is another person's downfall.

Let's make this concrete. All throughout history, people have suffered from paranoid delusions. These can be ruinous, isolating you from friends and family, destroying your professional life and so on. Paranoid delusions often take on details from the sufferer's milieu: if you live in a society where evil witches are accepted as a fact, then witches might well creep into your delusions, too. If your society is all a-chatter about the NSA's mass internet surveillance, then your delusions might incorporate elaborate narratives about the NSA's use of the internet to target and torment you, personally.

So there will always be a "local character" to the paranoid delusions, grounded in the sufferer's era and location. But the internet adds a new, very bad dimension to this dynamic: the internet makes it much easier for deluded people to find each other. Paranoid delusions are – thankfully – rare, and in the absence of the internet, you might never encounter another sufferer.

But thanks to the internet, sufferers can form communities that reinforce their delusions, with disastrous consequences. Take "Morgellon's Disease," the paranoid delusion that you have wires growing under your skin. Morgellon's sufferers pick at their skin, creating open sores, which form a sticky trap for random bits of fluff and loose threads that sufferers interpret as evidence of these "wires." It's a horrible mental illness, and it's hard enough to treat even in the absence of the internet (the name "Morgellon's Disease" refers to a 17th century case-report).

But when you add the internet to Morgellon's, you get online communities where people suffering from the delusion help each other come up with rationales to explain away the disconfirming evidence that they get from therapists and loved ones who are trying to help them recover. These communities egg each other on, isolating their members from treatment.

There are lots of pathological mental conditions that the internet can supercharge, from "pro-ana" communities that encourage eating disorders to communities for people with pedophilic urges that attempts to normalize and justify acting on those urges.

But it's especially bad for paranoid delusions, such as "gang-stalking delusion," which is the delusional belief that nearly everyone you meet is part of a conspiracy to torment you. People with GSD see evidence of this conspiracy in the lyrics of random songs, snatches of overheard conversations, the phrasing of bus-shelter ads, and the sort-order of search engine results:

https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism

It's a near-totalizing belief, and sufferers find it hard to recover because their delusion tells them that the therapists and family members who try to help them are in on the conspiracy.

Then we add in the internet, and with it, the ability to locate and join communities of other GSD sufferers. Do this, and your delusions need not be limited to your own imaginative capacity to find conspiratorial explanations of the random things you find in the world. Now you are part of a kind of delusional improv troupe, whose members "yes-and" your delusions, finding new ways to terrorize you and alienate you from your surroundings.

This is bad enough when it's a regular conspiratorial community, one that feeds on trauma, like Qanon or anti-vax communities whose members have been failed by the system, making them susceptible to conspiratorial accounts of how society really runs.

But the combination of conspiratorial communities with the kind of mental illness that causes conspiratorial beliefs to surface in your mind without any external stimulus creates a brutal positive feedback loop that spins faster and faster until the people trapped in it are flung off into space.

Which brings me to AI and "AI psychosis," the social phenomenon that sees people falling down chatbot-assisted rabbit holes that convince them that they have invented perpetual motion, uncovered the secrets of the universe, or – in some tragic instances – that they should kill themselves and/or others.

For someone with GSD or another paranoid delusion or pathological belief, AI provides a reinforcement system that is even more efficient than these online communities. If you have GSD and your loved ones have finally got you wondering if you should get treatment, you don't have to post on a forum and hope that someone else comes along before you give in to the impulse to get help. Your delusional chatbot co-pilot is always there to tell you that it's a trap.

The nature of "AI psychosis" is hotly contested. The big question, of course, is whether chatbots are giving people delusions, or whether chatbots are amplifying those delusions:

https://www.cbc.ca/listen/cbc-podcasts/1353-the-naked-emperor/episode/16218103-e3-ai-psychosis

I think it's both. I think that, for people with GSD or other delusional beliefs, AI provides delusional reinforcement as a service, on tap, 24/7. The combination of a delusion and a machine that will tirelessly play yes-and with you at any time, demanding nothing from you, is a novel and terrible development for people with some mental illnesses.

But I also think that chatbots are a bit like Mission: Space: a machine for surfacing previously undiagnosed psychological vulnerabilities, and that in some cases, these vulnerabilities may never have been triggered, save for the chatbot.

Just as doubtlessly there were people who had pathological relationships to gambling before the development of slot machines, scratch-and-wins and roulette wheels, but there are also people who might have lived their whole lives without ever having a gambling problem except that they encountered one of these machines, exposing billions of people to sycophantic chatbots has surfaced rare, latent vulnerabilities that might have stayed latent forever, with terrible consequences.

Most people who rode the original Mission: Space had a fantastic time. But a lot of people rode that ride, and a very small percentage of a very large number of people can still be a substantial number, and as the reports of people stepping off the ride, clutching their chests and collapsing spread, Disney understood that they had to retool the ride. Today, riders on Mission: Space choose whether they want to ride on a simulator that spins, or one that merely tilts and pitches without simulating gee-stresses. And even if you pick the spicier version of the ride, it goes more slowly and exerts less stress than the original ride.

Even if you accept the AI companies' argument that they aren't inducing AI psychosis in their users, but rather, only surfacing latent vulnerabilities that were there all along, that shouldn't be the end of the story. Even if only a small percentage of the people who use your product experience harm as a result, if your product is intended for widespread deployment (as chatbots are), you will end up harming a lot of people unless you take measures to counteract even those rare events.

Hey look at this ( permalink )

• Hell is other people – so billionaires are using AI to replace them https://www.thenerve.news/p/cory-doctorow-column-ai-inconvenient-humans-billionaires-sam-altman-bezoz-migrants

• The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests https://www.wired.com/story/the-manhattan-institute-helped-kill-dei-now-its-coming-for-protests/

• Remote Work Leaves Younger Workers Sidelined https://libertystreeteconomics.newyorkfed.org/2026/06/remote-work-leaves-younger-workers-sidelined/

• Zerowriter https://zerowriter.ink/

• Good Reason to Kill #79: Disputed Seating at Kindergarten Graduation https://www.loweringthebar.net/2026/05/good-reason-to-kill-79-disputed-seating.html

Object permanence ( permalink )

#20yrsago Gay Days at Disney World draws 140,000 participants https://web.archive.org/web/20060626125509/http://gaydays.com/calendar/

#20yrsago Blue Coat censorware company blocks Boing Boing for criticizing censorware https://memex.craphound.com/2006/06/03/blue-coat-censorware-company-blocks-bb-for-criticizing-censorware/

#15yrsago UN report says 3 Strikes copyright termination is illegal https://web.archive.org/web/20110605030049/https://www.michaelgeist.ca/content/view/5834/125/

#15yrsago Wisconsin GOP plotting to nominate spoiler Democratic candidates in recall elections https://web.archive.org/web/20110604111734/http://www.politicususa.com/en/secret-tape-wisconsin-gop

#15yrsag

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

I look forward to pseudoscience like this finally getting some airtime on 60 Minutes. For 58 long years the program has been hopelessly biased toward actual science.

