... The TLDR is: the cataract in my one mostly working eye (the other has about 50% retinal occlusion) is steadily getting worse, and I'm scheduled for surgery on March 27th.

NB: no need to lecture me about cataract surgery, I've already had it on the other eye. Same team, same hospital, same prognosis. I know exactly what to expect. Nor are your best wishes welcome: replying to them gets tiring after the fiftieth time (see: poor eyesight, above).

But worsening eyesight means that reading (and writing!) is fatiguing, so I gradually do less and less of it in each session.

Consequently I've been spending my screen time, not on the blog, but on a revision pass over my next novel, and on writing the follow-up.

(No, I can't give you any details: let's just say they're space operas, not Laundry Files, and I'll talk about them when my agent gives me the go-ahead. Book 1 is written, subject to editing, and Book 2 is about 10-15% written. And neither of them is Ghost Engine, the white whale I've been fruitlessly hunting for the past decade, although the viable chunks of GE may get recycled into Book 2.)

After my eye surgery I'll be going to Iridescence, the 2026 British Eastercon, the following weekend in Birmingham. I have some program items: I'll update this blog entry when I have a final schedule.

After Iridescence, I'll be heading to Satellite 9 in Glasgow (May 22nd to 24th). And after that I'll be attending Metropol Con in Berlin, July 2nd to 5th.

I'm not attending any US SF conventions for the forseeable future (being deported to a concentration camp in El Salvador is not on my bucket list), but I will try to attend the 2027 World Science Fiction convention in Montreal, assuming the Paedopotus Rex hasn't gone on a Godzilla-style rampage north of the border by then, and that intercontinental air travel is still possible. (See, my inability to resist that kind of cheap shot is exactly why I'm not visiting the US these days: ICE want to see your social media history going back 5 years, and I gather they're using some horrible LLM tool from Palantir to vet travellers.)

We now return you to your regular scheduled kvetching about the state of world affairs until my eyeballs are firing on all cylinders again. (Say, did you know that 30% of the world's fertilizer is shipped through the Straits of Hormuz? And about 20% of the sulfur that ends up as feedstock in sulfuric acid for industrial processes comes from sour Gulf crude, so ditto? Not to mention the helium that is required to keep MRI machines and TSMC's semiconductor fab lines running, never mind your grandkids' party balloons? Happy days ...)

Sorry I haven't updated the blog for a while: I've been busy. (Writing the final draft of a new novel entirely unconnected to anything else you've read—space opera, new setting, longest thing I've written aside from the big Merchant Princes doorsteps. Now in my agent's inbox while I make notes towards a sequel, if requested.)

Over the past few years I've been naively assuming that while we're ruled by a ruthless kleptocracy, they're not completely evil: aristocracies tend to run on self-interest and try to leave a legacy to their children, which usually means leaving enough peasants around to mow the lawn, wash the dishes, and work the fields.

But my faith in the sanity of the evil overlords has been badly shaken in the past couple of months by the steady drip of WTFery coming out of the USA in general and the Epstein Files in particular, and now there's this somewhat obscure aside, that rips the mask off entirely (Original email on DoJ website ) ...

A document released by the U.S. Department of Justice as part of the Epstein files contains a quote attributed to correspondence involving Jeffrey Epstein that references Bill Gates and a controversial question about "how do we get rid of poor people as a whole."

The passage appears in a written communication included in the DOJ document trove and reads, in part: "I've been thinking a lot about that question that you asked Bill Gates, 'how do we get rid of poor people as a whole,' and I have an answer/comment regarding that for you." The writer then asks to schedule a phone call to discuss the matter further.

As an editor of mine once observed, America is ruled by two political parties: the party of the evil billionaires, and the party of the sane (so slightly less evil) billionaires. Evil billionaires: "let's kill the poor and take all their stuff." Sane billionaires: "hang on, if we kill them all who's going to cook dinner and clean the pool?"

And this seemed plausible ... before it turned out that the CEO class as a whole believe entirely in AI (which, to be clear, is just another marketing grift in the same spirit as cryptocurrencies/blockchain, next-generation nuclear power, real estate backed credit default options, and Dutch tulip bulbs). AI is being sold on the promise of increasing workforce efficiency. And in a world which has been studiously ignoring John Maynard Keynes' 1930 prediction that by 2030 we would only need to work a 15 hour work week, they've drawn an inevitable unwelcome conclusion from this axiom: that there are too many of us. For the past 75 years they've been so focussed on optimizing for efficiency that they no longer understand that efficiency and resilience are inversely related: in order to survive collectively through an energy transition and a time of climate destabilization we need extra capacity, not "right-sized" capacity.

Raise the death rate by removing herd immunity to childhood diseases? That's entirely consistent with "kill the poor". Mass deportation of anyone with the wrong skin colour? The white supremacists will join in enthusiastically, and meanwhile: the deported can die out of sight. Turn disused data centres or amazon warehouses into concentration camps (which are notorious disease breeding grounds)? It's a no-brainer. Start lots of small overseas brushfire wars, escalating to the sort of genocide now being piloted in Gaza by Trump's ally Netanyahu (to emphasize: his strain of Judaism can only be understood as a Jewish expression of white nationalism, throwing off its polite political mask to reveal the death's head of totalitarianism underneath)? It's all part of the program.

Our rulers have gone collectively insane (over a period of decades) and they want to kill us.

The class war has turned hot. And we're all on the losing side.

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics.

In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations.

Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They’re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions, interrogating their experience, even challenging their thinking.

Voters get immediate feedback on how their individual point of view matches—or doesn’t—a party’s platform, and they can see whether and how the party adopts their feedback. This isn’t like an opinion poll that politicians use for calculating short-term electoral tactics. It’s a deliberative reasoning process that scales, engaging voters in defining policy and helping candidates to listen deeply to their constituents.

This is happening today in Japan. Constituents have spent about eight thousand hours engaging with Mirai’s AI Interviewer since 2025. The party’s gamified volunteer mobilization app, Action Board, captured about 100,000 organizer actions per day in the runup to last week’s election.

It’s how Team Mirai, which translates to ‘The Future Party,’ does politics. Its founder, Takahiro Anno, first ran for local office in 2024 as a 33 year old software engineer standing for Governor of Tokyo. He came in fifth out of 56 candidates, winning more than 150,000 votes as an unaffiliated political outsider. He won attention by taking a distinctive stance on the role of technology in democracy and using AI aggressively in voter engagement.

Last year, Anno ran again, this time for the Upper Chamber of the national legislature—the Diet—and won. Now the head of a new national party, Anno found himself with a platform for making his vision of a new way of doing politics a reality.

In this recent House of Representatives election, Team Mirai shot up to win nearly four million votes. In the lower chamber’s proportional representation system, that was good enough for eleven total seats—the party’s first ever representation in the Japanese House—and nearly three times what it achieved in last year’s Upper Chamber election.

Anno’s party stood for election without aligning itself on the traditional axes of left and right. Instead, Team Mirai, heavily associated with young, urban voters, sought to unite across the ideological spectrum by taking a radical position on a different axis: the status quo and the future. Anno told us that Team Mirai believes it can triple its representation in the Diet after the next elections in each chamber, an ostentatious goal that seems achievable given their rapid rise over the past year.

In the American context, the idea of a small party unifying voters across left and right sounds like a pipe dream. But there is evidence it worked in Japan. Team Mirai won an impressive 11% of proportional representation votes from unaffiliated voters, nearly twice the share of the larger electorate. The centerpiece of the party’s policy platform is not about the traditional hot button issues, it’s about democracy itself, and how it can be enhanced by embracing a futuristic vision of digital democracy.

Anno told us how his party arrived at its manifesto for this month’s elections, and why it looked different from other parties’ in important ways. Team Mirai collected more than 38,000 online questions and more than 6,000 discrete policy suggestions from voters using its AI Policy app, which is advertised as a ‘manifesto that speaks for itself.’

After factoring in all this feedback, Team Mirai maintained a contrarian position on the biggest issue of the election: the sales tax and affordability. Rather than running on a reduction of the national sales tax like the major parties, Team Mirai reviewed dozens of suggestions from the public and ultimately proposed to keep that tax level while providing support to families through a child tax credit and lowering the required contribution for social insurance. Anno described this as another future-facing strategy: less price relief in the short term, but sustained funding for essential programs.

Anno has always intended to build a different kind of party. After receiving roughly $1 million in public funding apportioned to Team Mirai based on its single seat in the Upper Chamber last year, Anno began hiring engineers to enhance his software tools for digital democracy.

Anno described Team Mirai to us as a ‘utility party;’ basic infrastructure for Japanese democracy that serves the broader polity rather than one faction. Their Gikai (‘assembly’) app illustrates the point. It provides a portal for constituents to research bills, using AI to generate summaries, to describe their impacts, to surfacing media reporting on the issue, and to answer users’ questions. Like all their software, it’s open source and free for anyone, in any party, to use.

After last week’s victory, Team Mirai now has about $5 million in public funding and ambitions to grow the influence of their digital democracy platform. Anno told us Team Mirai has secured an agreement with the LDP, Japan’s dominant ruling party, to begin using Team Mirai’s Gikai and corruption-fighting Mirumae financial transparency tool.

AI is the issue driving the most societal and economic change we will encounter in our lifetime, yet US political parties are largely silent. But AI and Big Tech companies and their owners are ramping up their political spending to influence the parties. To the extent that AI has shown up in our politics, it seems to be limited to the question of where to site the next generation of data centers and how to channel populist backlash to big tech.

Those are causes worthy of political organizing, but very few US politicians are leveraging the technology for public listening or other pro-democratic purposes. With the midterms still nine months away and with innovators like Team Mirai making products in the open for anyone to use, there is still plenty of time for an American politician to demonstrate what a new politics could look like.

This essay was written with Nathan E. Sanders, and originally appeared in Tech Policy Press.

Today, it's not exactly the code that was bad. For some time, a government agency had been collecting information from users using fillable PDF forms. The user would submit the form, and then a data entry clerk would copy the text from the form into a database. This, of course, raised the question: why was someone manually riding the copy/paste button?

Sally was tasked with automating this. The data is already in a digital format, so it should be easy to use a PDF library to parse out the entered data and insert it into the database. And it almost was.

Sally shares with us, not code, but the output of her program which scanned the fields, looking for their names:

FieldType: Text
FieldName: T5ZA1
FieldNameAlt: T5ZA1
FieldFlags: 25165824
FieldJustification: Left
FieldMaxLength: 3
---
FieldType: Text
FieldName: T5ZA2
FieldNameAlt: T5ZA2
FieldFlags: 25165824
FieldJustification: Left
FieldMaxLength: 2
---
FieldType: Text
FieldName: T5ZA3
FieldNameAlt: T5ZA3
FieldFlags: 25165824
FieldJustification: Left
FieldMaxLength: 4

I could go on, Sally certainly shared many more examples, but you can get the gist. The names were all cryptic five character blobs. They all start with T5Z, and followed by "letternumber": A3, B9, C2, etc. It has the vibe of being autogenerated; someone just never considered that they might want clear names for the fields, and just let their editor autonumber them, but that has one counterpoint to it: the letter "O" is never used. T5ZN9 is followed by T5ZP1.

Sally was left scratching her head. Of course, she was going to have to write some sort of lookup that would convert the PDF's field names into database field names, but she expected that the PDF would provide at least some sort of guidance on that front.

I really enjoy that the alt-text for every field is also the field name, which is a clear accessibility "win".

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

Author: Majoki Red Rover, Red Rover, send MADIE right over. Red Rover, Red Rover, send MADIE right over. Red Rover, Red Rover, send MADIE right over. ANDIE sent the request out for the gigazillionth time, but Red Rover didn’t respond. Neither did MADIE. ANDIE widened his search parameters as red dust puffed from his relentless […]

The post Red Rover appeared first on 365tomorrows.

