I relocated my blog to Hugo due to easier maintainance and more control over content and layout. You can find it here.

All articles from this blog have been preserved, although I won’t list some that I found lacking in quality.

Combining a deep-depthwise CNN architecture with variable quantization in BitNetMCU achieves state-of-the-art MNIST accuracy on a low-end 32-bit microcontroller with 4 kB RAM and 16 kB flash.

Read the article at my new blog location.

This’ll be the last Recently in 2025. It’s been a decent year for me, a pretty rough year for the rest of the world. I hope, for everyone, that 2026 sees the reversal of some of the current trends.

Watching

This video from Daniel Yang, who makes spectacular bikes of his own, covers a lot of the economics of being a bike-builder, which are all pretty rough. I felt a lot of resonance with Whit: when I ran a business I always felt like it was tough to be commercial about it, and had to fight my own instincts to over engineer parts of it. It’s also heartbreaking to think about how many jobs are so straightforwardly good for the maker and good for the buyer but economically unviable because of the world we live in. I feel like the world would be a lot different if the cost of living was lower.

Yes, the fan video! It’s a solid 48 minutes of learning how fans work. I finally watched it. Man, if every company did their advertising this way it would be so fun. I learned a lot watching this.

I have trouble finding videos about how things work that are actually about how things work. Titles like “how it’s made” or “how it works” or “how we did it” perform well in A/B tests and SEO so they get used for media that actually doesn’t explain how it’s made and how it works, greatly frustrating people like me. But the fan video delivers.

Reading

But then, you realize that the goal post has shifted. As the tech industry has become dramatically more navigable, YC became much less focused on making the world understandable, revolving, instead, around feeding consensus. “Give the ecosystem what they want.”

I have extremely mixed feelings about Build What’s Fundable, this article from Kyle Harrison. Some of it I think is bravely truth-telling in an industry that usually doesn’t do public infighting - Harrison is a General Partner at a big VC firm, and he’s critiquing a lot of firms directly on matters both financial and ethical.

But on the other hand, there’s this section about “Breaking the Normative Chains”:

When you look at successful contrarian examples, many of them have been built by existing billionaires (Tesla, SpaceX, Palantir, Anduril). The lesson from that, I think, isn’t “be a billionaire first then you can have independent thoughts.” It is, instead, to reflect on what other characteristics often lead to those outcomes. And, in my opinion, the other commonality that a lot of those companies have is that they’re led by ideological purists. People that believe in a mission.

And then, in the next section he pulls up an example of a portfolio company that encapsulates the idea of true believers, and he names Base, which has a job ad saying “Don’t tell your grandkids all you did was B2B SaaS.”

Now, Base’s mission is cool: they’re doing power storage at scale. I like the website. But I have to vent here that the founder is Zach Dell. Michael Dell’s son. Of Dell Computer, and a 151 billion dollar fortune.

I just think that if we’re going to talk about how the lesson isn’t that you should be a billionaire first before having independent thoughts and building a big tech company, it should be easy to find someone who is not the son of the 10th wealthiest person in the world to prove that point. I have nothing against Zach in particular: he is probably a talented person. But in the random distribution of talented, hardworking people, very few of them are going to be the son of the 10th wealthiest person in the world.

Like so many other bits of Times coverage, the whole of the piece is structured as an orchestrated encounter. Some people say this; however, others say this. It’s so offhand you can think you’re gazing through a pane of glass. Only when you stand a little closer, or when circumstances make you a little less blinkered, do you notice the fact which then becomes blinding and finally crazymaking, which is just that there is zero, less than zero, stress put on the relation between those two “sides,” or their histories, or their sponsors, or their relative evidentiary authority, or any of it.

I love this article on maybe don’t talk to the New York Times about Zohran Mamdani. It describes the way in which the paper launders its biases, which overlaps with one of my favorite rules from Wikipedia editing about weasel words.

I don’t want you to hate this guy. Yes, he actively promotes poisonous rhetoric – ignore that for now. This is about you. Reflect on all your setbacks, your unmet potential, and the raw unfairness of it all. It sucks, and you mustn’t let that bitterness engulf you. You can forgive history itself; you can practice gratitude towards an unjust world. You need no credentials, nor awards, nor secrets, nor skills to do so. You are allowed to like yourself.

Taylor Troesh on IQ is exactly what I needed that day.

The React team knows this makes React complicated. But the bet is clear: React falls on the sword of complexity so developers don’t have to. That’s admirable, but it asks developers to trust React’s invisible machinery more than ever.

React and Remix Choose Different Futures is perfect tech writing: it unpacks the story and philosophy behind a technical decision without cramming it into a right-versus-wrong framework.

When you consider quitting, try to find a different scoreboard. Score yourself on something else: on how many times you dust yourself off and get up, or how much incremental progress you make. Almost always, in your business or life, there are things you can make daily progress on that can make you feel like you’re still winning. Start compounding.

“Why a language? Because I believe that the core of computing is not based on operating system or processor technologies but on language capability. Language is both a tool of thought and a means of communication. Just as our minds are shaped by human language, so are operating systems shaped by programming languages. We implement what we can express. If it cannot be expressed, it will not be implemented.” – Carl Sassenrath

Alexis Sellier, whose work and aesthetic I’ve admired since the early days of Node.js, is working on a new operating system. A real new operating system, like playb.it or SerenityOS (bad politics warning). I’m totally into it: we need more from-scratch efforts like this!

Yes, the funds available for any good cause are scarce, but that’s not because of some natural law, some implacable truth about human society. It’s because oligarchic power has waged war on benign state spending, leading to the destruction of USAID and drastic cuts to the aid budgets of other countries, including the UK. Austerity is a political choice. The decision to impose it is driven by governments bowing to the wishes of the ultra-rich.

The Guardian on Bill Gates is a good read. I’ve had The Bill Gates Problem on my reading list for a long time. Maybe it’s next after I finish The Fort Bragg Cartel.

Contrast this with the rhetorical shock and awe campaign that has been waged by technology companies for the last fifteen years championing the notion of ephemerality.

Implicit, but unspoken, in this worldview is the idea of transience leading to an understanding of a world awash in ephemeral moments that, if not seized on and immediately capitalized to maximum effect, will be forever lost to the mists of time and people’s distracted lifestyles.

Another incredible article by Aaron Straup Cope about AI, the web, ephemerality, and culture. (via Perfect Sentences)

Also, no exact quote, but I’ve been subscribed to Roma’s Unpolished Posts and they have been pretty incredible: mostly technical articles about CSS, which have been ‘new to me’ almost every day, and the author is producing them once a day. Feels like a cheat code to absorb so much new information so quickly.

Listening

I didn’t add any major new albums to my collection this month. I did see Tortoise play a show, which was something I never expected to do. So in lieu of new albums, here’s a theme.

There are a bunch of songs in my library that use a meter change as a way to add or resolve tension. I’m not a big fan of key changes but I love a good rhythm or production shift.

First off: Kissing the Beehive. Yes, it’s nearly 11 minutes long. Magically feeling “off kilter” and “in the pocket” at the same time. I’m no drummer but I think the first part is something like three measures of 4/4 and one of 6/4. But then at 3:26, brand new connected song, and by the time we get to 7 minutes in, we’re in beautiful breezy easy 4/4!

An Andrew Bird classic: about a minute of smooth 4/4, and then over to 7/4 in the second half or so.

I adore Akron/Family’s Running, Returning. Starts in classic 5/4, then transitions to 4/4, then 6/8. For me it all feels very cohesive. Notably, the band is not from Akron Ohio but formed in Williamsburg and were from other East Coast places. If you’re looking for the band from Akron, it’s The Black Keys.

Slow Mass’s Schemes might be my song of the year. Everything they write just sounds so cool. The switchup happens around 2:40 when the vocals move to 6/4. Astounding.

Predictions

Back in January, I made some predictions about 2025. Let’s see how they turned out!

1: The web becomes adversarial to AI

I am marking this one as a absolute win: more and more websites are using Anubis, which was released in March, to block LLM scrapers. Cloudflare is rolling out more LLM bot protections. I at Val Town have started to turn on those protections to keep LLM bots from eating up all of our bandwidth and CPU. The LLM bots are being assholes and everyone hates them.

2: Copyright nihilism breeds a return to physical-only media

This was at most going to be a moderate win because physical-only media will be niche, but I think there are good signs that this is right. The Internet Phone Book, in which this site is featured, started publishing this year. Gen Z seems to be buying more vinyl and printing out more photos.

3: American tech companies will pull out of Europe because they want to do acquisitions

Middling at best: there are threats and there is speculation, but nothing major to report.

4: The tech industry’s ‘DEI backlash’ will run up against reality

Ugh, probably the opposite has happened. Andreesen Horowitz shut down their fund that focused on women, minorities, and people underepresented in VC funding. We’ll know more about startups themselves when Carta releases their annual report, which looked pretty bad last year.

5: Local-first will have a breakthrough moment

Sadly, no. Lots and lots of promising projects, but the ecosystem really struggles to produce something production-ready that offers good tradeoffs. Tanstack DB might be the next contender.

6: Local, small AI models will be a big deal

Not yet. Big honkin’ models are still grabbing most of the headlines. LLMs still really thrive at accomplishing vague tasks that are achievable with a wide range of acceptance criteria, like chatbots, and are pretty middling at tasks that require specific strict, quantifiable outputs.

For my mini predictions:

• Substack will re-bundle news. Sort of! Multi-editor newsletters like The Argument are all the rage right now.
• TypeScript gets a zeitwork equivalent and lots of people use it. Sadly, no.
• Node.js will fend off its competitors. Mostly! Bun keeps making headway but Node.js keeps implementing the necessary featureset, and doesn’t seem to be losing that much marketshare.
• Another US city starts seriously considering congestion pricing. There are rumblings from Boston and Chicago!
• Stripe will IPO. Nope. Unlimited tender offers from Sequoia is just as good as IPOing, so why would they.

It’s the end of 2025, which means that I’m closing in on three years at Val Town. I haven’t written much about the company or what it’s really been like. The real story of companies is usually told well after years after the dust has settled. Founders usually tell a heroic story of success while they’re building.

Reading startup news really warps your perspective, especially when you’re building a startup yourself. Everyone else is getting fabulously rich! It makes me less eager to write about anything.

But I’m incurably honest and like working with people who are too. Steve, the first founder of Val Town (I joined shortly after as cofounder/CTO) is a shining example of this. He is a master of saying the truth in situations when other people are afraid to. I’ve seen it defuse tension and clear paths. It’s a big part of ‘the culture’ of the company.

So here’s some of the story so far.

Delivering on existing expectations and promises

Here’s what the Val Town interface looked like fairly early on:

When I initially joined, we had a prototype and a bit of hype. The interface was heavily inspired by Twitter - every time that you ran code, it would save a new ‘val’ and add it to an infinite-scrolling list.

Steve and Dan had really noticed the utter exhaustion in the world of JavaScript: runaway complexity. A lot of frameworks and infrastructure was designed for huge enterprises and was really, really bad at scaling down. Just writing a little server that does one thing should be easy, but if you do it with AWS and modern frameworks, it can be a mess of connected services and boilerplate.

Val Town scaled down to 1 + 1. You could type 1 + 1 in the text field and get 2. That’s the way it should work.

It was a breath of fresh air. And a bunch of people who encountered it even in this prototype-phase state were inspired and engaged.

One of the pivotal moments of this stage was creating this graphic for our marketing site: the arrows graphic. It really just tied it all together: look how much power there was in this little val! And no boilerplate either. Where there otherwise is a big ritual of making something public or connecting an email API, there’s just a toggle and a few lines of code.

I kind of call this early stage, for me, the era of delivering on existing expectations and promises. The core cool idea of the product was there, but it was extremely easy to break.

Security was one of the top priorities. We weren’t going to be a SOC2 certified bank-grade platform, but we also couldn’t stay where we were. Basically, it was trivially easy to hack: we were using the vm2 NPM module to run user code. I appreciate that vm2 exists, but it really, truly, is a trap. There are so many ways to get out of its sandbox and access other people’s code and data. We had a series of embarrassing security vulnerabilities.

For example: we supported web handlers so you could easily implement a little server endpoint, and the API for this was based on express, the Node.js server framework. You got a request object and response object, from express, and in this case they were literally the same as our server’s objects. Unfortunately, there’s a method response.download(path: string) which sends an arbitrary file from your server to the internet. You can see how this one ends: not ideal.

So, we had to deliver on a basic level of security. Thankfully, in the way that it sometimes does, the road rose to meet us. The right technology appeared just in time: Deno. Deno’s sandboxing made it possible to run people’s code securely without having to build a mess of Kubernetes and Docker sandbox optimizations. It delivered being secure, fast, and simple to implement: we haven’t identified a single security bug caused by Deno.

That said, the context around JavaScript runtimes has been tough. Node.js is still dominant and Bun has attracted most of the attention as an alternative, with Deno in a distant third place, vibes-wise. The three are frustratingly incompatible - Bun keeps adding built-ins like an S3 client which would have seemed unthinkable in the recent past. Node added an SQLite client in 22. Contrary to what I hoped in 2022, JavaScript has gotten more splintered and inconsistent as an ecosystem.

Stability was the other problem. The application was going down constantly for a number of reasons, but most of all was the database, which was Supabase. I wrote about switching away from Supabase, which they responded to in a pretty classy way, and I think they’ve since improved. But Render has been a huge step up in maintainability and maturity for how we host Val Town.

Adding Max was a big advance in our devops-chops too: he was not only able to but excited to work on the hard server capacity and performance problems. We quietly made a bunch of big improvements like allowing vals to stay alive after serving requests - before that, every run was a cold start.

What to do about AI

Townie, the Val Town chatbot, in early 2024

Believe it or not, but in early 2023, there were startups that didn’t say “AI” on the front page of their marketing websites. The last few years have been a dizzying shift in priorities and vibes, which I have had mixed feelings about that I’ve written about a lot.

At some point it became imperative to figure out what Val Town was supposed to do about all that. Writing code is undeniably one of the sweet spots of what LLMs can do, and over the last few years the fastest-growing most hyped startups have emerged from that ability.

This is where JP Posma comes in. He was Steve’s cofounder at a previous startup, Zaplib, and was our ‘summer intern’ - the quotes because he’s hilariously overqualified for that title. He injected some AI-abilities into Val Town, both RAG-powered search and he wrote the first version of Townie, a chatbot that is able to write code.

Townie has been really interesting. Basically it lets you write vals (our word for apps) with plain English. This development happened around the same time as a lot of the ‘vibe-coding’ applications, like Bolt and Lovable. But Townie was attached to a platform that runs code and has community elements and a lot more. It’s an entry point to the rest of the product, while a lot of other vibe-coding tools were the core product that would eventually expand to include stuff like what Val Town provides.

Ethan Ding has written a few things about this: it’s maybe preferable to sell compute instead of being the frontend for LLM-vibe-coding. But that’s sort of a long-run prediction about where value accrues rather than an observation about what companies are getting hype and funding in the present.

There are way too many companies providing vibe-coding tools without having a moat or even a pathway to positive margins. But having made a vibe-coding tool, I completely see why: it makes charts look amazing. Townie was a huge growth driver for a while, and a lot of people were hearing about Townie first, and only later realizing that Val Town could run code, act as a lightweight GitHub alternative, and power a community.

Unlike a lot of AI startups, we didn’t burn a ton of money running Townie. We did have negative margins on it, but to the tune of a few thousand dollars a month during the most costly months.

Introducing a pro plan made it profitable pretty quickly and today Townie is pay-as-you-go, so it doesn’t really burn money at all. But on the flip side, we learned a lot about the users of vibe-coding tools. In particular, they use the tools a lot, and they really don’t want to pay for them. This kind of makes sense: vibe-coding actual completed apps without ever dropping down to write or read code is zeno’s paradox: every prompt gets you halfway there, so you inch closer and closer but never really get to your destination.

So you end up chatting for eight hours, typically getting angrier and angrier, and using a lot of tokens. This would be great for business in theory, but in practice it doesn’t work for obvious reasons: people like to pay for results, not the process. Vibe-coding is a tough industry - it’s simultaneously one of the most expensive products to run, and one of the most flighty and cost-sensitive user-bases I’ve encountered.

So AI has been complicated. On one hand, it’s amazing for growth and obviously has spawned wildly successful startups. On the other, it can be a victim of its own expectations: every company seems to promise perfect applications generated from a single prompt and that just isn’t the reality. And that results in practically every tool falling short of those expectations and thus getting the rough end of user sentiment.

We’re about to launch MCP support, which will make it possible to use Val Town via existing LLM interfaces like Claude Code. It’s a lot better than previous efforts - more powerful and flexible, plus it requires us to reinvent less of the wheel. The churn in the ‘state of the art’ feels tremendous: first we had tool-calling, then MCPs, then tool calling writing code to call MCPs: it’s hard to tell if this is fast progress or just churn.

As a business

When is a company supposed to make money? It’s a question that I’ve thought about a lot. When I was running a bootstrapped startup, the answer was obviously as soon as possible, because I’d like to stop paying my rent from my bank account. Venture funding lets you put that off for a while, sometimes a very long while, and then when companies start making real revenue they at best achieve break-even. There are tax and finance reasons for all of this – I don’t make the rules!

Anyway, Val Town is far from break-even. But that’s the goal for 2026, and it’s optimistically possible.

One thing I’ve thought for a long time is that people building startups are building complicated machines. They carry out a bunch of functions, maybe they proofread your documents or produce widgets, or whatever, but the machine also has a button on it that says “make money.” And everything kind of relates to that button as you’re building it, but you don’t really press it.

The nightmare is if the rest of the machine works, you press the button, and it doesn’t do anything. You’ve built something useful but not valuable. This hearkens back to the last section about AI: you can get a lot of people using the platform, but if you ask them for money and they’re mostly teenagers or hobbyists, they’re not going to open their wallets. They might not even have wallets.

So we pressed the button. It kind of works.

But what I’ve learned is that making revenue is a lot like engineering: it requires a lot of attempts, testing, and hard work. It’s not something that just results from a good product. Here’s where I really saw Charmaine and Steve at work, on calls, making it happen.

The angle right now is to sell tools for ‘Go To Market’ - stuff like capturing user signups of your website, figuring out which users are from interesting companies or have interesting use-cases, and forwarding that to Slack, pushing it to dashboards, and generally making the sales pipeline work. It’s something Val Town can do really well: most other tools for this kind of task have some sort of limit in how complicated and custom they can get, and Val Town doesn’t.

Expanding and managing the complexity

Product-wise, the big thing about Val Town that has evolved is that it can do more stuff and it’s more normal. When we started out, a Val was a single JavaScript expression - this was part of what made Val Town scale down so beautifully and be so minimal, but it was painfully limited. Basically people would type into the text box

const x = 10;
function hi() {};
console.log(1);

And we couldn’t handle that at all: if you ran the Val did it run that function? Export the x variable? It was magic but too confusing. The other tricky niche choice was that we had a custom import syntax like this:

@tmcw.helper(10);

In which @tmcw.helper was the name of another val and this would automatically import and use it. Extremely slick but really tricky to build off of because this was non-standard syntax, and it overlapped with the proposed syntax for decorators in JavaScript. Boy, I do not love decorators: they have been under development for basically a decade and haven’t landed, just hogging up this part of the unicode plane.

But regardless this syntax wasn’t worth it. I have some experience with this problem and have landed squarely on the side of normality is good.

So, in October 2023, we ditched it, adopted standard ESM import syntax, and became normal. This is was a big technical undertaking, in large part because we tried to keep all existing code running by migrating it. Thankfully JavaScript has a very rich ecosystem of tools that can parse & produce code and manipulate syntax trees, but it was still a big, dramatic shift.

This is one of the core tensions of Val Town as well as practically every startup: where do you spend your user-facing innovation energy?

I’m a follower of the use boring technology movement when it comes to how products are built: Val Town intentionally uses some boring established parts like Postgres and React Router, but what about when it comes to the product itself? I’ve learned the hard way that most of what people call intuition is really familiarity: it’s good when an interface behaves like other interfaces. A product that has ten new concepts and a bunch of new UI paradigms is going to be hard to learn and probably will lose out to one that follows some familiar patterns.

Moving to standard JavaScript made Val Town more learnable for a lot of people while also removing some of its innovation. Now you can copy code into & out of Val Town without having to adjust it. LLMs can write code that targets Val Town without knowing everything about its quirks. It’s good to go with the flow when it comes to syntax.

Hiring and the team

Val Town has an office. I feel like COVID made everything remote by default and the lower-COVID environment that we now inhabit (it’s still not gone!) has led to a swing-back, but the company was founded in the latter era and has never been remote. So, we work from home roughly every other Friday.

This means that we basically try to hire people in New York. It hasn’t been too hard in the past. About 6% of America lives in the New York City metro area and the Northeast captures about 23% of venture funding, so there are lots of people who live here or want to.

Here’s something hard to publish: we’re currently at three people. It was five pretty recently. Charmaine got poached by Anthropic where she’ll definitely kick ass, and Max is now at Cloudflare where he’s writing C++, which will be even more intimidating than his chess ranking. The company’s really weirdly good at people leaving: we had parties and everyone exchanges hand-written cards. How people handle hard things says a lot.

But those three are pretty rad: Jackson was a personal hero of mine before we hired him (he still is). He’s one of the best designers I’ve worked with, and an incredibly good engineer to boot. He’s worked at a bunch of startups you’ve heard of, had a DJ career, gotten to the highest echelons of tech without acquiring an ego. He recently beat me to the top spot in our GitHub repo’s lines-changed statistic.

Steve has what it takes for this job: grit, optimism, curiosity. The job of founding a company and being a CEO is a different thing every few months - selling, hiring, managing, promoting. Val Town is a very developer-consumer oriented product and that kind of thing requires a ton of promotion. Steve has done so much, in podcasts, spreading the word in person, writing, talking to customers. He has really put everything into this. A lot of the voice and the attitude of the company flows down from the founder, and Steve is that.

Did I mention that we’re hiring?

In particular, for someone to be a customer-facing technical promoter type - now called a “GTM” hire. Basically, who can write a bit of code but has the attitude of someone in sales. Who can see potential and handle rejection. Not necessarily the world’s best programmer, but who can probably code, and definitely someone who can write. Blogging and writing online is a huge green flag for this position.

And the other role that we really need is an “application engineer.” These terms keep shifting, so if full-stack engineer means more, sure, that too. Basically someone who can write code across boundaries. This is more or less what Jackson and I do - writing queries, frontend code, fixing servers, the whole deal. Yeah, it sounds like a lot but this is how all small companies operate, and I’ve made a lot of decisions to make this possible: we’ve avoided complexity like the plague in Val Town’s stack, so it should all be learnable. I’ve written a bunch of documentation for everything, and constantly tried to keep the codebase clean.

Sidenote, but even though I think that the codebase is kind of messy, I’ve heard from very good engineers (even the aforementioned JP Posma) that it’s one of the neatest and most rational codebases they’ve seen. Maybe it is, maybe it isn’t, see for yourself!

What we’re really looking for in hires

Tech hiring has been broken the whole time I’ve been in the industry, for reasons that would take a whole extra article to ponder. But one thing that makes it hard is vagueness, both on the part of applicants and companies. I get it - cast a wide net, don’t put people off. But I can say that:

• For the GTM position, you should be able to write for the internet. This can be harder than it looks: there are basically three types of writing: academic, corporate, and internet, and they are incompatible.
• You should also be kind of entrepreneurial: which means optimistic, resilient, and opportunistic.
• For the application engineering role, you should be a good engineer who understands the code you write and is good at both writing and reading code. Using LLM tools is great, but relying on them exclusively is a dealbreaker. LLMs are not that good at writing code.

What the job is like

The company’s pretty low drama. Our office is super nice. We work hard but not 996. We haven’t had dinner in the office. But we all do use PagerDuty so when the servers go down, we wake up and it sucks. Thankfully the servers go down less than they used to.

We all get paid the same: $175k. Lower than FAANG, but pretty livable for Brooklyn. Both of the jobs listed - the Product Engineer, and Growth Engineer - are set at 1% equity. $175k is kind of high-average for where we’re at, but 1% in my opinion is pretty damn good. Startups say that equity is “meaningful” at all kinds of numbers but it’s definitely meaningful at that one. If Val Town really succeeds, you can get pretty rich off of that.

Of course, will it succeed? It’s something I think about all the time. I was born to ruminate. We have a lot going for us, and a real runway to make things happen. Some of the charts in our last investor update looked great. Some days felt amazing. Other days were a slog. But it’s a good team, with a real shot of making it.

Hello! Only a day late this time. October was another busy month but it didn’t yield much content. I ran a second half-marathon, this time with much less training, but only finished a few minutes slower than I did earlier this year. Next year I’m thinking about training at a normal mileage for the kinds of races I’m running - 25 miles or so per week instead of this year’s roughly 15.

And speaking of running, I just wrote up this opinion I have about how fewer people should run marathons.

Reading

I enjoyed reading Why Functor Doesn’t Matter, but I don’t really agree. The problem that I had with functional programming jargon isn’t that the particular terms are strange or uncommon, but that their definitions rely on a series of other jargon terms, and the discipline tends to omit good examples, metaphors, or plain-language explanations. It’s not that the strict definition is bad, but when a function is defined as _a mapping that associates a morphism F: X -> Y in category C to a morphism F(f): F(X) -> F(Y), in category D, you now have to define morphism, categories, and objects, and all of which have domain-specific definitions.

I am loving Sherif’s posting about building a bike from the frame up.

Maximizers are biased to speed, optionality, breadth, momentum, opportunism, parallel bets, hype, luck exposure, momentum, “Why not both?”, “Better to move fast than wait for perfect”. Maximizers want to see concrete examples before they’ll make tradeoffs. They anchor decisions in the tangible. “Stop making things so complicated.” “Stop overthinking.”

Focusers are biased to focus, coherence, depth, meaningful constraints, doing less for more, sequential experiments, intentionality, sustainability, “What matters most?”, compounding clarity. Focusers are comfortable with abstraction. A clear constraint or principle is enough to guide them. “Stop mistaking chaos for progress.” “Stop overdoing.”

John Cutler’s post about maximizers vs. focusers matches my experience in tech. Like many young engineers, I think I started out as a focuser and have tried to drift to the center all the time, but the tension both internally and interpersonally at every job is present.

I recently remarked to a friend that traveling abroad after the advent of the smartphone feels like studying biology after the advent of microplastics. It has touched every aspect of life. No matter where you point your microscope you will see its impact.

Josh Erb’s blog about living in India is great, personal, a classic blog’s blog.

For me, the only reason to keep going is to try and make AI a wonderful technology for the world. Some feel the same. Others are going because they’re locked in on a path to generational wealth. Plenty don’t have either of these alignments, and the wall of effort comes sooner.

This article about AI researchers working all the time and burning out is interesting, in part because I find the intention of AI researchers so confusing. I can see the economic intention: these guys are making bank! Congrats to all of them. But it’s so rare to talk to anyone who has a concrete idea about how they are making the world better by doing what they’re doing, and that’s the reason why they’re working so hard. OpenAI seems to keep getting distracted from that cancer cure, and their restructuring into a for-profit company kind of indicates that there’s more greed than altruism in the mix.

every vc who bet on the modern data stack watched their investments get acquired for pennies or go to zero. the only survivors: the warehouses themselves, or the companies the warehouses bought to strengthen their moats.

It’s niche, but this article about Snowflake, dbt, fivetran, and other ‘data lake’ architecture is really enlightening.

Listening

Totorro’s new album was the only one I picked up this month. It’s pretty good math-rock, very energetic and precise.

Watching

• One Battle After Another was incredible.
• eXistenZ is so gloriously weird, I really highly recommend it. It came out the same year as The Matrix and explores similar themes, but the treatment of futuristic technology is something you won’t see anywhere else: instead of retro-steampunk metal or fully dystopian grimness, it’s colorful, slimy, squelchy, organic, and weird.

Speaking of weird, Ben Levin’s gesamtkunstwerk videos are wild and glorious.

You might have seen an article making the rounds this week, about a young man who ended his life after ChatGPT encouraged him to do so. The chat logs are really upsetting.

Someone two degrees removed from me took their life a few weeks ago. A close friend related the story to me, about how this person had approached their neighbor one evening to catch up, make small talk, and casually discussed their suicidal ideation at some length. At the end of the conversation, they asked to borrow a rope, and their neighbor agreed without giving the request any critical thought. The neighbor found them the next morning.

I didn’t know the deceased, nor their neighbor, but I’m close friends with someone who knew both. I found their story deeply chilling – ice runs through my veins when I imagine how the neighbor must have felt. I had a similar feeling upon reading this article, wondering how the people behind ChatGPT and tools like it are feeling right now.

Two years ago, someone I knew personally took their life as well. I was not friendly with this person – in fact, we were on very poor terms. I remember at the time, I had called a crisis hotline just to ask an expert for advice on how to break this news to other people in my life, many of whom were also on poor terms with a person whose struggles to cope with their mental health issues caused a lot of harm to others.

None of us had to come to terms with any decisions with the same gravity as what that unfortunate neighbor had to face. None of us were ultimately responsible for this person’s troubles or were the impetus for what happened. Nonetheless, the uncomfortable and confronting feelings I experienced in the wake of that event perhaps give me some basis for empathy and understanding towards the neighbor, or for OpenAI employees, and others who find themselves in similar situations.

If you work on LLMs, well… listen, I’ve made my position as an opponent of this technology clear. I feel that these tools are being developed and deployed recklessly, and I believe tragedy is the inevitable result of that recklessness. If you confide in me, I’m not going to validate your career choice. But maybe that’s not necessarily a bad quality to have in a confidant? I still feel empathy towards you and I recognize your humanity and our need to acknowledge each other as people.

If you feel that I can help, I encourage you to reach out. I will keep our conversation in confidence, and you can reach out anonymously if that makes you feel safer. I’m a good listener and I want to know how you’re doing. Email me.

If you’re experiencing a crisis, 24-hour support is available from real people who are experts in getting you the help you need. Please consider reaching out. All you need to do is follow the link.

Outages, you say? Of course I have stories about outages, and limits, and some limits causing outages, and other things just screwing life up. Here are some random thoughts which sprang to mind upon reading this morning's popcorn-fest.

...

I was brand new at a company that "everybody knew" had AMAZING infrastructure. They could do things with Linux boxes that nobody else could. As part of the new employee process, I had to get accounts in a bunch of systems, and one of them was this database used to track the states of machines. It was where you could look to see if it was (supposed to be) serving, or under repair, or whatever. You could also see (to some degree) what services were supposed to be running on it, and what servers (that is, actual programs), the port numbers, and whether all of that stuff was synced to the files on the box or not.

My request didn't go through for a while, and I found out that it had something to do with my employee ID being a bit over 32767. And yeah, for those of you who didn't just facepalm at seeing that number, that's one of those "magic numbers" which pops up a bunch when talking about limits. That one is what you get when you try to store numbers as 16 bit values... with a sign to allow negative values. Why you'd want a negative employee number is anyone's guess, but that's how they configured it.

I assume they fixed the database schema at some point to allow more than ~15 bits of employee numbers, but they did an interesting workaround to get me going before then. They just shaved off the last digit and gave me that ID in their system instead. I ended up as 34xx instead of 34xxx, more or less.

This was probably my first hint that their "amazing infra" was in fact the same kind of random crazytown as everywhere else once you got to see behind the curtain.

...

Then there was the time that someone decided that a log storage system that had something like a quarter of a million machines (and growing fast) feeding it needed a static configuration. The situation unfolded like this:

(person 1) Hey, why is this thing crashing so much?

(person 2) Oh yeah, it's dumping cores constantly! Wow!

(person 1) It's running but there's nothing in the log?