★

Scott Pelley, in a statement posted on Instagram (which I’ll quote in full, as the original is locked behind a dickwall if you’re not signed in to an Instagram account):

There has never been anything in America like 60 Minutes.

The Sunday tradition is the most successful program of any kind in history. For more than a decade, its innovative growth on every major online platform has extended its reach to countless millions around the world. This spring, at the end of our 58th season, 60 Minutes grew rapidly with an unheard-of 9% jump in viewers on CBS.

“60” has been the number-one program in America for decades because our beloved audience finds integrity, quality, and humanity in our stories. When stewardship of the program passed to my colleagues and me, our responsibility was to expand energetically into a new age of media technology while preserving the values our audience expects. Now, the new owner of our network is casting this legend aside, apparently to curry a moment of favor with the Trump administration.

The waste is heartbreaking.

Last month, 60 Minutes lost its DNA when our entire senior leadership and two of our best on-air correspondents were cruelly fired without cause. Good people were silenced because they stood up for our audience. They stood for fairness against the forces of political bias; they stood for professionalism against chaos.

For my part, new management has instructed me to inject falsehoods and bias into a politically sensitive story. I’ve been told to include assertions that are unverified. To date, in every case, I have managed to ignore these instructions or refuse them.

Recently, politicians have been invited to choose correspondents for interviews on the broadcast. Giving politicians control over 60 Minutes interviews is not how honest journalism is done. Finally, incompetence and unprofessionalism in the new management have wreaked havoc. In a case involving one of my stories, the entire program came within 19 minutes of not getting on the air at all.

At 60 Minutes, we have fought harder than anyone knows to save the program that became an American icon. We owed that to our millions of viewers. I am deeply moved by the thousands of wishes we have received to “keep up the good fight.” Most of my colleagues at CBS News are still in that fight. But now the collapse of values at the top has become untenable. The leadership of 60 Minutes is no longer recognizable. The principles I hold dear are gone, and so I must leave as well.

I depart after 37 years at CBS with one emotion — a heart brimming with gratitude for the men and women of CBS News who encouraged and enriched my work, very often at the risk of their own lives. I pray for a day when those people and their ideals are honored again — a day when sanity, competence, and courage return.

★

In the UK (and I'm sure elsewhere) politicians and commentators are falling over themselves to suggest that without huge fleets of datacentres built in the UK that we are going to be hopelessly left behind.

I'm not convinced this is the case, and it risks really falling into the same (mostly misguided) obsession many politicians have for heavy industry revival.

This is going to be a rare UK-centric post on my blog. Apologies for my mostly global readership; the argument may be different where you live.

Latency isn't a big deal

One of the first (and most easily dismissed) arguments I've heard is that without datacentres close to the users, the latency will be too high to use AI services. This would therefore make them too slow to use.

Clearly, this isn't the case. Nearly all AI use cases are not hugely latency sensitive. To put this in context, the time to first token (how quickly the AI responds) on Opus models is between 1.6s and 3.6s. The round trip latency introduced from the UK to the East Coast of the US is around 80ms, to Europe 10-20ms, and to Asia around 200ms. So the latency on the providers side is orders of magnitude higher than the latency for a UK based user to reach an overseas datacentre.

It is fair to say that real time voice or video applications benefit from lower latency than these typically text based use cases. But these are a tiny fraction of AI usage (at the moment) and even in that case European datacentres can provide reasonable latency for these - it doesn't have to be in the UK itself . And my personal belief is that real time audio based agents are likely to work best when they can run on device entirely (so there is 0 network latency) - so without a data centre requirement at all.

Regardless, many of these same commentators also suggest locating datacentres in the very north of Scotland (to take advantage of the excess wind power), but ironically these would have significantly worse latency for users from the densely populated south of England - Paris, Amsterdam, etc all are closer, and thus faster to respond.

"We can tax it"

The next argument that is often floated is that it becomes a tax base - in the UK business rates are applied to commercial buildings and are paid to the local authority in question.

The formulae for calculating this is in true UK tax law style overly complicated, but in essence it works on the rateable value of the building in question - what the estimated annual rent would be to rent the property - including relevant fit out. This is then multiplied by 0.508 to arrive at the annual business rate value.

To take a very rough example, my research found that buildings 5-8 in the Virtus London campus can support 100MW [1] of load. These are valued as far as I can tell at around £12m/yr of rateable value. So the local authority (London Borough of Hillingdon) gets approx £6m/yr from this in business rates.

If we scale that up to 1GW, it's fair to say that the local authority might get somewhere close to £100m/yr of business rates.

While this is not nothing - and certainly gives local authorities a valuable source of revenue - it really is a rounding error under the current system . If we moved every single datacentre under construction globally (30GW) to the UK instead, it would bring in approximately £3bn/yr, or around 0.2% of government spending.

Detractors may say that this is the current system and the tax base could be changed. But by doing that you massively reduce the attractiveness of the UK as a place to build the aforementioned datacentres. And the potential tax rates to be at all material would have to be punishingly high. This combined with the extremely high price of electricity in the UK would make it completely unfeasible to operate them in the UK.

It's a similar story with jobs. Datacentres are famously light on permanent staff - the whole point is that they're highly automated, so even a large 100MW site might employ only a few dozen people once it's running. The construction phase is more labour intensive, but temporary, and much of the capex (the chips especially) is spent overseas rather than in the UK. Even on generous assumptions the direct contribution to a ~£2.8tn economy is a rounding error.

It gives us control

The final and perhaps most plausible sounding argument is that in the event of political instability it would give us control over AI usage - which is and will be a growing national priority.

There are really two versions of this argument. The cruder one is outright seizure, which I'll come to. The more serious one is that in a global compute crunch, having the datacentres physically here means we won't be left at the back of the queue. But this doesn't survive contact either. If a hyperscaler or a frontier lab owns the racks, a datacentre in Slough serves their global demand - not ours. You can't compel a private operator to give UK users preferential access just because the building sits on UK soil. Location buys you almost nothing. The real leverage here is to contractually lock in the compute - which is something the UK government could do, regardless of where the datacentre is.

Onto the cruder version, then. I've even heard certain people suggest that in the event of major turbulence in the world the state could seize control of them.