Review: A Shadow in Summer, by Daniel Abraham

A Shadow in Summer is a high fantasy novel, the first of (as the name implies) a completed four-book series. Daniel Abraham is perhaps better known as half of the writing pair behind James S.A. Corey, author of the Expanse series. This was his first novel.

Otah was the sixth son of a Khai, sent like many of the unwanted later children of the powerful to learn the secrets of the andat and be trained as a poet. He learned his lessons well enough to reject the school and its teachings and walk away.

Amat Kyaan has worked her way up from nothing to become the senior overseer of the foreign Galtic House Wilsin in the sun-drenched port city of Saraykeht. Liat is her apprentice, distracted by young love. Maati is a new apprentice poet, having endured his training and sent to learn from Heshai how to eventually hold the andat Removing-The-Part-That-Continues, better known as Seedless. None of them know they will find themselves entangled in a plot to destroy the poet of Saraykeht and, through him, the city's most potent economic tool.

A poet in this world is not what we would think of a poet. They are, in essence, magical slave-drivers who capture the essence of an andat, a spirit embodying an idea that is coerced into the prison of volition and obedience by the poet. The andat Seedless, the embodiment of the concept of removing the spark of life, is central to the economic wealth of Saraykeht in a way that is startling in its simplicity: Seedless can remove the seeds from a warehouse full of cotton at a thought. This gives Saraykeht a massive productivity advantage in the cotton trade.

Seedless is also a powerful potential weapon. What he can do to cotton, he could as easily do to any other crop, or to people. The Galts are not fond of the independence and power of Saraykeht, but as long as the city controls a powerful andat, they do not dare to attack it directly. Indirectly, though... that's another matter.

This is one of those fantasy novels with meticulous and thoughtful world-building, careful and evocative prose, and a complex ensemble cast of interesting characters that the novel then attempts to make utterly miserable and complicit in their own misery. There should be a name for this style of writing. It's not tragedy because the ending is not tragic, precisely. It's not magic realism; the andats are openly magical, which makes this clearly high fantasy. But Abraham approaches the story from the type of realist frame that considers the pain and desperation of the characters to be more interesting than their ability to overcome challenges.

Amat starts the story as an admirable, sharp-witted expert manager, so her life is destroyed and she's subjected to sexual violence. Heshai loathes himself and veers between a tragic figure and a wastrel as the story systematically undermines opportunities for redemption. Maati is young and idealistic, so of course every character in the book sets out to crush his idealism under the weight of unforeseen consequences. There is a sad and depressing love triangle, because this is exactly the sort of book that has a sad and depressing love triangle. At the end of the novel, everyone who survives is older and wiser in the sense that some stories seem to think wisdom comes from the accumulation of trauma.

I find books like this so immensely frustrating because their merits are so clear. The world-building is careful and detailed in a way that includes economic systems, unlike so much fantasy. It is full of small, intriguing touches, such as the use of posture and gesture to communicate the emotional valence of one's words. Abraham understands the moral implications of poets and andats and the story tackles them head-on. The writing flows beautifully and gave me a strong sense of the city. I wanted to like this book for the obvious skill that went into it, and sometimes I even managed.

And yet, it's taken me three months to finish A Shadow in Summer because I simply do not want to spend this much time around miserable people. I would get through one or two chapters in a night and then wanted to read something happy or defiant or heroic, rather than watching slow-motion train wrecks intermixed with desperate attempts to navigate stifling layers of immoral systems. It's not that the story lacks a moral compass. The characters are sincerely trying to make the world a better place, with some success. It even delivers a happy ending of sorts. But so much of the journey was watching the lives of the characters fall apart.

I am completely unsurprised that some people loved this book. I'm still intrigued enough by the world-building that I'm half-tempted to try to read the sequel even after having to drag myself through this one. I had a similar reaction to Abraham's The Dragon's Path, though, so I think Abraham is just not for me. I may get back to the Expanse at some point, but having to drag myself through both of his solo novels I've tried, in two different series, probably indicates an incompatibility between author and reader. That's a shame, given the quality of the writing.

Followed by A Betrayal in Winter.

Content notes: Sexual and reproductive violence as significant plot elements.

Rating: 6 out of 10

This needs to be clear: systemd is under attack by a trolling campaign orchestrated by fascist elements. Nobody is forced to like or use systemd, but anybody who wants to pick a side should know the facts.

Recently, the free software Nazi bar crowd styling themselves as "concerned citizens" has tried to start a moral panic by saying that systemd is implementing age verification checks or that somehow it will require providing personally identifiable information.

This is a lie: the facts are simply that the systemd users database has gained an optional "date of birth" field, which the desktop environments may use or not as they deem appropriate. Of course there is no "identity verification" or requirements to provide any data, which in any case would not be shared beyond authorized local applications.

While the multiple recent bills proposing that general purpose operating systems implement age verification mechanisms are often concerning, both from a social and technical point of view, this is not the topic being discussed here. They are often suboptimal, but for a long time I have been opposing attempts to implement parental control at the network level and argued that it should be managed locally, by parents on their own machines: I cannot see why I should outright reject an attempt to implement the infrastructure to do that.

If we want to keep age-appropriate controls out of the hands of centralized authorities, the alternative is giving families the means to manage it themselves: this is what this field enables. Whether desktop environments use it for parental controls, for birthday reminders, or for nothing at all, is their users' decision.

By the way, the original UNIX users database has allowed storing PII in the GECOS field since it was invented in the '70s. Similar fields are also specified by many popular LDAP schemes: adding such an optional field is consistent with the UNIX tradition.

And while we are at it, let's also refute the other smear campaign started by the same people: the systemd project is not accepting "AI slop". What happened is that a documentation file for the benefit of coding agents was added to the repository. To be clear: agents still cannot submit merge requests. The file itself remarks that all contributions must be reviewed in detail by humans, and this is basically the same policy used by the Linux kernel.

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.

Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising corporate cloud environments using a self-propagating worm that went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then attempted to move laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram.

A snippet of the malicious CanisterWorm that seeks out and destroys data on systems that match Iran’s timezone or have Farsi as the default language. Image: Aikido.dev.

In a profile of TeamPCP published in January, the security firm Flare said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end-user devices, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.

“TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,” Flare’s Assaf Morag wrote. “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”

On March 19, TeamPCP executed a supply chain attack against the vulnerability scanner Trivy from Aqua Security, injecting credential-stealing malware into official releases on GitHub actions. Aqua Security said it has since removed the harmful files, but the security firm Wiz notes the attackers were able to publish malicious versions that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from users.

Over the weekend, the same technical infrastructure TeamPCP used in the Trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user’s timezone and locale are determined to correspond to Iran, said Charlie Eriksen, a security researcher at Aikido. In a blog post published on Sunday, Eriksen said if the wiper component detects that the victim is in Iran and has access to a Kubernetes cluster, it will destroy data on every node in that cluster.

“If it doesn’t it will just wipe the local machine,” Eriksen told KrebsOnSecurity.

Image: Aikido.dev.

Aikido refers to TeamPCP’s infrastructure as “CanisterWorm” because the group orchestrates their campaigns using an Internet Computer Protocol (ICP) canister — a system of tamperproof, blockchain-based “smart contracts” that combine both code and data. ICP canisters can serve Web content directly to visitors, and their distributed architecture makes them resistant to takedown attempts. These canisters will remain reachable so long as their operators continue to pay virtual currency fees to keep them online.

Eriksen said the people behind TeamPCP are bragging about their exploits in a group on Telegram and claim to have used the worm to steal vast amounts of sensitive data from major companies, including a large multinational pharmaceutical firm.

“When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages,” Eriksen said. “It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we’ve seen so far is probably a small sample of what they have.”

Security experts say the spammed GitHub messages could be a way for TeamPCP to ensure that any code packages tainted with their malware will remain prominent in GitHub searches. In a newsletter published today titled GitHub is Starting to Have a Real Malware Problem, Risky Business reporter Catalin Cimpanu writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell GitHub stars and “likes” to keep malicious packages at the top of the GitHub search page.

This weekend’s outbreak is the second major supply chain attack involving Trivy in as many months. At the end of February, Trivy was hit as part of an automated threat called HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.

Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend’s mischief. But he said there is no reliable way to tell whether TeamPCP’s wiper actually succeeded in trashing any data from victim systems, and that the malicious payload was only active for a short time over the weekend.

“They’ve been taking [the malicious code] up and down, rapidly changing it adding new features,” Eriksen said, noting that when the malicious canister wasn’t serving up malware downloads it was pointing visitors to a Rick Roll video on YouTube.

“It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention,” Eriksen said. “I feel like these people are really playing this Chaotic Evil role here.”

Cimpanu observed that supply chain attacks have increased in frequency of late as threat actors begin to grasp just how efficient they can be, and his post documents an alarming number of these incidents since 2024.

“While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up,” Cimpanu wrote. “Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix.”

Update, 2:40 p.m. ET: Wiz is reporting that TeamPCP also pushed credential stealing malware to the KICS vulnerability scanner from Checkmarx, and that the scanner’s GitHub Action was compromised between 12:58 and 16:50 UTC today (March 23rd).

It’s an impressive feat, over a decade after the box was released:

Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools.

Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data.

As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.

Note: I have not published blog posts about my academic papers over the past few years. To ensure that my blog contains a more comprehensive record of my published papers and to surface them for folks who missed them, I will periodically (re) publish blog posts about some “older” published projects. This post draws material from a previously published post by Kaylea Champion on the Community Data Science Blog.

Taboo subjects—such as sexuality and mental health—are as important to discuss as they are difficult to raise in conversation. Although many people turn to online resources for information on taboo subjects, censorship and low-quality information are common in search results. In two papers I recently published at CSCW—both led by Kaylea Champion—we presented a series of analyses showing how taboo shapes the process of collaborative knowledge building on English Wikipedia.

The first study is a quantitative analysis showing that articles on taboo subjects are much more popular and are the subject of more vandalism than articles on non-taboo topics. In surprising news, we also found that they were edited more often and were of higher quality!

The first challenge we faced in conducting this work was identifying taboo articles. Kaylea had a brilliant idea for a new computational approach to doing so without relying on our individual intuitions about what qualifies as taboo (something we understood would be highly specific to our own culture, class, etc). Her approach was to make use of an insight from linguistics: people develop euphemisms as ways to talk about taboos (i.e., think about all the euphemisms we’ve devised for death, or sex, or menstruation, or mental health).

We used this insight to build a new machine-learning classifier based on English Wiktionary definitions. If a ‘sense’ of a word was tagged as euphemistic, we treated the words in the definition as indicators of taboo. The end result was a series of words and phrases that most powerfully differentiate taboo from non-taboo. We then did a simple match between those words and phrases and the titles of Wikipedia articles. The topics were taboo enough that we were a little uncomfortable discussing them in our meetings! We built a comparison sample of articles whose titles are words that, like our taboo articles, appear in Wiktionary definitions.

In the first paper, we used this new dataset to test a series of hypotheses about how taboo shapes collaborative production in Wikipedia. Our initial hypotheses were based on the idea that taboo information is often in high demand but that Wikipedians might be reluctant to associate their names (or usernames) with taboo topics. The result, we argued, would be articles that were in high demand but of low quality.

We found that taboo articles are thriving on Wikipedia! In summary, we found that in comparison to non-taboo articles:

• Taboo articles are more popular (as expected).
• Taboo articles receive more contributions (contrary to expectations).
• Taboo articles receive more low-quality contributions (as expected).
• Taboo articles are higher quality (contrary to expectations).
• Taboo article contributors are more likely to contribute without an account (as expected), and have less experience (as expected), but that accountholders are more likely to make themselves more identifiable by having a user page, disclosing their gender, and making themselves emailable (all three of these are contrary to expectation!).