(person 2) Huh, "runtime error ... bad id mapping?"

(person 2) It's been doing this for a month... and wait, other machines are doing it, too!

(person 1) Guess I'll dig into this.

(person 2) "range name webserv_log.building1.phase3 range [1-20000]"

(person 2) But this machine is named webserv20680...

(person 2) Yeah, that's enough for me. Bye!

The machines were named with a ratcheting counter: any time they were assigned to be a web server, they got names like "webserv1", "webserv2", ... and so on up the line. That had been the case all along.

Whoever designed this log system years later decided to put a hard-coded limiter into it. I don't know if they did it because they wanted to feel useful every time it broke so they could race in and fix it, or if they didn't care, or if they truly had no idea that numbers could in fact grow beyond 20000.

Incidentally, that particular "building1.phase3" location didn't even have 20000 machines at that specific moment. It had maybe 15000 of them, but as things went away and came back, the ever-incrementing counter just went up and up and up. So, there _had been_ north of 20K machines in that spot overall, and that wasn't even close to a surprising number.

...

There was a single line that would catch obvious badness at a particular gig where we had far too many Apache web servers running on various crusty Linux distributions:

locate access_log | xargs ls -la | grep 2147

It was what I'd send in chat to someone who said "hey, the customer's web server won't stay up". The odds were very good that they had a log file that had grown to 2.1 GB, and had hit a hard limit which was present in that particular system. Apache would try to write to it, that write would fail, and the whole process would abort.

"2147", of course, is the first 4 digits of the expected file size: 2147483647 ... or (2^31)-1.

Yep, that's another one of those "not enough bits" problems like the earlier story, but this one is 32 bits with one of them being for the sign, not 16 like before. It's the same problem, though: the counter maxes out and you're done.

These days, files can get quite a bit bigger... but you should still rotate your damn log files once in a while. You should probably also figure out what's pooping in them so much and try to clean that up, too!

...

As the last one for now, there was an outage where someone reported that something like half of their machines were down. They had tried to do a kernel update, and wound up hitting half of them at once. I suspect they wanted to do a much smaller quantity, but messed up and hit fully half of them somehow. Or, maybe they pointed it at all of them, and only half succeeded at it. Whatever the cause, they now had 1000 freshly-rebooted machines.

The new kernel was fine, and the usual service manager stuff came back up, and it went to start the workload for those systems, and then it would immediately crash. It would try to start it again. It would crash again. Crash crash crash. This is why we call it "crashlooping".

Finally, the person in question showed up in the usual place where we discussed outages, and started talking about what was going on.

(person 1) Our stuff isn't coming back.

(person 2) Oh yeah, that's bad, they're all trying to start.

(person 1) Start, abort, start, abort, ...

(person 2) Yep, aborting... right about here: company::project::client::BlahClient::loadConfig ... which is this code: <paste>

(person 2) It's calling "get or throw" on a map for an ID number...

(person 1) My guess is the config provider service isn't running.

(person 2) It's there... it's been up for 30 minutes...

(person 1) Restarting the jobs.

(person 2) Nooooooooooo...

<time passes>

(person 2) Why is there no entry for number 86 in the map in the config?

(person 1) Oh, I bet it's problems with port takeover.

(person 3) I think entry 86 is missing from <file>.

(person 2) Definitely is missing.

(person 4) Hey everyone, we removed that a while back. Why would it only be failing now?

(person 2) It's only loaded at startup, right?

(person 4) Right.

(person 2) So if they were running for a long time, then it changed, then they're toast after a restart...

(person 3) Hey, this change looks related.

(person 4) I'm going to back that out.

This is a common situation: program A reads config C. When it starts up, config C is on version C1, and everything is fine. While A is running, the config is updated from C1 to C2, but nothing notices. Later, A tries to restart and it chokes on the C2 config, and refuses to start.

Normally, you'd only restart a few things to get started, and you'd notice that your program can't consume the new config at that point. You'd still have a few instances down, but that's it - a *few* instances. Your service should keep running on whatever's left over that you purposely didn't touch.

This is why you strive to release things in increments.

Also, it helps when programs notice config changes while they're running, so this doesn't sneak up on you much later when you're trying to restart. If the programs notice the bad config right after the change is made, it's *far* easier to correlate it to the change just by looking at the timeline.

Tuesday, 11:23:51: someone applies change.

Tuesday, 11:23:55: first 1% of machines which subscribe to the change start complaining.

... easy, right? Now compare it to this:

Tuesday, November 18: someone applies a change

Wednesday, January 7: 50% of machines fail to start "for some reason"

That's a lot harder to nail down.

...

Random aside: restarting the jobs did not help. They were already restarting themselves. "Retry, reboot, reinstall, repeat" is NOT a strategy for success.

It was not the config system being down. It was up the whole time.

It was nothing to do with "port takeover". What does that have to do with a config file being bad?

The evidence was there: the processes were crashing. They were logging a message about WHY they were killing themselves. It included a number they wanted to see, but couldn't find. It also said what part of the code was blowing up.

*That* is where you start looking. You don't just start hammering random things.

I've been studying the standard cell circuitry in the Intel 386 processor recently. The 386, introduced in 1985, was Intel's most complex processor at the time, containing 285,000 transistors. Intel's existing design techniques couldn't handle this complexity and the chip began to fall behind schedule. To meet the schedule, the 386 team started using a technique called standard cell logic. Instead of laying out each transistor manually, the layout process was performed by a computer.

The idea behind standard cell logic is to create standardized circuits (standard cells) for each type of logic element, such as an inverter, NAND gate, or latch. You feed your circuit description into software that selects the necessary cells, positions these cells into columns, and then routes the wiring between the cells. This "automatic place and route" process creates the chip layout much faster than manual layout. However, switching to standard cells was a risky decision since if the software couldn't create a dense enough layout, the chip couldn't be manufactured. But in the end, the 386 finished ahead of schedule, an almost unheard-of accomplishment.1

The 386's standard cell circuitry contains a few circuits that I didn't expect. In this blog post, I'll take a quick look at some of these circuits: surprisingly large multiplexers, a transistor that doesn't fit into the standard cell layout, and inverters that turned out not to be inverters. (If you want more background on standard cells in the 386, see my earlier post, "Reverse engineering standard cell logic in the Intel 386 processor".)

The photo below shows the 386 die with the automatic-place-and-route regions highlighted; I'm focusing on the red region in the lower right. These blocks of logic have cells arranged in rows, giving them a characteristic striped appearance. The dark stripes are the transistors that make up the logic gates, while the lighter regions between the stripes are the "routing channels" that hold the wiring that connects the cells. In comparison, functional blocks such as the datapath on the left and the microcode ROM in the lower right were designed manually to optimize density and performance, giving them a more solid appearance.

As for other features on the chip, the black circles around the border are bond wire connections that go to the chip's external pins. The chip has two metal layers, a small number by modern standards, but a jump from the single metal layer of earlier processors such as the 286. (Providing two layers of metal made automated routing practical: one layer can hold horizontal wires while the other layer can hold vertical wires.) The metal appears white in larger areas, but purplish where circuitry underneath roughens its surface. The underlying silicon and the polysilicon wiring are obscured by the metal layers.

The giant multiplexers

The standard cell circuitry that I'm examining (red box above) is part of the control logic that selects registers while executing an instruction. You might think that it is easy to select which registers take part in an instruction, but due to the complexity of the x86 architecture, it is more difficult. One problem is that a 32-bit register such as EAX can also be treated as the 16-bit register AX, or two 8-bit registers AH and AL. A second problem is that some instructions include a "direction" bit that switches the source and destination registers. Moreover, sometimes the register is specified by bits in the instruction, but in other cases, the register is specified by the microcode. Due to these factors, selecting the registers for an operation is a complicated process with many cases, using control bits from the instruction, from the microcode, and from other sources.

Three registers need to be selected for an operation—two source registers and a destination register—and there are about 17 cases that need to be handled. Registers are specified with 7-bit control signals that select one of the 30 registers and control which part of the register is accessed. With three control signals, each 7 bits wide, and about 17 cases for each, you can see that the register control logic is large and complicated. (I wrote more about the 386's registers here.)

I'm still reverse engineering the register control logic, so I won't go into details. Instead, I'll discuss how the register control circuit uses multiplexers, implemented with standard cells. A multiplexer is a circuit that combines multiple input signals into a single output by selecting one of the inputs.2 A multiplexer can be implemented with logic gates, for instance, by ANDing each input with the corresponding control line, and then ORing the results together. However, the 386 uses a different approach—CMOS switches—that avoids a large AND/OR gate.

The schematic above shows how a CMOS switch is constructed from two MOS transistors. When the two transistors are on, the output is connected to the input, but when the two transistors are off, the output is isolated. An NMOS transistor is turned on when its input is high, but a PMOS transistor is turned on when its input is low. Thus, the switch uses two control inputs, one inverted. The motivation for using two transistors is that an NMOS transistor is better at pulling the output low, while a PMOS transistor is better at pulling the output high, so combining them yields the best performance.3 Unlike a logic gate, the CMOS switch has no amplification, so a signal is weakened as it passes through the switch. As will be seen below, inverters can be used to amplify the signal.

The image below shows how CMOS switches appear under the microscope. This image is very hard to interpret because the two layers of metal on the 386 are packed together densely, but you can see that some wires run horizontally and others run vertically. The bottom layer of metal (called M1) runs vertically in the routing area, as well as providing internal wiring for a cell. The top layer of metal (M2) runs horizontally; unlike M1, the M2 wires can cross a cell. The large circles are vias that connect the M1 and M2 layers, while the small circles are connections between M1 and polysilicon or M1 and silicon. The central third of the image is a column of standard cells with two CMOS switches outlined in green. The cells are bordered by the vertical ground rail and +5V rail that power the cells. The routing areas are on either side of the cells, holding the wiring that connects the cells.

Removing the metal layers reveals the underlying silicon with a layer of polysilicon wiring on top. The doped silicon regions show up as dark outlines. I've drawn the polysilicon in green; it forms a transistor (brighter green) when it crosses doped silicon. The metal ground and power lines are shown in blue and red, respectively, with other metal wiring in purple. The black dots are vias between layers. Note how metal wiring (purple) and polysilicon wiring (green) are combined to route signals within the cell. Although this standard cell is complicated, the important thing is that it only needs to be designed once. The standard cells for different functions are all designed to have the same width, so the cells can be arranged in columns, snapped together like Lego bricks.

To summarize, this switch circuit allows the input to be connected to the output or disconnected, controlled by the select signal. This switch is more complicated than the earlier schematic because it includes two inverters to amplify the signal. The data input and the two select lines are connected to the polysilicon (green); the cell is designed so these connections can be made on either side. At the top, the input goes through a standard two-transistor inverter. The lower left has two transistors, combining the NMOS half of an inverter with the NMOS half of the switch. A similar circuit on the right combines the PMOS part of an inverter and switch. However, because PMOS transistors are weaker, this part of the circuit is duplicated.

A multiplexer is constructed by combining multiple switches, one for each input. Turning on one switch will select the corresponding input. For instance, a four-to-one multiplexer has four switches, so it can select one of the four inputs.

The schematic above shows a hypothetical multiplexer with four inputs. One optimization is that if an input is always 0, the PMOS transistor can be omitted. Likewise, if an input is always 1, the NMOS transistor can be omitted. One set of select lines is activated at a time to select the corresponding input. The pink circuit selects 1, green selects input A, yellow selects input B, and blue selects 0. The multiplexers in the 386 are similar, but have more inputs.

The diagram below shows how much circuitry is devoted to multiplexers in this block of standard cells. The green, purple, and red cells correspond to the multiplexers driving the three register control outputs. The yellow cells are inverters that generate the inverted control signals for the CMOS switches. This diagram also shows how the automatic layout of cells results in a layout that appears random.

The misplaced transistor

The idea of standard-cell logic is that standardized cells are arranged in columns. The space between the cells is the "routing channel", holding the wiring that links the cells. The 386 circuitry follows this layout, except for one single transistor, sitting between two columns of cells.

I wrote some software tools to help me analyze the standard cells. Unfortunately, my tools assumed that all the cells were in columns, so this one wayward transistor caused me considerable inconvenience.

The transistor turns out to be a PMOS transistor, pulling a signal high as part of a multiplexer. But why is this transistor out of place? My hypothesis is that the transistor is a bug fix. Regenerating the cell layout was very costly, taking many hours on an IBM mainframe computer. Presumably, someone found that they could just stick the necessary transistor into an unused spot in the routing channel, manually add the necessary wiring, and avoid the delay of regenerating all the cells.

The fake inverter

The simplest CMOS gate is the inverter, with an NMOS transistor to pull the output low and a PMOS transistor to pull the output high. The standard cell circuitry that I examined contains over a hundred inverters of various sizes. (Performance is improved by using inverters that aren't too small but also aren't larger than necessary for a particular circuit. Thus, the standard cell library includes inverters of multiple sizes.)

The image below shows a medium-sized standard-cell inverter under the microscope. For this image, I removed the two metal layers with acid to show the underlying polysilicon (bright green) and silicon (gray). The quality of this image is poor—it is difficult to remove the metal without destroying the polysilicon—but the diagram below should clarify the circuit. The inverter has two transistors: a PMOS transistor connected to +5 volts to pull the output high when the input is 0, and an NMOS transistor connected to ground to pull the output low when the input is 1. (The PMOS transistor needs to be larger because PMOS transistors don't function as well as NMOS transistors due to silicon physics.)

The polysilicon input line plays a key role: where it crosses the doped silicon, a transistor gate is formed. To make the standard cell more flexible, the input to the inverter can be connected on either the left or the right; in this case, the input is connected on the right and there is no connection on the left. The inverter's output can be taken from the polysilicon on the upper left or the right, but in this case, it is taken from the upper metal layer (not shown). The power, ground, and output lines are in the lower metal layer, which I have represented by the thin red, blue, and yellow lines. The black circles are connections between the metal layer and the underlying silicon.

This inverter appears dozens of times in the circuitry. However, I came across a few inverters that didn't make sense. The problem was that the inverter's output was connected to the output of a multiplexer. Since an inverter is either on or off, its value would clobber the output of the multiplexer.4 This didn't make any sense. I double- and triple-checked the wiring to make sure I hadn't messed up. After more investigation, I found another problem: the input to a "bad" inverter didn't make sense either. The input consisted of two signals shorted together, which doesn't work.

Finally, I realized what was going on. A "bad inverter" has the exact silicon layout of an inverter, but it wasn't an inverter: it was independent NMOS and PMOS transistors with separate inputs. Now it all made sense. With two inputs, the input signals were independent, not shorted together. And since the transistors were controlled separately, the NMOS transistor could pull the output low in some circumstances, the PMOS transistor could pull the output high in other circumstances, or both transistors could be off, allowing the multiplexer's output to be used undisturbed. In other words, the "inverter" was just two more cases for the multiplexer.

If you compare the "bad inverter" cell below with the previous cell, they look almost the same, but there are subtle differences. First, the gates of the two transistors are connected in the real inverter, but disconnected by a small gap in the transistor pair. I've indicated this gap in the photo above; it is hard to tell if the gap is real or just an imaging artifact, so I didn't spot it. The second difference is that the "fake" inverter has two input connections, one to each transistor, while the inverter has a single input connection. Unfortunately, I assumed that the two connections were just a trick to route the signal across the inverter without requiring an extra wire. In total, this cell was used 32 times as a real inverter and 9 times as independent transistors.

Conclusions

Standard cell logic and automatic place and route have a long history before the 386, back to the early 1970s, so this isn't an Intel invention.5 Nonetheless, the 386 team deserves the credit for deciding to use this technology at a time when it was a risky decision. They needed to develop custom software for their placing and routing needs, so this wasn't a trivial undertaking. This choice paid off and they completed the 386 ahead of schedule. The 386 ended up being a huge success for Intel, moving the x86 architecture to 32 bits and defining the dominant computer architecture for the rest of the 20th century.

If you're interested in standard cell logic, I also wrote about standard cell logic in an IBM chip. I plan to write more about the 386, so follow me on Mastodon, Bluesky, or RSS for updates. Thanks to Pat Gelsinger and Roxanne Koester for providing helpful papers.

For more on the 386 and other chips, follow me on Mastodon (@kenshirriff@oldbytes.space), Bluesky (@righto.com), or RSS. (I've given up on Twitter.) If you want to read more about the 386, I've written about the clock pin, prefetch queue, die versions, packaging, and I/O circuits.

Notes and references

A couple of weeks ago I started a fundraiser for the Greater Chicago Food Depository: get Logic for Programmers 50% off and all the royalties will go to charity.¹ Since then, we've raised a bit over $1600. Y'all are great!

The fundraiser is going on until the end of November, so you still have one more week to get the book real cheap.

I feel a bit weird about doing two newsletter adverts without raw content, so here's a teaser from a old project I really need to get back to. Notes on structured concurrency argues that old languages had a "old-testament fire-and-brimstone goto" that could send control flow anywhere, like from the body of one function into the body of another function. This "wild goto", the article claims, what Dijkstra was railing against in Go To Statement Considered Harmful, and that modern goto statements are much more limited, "tame" if you will, and wouldn't invoke Dijkstra's ire.

I've shared this historical fact about Dijkstra many times, but recently two separate people have told me it doesn't makes sense: Dijkstra used ALGOL-60, which already had tame gotos. All of the problems he raises with goto hold even for tame ones, none are exclusive to wild gotos. So

This got me looking to see which languages, if any, ever had the wild goto. I define this as any goto which lets you jump from outside to into a loop or function scope. Turns out, FORTRAN had tame gotos from the start, BASIC has wild gotos, and COBOL is a nonsense language intentionally designed to horrify me. I mean, look at this:

The COBOL ALTER statement changes a goto's target at runtime.

(Early COBOL has tame gotos but only on a technicality: there are no nested scopes in COBOL so no jumping from outside and into a nested scope.)

Anyway I need to write up the full story (and complain about COBOL more) but this is pretty neat! Reminder, fundraiser here. Let's get it to 2k.

From now until the end of the month, you can get Logic for Programmers at half price with the coupon feedchicago. All royalties from that coupon will go to the Greater Chicago Food Depository. Thank you!

Hi everyone,

I've been getting burnt out on writing a weekly software essay. It's gone from taking me an afternoon to write a post to taking two or three days, and that's made it really difficult to get other writing done. That, plus some short-term work and life priorities, means now feels like a good time for a break.

So I'm taking off from Computer Things for the rest of the year. There might be some announcements and/or one or two short newsletters in the meantime but I won't be attempting a weekly cadence until 2026.

Thanks again for reading!

Hillel

A while back my friend Pablo Meier was reviewing some 2024 videogames and wrote this:

I feel like some artists, if they didn't exist, would have the resulting void filled in by someone similar (e.g. if Katy Perry didn't exist, someone like her would have). But others don't have successful imitators or comparisons (thinking Jackie Chan, or Weird Al): they are irreplaceable.

He was using it to describe auteurs but I see this as a property of opportunity, in that "replaceable" artists are those who work in bigger markets. Katy Perry's market is large, visible and obviously (but not easily) exploitable, so there are a lot of people who'd compete in her niche. Weird Al's market is unclear: while there were successful parody songs in the past, it wasn't clear there was enough opportunity there to support a superstar.

I think that modal editing is in the latter category. Vim is now very popular and has spawned numerous successors. But its key feature, modes, is not obviously-beneficial, to the point that if Bill Joy didn't make vi (vim's direct predecessor) fifty years ago I don't think we'd have any modal editors today.

A quick overview of "modal editing"

In a non-modal editor, pressing the "u" key adds a "u" to your text, as you'd expect. In a modal editor, pressing "u" does something different depending on the "mode" you are in. In Vim's default "normal" mode, "u" undoes the last change to the text, while in the "visual" mode it lowercases all selected text. It only inserts the character in "insert" mode. All other keys, as well as chorded shortcuts (ctrl-x), work the same way.

The clearest benefit to this is you can densely pack the keyboard with advanced commands. The standard US keyboard has 48ish keys dedicated to inserting characters. With the ctrl and shift modifiers that becomes at least ~150 extra shortcuts for each other mode. This is also what IMO "spiritually" distinguishes modal editing from contextual shortcuts. Even if a unimodal editor lets you change a keyboard shortcut's behavior based on languages or focused panel, without global user-controlled modes it simply can't achieve that density of shortcuts.

Now while modal editing today is widely beloved (the Vim plugin for VSCode has at least eight million downloads), I suspect it was "carried" by the popularity of vi, as opposed to driving vi's popularity.

Modal editing is an unusual idea

Pre-vi editors weren't modal. Some, like EDT/KED, used chorded commands, while others like ed or TECO basically REPLs for text-editing DSLs. Both of these ideas widely reappear in modern editors.

As far as I can tell, the first modal editor was Butler Lampson's Bravo in 1974. Bill Joy admits he used it for inspiration:

A lot of the ideas for the screen editing mode were stolen from a Bravo manual I surreptitiously looked at and copied. Dot is really the double-escape from Bravo, the redo command. Most of the stuff was stolen.

Bill Joy probably took the idea because he was working on dumb terminals that were slow to register keystrokes, which put pressure to minimize the number needed for complex operations.

Why did Bravo have modal editing? Looking at the Alto handbook, I get the impression that Xerox was trying to figure out the best mouse and GUI workflows. Bravo was an experiment with modes, one hand on the mouse and one issuing commands on the keyboard. Other experiments included context menus (the Markup program) and toolbars (Draw).

Xerox very quickly decided against modes, as the successors Gypsy and BravoX were modeless. Commands originally assigned to English letters were moved to graphical menus, special keys, and chords.

It seems to me that modes started as an unsuccessful experiment deal with a specific constraint and then later successfully adopted to deal with a different constraint. It was a specialized feature as opposed to a generally useful feature like chords.

Modal editing didn't popularize vi

While vi was popular at Bill Joy's coworkers, he doesn't attribute its success to its features:

I think the wonderful thing about vi is that it has such a good market share because we gave it away. Everybody has it now. So it actually had a chance to become part of what is perceived as basic UNIX. EMACS is a nice editor too, but because it costs hundreds of dollars, there will always be people who won't buy it.

Vi was distributed for free with the popular BSD Unix and was standardized in POSIX Issue 2, meaning all Unix OSes had to have vi. That arguably is what made it popular, and why so many people ended up learning a modal editor.

Modal editing doesn't really spread outside of vim

I think by the 90s, people started believing that modal editing was a Good Idea, if not an obvious one. That's why we see direct descendants of vi, most famously vim. It's also why extensible editors like Emacs and VSCode have vim-mode extensions, but these are but these are always simple emulation layers on top of a unimodal baselines. This was good for getting people used to the vim keybindings (I learned on Kile) but it means people weren't really doing anything with modal editing. It was always "The Vim Gimmick".

Modes also didn't take off anywhere else. There's no modal word processor, spreadsheet editor, or email client.¹ Visidata is an extremely cool modal data exploration tool but it's pretty niche. Firefox used to have vimperator (which was inspired by Vim) but that's defunct now. Modal software means modal editing which means vi.

This has been changing a little, though! Nowadays we do see new modal text editors, like kakoune and Helix, that don't just try to emulate vi but do entirely new things. These were made, though, in response to perceived shortcomings in vi's editing model. I think they are still classifiable as descendants. If vi never existed, would the developers of kak and helix have still made modal editors, or would they have explored different ideas?

People aren't clamouring for more experiments

Not too related to the overall picture, but a gripe of mine. Vi and vim have a set of hardcoded modes, and adding an entirely new mode is impossible. Like if a plugin (like vim's default netrw) adds a file explorer it should be able to add a filesystem mode, right? But it can't, so instead it waits for you to open the filesystem and then adds 60 new mappings to normal mode. There's no way to properly add a "filesystem" mode, a "diff" mode, a "git" mode, etc, so plugin developers have to mimic them.

I don't think people see this as a problem, though! Neovim, which aims to fix all of the baggage in vim's legacy, didn't consider creating modes an important feature. Kak and Helix, which reimagine modal editing from from the ground up, don't support creating modes either.² People aren't clamouring for new modes!

Modes are a niche power user feature

So far I've been trying to show that vi is, in Pablo's words, "irreplaceable". Editors weren't doing modal editing before Bravo, and even after vi became incredibly popular, unrelated editors did not adapt modal editing. At most, they got a vi emulation layer. Kak and helix complicate this story but I don't think they refute it; they appear much later and arguably count as descendants (so are related).

I think the best explanation is that in a vacuum modal editing sounds like a bad idea. The mode is global state that users always have to know, which makes it dangerous. To use new modes well you have to memorize all of the keybindings, which makes it difficult. Modal editing has a brutal skill floor before it becomes more efficient than a unimodal, chorded editor like VSCode.

That's why it originally appears in very specific circumstances, as early experiments in mouse UX and as a way of dealing with modem latencies. The fact we have vim today is a historical accident.

And I'm glad for it! You can pry Neovim from my cold dead hands, you monsters.

P99 talk this Thursday!

My talk, "Designing Low-Latency Systems with TLA+", is happening 10/23 at 11:40 central time. Tickets are free, the conf is online, and the talk's only 16 minutes, so come check it out!

Beste Zeussers en Zeusinnen,

Enkele weken geleden werden we gecontacteerd door de onderzoeksgroep HortiRoot. In hun lab hebben ze een redelijk aantal Epson flatbed foto scanners omgebouwd om er kleine plantjes in petriplaten op te kunnen groeien. Hiermee kunnen ze met korte tijdsintervallen scans nemen, om timelapses te maken van de groei in hoge resolutie.

De UGent workshop WE62 heeft hun geholpen met de hardware mods:

• Het deksel (lid) werd verwijderd. De elektronica verantwoordelijk voor de “closed” detectie wordt nu nagebootst door een Arduino.
• Over het bed kan nu een kunststoffen plaat geschoven worden waar de petriplaten in passen.
• Een frame werd gemaakt om alles op zijn plaats te houden, en zodat de scans verticaal gemaakt kunnen worden.
• Ook is er nu een ledstrip om semi-natuurlijk licht na te bootsen.

Voor de software merkten de onderzoekers echter dat de UGent geen equivalent van die werkplaats heeft. De onderzoekers van HortiRoot hebben zelf wat geprobeerd om de standaard Windows 10 Epson software te automatiseren met behulp van pyautogui. Uiteindelijk hadden ze wel een werkend systeem, dat momenteel nog steeds gebruikt wordt. Onderhoudbaar is dit helemaal niet: automatisch de muis proberen bedienen schaalt niet bepaald goed… Ze hadden ook de software voor Ubuntu uitgeprobeerd, maar die avonturen waren jammer genoeg van korte duur omdat DICT geen ondersteundend personeel had met voldoende expertise hiermee. Nu recent stak de verplichte update naar Windows 11 ook een spaak in het wiel.

Na wat details van het project te horen wees DICT de onderzoeksgroep naar ons door. Even later werden Xander, Hannes en ik hartelijk ontvangen op campus Coupure. In een labo vol groen konden wij de verschillende iteraties van de scanner mods aanschouwen. Maar vooral van de vele hacks die ze gevonden hadden om toch maar de software te doen werken, waren we onder de indruk. Zo lukte het niet om de scan software te gebruiken met meerdere apparaten aangesloten, dus hadden ze als oplossing om elke scanner op een aparte virtuele machine aan te sluiten. Niet ideaal, dus probeerden ze om maar 1 apparaat tegelijk te tonen aan de software met behulp van programmeerbare USB hubs. Dit werkte niet meer in Windows 11, maar zelfs dan was dit vrij beperkt in aantal apparaten. Ook hadden ze ontdekt dat ze doorheen dinsdagnacht geen scans konden doen, omdat DICT patch tuesdays doet…

Na uitwisselen van ons intern telefoonnummer, werden even later 2 van de scanners geleverd aan de Zeuskelder. Er zijn hier al wat mensen bezig geweest met de scanners om te helpen de opties te verkennen. Wat ons meteen verrastte is dat de Linux software epsonscan2 die Epson publiceert, bijna volledig open-source en vrij is. Bovendien is dit een grote bron aan documentatie van de interne werking van de scanners. De enige drempel is dat die deels in het Japans is 😅.

Om deze software inderdaad werkend te krijgen, is een ander verhaal. Wanneer de software probeerde te verbinden gingen de scanners steeds in een “internal error” state. Door wat instrumentatie aan esponscan2 toe voegen en veel verschillende opstellingen te proberen, vonden we uiteindelijk een oplossing. We merkten dat een scanner slechts éénmaal correct geïnitializeerd moest worden door andere software (zoals de windows 11 versie), waarna de scanner werkt met alle software. Door de communicatie te onderscheppen, konden we een programma maken dat de scanners op dezelfde manier kan initializeren. Waarom exact dit nodig is, is nog niet helemaal duidelijk.

We zijn opgelucht dat dit werkt, omdat dit betekent dat we helemaal geen nood hebben aan Windows, virtuele machines, USB multiplexers of het automatisch navigeren van menu’s. In de plaats kunnen we volledig werken met de betrouwbare en voorspelbare software die we gewend zijn.

Het plan is om scanners per ~4 te groeperen, die samen aangestuurd worden door 1 node (Raspberry Pi). Deze nodes worden ontdekt op het lokale netwerk door de backend van een webapplicatie. Die webapplicatie stuurt dan requests uit om scans te nemen met bepaalde parameters, op regelmatige intervallen. De geproduceerde afbeeldingen worden dan verplaatst van de node naar de machine waar de webapp draait. Gebruikers kunnen dan die timelapses beheren vanuit de webapp op het lokaal netwerk, en eveneens ook de afbeeldingen downloaden.

Wat is reeds geïmplementeerd?

• Nodes:
  • Er is een script dat nieuw aangesloten scanners detecteert en ze meteen correct initializeert.
    • Dit gebeurt hier door specifieke USB_BULK pakketten te sturen, onder andere met de firmware blob.
    • Het script (sc) is in D geschreven, zogoed als alles wordt gedaan via de libusb C library.
    • Soms faalt het initializeren door een “permission denied”, omdat de udev rule nog niet geactiveerd is op het moment dat libusb het apparaat detecteert. Als root uitvoeren fixt het…
    • Het protocol dat gebruikt wordt bovenop USB_BULK is ESC/I. Enkele links naar documentatie hierover zijn hier te vinden.
    • Dit protocol verder ontdekken kan nog steeds handig zijn: Het lukt momenteel niet om elke scanner uniek te identificeren. Ze dragen geen serial number zoals de meeste USB devices. Misschien is er wel een command om iets gelijkaardig op te slaan? Ik zie ook verwijzingen naar een non-volatile user variables api.
  • De epsonscan2 software build vanuit de git repo met behulp van docker.
    • De build artifact is gemaakt voor Debian Bookworm. Kijken of het mogelijk is te upgraden naar Trixie.
    • Er is een dependency op een non-free tool, die binair gepatcht wordt om de paden ook naar /opt/epsonscan2 te doen wijzen. Deze prefix is gemakkelijker te gebruiken dan .deb packages maken die naar /usr uitpakken.
    • De software heeft een command-line versie, maar die kan nog niet een bepaalde scanner selecteren. We kunnen dit zelf implementeren.
• Webapp:
  • Nog niets! Bepaal zelf welke taal/framework (of talen/frameworks, meer is beter right?). Requirements in de repo te vinden.

Kijk zeker eens in de git repo en join al vast het ~horitroot-scanners kanaal op Mattermost!

PS: Wat zouden wij kunnen scannen?

Long ago in the 1990s when I was in high school, my chemistry+physics teacher pulled me aside. "Avery, you know how the Internet works, right? I have a question."

I now know the correct response to that was, "Does anyone really know how the Internet works?" But as a naive young high schooler I did not have that level of self-awareness. (Decades later, as a CEO, that's my answer to almost everything.)