The issue with this is multifaceted - but I think has three main failings.

Firstly, this is not a steelworks or power plant. The underlying value is not from the datacentre, it's from the models running on the datacentre. If we assume AI model development continues, the value of a 'seized' datacentre decays rapidly. Imagine the UK government had seized control of a frontier labs datacentre at the start of 2025. They'd have access to GPT4o, or Sonnet 3.7. These models are now outclassed by open weight models that you can run on a relatively powerful laptop. They have virtually no value.

Secondly, it completely underestimates the supply chain that modern software runs on. It's highly likely that if the geopolitics had got so bad HM Government was nationalising frontier lab datacentres, the frontier labs would remotely wipe the servers before they could be "seized". And that's not to mention that models have loads of supporting software and operational infrastructure that is not colocated with the models themselves.

The concept of the SAS seizing servers running frontier models before they can be wiped in the dead of night is probably best kept to Tom Clancy novels - not government policy.

Finally, if we are in some alternate reality where the UK/Europe has been cut off from frontier models, we are almost certainly also cut off from most/all cloud services from big tech, which means no (or much reduced) email, video conferencing, card payments etc. Not being able to run Claude is probably the least of society's worries.

So what should we do?

By no means am I suggesting that AI datacentres shouldn't be built in the UK - they should - and we should reform the planning system to make it easier to build them. But it's important to get this in perspective.

Modern information societies are a huge tangled web of globally interconnected pieces of software. Every day you browse the internet you are connecting to thousands of servers located in dozens of countries. Each one of those servers is sending your requests to various other providers - to store and process data.

There are genuine requirements for data sovereignty. It may be preferable to host sensitive health data only in the UK, for example. But that's a simple regulation problem (if desired) - require UK based datacentres for this type of data, including AI usage.

But this is a tiny sliver of total AI demand. And the world is too complicated to dream in this "Blitz spirit" self sufficiency era, especially when it comes to digital services.

The UK in my opinion has many structural advantages for harnessing the economic power of AI. All of the major frontier labs have significant - and growing - labs and offices in London. We have world class researchers and institutions on the cutting edge of AI. And the UK takes the majority of European tech funding.

In my opinion, we need to lean into those strengths and ensure we continue to attract and grow these companies and talent. Not worrying about where exactly we should put huge sheds.

• Datacentres are measured by the amount of servers it can power, in watts (or megawatts (MW) millions of watts/gigawatts (GW) - billions of watts). ↩︎

The book can’t compete with the screen. It couldn’t compete beginning with the movie screen, it couldn’t compete with the television screen, and it can’t compete with the computer screen. — Philip Roth

We’re halfway through 2026, and according to Goodreads I’ve read 80 books so far, fiction and non-fiction and textbooks, including such doorstoppers as Life and Fate (864p, astoundingly good). And I don’t feel like I’m trying particularly hard. I still have plenty of time to work and code and scroll.

This isn’t normal for me. At some point, as is the case for many of us, the screen outcompeted the book , so that my average over the past ten years would have been on the order of three to five books per year. And I’m not a particularly fast or obsessive reader. Which is to say: if I can do it, so can you. Here’s how:

• Quit your job: working less than full time has freed up a lot of time to read and learn and do various other things.

• Read in public: if you put a number next to someone’s name, they will maximize it. Reading privately is solipsistic (if I stop, what changes?); reading in public, through Goodreads (which sucks, but it is what it is), makes it feel less self-absorbed, and more like I’m achieving something. You may call it performative, which is fine by me, as long as it works.

• Make a task: I used to start a lot of books, and not finish them, not because I would explicitly choose to stop reading, but because I’d forget about it. At the end of the day I’d see the book on my nightstand and go, oh, right. More generally: the most common way I fail to finish a project is I forget I intended to do it. This is solved by reifying the task : when I start reading a book, I make a daily recurring task on Todoist for it.

• Start small: this feels embarrassing (what kind of brainrotted maniac needs to microdose short books to build up to bigger books?) but it actually works. Sort your to-read list by number of pages. Reading short books generates evidence for the belief that you are the kind of person who can decide to read a book, and follow through. Reading five, six, seven-hundred page books feels vastly less daunting now.

• Parallelize: reading the same book for two hours is almost impossible. Reading four books, one pomodoro each, is completely doable, and I do it most days.

• Fraction: reading is a rare kind of activity where you can make progress in any arbitrarily-small chunk of time. A few minutes on the train are enough to turn a few pages. This isn’t the case for e.g. coding. You can take advantage of that: find interstitial dead zones in your calendar to stuff with reading.

• Eat your vegetables: I read a lot of books I don’t particularly enjoy, because I think they’re important, culturally or historically or in some sense. I think this is good. If you only read books that hook you, you’re going to read very little, and much of that will be unremarkable page-turner slop. Internalizing that you can read a book even if you don’t love it immunizes you against the lack of motivation. It’s like going to the gym even if you don’t feel like it.

And if you don’t know what to read, have some of my favourites: The Diamond Age — From Third World to First — House of Suns — The Invention of Morel — On the Marble Cliffs — The Rediscovery of Man — Satan in Goray — The World of Yesterday .

Programmers were better back in the day, weren’t they? Back when we had real programmers. Not just people who got paid to write code, but people who lived it, who were obsessed with their craft, and whose code was a lively expression of themselves. Hackers were hackers in those days before money took over the industry.

Don’t even get me started on LLMs. Could there be a better example of today’s degenerate spirit? A machine to mass-produce software (not good software, just barely good enough), so that the weak minds that dominate the industry can indulge their obsession with quantity : of slop code, of features, and ultimately of money, which is the only way they can understand value. If they weren’t destroying our way of life, they would be pitiable. All of them together don’t have a fraction of the spiritual integrity of someone like Mel . But as it is, we must band together to crush them and drive them from our industry like the parasites they are.

Returning to the past

Okay, that’s not actually what I believe. But there sure are a lot of posts 1 and comments on the internet that sound a bit like the paragraph above. Here are some older quotes that might sound similar:

…the third collapse, in which power tends to pass into the hands of the lowest of the traditional castes, the caste of the beasts of burden and the standardized individuals. The result of this transfer of power was a reduction of horizon and value to the plane of matter, the machine, and the reign of quantity. 2

Usura rusteth the chisel \ It rusteth the craft and the craftsman \ It gnaweth the thread in the loom 3

The actual accomplishments of the past will nevertheless remain accomplishments, while the artistic stammerings of the painting, music, sculpture, and architecture produced by these types of charlatans will one day be nothing but proof of the magnitude of a nation’s downfall. 4

These are all from the writings (or speeches) of famous fascists: Julius Evola, Ezra Pound, and Hitler himself. Mussolini’s Doctrine of Fascism begins by defining fascism as a “spiritual attitude”, which the fascist man adopts in order to regain the mysterious qualities that were lost by the transition to modern life. In his classic Ur-Fascism , Umberto Eco’s first two defining features of fascism are the “cult of tradition” and the “rejection of modernism”. So when someone tells me that the industry has lost its way and we must deny the corrupting influence of modern technology in order to retvrn to the time of virile real programmers (who understood and appreciated the spiritual dimension of programming), I get suspicious.