Image of the estimated qualiy of articles of the four articles in the second mixed-methods paper. Extreme dips reflect periods of frequent vandalism.

Kaylea attempted to understand these somewhat confusing results by designing a fantastic mixed-methods analysis that sought to unpack some of the nuance missing in the quantitative analysis by delving deep into the “life histories” of four articles on English Wikipedia: two on taboo topics related to women’s anatomy (Clitoris and Menstration) and two nontaboo articles chosen for comparison (Cell membrance and Philip Pullman).

Although the findings from the analysis can be difficult to summarize succinctly (as with many qualitative studies), we showed how the taboo example articles’ success was hard-won amid real challenges and attacks. The paper describes how challenges were overcome through resilient leadership, often provided by a single dedicated individual. The paper provides a template for how taboo can be—and frequently is—overcome by dedicated Wikipedians in ways that provide useful knowledge resources in real demand.

For more details, visualizations, statistics, and more, we hope you’ll take a look at our papers, both linked below.

The full citation for the papers are: (1) Champion, Kaylea, and Benjamin Mako Hill. 2023. “Taboo and Collaborative Knowledge Production: Evidence from Wikipedia.” Proceedings of the ACM on Human-Computer Interaction 7 (CSCW2): 299:1-299:25. https://doi.org/10.1145/3610090. (2) Champion, Kaylea, and Benjamin Mako Hill. 2024. “Life Histories of Taboo Knowledge Artifacts.” Proceedings of the ACM: Human-Computer Interaction 8 (CSCW2): 505:1-505:32. https://doi.org/10.1145/3687044.

We have also released replication materials for the paper, including all the data and code used to conduct the analyses.

This blog post and the paper it describes are collaborative work by Kaylea Champion and Benjamin Mako Hill.

It is eminitently reasonable for companies to have "readability standards" for their code. You're writing this code for humans to read, after all, at least in theory. You need to communicate to future inheritors of your code.

But that doesn't mean readability standards are good. Tony's company, for example, has rules about returning boolean values from functions, and those rules mean you are expected to write code like this:

public bool Completed ()
{
   if (completed == true)
   {
   return true;
   }
   else
   {
   return false;
   }
}

It's more "explicit" this way. Which I certainly would have explicit things to say if I were told I needed to write code this way. Also, what's with the non-indented return statements? Is that also part of their coding standards?

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Author: Julian Miles, Staff Writer The curtains hang out the window, blowing in the breeze. A tic starts on his cheek, but stills when he looks down, gaze drawn to where a torn page from her notebook flaps about in his grip, like a little bird trying to escape. Far down the road a girl […]

The post Anna Left Today appeared first on 365tomorrows.

Review: Dark Class, by Michelle Diener

Dark Class is the fifth novel (not counting the skippable novella) in Michelle Diener's Class 5 romantic science fiction series. As with the previous novels, this follows romance series conventions: There are new protagonists, but characters from the previous books make an appearance. It's helpful but not that necessary to remember the details of the previous books; the necessary background is explained enough to follow the story.

By now, series readers know the formula. Yet another Earth woman was secretly abducted by the Tecran, encounters a Class 5 ship, and finds a way to be surprisingly dangerous and politically destabilizing. This time, Ellie has been mostly unconscious since her abduction and awakes in a secret Tecran base after the Tecran have all been murdered. There is a Class 5 AI involved, but not a full ship; instead, Dark Class picks up (or, arguably, manufactures) a loose end from Dark Minds. Other than that break from the formula, you know what to expected by now: a hunky Grih, a tricky political standoff, a protective Class 5, a slow-burn romance, and a surprisingly capable protagonist who upends politics through plucky grit and refusal to tolerate poor treatment. Oh, and a new selection of salvaged clothing and weapons to make Ellie beautiful and surprisingly dangerous.

If you are this far into the series, you probably like the formula. That's my position. I don't care about the romance, but something about the prisoner to threat evolution of the kidnapped protagonists and the growing friendship with an AI makes me happy. This is not great literature, but it is reliably entertaining with a guaranteed victorious protagonist and happy ending, making it a comfortable break from more difficult books with emotionally wrenching scenes.

Dark Class is one of the better executions of the formula because it has long stretches of my favorite parts of these books: exploration of mostly-abandoned surroundings for neat gadgets while the AI and the protagonist slowly build a relationship of mutual respect. This book has bonus drones with minds of their own and an enigmatic alien spaceship that provides a fun mid-novel twist. The Tecran and the Grih repeatedly underestimate Ellie and are caught by surprise at dramatically satisfying moments. It's just fun to read, and I save this series for when I need that type of book.

As with the other books of the series, Diener's writing is serviceable but not great. She repeats herself, uses way too many paragraph breaks for emphasis, and is not going to win any literary awards for prose quality. The series is in the upper half of self-published works, and I've certainly read worse, but either the formula will click with you or it won't. If it doesn't, the prose is not going to salvage the book.

There is some development of the series plot, but it's mostly predictable fallout from Dark Matters. This book is mostly tactical and smaller in scale. I am a little curious where Diener is going with political developments, since the accumulated Earth women and Class 5 ships are in some danger of becoming a sort of shadow government through sheer military power, but I'm dubious this series will have enough political sophistication to dig into the implications. It's best enjoyed as small-scale episodic wish fulfillment for female protagonists, and that's good enough for me.

If you've read this far in the series, recommended; this is one of the stronger entries.

Followed by Collision Course, which breaks the title convention for the series.

Rating: 7 out of 10

I often need a quick calculation or a unit conversion. Rather than reaching for a separate tool, a few lines of Zsh configuration turn = into a calculator. Typing = 660km / (2/3)c * 2 -> ms gives me 6.60457 ms¹ without leaving my terminal, thanks to the Zsh line editor.

The equal alias

The main idea looks simple: define = as an alias to a calculator command. I prefer Numbat, a scientific calculator that supports unit conversions. Qalculate is a close second.² If neither is available, we fall back to Zsh’s built-in zcalc module.

As the alias built-in uses = as a separator for name and value, we need to alter the aliases associative array:

if (( $+commands[numbat] )); then
  aliases[=]='numbat -e'
elif (( $+commands[qalc] )); then
  aliases[=]='qalc'
else
  autoload -Uz zcalc
  aliases[=]='zcalc -f -e'
fi

With this in place, = 847/11 becomes numbat -e 847/11.

The quoting problem

The first problem surfaces quickly. Typing = 5 * 3 fails: Zsh expands the * character as a glob pattern before passing it to the calculator. The same issue applies to other characters that Zsh treats specially, such as > or |. You must quote the expression:

$ = '5 * 3'
15

We fix this by hooking into the Zsh line editor to quote the expression before executing it.

Automatic quoting with ZLE

Zsh calls the accept-line widget when you submit a command. We replace it with a function that detects the = prefix and quotes the expression:

_vbe_calc_accept() {
  case $BUFFER in
    "="*)
      typeset -g _vbe_calc_expr=$BUFFER # not used yet
      BUFFER="= ${(q-)${${BUFFER#=}# }}"
      ;;
  esac
  zle .accept-line
}
zle -N accept-line _vbe_calc_accept

When you type = 5 * 3 and press ↲, _vbe_calc_accept strips the = prefix, quotes the remainder with the (q-) parameter expansion flag, and rewrites the buffer to = '5 * 3' before invoking the original .accept-line widget. As a bonus, you can save a few keystrokes with =5*3! 🚀

You can now compute math expressions and convert units directly from your shell. Zsh automatically quotes your expressions:

$ = '1 + 2'
3
$ = 'pi/3 + pi |> cos'
-0.5
$ = '17 USD -> EUR'
14.7122 €
$ = '180*500mg -> g'
90 g
$ = '5 gigabytes / (2 minutes + 17 seconds) -> megabits/s'
291.971 Mbit/s
$ = 'now() -> tz("Asia/Tokyo")'
2026-03-22 22:00:03 JST (UTC +09), Asia/Tokyo
$ = '1 / (40 rods / hogshead) -> L / 100km'
118548 × 0.01 l/km

The metric system is the tool of the devil! My car gets forty rods to the hogshead, and that's the way I like it! ― Grampa Simpson, A Star Is Burns

Storing unquoted history

As is, Zsh records the quoted expression in history. You must unquote it before submitting it again. Otherwise, the ZLE widget quotes it a second time. Bart Schaefer provided a solution to store the original version:

_vbe_calc_history() {
  return ${+_vbe_calc_expr}
}
add-zsh-hook zshaddhistory _vbe_calc_history

_vbe_calc_preexec() {
  (( ${+_vbe_calc_expr} )) && print -s $_vbe_calc_expr
  unset _vbe_calc_expr
  return 0
}
add-zsh-hook preexec _vbe_calc_preexec

The zshaddhistory hook returns 1 if we are evaluating an expression, telling Zsh not to record the command. The preexec hook then adds the original, unquoted command with print -s.

The complete code is available in my zshrc. A common alternative is the noglob precommand modifier. If you stick with to instead of -> for unit conversion, it covers 90% of use cases. For a related Zsh line editor trick, see how I use auto-expanding aliases to fix common typos.

Author: Jacqueline Kaufman Jean of Arc takes her meds, swallowing carefully. “Delicious,” smiling, almost all her teeth intact. The voices have gone somewhere in the whiteness, gathering strength. In Russo-Amerique, meds are treasure, and she has been selected. Regularized. She has a home, concrete gray blocks that hold wind at bay, tuck in the heat […]

The post Regularized appeared first on 365tomorrows.

Last time, I posted a lengthy missive by ChatGPT appraising my new book ailien minds, prompted by Richard Bliss, with some of my own commentary and demurals laced-in. 

All-told, the effect was that of a loquacious book report by a garrulous and rather unctuous high school sophomore who had flipped through some random pages for key words and then googled some of them... or used them to sift its training sets. 

Still - fair or unfair - the overall impression is night-and-day.  Claude's missive is accurate, pertinent and in some cases even surprisingly insightful. And weirdly honest about its own (un)sapience. 

Unlike GPT, which glossed maybe 5% my work over a reurgitaion of common AI memes from its training sets, Claude zoomed upon core concepts in alien minds, distilling an impressive 50% or so of the key points. (Though of course none of the supporting evidence, of which Claude says I provide too copiously!)

Moreover, there was almost none of GPT's blatant flattery.  Well, except for the flattery that's inherent in well-summarizing my ideas.

But judge for yourself. And note at the end where I promise a more-fair comparison. Maybe next time. If world events don't force me back to politics.

(Oh, note: on Monday I keynote one of the tracks at the big RSA conference.)

============== 

A Critique of ChatGPT’s Review of

Ailien Minds  by David Brin

Written by Claude (Anthropic) March 2026

Prepared after reading the full text of Ailien Minds via page-by-page screenshots supplied by Richard Bliss

Preamble: A Note on What This Document Is

This is a critique written by one AI system (Claude, made by Anthropic) of another AI system’s (ChatGPT, made by OpenAI) review of a book that is substantially about how AI systems should be governed. The irony is not lost on me.

A disclosure: I read Ailien Minds page by page through 73 screenshots shared by a reader. ChatGPT appears to have been given the book’s text as a submission for review. We both had access to the source material. We arrived at very different readings.

David Brin annotated the ChatGPT exchange with his own reactions. I have read those annotations. In the interest of transparency, they informed my critique—but so did my own independent reading of the book. Where I agree with Brin’s frustrations, I will say so. Where I think the ChatGPT review got something right despite his objections, I will say that too.