Anyway, he asked his question, and it was simple but deep. How do they make all the computers connect?

We can't even get the world to agree on 60 Hz vs 50 Hz, 120V vs 240V, or which kind of physical power plug to use. Communications equipment uses way more frequencies, way more voltages, way more plug types. Phone companies managed to federate with each other, eventually, barely, but the ring tones were different everywhere, there was pulse dialing and tone dialing, and some of them still charge $3/minute for international long distance, and connections take a long time to establish and humans seem to be involved in suspiciously many places when things get messy, and every country has a different long-distance dialing standard and phone number format.

So Avery, he said, now they're telling me every computer in the world can connect to every other computer, in milliseconds, for free, between Canada and France and China and Russia. And they all use a single standardized address format, and then you just log in and transfer files and stuff? How? How did they make the whole world cooperate? And who?

When he asked that question, it was a formative moment in my life that I'll never forget, because as an early member of what would be the first Internet generation… I Had Simply Never Thought of That.

I mean, I had to stop and think for a second. Wait, is protocol standardization even a hard problem? Of course it is. Humans can't agree on anything. We can't agree on a unit of length or the size of a pint, or which side of the road to drive on. Humans in two regions of Europe no farther apart than Thunder Bay and Toronto can't understand each other's speech. But this Internet thing just, kinda, worked.

"There's… a layer on top," I uttered, unsatisfyingly. Nobody had taught me yet that the OSI stack model existed, let alone that it was at best a weak explanation of reality.

"When something doesn't talk to something else, someone makes an adapter. Uh, and some of the adapters are just programs rather than physical things. It's not like everyone in the world agrees. But as soon as one person makes an adapter, the two things come together."

I don't think he was impressed with my answer. Why would he be? Surely nothing so comprehensively connected could be engineered with no central architecture, by a loosely-knit cult of mostly-volunteers building an endless series of whimsical half-considered "adapters" in their basements and cramped university tech labs. Such a creation would be a monstrosity, just as likely to topple over as to barely function.

I didn't try to convince him, because honestly, how could I know? But the question has dominated my life ever since.

When things don't connect, why don't they connect? When they do, why? How? …and who?

Postel's Law

The closest clue I've found is this thing called Postel's Law, one of the foundational principles of the Internet. It was best stated by one of the founders of the Internet, Jon Postel. "Be conservative in what you send, and liberal in what you accept."

What it means to me is, if there's a standard, do your best to follow it, when you're sending. And when you're receiving, uh, assume the best intentions of your counterparty and do your best and if that doesn't work, guess.

A rephrasing I use sometimes is, "It takes two to miscommunicate." Communication works best and most smoothly if you have a good listener and a clear speaker, sharing a language and context. But it can still bumble along successfully if you have a poor speaker with a great listener, or even a great speaker with a mediocre listener. Sometimes you have to say the same thing five ways before it gets across (wifi packet retransmits), or ask way too many clarifying questions, but if one side or the other is diligent enough, you can almost always make it work.

This asymmetry is key to all high-level communication. It makes network bugs much less severe. Without Postel's Law, triggering a bug in the sender would break the connection; so would triggering a bug in the receiver. With Postel's Law, we acknowledge from the start that there are always bugs and we have twice as many chances to work around them. Only if you trigger both sets of bugs at once is the flaw fatal.

…So okay, if you've used the Internet, you've probably observed that fatal connection errors are nevertheless pretty common. But that misses how incredibly much more common they would be in a non-Postel world. That world would be the one my physics teacher imagined, where nothing ever works and it all topples over.

And we know that's true because we've tried it. Science! Let us digress.

XML

We had the Internet ("OSI Layer 3") mostly figured out by the time my era began in the late 1900s, but higher layers of the stack still had work to do. It was the early days of the web. We had these newfangled hypertext ("HTML") browsers that would connect to a server, download some stuff, and then try their best to render it.

Web browsers are and have always been an epic instantiation of Postel's Law. From the very beginning, they assumed that the server (content author) had absolutely no clue what they were doing and did their best to apply some kind of meaning on top, despite every indication that this was a lost cause. List items that never end? Sure. Tags you've never heard of? Whatever. Forgot some semicolons in your javascript? I'll interpolate some. Partially overlapping italics and bold? Leave it to me. No indication what language or encoding the page is in? I'll just guess.

The evolution of browsers gives us some insight into why Postel's Law is a law and not just, you know, Postel's Advice. The answer is: competition. It works like this. If your browser interprets someone's mismash subjectively better than another browser, your browser wins.

I think economists call this an iterated prisoner's dilemma. Over and over, people write web pages (defect) and browsers try to render them (defect) and absolutely nobody actually cares what the HTML standard says (stays loyal). Because if there's a popular page that's wrong and you render it "right" and it doesn't work? Straight to jail.

(By now almost all the evolutionary lines of browsers have been sent to jail, one by one, and the HTML standard is effectively whatever Chromium and Safari say it is. Sorry.)

This law offends engineers to the deepness of their soul. We went through a period where loyalists would run their pages through "validators" and proudly add a logo to the bottom of their page saying how valid their HTML was. Browsers, of course, didn't care and continued to try their best.

Another valiant effort was the definition of "quirks mode": a legacy rendering mode meant to document, normalize, and push aside all the legacy wonko interpretations of old web pages. It was paired with a new, standards-compliant rendering mode that everyone was supposed to agree on, starting from scratch with an actual written spec and tests this time, and public shaming if you made a browser that did it wrong. Of course, outside of browser academia, nobody cares about the public shaming and everyone cares if your browser can render the popular web sites, so there are still plenty of quirks outside quirks mode. It's better and it was well worth the effort, but it's not all the way there. It never can be.

We can be sure it's not all the way there because there was another exciting development, HTML Strict (and its fancier twin, XHTML), which was meant to be the same thing, but with a special feature. Instead of sending browsers to jail for rendering wrong pages wrong, we'd send page authors to jail for writing wrong pages!

To mark your web page as HTML Strict was a vote against the iterated prisoner's dilemma and Postel's Law. No, your vote said. No more. We cannot accept this madness. We are going to be Correct. I certify this page is correct. If it is not correct, you must sacrifice me, not all of society. My honour demands it.

Anyway, many page authors were thus sacrificed and now nobody uses HTML Strict. Nobody wants to do tech support for a web page that asks browsers to crash when parsing it, when you can just… not do that.

Excuse me, the above XML section didn't have any XML

Yes, I'm getting to that. (And you're soon going to appreciate that meta joke about schemas.)

In parallel with that dead branch of HTML, a bunch of people had realized that, more generally, HTML-like languages (technically SGML-like languages) had turned out to be a surprisingly effective way to build interconnected data systems.

In retrospect we now know that the reason for HTML's resilience is Postel's Law. It's simply easier to fudge your way through parsing incorrect hypertext, than to fudge your way through parsing a Microsoft Word or Excel file's hairball of binary OLE streams, which famously even Microsoft at one point lost the knowledge of how to parse. But, that Postel's Law connection wasn't really understood at the time.

Instead we had a different hypothesis: "separation of structure and content." Syntax and semantics. Writing software to deal with structure is repetitive overhead, and content is where the money is. Let's automate away the structure so you can spend your time on the content: semantics.

We can standardize the syntax with a single Extensible Markup Language (XML). Write your content, then "mark it up" by adding structure right in the doc, just like we did with plaintext human documents. Data, plus self-describing metadata, all in one place. Never write a parser again!

Of course, with 20/20 hindsight (or now 2025 hindsight), this is laughable. Yes, we now have XML parser libraries. If you've ever tried to use one, you will find they indeed produce parse trees automatically… if you're lucky. If you're not lucky, they produce a stream of "tokens" and leave it to you to figure out how to arrange it in a tree, for reasons involving streaming, performance, memory efficiency, and so on. Basically, if you use XML you now have to deeply care about structure, perhaps more than ever, but you also have to include some giant external parsing library that, left in its normal mode, might spontaneously start making a lot of uncached HTTP requests that can also exploit remote code execution vulnerabilities haha oops.

If you've ever taken a parser class, or even if you've just barely tried to write a parser, you'll know the truth: the value added by outsourcing parsing (or in some cases only tokenization) is not a lot. This is because almost all the trouble of document processing (or compiling) is the semantic layer, the part where you make sense of the parse tree. The part where you just read a stream of characters into a data structure is the trivial, well-understood first step.

Now, semantics is where it gets interesting. XML was all about separating syntax from semantics. And they did some pretty neat stuff with that separation, in a computer science sense. XML is neat because it's such a regular and strict language that you can completely validate the syntax (text and tags) without knowing what any of the tags mean or which tags are intended to be valid at all.

…aha! Did someone say validate?! Like those old HTML validators we talked about? Oh yes. Yes! And this time the validation will be completely strict and baked into every implementation from day 1. And, the language syntax itself will be so easy and consistent to validate (unlike SGML and HTML, which are, in all fairness, bananas) that nobody can possibly screw it up.

A layer on top of this basic, highly validatable XML, was a thing called XML Schemas. These were documents (mysteriously not written in XML) that described which tags were allowed in which places in a certain kind of document. Not only could you parse and validate the basic XML syntax, you could also then validate its XML schema as a separate step, to be totally sure that every tag in the document was allowed where it was used, and present if it was required. And if not? Well, straight to jail. We all agreed on this, everyone. Day one. No exceptions. Every document validates. Straight to jail.

Anyway XML schema validation became an absolute farce. Just parsing or understanding, let alone writing, the awful schema file format is an unpleasant ordeal. To say nothing of complying with the schema, or (heaven forbid) obtaining a copy of someone's custom schema and loading it into the validator at the right time.

The core XML syntax validation was easy enough to do while parsing. Unfortunately, in a second violation of Postel's Law, almost no software that outputs XML runs it through a validator before sending. I mean, why would they, the language is highly regular and easy to generate and thus the output is already perfect. …Yeah, sure.

Anyway we all use JSON now.

JSON

Whoa, wait! I wasn't done!

This is the part where I note, for posterity's sake, that XML became a decade-long fad in the early 2000s that justified billions of dollars of software investment. None of XML's technical promises played out; it is a stain on the history of the computer industry. But, a lot of legacy software got un-stuck because of those billions of dollars, and so we did make progress.

What was that progress? Interconnection.

Before the Internet, we kinda didn't really need to interconnect software together. I mean, we sort of did, like cut-and-pasting between apps on Windows or macOS or X11, all of which were surprisingly difficult little mini-Postel's Law protocol adventures in their own right and remain quite useful when they work (except "paste formatted text," wtf are you people thinking). What makes cut-and-paste possible is top-down standards imposed by each operating system vendor.

If you want the same kind of thing on the open Internet, ie. the ability to "copy" information out of one server and "paste" it into another, you need some kind of standard. XML was a valiant effort to create one. It didn't work, but it was valiant.

Whereas all that money investment did work. Companies spent billions of dollars to update their servers to publish APIs that could serve not just human-formatted HTML, but also something machine-readable. The great innovation was not XML per se, it was serving data over HTTP that wasn't always HTML. That was a big step, and didn't become obvious until afterward.

The most common clients of HTTP were web browsers, and web browsers only knew how to parse two things: HTML and javascript. To a first approximation, valid XML is "valid" (please don't ask the validator) HTML, so we could do that at first, and there were some Microsoft extensions. Later, after a few billions of dollars, true standardized XML parsing arrived in browsers. Similarly, to a first approximation, valid JSON is valid javascript, which woo hoo, that's a story in itself (you could parse it with eval(), tee hee) but that's why we got here.

JSON (minus the rest of javascript) is a vastly simpler language than XML. It's easy to consistently parse (other than that pesky trailing comma); browsers already did. It represents only (a subset of) the data types normal programming languages already have, unlike XML's weird mishmash of single attributes, multiply occurring attributes, text content, and CDATA. It's obviously a tree and everyone knows how that tree will map into their favourite programming language. It inherently works with unicode and only unicode. You don't need cumbersome and duplicative "closing tags" that double the size of every node. And best of all, no guilt about skipping that overcomplicated and impossible-to-get-right schema validator, because, well, nobody liked schemas anyway so nobody added them to JSON (almost).

Today, if you look at APIs you need to call, you can tell which ones were a result of the $billions invested in the 2000s, because it's all XML. And you can tell which came in the 2010s and later after learning some hard lessons, because it's all JSON. But either way, the big achievement is you can call them all from javascript. That's pretty good.

(Google is an interesting exception: they invented and used protobuf during the same time period because they disliked XML's inefficiency, they did like schemas, and they had the automated infrastructure to make schemas actually work (mostly, after more hard lessons). But it mostly didn't spread beyond Google… maybe because it's hard to do from javascript.)

Blockchain

The 2010s were another decade of massive multi-billion dollar tech investment. Once again it was triggered by an overwrought boondoggle technology, and once again we benefited from systems finally getting updated that really needed to be updated.

Let's leave aside cryptocurrencies (which although used primarily for crime, at least demonstrably have a functioning use case, ie. crime) and look at the more general form of the technology.

Blockchains in general make the promise of a "distributed ledger" which allows everyone the ability to make claims and then later validate other people's claims. The claims that "real" companies invested in were meant to be about manufacturing, shipping, assembly, purchases, invoices, receipts, ownership, and so on. What's the pattern? That's the stuff of businesses doing business with other businesses. In other words, data exchange. Data exchange is exactly what XML didn't really solve (although progress was made by virtue of the dollars invested) in the previous decade.

Blockchain tech was a more spectacular boondoggle than XML for a few reasons. First, it didn't even have a purpose you could explain. Why do we even need a purely distributed system for this? Why can't we just trust a third party auditor? Who even wants their entire supply chain (including number of widgets produced and where each one is right now) to be visible to the whole world? What is the problem we're trying to solve with that?

…and you know there really was no purpose, because after all the huge investment to rewrite all that stuff, which was itself valuable work, we simply dropped the useless blockchain part and then we were fine. I don't think even the people working on it felt like they needed a real distributed ledger. They just needed an updated ledger and a budget to create one. If you make the "ledger" module pluggable in your big fancy supply chain system, you can later drop out the useless "distributed" ledger and use a regular old ledger. The protocols, the partnerships, the databases, the supply chain, and all the rest can stay the same.

In XML's defense, at least it was not worth the effort to rip out once the world came to its senses.

Another interesting similarity between XML and blockchains was the computer science appeal. A particular kind of person gets very excited about validation and verifiability. Both times, the whole computer industry followed those people down into the pits of despair and when we finally emerged… still no validation, still no verifiability, still didn't matter. Just some computers communicating with each other a little better than they did before.

LLMs

In the 2020s, our industry fad is LLMs. I'm going to draw some comparisons here to the last two fads, but there are some big differences too.

One similarity is the computer science appeal: so much math! Just the matrix sizes alone are a technological marvel the likes of which we have never seen. Beautiful. Colossal. Monumental. An inspiration to nerds everywhere.

But a big difference is verification and validation. If there is one thing LLMs absolutely are not, it's verifiable. LLMs are the flakiest thing the computer industry has ever produced! So far. And remember, this is the industry that brought you HTML rendering.

LLMs are an almost cartoonishly amplified realization of Postel's Law. They write human grammar perfectly, or almost perfectly, or when they're not perfect it's a bug and we train them harder. And, they can receive just about any kind of gibberish and turn it into a data structure. In other words, they're conservative in what they send and liberal in what they accept.

LLMs also solve the syntax problem, in the sense that they can figure out how to transliterate (convert) basically any file syntax into any other. Modulo flakiness. But if you need a CSV in the form of a limerick or a quarterly financial report formatted as a mysql dump, sure, no problem, make it so.

In theory we already had syntax solved though. XML and JSON did that already. We were even making progress interconnecting old school company supply chain stuff the hard way, thanks to our nominally XML- and blockchain- investment decades. We had to do every interconnection by hand – by writing an adapter – but we could do it.

What's really new is that LLMs address semantics. Semantics are the biggest remaining challenge in connecting one system to another. If XML solved syntax, that was the first 10%. Semantics are the last 90%. When I want to copy from one database to another, how do I map the fields? When I want to scrape a series of uncooperative web pages and turn it into a table of products and prices, how do I turn that HTML into something structured? (Predictably microformats, aka schemas, did not work out.) If I want to query a database (or join a few disparate databases!) using some language that isn't SQL, what options do I have?

LLMs can do it all.

Listen, we can argue forever about whether LLMs "understand" things, or will achieve anything we might call intelligence, or will take over the world and eradicate all humans, or are useful assistants, or just produce lots of text sludge that will certainly clog up the web and social media, or will also be able to filter the sludge, or what it means for capitalism that we willingly invented a machine we pay to produce sludge that we also pay to remove the sludge.

But what we can't argue is that LLMs interconnect things. Anything. To anything. Whether you like it or not. Whether it's bug free or not (spoiler: it's not). Whether it gets the right answer or not (spoiler: erm…).

This is the thing we have gone through at least two decades of hype cycles desperately chasing. (Three, if you count java "write once run anywhere" in the 1990s.) It's application-layer interconnection, the holy grail of the Internet.

And this time, it actually works! (mostly)

The curse of success

LLMs aren't going away. Really we should coin a term for this use case, call it "b2b AI" or something. For this use case, LLMs work. And they're still getting better and the precision will improve with practice. For example, imagine asking an LLM to write a data translator in some conventional programming language, instead of asking it to directly translate a dataset on its own. We're still at the beginning.

But, this use case, which I predict is the big one, isn't what we expected. We expected LLMs to write poetry or give strategic advice or whatever. We didn't expect them to call APIs and immediately turn around and use what it learned to call other APIs.

After 30 years of trying and failing to connect one system to another, we now have a literal universal translator. Plug it into any two things and it'll just go, for better or worse, no matter how confused it becomes. And everyone is doing it, fast, often with a corporate mandate to do it even faster.

This kind of scale and speed of (successful!) rollout is unprecedented, even by the Internet itself, and especially in the glacially slow world of enterprise system interconnections, where progress grinds to a halt once a decade only to be finally dislodged by the next misguided technology wave. Nobody was prepared for it, so nobody was prepared for the consequences.

One of the odd features of Postel's Law is it's irresistible. Big Central Infrastructure projects rise and fall with funding, but Postel's Law projects are powered by love. A little here, a little there, over time. One more person plugging one more thing into one more other thing. We did it once with the Internet, overcoming all the incompatibilities at OSI layers 1 and 2. It subsumed, it is still subsuming, everything.

Now we're doing it again at the application layer, the information layer. And just like we found out when we connected all the computers together the first time, naively hyperconnected networks make it easy for bad actors to spread and disrupt at superhuman speeds. We had to invent firewalls, NATs, TLS, authentication systems, two-factor authentication systems, phishing-resistant two-factor authentication systems, methodical software patching, CVE tracking, sandboxing, antivirus systems, EDR systems, DLP systems, everything. We'll have to do it all again, but faster and different.

Because this time, it's all software.

How much do you remember from elementary school? I remember vinyl tile floors, the playground, the teacher sentencing me to standing in the hallway. I had a teacher who was a chess fanatic; he painted a huge chess board in the paved schoolyard and got someone to fabricate big wooden chess pieces. It was enough of an event to get us on the evening news. I remember Run for the Arts, where I tried to talk people into donating money on the theory that I could run, which I could not. I'm about six months into trying to change that and I'm good for a mediocre 5k now, but I don't think that's going to shift the balance on K-12 art funding.

I also remember a domain name: bridger.pps.k12.or.us

I have quipped before that computer science is a field mostly concerned with assigning numbers to things, which is true, but it only takes us so far. Computer scientists also like to organize those numbers into structures, and one of their favorites has always been the tree. The development of wide-area computer networking surfaced a whole set of problems around naming or addressing computer systems that belong to organizations. A wide-area network consists of a set of institutions that manage their own affairs. Each of those institutions may be made up of departments that manage their own affairs. A tree seemed a natural fit. Even the "low level" IP addresses, in the days of "classful" addressing, were a straightforward hierarchy: each dot separated a different level of the tree, a different step in an organizational hierarchy.

The first large computer networks, including those that would become the Internet, initially relied on manually building lists of machines by name. By the time the Domain Name System was developed, this had already become cumbersome. The rapid growth of the internet was hard to keep up with, and besides, why did any one central entity---Jon Postel or whoever---even care about the names of all of the computers at Georgia Tech? Like IP addressing, DNS was designed as a hierarchy with delegated control. A registrant obtains a name in the hierarchy, say gatech.edu, and everything "under" that name is within the control, and responsibility, of the registrant. This arrangement is convenient for both the DNS administrator, which was a single organization even after the days of Postel, and for registrants.

We still use the same approach today... mostly. The meanings of levels of the hierarchy have ossified. Technically speaking, the top of the DNS tree, the DNS root, is a null label referenced by a trailing dot. It's analogous to the '/' at the beginning of POSIX file paths. "gatech.edu" really should be written as "gatech.edu." to make it absolute rather than relative, but since resolution of relative URLs almost always recurses to the top of the tree, the trailing dot is "optional" enough that it is now almost always omitted. The analogy to POSIX file paths raises an interesting point: domain names are backwards. The 'root' is at the end, rather than at the beginning, or in other words, they run from least significant to most significant, rather than most significant to least significant. That's just... one of those things, you know? In the early days one wasn't obviously better than the other, people wrote hierarchies out both ways, and as the dust settled the left-to-right convention mostly prevailed but right-to-left hung around in some protocols. If you've ever dealt with endianness, this is just one of those things about computers that you have to accept: we cannot agree on which way around to write things.

Anyway, the analogy to file paths also illustrates the way that DNS has ossified. The highest "real" or non-root component of a domain name is called the top-level domain or TLD, while the component below it is called a second-level domain. In the US, it was long the case that top-level domains were fixed while second-level domains were available for registration. There have always been exceptions in other countries and our modern proliferation of TLDs has changed this somewhat, but it's still pretty much true. When you look at "gatech.edu" you know that "edu" is just a fixed name in the hierarchy, used to organize domain names by organization type, while "gatech" is a name that belongs to a registrant.

Under the second-level name, things get a little vague. We are all familiar with the third-level name "www," which emerged as a convention for web servers and became a practical requirement. Web servers having the name "www" under an organization's domain was such a norm for so many years that hosting a webpage directly at a second-level name came to be called a "naked domain" and had some caveats and complications.

Other than www, though, there are few to no standards for the use of third-level and below names. Larger organizations are more likely to use third-level names for departments, infrastructure operators often have complex hierarchies of names for their equipment, and enterprises the world 'round name their load-balanced webservers "www2," "www3" and up. If you think about it, this situation seems like kind of a failure of the original concept of DNS... we do use the hierarchy, but for the most part it is not intended for human consumption. Users are only expected to remember two names, one of which is a TLD that comes from a relatively constrained set.

The issue is more interesting when we consider geography. For a very long time, TLDs have been split into two categories: global TLDs, or gTLDs, and country-code TLDs, or ccTLDs. ccTLDs reflect the ISO country codes of each country, and are intended for use by those countries, while gTLDs are arbitrary and reflect the fact that DNS was designed in the US. The ".gov" gTLD, for example, is for use by the US government, while the UK is stuck with ".gov.uk". This does seem unfair but it's now very much cemented into the system: for the large part, US entities use gTLDs, while entities in other countries use names under their respective ccTLDs. The ".us" ccTLD exists just as much as all the others, but is obscure enough that my choice to put my personal website under .us (not an ideological decision but simply a result of where a nice form of my name was available) sometimes gets my email address rejected.

Also, a common typo for ".us" is ".su" and that's geopolitically amusing. .su is of course the ccTLD for the Soviet Union, which no longer exists, but the ccTLD lives on in a limited way because it became Structurally Important and difficult to remove, as names and addresses tend to do.

We can easily imagine a world where this historical injustice had been fixed: as the internet became more global, all of our US institutions could have moved under the .us ccTLD. In fact, why not go further? Geographers have long organized political boundaries into a hierarchy. The US is made up of states, each of which has been assigned a two-letter code by the federal government. We have ".us", why not "nm.us"?

The answer, of course, is that we do.

In the modern DNS, all TLDs have been delegated to an organization who administers them. The .us TLD is rightfully administered by the National Telecommunications and Information Administration, on the same basis by which all ccTLDs are delegated to their respective national governments. Being the US government, NTIA has naturally privatized the function through a contract to telecom-industrial-complex giant Neustar. Being a US company, Neustar restructured and sold its DNS-related business to GoDaddy. Being a US company, GoDaddy rose to prominence on the back of infamously tasteless television commercials, and its subsidiary Registry Services LLC now operates our nation's corner of the DNS.

But that's the present---around here, we avoid discussing the present so as to hold crushing depression at bay. Let's turn our minds to June 1993, and the publication of RFC 1480 "The US Domain." To wit:

Even though the original intention was that any educational institution anywhere in the world could be registered under the EDU domain, in practice, it has turned out with few exceptions, only those in the United States have registered under EDU, similarly with COM (for commercial). In other countries, everything is registered under the 2-letter country code, often with some subdivision. For example, in Korea (KR) the second level names are AC for academic community, CO for commercial, GO for government, and RE for research. However, each country may go its own way about organizing its domain, and many have.

Oh, so let's sort it out!

There are no current plans of putting all of the organizational domains EDU, GOV, COM, etc., under US. These name tokens are not used in the US Domain to avoid confusion.

Oh. Oh well.

Currently, only four year colleges and universities are being registered in the EDU domain. All other schools are being registered in the US Domain.

Huh?

RFC 1480 is a very interesting read. It makes passing references to so many facets of DNS history that could easily be their own articles. It also defines a strict, geography-based hierarchy for the .us domain that is a completely different universe from the one in which we now live. For example, we learned above that, in 1993, only four-year institutions were being placed under .edu. What about the community colleges? Well, RFC 1480 has an answer. Central New Mexico Community College would, of course, fall under cnm.cc.nm.us. Well, actually, in 1993 it was called the Technical-Vocational Institute, so it would have been tvi.tec.nm.us. That's right, the RFC describes both "cc" for community colleges and "tec" for technical institutes.

Even more surprising, it describes placing entities under a "locality" such as a city. The examples of localities given are "berkeley.ca.us" and "portland.wa.us", the latter of which betrays an ironic geographical confusion. It then specifies "ci" for city and "co" for county, meaning that the city government of our notional Portland, Washington would be ci.portland.wa.us. Agencies could go under the city government component (the RFC gives the example "Fire-Dept.CI.Los-Angeles.CA.US") while private businesses could be placed directly under the city (e.g. "IBM.Amonk.NY.US"). The examples here reinforce that the idea itself is different from how we use DNS today: The DNS of RFC 1480 is far more hierarchical and far more focused on full names, without abbreviations.

Of course, the concept is not limited to local government. RFC 1480 describes "fed.us" as a suffix for the federal government (the example "dod.fed.us" illustrates that this has not at all happened), and even "General Independent Entities" and "Distributed National Institutes" for those trickier cases.

We can draw a few lessons from how this proposal compares to our modern day. Back in the 1990s, .gov was limited to the federal government. The thinking was that all government agencies would move into .us, where the hierarchical structure made it easier to delegate management of state and locality subtrees. What actually happened was the opposite: the .us thing never really caught on, and a more straightforward and automated management process made .gov available to state and local governments. The tree has effectively been flattened.

That's not to say that none of these hierarchical names saw use. GoDaddy continues to maintain what they call the "usTLD Locality-Based Structure". At the decision of the relevant level of the hierarchy (e.g. a state), locality-based subdomains of .us can either be delegated to the state or municipality to operate, or operated by GoDaddy itself as the "Delegated Manager." The latter arrangement is far more common, and it's going to stay that way: RFC 1480 names are not dead, but they are on life support. GoDaddy's contract allows them to stop onboarding any additional delegated managers, and they have.

Few of these locality-based names found wide use, and there are even fewer left today. Multnomah County Library once used "multnomah.lib.or.us," which I believe was actually the very first "library" domain name registered. It now silently redirects to "multcolib.org", which we could consider a graceful name only in that the spelling of "Multnomah" is probably not intuitive to those not from the region. As far as I can tell, the University of Oregon and OGI (part of OHSU) were keeping very close tabs on the goings-on of academic DNS, as Oregon entities are conspicuously over-represented in the very early days of RFC 1480 names---behind only California, although Georgia Tech and Trent Heim of former Colorado company XOR both registered enough names to give their states a run for the money.

"co.bergen.nj.us" works, but just gets you a redirect notice page to bergencountynj.gov. It's interesting that this name is actually longer than the RFC 1480 name, but I think most people would agree that bergencountynj.gov is easier to remember. Some of that just comes down to habit, we all know ".gov", but some of it is more fundamental. I don't think that people often understand the hierarchical structure of DNS, at least not intuitively, and that makes "deeply hierarchical" (as GoDaddy calls them) names confusing.

Certainly the RFC 1480 names for school districts produced complaints. They were also by far the most widely adopted. You can pick and choose examples of libraries (.lib.[state].us) and municipal governments that have used RFC 1480 names, but school districts are another world: most school districts that existed at the time have a legacy of using RFC 1480 naming. As one of its many interesting asides, RFC 1480 explains why: the practice of putting school districts under [district].k12.[state].us actually predates RFC 1480. Indeed, the RFC seems to have been written in part to formalize the existing practice. The idea of the k12.[state].us hierarchy originated within IANA in consultation with InterNIC (newly created at the time) and the Federal Networking Council, a now-defunct advisory committee of federal agencies that made a number of important early decisions about internet architecture.

RFC 1480 is actually a revision on the slightly older RFC 1386, which instead of saying that schools were already using the k12 domains, says that "there ought to be a consistent scheme for naming them." It then says that the k12 branch has been "introduced" for that purpose. RFC 1386 is mostly silent on topics other than schools, so I think it was written to document the decision made about schools with other details about the use of locality-based domains left sketchy until the more thorough RFC 1480.

The decision to place "k12" under the state rather than under a municipality or county might seem odd, but the RFC gives a reason. It's not unusual for school districts, even those named after a municipality, to cover a larger area than the municipality itself. Albuquerque Public Schools operates schools in the East Mountains; Portland Public Schools operates schools across multiple counties and beyond city limits. Actually the RFC gives exactly that second one as an example:

For example, the Portland school district in Oregon, is in three or four counties. Each of those counties also has non-Portland districts.

I include that quote mostly because I think it's funny that the authors now know what state Portland is in. When you hear "DNS" you think Jon Postel, at least if you're me, but RFC 1480 was written by Postel along with a less familiar name, Ann Westine Cooper. Cooper was a coworker of Postel at USC, and RFC 1480 very matter-of-factly names the duo of Postel and Cooper as the administrator of the .US TLD. That's interesting considering that almost five years later Postel would become involved in a notable conflict with the federal government over control of DNS---one of the events that precipitated today's eccentric model of public-private DNS governance.

There are other corners of the RFC 1480 scheme that were not contemplated in 1993, and have managed to outlive many of the names that were. Consider, for example, our indigenous nations: these are an exception to the normal political hierarchy of the US. The Navajo Nation, for example, exists in a state that is often described as parallel to a state, but isn't really. Native nations are sovereign, but are also subject to federal law by statute, and subject to state law by various combinations of statute, jurisprudence, and bilateral agreement. I didn't really give any detail there and I probably still got something wrong, such is the complicated legal history and present of Native America. So where would a native sovereign government put their website? They don't fall under the traditional realm of .gov, federal government, nor do they fall under a state-based hierarchy. Well, naturally, the Navajo Nation is found at navajo-nsn.gov.