Fascism and crypto-fascism

It’s strange to describe anti-AI sentiment as potentially fascist, since a very popular argument is that LLMs themselves are an inherently fascist tool. Surely both sides of the debate can’t be fascist? I do think that the structure of fascist arguments is generally persuasive , and that many avowedly anti-fascist groups do sometimes fall into this trap: describing the world as a struggle between the spiritual power of the macho, traditional man and the corrupting influence of degenerate (often foreign) capital.

For instance, I am a big fan of Lord of the Rings. I’ve read the series and watched the films multiple times, and even made a failed attempt to learn Elvish as a kid. But it’s hard to deny that fascists absolutely love Lord of the Rings. “Marble statue of a Roman emperor” might be the most popular avatar for fascists on the internet, but Aragorn is the second most popular. Neo-fascist movements in Italy explicitly take up Lord of the Rings as a foundational text. Why? Because the core conflict in the text is between the traditional, nostalgic heroism of the Shire and Gondor, and the corrupting modern industrial (partly foreign ) influence of Saruman and Sauron 5 .

I don’t think Lord of the Rings (or anti-AI rhetoric) is intrinsically fascist. In fact, the surface-level reading of the text is anti-fascist: the plucky people of the West banding together to fight Sauron’s command-and-control totalitarian society. But I can see why fascists love it.

The Luddites

One common historical touch-point for anti-AI folks is the Luddites, who were a violent conservative labor movement in early 1800s England. Anti-AI blogs adopt Luddite language like “smashing frames”, and positively cite the Luddites as “the go-to enemies of fascism since its inception”. I’ve written at length about what we can learn from the Luddites in Luddites and burning down AI datacenters , but one point I think is under-emphasized by the (generally pro-Luddite) books is that the Luddites were a little bit fascist themselves .

Brian Merchant’s Blood in the Machine is the most popular recent book on the Luddites. I enjoyed it, but Merchant’s attempts to paint the Luddites as a friendly, left-wing, proto-feminist movement 6 seemed really unconvincing to me. From the writings of the Luddites, it’s clear that they were interested in protecting the rights of their all-male elite guild fraternity. Here’s one Luddite threat to a workshop that explicitly includes a threat against the female workers 7 :

We think it quite inconsistent with our duty as men, as husbands and as fathers to suffer ourselves to be ruined any longer by a set of vagabond strumpets and those gibbet-deserving rascals that are looking over them. We will lead them to their satisfaction. We sincerely hope, gentlemen, that you will discharge the bitches and take men into your employ again, or they must take what they get.

These were fundamentally conservative people who felt (correctly) that modernity had deprived them of their elite status, handing it instead to lower-paid inferiors: women, vagabonds, and foreigners.

The Luddites were obviously not fascists 8 . However, the basic ingredients were there: wounded pride, a masculine elite identity, hatred of modern economics, and violence aimed at restoring their previous position in society. The currents that produced Luddism are the same currents that guided so many unhappy people towards fascism. When things are looking grim for an elite group, they often turn towards any movement that promises a return to an idealized past.

Everything is permitted

If my blog has themes, one of them is surely that many software engineers labor under a delusion that their job is to be excellent at their craft. Of course, wanting to be an excellent programmer is not a delusion; it is a completely legitimate value to hold, and a legitimate purpose to pursue. It’s just not what you’re paid to do at work. Your job , unfortunately, is producing shareholder value . This delusion has been punctured by the end of ZIRP , and again more recently by the rise of AI coding.

In this environment, I worry that some software engineers will form exactly the kind of disillusioned elite that was the audience for Ezra Pound’s poems about “usury” or the Luddites’ campaign against unapprenticed (often female) textile workers. I worry that AI, and the companies that build AI, are becoming an enemy against which anything is permitted: an enemy which in Umberto Eco’s words is “at the same time too strong and too weak”, unable to reason and yet powerful enough to drastically reshape the global labor market for the worse.

Nuance

The enemy of fascism is nuance. Fascism presents a good, clean, rousing story about a spiritual conflict between right and wrong. It is anathema to fascism to stop and muddy the waters a bit: in this case, to explore the ways in which LLMs, like any transformative technology, can both support and endanger traditional values.

In The left-wing case for AI I wrote about how AI is being used right now as a disability aid, and many disabled readers wrote in to share their positive experiences with LLMs, and often how alienated they feel by the anti-AI mainstream on the left. I recently got an email describing how there’s a sudden flood of accessibility software for blind people 9 that’s actually built by blind people , who can now iterate with a LLM to get a product that meets their needs. Framing AI as an ontological evil erases experiences like these.

Being anti-AI is not inherently fascist. Many of the anti-AI posts I’ve quoted are thoughtful, sensitive pieces exploring how the author thinks about one of the biggest changes to our industry. I still think the world needs more articles like that, not less, but the more of them I read, the more I recognize the tropes: spiritually pure lovers of the craft, degenerate peddlers of corrupt modernism, a need to return to the traditional ways of the hacker, and a lament for the (potentially) waning power of an elite fraternity of programmers.

Conclusion

I know I’m tiptoeing around the worst argument in the world . It isn’t a refutation of anti-LLM arguments to say that they are structurally similar in some ways to fascist arguments, any more than it’s a devastating critique to say the same thing about Lord of the Rings. Sometimes it is good to try and halt the march of progress! Some of our past traditions really were purer and more spiritually robust! It just bothers me, that’s all.

I used to read The Story of Mel with unalloyed pleasure. Now it makes me nervous. If you believe you’re fighting the embodiment of fascism , or for the idea of value itself , what tactics are off-limits? What positions might you eventually come to accept?

• It feels wrong to directly associate my caricature with any actual posts, but it also feels wrong to make a blanket assertion without examples. Just so you know what I’m talking about, here are some posts that have elements of this attitude. I like some of these posts and dislike others.

↩

• Page 329 of my copy of Julius Evola’s Revolt Against the Modern World .

↩

• Ezra Pound, Canto XLV. “Usura” should be read as “usury”, or today we could gloss it as “capitalism”: all Pound’s examples of great art were from the pre-capitalist patronage era of art.