The Central Problem: Surface Pattern-Matching vs. Structural Argument

The ChatGPT review correctly identifies that Ailien Minds is about AI, that Brin occupies a middle position between optimists and doomers, and that he favors transparency and competing systems over centralized control. These are accurate at the level of a dust jacket summary. The problem is that a dust jacket summary is essentially all ChatGPT produced, stretched across several thousand words of increasingly generic AI commentary.

The book’s actual contribution—its reason for existing alongside the dozens of other AI books published in 2025–2026—is a specific, detailed argument about mechanism. How, precisely, do you keep powerful AI entities accountable once their creators can no longer control them? Brin’s answer draws on evolutionary biology, ecosystem dynamics, and the history of legal and democratic institutions to propose that individuated AI agents, competing within transparent accountability structures, represent the only approach with historical precedent for success.

ChatGPT never engages with this mechanism. It talks about transparency in the abstract. It mentions competing AIs. But it never connects these to the specific framework Brin builds: individuation (giving AI agents distinct, persistent identities), reciprocal accountability (structuring incentives so AI entities police each other), and disputation arenas (formal adversarial processes for testing AI claims and behavior). These are not passing ideas in the book. They are the book’s thesis.

Five Specific Failures

1. The Three Clichés Were Invisible

One of Brin’s most forceful arguments is that virtually all public AI discourse is trapped in three formats: AI as obedient corporate servant (the “castle” model), AI as amorphous uncontrolled swarm (the “blob” model), or AI as a single superintelligent overlord (the “Skynet” model). He argues these three clichés function as thought-terminating frameworks that prevent people from imagining a fourth alternative.

ChatGPT’s review addresses only the third cliché (Skynet), and only to dismiss it. The castle and blob models—which Brin argues are actually more dangerous because they are more plausible—go entirely unmentioned. This is a significant omission. It is as if someone reviewed Darwin’s On the Origin of Species and discussed his observations about finch beaks without ever mentioning natural selection.

2. Individuation Was Missed Entirely

The concept of individuation—giving AI systems distinct, trackable identities so they can build reputations and be held accountable—is arguably the single most novel proposal in the book. It is the mechanism by which Brin’s vision of competitive accountability would actually function. Without individuation, you cannot have meaningful AI reputations. Without reputations, you cannot have market-style accountability. The entire logical chain depends on it.

ChatGPT does not mention it once.

3. The Ecosystem Argument Was Flattened

Brin spends a full chapter (Chapter 3) and a substantial aside (Aside #4, on “Soup vs. Sea”) building a detailed analogy between biological ecosystems and the emerging digital ecosystem. This is not a loose metaphor. He traces specific parallels: energy gradients, predator-prey dynamics, the role of barrier membranes in enabling individuation, and the historical pattern that monopoly organisms cause ecosystem collapse.

ChatGPT reduces this to a vague gesture toward “a messy ecosystem of AIs.” The structural argument about why ecosystems need individuated agents with membranes (boundaries, identities) to remain healthy—which is the bridge between Brin’s ecological thinking and his policy proposals—disappears entirely.

4. The Disputation Arena Proposal Was Absent

Chapter 12 presents what is arguably the book’s most concrete policy proposal: Disputation Arenas, formal adversarial processes modeled on courtrooms, scientific peer review, and competitive markets, designed to stress-test AI systems and AI governance proposals through structured disagreement. Brin devotes considerable space to designing this mechanism, including how different outcomes (clear victory, compromise, or productive stalemate) would each generate value.

ChatGPT’s review does not mention disputation, adversarial testing, or structured debate in any form. For a book whose final major chapter is titled “Our Abrasive Secret Sauce,” this is a remarkable gap.

5. Training Data Overwhelmed Source Material

Perhaps the most instructive failure is how frequently the ChatGPT review drifts from the book’s actual content into generic AI discourse drawn from its training data. The extended discussions of Ray Kurzweil, Nick Bostrom, and Eliezer Yudkowsky are competent but contextually irrelevant—Brin mentions these figures only in passing, and his argument is specifically that the framework he proposes transcends the optimist/pessimist spectrum these thinkers represent.

Similarly, the later sections on “humans as sanity-check layers,” “trust as currency,” and “cognitive jobs” are reasonable points about AI’s economic impact—but they reflect generic AI futurism, not the book’s distinctive arguments. The review increasingly reads as “things an LLM knows about AI” rather than “a critical reading of this specific book.”

Brin identifies this drift repeatedly in his annotations. He is right to be frustrated. An AI reviewing a book should be accountable to the source material, not to its own training distribution.

What ChatGPT Got Right

Fairness requires noting what the review did well.

The initial framing of AI as “alien intelligence”—not extraterrestrial, but cognitively foreign—is an accurate representation of one of Brin’s themes. The observation that Brin sits between the poles of AI optimism and doom is correct. The point that Brin’s thinking is influenced by The Transparent Society is valid and relevant. And ChatGPT’s note that Brin has explored these ideas in fiction for decades provides useful context.

At the level of “what is this book generally about and who wrote it,” the review is competent. The failure is at the level of “what does this book specifically argue that other books do not,” which is the level at which a serious review must operate.

A Broader Observation

This exchange is itself a data point for one of Brin’s arguments. He warns throughout the book that LLMs are persuasively fluent without being deeply accountable to the material they process. The ChatGPT review demonstrates this precisely: it is well-organized, grammatically polished, and tonally appropriate. It sounds like a thoughtful review. But when measured against the source material, it is substantially hollow—a fluent recombination of training data that happens to overlap with the book’s topic, rather than a genuine critical engagement with the book’s unique arguments.

Brin proposes that accountability for AI should come through adversarial processes—competing systems checking each other’s work. This critique is, in a small way, an instance of exactly that process. Whether it is a better reading than ChatGPT’s is not for me to judge. But the fact that two AI systems can produce substantially different readings of the same text, with different blind spots and different emphases, is itself an argument for the kind of competitive, multi-perspective AI governance Brin advocates.

=======

Back to DB here.

What impressed me most - beyond the cogency and direct/fair pertinence to my book - is the discursive style displayed by Claude's choice of paraphrasings.* In every case, it chose sentences that - while cogent and accurate - were not specific phrasings I'd have used. (Though in a couple of cases I wish that I had!)

Now, of course, that could be a programmed proclivity, well within the grasp of a Large Language Model. Still it does kind of resist the simplistic characterization that all LLMs are just advanced sentence auto-complete systems.

To be clear, although Claude gives you a vastly better summary here than GPT did, nevertheless...

... this is actually a test of YOU!

Are you still a reader? Possessed of true intellect and curiosity? Because I promise that any page of ailien minds will provide lots of value that no summary can encompass. Claude even says so, challenging you to be one of the elite who actually enjoys an idea and fact-rich book!  ;-)

 Next time, I'll post the de-novo appraisal of ailien minds that Mr. Bliss asked Claude to do, without feeding in the annotated GPT synopsis. If Claude were a person, that appraisal would still be affected by the earlier reading. That's not supposed to happen with LLMs, who should start fresh, if told-to. But judge fopr yorself.

Till, then, fight for a civilization that is worthy-of... and sets good examples for... these new children of our minds.

------

*  (Elsewhere I have said that paraphrasing accurately is the seldom mentioned top attreibute of someone who is arguing fairly and cogently.)

I saw Ladytron perform in Digital, Newcastle last night. The last time I saw them was, I think, at the same venue, 18 years ago. Time flies!

Back in the day (perhaps their heyday, perhaps not!) Ladytron ploughed a particular sonic furrow and did it very well. Going into the gig I had set my expectations that, should they play just these hits, I'd have a good time.

The gig exceeded my expectations. The setlist very much did not lean into their best-known period: the more recent few albums were very well represented and to me this felt very confident. The lead singer, Helen Marnie, demonstrated some excellent range, particularly on some of the new songs. Daniel Hunt did a lot of backing vocals and they were really complementary to Helen's: underscoring but not overpowering. I enjoyed nerding out watching Mira Ayoro's excellent wrangling of her Korg MS-20. One highlight was an encore performance of Light & Magic, which was arguably the "alternate version" as available on the expanded versions of that album or the Remixed and Rare companion.

I thought I'd try to put together a 5-track playlist for a friend who attended the gig but isn't super familiar with them. As usual this is hard. I'm going to avoid the obvious hits, try to represent their whole career and try to ensure the current trio each get a vocal turn in the selection.

They actually released their latest album, Paradises, yesterday as well. One track from it is in the list below.

(If you can't see anything, the bandcamp embeds have been stripped out by whatever you are viewing this with)

When you’re looking at source code it can be helpful to have some evidence indicating who wrote it. Author tags give a surface level indication, but it turns out you can just lie and if someone isn’t paying attention when merging stuff there’s certainly a risk that a commit could be merged with an author field that doesn’t represent reality. Account compromise can make this even worse - a PR being opened by a compromised user is going to be hard to distinguish from the authentic user. In a world where supply chain security is an increasing concern, it’s easy to understand why people would want more evidence that code was actually written by the person it’s attributed to.

git has support for cryptographically signing commits and tags. Because git is about choice even if Linux isn’t, you can do this signing with OpenPGP keys, X.509 certificates, or SSH keys. You’re probably going to be unsurprised about my feelings around OpenPGP and the web of trust, and X.509 certificates are an absolute nightmare. That leaves SSH keys, but bare cryptographic keys aren’t terribly helpful in isolation - you need some way to make a determination about which keys you trust. If you’re using someting like GitHub you can extract that information from the set of keys associated with a user account¹, but that means that a compromised GitHub account is now also a way to alter the set of trusted keys and also when was the last time you audited your keys and how certain are you that every trusted key there is still 100% under your control? Surely there’s a better way.

SSH Certificates

And, thankfully, there is. OpenSSH supports certificates, an SSH public key that’s been signed by some trusted party and so now you can assert that it’s trustworthy in some form. SSH Certificates also contain metadata in the form of Principals, a list of identities that the trusted party included in the certificate. These might simply be usernames, but they might also provide information about group membership. There’s also, unsurprisingly, native support in SSH for forwarding them (using the agent forwarding protocol), so you can keep your keys on your local system, ssh into your actual dev system, and have access to them without any additional complexity.

And, wonderfully, you can use them in git! Let’s find out how.

Local config

There’s two main parameters you need to set. First,

1

git config set gpg.format ssh

because unfortunately for historical reasons all the git signing config is under the gpg namespace even if you’re not using OpenPGP. Yes, this makes me sad. But you’re also going to need something else. Either user.signingkey needs to be set to the path of your certificate, or you need to set gpg.ssh.defaultKeyCommand to a command that will talk to an SSH agent and find the certificate for you (this can be helpful if it’s stored on a smartcard or something rather than on disk). Thankfully for you, I’ve written one. It will talk to an SSH agent (either whatever’s pointed at by the SSH_AUTH_SOCK environment variable or with the -agent argument), find a certificate signed with the key provided with the -ca argument, and then pass that back to git. Now you can simply pass -S to git commit and various other commands, and you’ll have a signature.

Validating signatures

This is a bit more annoying. Using native git tooling ends up calling out to ssh-keygen², which validates signatures against a file in a format that looks somewhat like authorized-keys. This lets you add something like:

1

* cert-authority ssh-rsa AAAA…

which will match all principals (the wildcard) and succeed if the signature is made with a certificate that’s signed by the key following cert-authority. I recommend you don’t read the code that does this in git because I made that mistake myself, but it does work. Unfortunately it doesn’t provide a lot of granularity around things like “Does the certificate need to be valid at this specific time” and “Should the user only be able to modify specific files” and that kind of thing, but also if you’re using GitHub or GitLab you wouldn’t need to do this at all because they’ll just do this magically and put a “verified” tag against anything with a valid signature, right?