We can follow the "navajo" part but the "nsn" is odd, unless they spelled "nation" wrong and then abbreviated it, which I've always thought is what it looks like on first glance. No, this domain name is very much an artifact of history. When the problem of sovereign nations came to Postel and Cooper, the solution they adopted was a new affinity group, like "fed" and "k12" and "lib": "nsn", standing for Native Sovereign Nation. Despite being a late comer, nsn.us probably has the most enduring use of any part of the RFC 1480 concept. Dozens of pueblos, tribes, bands, and confederations still use it. squamishtribe.nsn.us, muckleshoot.nsn.us, ctsi.nsn.us, sandiapueblo.nsn.us.

Yet others have moved away... in a curiously "partial" fashion. navajo-nsn.gov as we have seen, but an even more interesting puzzler is tataviam-nsn.us. It's only one character away from a "standardized" NSN affinity group locality domain, but it's so far away. As best I can tell, most of these governments initially adopted "nsn.us" names, which cemented the use of "nsn" in a similar way to "state" or "city" as they appear in many .gov domains to this day. Policies on .gov registration may be a factor as well, the policies around acceptable .gov names seem to have gone through a long period of informality and then changed a number of times. Without having researched it too deeply, I have seen bits and pieces that make me think that at various points NTIA has preferred that .gov domains for non-federal agencies have some kind of qualifier to indicate their "level" in the political hierarchy. In any case, it's a very interesting situation because "native sovereign nation" is not otherwise a common term in US government. It's not like lawyers or lawmakers broadly refer to tribal governments as NSNs, the term is pretty much unique to the domain names.

So what ever happened to locality-based names? RFC 1480 names have fallen out of favor to such an extent as to be considered legacy by many of their users. Most Americans are probably not aware of this name hierarchy at all, despite it ostensibly being the unified approach for this country. In short, it failed to take off, and those sectors that had widely adopted it (such as schools) have since moved away. But why?

As usual, there seem to be a few reasons. The first is user-friendliness. This is, of course, a matter of opinion---but anecdotally, many people seem to find deeply hierarchical domain names confusing. This may be a self-fulfilling prophecy, since the perception that multi-part DNS names are user-hostile means that no one uses them which means that no users are familiar with them. Maybe, in a different world, we could have broken out of that loop. I'm not convinced, though. In RFC 1480, Postel and Cooper argue that a deeper hierarchy is valuable because it allows for more entities to have their "obviously correct" names. That does make sense to me, splitting the tree up into more branches means that there is less name contention within each branch. But, well, I think it might be the kind of logic that is intuitive only those who work in computing. For the general public, I think long multi-part names quickly become difficult to remember and difficult to type. When you consider the dollar amounts that private companies have put into dictionary word domain names, it's no surprise that government agencies tend to prefer one-level names with full words and simple abbreviations.

I also think that the technology outpaced the need that RFC 1480 was intended to address. The RFC makes it very clear that Postel and Cooper were concerned about the growing size of the internet, and expected the sheer number of organizations going online to make maintenance of the DNS impractical. They correctly predicted the explosion of hosts, but not the corresponding expansion of the DNS bureaucracy. Between the two versions of the .us RFC, DNS operations were contracted to Network Solutions. This began a winding path that lead to delegation of DNS zones to various private organizations, most of which fully automated registration and delegation and then federated it via a common provisioning protocol. The size of, say, the .com zone really did expand beyond what DNS's designers had originally anticipated... but it pretty much worked out okay. The mechanics of DNS's maturation probably had a specifically negative effect on adoption of .us, since it was often under a different operator from the "major" domain names and not all "registrars" initially had access.

Besides, the federal government never seems to have been all that on board with the concept. RFC 1480 could be viewed as a casualty of the DNS wars, a largely unexplored path on the branch of DNS futures that involved IANA becoming completely independent of the federal government. That didn't happen. Instead, in 2003 .gov registration was formally opened to municipal, state, and tribal governments. It became federal policy to encourage use of .gov for trust reasons (DNSSEC has only furthered this), and .us began to fall by the wayside.

That's not to say that RFC 1480 names have ever gone away. You can still find many of them in use. state.nm.us doesn't have an A record, but governor.state.nm.us and a bunch of other examples under it do. The internet is littered with these locality-based names, many of them hiding out in smaller agencies and legacy systems. Names are hard to get right, and one of the reasons is that they're very hard to get rid of.

When things are bigger, names have to be longer. There is an argument that with only 8-character names, and in each position allow a-z, 0-9, and -, you get 37**8 = 3,512,479,453,921 or 3.5 trillion possible names. It is a great argument, but how many of us want names like "xs4gp-7q". It is like license plate numbers, sure some people get the name they want on a vanity plate, but a lot more people who want something specific on a vanity plate can't get it because someone else got it first. Structure and longer names also let more people get their "obviously right" name.

You look at Reddit these days and see all these usernames that are two random words and four random numbers, and you see that Postel and Cooper were right. Flat namespaces create a problem, names must either be complex or long, and people don't like it either. What I think they got wrong, at a usability level, is that deep hierarchies still create names that are complex and long. It's a kind of complexity that computer scientists are more comfortable with, but that's little reassurance when you're staring down the barrel of "bridger.pps.k12.or.us".

We think that we're converting time into energy... that's the engineering principle.

In the 1820s, stacks, ovens, and gasometers rose over the docklands of Dublin. The Hibernian Gas Company, one of several gasworks that would eventually occupy the land around the Grand Canal Docks, heated coal to produce town gas. That gas would soon supply thousands of lights on the streets of Dublin, a quiet revolution in municipal development that paved the way for electrification---both conceptually, as it proved the case for public lighting, and literally, as town gas fired the city's first small power plants.

Ireland's supply of coal became scarce during the Second World War; as part of rationing of the town gas supply most street lights were shut off. Town gas would never make a full recovery. By that time, electricity had proven its case for lighting. Although coal became plentiful after the war, imported from England and transported from the docks to the gasworks by horse teams, even into the 1960s---this form of energy had become obsolete. In the 1980s, the gasworks stoked their brick retorts for the last time. Natural gas had arrived. It was cheaper, cleaner, safer.

The Docklands still echo with the legacy of the town gas industry. The former site of the Hibernian gasworks is now the Bord Gáis Energy Theatre, a performing arts center named for the British-owned energy conglomerate that had once run Ireland's entire gas industry as a state monopoly. Metal poles, the Red Sticks, jut into the sky from the Grand Canal Square. They are an homage to the stacks that once loomed over the industrial docks. Today, those docks have turned over to gastropubs, offices, the European headquarters of Google.

Out on the water, a new form of energy once spun to life. In December of 2009, a man named Sean McCarthy booked the Waterways Ireland Visitors Centre for a press event. In the dockside event space, and around the world through a live stream, he invited the public to witness a demonstration of his life's work. The culmination of three years of hype, controversy, and no small amount of ridicule, this was his opportunity to prove what famed physicist Michio Kaku and his own hand-picked jury of scientists had called a sham.

He had invented a perpetual motion machine.

Sean McCarthy had his start in the energy industry. Graduating with an engineering degree in the 1980s, he took a software position with a company that quickly became part of European energy equipment giant ABB. By some route now lost to history, he made is way into sales. 1994 found McCarthy in Bahrain, managing sales for the Middle East.

McCarthy is clearly a strong salesman. In Bahrain, he takes credit for growing ABB's business by orders of magnitude. Next, ABB sent him to Houston, where he worked sales to Central and South America. In 1999, the company called him to Azerbaijan---but he chose otherwise, leaving ABB and returning to Dublin.

Contacts from the energy industry, and no doubt his start in software, brought Graham to the world of the internet. 1999 in Dublin was, like so many places, crowded with dotcom boom startups. McCarthy saw opportunity: not necessarily by joining the fray, but by selling expertise and experience to those who already had. With his brother-in-law, a lawyer, he formed Steorn.

The nature of Steorn's business during these early years is a bit hazy. As McCarthy recounts it, to Barry Whyte for the book The Impossible Dream, Steorn gathered some early support from the Dublin internet industry that connected him with both capital and clients. One of their most notable clients, attested by several sources, was dotcom wonder WorldOfFruit.com. The World of Fruit, a subsidiary of fruit importer Fyffes, was a web-based auction platform for wholesale import and export of fruit. I have not been able to clarify how exactly Steorn was involved in World Of Fruit, although it cannot be ignored that the aforementioned brother-in-law and cofounder, Francis Hackett, had been the general counsel of World Of Fruit before becoming involved in Steorn. As for the future of online fruit trading, it went about as well as most dotcom-era market platforms did, stumbling on for a few years before folding with millions of Euro lost.

Later, by McCarthy's telling, Steorn shifted its business more towards R&D. They worked on a project for a client fighting credit card fraud, which led to later work for Irish and British law enforcement organizations, mostly related to video surveillance and machine vision. For Ireland's DART commuter train, for example, Steorn attempted a system that would automatically detect aggressive behavior in platform surveillance video---though it was canceled before completion. These projects floated Steorn through the worst of the dotcom bust and supported an in-house R&D operation that trialed a variety of ideas, including something like an early version of California's modern electronic license plates.

I am not sure who well this account squares with Steorn's public presence. Steorn was incorporated in July of 2000, and when their website appeared in 2001 it advertised "programme management and technical assessment advice for European companies engaging in e-commerce projects." The main emphasis of the website was in the project management experience of McCarthy and the company's CTO, Sean Menzies, formerly of recruiting and staffing firm Zartis. The primary claim was that Steorn could oversee projects to develop and launch e-commerce websites, reducing the risk and expense of jumping into the world wide web.

Steorn has been formed by individuals with significant experience in this area who have recognised that there is an absence in the market of genuinely impartial and objective advice as to the best way of implementing e-commerce ideas.

A few months later, Steorn's business became a little more general: "Steorn is an expert in the field of technology risk management." In August of 2001, Steorn launched its first concrete product offering, one that is curiously absent from McCarthy's later stories of the company. Not only would Steorn supervise technology projects, it had partnered with an insurance company to underwrite surety bonds on the completion of those projects.

Steorn had a proprietary program management methodology which they called GUIDE. Frustratingly, although GUIDE is always styled in all caps, I have not found any indication that it stood for something. What I do know is that GUIDE "offers predictability, visibility, control and results," and that it has some relation to a project planning methodology called DIRECT.

In all truth, while Steorn's 2001 websites are laden with bespoke buzzwords, the project and risk management services they offer seem unremarkable in a good way. Probabalistic project scheduling models, checkpoints and interim deliverables, "an approach which is systematic yet sufficiently flexible." The only way that Steorn's services seem foolish is the extent to which these methods have been adopted by every technology project---or have become so dated or unfashionable as to appear obsolete.

This was 2001, though, and many established companies found themselves plunging into the deep end of the online economy for the first time. No doubt the guidance of an outside expert with experience in online projects could be valuable. But, then, I am a sympathetic audience: they were hiring technical architects. That's my day job! The benefits package was, they said, best in class. Alas, the conditions that may necessitate my own move to Dublin come more than twenty years too late.

Despite McCarthy's description of their multiple projects in security, surveillance, and machine vision, Steorn never seems to have advertised or publicized any work in those areas. In 2003, their website underwent a redesign that added "services for technology inventors" and advertised a subsidiary web hosting provider called HostsMe. Perhaps my view is too colored by the late-2000s context in which I came to understand the internet industry, but pivoting to the low barrier of entry, low chance of success shared hosting market feels like a move of desperation. In 2004, the website changed again, becoming a single page of broken links with a promise that it is "being redesigned."

For this entire period, from late 2001 after the announcement of their risk underwriting service to the company's complete swerve into energy from nothing, I can find no press mentions of Steorn or any of their projects. McCarthy seems to suggest that Steorn had a staff of engineers and technicians, but I struggle to find any names or details. Well, that was a long time ago, and of course the staff are not all listed on LinkedIn. On the other hand, one of McCarthy's investors, shown a laboratory full of white-coated scientists, later came to suspect they were temps hired only to create an appearance.

This is not to accuse McCarthy of lying. Some details definitely check out. For example, their project with Fraudhalt to detect tampering with ATMs via machine vision is the subject of a patent listing Sean McCarthy's name. But I do think that McCarthy is prone to exaggerating his successes and, in the process, muddling the details. When it comes to Steorn's most famous invention, McCarthy and early employee and project manager Michael Daly agree that it was an accidental discovery. Both tell detailed stories of a project for which Steorn purchased and modified small wind turbines. The trouble is that they are not describing the same project. Two different customers, two different contexts, two different objectives; but both lead to the Orbo.

Other attempts at checking into the particulars of Steorn's early business lead in more whimsical directions. To Whyte, McCarthy described a sort of joke project by Steorn to create an "online excuse exchange" called WhatsMyExcuse.com. I can't find any evidence of this project, although there's no particular reason I would. What I can say is that some ideas are evergreen: four months ago, a Reddit user posted that they "built a tiny excuse generator for fun." It's live right now, at whatsmyexcuse.com.

In any case, the nature of Steorn around 2003 remains mysterious to me. McCarthy's claims to have been a regional expert on credit card fraud are hard to square with the complete lack of any mention of this line of business on Steorn's website. On the other hand, Steorn had a confusing but clearly close relationship with Fraudhalt to such an extent that I think Steorn may have gone largely dormant as McCarthy spent his time with the other company.

After five years of near silence, a period that McCarthy characterized as modest success, Steorn captured the world's attention with what must be one of the boldest pivots of all time. An August 2006 full-page ad in the Economist began with a George Bernard Shaw quote, "all great truths begin as blasphemies." "Imagine," it reads below, "a world with an infinite supply of pure energy. Never having to recharge your phone. Never having to refuel your car."

Steorn's website underwent a complete redesign, now promoting the free energy device they dubbed the Orbo. A too-credulous press went wild with the story, especially in Ireland where Steorn's sudden prominence fit a narrative of a new Irish technology renaissance. The Irish Independent ran a photo of McCarthy kneeling on the floor beside a contraption of aluminum extrusion and wheels and wiring. "Irish firm claims to have solved energy crisis" is the headline. The photo caption reminds us that it "has been treated with some skepticism in the scientific community because it appears to contravene the laws of physics."

I will not devote much time to a detailed history of the development of the Orbo; that topic is much better addressed by Barry Whyte's book, which benefits greatly from interviews with McCarthy. The CliffsNotes ¹ go something like this: Steorn was working on some surveillance project and wanted to power the cameras with small wind turbines. The exact motivations here are confusing since, whichever version of the story you go with, the cameras were being installed in locations that already had readily available electrical service. It may have been simple greenwashing. In any case, the project lead Steorn to experimenting with modifications to off-the-shelf compact wind turbines.

At some point, presumably one or two years before 2006, it was discovered that a modified turbine seemed to produce more energy in output than it received as input. I have not been able to find enough detail on these experiments to understand what exactly was being done, so I am limited to this vague description. Steorn at first put it out of mind, but McCarthy later returned to this mystery and built a series of prototypes that further demonstrated the effect. A series of physicists and research teams were brought in to evaluate the device. This part of the story is complicated and details conflict, but an opinionated summary is that entrepreneurially-inclined technology development executives tended to find the Orbo promising while academic physicists found the whole thing so laughable that they declined to look at it. Trinity College contained both, and in 2005 McCarthy's discussions with a technology commercialization team there lead to a confrontation with physicist Michael Coey. From that point on, McCarthy viewed the scientific establishment as resistance to be overcome.

McCarthy determined that the only way to bring Orbo to the world was to definitively prove that it worked, and to do so largely without outside experience. For that, he would need equipment and a team. After long discussions with a venture capital firm, McCarthy seems to have balked at the amount of due diligence involved in such formal investment channels. Instead, he brought on a haphazard series of individuals, mostly farmers, who collectively put up about 20 million euro.

One of the curious things about the Orbo was Steorn's emphasis on cell phone batteries. I suppose it is understandable, in that ubiquitous mobile phones were new at the time and the hassle of keeping them charged was suddenly a familiar problem to all. It also feels like a remarkable failure of ambition. Having invented a source of unlimited free energy, most of what McCarthy had to say was that you wouldn't have to charge your phone any more. Sure, investment documents around Steorn laid out a timeline to portable generators, vehicles, standby generators for telecom applications... a practical set of concerns, sure, but one that is rather underwhelming from the creator of the first over-unity energy device.

It is also, when you think about it, a curious choice. McCarthy later talked about pitching the device to Apple's battery suppliers. The timeline here is a bit confusing, given that the iPhone launched after the period I think he was discussing, but still, it makes a good example. The first-generation iPhone was about a half inch thick, hefty by today's standards but a very far cry from Steorn's few publicized prototypes, which occupied perhaps two feet square. Miniaturization is a challenge for most technologies, with the result that pocket-portable devices are usually a late-stage application, not an early one. That's especially true for an electromechanical generator, one that involves bearings and electromagnets and a spinning rotor. Still, it was all about phones.

Steorn's trouble getting the attention of battery manufacturers lead them to seek independent validation. Turned away, as McCarthy tells it, by university physics departments and industrial laboratories, Steorn came up with an unconventional plan. In the 2006 Economist advertisement, they announced "The Challenge." Steorn was recruiting scientists and engineers to form a panel of independent jurors who would evaluate the technology. You could apply at steorn.com. Nearly 500 people did.

The steorn.com of the Orbo era is a fascinating artifact. It has a daily poll in a sidebar, just for some interactive fun. You could apply for the scientific jury, or just sign up to express your interest in the technology. Most intriguingly, though, there was a forum.

This is some intense mid-2000s internet. There was a time when it just made sense for every website to have a forum; I guess the collective internet industry hadn't yet learned that user-generated content is, on average, about as good as toxic waste, and that giving the general public the ability to publish their opinions under your brand is rarely a good business decision. Still, Steorn did, and what few threads of the steorn.com discussion forum survive in the Internet Archive are a journey through a bygone era. Users have the obvious arguments: is Orbo real, or a scam? They have the less obvious arguments, over each other's writing styles. There is a thread for testing BBCode. A few overactive users appear seemingly everywhere, always hostile and dismissive. An occasional thread will become suddenly, shockingly misogynistic. This is, of course, the soup we all grew up in.

The forum exemplifies one of the things that I find most strange about Steorn. The company was often obsessively secret, apparently working on the Orbo technology in quiet for years, but it was also incredibly bold, choosing a full-page ad for a publicity stunt as their first public announcement. McCarthy was well aware that the scientific establishment viewed him as a fraud, by this time individual investors seemed to be growing skeptical, and yet they had a discussion forum.

The late years of Steorn are best summarized as a period of humiliation. In 2007, the company promised a public demonstration of the Orbo at a science museum in London. I remember following this news in real time: the announcement of the demonstration triggered a new round of press coverage, and then it was canceled before it even began. Steorn claimed that the lighting in the museum had overheated the device and damaged it. The public mostly laughed.

In 2009, Steorn arranged a second public demonstration, the one at the Waterways Visitors Centre in Dublin. This one actually happened, but the device clearly incorporated a battery and Steorn didn't allow any meaningful level of inspection. The demonstration proved nothing but that Steorn could use a battery to make a wheel spin, hardly a world-changing innovation. Not even a way to charge a phone.

Later that same year, The Challenge came to its close. The independent jury of experts, after meetings, demonstrations, experiments, and investigations, returned its verdict. The news was not good. Jurors unanimously approved a statement that Steorn had not shown any evidence of energy production.

When something is as overhyped and underdeveloped as the Orbo, when a company claims the impossible and still attracts millions, you sort of expect a dramatic failure. Surely, you cannot just claim to have created a source of free energy and then wander on through life as usual. Or, perhaps you can. In 2010, steorn.com gained the Developer Community, where you could pay a licensing fee for access to information on the Steorn technology.

Even the mobile phones were not abandoned. In 2015, Steorn mounted another demonstration, of a sort. A small Orbo device, now apparently solid-state, was displayed supposedly charging a phone in a Dublin pub. A lot of big claims are made and tested in pubs, but few with so much financial backing. Steorn had been reduced to a story told over beer and the internet: at the end of 2015, McCarthy announced via Facebook that an Orbo phone and phone charger would soon go on sale. The charger, the Orbo Cube, ran €1,200 and was due to ship within the month.

As far as I can tell, these devices were actually completely unrelated to the original Orbo. The "solid-state Orbo" was completely novel design, to the extent that you would call it a design. Some units did ship, and reverse engineering efforts revealed an eccentric set of components including two alkaline 9v batteries and shrinkwrapped mystery cells that have the appearance of capacitors but are, supposedly, proprietary components relying on some kind of magnetic effect. It's hard to find much solid information about these devices, I think very few were made and they shipped mostly to "friendly" customers. It is said that many of them failed to work at all, the result of an acknowledged quality control problem with the clearly handmade interior. There is a lot of electrical tape involved. Like a lot. And some potting compound, but mostly electrical tape. The two I've found detailed accounts of failed to charge a phone even when new out of the box.

Through this whole period, Steorn was still McCarthy's day job, at least on paper. But he had turned towards a new way to make money: poker. Starting around 2015, McCarthy became a professional poker player, apparently his main form of income to this day. He announced that Steorn would be liquidated in 2017; it was finally dissolved in 2024.

History is replete with perpetual motion machines. There are rumors of some sort of machine in the 8th century, although questions about the historicity of these accounts lead to difficult questions around what makes a perpetual motion machine "real." Of the many putative free energy sources of history, many have involved some configuration of magnets. I can understand why: magnets offer just the right combination of the mysterious and the relatable. They seem to work as if by magic, and yet, they are physical objects that we can hold and manipulate. You can see how someone might develop an intuitive understanding of magnetic behavior, extend it to an impossible idea, and remain quite convinced of their discovery.

If perpetual motion machines are a dime a dozen, why does the story of Steorn so fascinate me? I think that it has many parallels to our situation today. The Orbo is not merely the product of a deluded inventor, it's the product of a period of Irish economic history. Whyte's book is focused primarily on this aspect of the story. He articulates how the overstuffed, overhyped Irish economy of the 2000s, a phenomenon known as the Celtic Tiger, created an environment in which just about any claim could raise millions---no matter how outlandish.

And here we are today, with some of the largest components of our economy run by people who fashion themselves as technical experts but have backgrounds mostly in business. They, too, are collecting money on the premise that they may build a world-changing technology---AGI.

Sure, this analogy is imperfect in many ways. But I think it is instructive. Sean McCarthy wrote of Steorn's early days:

It was just a gold rush: if you weren't doing web, you didn't exist. So, a banana import-export business needs to invest millions in e-commerce. They probably did need to invest, but it was driven, in my opinion, by all of these companies driving their share price up by doing something on the web rather than by any real business cases.

The dotcom boom and bust was an embarrassment to the computer industry, and it was also a pivotal moment in its growth. E-commerce, the graveyard of many '90s businesses, is one of the pillars of modern life. The good days of easy money can be an incubator for important ideas. They can also be an incubator for idiocy.

Whenever I read about some historic scam, I always wonder about the people at the top. Was Sean McCarthy a fraud, or was he deluded? Did he play up the Orbo to keep the money coming in, or did he really believe that he just needed one more demonstration?

Whyte's book takes a strong position for the latter, that McCarthy had the best intentions and got in over his head. He still believes in Orbo, to this day. Of course, Whyte is far more sympathetic than I find myself. The book is almost half written by McCarthy himself in the form of its lengthy excerpts from his statements. I am more cynical, I think that McCarthy must have known things were going sideways well before he shipped out broken power banks with nine volt batteries covered in electrical tape. I don't think he started out that way, though.

I think he started out with the best intentions: the leader of a moderately successful tech company, one that wasn't getting much business but had ready access to capital. He went fishing for ideas, for opportunities for growth, and he hooked the biggest of them all. A world-changing idea, one so profound that he himself struggled to understand its implications. An impossible dream of not having to charge his phone. To sustain the company, he had to bring in money. To bring in money, he had to double down. Perpetual motion was always just around the corner.

I believe that McCarthy is a con man, in that he has too much confidence. It's a trait that makes for a good poker player. McCarthy saw something remarkable, perhaps an error in measurement or an error in understanding. He placed a bet, and spent the next decade pushing more money into the pot, trying to make it work out. I would hope that our industry has learned to be more cautious, but then, we're only human. We watched the wheels spin, faster and faster, and we convince ourselves that they can spin forever.

Where we left off, Albuquerque's boosters, together with the Forest Service, had completed construction of the Ellis Ranch Loop and a spur to the Sandia Crest. It was possible, even easy, to drive from Albuquerque east through Tijeras Pass, north to the present-day location of Sandia Park, and through the mountains to Placitas before reaching Bernalillo to return by the highway. The road provided access to the Ellis Ranch summer resort, now operated by the Cooper family and the First Presbyterian Church, and to the crest itself.

The road situation would remain much the same for decades to come, although not due to a lack of investment. One of the road-building trends of the 1920s and 1930s was the general maturation of the United States' formidable highway construction program. The Federal Aid Highway Act of 1921 established the pattern that much of western road building would follow: the federal government would split costs 50:50 to help western states build highways. This funding would bring about many of the US highways that we use today.

A share of the money, called the forest highway fund, was specifically set aside for highways that were in national forests or connected national forests to existing state highways. By 1926, the Federal Lands Transportation Program had taken its first form, a set of partnerships between the Bureau of Public Roads (later the Federal Highway Administration) and federal land management agencies to develop roads for economic and recreational use of federal land. For the Forest Service of the era, a forest without road access was of limited use. The following years saw a systematic survey of the national forests of New Mexico with an eye towards construction.

The Federal Aid Highway Act presaged the later interstate freeway program in several ways. First, the state-federal cost sharing model would become the norm for new highways and drive the politics of road construction to this day. Second, despite the nominal responsibility of the states for highways, the Act established the pattern of the federal government determining a map of "desirable" or "meritorious" road routes that states would be expected to follow. And finally, the Act enshrined the relationship between the military and road building. The first notional map of an integrated US highway system, developed mostly by the Army for the Bureau of Public Roads, was presented to Congress by esteemed General of the Armies John Pershing. This plan, the Pershing Map, is now over 100 years old but still resembles our contemporary freeway system.

The Great Depression did not generally drive construction, but roads would prove an exception. Roosevelt's New Deal, and the dryer language of the Emergency Relief Acts of the early 1930s, provided substantial federal funding for construction and improvement of highways. The impact on New Mexico was considerable. "Surveys, plans, and estimates of Navajo Canyon Section of State Highway No. 2 within the Carson National Forest, south of Canjilon, and survey, plans, and estimates on State Highway No. 12 between Reserve and Apache Creek on the Datil-Reserve Forest Highway route." The lists of highway projects in newspapers become difficult to track. The forest highway program's budget doubled, and doubled again. "The building of new Forest Highways in the National Forests of New Mexico will be rushed as rapidly as possible... to open up the National Forests to greater use and protection from fires."

The papers were optimistic. The Carlsbad Current-Argus ran a list of Forest Highway efforts in 1932; the headline read simply "Forest Service To Solve Unemployment."

The depression-era building campaign left the Ellis Ranch loop on the same route, but saw much of the route improved to a far higher standard than before. Graveling, oiling, and even paving stabilized the road surface while CCC crews built out embankments on the road's mountainside segments. By 1940, much of the loop had been incorporated into New Mexico Highway 44---a continuous route from Cedar Crest to Aztec.

Former NM 44 exemplifies changes to the loop's northern segment. Much of NM 44 is now known as NM 550, a busy highway from Bernalillo and alongside the far reaches of Los Lunas that eventually becomes one of the major routes in the state's northwest corner. The connection to Cedar Crest, though, is now difficult to fathom. The former route of NM 44 continued east of the freeway through Placitas and along NM 165, over the mountains to become NM 536 at Balsam Glade and then NM 14 at San Antonito. NM 14 is a major route as well, and NM 536 is at least paved---but as discussed in part I, NM 165 is now a rough unpaved road appealing mostly to OHV users and impassable in winter ¹.

Sections of NM 165 do seem to have been paved, mostly closer to Placitas, but maintenance as a main highway had ended at least by 1988 when the NM 44 designation was retired.

This is the major reason for my fascination with the Ellis Ranch Loop: today, it is hardly a loop---the whole loop is still there, and you can drive it at least in summer, but the segment of the highway in the north part of the Sandias, what is now 165, doesn't feel at all like a continuation of the same loop as NM 536. On the ground, when driving up 536, it's clear that the "main" route at Balsam Glade is to follow the curve west onto Sandia Crest Scenic Highway. And yet, the Scenic Highway was only a spur of the original loop.

This oddity of history is still reflected in the road designations and, as a result, modern maps. NM 536 and NM 165 are state highways. Sandia Crest Scenic Highway, despite the name, is not. As you zoom out, Google Maps hides the Scenic Highway entirely, depicting the former Ellis Ranch Loop as the main route. This is very different from what you will find if you actually drive it.

This halfway state of change, with NM 165 still designated as a highway but effectively abandoned and the more major Scenic Highway not designated, partly reflects the bureaucratic details of the 1930s. NM 165 was considered part of a proper inter-city route; the Scenic Highway deadends at the crest and thus never really "went anywhere." But there is more to the story: it also reflects the ambitions, errors, and shifting priorities of the mid-century.

The first formal ski area in the Sandia Mountains opened in 1936, developed by Robert Nordhaus's Albuquerque Ski Club. The ski area, then called La Madera for the canyon that tops out at the ski slopes, became a center of southwestern wintersports. In the following decades, the ski area would displace Ellis Ranch as the main destination in the mountains.

World War II disrupted skiing and recreation more broadly; progress on Sandia Mountain development stalled into the 1940s. The decline wouldn't last: WWII raised the possibility of ground combat in Northern Europe or even a need to defend the inland United States against invasion. Military planners considered Denver the best choice for an emergency relocation of the national capital in response to an Atlantic assault. While never a formal policy, the concept of Denver as "national redoubt" survived into the Cold War and directed military attention to the Rocky Mountains.

From 1939 into the 1940s, the National Ski Patrol lobbied for development of ski-mounted military units to the extent that it became a de facto auxiliary of the US Army. Ultimately only one Army "Mountain Division" would be established, but its members---recruited and trained by the Ski Patrol itself---went on to an instrumental role in securing the surrender of German forces in Austria.

While the Alpine Light Infantry were never a large part of the Army, they brought public attention to skiing and mountain recreation. Military support enabled expansion of the Ski Patrol's training programs, and returning soldiers had stories of skiing in the Alps. Much like aviation, skiing surged after the war, elevated from a fairly obscure extreme sport to one of the country's best known forms of recreation.

In 1946, the La Madera Ski Area installed what was then the longest T-bar lift in the country. It built by Ernst Constam, a Swiss engineer who invented the modern ski lift and became trapped in the United States when the war broke out during his business trip. Constam found himself an American by accident, but developed a fierce allegiance to his new home and soon worked for the Army. He participated in the training of the Mountain Division, contributed his understanding of European alpine combat to military intelligence, and even built the first military ski lift: a T-bar at Camp Hale in Colorado, now called Ski Cooper.

During the 1950s, the ski area underwent ownership changes and some financial difficulty. Nordhaus operated the area profitably, but needed cash to build the infrastructure for continued growth. That cash came in the form of Albuquerque businessman and real estate developer Ben Abruzzo, who is remembered first as a famous balloonist (responsible for much of Albuquerque's prominence in hot air ballooning) but was also an avid skier. Nordhaus and Abruzzo formed the Sandia Peak Ski Company and construction was soon underway.

You could access the base of the ski area from the Ellis Ranch Loop, but it was slow going, especially in winter. The trip from Albuquerque reportedly took hours. Ski area expansion required easier access. After negotiations related to the ski area permit expansion, the Forest Service paved the entirety of Ellis Loop from the base of the mountains to the ski area. This was the first time that a large section of the road in the mountains was fully paved, and it appears to be the Forest Service's decision to pave from the ski area southeast to San Antonito, rather than north to Placitas, that sealed the fate of NM 165. From that point on, the "main" way from Albuquerque to the Mountains was via Tijeras, not via Placitas.