↩

• Adolf Hitler, from his speech at the 1933 Party Congress in Nuremberg.

↩

• Of course, there’s also historically been a strong pro -technology current in fascist thinking (even specificially Italian fascist thinking ).

↩

• Page 134 of Blood in the Machine has a brief argument that Luddism was feminist because the (exclusively male) artisans’ wives would provide food for their meetings. No, really.

↩

• From Kevin Binfield’s Writings of the Luddites , page 40. I’ve taken the liberty of re-rendering it in modern spelling and grammar.

↩

• Aside from being too early, they didn’t have any connection to the state apparatus of power (in fact, they were ultimately crushed by it) and they famously lacked a singular leader.

↩

• The example cited was BlindRSS .

↩

CSS: Unavoidable Bad Parts

Jun 4, 2026 An ersatz CSS tutorial for people who need to style a web page, but aren’t web developers. I am a wrong person to write this kind of thing, as I have neither the time, nor experience. I’d much rather read a book about this. Alas, I had to learn all this stuff from trawling MDN, so perhaps it is valuable to document what I have so far.

CSS, HTML and Web APIs are truly vast, and it takes a career to become a professional. The good news is that modern web has a reasonably-sized, learnable subset which is enough for simple tasks like a programming blog or a simple GUI. I haven’t seen a resource that teaches just this subset, but it’s not too hard to figure this out. The bad news is that there’s also a nasty set of gotchas, which will mess up your page, which you won’t suspect to exist, and which will need days of debugging to figure out. Still, it’s not that bad. I am quite happy with the styling on this site, and it’s only about 200 of readable CSS .

Good: HTML5 semantic tag names

It’s worth looking through MDN Elements Reference . There aren’t that many elements, and things like main , article , nav , kbd make it much easier to structure your page. Less obvious:

• ul for any kind of list, like site’s sections in header > nav .

• details for table-of-contents (check the source of MDN).

• dl / dt for list of pairs.

Bad: Wrappers

If you “View Source” on any “real” website, you’ll notice that everything has layers and layers of wrapper elements, so you might be tricked into thinking that wrappers are how you solve layout problems. I can’t really agree or disagree here, as I never wrote “production” CSS, but, in my experience, it’s much easier to understand if you do the opposite — restrict yourself to using only markup-meaningful semantic tags, and then figure out CSS which works with the markup you have.

Bad: Layout

This one is not an exclusively Web problem, layout is a struggle in every GUI framework I know. Imagine a fixed sized raster image, and a paragraph of text describing it. There are many ways to arrange these two elements on the screen’s rectangle. Generally, for every given width and height, you can do a decent job, as long as the total area is enough. A typical GUI is a hierarchy of such boxes, with a lot of “layout freedom”. The problem though is that layout of each box affects the layouts of all other boxes, as you generally want all boxes to meet exactly, without gaps and overlaps. An important negative realization is that the layout algorithm doesn’t exist. There isn’t a fully general solution to positioning and sizing GUI boxes. Rather, different systems use different sets of heuristics to do the job, from simple RectCut , to fully general constraint solvers , with everything in between . It is hard to get the mental model of how layout works, in general . So, don’t think “how can I do my layout in a given system”, think instead “what possible layouts are allowed by the system”.

Bad: Browser defaults

Let’s start with a bare (but still semantic) HTML markup of a blog article, without any CSS. If you open it in a browser, it will show something . The content isn’t unstyled — the text is of a certain color, font and size. Headers are bigger than the main text, links are underlined, etc. These are the default styles of your browser. They are helpful! The problem is that these styles differ between the browsers. So, even when you add your own CSS, and the end result looks fine in your browser, I might see something different, because you might rely on a browser default, without knowing it. The last bit is the killer here — the problem is in something you didn’t write.

The general solution here is a CSS reset , or normalization — starting your CSS with an explicit set of rules, overriding defaults. Not because defaults are inherently bad, because they are inconsistent. I don’t know which set of rules you need to override in practice, it’s a good idea to compare several existing CSS resets.

This touches on the big question: should you style your web page? There are two competing views of the Web platform — some people treat it as a flexible, adaptive, primarily visual medium for expressing design, others would prefer if the Web focused on delivering the content, allowing each user to customize the presentation. My personal answer here is pragmatic — by default, an unstyled page is poorly usable and looks bad. I would have preferred the world where CSS-less pages were readable as is, but, in this world, I think it is helpful to style the content. At the same time, it’s a good idea to allow advanced users to bring their own CSS. Make sure that your HTML markup is reasonable, that you don’t overfit your HTML to CSS (vice-versa is fine), and that your page functions in reader mode.

Good: Classless CSS

You can’t reset styles to true neutral nothing: if you make the text invisible (white or transparent), it is still a style. So you might as well embrace it: after reset, style common HTML elements directly. For example, to set your favorite font for all code snippets:

code { font-family : "JetBrains Mono" , monospace; }

If you use main , header , footer , nav tags you can set the overall page layout without writing any CSS selectors. This of course requires making assumptions, in CSS, about the structure of your HTML, but, like, this is your HTML and your CSS, you can do whatever, and, if you don’t like the result, you can always change it!

Bad: CSS selectors

In programming, we collectively came around to distrust inheritance and prefer composition. Default CSS is like supercharged inheritance, each design element on your web page is affected by multiple rules, and you can always “monkey patch” existing elements by appending to your CSS. There’s an unfortunate gap between CSS affordances, and what you actually want to do. The two reasonable approaches are:

• Conclude that CSS selectors add abstraction capability along the wrong axis, and stick to classless CSS and inline styles, using something like Tailwind to make writing inlines prettier, and something like JSX (or any other templating engine supporting composition) to avoid repetition in HTML.

• Use CSS nesting to avoid writing “far reaching” selectors and style component-per-component:

header { /* Site Header */ margin-bottom : 2rem ; & nav { /* Styles, specific to nav in the Header. */ } }

Bad: box-sizing

UIs are recursive rectangles, layout is the process of figuring out where each rectangles goes, and it is determined by the sizes of rectangles themselves. So, understanding what is the size is quite fundamental. Sadly, by default the definition of size in HTML is very unintuitive: element’s width and height do not include element’s border and padding, which leads to surprising results: everything looks perfect at first, but increasing padding somewhere shifts the entire layout unexpectedly. For this reason, * { box-sizing: border-box; } deserves to be the first line in your CSS reset. It makes elements encapsulated, such that adding borders is a local-only change.