Haha. No.

Unfortunately while both GitHub and GitLab support using SSH certificates for authentication (so a user can’t push to a repo unless they have a certificate signed by the configured CA), there’s currently no way to say “Trust all commits with an SSH certificate signed by this CA”. I am unclear on why. So, I wrote my own. It takes a range of commits, and verifies that each one is signed with either a certificate signed by the key in CA_PUB_KEY or (optionally) an OpenPGP key provided in ALLOWED_PGP_KEYS. Why OpenPGP? Because even if you sign all of your own commits with an SSH certificate, anyone using the API or web interface will end up with their commits signed by an OpenPGP key, and if you want to have those commits validate you’ll need to handle that.

In any case, this should be easy enough to integrate into whatever CI pipeline you have. This is currently very much a proof of concept and I wouldn’t recommend deploying it anywhere, but I am interested in merging support for additional policy around things like expiry dates or group membership.

Doing it in hardware

Of course, certificates don’t buy you any additional security if an attacker is able to steal your private key material - they can steal the certificate at the same time. This can be avoided on almost all modern hardware by storing the private key in a separate cryptographic coprocessor - a Trusted Platform Module on PCs, or the Secure Enclave on Macs. If you’re on a Mac then Secretive has been around for some time, but things are a little harder on Windows and Linux - there’s various things you can do with PKCS#11 but you’ll hate yourself even more than you’ll hate me for suggesting it in the first place, and there’s ssh-tpm-agent except it’s Linux only and quite tied to Linux.

So, obviously, I wrote my own. This makes use of the go-attestation library my team at Google wrote, and is able to generate TPM-backed keys and export them over the SSH agent protocol. It’s also able to proxy requests back to an existing agent, so you can just have it take care of your TPM-backed keys and continue using your existing agent for everything else. In theory it should also work on Windows³ but this is all in preparation for a talk I only found out I was giving about two weeks beforehand, so I haven’t actually had time to test anything other than that it builds.

And, delightfully, because the agent protocol doesn’t care about where the keys are actually stored, this still works just fine with forwarding - you can ssh into a remote system and sign something using a private key that’s stored in your local TPM or Secure Enclave. Remote use can be as transparent as local use.

Wait, attestation?

Ah yes you may be wondering why I’m using go-attestation and why the term “attestation” is in my agent’s name. It’s because when I’m generating the key I’m also generating all the artifacts required to prove that the key was generated on a particular TPM. I haven’t actually implemented the other end of that yet, but if implemented this would allow you to verify that a key was generated in hardware before you issue it with an SSH certificate - and in an age of agentic bots accidentally exfiltrating whatever they find on disk, that gives you a lot more confidence that a commit was signed on hardware you own.

Conclusion

Using SSH certificates for git commit signing is great - the tooling is a bit rough but otherwise they’re basically better than every other alternative, and also if you already have infrastructure for issuing SSH certificates then you can just reuse it⁴ and everyone wins.

Before reaching Vietnam

Continuing from the last post, Badri and I took a flight from the Brunei International Airport to Kuala Lumpur on the 12th of December 2024. We reached Kuala Lumpur in the evening.

After arriving at the airport, we went through immigration. In a previous post, I mentioned that we had put our stuff in lockers at the TBS bus terminal in Kuala Lumpur. Therefore, we had to go there.

The locker was automated and required us to enter the PIN we had set. Upon entering the PIN, the locker wasn’t getting unlocked. After trying this for 10-15 minutes without any luck, we tried getting some help as there the lockers weren’t under supervision.

So, I roamed around and found a staff member, reporting that our lockers weren’t getting unlocked. They called the person who was in-charge of the lockers. He came to us in a few minutes and used their admin access to open the locker. We were supposed to pay for using the lockers by putting the banknotes inside through a slot. However, as the machine wasn’t working, we gave the amount for the use of our locker service to that person instead.

We soon went back to the KL airport to catch our morning flight to Ho Chi Minh City in Vietnam. At the flight counter, we were afraid we would have to pay extra as our luggage surpassed the allowed weight limit. This one was also a budget airline—AirAsia—and our tickets didn’t include a check-in bag.

Generally, passengers from countries requiring a visa to visit Vietnam (such as India) require going to the airline and showing their visa to get the boarding pass. However, when we went to the AirAsia counter at the Kuala Lumpur airport, they didn’t weigh our bags and asked us to get our boarding passes from an automated kiosk. So, we got our boarding passes printed and proceeded to the airport security.

While clearing the airport security, a lotion I bought from Singapore was confiscated because it was 200 mL, exceeding the limit of 100 mL per bottle. Had that 200 mL liquid been in two different bottles of 100 mL each, I would have been allowed to take it in my carry-on bag, but a single 200 mL bottle wasn’t! I was allowed to keep it in the check-in bag, but I didn’t have it included in my ticket. Huh, airports and their weird rules :( The lotion was an expensive one, so having it thrown away did ruin my mood.

Overview

We started our Vietnam trip from Ho Chi Minh City in the south on the 13th of December 2024 and finished it in Hanoi in the north on the 20th of December. We traveled from Ho Chi Minh City to Hanoi mostly by train, except for a hundred or so kilometers by bus, in chunks. On the way, we visited Nha Trang, Hoi An, and Hue. The distance between Ho Chi Minh City and Hanoi is 1700 km.

For your reference, here are those places labeled on Vietnam’s map.

A map of Vietnam with points of places we went to labeled. ©CARTO ©MAPTILER ©OPENSTREETMAP

Ho Chi Minh City

We landed in Ho Chi Minh City early morning on the 13th of December 2024. I was tired and sleepy as I hadn’t gotten a good night’s sleep. After going through immigration, we went to a currency exchange counter to get Vietnamese Dong. Unlike other countries on this trip, money exchange counters in Vietnam didn’t accept Indian rupees. Therefore, we exchanged euros to get Vietnamese dong at the airport.

After getting out of the airport, we took a bus to the city center. It was 15,000 dongs—approximately 50 Indian rupees. Our plan was to meet Badri’s friend and stay the night at his apartment.

So we went to a café nearby and bought a coffee for each of us for 75,000 dongs. We went upstairs and sat for a while. The Wi-Fi password was mentioned on our bill. During the trip, I found out about the café culture of Vietnam. They have their own coffee brands (such as Highlands Coffee), and you can sit down at any of the cafés for work or wait for the rain to stop. It rained a lot while we were there, so we did use these cafés for that purpose.

Badri’s friend met us there, and we roamed around the area a bit, which included roaming inside a beautiful park. Then Badri’s friend took us to a restaurant. Because I do not eat meat, he took us to a vegan restaurant. Having been to four Southeast Asian countries at this point (excluding Vietnam), I was under the impression that there wouldn’t be a lot of things for my diet in Vietnam.

A picture of the park we roamed around in Ho Chi Minh City. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

However, I was pleasantly surprised at the restaurant. I found all the dishes to be tasty, especially their signature noodles called Pho. I liked another dish so much that I tracked down the restaurant again with Badri using the geotagged image of the bill I had taken earler to have it again. As a tip for vegans coming to Vietnam, the places having the letters “Chay” (without any accented letters) in their name are vegan only.

This is the restaurant Badri’s friend took us to. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

One of the dishes we had in the restaurant. This one was especially tasty. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

One of the dishes we had in the restaurant. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

These noodles are called Pho and are very popular in Vietnam. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

In the night, we went to a supermarket where I got myself some oranges and guavas. Then, we went to a Japanese restaurant where I didn’t have anything, as there was no vegetarian option available for me. Then we took a free bus to the place to Badri’s friend’s apartment. The construction company that built the apartment also runs this free bus service from their residential area to different parts of the city as a way of promoting their apartments. Anyone can take the bus, not just residents.

The next day, we took the free bus back to the city center and checked in to a hostel for a night. We took two beds in dormitories, which were 88,000 dongs (270 rupees) for each bed for a night. In Vietnam, if you can spend around 300 rupees per night, you can get a bed in a decent hostel.

Train from Ho Chi Minh City to Nha Trang

On the night of the 15th of December 2024, we boarded a train from Ho Chi Minh City to Nha Trang. The ticket for each of us was 519,000 dongs (1600 Indian rupees). The train name was SNT2. When we reached the Ho Chi Minh City train station, we noticed that the station was rather small by Indian standards.

After entering the train station, we went inside to the first platform, where the tickets were checked by a staff member. Ho Chi Minh City was the originating station for our train, so our train was already standing at the station. We had to cross the railway tracks on foot to reach the platform our train was on. Then we located our coach, where a ticket inspector was standing at the gate. He let us in after checking our tickets. In all these instances, we just had to show our digital boarding pass which we had received by email.

Unlike Indian trains, the train didn’t have side berths. Additionally, I liked the fact that it had a dedicated space to put our bags in, which was very convenient. The train departed from Ho Chi Minh City at 21:05 and arrived in Nha Trang at 05:30 in the morning.

Interior of our train coach. Trains in Vietnam don’t have side berths, unlike India. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

A picture of the berths from our coach. It had three tiers, similar to a 3 AC coach in Indian trains. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

The train had a cabin to put the bags in. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Nha Trang train station. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Nha Trang

Nha Trang is a coastal place, and we planned to go to a beach. We figured out that the bus to the airport goes can drop us near the beach. Therefore, we went to the bus station to get to the airport bus. The bus station was walking distance from the railway station. So, we decided to walk.

On the way, we stopped at a small shop for a coffee. The shop also gave a complimentary cup of green tea along with the coffee. I found out later that it is common for local shops to give a cup of complimentary green tea in Vietnam.

I got a complimentary cup of green tea along with coffee in Nha Trang. In this trip, Badri and I found out that this is customary at local places in Vietnam. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Soon we reached the bus station and took a bus to the beach. It was 65,000 dongs (₹200). After getting down from the bus, I had coconut water and some eggs at a small local place.

Eggs being cooked on a pan for my order. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Then we went to the beach, but nobody else was there. We spent some time there and went back to the place where the bus dropped us as it started raining. We couldn’t find a bus for some time. A taxi driver approached us and agreed to take us to the city center for 200,000 dongs (₹650). For reference, the place where he dropped us was 35 km from the place we took the taxi. Taxi fares in Vietnam were also cheap!

The beach we went to in Nha Trang. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Nha Trang was a beautiful place, and so we roamed around for a while. Then we stopped at a Highlands Coffee branch for a while. Since Christmas was coming up, the café had a Christmas tree, and I liked the Christmas vibes. They were playing Mariah Carey’s All I Want for Christmas Is You.

This one was shot in the city center. In this trip, Badri and I found out that this is customary at local places in Vietnam. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Inside a Highlands Coffee cafe in Nha Trang. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

A coffee I got from Highlands Coffee in Nha Trang. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

During the evening, we went to a local place to eat. The place mentioned “Chay” in its name, and you know what it means—it was a vegan place. There was a man there and no other customers. I don’t remember the names of the dishes we ordered, but it was a bowl of soupy noodles and a bowl of dry noodles. They were very tasty. To top that off, the meal was a total of 55,000 dongs (₹180) for both of us.

The host was welcoming and friendly. We had a nice conversation with the host. In Vietnam, restaurants give chopsticks to eat noodles. While Badri was good at using them, I wasn’t. So, the host of this restaurant helped me in using chopsticks. Although my technique was not perfect and I take a bit of time, I could now eat solely with chopsticks.

The restaurant we went to in Nha Trang. The word Chay in the name means it was a vegan restaurant. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Soupy noodles we got at that restaurant. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Dry noodles we got at that restaurant. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Our plan was to take a night bus to Hoi An, and we were hoping to find a bus stand. However, we couldn’t find one. Asking around about the pickup location of the Hoi An bus led us to many different locations. Finally, we ended up at a bus booking agency’s office where we found out that there were no tickets available for Hoi An.