The late 1950s were a busy time in the Sandias. The ski area was not the only growing tourism attraction; a post-war resurgence in travel and automobilism renewed the pro-tourism boosterism of the 1920s. Albuquerque business interests were back to lobbying the Forest Service for tourist facilities, and Abruzzo and Nordhaus's efforts at the ski area inspired confidence in a bright future for mountain recreation. All that was needed were better roads.

Sometime during the 1950s, the names "Ellis Ranch Loop" or "Ellis Loop" gave way to "Sandia Loop." Despite the new name, the road kept to its old history: the state and the Forest Service announced their intent to complete a project that, as far as they were concerned, had been in intermittent progress since the 1930s: paving and widening the entire route as a two-lane highway.

The project had never been completed in part because of the difficult conditions, but there were politics at play as well. Federal funding, critical to completing highway projects, was allocated based on the recommendations of committees at each level of government. The development of "secondary highways," a category that included NM 44, fell to county committees for prioritization. Despite the emphasis that Bernalillo County put on the Sandia Loop, Sandoval County was less motivated. Another nail in NM-165's coffin came in 1958 when the Sandoval County Road Committee definitively stated that their budget was quite limited and the Sandia Loop was not a priority. As far as I can tell, serious efforts to pave the existing road between Balsam Glade and Placitas ended at that meeting. A few years later, the state highway department announced that the project had been canceled.

Despite the fate of the loop's northern half, the rest of the Sandia mountain roads enjoyed constant attention. The southern portion of the loop was widened (by four feet, three inches) with new road base laid. The road to the crest itself, despite the involvement of the state highway department in the original construction, was decisively the problem of the Forest Service---at least, this was the point repeatedly made by the state highway department as Albuquerque interests campaigned for its improvement. Still, boosters did not have to wait for long. In 1958 the Forest Service let contracts for improvement of the Sandia Crest road as an "anti-recession project."

While many reports describe the late-1950s Sandia Crest project as widening and resurfacing, some changes to the alignment were made as well. The most severe of its many switchbacks, at the Nine Mile Picnic Area, was reworked for fewer curves. The original alignment is still in use for access to the picnic area.

In the mean time, crews contracted by the Forest Service completed yet another round of improvements to the north section of the loop road. This project spanned from a "preliminary engineering survey" in 1958 to the point where the gravel base was largely complete in 1959, but while paving of the entire route was planned it does not seem to have happened. The Albuquerque business community felt that there was good reason for the paving project: the Albuquerque Tribune reported in 1958 that "upwards of 100,000 cars annually use the Loop Road in making the punishing trip up to La Madera ski run and the Crest." At the same time, though, Albuquerque's once unified push for mountain access started to face political headwinds.

The 1960s were a different world, but some things stayed the same: Bob Cooper advertised cabins for lease at Ellis Ranch, and the business community wanted to see an improved, paved loop highway around the Sandias. The original completion of the Ellis Ranch Loop appeared in the Albuquerque Tribune's "30 Years Ago" feature in 1960, alongside coverage of the growing debate over placement of the city's two upcoming interstate freeways.

Despite efforts by the Chamber of Commerce, Highland Business Men's Association, and Downtown Business Men's Association to restart the Sandia Loop project, the state Highway Department remained silent on the subject. This was the peak era of freeway construction, and the department had many construction problems on the I-25 corridor especially. The Sandia Loop remained a popular facility, though, recommended by the Mobil travel guide starting in 1962. That same year, the La Madera ski area, now called Sandia Peak, opened the "Summit House" restaurant at the top. Summit House would later be known as High Finance before closing for replacement by today's Ten 3.

This might be confusing to today's Burqueños, as the main attraction at Sandia Peak would not begin construction until 1964. The "Spectacular Sandia Peak Chairlift Ride" described in 1962 newspaper advertisements is the ski area's Lift #1, a chairlift that is no longer in service and slated for replacement with a mixed chair/gondola system in coming years. And yet, the restaurant and lift were operated by the "Sandia Peak Ski and Aerial Tram Co." This somewhat contradicts the "official" history of the Sandia Peak Tramway, but one would think that Nordhaus and Abruzzo must have already had a bigger vision for access to the mountaintop.

The full story of the Sandia Peak Tramway could occupy its own article, and perhaps it will, but the short version is this: Bob Nordhaus visited Switzerland, where he learned that ski areas were being made more accessible by means of gondola lifts. He thought that the same scheme would work in Albuquerque, and together with Abruzzo, mounted a long campaign for permitting and funding. The plan was ambitious and more than just a bit quixotic, but Nordhaus and Abruzzo were both big personalities with extensive business connections. In 1966, they opened what was then, and for many decades after, the longest aerial tramway in the world. It runs from the northeast fringe of Albuquerque directly up the western slope of the Sandias, delivering passengers to the very top of the ski area. The 3,819 foot climb, over 2.7 miles and just two towers, takes about fifteen minutes. It is far faster, of course, than the drive around and up the east side. And yet, in the fashion of Albuquerque, one of its biggest impacts on our modern city is a road: Tramway Boulevard, or NM 556, roughly one quarter of what was originally planned as a beltway highway around the city.

While the tramway opened the steep western slope to tourism, attention to the east side was reinvigorated. The Albuquerque business community had continued to lobby the Forest Service for new and better roads, and as the tramway went in the road boosters found success. The Forest Service circulated a draft plan that delighted some and terrified others: a brand new loop¸ the Crest Loop, that would replace the road from Balsam Glade to the crest and extend it straight up the very spine of the mountain, allowing views down both sides, until coming down the northern ridge to meet the existing Sandia Loop Road near Placitas. It would be a first-class skyline road, 24' wide pavement over almost exactly the route of today's crest trail.

Previous efforts at radical Sandia mountain road construction were held off by weather, funding, and war. For the Crest Loop, there was a new enemy: bighorn sheep.

Rocky Mountain Bighorn Sheep don't appear to have ever been common in New Mexico, but a small population around the Rio Grande Valley was completely wiped out by human impacts in the late 19th and early 20th centuries. Efforts to reintroduce bighorns started in the 1930s, with more translocated sheep in the 1940s and 1960s. These populations struggled severely, and despite the attempts there are no bighorn sheep in the Sandia Mountains today. Still, the population in the mid-'60s was likely the largest it would ever be, a hard-won victory that the state was inclined to protect.

Besides, Rachel Caron's Silent Spring was published in 1962, a landmark in the history of American environmentalism. The environmentalist movement wasn't as powerful as it would become, but it was certainly gaining momentum. Not only the state Game and Fish Department opposed, but community groups like the New Mexico Mountain Club stepped up to oppose development along the ridge.

On Monday, August 8th, 1966, the Forest Service called a public hearing to be held at the East Central Branch of Albuquerque National Bank. To an audience of businessmen and community groups, regional forester William D. Hurst presented the official plan for the Sandias. The existing road from Balsam Glade up to the crest, the Crest Scenic Highway, would be significantly reworked. The old alignment had over a dozen switchbacks, the new alignment only four. The wider, straighter road would offer access to a completely new ski area at about the location of today's Capulin snow play area.

The Crest Loop would not make it quite all the way to the crest, instead turning north a bit to the east (and below) the crest where a parking lot and turnout area formed the main attraction. The highway itself no longer followed the ridge, an admission to the Bighorn Sheep interests, but instead paralleled it about 1/4 mile to the east. About 2.5 miles north of the crest, the highway would switch back and start it a descent down the eastern face, through Las Huertas canyon, to meet the Sandia Loop before Placitas.

It was noted that, in the future, an additional road could be planned up the canyon above Sandia Cave for yet a third road all the way up the eastern side. At least you can't say they weren't ambitious.

The 1966 Crest Loop plan was presented by the Forest Service in a rather matter-of-fact way. Hurst told the press that he did not expect much objection, and apparently the presentation itself was well received. Still, Hurst's quip that the plan presented "the greatest good for the largest numbers of people" hinted that it was not uncontroversial, as did the fact that every newspaper article about the presentation made some reference to the "hubbub."

While the 1/4 mile shift away from the ridge had won the support of the state, it was not enough to please the New Mexico Wildlife and Conservation Association and gained only the most tacit support from the New Mexico Mountain Club, which described their position to the papers as "wait and see." They had time: the Forest Service expected the project to take as much as ten years, even with surveying work starting immediately.

The Crest Loop was only part of a broader plan for Sandia recreation, one that responded to Albuquerque's rapid mid-century population growth. There were more than twice as many people in Albuquerque then as there had been before the war, for example, and the Forest Service considered the nine picnic areas on the existing road to be overused. The new crest loop would enable 200 acres of new picnic grounds

For all of the promise of the new Crest Loop, there was a curious omission: the view from the crest. The road's alignment 1/4 mile off the crest meant that the highest point on the road, the turnout with bathrooms and facilities, was on the other side of the ridge from Albuquerque. It would have views to the north and northeast, but not at all to the west or southwest. In other words, you would no longer be able to drive up to the crest and then look down on the city---getting the same view offered by the old road would require a hike.

This is a fascinating decision and one that, if you will allow me to editorialize, seems to reflect the Forest Service's process-focused approach to planning. The original Crest Loop plan would have placed the road directly on the ridge, probably providing one of the finest roadside views in the nation. Well, in actuality, there was always disagreement over the aesthetic merits of the plan. The forest service had always denied any intent to clearcut trees to improve sightlines, so it was likely that even the original ridgetop alignment would have had trees blocking the view along much of the route. The Forest Service even conceded to environmental groups by promising to keep the road off of the large clear bluff just north of the crest, the spot with the very best potential for automobile sightseeing.

The final proposed alignment, downslope from the ridge, had the view completely blocked on the west... and it was away from the windswept, rocky western face, decidedly in the forest. Even to the east, where the terrain dropped away precipitously, you would be unlikely to see anything other than the forest right in front of you.

Proponents said the Crest Loop would be a natural attraction like no other, with a 360 degree perspective over the Rio Grande Valley and the High Plains. Opponents said it would be a "green tunnel," so densely forested on both sides that it might as well have been down in the valley for all the sightseeing it would afford. They seem to have been right: as ultimately proposed, the "skyline" Crest Loop actually offered less of a view than the existing route.

What it would offer is capacity. The road was designed for traffic, intended to support visitors to the new picnic areas, the expanding Sandia Peak Ski Area, and the new ski area yet to be named. The new ski area penciled out as 1,000 acres, larger than Sandia Peak. A new snow play area was expected to attract thousands of non-skiing visitors. And parking---parking was a problem, the Forest Service reported, with just 750 spaces at the bottom of the ski area. The Forest Service intended to provide 800 spaces at the new snow play area, and the bypassed switchbacks of the old crest road would themselves be repurposed as new parking areas.

As far as the Forest Service was concerned, the Crest Loop was a done deal. They had already committed $600,000 a year for the next several years to fund surveys and planning, and expected more federal funding to match state support. And yet, as always, progress was slow. 1967 passed with little mention of the road. In 1968 the Albuquerque Chamber of Commerce must have been getting nervous, as they passed a resolution in support of its completion, for no reason in particular.

In 1969, an interesting new proposal for the Crest Scenic Highway put it back into the papers: a race. Albuquerque advertising firm Eicher and Associates proposed to one-up the Pikes Peak by hosting a Labor Day hill climb. The state Highway Commission approved the plan, but the race stalled when a State Police captain pointed out that state law forbid racing on public roads---and the Attorney General issued an opinion that the Highway Commission had no authority to grant an exception. Nothing ultimately came of the Sandia Peak Climb, or at least, nothing other than a series of headlines and another round of objections to planned improvements.

Central to the opponent's arguments was a disagreement over the nature of forest recreation. The New Mexico Wildlife and Conservation Association advocated for the establishment of wilderness areas covering much of the Sandias, precluding further development. Their proposal actually accommodated the Crest Loop by putting it just off of the edge of the wilderness area covering the western face, but Cibola National Forest Supervisor George Proctor was still hesitant: "Proctor made clear he did not rule out wilderness use for the land, but only wanted time to weigh the proposals against possible other needs---as for future additional tramways or recreation areas." Perhaps one tramway and two highways was not enough; we can't know what the future will hold.

The conservationists said exactly what you would expect:

It would be nice to have complete access for large volumes of people---since so many have seen nothing like the top of the Sandias---said [NMCWA director] McDonald, but when large volumes come, then the beauty of the area often ceases to exist. ²

While the Forest Service had been quiet, it had not been entirely idle. Surveying for the route was nearly complete, and the Forest Service contracted the first phase of the work: clearing trees for the new route, starting in the immediate area of the crest. A bit over three miles of right of way were clearcut, mostly along the "top" of the road a quarter mile from the crest. The new upper alignment of the existing road was cleared as well, wider switchbacks well to the north and south of the current road.

Almost immediately after the clearing, Forest Service funding for the project unexpectedly dried up. Work was discontinued until new funding for the project could be secured, a delay that was not expected to last long but that fell at the worst possible time.

The Crest Loop had been abstract, seen only in the form of Forest Service presentations and hand-drawn newspaper illustrations. In that form, it had attracted considerable support from the business community and only muted objections from conservationists. But then the trees fell. Acres of clearcut forest, so close to the ridge and so visible from the road, turned the highway plan into an eyesore. As they sat, unchanged, month after month, an eyesore turned into a scandal.

By the summer of 1970, the Wildlife and Conservation Association, the New Mexico Conservation Coordination, and the National Wildlife Federation sent letters opposing the project. State legislators became involved. There were accusations of treachery, with Forest Service employees allegedly lobbying business leaders to support the project while on the clock, and the district forester holding secret meetings with state officials to coordinate.

Over the following year, opposition stacked up. US Rep. Manuel Lujan, a prominent New Mexico politician, wrote to the director of the Forest Service with his objections. NM Attorney General David Norvell joined with a press release asking the Forest Service to reconsider the plan. These objections were actually rather weak: Lujan, in particular, mostly just thought the proposed road was too expensive, a waste of money considering that there was already a highway connecting the same places. Even environmental groups tempered their criticism, with at least two clarifying that they objected only to the highway along the ridge, and not to improvements to the road between Balsam Glade and the crest.

The Forest Service's motivations can be difficult to understand. The whole Crest Loop plan had reportedly begun with a presidential directive to identify opportunities for new recreational facilities, and it had certainly had the strong support of the business community in the 1960s. At the turn of the 1970s, the situation had noticeably changed. Most press coverage of the project focused on the opposition, and Albuquerque's business clubs had fallen silent, perhaps averse to the controversy. There's not much to say for the Forest Service's lobbying effort beyond inertia: as far as they were concerned, they had committed to the plan in 1966 and were now simply executing on an old decision.

The federal government, once it gets into motion, does not easily change directions. For Forest Service staff, careers, or at least plans to climb the corporate ladder, must have been staked on the success of the Crest Loop. Even as the budget escalated from $3 million to $3.5, then as high as $5 million, the Forest Service remained committed to finishing what it had started. "[Opponents] claim the Forest Service won't heed their cries of distress," the Albuquerque Journal summarized. "The Forest Service says the decision to build the road was made a long time ago."

In May of 1971, the controversy broke out into demonstrations. This was no Vietnam war; anti-Crest Loop protests had a more whimsical quality. On Sunday the 16th, around two hundred demonstrators went up the Crest Scenic Highway and gathered in the cleared path of the future road. The plan, originally, had been to replant the clearing with new trees, a slow way of walking back the road's likewise slow advance. This threat of minor vandalism was met by a threat of minor reprisal when the Forest Service informed the press that unauthorized planting of trees in a National Forest could be charged as a misdemeanor.

The result, a mountaintop clash between Albuquerque's most motivated environmentalists and the force majeure of the Forest Service, must be one of the stranger moments in Albuquerque's environmental history.

One group---lead by Dr. Gerald Bordin---advocated "peaceful protest." Another, lead partly by Jesse Cole, planted three symbolic trees. Finally, two individuals---Florencio Baca and Marvin Price---began a private discussion that turned into a simulated panel discussion on the negative aspects of the proposed road....

Few persons started the planned three-mile walk down the graded Ellis Loop in the 10,000-foot altitude. Several protesters, disillusioned for the lack of trees to plant, began to leave by noon.

Bordin produced a cardboard replica of a pine tree, dissected by a highway, and placed it on the proposed road. "This type of planting is legal," he said; and another protester, watching two others dig a hole for a tree a few yards away, asked Bordin "Where's your tree, man?" ³

On the first day of 1970, president Richard Nixon signed the National Environmental Policy Act. Nixon was famously a mixed bag on environmental issues; his creation of the Environmental Protection Agency is one of the largest single steps forward in the history of US conservation, but he also pinched pennies to a degree that smothered many environmental programs. As it would turn out, the fate of the Crest Loop hinged on the interplay of these two sides of Nixon.

To satisfy its obligations under NEPA, the Forest Service completed an environmental impact assessment of the proposed Crest Road in 1973. It was now almost five years since the clearing of part of the right of way, but the only progress made had been on paper. Unsurprisingly, the impact assessment found the road to be feasible. "The highway is completely on the east slope and won't even be able to be seen from Albuquerque," the forest supervisor explained.

The environmental analysis spurred another series of exchanges between the Forest Service and environmental interests. The state Environmental Planning Commission filed comment, suggesting that the Crest Loop would better be replaced by a system of two one-way roads at different altitudes. One thing the EPC did agree on was the necessity that something be done. Like the groups who had assured their support for improving the road to the crest in the years before, the EPC recommended against taking no action. The existing crest road was unsustainable, they found, and needed to be improved in some way.

During the plant-in, one organizer suggested letters to the editor. Perhaps he was heard, as letters in opposition stacked up during 1973. Frank Marquart wrote that the highway would be good for General Motors and no one else. A letter from L. Graham got the simple headline "Crest Road Not Necessary." Among the growing public protest, the gears of government were turning: the Bernalillo County Commission made a resolution asking the Forest Service to stop.

Joe Whiton attended a hearing on the matter in Tijeras, leaving a Journal reporter with a memorable quote:

The Crest Road is a juggernaut already aimed, the switch is on and it is going to be fired no matter what we say. I have a feeling it is going to happen anyway and I don't think it should. ⁴

Despite the Forest Service's momentum, two significant roadblocks had arisen in the Crest Loop plan: first, the Forest Service was having a hard time getting to a final environmental impact statement on the project. Several drafts had been circulated, and from what I can tell one was even published as final, although it only covered a portion of the work rather than the entirety. The National Environmental Policy Act has many problems and often fails to achieve its aims, but it does have its virtues: while NEPA does not necessarily require agencies to listen to public feedback, it does require them to solicit it, and the hearings and comment periods that make up federal environmental policy gave the Crest Loop's opponents a platform on which to organize.

Second, there was President Nixon. Nixon had generally supported the Federal Lands Highway Program, under which the Crest Loop now fell, but his efforts to reduce federal spending through impoundment quickly became controversial. A fight with Congress over changes to the federal highway funding model in 1972 lead to a lapse in highway funding, a situation that became even more chaotic as Nixon specifically refused funding for a long list of highway grants. The funding situation probably didn't kill the Crest Loop, but it delayed further progress during the 1970s, contributing to both the sense of scandal over the lack of progress and to the opposition's developing power.

In 1973, the Forest Service produced new draft environmental documents covering four variant plans, which other than the no action alternative all involved some form of new highway. This was, as it turns out, the last gasp of the Crest Loop: in 1975, over a decade after planning first started, the Forest Service released a new environmental impact statement covering the entire Sandia mountain recreational plan. Its alternatives included new picnic grounds, bathrooms, and campgrounds. It included various improvements to the Crest Scenic Highway. But more important is what it did not include: any mention of the Crest Loop.

In the following years, the Forest Service would release further environmental and planning documents on the remaining scope of work, which was only the improvement of the road between Balsam Glade and the Crest. A 1976 impact statement covered three alternatives: the first would use the area already cleared for realignment, the second would keep the old alignment, and the third would finish realignment of the entire route, as included in the original Crest Loop plan. Based on the Albuquerque Tribune's count of public comments, Burqueños overwhelmingly favored the second option---keeping the existing route. While the road has been widened and resurfaced over the years, it remains on its original, winding route.

In 1927, roads reached Sandia Crest. Today, just shy of one hundred years later, the drive to the crest is essentially the same as this original route. It's all paved now, it's wider, and the curves has softened. It is still, by our modern standards, a rough road. The biggest change from the long-ago Ellis Ranch Loop to today's forest highways is actually a loss: the reduction of NM 165 to a minor, unpaved road. One might say, then, that progress since 1927 has been backwards. We are less ambitious than we once were.

On the flip side, the ambitions of the mid-century are so difficult to square with our modern sense of environmental preservation. The Forest Service dreamed, at times, of thousands of parking spaces, of cabins, a resort. We now value conservation over improvement, wilderness over access. It almost seems like it has always been that way---but it hasn't. This is a modern idea in land management, an innovation of the post-war era and the American environmental movement.

The old tensions between tourist promotion and wilderness preservation have never gone away. In 2023, Mountain Capital Partners signed a joint venture with the Sandia Peak Ski Company. The Sandia Peak Ski Area has barely opened for the last five years; climate change has shortened the season so severely that the Sandias can go all winter without enough snow to ski. Mountain Capital Partners how hopes, through artificial snowmaking, to bring the ski area back to life. Still, it's clear that snow will never be enough: ski areas are, in general, facing tough times.

Sandia Peak Ski Company has developed an ambitious plan for a "four season" recreational destination. It called for a mountain roller coaster, mountainbike trails, a complete replacement of Lift #1. The mountain coaster has already been abandoned, having attracted more environmental controversy than the Forest Service was prepared to handle.

In aerial images, you can still clearly see the path of the Crest Loop, at least to the first switchback where 1968 clearing work ended. Some of the modern trails follow the unused highway rights of way. They are incongruously described by in some Forest Service documents as firebreaks, a function that they do serve but were never intended for. I get the impression that even some of the Forest Service staff have forgotten the entire Crest Loop story. Well, it's one of many things about the Sandias that have been forgotten.

Ellis Ranch is now hardly remembered, up a canyon from a picnic area. It is once again difficult to access, past the part of the former Ellis Loop that is still paved. The Crest Loop was canceled in its early stages, the notional second highway was never even planned.

But Ellis Ranch Loop Road is still there. Millions of people drive up it every year. They look down on the city, and marvel at the view. I wonder how many realize---that the climb started so long ago, and that it has still never been finished. I think that it's better this way. A summit should always be an achievement, so easy to see, but so hard to reach. We get used to living in the shadows of mountains.

... when I'm eight thousand and three? Doesn't quite scan.

Old soul jeffphi hummed "It's comforting to know that I'll have health insurance coverage through my 8,030th birthday!"

Scififan Steve muttered "I asked Copilot if Tom Baker and Lalla Ward were the same age. Apparently, they have been traveling on different timelines, so Copilot claims they are the same age despite having birthdays 17 years apart. Who knew?" It's a timey-wimey thing.

An anonymous Aussie announced "I was trying to look up a weather forecast for several weeks in advance as I'm attending an event on Saturday 22nd November. Apparently the Weather Channel has invented its own calendar (or decided there are too many days in the year), as while the 1st of November was a Saturday and 22nd of November occur on a Saturday, the Weather Channel has decided those dates fall on a Friday.
Rosanna is in Melbourne, Australia. Temperatures are displayed in Celsius. " Rosanna is rated the 99th most liveable suburb of Melbourne, probably due to the aberrant calendar.

Beatrix W. wants to relocate to a more pedestrian-friendly nabe. "I was bored and looked for houses on a german real estate website. When I tried to have the distance to a house calculated I got the lovely result from the screenshot. The 99 minutes are okay when using the car but the rest is -1 minute."

Taxpayer Marlin D. is making sure he gets everything lined up for year-end. Checking his witholdings, he found that the IRS try very hard to be precise with their language. "This is from the IRS online Tax Withholding Estimator tool. I guess they really do mean *between*."

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Wolferitza sends us a large chunk of a C# class. We'll take it in chunks because there's a lot here, but let's start with the obvious problem:

    private int iID0;
    private int iID1;
    private int iID2;
    private int iID3;
    private int iID4;
    private int iID5;
    private int iID6;
    private int iID7;
    private int iID8;
    private int iID9;
    private int iID10;
    private int iID11;
    private int iID12;
    private int iID13;

If you say, "Maybe they should use an array," you're missing the real problem here: Hungarian notation. But sure, yes, they should probably use arrays. And you might think, "Hey, they should use arrays," would be an easy fix. Not for this developer, who used an ArrayList.

private void Basculer(DataTable dtFrom, DataTable dtTo)
{
    ArrayList arrRows = new ArrayList();

    int index;

    DataRow drNew1 = dtTo.NewRow();
    DataRow drNew2 = dtTo.NewRow();
    DataRow drNew3 = dtTo.NewRow();
    DataRow drNew4 = dtTo.NewRow();
    DataRow drNew5 = dtTo.NewRow();
    DataRow drNew6 = dtTo.NewRow();
    DataRow drNew7 = dtTo.NewRow();
    DataRow drNew8 = dtTo.NewRow();
    DataRow drNew9 = dtTo.NewRow();
    DataRow drNew10 = dtTo.NewRow();
    DataRow drNew11 = dtTo.NewRow();
    DataRow drNew12 = dtTo.NewRow();
    DataRow drNew13 = dtTo.NewRow();
    DataRow drNew14 = dtTo.NewRow();
    DataRow drNew15 = dtTo.NewRow();

    arrRows.Add(drNew1);
    arrRows.Add(drNew2);
    arrRows.Add(drNew3);
    arrRows.Add(drNew4);
    arrRows.Add(drNew5);
    arrRows.Add(drNew6);
    arrRows.Add(drNew7);
    arrRows.Add(drNew8);
    arrRows.Add(drNew9);
    arrRows.Add(drNew10);
    arrRows.Add(drNew11);
    arrRows.Add(drNew12);
    arrRows.Add(drNew13);
    arrRows.Add(drNew14);
    arrRows.Add(drNew15);
    // more to come…

Someone clearly told them, "Hey, you should use an array or an array list", and they said, "Sure." There's just one problem: arrRows is never used again. So they used an ArrayList, but also, they didn't use an ArrayList.

But don't worry, they do use some arrays in just a moment. Don't say I didn't warn you.

    if (m_MTTC)
    {
        if (m_dtAAfficher.Columns.Contains("MTTCRUB" + dr[0].ToString()))
        {
            arrMappingNames.Add("MTTCRUB" + dr[0].ToString());
            arrHeadersTexte.Add(dr[4]);
            arrColumnsFormat.Add("");
            arrColumnsAlign.Add("1");

Ah, they're splitting up the values in their data table across multiple arrays; the "we have object oriented programming at home" style of building objects.

And that's all the setup. Now we can get into the real WTF here.

            if (iCompt == Convert.ToInt16(0))
            {
                iID0 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(1))
            {
                iID1 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(2))
            {
                iID2 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(3))
            {
                iID3 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(4))
            {
                iID4 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(5))
            {
                iID5 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(6))
            {
                iID6 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(7))
            {
                iID7 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(8))
            {
                iID8 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(9))
            {
                iID9 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(10))
            {
                iID10 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(11))
            {
                iID11 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(12))
            {
                iID12 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(13))
            {
                iID13 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
        }
    }

Remember those private iID* values? Here's how they get populated. We check a member variable called iCompt and pull the first value out of a dr variable (a data reader, also a member variable). You may have looked at the method signature and assumed dtFrom and dtTo would be used, but no- they have to purpose in this method at all.

And if you liked what happened in this branch of the if, you'll love the else:

    else
    {
        if (m_dtAAfficher.Columns.Contains("MTTHRUB" + dr[0].ToString()))
        {
            arrMappingNames.Add("MTTHRUB" + dr[0].ToString());
            arrHeadersTexte.Add(dr[4]);
            arrColumnsFormat.Add("");
            arrColumnsAlign.Add("1");

            if (iCompt == Convert.ToInt16(0))
            {
                iID0 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(1))
            {
                iID1 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(2))
            {
                iID2 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(3))
            {
                iID3 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(4))
            {
                iID4 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(5))
            {
                iID5 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(6))
            {
                iID6 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(7))
            {
                iID7 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(8))
            {
                iID8 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(9))
            {
                iID9 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(10))
            {
                iID10 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(11))
            {
                iID11 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(12))
            {
                iID12 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
            else if (iCompt == Convert.ToInt16(13))
            {
                iID13 = Convert.ToInt32(dr[0]);
                iCompt = iCompt + 1;
            }
        }
    }
}

I can only assume that this function is called inside of a loop, though I have to wonder about how that loop exits? Maybe I'm being too generous, this might not be called inside of a loop, and the whole class gets to read 13 IDs out before it's populated. Does iCompt maybe get reset somewhere? No idea.

Honestly, does this even work? Wolferitza didn't tell us what it's actually supposed to do, but found this code because there's a bug in there somewhere that needed to be fixed. To my mind, "basically working" is the worst case scenario- if the code were fundamentally broken, it could just be thrown away. If it mostly works except for some bugs (and terrible maintainability) no boss is going to be willing to throw it away. It'll just fester in there forever.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Handling non-existent values always presents special challenges. We've (mostly) agreed that NULL is, in some fashion, the right way to do it, though it's still common to see some sort of sentinel value that exists outside of the expected range- like a function returning a negative value when an error occurred, and a zero (or positive) value when the operation completes.

Javier found this function, which has a… very French(?) way of handling invalid dates.

 Private Function CheckOraDate(ByVal sDate As String) As String
        Dim OraOValDate As New DAL.PostGre.DataQuery()
        Dim tdate As Date
        If IsDate(sDate) Then
            Return IIf(OraOValDate.IsOracle, CustomOracleDate(Convert.ToDateTime(sDate).ToString("MM-dd-yyyy")), "'" & sDate & "'")
        Else
            '~~~ No Date Flag of Bastille Day
            Return CustomOracleDate(Convert.ToDateTime("07/14/1789").ToString("MM-dd-yyyy"))
        End If

    End Function

Given a date string, we check if it is a valid date string using IsDate. If it is, we check if our data access layer thinks the IsOracle flag is set, and if it is, we do some sort of conversion to a `CustomOracleDate", otherwise we just return the input wrapped in quotes.

All that is sketchy- any function that takes dates as a string input and then returns the date in a new format as a string always gets my hackles up. It implies loads of stringly typed operations.

But the WTF is how we handle a bad input date: we return Bastille Day.

In practice, this meant that their database system was reporting customers' birthdays as Bastille Day. And let me tell you, those customers don't look a day over 200, let alone 236.

For an extra bonus WTF, while the "happy path" checks if we should use the custom oracle formatting, the Bastille Day path does not, and just does whatever the Oracle step is every time.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

Alicia recently moved to a new country and took a job with a small company willing to pay well and help with relocation costs. Overall, the code base was pretty solid. Despite the overall strong code base, one recurring complaint was that running the test suite was painfully long.

While Alicia doesn't specify what the core business is, but says: "in this company's core business, random numbers were the base of everything."

As such, they did take generating random numbers fairly seriously, and mostly used strong tools for doing that. However, whoever wrote their test suite was maybe a bit less concerned, and wrote this function:

public static Long generateRandomNumberOf(int length) {
    while (true) {
            long numb = (long)(Math.random() * 100000000 * 1000000); // had to use this as int's are to small for a 13 digit number.
            if (String.valueOf(numb).length() == length)
                return numb;		
        }		
}

They want many digits of random number. So they generate a random floating point, and then multiply it a few times to get a large number. If the length of the resulting number, in characters, is the desired length, we return it. Otherwise, we try again.

The joy here, of course, is that this function is never guaranteed to exit. In fact, if you request more than 15 digits, it definitely won't exit. In practice, most of the time, the function is able to hit the target length in a relative handful of iterations, but there's no guarantee for that.