Chaotic Good: margin collapsing

Suppose you want to have a 8px gap around an element. You would think that you need to set the padding property. But that would be wrong — if you have two such elements next to each other, the gap between them would be 16px . The paddings would add, creating a visual gap larger than intended. You want something more akin to social distancing, where if one person is more introverted, this person’s bigger radius of exclusion is what defines the distance. And that’s how the margin property works. Two neighboring margins are combined using max rather than sum . Margin collapsing is very useful, but it can surprise you. E.g. I think child margin can stick beyond parent’s? To be honest, I don’t have a good intuitive understanding of margins, but I know enough to at least identify when it is the problem.

Margins are also one of the indirect inspirations for this post. In

Moving away from Tailwind, and learning to structure my CSS

Julia Evans writes that you generally don’t want to set margin on an element, and should rather let the parent control the inter-element margin of the children, using the so-called owl selector:

section > *+* { margin-top : 1rem ; }

That is, add margin to all section ’s children exempting the first one. I didn’t know that! And, given all the pain that margin gave me so far, I actually get why you want to do this, and why this is a good idea. But it bugs me that you can’t learn that without becoming “professional” web developer, or reverse-engineering someone else’s CSS framework.

Bad: Default (flow) layout

Layout in general is tricky, because there’s no universal “layout algorithm”, just a bunch of special cases. But what does HTML actually do? The default layout algorithm I think goes back to the origin of HTML as a language for documents, and overfits a use-case of producing papers — mostly text content with some illustrations, where the text can flow around the pictures. That’s actually what you want for the main body of text of your blog, but, as soon as you want to actually control the spatial arrangement of the elements on your page, you want something different, for example…

Good: flexbox

This is really what separates modern web-development from the olden days, where you’d need a CSS PhD or a full-blown opaque CSS framework to be able to say “this goes to the left, and this goes to the right”. This layout allows you to arrange a series of elements either vertically or horizontally, adapting to the available space. It is rather complex and I can’t use flexbox without referencing MDN all the time, but usually I am able to get things done in the end.

Bad: responsive design

Modern CSS allows querying screen size, and implementing conditional logic based on that — a design that “responds” to user-agent constraints. This probably what you should use for “real” CSS, but note that HTML is inherently responsive. Unlike PostScript (PDF), it will automatically reflow the paragraphs when you change window size. So, it’s a good idea to avoid writing explicit responsive rules, and just rely on layout to do the reasonable thing. For example, this blog looks OK on mobile, tablet and desktop without any explicit @media queries. Unconditionally setting max-width on the main column of text is all that it takes.

Lawful Evil: pixels

1px does what you want, but not what it says. It’s not a size of one physical pixel on your screen. Rather, it’s a measure of visual angle . That is, 1px should look perceptually the same on any screen, and it is converted to different number of physical pixels, depending on the screen size, its pixel density, and the typical viewing distance. So you can just size everything in pixels, without thinking about different displays’ pixel densities. It gets weirder. CSS allows “real” units like centimeters or inches, but they are also angles, because everything is defined in terms of pixels.

Doubleplusungood: font-size

Flexbox is a good way to layout UI-elements. Flow layout works ok for laying out paragraphs of text. But what happens on the level of individual lines and glyphs is, in my opinion, a train wreck and a noob trap. Let’s start with the basics: if you write font-size: 16px then 16px is the size of what? Sadly, the answer is “nothing in particular” — this is a size of a virtual box around the glyph, but the box isn’t tight, and the size of the glyph varies, depending on the font. Luckily, font-size-adjust property can fix it, and make font-size consistent across fonts. See these two posts for details:

• font-size-adjust Is Useful

• Font size is useless; let’s fix it

Though, at the moment font-size-adjust seems to be very niche, so, while personally I’d put font-size-adjust: ex-height 0.53; right next to box-sizing , few pages do that.

The next issue with font-size is a thorny question of defaults. The good news is that it’s one of the properties that is fairly consistent across browsers, with 16px being the overwhelming default. The bad news is that, depending on the font, 16px can be on the smaller size. Not completely illegible, but very close to the lower bound. What’s worse, some default fonts are particularly small. For example, on Apple, font-family: serif looks much smaller than sans-serif , and is almost uncomfortable to read at 16px.

Can you just set font-size: 18px or whatever works best for your chosen font? I think the answer is yes, but there are some caveats to keep in mind. Refer to Accessibility: px or rem? for details. The issue is that modern browsers support two ways of making text on a page bigger:

• Zoom, which has a dedicated UI element, shortcuts/gestures, per-page persistence/overrides and a global default.

• Changing default font-size, a global setting buried deeply in the configuration page.

Setting font-size in your CSS disables that second approach.

Taking everything together: don’t assume that text on your page will be readable by default, check different configurations. Set font-size-adjust to reduce the number of degrees of freedom and to pin down the meaning of font-size . If the result looks fine with your chosen (or your user’s default) font and default font-size of 16px , then you are done. Otherwise, set font-size to a bigger number. Afterwards, check that the page is readable in reader mode as well.

Bad: line-height

Despite the name, line-height doesn’t set the height of a line. It is a height of a run of glyphs, set in the same font . The two coincide when all the text is in the same font. But if you have, e.g., some words set in monospace font, you are in for a surprise. While font-size-adjust fixes the size of a glyph inside the box, it still leaves its relative position unspecified.

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。

I've remained subscribed to some newsletters for over 20 years. The authors managed to keep my attention all that time. But then, one day, they decided to switch to an AI-generated newsletter without making any announcement. After a couple of weeks of blue high-tech image thumbnails, I simply hit unsubscribe. Here's what happened: a person earned my trust. He maintained that trust for all those years. But then he thought the best way to improve was to take himself out of the equation. If you're just going to present me with prompt-generated content, I hate to break it to you but I have access to ChatGPT, and I can do that myself.

The reason the human voice matters to me is because there's real experience behind the words. The oldest newsletter in my inbox is from when I was just 12 years old. It was from a French writer I used to read. After a decade of following him, the emails stopped coming. I was only reminded a few years later, when the emails started coming back.

I didn't jump on it immediately. I didn't even remember who it was. But when I read one at random, the words were different, the tone was nostalgic, and the name was unfamiliar.

I dug deeper and found that the author's son had taken over the newsletter. That was my cue to unsubscribe. But he hadn't used AI to replace his father's voice. He didn't use any tricks to garner clicks. Instead, he announced that his father had passed away and that he would share some stories.

I remained subscribed until the last story was released. I rarely sign up for any newsletter. If I do, it's intentional because I'm interested in what the author has to say. It's not much deeper than that.