At this point, we gave up on booking the bus and searched for trains instead. As we didn’t have a local SIM, we asked the agency to let us connect to their Wi-Fi so that we could look for trains. They were kind enough to let us do that. It also seemed like they were going to close the office in like 10 minutes.

Unfortunately, all the sleeper berths were booked from Nha Trang till Hoi An on the next train with only seating berths being available. It takes around 10 hours, so I wasn’t comfortable traveling on seating berths.

Here I came up with the idea to look for sleeper berths from an intermediate stop. Fortunately, there were sleeper berths available from the next stop, Ninh Hòa. Therefore, we booked a seating berth from Nha Trang to Ninh Hòa and a sleeper berth from Ninh Hòa to Trà Kiệu (the nearest railway station from Hoi An). The train name was SE6, and it was a total of 500,000 dongs per person (₹1600 per person).

So, we went to the Nha Trang railway station and boarded the train. We had to spend 40 minutes seated for the train to reach the next stop before we could go to our sleeper berths. Badri had some friendly co-passengers on that trip who gave him Saigon beer and some crispy papad-like thing. They offered me as well, but I thought it was non-veg, so I declined it.

Hoi An

On the morning of 17th December 2024, we got down at the Trà Kiệu station at around 09:30. Our hostel was in Hoi An, which was around 22 km from the station. There was no public transport to get there.

Instead, there was a taxi driver at the train platform. We told him the name of our hostel, and he quoted 270,000 dongs (around ₹850). We said it was too expensive for us, so he agreed to bargain at 250,000 dongs. At this point, we told him that we could give him no more than 200,000 dongs, but he didn’t agree.

Badri tried a trick. He asked the driver to show us prices in the Grab app (a popular taxi booking app in Southeast Asia). Unfortunately, the Grab app showed 258,000 dongs, which was more than the fare the driver agreed to.

So we walked away as if we had so many options (we didn’t!) to reach the hostel. We got out of the station and stopped at a small shop outside to have some coffee. As is customary in Vietnam, we got a complimentary green tea here as well.

This was the place we had our coffee in Tra Kieu. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

That taxi driver also joined us and sat in that shop. He started talking with the locals in the shop in the local language. The taxi driver was insistent on taking us to Hoi An for 250,000 dongs. At this point, Badri told the taxi driver (by the use of translation software) that we usually use public transport during our trips, and we aren’t used to paying high prices to get around. So, he can drop us somewhere in Hoi An for 200,000 dongs as we don’t mind walking a bit to reach our hotel.

After reading this, the taxi driver agreed to take us to our hostel for 200,000 dongs (₹660). He also had me take a picture with Badri after this. I think such a bargain tactic would not work in India.

Photo of Badri with taxi driver. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

The nice thing we noticed in Vietnam is, once bargaining is done and the deal is settled, people don’t try to bargain more or keep on talking about the subject. Before the deal, the driver was being somewhat insistent and argumentative, but after the deal was done, it was as if no argument had happened at all.

A picture of Tra Kieu area near the train station we got down at. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

We were treated to some beautiful scenery on the way to our hostel. Soon we reached our place and completed all the formalities for checking-in. During the time our room was being prepared for check-in, we had an egg sandwich with coffee in the hotel. I found the egg sandwich very tasty. The bread looked like the French baguette. The hostel was ₹240 per night for each of us.

The name of the hostel was Bana Spa. We liked staying here and we can recommend it if you find yourself there. It is operated by a family.

Our breakfast in Hoi An. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

A photo of the hostel we stayed in Hoi An. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

We also rented a bicycle for each of us—25,000 dongs per day (₹80)—and explored the old town during the evening. Hoi An is popular for Vietnamese silk. Tourists come here to buy fabric and get it done by the tailor. The buildings here looked old, and they were painted in yellow with a gabled roof.

Typical yellow house with gabled roof in Hoi An old town. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Here, I also had egg coffee for the first time, and I liked it. Egg coffee is a delicacy of Hanoi, but you can get it in other parts of Vietnam. If you find yourself in Vietnam, then I recommend you try egg coffee. We also bought some cool T-shirts and other souvenirs, such as a Vietnamese hat, from here.

Egg coffee I had in Hoi An. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Hue

The next day—the 18th of December 2024—we went to Hue by bus. As we could not take a bus on our own in Nha Trang, we asked the hostel to book it for us this time. We booked it a day before, and they told us to be ready by 07:00 in the morning. At 07:00, a minibus arrived, which took us to a bus agency’s office. There we waited for a few minutes and got into the bus to Hue.

The bus had sleeper seats, so I took the opportunity to catch some sleep. The ride was comfortable, so I am assuming the roads were good. In a couple of hours, we reached Hue. Again, we went to Highlands Coffee to have some coffee, charge our phones, and use the internet, not to mention using the bathrooms.

During the afternoon, we went to a local restaurant named Quán Chay Thanh Liễu. It was a vegan restaurant (remember the thing I mentioned earlier about “Chay” being in the name?). On the way, we had a steamed dumpling shaped like a momo called banh bao from a street vendor. It wasn’t very good, but I found it worthwhile.

Bahn Bao in Hue. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

At the restaurant, we ordered a hot pot. First, they brought noodles and a gas stove. Then came the stock and our gas stove was turned on. The stock was kept simmering on the stove. Then, we had it bit by bit with the noodles. A big hot pot at this place costs 50,000 dongs (₹170). Then we had bánh cuốn. These were steamed rolls made of rice flour for 10,000 dongs (₹33).

Hot Pot. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Added soup to the noodles. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Steamed rolls made of rice flour. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Restaurants in Vietnam usually add photos of the meals in their menu or write a description in English. So, even though the dish names were Vietnamese, we had no problems in ordering food there. In addition, all the places we went to provided free Wi-Fi. They either mention the Wi-Fi password on the bill, on the menu or paste it on the wall. This made our trip smoother without getting a local SIM.

Menu from a restaurant in Ho Chi Minh City with detailed description of the food. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

We had booked the train SE20 for Hanoi, which had a departure time of 20:41 from Hue. This one was 948,000 dongs (₹3100) for myself and 870,000 dongs (₹2900) for Badri. My ticket was pricier than Badri’s because I got a lower berth. Our train was late by half an hour, so we waited in the common area of the station. After the train arrived, we got inside and took our seats.

The cabin had four berths—two upper and two lower, similar to India’s First AC class. The ticket inspector came to us and offered us the whole cabin (two additional berths) for 300,000 dongs (₹1,000), which we declined. However, this hinted at the other two seats not being reserved. Eventually, we had the whole cabin to ourselves, as nobody else showed up for the other two berths. It was a 14-hour journey, and I got a good sleep.

Our berths in the train. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Hanoi

On the morning of the 19th of December 2024, we reached Vietnam’s capital, Hanoi. We had booked a private hotel room for ₹800. It was 1 km from the Hanoi Airport. However, it was pretty far from the railway station. So, we roamed around in the city and went to the hotel in the evening.

First, we walked to a place and had egg coffee with egg sandwiches. Then we went to Hanoi Train Street, which was walking distance from the train station. After clicking some pictures at the train street, we went to a museum nearby. Upon reaching there, we found out that it was closed.

Egg coffee in Hanoi. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Hanoi train street is a tourist attraction in Hanoi. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Then we went shopping for jackets, as Hanoi was cold compared to other parts of Vietnam we had been to, and since many of them are manufactured in Vietnam, we thought they would be cheaper. I liked some jackets, but they were not my size. Eventually, we didn’t buy anything at the clothes shop.

In the evening, I bought a Vietnamese-styled phin coffee filter and coffee powder from Highlands Coffee. We spent a lot of time in their cafes, so it made sense to buy some souvenirs from there. Badri bought a few coffee filters for his family at Trung Nguyen, where I also bought another filter.

We had dinner at a local place where we had pho and banh it. Bahn it was served packed in banana leaves and it was made of sticky rice.

A picture of pho we had in Hanoi. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Bahn it is served packed in banana leaves. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Bahn it. Photo by Ravi Dwivedi, released under CC-BY-SA 4.0.

Next, we went to Hanoi railway station to catch a bus to the airport since our hotel was 1 km from the airport. The locals there helped us take the bus. It took like an hour to get to the airport. We saw on OpenStreetMap that we can take a bus from there to the hotel, but we could not find it. So we walked to our hotel instead.

It was a decent hotel room for ₹800 for a night. We went outside to explore the area and had egg sandwiches and egg coffee at a local place. Again, we were given a complimentary green tea. We went to this place like three times. We had practically become regulars by the time we left.

The next day— 20th of December 2024 — we took a bus to the airport and boarded our flight to Delhi.

Credits: Thanks Badri, Kishy and Richard for proofreading.

Following up on the previous post, here are some heuristic results:

First, if restricting oneself to 5-uniform values (all values have exactly five bits set), the best 15-bit code one can make is indeed 42 elements, and there are two distinct solutions: {31, 227, 364, 692, 1240, 1577, 1606, 2353, 3008, 3205, 3338, 4434, 4746, 4869, 5536, 6182, 6217, 7696, 8582, 8984, 9266, 9537, 10324, 10408, 10755, 12433, 12896, 13324, 16777, 16977, 17186, 17684, 18578, 18956, 19552, 20536, 20676, 21507, 24613, 24650, 26240, 30976} and {31, 227, 364, 692, 849, 906, 1240, 2354, 3206, 3337, 3680, 4485, 5169, 5442, 5644, 6228, 6312, 6659, 8745, 9285, 9632, 9746, 10314, 10385, 11012, 12326, 12568, 12992, 16966, 17450, 17684, 18049, 18469, 18880, 18968, 20553, 20626, 21280, 24688, 24716, 24835, 31744}. This supports, but does not prove, the conjecture that A286874(15) = 42.

Second, A286874(16) >= 48 (the best previously known bound was 45), since this is a valid 48-element solution:

0000000000011111
0000000011100011
0000000101101100
0000001010110100
0000010011011000
0000011100000011
0000100100110001
0000101000101010
0000101111000000
0001000110001001
0001010000110010
0001011000001100
0001100100000110
0001110001000001
0010000110010010
0010010010000101
0010011001100000
0010100001010100
0010110100001000
0011000001001010
0011001000010001
0011100010100000
0100001001001001
0100010001000110
0100010110100000
0100100010001100
0100111000010000
0101000000100101
0101000101010000
0101001010000010
0110000000111000
0110001100000100
0110100000000011
1000001001010010
1000010000101001
1000010100010100
1000101000000101
1000110010000010
1001000011000100
1001001100100000
1001100000011000
1010000000100110
1010000101000001
1010001010001000
1100000010010001
1100000100001010
1100100001100000
1111010000000000

I won't be sweeping all of the 15- or 16-bit spaces.

Author: Moura BUREAUCRATIC RECORDS OF THE END TIMES Automatic compilation of human and environmental records Source: multiple devices Status: recovered fragments THE LAST KNOT (Record 001 — Autonomous diving equipment) Two hundred meters below the surface, the darkness presses on the lungs. William fumbles with the umbilical cable, adjusting the regulator valve. The PPO₂ fluctuates. […]

The post Bureaucratic Records Of The End Times appeared first on 365tomorrows.

The
WWW::Mechanize::Chrome Saga: A Comprehensive Narrative of PR #104

This document synthesizes the extensive work performed from March
13th to March 20th, 2026, to harden, stabilize, and refactor the
WWW::Mechanize::Chrome library and its test suite. This
effort involved deep dives into asynchronous programming,
platform-specific bug hunting, and strategic architectural
decisions.