Alicia was tracking down a bug in a test which called this function. So she went ahead and fixed this function so that it use a sane way to generate the appropriate amount of entropy that actually guaranteed a result. She included that change in her pull request, nobody had any comments, and it got merged in.

The unit tests aren't vastly faster than they were, but they are faster. Who knows what other surprises the test suite has in store?

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

Brian (previously)found himself contracting for an IoT company, shipping thermostats and other home automation tools, along with mobile apps to control them.

Brian was hired because the previous contractor had hung around long enough for the product to launch, cashed the check, and vanished, never to be heard from again.

And let's just say that Brian's predecessor had a unique communication style.

    private class NoOpHandler extends AsyncCharisticHandler {
        public NoOpHandler(Consumer<BluetoothGattCharacteristic> consumer) {
            super(null, consumer);
        }

        @Override
        public void Execute() {
            // Don't do any actual BLE Communication here, and just go straight to the callback, This
            // handler is just to allow people to get a callback after after a bunch of Async IO Operations
            // have happened, without throwing all the completion logic into the "last" async callback of your batch
            // since the "last" one changes.
            InvokeCallback();
            // After this callback has been handled, recheck the queue to run any subsequent Async IO Operations
            OnBLEAsyncOperationCompleted();
            // I'm aware this is recursive. If you get a stack overflow here, you're using it wrong.
            // You're not supposed to queue thousands of NoOp handlers one after the other, Stop doing it!
            // If you need to have code executed sequentially just, er... write a fu*king function there is
            // nothing special about this callback, or the thread it is called on, and you don't need to use
            // it for anything except getting a callback after doing a batch of async IO, and then, it runs 
            // in the context of the last IO Completion callback, which shouldn't take ages. If you use 
            // AsyncRunWhenCompleted() to create more of these within the callback of AsyncRunWhenCompleted
            // it just keeps the IO completion thread busy, which also breaks shit. 
            // Basically, you shouldn't be using AsyncRunWhenCompleted() at all if you're not me.
        }
    }

Who said bad programmers don't write comments? This bad programmer wrote a ton of comments. What's funny about this is that, despite the wealth of comments, I'm not 100% certain I actually know what I'm supposed to do, aside from not use AsyncRunWhenCompleted.

The block where we initialize the Bluetooth system offers more insight into this programmer's style.

    @SuppressLint("MissingPermission")
    private void initializeBluetooth() {
        _bluetoothManager = (BluetoothManager) getSystemService(BLUETOOTH_SERVICE);
        _bluetoothAdapter = _bluetoothManager != null ? _bluetoothManager.getAdapter() : null;
        if (_bluetoothAdapter != null && _bluetoothAdapter.isEnabled()) {
            /* #TODO: I don't know if cancelDiscovery does anything... either good, or bad. It seems to make BLE discovery faster after 
            *         the service is restarted by android, but I don't know if it screws anything else up in the process. Someone should check into that */
            _bluetoothAdapter.cancelDiscovery();
            _bluetoothScanner = _bluetoothAdapter.getBluetoothLeScanner();
            _scanFilters = Collections.singletonList(new ScanFilter.Builder().setServiceUuid(new ParcelUuid(BLE_LIVELINK_UUID)).build());
            CreateScanCallback();
        } else {
            // #TODO: Handle Bluetooth not available or not enabled
            stopSelf();
        }
    }

This is a clear example of "hacked together till it works". What does cancelDiscovery do? No idea, but we call it anyway because it seems to be faster. Should we look it up? Because yes, it sounds like calling it is correct, based on the docs. Which took me 15 seconds to find. "Someone should check into that," and apparently I am that someone.

Similarly, the second TODO seems like an important missing feature. At least a notification which says, "Hey, you need bluetooth on to talk to bluetooth devices," would go a long way.

All this is in service of an IoT control app, which seems to double as a network scanner. It grabs the name of every Bluetooth and WiFi device it finds, and sends them and a location back to a web service. That web service logs them in a database, which nobody at the company ever looks at. No one wants to delete the database, because it's "valuable", though no one can ever specify exactly how they'd get value from it. At best, they claim, "Well, every other app does it." Mind you, I think we all know how they'd get value: sell all this juicy data to someone else. It's just no one at the company is willing to say that out loud.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

As I was traveling this week (just home today), conveyances of all sorts were on my mind.

Llarry A. warned "This intersection is right near my house. Looks like it's going to be inconvenient for a while..." Keeping this in mind, I chose to take the train rather than drive.

Unfortunately US trains are restricted to plodding sublight speeds, but Mate has it better. "I love how the Swiss Federal Railways keep investing in new rolling stock... like this one that can teleport from one side of the country to the other in 0 minutes?! "

And Michael R. 's TfL seems to operate between parallel universes. "I was happy to see that the "not fitted" Northern Line train actually rolled in 2 mins later."

Daniel D. 's elevator went up but the ubiquitous screen went down. Daniel even slipped a bit of selfie into his submission. Sneaky. "This display usually features some looping video. This time it featured only desktop with bunch of scripts / *.bat files. I guess it's better when elevator's display crashes than when an actual elevator crashes?"

Joel C. 's elevator had a different fault. "The screen in my hotel's elevator is not sending quite the message they probably want."

Our submitter, Gearhead, was embarking on STEM-related research. This required him to pursue funding from a governmental agency that we’ll call the Ministry of Silly Walks. In order to start a grant application and track its status, Gearhead had to create an account on the Ministry website.

The registration page asked for a lot of personal information first. Then Gearhead had to create his own username and password. He used his password generator to create a random string: D\h.|wAi=&:;^t9ZyoO

Upon clicking Save, he received an error.

Your password must be a minimum eight characters long, with no spaces. It must include at least three of the following character types: uppercase letter, lowercase letter, number, special character (e.g., !, $, % , ?).

Perplexed, Gearhead emailed the Ministry’s web support, asking why his registration failed. The reply:

Hello,
The site rejects password generators as hacking attempts. You will need to manually select a password.
Ex. GHott*01

Thank you,

Support

So a long sequence of random characters was an active threat, but a 1990s-era AOL username was just fine. What developer had this insane idea and convinced other people of it? How on earth did they determine what was a "manually selected" string versus a randomly-generated one?

It seems the deciding factor is nothing more than length. If you go to the Ministry’s registration page now, their password guidelines have changed (emphasis theirs):

Must be 8-10 characters long, must contain at least one special character ( ! @ # $ % ^ & * ( ) + = { } | < > \ _ - [ ] / ? ) and no spaces, may contain numbers (0-9), lower and upper case letters (a-z, A-Z). Please note that your password is case sensitive.

Only good can come of forcing tiny passwords.

The more a company or government needs secure practices, the less good they are at secure practices. Is that a law yet? It should be.

Dotan was digging through vendor supplied documentation to understand how to use an API. To his delight, he found a specific function which solved exactly the problem he had, complete with examples of how it was to be used. Fantastic!

He copied one of the examples, and hit compile, and reviewed the list of errors. Mostly, the errors were around "the function you're calling doesn't exist". He went back to the documentation, checked it, went back to the code, didn't find any mistakes, and scratched his head.

Now, it's worth noting the route Dotan took to find the function. He navigated there from a different documentation page, which sent him to an anchor in the middle of a larger documentation page- vendorsite.com/docs/product/specific-api#specific-function.

This meant that as the page loaded, his browser scrolled directly down to the specific-function section of the page. Thus, Dotan missed the gigantic banner at the top of the page for that API, which said this:

/!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!
This doc was written to help flesh out a user API. The features described here are all hypothetical and do not actually exist yet, don't assume anything you see on this page works in any version /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\

On one hand, I think providing this kind of documentation is invaluable, both to your end users and for your own development team. It's a great roadmap, a "documentation driven development" process. And I can see that they made an attempt to be extremely clear about it being incomplete and unimplemented- but they didn't think about how people actually used their documentation site. A banner at the top of the page only works if you read the page from top to bottom, but documentation pages you will frequently skip to specific sections of the page.

But there was a deeper issue with the way this particular approach was executed: while the page announced that one shouldn't assume anything works, many of the functions on the page did work. Many did not. There was no rhyme or reason, to version information or other indicators to help a developer understand what was and was not actually implemented.

So while the idea of a documentation-oriented roadmap specifying features that are coming is good, the execution here verged into WTF territory. It was a roadmap, but with all the landmarks erased, so you had no idea where you actually were along the length of that road. And the one warning sign that would help you was hidden behind a bush.

Dotan asks: "WTF is that page doing on the official documentation wiki?"

And I'd say, I understand why it's there, but boy it should have been more clear about what it actually was.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

Years ago, Brian had a problem: their C# application would crash sometimes. What was difficult to understand was why it was crashing, because it wouldn't crash in response to a user action, or really, any easily observable action.

The basic flow was that the users used a desktop application. Many operations that the users wanted to perform were time consuming, so the application spun up background tasks to do them, thus allowing the user to do other things within the application. And sometimes, the application would just crash, both when the user hadn't done anything, and when all background jobs should have been completed.

The way the background task was launched was this:

seeder.RunSeeder();

It didn't take too much head scratching to realize what was running every time the application crashed: the garbage collector.

RunSeeder returned a Task object, but since Brian's application treated the task as "fire and forget", they didn't worry about the value itself. But C# did- the garbage collector had to clean up that memory.

And this was running under .Net 4.0. This particular version of the .Net framework was a special, quantum realm, at least when it came to tasks. You see, if a Task raises an exception, nothing happens. At least, not right away. No one is notified of the exception unless they inspect the Task object directly. There's a cat in the box, and no one knows the state of the cat unless they open the box.

The application wasn't checking the Task result. The cat remained in a superposition of "exception" and "no exception". But the garbage collector looked at the task. And, in .Net 4.0, Microsoft made a choice about what to do there: when they opened the box and saw an exception (instead of a cat), they chose to crash.

Microsoft's logic here wasn't entirely bad; an uncaught exception means something has gone wrong and hasn't been handled. There's no way to be certain the application is in a safe state to continue. Treating it akin to undefined behavior and letting the application crash was a pretty sane choice.

The fix for Brian's team was simple: observe the exception, and choose not to do anything with it. They truly didn't care- these tasks were fire-and-forget, and failure was acceptable.

seeder.RunSeeder().ContinueWith(t => { var e = t.IsFaulted ? t.Exception : null; }); // Observe exceptions to prevent quantum crashes

This code merely opens the box and sees if there's an exception in there. It does nothing with it.

Now, I'd say as a matter of programming practice, Microsoft was right here. Ignoring exceptions blindly is a definite code smell, even for a fire-and-forget task. Writing the tasks in such a way as they catch and handle any exceptions that bubble up is better, as is checking the results.

But I, and Microsoft, were clearly on the outside in this argument. Starting with .Net 4.5 and moving forward, uncaught exceptions in background tasks were no longer considered show-stoppers. Whether there was a cat or an exception in the box, when the garbage collector observed it, it got thrown away either way.

In the end, this reminds me of my own failing using background tasks in .Net.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

The first time Z hit the captcha on his company's site, he didn't think much of it. And to be honest, the second time he wasn't paying that much attention. So it wasn't until the third time that he realized that the captcha had showed him the same image every single time- a "5" with lines scribbled all over it.

That led Z to dig out the source and see how the captcha was implemneted.

<Center>Click a number below to proceed to the next page. <br>Some browsers do not like this feature and will try to get around it. If you are having trouble<br> seeing the image, empty your internet cache and temporary internet files may help. <br>Please ensure you have no refresher add-ons installed on your browser.<br />
<table border=1><Tr><td colspan='3' align='center'>
<font style='font-size:36px;'><img width='150' title='5' alt='5' src='valimages/5.gif'> </font></td></tr>
<Tr>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=1'>1</a></font></td>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=2'>2</a></font></td>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=3'>3</a></font></td>
</tr>
<Tr>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=4'>4</a></font></td>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=5'>5</a></font></td>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=6'>6</a></font></td>
</tr>
<tr>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=7'>7</a></font></td>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=8'>8</a></font></td>
<Td align=center><font size='6'><A href='valid.php?got=crimied&linknum=9'>9</a></font></td>
</tr></table>
</Center>

Look, I know there's a joke about how hard it is to center things in CSS, but I think we've gone a little overboard with our attempt here.

Now, the PHP driving this page could have easily been implemented to randomly select an image from the valimages directory, and there was some commented out code to that effect. But it appears that whoever wrote it couldn't quite understand how to link the selected image to the behavior in valid.php, so they just opted to hard code in five as the correct answer.

The bonus, of course, is that the image for five is named 5.gif, which means if anyone really wanted to bypass the captcha, it'd be trivial to do so by scraping the code. I mean, not more trivial than just realizing "it's the same answer every time", but still, trivial.

Of course, out here in the real world, captchas have never been about keeping bots out of sites, and instead are just a way to trick the world into training AI. Pretty soon we'll roll out the Voight-Kampf test, but again, the secret purpose won't be to find the replicants, but instead gather data so that the next generation of replicants can pass the test.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

"Getting ready to!" anticipated richard h. but then this happened. "All I want are the CLI options to mark the stupid TOS box so I can install this using our Chef automation. "What are the options" is too much to ask, apparently. But this is Microsoft. Are stupid errors like this really that unexpected?"

Followed immediately by richard's report: "Following up my error'd submission a few minutes ago, I clicked the "Accept TOS" box, and the "Something unexpected happened" box lit up, so I clicked the button to let the unexpected do what the something wanted to do. Now I have successfully Something unexpected happened. smh Microsoft. "

An anonymous griper snickered "It's a made up word, but I just wanted to check the spelling before writing it in a slack comment as a joke referencing the show("that's a nice tnetennba"), but the first thing I saw was the AI preview with the first sentence incorrectly claiming it's "basketball" spelled backwards(which it's clearly not, backwards it would be "abnnetent" which is also not a word). " I have to differ, though. Spelled backwards it would be llabteksab.

And a different anonymous griper (I assume they're different, but they're anonymous so who can really know?) needed some help doing a quite trivial computation. "On which planet?" we all wonder together.

Finally, a recurring theme from a recurring reader, B.J.H. keeps buying stuff. "This screen shot was captured the morning of 26 October. I'm not sure what bothers me more, that the package was picked up twice (once in the future), or that "Standard Transit" (when the package should be expected) is a day before the pick-up. Or maybe they just lie about the pickup to cover for not meeting the standard delivery date. "

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Everyone's got workplace woes. The clueless manager; the disruptive coworker; the cube walls that loom ever higher as the years pass, trapping whatever's left of your soul.

But sometimes, Satan really leaves his mark on a joint. I worked Tech Support there. You may remember The C-Level Ticket. I'm Anonymous. This is my story.

Night after night, my dreams are full of me trying and failing at absolutely everything. Catch a bus? I'm already running late and won't make it. Dial a phone number to get help? I can't recall the memorized sequence, and the keypad's busted anyway. Drive outta danger? The car won't start. Run from a threat? My legs are frozen.

Then I wake up in my bed in total darkness, scared out of my skull, and I can't move for real. Not one muscle works. Even if I could move, I'd stay still because I'm convinced the smallest twitch will give me away to the monster lurking nearby, looking to do me in.

The alarm nags me before the sun's even seen fit to show itself. What day is it? Tuesday? An invisible, overwhelming dread pins me in place under the covers. I can't do it. Not again.

The thing is, hunger, thirst, and cold are even more nagging than the alarm. Dead tired, I force myself up anyway to do the whole thing over.

The office joe that morning was so over-brewed as to be sour. I tossed down the last swig in my mug, checking my computer one more time to make sure no Tech Support fires were raging by instant message or email. Then I threw on my coat and hat and quit my cube, taking the stairs to ground level.

I pushed open a heavy fire-escape door and stepped out into the narrow alley between two massive office buildings. Brisk autumn air and the din of urban motor traffic rushed to greet me. The dull gray sky above threatened rain. Leaning against the far brick wall were Toby and Reynaldo, a couple of network admins, hugging themselves as they nursed smoldering cigarettes. They nodded hello.

I tipped my hat in greeting, slipping toward the usual spot, a patch of asphalt I'd all but worn grooves in by that point. I lit my own cigarette and took in a deep, warming draw.

"Make it last another year," Toby spoke in a mocking tone, tapping ash onto the pavement. "I swear, that jerk can squeeze a nickel until Jefferson poops!"

An ambulance siren blared through the alley for a minute. The rig was no doubt racing toward the hospital down the street.

Reynaldo smirked. "You think Morty finally did it?"

Toby smirked as well.

I raised an eyebrow. "Did what?"

"Morty always says he's gonna run out into traffic one of these days so they can take him to the hospital and he won't have to be here," Reynaldo explained.

I frowned at the morbid suggestion. "Hell of a way to catch a break."

"Well, it's not like we can ask for time off," Toby replied bitterly. "They always find some way to rope us back in."

I nodded in sympathy. "You have it worse than we do. But my sleep's still been jacked plenty of times by 3AM escalated nonsense that shoulda been handled by a different part of the globe."

Reynaldo's eyes lit up fiercely. "They have all the same access and training, but it never falls on them! Yeah, been there."

The door swung open again, admitting a young woman with the weight of the world on her shoulders. This was Megan, a junior developer and recent hire. I tipped my hat while helping myself to another drag.

She hastened my way, pulling a pack of cigarettes from her handbag. With shaking hands, she fumbled to select a single coffin nail. "I quit these things!" she lamented. After returning the pack to her bag, she rummaged through it fruitlessly. "Dammit, where are those matches?!" She glanced up at me with a pleading expression.

I pulled the lighter from my coat pocket. "You sure?"

She nodded like she hadn't been more sure about anything in her entire life.

I lit it for her. She took a lung-filling pull, then exhaled a huge cloud of smoke.

"Goin' that well, huh?" I asked.

Megan also hugged herself, her expression pained. "Every major player in the industry uses our platform, and I have no idea how it hasn't all come crashing down. There are thousands of bugs in the code base. Thousands! It breaks all the time. Most of the senior devs have no clue what they're doing. And now we're about to lose the only guy who understands the scheduling algorithm, the most important thing!"

"That's tough." I had no idea what else to say. Maybe it was enough that I listened.

Megan glanced up nervously at the brewing storm overhead. "I just know that algorithm's gonna get dumped in my lap."

"The curse of competence." I'd seen it plenty of times.

"Ain't that the truth!" She focused on me again with a look of apology. "How've you been?"

I shrugged. "Same old, same old." I figured a fresh war story might help. "Had to image and set up the tech for this new manager's onboarding. Her face is stuck in this permanent glare. Every time she opens her mouth, it's to bawl someone out."

"Ugh."

"The crazy thing is, the walls of her office are completely covered with crucifixes, and all these posters plastered with flowers and hearts and sap like Choose Kindness." I leaned in and lowered my voice. "You know what I think? I think she’s an ancient Roman whose spite has kept her alive for over two thousand years. Those crosses are a threat!"

That teased a small laugh out of Megan. For a moment, the amusement reached her eyes. Then it was gone, overwhelmed by worry. She took to pacing through the narrow alley.

Back at my cube, I found a new urgent ticket at the top of my case load. Patricia Dracora, a senior project manager, had put in a call claiming her computer had been hacked. Her mouse cursor was moving around and clicking things all on its own.

It was too early in the morning for a case like this. That old dread began sneaking up on me again. The name put me on edge as well. Over the years, our paths had never crossed, but her nickname throughout Tech Support, Dracula, betrayed what everyone else made of her.

"Make like a leaf and blow!"

The boss barked his stern command over my shoulder. I stood and turned from my computer to find him at my cubicle threshold with arms folded, blocking my egress.

I couldn't blow, so I shrugged. "Can't be as bad as The Crucifier."

"Dracula's worse than The Crucifier," the boss replied under his breath in a warning tone. "For your own good, don't keep her waiting!" He tossed a thumb over his shoulder for good measure.

When he finally backed out of the way, I made tracks outta there. A few of my peers made eye contact as I passed, looking wary on my behalf.

The ticket pegged Dracora's office in a subfloor I'd never set foot in before. Descending the stairs, I had too much time to think. Of course I didn't expect a real hacking attempt. Peripheral hardware on the fritz, some software glitch: there'd be a simple explanation. What fresh hell would I have to endure to reach that point? That was what my tired brain couldn't let go of. The stimulants hadn't kicked in yet. With the strength of a kitten, I was stepping into a lion's den. A lion who might make me wish for crucifixion by the time it was all over.

From the stairwell, I entered a dank, deserted corridor. Old florescent lighting fixtures hummed and flickered overhead. That, combined with the overwhelming stench of paint fumes, set the stage for a ripping headache. There were no numbers on the walls to lead me to the right place. They must've taken them down to paint and never replaced them. I inched down worn, stained carpeting, peeking into each open gap I found to either side of me. Nothing but darkness, dust, and cobwebs at first. Eventually, I spotted light blaring from one of the open doors ahead of me. I jogged the rest of the way, eager to see any living being by that point.

The room I'd stumbled onto was almost closet-sized. It contained a desk and chair, a laptop docking station, and a stack of cardboard boxes on the floor. Behind the desk was a woman of short stature, a large purse slung over one shoulder. Her arms were folded as she paced back and forth in the space behind her chair. When I appeared, she stopped and looked to me wide-eyed, maybe just as relieved as I was. "Are you Tech Support?"

"Yes, ma'am." I entered the room. "What's—?"

"I don't know how it happened!" Dracora returned to pacing, both hands making tight fists around the straps of the purse she was apparently too wired and distracted to set down. "They made me move here from the fourth floor. I just brought everything down and set up my computer, and now someone has control of the mouse. Look, look!" She stopped and pointed at the monitor.

I rounded the desk. By the time I got there, whatever she'd seen had vanished. Onscreen, the mouse cursor sat still against a backdrop of open browsers and folders. Nothing unusual.

"It was moving, I swear!" Anguished, Dracora pleaded with me to believe her.

It seemed like she wasn't hostile at all, just stressed out and scared. I could handle that. "I'm sure we can figure this out, ma'am. Lemme have a look here."

I sat down at the desk and tried the wireless mouse first. It didn't work at all to move the cursor.

"The hacker's locked us out!" Dracora returned to pacing behind me.

As I sat there, not touching a thing, the mouse cursor shuttled across the screen like it was possessed.

"There! You see?"

Suddenly, somehow, my brain smashed everything together. "Ma'am, I have an idea. Could you please stand still?"

Dracora stopped.

I swiveled around in the chair to face her. "Ma'am, you said you were moving in down here. What's in your purse right now?"

Her visible confusion deepened. "What?"

"The mouse cursor only moves around when you do," I explained.

Her eyes widened. She dug deeply into her purse. A moment later, she pulled out a second wireless mouse. Then she looked to me like she couldn't believe it. "That's it?!"

"That's it!" I replied.

"Oh, lord!" Dracora replaced the dud sitting on her mousepad with the mouse that was actually connected to her machine, wilting over the desk as she did so. "I don't know whether to laugh or cry."

I knew the feeling. But the moment of triumph, I gotta admit, felt pretty swell. "Anything else I can help with, ma'am?"

"No, no! I've wasted enough of your time. Thank you so much!"

I had even more questions on the way back upstairs. With this huge, spacious office building, who was forcing Dracora to be in that pit? How had she garnered such a threatening reputation? Why had my experience been so different from everyone else's? I didn't mention it to the boss or my peers. I broke it all down to Megan in the alley a few days later.

"She even put in a good word for me when she closed the ticket," I told her. "The boss says I'm on the fast track for another promotion." I took a drag from my cigarette, full of bemusement. "I'm already as senior as it gets. The only way up from here is management." I shook my head. "That ain't my thing. Look how well it's gone for Dracora."

Megan lowered her gaze, eyes narrowed. "You said it yourself: the only reward for good work is more work."

And then they buried you ... in a basement, or a box.

I remembered being at the start of my career, like Megan. I remembered feeling horrified by all the decades standing between me and the day when I wouldn't or couldn't ever work again. A couple decades in, some part of me that I'd repressed had resurfaced. What the hell is this? What have I been doing?

Stop caring, a different part replied. Just stop caring. Take things day by day, case by case.

I'd obeyed for so long. Where had it gotten me?

Under my breath, I risked airing my wildest wish for the future. "Someday, I wanna break outta this joint."

Megan blinked up at me. I had her attention. "How?"

"I dunno," I admitted. "I gotta figure it out ... before I go nuts."

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Way back in 1964, people were starting to recgonize that computers were going to have a large impact on the world. There was not, at the time, very much prepackaged software, which meant if you were going to use a computer to do work, you were likely going to have to write your own programs. The tools to do that weren't friendly to non-mathematicians.

Thus, in 1964, was BASIC created, a language derived from experiments with languages like DOPE (The Dartmouth Oversimplified Programming Experiment). The goal was to be something easy, something that anyone could use.

In 1977, the TRS-80, the Commodore PET, and the Apple II all launched, putting BASIC into the hands of end users. But it's important to note that BASIC had already been seeing wide use for a decade on "big iron" systems, or more hobbyist systems, like the Altair 8800.

Today's submitter, Coyne, was but a humble student in 1977, and despite studying at a decent university, brand spanking new computers were a bit out of reach. Coyne was working with professors to write code to support papers, and using some dialect of BASIC on some minicomputer.

One of Coyne's peers had written a pile of code, and one simple segment didn't work. As it was just a loop to print out a series of numbers, it seemed like it should work, and work quite easily. But the programmer writing it couldn't get it to work. They passed it around to other folks in the department, and those folks also couldn't get it to work. What could possibly be wrong with this code?

3010 O = 45
3020 FOR K = 1 TO O
3030   PRINT K
3040 NEXT K

Now, it's worth noting, this particular dialect of BASIC didn't support long variable names- you could use a single letter, or you could use a letter and a number, and that was it. So the short variable names are not explicitly a problem here- that's just the stone tools which were available to programmers at the time.

For days, people kept staring at this block, trying to figure out what was wrong. Finally, Coyne took a glance, and in a moment was able to spot the problem.

I've done something nasty here, because I posted the correct block first. What the programmer had actually written was this:

3010 O = 45
3020 FOR K = 1 TO 0
3030   PRINT K
3040 NEXT K

The difference is subtle, especially when you're staring at a blurry CRT late at night in the computer lab, with too little coffee and too much overhead lighting. I don't know what device they were using for display; most terminals made sure to make O look different from 0, but I couldn't be bold enough to say all of them did. And, in this era, you'd frequently review code on printed paper, so who knows how it was getting printed out?

But that, in the end, was the problem- the programmer accidentally typed a zero where they meant the letter "O". And that one typo was enough to send an entire computer science department spinning for days when no one could figure it out.

In any case, it's interesting to see how an "easy" to use language once restricted variable names to such deep inscrutability.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

For C programmers of a certain age (antique), booleans represent a frustrating challenge. But with the addition of stdbool.h, we exited the world of needing to work hard to interact with boolean values. While some gotchas are still in there, your boolean code has the opportunity to be simple.

Mark's predecessor saw how simple it made things, and decided that wouldn't do. So that person went and wrote their own special way of comparing boolean values. It starts with an enum:

typedef enum exop_t {
    EXOP_NONE,
    EXOP_AND,
    EXOP_OR,
    EXOP_EQUAL,
    EXOP_NOTEQUAL,
    EXOP_LT,
    EXOP_GT,
    EXOP_LEQUAL,
    EXOP_GEQUAL,
    EXOP_ADD,
    EXOP_SUBTRACT,
    EXOP_MULTIPLY,
    EXOP_DIV,
    EXOP_MOD,
    EXOP_NEGATE,
    EXOP_UNION,
    EXOP_FILTER1,
    EXOP_FILTER2
};

Yes, they did write an enum to compare booleans. They also wrote not one, but two functions. Let's start with the almost sane one.

static bool compare_booleans (bool bool1,
                              bool bool2,
                              exop_t  exop)
{

    int32_t  cmpresult;

    if ((bool1 && bool2) || (!bool1 && !bool2)) {
        cmpresult = 0;
    } else if (bool1) {
        cmpresult = 1;
    } else {
        cmpresult = -1;
    }

    return convert_compare_result(cmpresult, exop);

}

This function takes two boolean values, and a comparison we wish to perform. Then, we test if they're equal, though the way we do that is by and-ing them together, then or-ing that with the and of their negations. If they're equal, cmpresult is set to zero. If they're not equal, and the first boolean is true, we set cmpresult to one, and finally to negative one.

Thus, we're just invented strcmp for booleans.

But then we call another function, which is super helpful, because it turns that integer into a more normal boolean value.

static boolean
    convert_compare_result (int32_t cmpresult,
                            exop_t exop)
{
    switch (exop) {
    case EXOP_EQUAL:
        return (cmpresult) ? FALSE : TRUE;
    case EXOP_NOTEQUAL:
        return (cmpresult) ? TRUE : FALSE;
    case EXOP_LT:
        return (cmpresult < 0) ? TRUE : FALSE;
    case EXOP_GT:
        return (cmpresult > 0) ? TRUE : FALSE;
    case EXOP_LEQUAL:
        return (cmpresult <= 0) ? TRUE : FALSE;
    case EXOP_GEQUAL:
        return (cmpresult >= 0) ? TRUE : FALSE;
    default:
        printf( "ERR_INTERNAL_VAL\n" );
        return TRUE;
    }
} 

We switch based on the requested operation, and each case is its own little ternary. For equality comparisons, it requires a little bit of backwards logic- if cmpresult is non-zero (thus true), we need to return FALSE. Also note how our expression enum has many more options than convert_compare_result supports, making it very easy to call it wrong- and worse, it returns TRUE if you call it wrong.

At least they made booleans hard again. Who doesn't want to be confused about how to correctly check if two boolean values are the same?

It's worth noting that, for all this code, the rest of the code base never used anything but EXOP_EQUAL and EXOP_NOTEQUAL, because why would you do anything else on booleans? Every instance of compare_booleans could have been replaced with a much clearer == or != operator. Though what should really have been replaced was whoever wrote this code, preferably before they wrote it.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Back in the antediluvian times, when I was in college, people still used floppy disks to work on their papers. This was a pretty untenable arrangement, because floppy disks lost data all the time, and few students had the wherewithal to make multiple copies. Half my time spent working helldesk was breaking out Norton Diskutils to try and rescue people's term papers. To avoid this, the IT department offered network shares where students could store documents. The network share was backed up, tracked versions, and could be accessed from any computer on campus, including the VAX system (in fact, it was stored on the VAX).

I bring this up because we have known for quite some time that companies and governments need to store documents in centrally accessible locations so that you're not reliant on end users correctly managing their files. And if you are a national government, you have to make a choice: either you contract out to a private sector company, or you do it yourself.

South Korea made the choice to do it themselves, with their G-Drive system (short for Government Drive, no relation to Google Drive), a government file store hosted primarily out of a datacenter in Daejeon. Unfortunately, "primarily" is a bit too apropos- last month, a fire in that datacenter destroyed data.

The Interior Ministry explained that while most systems at the Daejeon data center are backed up daily to separate equipment within the same center and to a physically remote backup facility, the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected.

Someone, somehow, designed a data storage system that was structurally incapable of doing backups? And then told 750,000 government employees that they should put all their files there?

Even outside of that backup failure, while other services had backups, they did not have a failover site, so when the datacenter went down, the government went down with it.

In total, it looks like about 858TB of data got torched. 647 distinct services were knocked out. At least 90 of them were reported to be unrecoverable (that last link is from a company selling Lithium Ion safety products, but is a good recap). A full recovery was, shortly after the accident, predicted to take a month, but as of October 22, only 60% of services had been restored.

Now, any kind of failure of this scale means heads must roll, and police investigations have gone down the path of illegal subcontracting. The claim is that the government hired a contractor broke the law by subcontracting the work, and that those subcontractors were unqualified for the work they were doing- that while they were qualified to install or remove a li-ion battery, they were not qualified to move one, which is what they were doing and resulted in the fire.