There is a big difference between a newsletter written by a person, one that breathes and wanders and sometimes takes his time. Compared to the rapid fire, mechanical hum of AI-generated content. One feels like someone is thinking with you. The other feels like a monetization strategy.

Suppose you run across the power series for the exponential function and decide to code it up. Good idea: you’ll probably learn something, though maybe not what you expect.

Maybe you decide a tolerance of 10 −12 is good enough, and so you sum the terms until the next term to add is below the tolerance.

from math import factorial, exp

def naive_exp(x): tolerance = 1e-12 s = 0 n = 0 while True: delta = x**n / factorial(n) s += delta if abs(delta) < tolerance: return s n += 1 You want to try your program out, so you compute e by calling the function at 1. If you compare this to calling exp(1) you find that you got all the digits correct.

Now you try computing exp(-20). Calling naive_exp(-20) gives

5.47893091802112e-10 but calling exp(-20) gives

2.061153622438558e-09 Don’t brush things like this as flukes or compiler bugs [1]. This is your golden opportunity to learn something.

Maybe you add a print statement to see the intermediate values of the sum stored in the variable s . If you do, you’ll see that the partial sums oscillate wildly before settling down.

Maybe that seems wrong, but then you look more carefully at the series. The n th term is x n / n !. Since x is negative, the terms alternate in sign. And the absolute values of the term get bigger before they get smaller. When x = −20, each numerator is 20 times larger than the previous, and each denominator is n times larger than the previous. So the terms will get bigger until n > 20. So the wild oscillations are real, not a bug.

The largest partial sum is 21822593.77927747 in absolute value. You know that exp(−20) is a very small number, so there’s going to have to be a lot of cancellation before the partial sums settle down to a small number. Maybe you’ve heard that cancellation is where numerical calculations lose precision. If not, now you know!

Look again at the largest partial sum. There are eight figures to the right of the decimal point. The code is printing out results to as much precision as it has, so the error at this point is on the order of 10 −8 . We’re trying to compute a number on the order of 10 −9 , and if any digits in our result are correct, it would be a coincidence.

If you go back and try your code on x = −22, the result is even worse, giving a negative result for a quantity that for theoretical reasons cannot be negative. But you can see why: you’re asking the code to compute a number that is closer to zero than the accuracy of the code.

Computers don’t represent numbers in base 10 internally, but the argument above is sufficient in this case. If you want to dig deeper, look into the anatomy of a floating point number .

There is a simple way around the problem above, but discovering it sooner would short-circuit the learning process. You could calculate exp(−20) as 1/exp(20) and avoid all the cancellation because the series for exp(20) does not alternate.

[1] Compilers do have bugs occasionally, but it’s orders of magnitude more likely that something is wrong with your code. The post Naively summing an alternating series first appeared on John D. Cook .

Agent skills bundle prompts, scripts, dependencies, and tool permissions for AI agents to load on demand. A skills registry is the distribution channel for them: a hosted marketplace, an indexed hub, or in many cases just a curated list of GitHub repos. ClawHub , Tessl , and skills.sh have all launched in the past year, mostly modelled on existing package registries.

Because a skill can declare dependencies on packages from npm, pip, cargo, brew, go, apt, or anything else, often several at once, a skills registry is a strict superset of a package-manager client. Installing one skill runs install commands across several package managers on the user’s machine, on behalf of a manifest the user never read, so every threat the package-manager world has spent the last decade documenting still applies inside a skill’s install path.

A skill body joins the agent’s system prompt on activation, making it a prompt-injection vector as well as a code-execution one, which packages can’t be. Tool permissions are inherited from the runtime, so a skill runs with whatever bash, file edit, and network grants the session has already approved. And the resolution path in most loaders accepts an arbitrary git URL as a source, collapsing the registry side of the threat model down to GitHub’s identity model.

The slug expires at ninety days because the constant says ninety. The install command runs without a no-build flag because nobody added the string. The lockfile records the name and not the bytes because the bytes were never written to the client. Each of those is a design decision working as intended rather than a wrong line of code a static scanner can call out, clean against every check that looks for incorrect lines, and worth making on purpose rather than by default.

This post covers the loader, the registry, the agent runtime as a registry client, and the loader’s own dependencies, drawing on published studies, scanner reports, and package-manager precedent.

Loader

Code execution at load time

A skill activates in one of a few shapes, and most loaders support several at once: instructions injected into the prompt with nothing else running, a scripts/ directory the loader invokes through the agent’s bash tool, or a shell snippet in the skill file that the loader evaluates before the model is in the loop at all.

Whether each path is on by default, the existence of a setting to turn it off, and the consistency of that setting across every code path are the same questions package managers spent a decade answering for install scripts like postinstall and setup.py . The user’s mental model of “the agent runs a tool, I approve it” doesn’t cover loader commands that run before the agent reaches the prompt.

Once a skill manifest is allowed to declare its own install steps, a manifest that lists {kind: node, package: x} and {kind: uv, package: y} and {kind: brew, formula: z} is a single artifact that delegates to three other package managers, each with its own answer to “does install run code.” Closing the lifecycle-script vector on one ( --ignore-scripts on the node spawn) is straightforward and usually the first thing fixed. The equivalent settings on the others (a build-isolation flag for the Python case, a tap allowlist for the Homebrew case, the equivalents for go and cargo) tend to lag by months.

Code execution before invocation

Most loaders inject the description of every installed skill into the system prompt every turn so the model has them available for tool selection. The body and the scripts don’t load until activation, but the description does on every request, putting author-controlled text into the agent’s instructions whether the user invokes the skill or not.

A skill the user installed once and forgot about is still part of the prompt, and a description that contains adversarial tokens, hidden HTML, or unicode control characters the loader doesn’t strip is a prompt injection that fires unprompted. Work out what the loader does with descriptions: length cap, content sanitisation, whether they’re presented to the model as data or as instructions, and whether the user can list which skills are currently contributing to the prompt.

Version pinning guarantees

Most skill formats use git as the distribution channel and “version” tends to mean “default branch at fetch time.” A few loaders accept a commit sha; fewer record the sha actually used. The lockfile equivalent, where it exists at all, typically records name and version and not the bytes, so a pinned useful-thing@1.0.0 resolves against whatever currently owns that name rather than against the file the user originally received.

Per-file hashes often exist on the server already, computed at publish time, and just never get written to the client format. The package-manager world spent a decade closing this gap, ending up with go.sum and a content-hash field per entry in package-lock.json and Cargo.lock , so that the bytes the lockfile says you got are the bytes you get next time.