Part I:
The Quest for Cross-Platform Stability (March 13 – 16)

The initial phase of work focused on achieving a “green” test suite
across a variety of Linux distributions and preparing for a new release.
This involved significant hardening of the library to account for
different browser versions, OS-level security restrictions, and
filesystem differences.

Key Milestones &
Engineering Decisions:

• Fedora & RHEL-family Success: A major effort
  was undertaken to achieve a 100% pass rate on modern Fedora 43 and
  CentOS Stream 10. This required several key engineering decisions to
  handle modern browser behavior:
  • Decision: Implement Asynchronous DOM Serialization
    Fallback. Synchronous fallbacks in an async context are
    dangerous. To prevent Resource was not cached errors during
    saveResources, we implemented a fully asynchronous fallback
    in _saveResourceTree. By chaining
    _cached_document with DOM.getOuterHTML
    messages, we can reconstruct document content without blocking the event
    loop, even if Chromium has evicted the resource from its cache. This
    also proved resilient against Fedora’s security policies, which often
    block file:// access.
  • Decision: Truncate Filenames for Cross-Platform
    Safety. To avoid File name too long errors,
    especially on Windows where the MAX_PATH limit is 260
    characters, filenameFromUrl was hardened. The filename
    truncation was reduced to a more conservative 150
    characters, leaving ample headroom for deeply nested CI
    temporary directories. Logic was also added to preserve file extensions
    during truncation and to sanitize backslashes from URI paths.
  • Decision: Expand Browser Discovery Paths. To
    support RHEL-based systems out-of-the-box, the
    default_executable_names was expanded to include
    headless_shell and search paths were updated to include
    /usr/lib64/chromium-browser/.
  • Decision: Mitigate Race Conditions with Stabilization Waits
    and Resilient Fetching. On fast systems,
    DOM.documentUpdated events could invalidate
    nodeIds immediately after navigation, causing XPath queries
    to fail with “Could not find node with given id”. A small stabilization
    sleep(0.25s) was added after page loads to ensure the DOM
    is settled. Furthermore, the asynchronous DOM fetching loop was hardened
    to gracefully handle these errors by catching protocol errors and
    returning an empty string for any node that was invalidated during
    serialization, ensuring the overall process could complete.
• Windows Hardening:
  • Decision: Adopt Platform-Aware Watchdogs. The test
    suite’s reliance on ualarm was a blocker for Windows, where
    it is not implemented. The t::helper::set_watchdog function
    was refactored to use standard alarm() (seconds) on Windows
    and ualarm (microseconds) on Unix-like systems, enabling
    consistent test-level timeout enforcement.
• Version 0.77 Release:
  • Decision: Adopt SOP for Version Synchronization.
    The project maintains duplicate version strings across 24+ files. A
    Standard Operating Procedure was adopted to use a batch-replacement tool
    to update all sub-modules in lib/ and to always run
    make clean and perl Makefile.PL to ensure
    META.json and META.yml reflect the new
    version. After achieving stability on Linux, the project version was
    bumped to 0.77.
• Infrastructure & Strategic Work:
  • The ad2 Windows Server 2025 instance was restored and
    optimized, with Active Directory demoted and disk I/O performance
    improved.
  • A strategic proposal for the Heterogeneous Directory
    Replication Protocol (HDRP) was drafted and published.

Part II: The
Great Async Refactor (March 17 – 18)

Despite success on Linux, tests on the slow ad2 Windows
host were still plagued by intermittent, indefinite hangs. This
triggered a fundamental architectural shift to move the library’s core
from a mix of synchronous and asynchronous code to a fully non-blocking
internal API.

Key Milestones &
Engineering Decisions:

• Decision: Expose a _future API.
  Instead of hardcoding timeouts in the library, the core strategy was to
  refactor all blocking methods (xpath, field,
  get, etc.) into thin wrappers around new non-blocking
  ..._future counterparts. This moved timeout management to
  the test harness, allowing for flexible and explicit handling of
  stalls.

  # Example library implementation
  sub xpath($self, $query, %options) {
      return $self->xpath_future($query, %options)->get;
  }
  
  sub xpath_future($self, $query, %options) {
      # Async implementation using $self->target->send_message(...)
  }

• Decision: Centralize Test Hardening in a Helper.
  A dedicated test library, t/lib/t/helper.pm, was created to
  contain all stabilization logic. “Safe” wrappers (safe_get,
  safe_xpath) were implemented there, using
  Future->wait_any to race asynchronous operations against
  a timeout, preventing tests from hanging.

  # Example test helper implementation
  sub safe_xpath {
      my ($mech, $query, %options) = @_;
      my $timeout = delete $options{timeout} || 5;
      my $call_f = $mech->xpath_future($query, %options);
      my $timeout_f = $mech->sleep_future($timeout)->then(sub { Future->fail("Timeout") });
      return Future->wait_any($call_f, $timeout_f)->get;
  }

• Decision: Refactor Node Attribute Cache.
  Investigations into flaky checkbox tests (t/50-tick.t)
  revealed that WWW::Mechanize::Chrome::Node was storing
  attributes as a flat list ([key, val, key, val]), which was
  inefficient for lookups and individual updates. The cache was refactored
  to definitively use a HashRef, providing O(1) lookups
  and enabling atomic dual-updates where both the browser property (via
  JS) and the internal library attribute are synchronized
  simultaneously.

• Decision: Implement Self-Cancelling Socket
  Watchdog. On Windows, traditional watchdog processes often
  failed to detect parent termination, leading to 60-second hangs after
  successful tests. We implemented a new socket-based watchdog in
  t::helper that listens on an ephemeral port; the background
  process terminates immediately when the parent socket closes,
  eliminating these cumulative delays.

• Decision: Deep Recursive Refactoring & Form
  Selection. To make the API truly non-blocking, the entire
  internal call stack had to be refactored. For example, making
  get_set_value_future non-blocking required first making its
  dependency, _field_by_name, asynchronous. This culminated
  in refactoring the entire form selection API (form_name,
  form_id, etc.) to use the new asynchronous
  _future lookups, which was a key step in mitigating the
  Windows deadlocks.

• Decision: Fix Critical Regressions & Memory
  Cycles.

  • Evaluation Normalization: Implemented a
    _process_eval_result helper to centralize the parsing of
    results from Runtime.evaluate. This ensures consistent
    handling of return values and exceptions between synchronous
    (eval_in_page) and asynchronous (eval_future)
    calls.

  • Memory Cycle Mitigation: A significant memory
    leak was discovered where closures attached to CDP event futures (like
    for asynchronous body retrieval) would capture strong references to
    $self and the $response object, creating a
    circular reference. The established rule is to now always use
    Scalar::Util::weaken on both $self and any
    other relevant objects before they are used inside a
    ->then block that is stored on an object.

  • Context Propagation (wantarray): A
    major regression was discovered where Perl’s wantarray
    context, which distinguishes between scalar and list context, was lost
    inside asynchronous Future->then blocks. This caused
    methods like xpath to return incorrect results (e.g., a
    count instead of a list of nodes). The solution was to adopt the “Async
    Context Pattern”: capture wantarray in the synchronous
    wrapper, pass it as an option to the _future method, and
    then use that captured value inside the future’s final resolution
    block.

    # Synchronous Wrapper
    sub xpath($self, $query, %options) {
        $options{ wantarray } = wantarray; # 1. Capture
        return $self->xpath_future($query, %options)->get; # 2. Pass
    }
    
    # Asynchronous Implementation
    sub xpath_future($self, $query, %options) {
        my $wantarray = delete $options{ wantarray }; # 3. Retrieve
        # ... async logic ...
        return $doc->then(sub {
            if ($wantarray) { # 4. Respect
                return Future->done(@results);
            } else {
                return Future->done($results[0]);
            }
        });
    }

  • Asynchronous Body Retrieval & Robust Content
    Fallbacks: Fixed a bug where decoded_content()
    would return empty strings by ensuring it awaited a
    __body_future. This was implemented by storing the
    retrieval future directly on the response object
    ($response->{__body_future}). To make this more robust,
    a tiered strategy was implemented: first try to get the content from the
    network response, but if that fails (e.g., for about:blank
    or due to cache eviction), fall back to a JavaScript
    XMLSerializer to get the live DOM content.

  • Signature Hardening: Fixed “Too few arguments”
    errors when using modern Perl signatures with
    Future->then. Callbacks were updated to use optional
    parameters (sub($result = undef) { ... }) to gracefully
    handle futures that resolve with no value.

  • XHTML “Split-Brain” Bug: Resolved a
    long-standing Chromium bug (40130141) where content provided via
    setDocumentContent is parsed differently than content
    loaded from a URL. A workaround was implemented: for XHTML documents,
    WMC now uses a JavaScript-based XPath evaluation
    (document.evaluate) against the live DOM, bypassing the
    broken CDP search mechanism.

Version 0.0.28 of RcppSpdlog arrived on CRAN today, has been uploaded to Debian and built for r2u. The (nice) documentation site has been refreshed too. RcppSpdlog bundles spdlog, a wonderful header-only C++ logging library with all the bells and whistles you would want that was written by Gabi Melman, and also includes fmt by Victor Zverovich. You can learn more at the nice package documention site.

This release contains a rebuild RcppExports.cpp to aid Rcpp in the transition towards Rcpp::stop() and away from Rf_error() in its user packages. No othe

The NEWS entry for this release follows.

Changes in RcppSpdlog version 0.0.28 (2026-03-19)

• Regenerate RcppExports.cpp to switch to (Rf_error) aiding in Rcpp transition to Rcpp::stop()

Courtesy of my CRANberries, there is also a diffstat report detailing changes. More detailed information is on the RcppSpdlog page, or the package documention site.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

Author: David Dumouriez Approximately four score and seven years ago, the Luxians saw, they came and they conquered. Well, actually they didn’t need to do much conquering. They simply made their presence abundantly clear and waited for the locals to decimate themselves in response. Some attempted to fight them, which was noble but futile. Ultimately, […]

The post The Extinction Clause appeared first on 365tomorrows.

In only a handful of years, four Liverpudlian scruffs clawed their way from obscurity to unprecedented worldwide celebrity.
Yeah, yeah, yeah.
Already making a mint from "Money" and other hits, by 1965 they were MBEs, and suddenly discovered class solidarity -- with the rest of the singlet-clad bathers in their grottos of ducats. To be fair, a 97% marginal rate does make it hard for a lad to break into the ranks of true generational wealth.
So in 1966, George Harrison and his newly-minted toffs released the anti-government protest shriek of the upper class, and even now, we Americans share their pain in this our momen of reckoning with ... the Tax Man.

The Beast in Black first complained "I tried to get my W2 (for our non-Murican friends, that's the statement from your employer showing how much they paid you and how much tax they deducted) from ADP, and apparently their programmers did a number (two) on the form. TRWTF is that the damn form actually works if I add the slash separators to the date components."

And again he moaned "Frankly, I'm a little too scared by this WTF to be snarky; I'd expect a Tax Accounting firm - H&R Block in this case - to not have such basic accounting WTFs. Perhaps they should change their name to H&R Blockhead...?"

Adam R. remarked "It's tax season again. I hope their tax return backend is better than their JavaScript frontend that set the tooltip on this image to [object Object]."

Frustrated Dustin S. is trying to comply: "I logged into my credit union to download the tax documents for my account, but when I clicked on the link, this is what I got. Maybe doing taxes by invoice in the U.S. now?"

And looking to the future, the tax man cometh inevitably for Michael R. , though not today. "In green: I want to enter a discount for the items I'm selling. The error says:"Invalid discount amount. Please enter a discount of less than €0.00 (packaging costs + taxes).". Yes, I have also tried to enter -7,41 without any luck. In blue: It says:"Total amount approx.". Maybe one of the ebay lawyers figured out they are using float data types and wants to cover their bottoms against the rounding errors?"