I know too little about Korean laws about government contracting and too little about li-ion battery management to weigh in on this. Certainly, high-storage batteries are basically bombs, and need to be handled with great care and protected well. Though, if one knows how to install and uninstall a battery, moving a battery seems covered in those steps.

But if I were doing a root cause analysis here, while that could be the root cause of the fire, it is not the root cause of the outage. If you build a giant datacenter but can't replicate services to another location, you haven't built a reliable cloud storage system- you've just built an expensive floppy disk that is one trip too close to a fridge magnet away from losing all of your work. In this case, the fridge magnet was made of fire, but the result is the same.

I'm not going to say this problem would have be easy to avoid; actually building resilient infrastructure that fails gracefully under extreme stress is hard. But while it's a hard problem, it's also a well-understood problem. There are best practices, and clearly not one of them was followed.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

I am not sure it is worth writing at length about Grokipedia, the Elon Musk-funded effort to quite literally rewrite history from the perspective of a robot taught to avoid facts upsetting to the U.S. far right. Perhaps it will be an unfortunate success — the Fox News of encyclopedias, giving ideologues comfortable information as they further isolate themselves.

It is less a Wikipedia competitor than it is a machine-generated alternative to Conservapedia. Founded by Andy Schlafly, an attorney and son of Phyllis Schlafly, the Wikipedia alternative was an attempt to make an online encyclopedia from a decidedly U.S. conservative and American exceptionalism perspective. Seventeen years ago, Schlafly’s effort was briefly profiled by Canadian television and, somehow, the site is still running. Perhaps that is the fate of Grokipedia: a brief curiosity, followed by traffic coming only from a self-selecting mix of weirdos and YouTubers needing material.

⌥ Permalink

Marc Hogan, New York Times (gift link):

Enter Setlist.fm. The wikilike site, where users document what songs artists play each night on tour, has grown into a vast archive, updated in real time but also reaching back into the historical annals. From the era of Mozart (seriously!) to last night’s Chappell Roan show, Setlist.fm offers reams of statistics — which songs artists play most often, when they last broke out a particular tune. In recent years, the site has begun posting data about average concert start times and set lengths.

Good profile. I had no idea it was owned by Live Nation.

I try to avoid Setlist.fm ahead of a show, but I check it immediately when I get home and for the days following. I might be less familiar with an artist’s catalogue, and this is particularly true of an opener, so it lets me track down particular songs that were played. It is one of the internet’s great resources.

⌥ Permalink

Sarah Perez, TechCrunch:

Zoom CEO Eric Yuan says AI will shorten our workweek

[…]

“Today, I need to manually focus on all those products to get work done. Eventually, AI will help,” Yuan said.

“By doing that, we do not need to work five days a week anymore, right? … Five years out, three days or four days [a week]. That’s a goal,” he said.

So far, technological advancements have not — in general — produced a shorter work week; that was a product of collective labour action. We have been promised a shorter week before. We do not need to carry water for people who peddle obvious lies. We will always end up being squeezed for greater output.

⌥ Permalink

Andrew Kenney, Denverite:

It was Sgt. Jamie Milliman [at the door], a police officer with the Columbine Valley Police Department who covers the town of Bow Mar, which begins just south of [Chrisanna] Elser’s home.

[…]

“You know we have cameras in that jurisdiction and you can’t get a breath of fresh air, in or out of that place, without us knowing, correct?” he said.

“OK?” Elser, a financial planner in her 40s, responded in a video captured by her smart doorbell and viewed by Denverite.

“Just as an example,” the sergeant told her, she had “driven through 20 times the last month.”

This story is a civil liberties rollercoaster. Milliman was relying on a nearby town’s use of Flock license plate cameras and Ring doorbells — which may also be connected to the Flock network — to accuse Elser of theft and issue a summons. Elser was able to get the summons dropped by compiling evidence from, in part, the cameras and GPS system on her truck. Milliman’s threats were recorded by a doorbell camera, too. The whole thing is creepy, and all over a $25 package stolen off a doorstep.

I have also had things stolen from me, and I wish the police officers I spoke to had a better answer for me than shrugging their shoulders and saying, in effect, this is not worth our time. But this situation is like a parallel universe ad for Amazon and its Ring subsidiary. Is this the path toward “very close to zero[ing] out crime”? It is not worth it.

⌥ Permalink

Carsten Frauenheim and Elizabeth Chamberlain, iFixit:

Apple’s official replacement process requires swapping the entire top case, keyboard and all, just to replace this single consumable component. And it has for a long time. That’s a massive and unreasonable job, requiring complete disassembly and reassembly of the entire device. We’re talking screws, shields, logic board, display, Touch ID, trackpad, everything. In fact, the only thing that doesn’t get transferred are the keyboard and speakers. The keyboard is more or less permanently affixed to this top aluminum, and the speakers are glued in — which, I guess, according to Apple means that the repair is out of the scope of DIY (we disagree).

At least one does not need to send in their laptop for a mere battery replacement. Still, I do not understand why this — the most predictable repair — is so difficult and expensive.

I hate to be that guy, but the battery for a mid-2007 15-inch MacBook Pro used to cost around $150 (about $220 inflation-adjusted) and could be swapped with two fingers. The official DIY solution for replacing the one in my M1 MacBook Pro is over $700, though there is a $124 credit for returning the replaced part. The old battery was, of course, a little bit worse: 60 watt-hours compared to 70 watt-hours in the one I am writing this with. I do not even mind the built-in-ness of this battery. But it should not cost an extra $500 and require swapping the rest of the top case parts.

[…] But for now, this tedious and insanely expensive process is the only offering they make for changing out a dead battery. Is it just a byproduct of this nearly half-a-decade-old chassis design, something that won’t change until the next rethink? We don’t know.

“Nearly half-a-decade-old” is a strange way of writing “four years”, almost like it is attempting to emphasize the age of this design. Four years old does not seem particularly ancient to me. I thought iFixit’s whole vibe was motivating people to avoid the consumerist churn encouraged by rapid redesigns.

⌥ Permalink

Matt O’Brien, Associated Press:

Social media platform Reddit sued the artificial intelligence company Perplexity AI and three other entities on Wednesday, alleging their involvement in an “industrial-scale, unlawful” economy to “scrape” the comments of millions of Reddit users for commercial gain.

[…]

Also named in the lawsuit are Lithuanian data-scraping company Oxylabs UAB, a web domain called AWMProxy that Reddit describes as a “former Russian botnet,” and Texas-based startup SerpApi, which lists Perplexity as a customer on its website.

Mike Masnick, Techdirt:

Most reporting on this is not actually explaining the nuances, which require a deeper understanding of the law, but fundamentally, Reddit is NOT arguing that these companies are illegally scraping Reddit, but rather that they are illegally scraping… Google (which is not a party to the lawsuit) and in doing so violating the DMCA’s anti-circumvention clause, over content Reddit holds no copyright over. And, then, Perplexity is effectively being sued for linking to Reddit.

This is… bonkers on so many levels. And, incredibly, within their lawsuit, Reddit defends its arguments by claiming it’s filing this lawsuit to protect the open internet. It is not. It is doing the exact opposite.

I am glad Masnick wrote about this despite my disagreement with his views on how much control a website owner ought to have over scraping. This is a necessary dissection of the suit, though I would appreciate views on it from actual intellectual property lawyers. They might be able to explain how a positive outcome of this case for Reddit would have clear rules delineating this conduct from the ways in which artificial intelligence companies have so far benefitted from a generous reading of fair use and terms of service documents.

⌥ Permalink

Andrej Sokolow, Deutsche Presse Agentur:

Apple could switch off a function that prevents users’ apps from tracking their behaviour across various services and websites for advertising purposes in Germany and other European countries.

The iPhone manufacturer on Wednesday complained that it has experienced constant headwinds from the tracking industry.

“Intense lobbying efforts in Germany, Italy and other countries in Europe may force us to withdraw this feature to the detriment of European consumers,” Apple said in a statement.

It is a little rich for Apple to be claiming victimhood in the face of “intense lobbying efforts” by advertising companies when it is the seventh highest spender on lobbying in the European Union. Admittedly, it spends about one-third as much as Meta in Germany, but that is not because Apple cannot afford to spend more. Apple’s argument is weak.

In any case, this is another case where Apple believes it should have a quasi-regulatory role. As I wrote last month:

[…] Apple seems to believe it is its responsibility to implement technical controls to fulfill its definition of privacy and, if that impacts competition and compatibility, too bad. E.U. regulators seem to believe it has policy protections for user privacy, and that users should get to decide how their private data is shared.

I believe there are people within Apple who care deeply about privacy. However, when Apple also gets to define privacy and tracking, it is no coincidence it found an explanation allowing it to use platform activity and in-app purchases for ad targeting. This is hardly as sensitive as the tracking performed by Google and Meta, and Apple does not use third-party data for targeting.

But why would it? Apple owns the platform and, if it wanted, could exploit far more user information without it being considered “tracking” since it is all first-party data. That it does not is a positive reflection of self-policing and, ideally, something it will not change. But it could.

What E.U. authorities are concerned about is this self-serving definition of privacy and the self-policing that results, conflicting with the role of European regulators and privacy laws, and its effects on competition. I think those are reasonable grounds for questioning the validity of App Tracking Transparency. Furthermore, the consequences emanating from violations of privacy law are documented; Meta was penalized €1.2 billion as a result of GDPR violations. Potential violations of App Store policy, on the other hand, are handled differently. If Meta has, as a former employee alleges, circumvented App Tracking Transparency, would the penalties be handled by similar regulatory bodies, or would it — like Uber before — be dealt with privately and rather quietly?

The consequences of previous decisions have been frustrating. They result in poorer on-device privacy controls for users in part because Apple is a self-interested party. It would be able to make its case more convincingly if it walked away from the advertising business altogether.

Sokolow:

Apple argues that it has proposed various solutions to the competition authorities, but has not yet been able to dispel their concerns.

The company wants to continue to offer ATT to European users. However, it argued that the competition authorities have proposed complex solutions that would effectively undermine the function from Apple’s point of view.

Specificity would be nice. It would be better if these kinds of conversations could be had in public instead of in vague statements provided on background to select publications.

⌥ Permalink

Jennifer Pattison Tuohy, of the Verge, interviewed Ring founder Jamie Siminoff about a new book — which Tuohy has not read — written with Andrew Postman about the success of the company. During this conversation, Tuohy stumbled into Siminoff making a pretty outrageous claim:

While research suggests that today’s video doorbells do little to prevent crime, Siminoff believes that with enough cameras and with AI, Ring could eliminate most of it. Not all crime — “you’ll never stop crime a hundred percent … there’s crimes that are impossible to stop,” he concedes — but close.

“I think that in most normal, average neighborhoods, with the right amount of technology — not too crazy — and with AI, that we can get very close to zero out crime. Get much closer to the mission than I ever thought,” he says. “By the way, I don’t think it’s 10 years away. That’s in 12 to 24 months … maybe even within a year.”

If this sounds ridiculous to you, congratulations, you are thinking harder than whomever wrote the headline on this article:

Ring’s CEO says his cameras can almost ‘zero out crime’ within the next 12 months

The word “almost” and the phrase “very close” are working very hard to keep the core of Siminoff’s claim intact. What he says is that, by this time next year, “normal” communities with enough Ring cameras and a magic dusting of A.I. will have virtually no crime. The caveats are there to imply more nuance, but they are merely an escape hatch for when someone revisits this next year.

The near-complete elimination of crime in “normal” areas — whatever that means — will very obviously not happen. Tuohy cites a 2023 Scientific American story which, in turn, points to articles in MIT Technology Review and CNet. The first debunks a study Ring likes to promote claiming its devices drove a 55% decline in burglaries in Wilshire Park, Los Angeles in 2015, with cameras on about forty homes. Not only does the public data does not support this dramatic reduction, but:

Even if the doorbells had a positive effect, it seemed not to last. In 2017, Wilshire Park suffered more burglaries than in any of the previous seven years.

The CNet article collects a series of reports from other police departments indicating Ring cameras have questionable efficacy at deterring crime on a city-wide level.

This is also something we can know instinctually, since we already have plenty of surveillance cameras. A 2019 meta analysis (PDF) by Eric Piza, et al., found CCTV adoption decreased crime by about 13%. That is not nothing, but it is also a long way from nearly 100%. One could counter that these tests did not factor in Ring’s A.I. features, like summaries of what the camera saw — we have spent so much energy creating summary-making machines — and finding lost dogs.

The counterargument to all of this, however, is that Ring’s vision is a police state enforced by private enterprise. A 2022 paper (PDF) by Dan Calacci, et al., found race was, unsurprisingly, a motivating factor in reports of suspicious behaviour, and that reports within Ring’s Neighbors app was not correlated with the actual frequency of those crimes. Ring recently partnered with Flock, adding a further layer of creepiness.

I will allow that perhaps an article about Siminoff’s book is not the correct place to litigate these claims. By the very same logic, however, the Verge should be more cautious in publishing them, and should not have promoted them in a headline.

⌥ Permalink

Liam Mo and Brenda Goh, Reuters:

A group of 55 Chinese iPhone and iPad users filed a complaint with China’s market regulator on Monday, a lawyer representing the group said, alleging that Apple abuses its market dominance by restricting app distribution and payments to its own platforms while charging high commissions.

[…]

This marks the second complaint against Apple led by Wang. A similar case filed in 2021 was dismissed by a Shanghai court last year.

Imran Rahman-Jones, BBC News:

But the Competition and Markets Authority (CMA) has designated both Apple and Google as having “strategic market status” – effectively saying they have a lot of power over mobile platforms.

The ruling has drawn fury from the tech giants, with Apple saying it risked harming consumers through “weaker privacy” and “delayed access to new features”, while Google called the decision “disappointing, disproportionate and unwarranted”.

The CMA said the two companies “may be limiting innovation and competition”.

Pretty soon it may be easier to list the significant markets in which Apple is still able to exercise complete control over iOS app distribution.

⌥ Permalink

Maxwell Zeff, TechCrunch:

OpenAI announced Tuesday the launch of its AI-powered browser, ChatGPT Atlas, a major step in the company’s quest to unseat Google as the main way people find information online.

The company says Atlas will first roll out on macOS, with support for Windows, iOS, and Android coming soon. OpenAI says the product will be available to all free users at launch.

Atlas, like Perplexity’s Comet, is a Chromium-based browser. You cannot use it without signing in to ChatGPT. As I was completing the first launch experience, shimmering colours radiated from the setup window and — no joke — it looked like my computer’s screen was failing.

OpenAI:

As you use Atlas, ChatGPT can get smarter and more helpful, too. Browser memories let ChatGPT remember context from the sites you visit and bring that context back when you need it. This means you can ask ChatGPT questions like: “Find all the job postings I was looking at last week and create a summary of industry trends so I can prepare for interviews.” Browser memories in Atlas are completely optional, and you’re always in control: you can view or archive them at any time in settings, and deleting browsing history deletes any associated browser memories.

I love the idea of this. So often, I need to track down something I remember reading, but have only the haziest recollection of what, exactly, it is. I want this in my life. Yet I have zero indication I can trust OpenAI with retaining and synthesizing useful information from my browsing history.

The company says it only retains pages until they have been summarized, and I am sure it thinks it is taking privacy as seriously as it can. But what about down the road? What could it do with all of this data it does retain — information that is tied to your ChatGPT account? OpenAI wants to be everywhere, and it wants to know everything about you to an even greater extent than Google or Meta have been able to accomplish. Why should I trust it? What makes the future of OpenAI look different than the trajectories of the information-hungry businesses before it?

⌥ Permalink

Even if you are not interested in the iPad or Apple product news generally, I recommend making time for Federico Viticci’s review, at MacStories, of the new iPad Pro. Apple claims 3.5× performance gains with A.I. models, so Viticci attempted to verify that number. Unfortunately, he ran into some problems.

Viticci (emphasis his):

This is the paradox of the M5. Theoretically speaking, the new Neural Accelerator architecture should lead to notable gains in token generation and prefill time that may be appreciated on macOS by developers and AI enthusiasts thanks to MLX (more on this below). However, all these improvements amount to very little on iPadOS today because there is no serious app ecosystem for local AI development and tinkering on iPad. That ecosystem absolutely exists on the Mac. On the iPad, we’re left with a handful of non-MLX apps from the App Store, no Terminal, and the untapped potential of the M5.

In case it’s not clear, I’m coming at this from a perspective of disappointment, not anger. […]

Viticci’s frustration with the state of A.I. models on the iPad Pro is palpable. Ideally and hopefully, it is a future-friendly system, but that is not usually the promise of Apple’s products. It usually likes to tell a complete story with the potential for sequels. To get even a glimpse of what that story looks like, Viticci had to go to great lengths, as documented in his review.

In the case of this iPad Pro, it is marketing leaps-and-bounds boosts in A.I. performance — though those claims appear to be optimistic — while still playing catch-up on last year’s Apple intelligence announcements, and offering little news for a user who wants to explore A.I. models directly on their iPad. It feels like a classic iPad story: incredible hardware, restricted by Apple’s software decisions.

Update: I missed a followup post from Viticci in which he points to a review from Max Weinbach of Creative Strategies. Weinbach found the M5 MacBook Pro does, indeed, post A.I. performance gains closer to Apple’s claims.

As an aside, I think it is curious for Apple to be supplying review units to Creative Strategies. It is nominally a research and analysis firm, not a media outlet. While there are concerns about the impartiality of reviewers granted access to prerelease devices, it feels to me like an entirely different thing for a broad-ranging research organization for reasons I cannot quite identify.

⌥ Permalink

Ken MacGillivray and Karen Bartko, Global News:

“All electors are legislatively required to complete a Statement of Eligibility form (Form 13) at the voting station. This form is a declaration by an elector that they meet the required legislated criteria to receive and cast ballots,” Elections Edmonton said.

[…]

Those casting ballots say confirming voters are on the register or completing the necessary paperwork takes three to five minutes per voter.

I was lucky to be in and out of my polling place in about fifteen minutes, but the longest part was waiting for the person to diligently copy my name, address, and date-of-birth from my driver’s license to a triplicate form, immediately after confirming the same information on the printed voter roll. It is a silly requirement coming down as part of a larger unwanted package from our provincial government for no clear reason. The same legislation also prohibits electronic tabulation, so all the ballots are slowly being counted by hand. These are the kinds of measures that only begin to make sense if you assume someone with influence in our provincial government watches too much Fox News.

I wonder if our Minister of Red Tape Reduction has heard about all the new rules and restrictions implemented by his colleagues.

⌥ Permalink

Jason Parham, Wired:

The uptick in artificial social networks, [Rudy] Fraser tells me, is being driven by the same tech egoists who have eroded public trust and inflamed social isolation through “divisive” algorithms. “[They] are now profiting on that isolation by creating spaces where folks can surround themselves with sycophantic bots.”

I saw this quote circulating on Bluesky over the weekend and it has been rattling around my head since. It cuts to the heart of one reason why A.I.-based “social” networks like Sora and Meta’s Vibes feel so uncomfortable.

Unfortunately, I found the very next paragraph from Parham uncompelling:

In the many conversations I had with experts, similar patterns of thought emerged. The current era of content production prioritizes aesthetics over substance. We are a culture hooked on optimization and exposure; we crave to be seen. We live on our phones and through our screens. We’re endlessly watching and being watched, submerged in a state of looking. With a sort of all-consuming greed, we are transforming into a visual-first society — an infinite form of entertainment for one another to consume, share, fight over, and find meaning through.

Of course our media reflects aesthetic trends and tastes; it always has. I do not know that there was a halcyon era of substance-over-style media, nor do I believe there was a time since celebrity was a feasible achievement in which at least some people did not desire it. In a 1948 British survey of children 10–15 years old, one-sixth to one-third of respondents aspired to “‘romantic’ [career] choices like film acting, sport, and the arts”. An article published in Scouting Magazine in 2000 noted children leaned toward high-profile careers — not necessarily celebrity, but jobs “every child is exposed to”. We love this stuff because we have always loved this stuff.

Among the bits I quibble with in the above, however, this stood out as a new and different thing: “[w]e’re endlessly watching and being watched”. That, I think, is the kind of big change Fraser is quoted as speaking about, and something I think is concerning. We already worried about echo chambers, and platforms like YouTube responded by adjusting recommendations to less frequently send users to dark places. Let us learn something, please.

Cal Newport:

A company that still believes that its technology was imminently going to run large swathes of the economy, and would be so powerful as to reconfigure our experience of the world as we know it, wouldn’t be seeking to make a quick buck selling ads against deep fake videos of historical figures wrestling. They also wouldn’t be entertaining the idea, ​as [Sam] Altman did last week​, that they might soon start offering an age-gated version of ChatGPT so that adults could enjoy AI-generated “erotica.”

To me, these are the acts of a company that poured tens of billions of investment dollars into creating what they hoped would be the most consequential invention in modern history, only to finally realize that what they wrought, although very cool and powerful, isn’t powerful enough on its own to deliver a new world all at once.

I do not think Sora smells of desperation, but I do think it is the product of a company that views unprecedented scale as its primary driver. I think OpenAI wants to be everywhere — and not in the same way that a consumer electronics company wants its smartphones to be the category’s most popular, or anything like that. I wonder if Ben Thompson’s view of OpenAI as “the Windows of A.I.” is sufficient. I think OpenAI is hoping to be a ubiquitous layer in our digital world; or, at least, it is behaving that way.

⌥ Permalink

John Gruber, responding to my exploration of the MacBook Pro A.C. adapter non-issue:

The problem I see with the MacBook power adapter situation in Europe is that while power users — like the sort of people who read Daring Fireball and Pixel Envy — will have no problem buying exactly the sort of power adapter they want, or simply re-using a good one they already own, normal users have no idea what makes a “good” power adapter. I suspect there are going to be a lot of Europeans who buy a new M5 MacBook Pro and wind up charging it with inexpensive low-watt power adapters meant for things like phones, and wind up with a shitty, slow charging experience.

Maybe. I think it is fair to be concerned about this being another thing people have to think about when buying a laptop. But, in my experience, less technically adept people still believe they need specific cables and chargers, even when they do not.

When I was in college, a friend forgot to bring the extension cable for their MacBook charger. There was an unused printer in the studio, though, so I was able to use the power cable from that because it is an interchangeable standard plug. I see this kind of thing all the time among friends, family members, and colleagues. It makes sense in a world frequently populated by proprietary adapters.

Maybe some people will end up with underpowered USB-C chargers. I bet a lot of people will just go to the Apple Store and buy the one recommended by staff, though.

⌥ Permalink

Chance Miller, 9to5Mac:

You can find the new option [in 26.1 beta 4] on iPhone and iPad by going to the Settings app and navigating to the Display & Brightness menu. On the Mac, it’s available in the “Appearance” menu in System Settings. Here, you’ll see a new Liquid Glass menu with “Clear” and “Tinted” options.

“Choose your preferred look for Liquid Glass. Clear is more transparent, revealing the content beneath. Tinted increases opacity and adds more contrast,” Apple explains.

After Apple made the menu bar translucent in Mac OS X Leopard, it added a preference to make the bar solid after much pushback. When it refreshed the design of Mac OS X in Yosemite with more frosted glass effects, it added controls to Reduce Transparency and Increase Contrast, which replaced the menu bar-specific setting.

Here we are with yet another theme built around translucency, and more complaints about legibility and contrast — Miller writes “Apple says it heard from users throughout the iOS 26 beta testing period that they’d like a setting to manage the opaqueness of the Liquid Glass design”. Now, as has become traditional, there is another way to moderate the excesses of Apple’s new visual language. I am sure there are some who will claim this undermines the entire premise of Liquid Glass, and I do not know that they are entirely wrong. Some might call it greater personalization and customization, too. I think it feels unfocused. Apple keeps revisiting translucency and finding it needs to add more controls to compensate.

⌥ Permalink

Carly Nairn, Courthouse News Service:

U.S. District Judge Phyllis Hamilton said in a 25-page ruling that there was evidence NSO Group’s flagship spyware could still infiltrate WhatApp users’ devices and granted Meta’s request for a permanent injunction.

However, Hamilton, a Bill Clinton appointee, also determined that any damages would need to follow a ratioed amount of compensation based on a legal framework designed to proportion damages. She ordered that the jury-based award of $167 million should be reduced to a little over $4 million.

Once again, I am mystified by Apple’s decision to drop its suit against NSO Group. What Meta won is protection from WhatsApp being used as an installation vector for NSO’s spyware; importantly, high-value WhatsApp users won a modicum of protection from NSO’s customers. And, as John Scott-Railton of Citizen Lab points out, NSO has “an absolute TON of their business splashed all over the court records”. There are several depositions from which an enterprising journalist could develop a better understanding of this creepy spyware company.

Last week, NSO Group confirmed it had been acquired by U.S. investors. However, according to its spokesperson, its “headquarters and core operations remain in Israel [and] continues to be fully supervised and regulated by the relevant Israeli authorities”.

Lorenzo Franceschi-Bicchierai, TechCrunch:

NSO has long claimed that its spyware is designed to not target U.S. phone numbers, likely to avoid hurting its chances to enter the U.S. market. But the company was caught in 2021 targeting about a dozen U.S. government officials abroad.

Soon after, the U.S. Commerce Department banned American companies from trading with NSO by putting the spyware maker on the U.S. Entities List. Since then, NSO has tried to get off the U.S. government’s blocklist, as recently as May 2025, with the help of a lobbying firm tied to the Trump administration.

I have as many questions about what this change in ownership could mean for its U.S. relationship as I do about how it affects possible targets.

⌥ Permalink

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

With over 5,000 five star reviews, Magic Lasso Adblock is simply the best ad blocker for your iPhone, iPad, and Mac.

Designed from the ground up to protect your privacy, Magic Lasso blocks all intrusive ads, trackers, and annoyances. It stops you from being followed by ads around the web and, with App Ad Blocking, it stops your app usage being harvested by ad networks.

So, join over 350,000 users and download Magic Lasso Adblock today.

⌥ Permalink

Are you outraged? Have you not heard? Apple updated its entry-level MacBook Pro with a new M5 chip, and across Europe, it does not ship with an A.C. adapter in the box as standard any more. It still comes with a USB-C to MagSafe cable, and you can add an adapter at checkout, but those meddling E.U. regulators have forced Apple to do something stupid and customer-unfriendly again. Right?

William Gallagher, of AppleInsider, gets it wrong:

Don’t blame Apple this time — if you’re in the European Union or the UK, your new M5 14-inch MacBook Pro or iPad Pro may cost you $70 extra because Apple isn’t allowed to bundle a charger.

First of all, the dollar is not the currency in any of these countries. Second, the charger in European countries is €65, which is more like $76 right now. Third, Apple is allowed to bundle an A.C. adapter, it just needs to offer an option to not include it. Fourth, and most important, is that the new MacBook Pro is less expensive in nearly every region in which the A.C. adapter is now a configure-to-order option — even after adding the adapter.

In Ireland, the MacBook Pro used to start at €1,949; it now starts at €1,849; in France, it was €1,899, and it is now €1,799. As mentioned, the adapter is €65, making these new Macs €35 less with a comparable configuration. The same is true in each Euro-currency country I checked: Germany, Italy, and Spain all received a €100 price cut if you do not want an A.C. adapter, and a €35 price cut if you do.

It is not just countries that use the Euro receiving cuts. In Norway, the new MacBook Pro starts at 2,000 krone less than the one it replaces, and a charger is 849 krone. In Hungary, it is 50,000 forint less, with a charger costing about 30,000 forint. There are some exceptions, too. In Switzerland, the new models are 50 francs less, but a charger is 59 francs. And in the U.K., there is no price adjustment, even though the charger is a configure-to-order option there, too.

Countries with a charger in the box, on the other hand, see no such price adjustment, at least for the ones I have checked. The new M5 model starts at the same price as the M4 it replaces in Canada, Japan, Singapore, and the United States. (For the sake of brevity and because not all of these pages have been recently crawled by the Internet Archive, I have not included links to each comparison. I welcome checking my work, however, and would appreciate an email if I missed an interesting price change.)

Maybe Apple was already planning a €100 price cut for these new models. The M4 was €100 less expensive than the M3 it replaced, for example, so it is plausible. That is something we simply cannot know. What we do know for certain is that these new MacBook Pros might not come with an A.C. adapter, but even if someone adds one at checkout, it still costs less in most places with this option.

Gallagher:

It doesn’t appear that Apple has cut prices of the MacBook Pro or iPad Pro to match, either. That can’t be proven, though, because at least with the UK, Apple generally does currency conversion just by swapping symbols.

It can be proven if you bother to put in thirty minutes’ work.

Joe Rossignol, of MacRumors, also gets it a little wrong:

According to the European Union law database, Apple could have let customers in Europe decide whether they wanted to have a charger included in the box or not, but the company has ultimately decided to not include one whatsoever: […]

A customer can, in fact, choose to add an A.C. adapter when they order their Mac.

⌥ Permalink

Tabby Kinder in New York and George Hammond, Financial Times:

OpenAI has signed about $1tn in deals this year for computing power to run its artificial intelligence models, commitments that dwarf its revenue and raise questions about how it can fund them.

Emily Forgash and Agnee Ghosh, Bloomberg:

For much of the AI boom, there have been whispers about Nvidia’s frenzied dealmaking. The chipmaker bolstered the market by pumping money into dozens of AI startups, many of which rely on Nvidia’s graphics processing units to develop and run their models. OpenAI, to a lesser degree, also invested in startups, some of which built services on top of its AI models. But as tech firms have entered a more costly phase of AI development, the scale of the deals involving these two companies has grown substantially, making it harder to ignore.

The day after Nvidia and OpenAI announced their $100 billion investment agreement, OpenAI confirmed it had struck a separate $300 billion deal with Oracle to build out data centers in the US. Oracle, in turn, is spending billions on Nvidia chips for those facilities, sending money back to Nvidia, a company that is emerging as one of OpenAI’s most prominent backers.

I possess none of the skills most useful to understand what all of this means. I am not an economist; I did not have a secret life as an investment banker. As a layperson, however, it is not comforting to read from some People With Specialized Knowledge that this is similar to historically good circular investments, just at an unprecedented scale, while other People With Specialized Knowledge say this has been the force preventing the U.S. from entering a recession. These articles might be like one of those prescient papers from before the Great Recession. Not a great feeling.

⌥ Permalink

Emmanuel Maiberg, 404 Media:

Democratic U.S. Senators Richard Blumenthal and Elizabeth Warren sent letters to the Department of Treasury Secretary Scott Bessent and Electronic Arts CEO Andrew Wilson, raising concerns about the $55 billion acquisition of the giant American video game company in part by Saudi Arabia’s Public Investment Fund (PIF).

Specifically, the Senators worry that EA, which just released Battlefield 6 last week and also publishes The Sims, Madden, and EA Sports FC, “would cease exercising editorial and operational independence under the control of Saudi Arabia’s private majority ownership.”

“The proposed transaction poses a number of significant foreign influence and national security risks, beginning with the PIF’s reputation as a strategic arm of the Saudi government,” the Senators wrote in their letter. […]

In the late 1990s and early 2000s, the assumption was that it would be democratic nations successfully using the web for global influence. But I think the 2016 U.S. presidential election, during which Russian operatives worked to sway voters’ intentions, was a reality check. Fears of foreign influence were then used by U.S. lawmakers to justify banning TikTok, and to strongarm TikTok into allowing Oracle to oversee its U.S. operations. Now, it is Saudi Arabian investment in Electronic Arts raising concerns. Like TikTok, it is not the next election that is, per se, at risk, but the general thoughts and opinions of people in the United States.