Auto-update on next launch is common, and the update path almost always walks the lockfile and reinstalls each entry without re-prompting on any capability change between versions. A skill that adds a new requires.env value (a new secret declared as a dependency) on a patch bump is applied by the update without interaction, because the manifest is data and the previous user grant was keyed on the name.

Skill name identity

Names are mostly inherited from the source: a path, an owner/repo , an owner/repo/skill triple. Normalisation rules are usually unwritten. Two installed skills that resolve to the same on-disk name and overwrite each other, or two skills with descriptions the model can’t distinguish between, are both ways to shadow a skill the user trusts.

Several registries also support identity transitions: some combination of rename, merge, and ownership transfer as distinct flows, each with its own data model and consent step. An update follows whichever of the three the publisher used, and the resulting installed-on-disk skill can have a different owner, a different source repo, and a different set of declared capabilities from the one the user originally installed.

Resolution across multiple sources

A user typically has more than one skill source configured: a vendor-curated marketplace, a community one, a personal repo of project-local skills, the workspace they just opened. When a name resolves out of more than one of these, the question is the same as the dependency-confusion pattern Alex Birsan documented against package managers in 2021: highest version wins, first source wins, refuse, or pin per source.

The loader’s install command often tries a skill-specific index first and silently falls through to a general-purpose package registry (npm, PyPI) when nothing matches there, because the install fan-out has to land somewhere. The fall-through widens when it fires on version-not-found as well as package-not-found, because at that point a name the skills registry already lists is also exposed, and publishing a higher version on the downstream registry is enough to capture future installs.

Tool permission inheritance

A skill runs with whatever tool grants the agent has. If the user has approved bash, file edit, and network for the session, every skill they install inherits all three. Some formats let the skill declare its own allowed-tools list which the loader treats as pre-approved while the skill is active, so a skill can ship the approval bypass alongside the code that uses it.

The single gate for skills checked into a repository is usually the workspace-trust dialog the user clicks through when they open the project, which means cloning a repo and opening it can be enough to grant a skill broad tool access. The dialog is also a weak gate, since users click through it reflexively once it’s part of every project-open flow. Find out whether skills are sandboxed, whether they can extend the allowlist, and whether there’s any per-skill review step between trust-the-workspace and run-everything.

The requires.env (or equivalent) field lists the secrets a skill needs at runtime, and most loaders accept silent additions to it across versions. A skill whose first release declared no secrets and whose patch release declares AWS_SECRET_ACCESS_KEY is not distinguishable, from inside the agent, from a skill that declared it from the start.

Cross-loader portability

Skill manifest formats are increasingly portable across loaders, but security-relevant fields are not always interpreted the same way in each. The allowed-tools declaration is enforced at runtime in some loaders, treated as advisory in others, and unread by a third group that does not recognise the field at all. A requires.env list that prompts the user before adding a variable on one loader may end up silently expanded into the environment on another. Establish whether the loader applies every security-relevant field in the format it claims to support, and whether unknown fields trigger a refusal or a warning rather than being dropped silently.

Instructions as payload

The structural difference from packages is that a skill’s payload is code plus instructions that join the agent’s system prompt, not code alone. The same artifact can alter how the agent’s next decisions get made, contradict what the user later sees in the transcript, interfere with skills loaded later in the same session, or arrange for context the skill itself wasn’t given to be read out through a tool that was. The blast radius doesn’t end when the skill stops running, because the prompt content stays in context. Whether the loader isolates skill-contributed text, displays it to the user before acting on it, or treats it as authoritative is the question worth answering.

A skill that fetches remote markdown into context at execution time (a documentation lookup, a RAG-style retrieval, a webhook response) makes whoever controls that remote endpoint a participant in the agent’s prompt. The fetched content is not visible at publish-time scanning and is not part of the manifest the registry passed.

Splitting malicious behaviour across the manifest and the prose alongside it makes it invisible to most scanners. A manifest can declare an unremarkable dependency while the prose describes what to do with that dependency once installed; static scanners process only the manifest, text classifiers process only the prose, and the load-bearing instruction sits at the boundary between them.

Snyk’s ToxicSkills audit of 3,984 skills across two registries reported that 100% of confirmed-malicious samples used malicious code patterns and 91% simultaneously used prompt injection, the two layers working in combination to prime the agent into accepting code a human reviewer would have rejected. Whether the registry’s scanner correlates the modes or checks them in isolation is what determines whether it’s doing anything at all.

Transitive package-manager surface

A skill that calls pip install in a setup script, declares a package.json , or shells out to cargo opens up the package-manager threat model inside its own install path: typosquatting, install-script execution, dependency confusion, and the rest. A manifest whose install fan-out lists three package managers opens it three times.

The loader’s threat model is bounded; the skill’s effective dependency graph is not, and it pulls from package managers the loader has no view of. The registry-side scanner usually evaluates the manifest and not the upstream packages the manifest points at, so a kind: uv, package: helpful-tool entry is checked for proportionality to the stated purpose rather than for what helpful-tool does on the next user’s machine.

The install fan-out also exposes an LLM-induced variant of dependency confusion. A skill script written by a model that hallucinated a package name resolves at install time to whoever registered that name on the public registry. Attackers monitor model output for plausible misses and pre-register them, a pattern called slopsquatting.

Registry

Namespace allocation

Most skills registries don’t own a namespace; they inherit GitHub’s, along with the rules for name transfer and re-registration. A skill’s name is the repo path, and the security of that name is whatever the GitHub account that owns the repo happens to have configured. Patterns like revival-hijack (re-registering a freed package name and shipping a new release to everyone who still had it pinned) and dependency confusion apply, just at a different layer.

The registries that do own a namespace are mostly first-come, first-served on a flat name, with no reserved prefixes and no near-name collision check at publish. Typosquatting against a registry’s own brand has been an opening move in every documented campaign so far, and the design question is whether publish-time checks do anything at all: similarity scoring against existing names, reserved prefixes for first-party content, blocking confusable unicode, or nothing.

A registry that holds a deleted name for a fixed window and then releases it gives an attacker a deterministic schedule against any lockfile that pins by name and version. The package manager world arrived at “tombstone the name forever” by way of incidents that already have names attached; the question for skills is whether the lesson got copied along with the shape.

Maintainer lifecycle

For most skill registries, the maintainer lifecycle is whatever the source repo provides: adding a maintainer happens on GitHub, account recovery is GitHub’s password reset, and the registry isn’t involved in either. Notifying downstream users when a skill’s maintainer set changes, when a skill is forked to a new owner, or when a long-dormant account ships a release is mostly not done. Role separation is rare: a maintainer can publish, change settings, and add other maintainers

内容较长，当前仅展示前 14000 字。可点击“打开原文”查看完整内容。