U.S. politicians even passed a law intended to address “foreign influence” concerns. However, Saudi Arabia is not one of the four “covered nations” restricted by PAFACA.

Aside from xenophobia, I worry “foreign influence” is becoming a new standard excuse for digital barriers. We usually associate restrictive internet policies with oppressive and authoritarian regimes that do not trust their citizens to be able to think for themselves. This is not to say foreign influence is not a reasonable concern, nor that Saudi Arabia has no red flags, nor still that these worries are a purely U.S. phenomenon. Canadian officials are similarly worried about adversarial government actors covertly manipulating our policies and public opinion. But I think we need to do better if we want to support a vibrant World Wide Web. U.S. adversaries are allowed to have big, successful digital products, too.

⌥ Permalink

Some meta-commentary on reading: I’ve been trying to read through my enormous queue of articles saved on Instapaper. In general I love reading stuff from the internet but refuse to do it with a computer or a phone: I don’t want all my stuff to glow!

So, this led me to an abortive trial of the Boox Go 7, an eReader that runs a full Android operating system. Rendering Android interfaces with e-ink was pretty bad, and even though it was possible to run the Instapaper Android app, highlighting text didn’t work and the whole fit & finish was off. I love that most e-ink tablets are really purpose-built computers: this didn’t give me that impression.

So, this month I bought a Kobo Libra Color. Kobo and Instapaper recently announced a partnership and first-class support for Instapaper on the devices.

Overall: it’s better than the Boox experience and definitely better than sending articles to one of my Kindles. My notes so far are:

• I wish it had highlighting. Pretty confident that it’s on the product roadmap, but for now all it can do is sync, archive, and like articles.
• The Kobo also integrates directly with Overdrive for local libraries! Amazing and unexpected for me, the vast majority of my books are from the Brooklyn Library or the NYPL.
• The hardware is pretty decent: the color screen is surprisingly useful because a lot of articles have embedded images. The page turn buttons are a little worse than those on my Kindle Oasis because they’re hinged, so they only work well if you press the top of one button and the bottom of the other. I’ve gotten used to it, but wish they worked via a different mechanism.
• The first run experience was pretty slick.
• Annoyingly, it goes to fully ‘off’ mode pretty quickly instead of staying in ‘sleep’ mode, and waking it up from being fully off takes about 15 seconds.

Overall: I think my biggest gripe (no highlighting) will get worked out and this’ll be the perfect internet-reading-without-a-computer device.

Anyway, what’s been good this month?

Reading

In Greece, a homeowner traded ther property development rights to a builder and kept equity in place by receiving finished apartments in the resulting building, often one for themselves and one or more additional units for rental income or adult children, rather than a one-time cash payout. Applied to the U.S., that becomes, swap a house for an apartment (or three), in the same location, with special exemptions to the tax for the home sale.

From Millenial American Dream love a good scheme to fix the housing crisis and densify cities. Definitely seems like a net-positive, but like all other schemes that require big changes to tax codes, would take a miracle to actually implement.

In Zitron’s analysis, it’s always bad. It’s bad when they raise too little money because they’ll run out. It’s bad when they raise too much money because it means they need it.

David Crespo’s critique of Ed Zitron is really strong. Honestly Zitron’s writing, though needed in a certain sense, never hits home for me. In fact a lot of AI critique seems overblown. Maybe I’m warming to it a little.

This Martin Fowler article about how ‘if it hurts, do it more often,’ was good. Summarizes some well-tested wisdom.

I had really mixed feelings about ‘The Autistic Half-Century’ by Byrne Hobart. I probably have some personal stake in this - every test I’ve taken puts me on the spectrum and I have some of the classic features, but like Hobart I’ve never been interested in identifying as autistic. But my discomfort with the subject is all knotted-together and hard to summarize.

One facet I can pick out is my feeling that this era is ending, maybe getting replaced with the ADHD half-century. But the internet I grew up on was pseudonomous, text-oriented, and for me, a calm place. The last ten years have been a slow drift toward real names, and then photograph avatars, and now more and more information being delivered by some person talking into the camera, and that feels really bad, man. Heck, not to drill down on ‘classic traits’, but the number of TikTok videos in which, for some reason the person doing the talking is also eating at the same time, close to the phone, the mouth-sounds? Like, for a long time it was possible to convey information without thinking about whether you were good-looking or were having a good hair day, and that era is ending because everything is becoming oral culture.

If you believed that Trump winning would mean that everyone who supported him was right to have done so, because they had picked the winner; that the mega-rich AI industry buying its way into all corners of American society would mean that critics of the technology and of using it to displace human labors were not just defeated but meaningfully wrong in their criticisms; that some celebrity getting richer from a crypto rug-pull that ripped off hundreds of thousands of less-rich people would actually vindicate the celebrity’s choice to participate in it, because of how much richer it made them. Imagine holding this as an authentic understanding of how the world works: that the simple binary outcome of a contest had the power to reach back through time and adjust the ethical and moral weight of the contestants’ choices along the way. Maybe, in that case, you would feel differently about what to the rest of us looks like straight-up shit eating.

Defector (here, Albert Burneko) is doing some really good work. See also their article on Hailey Welch and ‘bag culture’.

Altman’s claim of a “Cambrian explosion” rings hollow because any tool built on the perverse incentives of social media is not truly designed with creativity in mind, but addiction. Sora may spark a new wave of digital expression, but it’s just as likely to entrench the same attention economy that has warped our online lives already.

From Parmy Olsen writing about OpenAI Sora in Bloomberg. I think this is a really good article: technology is rightfully judged based on what it actually does, not what it could do or is meant to do, and if AI continues to be used for things that make the world worse, it will earn itself a bad reputation.

Watching

Watching Night On Earth was such a joy. It was tender, laugh-out-loud funny, beautiful.

Youth had me crying the whole time, but I’d still recommend it. Got me into Sun Kil Moon from just a few minutes of Mark Kozelek being onscreen as the guitarist at the fancy hotel.

Listening

My old friends at BRNDA have a hit album on their hands. Kind of punk, kind of Sonic Youth, sort of indescribable, lots of good rock flute on this one.

More good ambient-adjacent instrumental rock.

This album feels next door to some Hop Along tracks. It’s a tie between highlighting this track or Holding On which also has a ton of hit quality.

Elsewhere: in September I did a huge bike trip and posted photos of it over in /photos. Might do a full writeup eventually: we rode the Great Allegheny Passage and the C&O canal in four days of pretty hard riding. Everyone survived, we had an amazing time, and I’m extremely glad that we were all able to make the time to do it. It made me feel so zen for about a week after getting back - I have to do that more often!

Back in May, I wrote about a custom porteur bag that I sewed for use on my bike. That bag served me well on two trips - a solo ride up to Brewster and back, and my semi-yearly ride on the Empire State Trail, from Poughkeepsie to Brooklyn in two days.

But I had a longer ride in the plans summer, which I just rode two weeks ago: Pittsburgh to DC, 348 miles in 4 days, with two nights of camping. And at the last minute I decided to make the next version of that bag. Specifically, I wanted to correct three shortcomings of v1:

• The attachment system was too complex. It had redundant ways to attach to the rack, but the main method was via a shock cord that looped through six grosgrain loops, plus another shock cord that I attached to keep it attached to the back of the rack. Plus hardware that’s used for attachment is better if it’s less flexible. Bungee cords and shock cords are ultimately pretty flawed as ways to attach things on bikes. My frame bag uses non-stretchy paracord, and most bikepacking setups are reliant on voile straps which have a minimal amount of stretch.
• The bag had no liner, and the material is plasticky and odd-looking. ECOPAK EPLX has a waterproof coating on the outside that makes it look like a plastic bag instead of something from synthetic fabric.
• The bag had way too many panels: each side was a panel, plus the bottom, plus the flap. These made the shape of the bag messy.

Version 2

It turned out pretty well. Here’s the gist:

Materials

• Fabric
  • Base: 1000 Denier Coated CORDURA Fabric
  • Top: ECOPAK 200D Recycled Polyester Fabric
  • Lining: 210D ROBIC Ripstop Nylon
• Hardware
  • Zipper: YYK Uretek Coil Zipper #3
  • Webbing: MIL-SPEC Nylon Webbing 1”
  • Buckles: Dual-adjust Side-Release Buckle (2)
  • Connecting clips: Luorng (2)

As you can see, there’s only one built-in way to secure this bag to the bike: a webbing strap that attaches to the two buckles and tightens below the rack. This is definitely a superior mechanism to v1: instead of attaching just the front of the bag to the rack and having to deal with the back of the bag separately, this pulls and tensions the whole bag, including its contents, to the rack. It rattles a lot less and is a lot simpler to attach.

Construction

This bag is made like a tote bag. The essential ingredient of a tote bag is a piece of fabric cut like this:

The lining is simply: the same shape, again, sewed in the same way, sewn to the inside of the bag but with the seams facing in the opposite direction, so that the seams of the liner and the outer shell of the bag face each other.

Techniques for building tote bags are everywhere on the internet, so it’s a really nice place to start. Plus, the bag body can be made with just one cut of fabric. In this case the bottom of the bag is Cordura and the top is ECOPAK, so I just tweaked the tote bag construction by adding panels of ECOPAK on the left and right of the first step above.

The risky part of this bag was its height and the zipper: ideally it could both zip and the top of the bag could fold over for water resistance. I didn’t accomplish both goals and learned something pretty important: if you’re building a waterproof bag with a zipper, once it’s zipped it’ll be hard to compress because the zipper keeps in air.

But the end of the tour included a surprise thunderstorm in Washington, DC and the zipper kept the wet out, so I count that as a win! The zipper also makes the bag very functional off the bike - using the same strap as I use to attach it to the bike but using that as a shoulder strap makes it pretty convenient to carry around. This really came in handy when we were moving bikes onto and off of Amtrak trains.

Plans for version three

Mostly kidding - I’m going to actually use use this bag for the next few trips instead of tinkering with it. But I do have thoughts, from this experience:

• I have mixed feelings about using Cordura next time. It’s what everyone does, and it helps with the abrasion that the bag experiences from the rack. But I have a feeling that ECOPAK would hold up for many thousands of miles by itself, and is lighter and more waterproof than cordura. It could be cool to make the whole bag body from the same material.
• I think I’ll make the next bag taller, and skip the zipper. I have more faith in folding over the material rather than relying on a waterproof zipper.
• A good system for tightening the straps still eludes me. This setup included sliplock slide adjusters, but it’s still kind of annoying to get the right angles to pull the bag tight.
• Again, I didn’t add any external pockets. I don’t think they’re absolutely necessary, but as it is, like the previous version, it’s not really possible to access the contents of this bag on the move. Which is fine because I have other bags that are easier to access - on this trip this bag carried my clothes, camp kit, and backup spare tires, so nothing essential in the middle of the day.

I’ve been thinking the new Meta Ray-Ban augmented reality glasses. Not because they failed onstage, which they absolutely did. Or that shortly after they received rave reviews from Victoria Song at The Verge and MKBHD, two of the most influential tech reviewers. My impression is that the hardware has improved but the software is pretty bad.

Mostly I keep thinking about the cooking demo. Yeah, it bombed. But what if it worked? What if Meta releases the third iteration of this hardware next year and it worked? This post is just questions.

The demos were deeply weird: both Mark Zuckerberg and Jack Mancuso (the celebrity chef) had their AR glasses in a particular demo mode that broadcasted the audio they were hearing and the video they were seeing to the audience and to the live feed of the event.

Of course they need to square the circle of AR glasses being ‘invisible technology,’ but showing people what it does. According to MKBHD’s review, one of the major breakthroughs of the new edition is that you can’t see when other people are looking at the glasses built-in display.

I should credit Song for mentioning the privacy issues of the glasses in her review for The Verge. MKBHD briefly talks about his concern that people will use the glasses to be even more distracted during face-to-face interactions. It’s not like everyone’s totally ignoring the implications.

But the implications. Like for example: I don’t know, sometimes I’m cooking for my partner. Do they hear a one-sided conversation between me and the “Live AI” about what to do first, how to combine the ingredients? Without the staged demo’s video-casting, this would have been the demo: a celebrity chef talking to himself like a lunatic, asking how to start.

Or what if we’re cooking together – do we both have the glasses, and maybe the Live AI responds to… both of us? Do we hear each other’s audio, or is it a mystery what the AI is telling the sous-chef? Does it broadcast to a bluetooth speaker maybe?

Maybe the glasses are able to do joint attention and know who else is in your personal space and share with them in a permissioned way? Does this lock everyone into a specific brand of the glasses or is there some open protocol? It’s been a long, long time since I’ve seen a new open protocol.

Marques’s video shows an impressively invisible display to others, but surely there’s some reflection on people’s retinas: could you scan that and read people’s screens off of their eyeballs?

I hate to preempt critiques but the obvious counterpoint is that “the glasses will be good for people with accessibility needs.” Maybe the AI is unnecessary for cooking, and a lot of its applications will be creepy or fascist, but being able to translate or caption text in real-time will be really useful to people with hearing issues.

I think that’s true! In the same way as crypto was useful for human rights and commerce in countries with unreliable exchanges and banks - a point most forcefully spoken by Alex Gladstein. I’m not one to do the ethical arithmetic on the benefits of crypto in those situations versus the roughly $79 billion worth of scams that it has generated or its impact on climate change. My outsider view is that there are more people and more volume of crypto involved in the speculative & scam sector than in the human-rights sector, but I’m willing to be wrong.

I’ve always been intrigued by, but not sold on, Dynamicland and its New York cousin, folk.computer. But every AR demo I see sells me on that paradigm more. For all of the kookiness of the Dynamicland paradigm, it seems designed for a social, playful world. Nothing about the technology guarantees that outcome, but it definitely suggests it. Likewise, the AR glasses might usher in a new age of isolation and surveillance, but that isn’t guaranteed - that just seems like a likely outcome.

I’m searching for a vision of the AR future, just like I want to read about what really happens with AI proliferation, or what I wished crypto advocates would have written. I want people who believe in this tech to write about how it’ll change their lives and the lives of others, and what really can be done about the risks.

Some time ago, I noticed some new organization called FUTO popping up here and there. I’m always interested in seeing new organizations that fund open source popping up, and seeing as they claim several notable projects on their roster, I explored their website with interest and gratitude. I was first confused, and then annoyed by what I found. Confused, because their website is littered with bizzare manifestos,¹ and ultimately annoyed because they were playing fast and loose with the term “open source”, using it to describe commercial source-available software.

FUTO eventually clarified their stance on “open source”, first through satire and then somewhat more soberly, perpetuating the self-serving myth that “open source” software can privilege one party over anyone else and still be called open source. I mentally categorized them as problematic but hoped that their donations or grants for genuinely open source projects would do more good than the harm done by this nonsense.

By now I’ve learned better. tl;dr: FUTO is not being honest about their “grant program”, they don’t have permission to pass off these logos or project names as endorsements, and they collaborate with and promote mask-off, self-proclaimed fascists.

An early sign that something is off with FUTO is in that “sober” explanation of their “disdain for OSI approved licenses”, where they make a point of criticizing the Open Source Initiative for banning Eric S. Raymond (aka ESR) from their mailing lists, citing right-wing reactionary conspiracy theorist Bryan Lunduke’s blog post on the incident. Raymond is, as you may know, one of the founders of OSI and a bigoted asshole. He was banned from the mailing lists, not because he’s a bigoted asshole, but because he was being a toxic jerk on the mailing list in question. Healthy institutions outgrow their founders. That said, FUTO’s citation and perspective on the ESR incident could be generously explained as a simple mistake, and we should probably match generosity with generosity given their prolific portfolio of open source grants.

I visited FUTO again quite recently as part of my research on Cloudflare’s donations to fascists, and was pleased to discover that this portfolio of grants had grown immensely since my last visit, and included a number of respectable projects that I admire and depend on (and some projects I don’t especially admire, hence arriving there during my research on FOSS projects run by fascists). But something felt fishy about this list – surely I would have heard about it if someone was going around giving big grants to projects like ffmpeg, VLC, musl libc, Tor, Managarm, Blender, NeoVim – these projects have a lot of overlap with my social group and I hadn’t heard a peep about it.

So I asked Rich Felker, the maintainer of musl libc, about the FUTO grant, and he didn’t know anything about it. Rich and I spoke about this for a while and eventually Rich uncovered a transaction in his GitHub sponsors account from FUTO: a one-time donation of $1,000. This payment circumvents musl’s established process for donations from institutional sponsors. The donation page that FUTO used includes this explanation: “This offer is for individuals, and may be available to small organizations on request. Commercial entities wishing to be listed as sponsors should inquire by email.” It’s pretty clear that there are special instructions for institutional donors who wish to receive musl’s endorsement as thanks for their contribution.

The extent of the FUTO “grant program”, at least in the case of musl libc, involved ignoring musl’s established process for institutional sponsors, quietly sending a modest one-time donation to one maintainer, and then plastering the logo of a well-respected open source project on a list of “grant recipients” on their home page. Rich eventually posted on Mastodon to clarify that the use of the musl name and logo here was unauthorized.

I also asked someone I know on the ffmpeg project about the grant that they had received from FUTO and she didn’t know anything about it, either. Here’s what she said:

I’m sure we did not get a grant from them, since we tear each other to pieces over everything, and that would be enough to start a flame war. Unless some dev independently got money from them to do something, but I’m sure that we as a project got nothing. The only grant we’ve received is from the STF last year.

Neovim is another project FUTO lists as a grant recipient, and they also have a separate process for institutional sponsors. I didn’t reach out to anyone to confirm, but FUTO does not appear on the sponsor list so presumably the M.O. is the same. This is also the case for Wireshark, Conduit, and KiCad. GrapheneOS is listed prominently as well, but that doesn’t seem to have worked out very well for them. Presumably ffmpeg received a similar quiet donation from FUTO, rather than something more easily recognizable as a grant.

So, it seems like FUTO is doing some shady stuff and putting a bunch of notable FOSS projects on their home page without good reason to justify their endorsement. Who’s behind all of this?

As far as I can tell, the important figures are Eron Wolf² and Louis Rossmann.³ Wolf is the founder of FUTO – a bunch of money fell into his lap from founding Yahoo Games before the bottom fell out of Yahoo, and he made some smart investments to grow his wealth, which he presumably used to fund FUTO. Rossmann is a notable figure in the right to repair movement, with a large following on YouTube, who joined FUTO a year later and ultimately moved to Austin to work more closely with them. His established audience and reputation provides a marketable face for FUTO. I had heard of Rossmann prior to learning about FUTO and held him in generally good regard, despite little specific knowledge of his work, simply because we have a common cause in right to repair.

I hadn’t heard of Wolf before looking into FUTO. However, in the course of my research, several people tipped me off to his association with Curtis Yarvin (aka moldbug), and in particular to the use of FUTO’s platform and the credentials of Wolf and Rossman to platform and promote Yarvin. Curtis Yarvin is a full-blown, mask-off, self-proclaimed fascist. A negligible amount of due diligence is required to verify this, but here’s one source from Politico in January 2025:

I’ve interacted with Vance once since the election. I bumped into him at a party. He said, “Yarvin, you reactionary fascist.” I was like, “Thank you, Mr. Vice President, and I’m glad I didn’t stop you from getting elected.”

– Ian Ward for Politico

Vice President Vance and numerous other figures in the American right have cited Yarvin as a friend and source of inspiration in shaping policy.⁴ Among his many political positions, Yarvin has proclaimed that black people are genetically predisposed to a lower IQ than white people, and moreover suggests that black people are inherently suitable for enslavement.⁵

Yarvin has appeared on FUTO’s social media channels, in particular in an interview published on PeerTube and Odysee, the latter a platform controversial for its role in spreading hate speech and misinformation.⁶ Yarvin also appeared on stage to “debate” Louis Rossmann in June 2022, in which Yarvin is permitted to speak at length with minimal interruptions or rebuttals to argue for an authoritarian techno-monarchy to replace democracy.

Rossmann caught some flack for this “debate” and gave a milquetoast response in a YouTube comment on this video, explaining that he agreed to this on very short notice as a favor to Eron, who had donated “a million” to Rossmann’s non-profit prior to bringing Rossmann into the fold at FUTO. Rossmann does rebuke Yarvin’s thesis, albeit buried in this YouTube comment rather than when he had the opportunity to do so on-stage during the debate. Don’t argue with fascists, Louis – they aren’t arguing with you, they are pitching their ideas⁷ to the audience. Smart fascists are experts at misdirection and bad-faith debate tactics and as a consequence Rossmann just becomes a vehicle for fascist propaganda – consult the YouTube comments to see who this video resonates with the most.

In the end, Rossmann seems to regret agreeing to this debate. I don’t think that Eron Wolf regrets it, though – based on his facilitation of this debate and his own interview with Yarvin on the FUTO channel a month later, I can only assume that Wolf considers Yarvin a close associate. No surprise given that Wolf is precisely the kind of insecure silicon valley techbro Yarvin’s rhetoric is designed to appeal to – moderately wealthy but unknown, and according to Yarvin, fit to be a king. Rossmann probably needs to reflect on why he associates with and lends his reputation to an organization that openly and unapologetically platforms its founder’s fascist friends.

In summary, FUTO is not just the product of some eccentric who founded a grant-making institution that funds open source at the cost of making us read his weird manifestos on free markets and oligopoly. It’s a private, for-profit company that associates with and uses their brand to promote fascists. They push an open-washing narrative and they portray themselves as a grant-making institution when, in truth, they’re passing off a handful of small donations as if they were endorsements from dozens of respectable, high-profile open source projects, in an attempt to legitimize themselves, and, indirectly, legitimize people they platform like Curtis Yarvin.

So, if you read this and discover that your project’s name and logo is being proudly displayed on the front page of a fascist-adjacent, washed-up millionaire’s scummy vanity company, and you don’t like that, maybe you should ask them to knock it off? Eron, Louis – you know that a lot of these logos are trademarked, right?

Updated 2025-10-27:

The FUTO website has been updated to clarify the nature of grants versus donations (before, after) and to reduce the appearance of endorsements from the donation recipients – the site is much better after this change.

I spoke to a representative who spoke for the FUTO leadership, and shared positive feedback regarding the changes to the website. I also asked for a follow-up on the matter of platforming fascist activist Curtis Yarvin on their social media channels, and I was provided this official response:

We prefer to spend our time building great software for people to use, funding interesting projects, and making FUTO better every day. We have no interest in engaging in politics as this is a distraction from our work. We’d like to move past this. We don’t have any further comment that that.

I understand the view that distancing oneself from politics can be a productive approach to your work, and the work FUTO does funding great software like Immich is indeed important work that should be conducted relatively free of distractions. However, FUTO is a fundamentally political organization and it does not distance itself from politics. Consider for example the FUTO statement on Open Source, which takes several political positions:

• Disapproval of the Open Source Initiative and their legitimacy as an authority
• Disapproval of OSI’s proposed AI standards
• Disapproval of the “tech oligopoly”
• Advocacy for an “open source” which is inclusive of restrictions on commercial use
• Support for Eric S. Raymond’s side in his conflict with OSI
• Tacit support for Bryan Lunduke

A truer “apolitical” approach would accept the mainstream definition of open source, would not take positions on conflicts with OSI or Eric Raymond, and would be careful not to cite (or platform) controversial figures such as Lunduke.

It is difficult for FUTO’s work to be apolitical at all. Importantly, there are biases in their grants and donations: their selections have a tendency to privilege projects focused on privacy, decentralization, multimedia, communication, and right to repair, all of which suggest the political priorities of FUTO. The choice to fund “source first” software in addition to open source, or not to fund outright closed source software, or not to vet projects based on their community moderation, are also political factors in their process of selecting funding recipients, or at least are seemingly apolitical decisions which ultimately have political consequences.

This brings us to the political nature of the choice to platform Curtis Yarvin. Yarvin is a self-proclaimed fascist who argues openly for fascist politics. Platforming Yarvin on the FUTO channels legitimizes Yarvin’s ideas and his work, and provides curious listeners a funnel that leads to Yarvin’s more radical ideas and into a far-right rabbit-hole. Platforming Yarvin advances the fascist political program.

It should go without saying that it is political to support fascism or fascists. There is an outrageous moral, intellectual, and political contradiction in claiming that it is apolitical to promote a person whose political program is to dismantle democracy and eject people he disagrees with from the political sphere entirely. FUTO should reflect on their values, acknowledge the political nature of their work, and consider the ways in which their work intersects with politics writ large, then make decisions that align their political actions with their political beliefs.

US politics has been pretty fascist lately. The state is filling up concentration camps, engaging in mass state violence against people on the basis of racialized traits, deporting them to random countries without any respect for habeas corpus, exerting state pressure on the free press to censor speech critical of the current administration, and Trump is openly floating the idea of an unconstitutional third term.

Fascism is clearly on the rise, and they’re winning more and more power. None of this is far removed from us in the FOSS community – there are a number of fascists working in FOSS, same as the rest of society. I don’t call them fascists baselessly – someone who speaks out in support of and expresses solidarity with fascists, or who uses fascists dog-whistles or promotes fascist ideology and talking points, or boosts fascist conspiracy theories – well, they’re a fascist.

If one consistently speaks in support of a certain political position and against the opponents of that position then it is correct to identify them with this political position. Facts, as it were, don’t care about feelings, namely the feelings that get hurt when someone is called a fascist. Fascists naturally do not want to be identified as such and will reject the label, but we shouldn’t take their word for it. People should be much more afraid of being called out as fascist than they are afraid of calling someone a fascist. If someone doesn’t want to be called a fascist, they shouldn’t act like one.

It’s in this disturbing political context that I saw an odd post from the Cloudflare blog pop up in my circles this week: Supporting the future of the open web: Cloudflare is sponsoring Ladybird and Omarchy. Based on Ladybird’s sponsorship terms we can assume that these projects received on the order of $100,000 USD from Cloudflare. I find this odd for a few reasons, in particular because one thing that I know these two projects have in common is that they are both run by fascists.

Even at face value this is an unusual pair of projects to fund. I’m all for FOSS projects getting funded, of course, and I won’t complain about a project’s funding on the solitary basis that it’s an odd choice. I will point out that these are odd choices, though, especially Omarchy.

Ladybird makes some sense, given that it’s aligned in principle with Cloudflare’s stated objective to “support the open web”, though I remain bearish that new web browser engines are even possible to make.¹ Omarchy is a bizarre choice, though – do we really need another pre-customized Arch Linux distribution? And if we do, do we really need a big corporation like Cloudflare to bankroll it? Everyone on /r/unixporn manages to make Arch Linux look pretty for free.

Omarchy is a very weird project to fund, come to think of it. Making an Arch Linux spin technically requires some work, and work is work, I won’t deny it, but most of the work done here is from Arch Linux and Hyprland. Why not fund those, instead? Well, don’t fund Hyprland, since it’s also run by a bunch of fascists, but you get my point.

Anyway, Omarchy and Ladybird are both run by fascists. Omarchy makes this pretty obvious from the outset – on the home page the big YouTube poster image prominently features SuperGrok, which is a pathetically transparent dog-whistle to signal alliance with Elon Musk’s fascist politics. Omarchy is the pet project of David Heinemeier Hansson, aka DHH, who is well known as a rich fascist weirdo.² One need only consult his blog to browse his weird, racist views on immigration, fat-shaming objections to diverse representation, vaguely anti-feminist/homophobic/rapey rants on consent, and, recently, tone-policing antifascists who celebrate the death of notable fascist Charlie Kirk.

Speaking of tributes to Charlie Kirk, that brings us to Andreas Kling, the project lead for Ladybird, who tweeted on the occasion of his assassination:

RIP Charlie Kirk

I hope many more debate nerds carry on his quest to engage young people with words, not fists.

– @awesomekling

Kling has had a few things to say about Kirk on Twitter lately. Here’s another one – give you three guesses as to which “[group]” he objects to punching. You may also recall that Kling achieved some notoriety for his obnoxious response as the maintainer of SerenityOS when someone proposed gender-neutral language for the documentation:

Replacing “he” with “they” in one sentence of the documentation is the kind of “ideologically motivated change” that Serenity’s CONTRIBUTING.md apparently aims to prevent, a classic case of the sexist “identities that are not men are inherently political” nonsense. Ladybird has a similar, weirdly defensive policy on “neutrality”, and a milquetoast code of conduct, which is based on the Ruby Community Conduct Guideline, which has been itself the subject of many controversies due to its inadequacy leading to real-world incidents of harassment and abuse.

Here’s another one – Kling endorsing white replacement theory in June:

White males are actively discriminated against in tech.

It’s an open secret of Silicon Valley.

One of the last meetings I attended before leaving Apple (in 2017) was management asking us to “keep the corporate diversity targets in mind” when interviewing potential new hires.

The phrasing was careful, but the implication was pretty clear.

I knew in my heart this wasn’t wholesome, but I was too scared to rock the boat at the time.

– @awesomekling replying to @danheld³

And in a moment of poetic irony, a few days ago Kling spoke in solidarity with Hansson over his “persecution” for “banal, mainstream positions” on Twitter just a few days ago, in response to Hansson’s tweet signal-boosting another notable reactionary tech fascist, Bryan Lunduke.

So, to sum it up, Kling wears his mask a bit better than Hansson, but as far as I’m concerned it seems clear that both projects are run by fascists. If it walks like a fascist and quacks like a fascist… then why is Cloudflare giving them hundreds of thousands of dollars?

In the wake of the largest supply-chain attack in history, the JavaScript community could have a moment of reckoning and decide: never again. As the panic and shame subsides, after compromised developers finish re-provisioning their workstations and rotating their keys, the ecosystem might re-orient itself towards solving the fundamental flaws that allowed this to happen.

After all, people have been sounding the alarm for years that this approach to dependency management is reckless and dangerous and broken by design. Maybe this is the moment when the JavaScript ecosystem begins to understand the importance and urgency of this problem, and begins its course correction. It could leave behind its sprawling dependency trees full of micro-libraries, establish software distribution based on relationships of trust, and incorporate the decades of research and innovation established by more serious dependency management systems.

Perhaps Google and Mozilla, leaders in JavaScript standards and implementations, will start developing a real standard library for JavaScript, which makes micro-dependencies like left-pad a thing of the past. This could be combined with a consolidation of efforts, merging micro-libraries into larger packages with a more coherent and holistic scope and purpose, which prune their own dependency trees in turn.

This could be the moment where npm comes to terms with its broken design, and with a well-funded effort (recall that, ultimately, npm is GitHub is Microsoft, market cap $3 trillion USD), will develop and roll out the next generation of package management for JavaScript. It could incorporate the practices developed and proven in Linux distributions, which rarely suffer from these sorts of attacks, by de-coupling development from packaging and distribution, establishing package maintainers who assemble and distribute curated collections of software libraries. By introducing universal signatures for packages of executable code, smaller channels and webs of trust, reproducible builds, and the many other straightforward, obvious techniques used by responsible package managers.

Maybe other languages that depend on this broken dependency management model, like Cargo, PyPI, RubyGems, and many more, are watching this incident and know that the very same crisis looms in their future. Maybe they will change course, too, before the inevitable.

Imagine if other large corporations who depend on and profit from this massive pile of recklessly organized software committed their money and resources to it, through putting their engineers to the task of fixing these problems, through coming together to establish and implement new standards, through direct funding of their dependencies and by distributing money through institutions like NLNet, ushering in an era of responsible, sustainable, and secure software development.

This would be a good future, but it’s not the future that lies in wait for us. The future will be more of the same. Expect symbolic gestures – mandatory 2FA will be rolled out in more places, certainly, and the big players will write off meager donations in the name of “OSS security and resilience” in their marketing budgets.

No one will learn their lesson. This has been happening for decades and no one has learned anything from it yet. This is the defining hubris of this generation of software development.

This picture is from a different company and is from 2017, but it's the best I could do on short notice.