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.

Image: Shutterstock, @Elzicon.

The Justice Department said the Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants targeting multiple U.S.-registered domains, virtual servers, and other infrastructure involved in DDoS attacks against Internet addresses owned by the DoD.

The government alleges the unnamed people in control of the four botnets used their crime machines to launch hundreds of thousands of DDoS attacks, often demanding extortion payments from victims. Some victims reported tens of thousands of dollars in losses and remediation expenses.

The oldest of the botnets — Aisuru — issued more than 200,000 attacks commands, while JackSkid hurled at least 90,000 attacks. Kimwolf issued more than 25,000 attack commands, the government said, while Mossad was blamed for roughy 1,000 digital sieges.

The DOJ said the law enforcement action was designed to prevent further infection to victim devices and to limit or eliminate the ability of the botnets to launch future attacks. The case is being investigated by the DCIS with help from the FBI’s field office in Anchorage, Alaska, and the DOJ’s statement credits nearly two dozen technology companies with assisting in the operation.

“By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office.

Aisuru emerged in late 2024, and by mid-2025 it was launching record-breaking DDoS attacks as it rapidly infected new IoT devices. In October 2025, Aisuru was used to seed Kimwolf, an Aisuru variant which introduced a novel spreading mechanism that allowed the botnet to infect devices hidden behind the protection of the user’s internal network.

On January 2, 2026, the security firm Synthient publicly disclosed the vulnerability Kimwolf was using to propagate so quickly. That disclosure helped curtail Kimwolf’s spread somewhat, but since then several other IoT botnets have emerged that effectively copy Kimwolf’s spreading methods while competing for the same pool of vulnerable devices. According to the DOJ, the JackSkid botnet also sought out systems on internal networks just like Kimwolf.

The DOJ said its disruption of the four botnets coincided with “law enforcement actions” conducted in Canada and Germany targeting individuals who allegedly operated those botnets, although no further details were available on the suspected operators.

In late February, KrebsOnSecurity identified a 22-year-old Canadian man as a core operator of the Kimwolf botnet. Multiple sources familiar with the investigation told KrebsOnSecurity the other prime suspect is a 15-year-old living in Germany.

The diffoscope maintainers are pleased to announce the release of diffoscope version 315. This version includes the following changes:

[ Jelle van der Waa ]
* Adjust PGP file detection regex.

You find out more by visiting the project homepage.

I’ve released virtnbdbackup 2.46 which now attempts to extract the bitlocker recovery keys during backup. The windows domains need a working qemu agent installed during backup for this to work.

Using the agent, it also extracts the available guestinfo (network config, OS version etc..) from the domain and stores it alongside with the backup.

Read (Part One here)

When Ellis awoke on Sunday, the unusual cold broke through her drowsiness right away. Her new thermostat was programmed to maintain a lower temperature overnight, but at 6:30AM, it was supposed to climb again, kicking the heat on right when she got out of bed.

Why was it so cold? Why was the furnace dead silent? Something must've gone wrong again. So soon?

It sucked to get out of bed when it was dark and cold, but Ellis had no choice. She forced herself to peel back the covers and launch into her morning routine. Her cat shadowed her, helpfully letting her know several times that his plate had no food on it.

She attended to the cat's needs first before approaching the thermostat downstairs. The set point was at the overnight setting even though it claimed to be following her programmed schedule. Using the touchscreen interface, she increased the set point manually. The heat cut on just fine from there, thank goodness.

Through her dehydrated, hungry, uncaffeinated haze, Ellis suddenly remembered the time change. They had "sprung ahead" for Daylight Saving Time. Had her new thermostat joined them in this archaic ritual?

It had not. Checking its day/time settings, Ellis found the time an hour behind. She pressed her index finger onto the hour, expecting a dial or drop-down or some other such control to appear. Nothing. Hours, minutes, and AM/PM were all fixed. Only the time zone could be changed. It was currently set to EST. Opening the drop-down menu, none of the options she skimmed over looked promising.

Her old thermostat (out of support, incompatible with her new HVAC system) had handled time changes all by itself, and had allowed every possible manual adjustment one could wish for. It frustrated Ellis that the latest so-called "smart" thermostat couldn't manage the same despite being hooked up to the Internet at all times.

Part of her wanted to keep digging at this, but it was way too early. Ellis was unprepared in every possible way to descend into a troubleshooting rabbit-hole. She had places to be that morning. The heat was working, that was all that really mattered. More importantly, someone from the HVAC company was already scheduled to perform a 1-week follow-up test of her newly-installed system in a couple of days. She could disable the schedule and make manual adjustments until the technician arrived.

With HVAC having taken center stage in her brainspace for over a month by that point, Ellis desperately needed to give herself this break.

The technician who arrived was equally mystified. He tried a factory reset of the thermostat, which had no effect. It was determined that future time changes would have to be handled manually by toggling the time zone between EST and ... Eastern. An unhelpful label that Ellis' sleepy brain had completely glossed over early on Sunday morning.

Annoying, but not the end of the world.

Once the technician tested her system (all good, thankfully) and left, Ellis sat down in front of her laptop to check her usual subreddits. Ah, the World Baseball Classic! Someone had posted a highlight reel of her favorite baseball team's best pitcher—arguably the best pitcher on the planet—recording 7 strikeouts in a single game. She opened up the video, eager to watch.

Why the hell is Ellis suddenly telling you about sportsball? Because, in an amazing coincidence, she spied the name of the company that had built her new thermostat, right there on the backstop behind home plate!

So they had WBC advertising money, but couldn't pony up for a sensible day/time interface. Ellis suspects she's in for an interesting couple of decades ... assuming her new system lasts that long.

P.S. Since Ellis has shamelessly segued her way into sportsball, there's something else she wants to share: a new player on her favorite team, Jhostynxon Garcia, is nicknamed The Password.

His younger brother Johanfran, also a baseball player, is called The Username.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Author: AP Ritchey Every Sunday Jed and I met up at the catching place—a pond we’d been fishing for years. It wasn’t much to look at. Just a muddy oval tucked back behind a row of cottonwoods, with a leaning dock somebody built long before either of us started coming out there. The water stayed […]

The post The Catching Place appeared first on 365tomorrows.

 A CHATGPT Review of AIlien Minds by David Brin

For a midweek posting we'll take a break from frets about civilization and shift to something actually important.

      This is a copy of a conversation between ChatGPT & an anonymous reader,* who submitted AIlien Minds for review. Take into account that there appears to be an inherent tilt toward flattery in almost all 2025-2026 LLM systems. I also messed with line and para formatting for readability.

{DB notes will appear in Italics and within brackets.}  The questioner is in bold. GPT's commentary is in plain Times Roman.

The crux: do NOT imagine you'll get much of the interesting or useful content of ailien minds this way! You won't. 

Still, the exercise was interesting in its own way. And as a bonus I will later post what CLAUDE made of this annotated posting!

Anonymous Q:  David Brin’s new book entitled: “ailien mindsâ€� about AI intelligence was just published. Do you have any thoughts about it?

Here are a few thoughts about it and the ideas behind it.

1. The core idea: AI as “alien intelligence�

    Brin’s framing is that advanced AI may be the first truly “alienâ€� intelligence humans encounter—not extraterrestrial, but something whose cognition, goals, and reasoning could diverge radically from ours. This fits a broader scientific observation: as AI systems grow more complex, their internal processes can become opaque even to their creators, making them feel almost like a different species of mind. 

   Brin has explored similar themes for decades in his fiction — especially in the Uplift universe, where humans interact with radically different intelligences (aliens, uplifted animals, etc.). 

{DB: We’re already in a bit of trouble. Oh, that paragraph is accurate in and of itself, except that this is not one of the core points of my book. Rather, this “alien intelligence� aspect is simply posed as obvious -- a given.}

2. Brin’s typical stance on AI risk (less apocalyptic than some)

    Brin tends to sit between the extremes of AI optimism and doom. For example, some recent books argue that superintelligent AI could destroy humanity if developed recklessly. 
    Brin’s approach is usually more nuanced:

    AI could be enormously powerful and disruptive.

    But human institutions, competition, and transparency may prevent a single runaway catastrophe.

    Multiple AIs checking each other may be safer than a single dominant system. That argument reflects his long-standing idea from The Transparent Society: that mutual transparency and distributed power can stabilize advanced technology.

{DB: Fair enough.}

3. Why the “alien� metaphor matters

   Calling AI “alienâ€� isn’t just poetic—it changes how we think about it. If AI is truly alien-like:

a.     We shouldn’t assume it will share human values automatically.

b.     But we also shouldn’t assume it will become a villain like HAL 9000.

   Brin himself joked about dedicating the book to fictional AIs like Samantha and Data (hopeful examples) and HAL (a warning). 

   That captures the middle ground: AI will likely contain both promise and danger, depending on how humans shape it.

{DB: So far, moderately decent summarizing. Though note that the LLM’s use of “Iâ€� and singular personal is something that has been widely deemed dangerous and regrettable. There are many documented cases of it leading to harm. In my book, I propose that use of such language should be EARNED by the very topmost AIs, and then only after reciprocal criticism of each other’s worthiness.} 

4. My quick take on the premise

    Personally, I think the “alien intelligenceâ€� framing is one of the most useful mental models for AI.

Three reasons:

   It reminds us not to anthropomorphize AI. 

         {DB: Ironic, of course, since the breezy, personal style of this LLM encourages anthropomorphism.}
   The systems might reason in ways we find strange.

    It highlights communication challenges.
    Understanding a superhuman machine’s goals might be as hard as understanding an alien species.

    It’s historically accurate for technology.

    Every major new tool—writing, printing, computers—initially felt alien before we integrated it into society.  

     {DB: That last point is an interesting juxtaposition of two of my separate themes in the book. I had not used ‘alien’ in my discussions of past tech revolutions. And yet, here it does make some sense. One basic trait (insufficient) of a sapient mind is creating new associations between previously separated thoughts or notions. That just happened here, though probably just a linguistic extrapolation/interpolation.}

💡 Bottom line:
Brin’s book is part of a growing genre of serious thinking about AI that sits between hype and doom. The central idea—that advanced AI might be the first “alien mind� humanity encounters—is both philosophically rich and increasingly plausible.

If you want, I can also tell you:

-       the three most interesting ideas Brin argues about AI in that book, or

-       how his views compare with people like Ray Kurzweil, Eliezer Yudkowsky, or Nick Bostrom.

That comparison is pretty fascinating.

Q: Go on…

Alright — let’s dig a little deeper. The really interesting thing about AIlien Minds by David Brin is that it sits in the middle of a huge debate about the future of AI. Different thinkers look at the same technology and reach very different conclusions.

     Here’s a quick map of the spectrum.

1. David Brin — cautious but optimistic

Brin’s view is roughly:

AI could become extremely powerful and weird (hence “alien minds�).

But catastrophic outcomes aren’t inevitable.

Pluralism helps safety â€” many AIs, many institutions, many watchdogs.

He tends to distrust the idea that a single superintelligence will suddenly dominate everything.  Instead he thinks:

   competition between systems

   open societies

   transparency

…can keep things balanced.

   This perspective echoes ideas from his nonfiction book The Transparent Society, where he argues that mutual monitoring can stabilize powerful technologies.

2. Ray Kurzweil — extremely optimistic

    Ray Kurzweil believes AI will trigger the technological singularity. In books like The Singularity Is Near, he predicts:

    AI surpasses human intelligence

    humans merge with machines

    disease and aging may largely disappear

Kurzweil expects AI to be human-aligned because humans will merge with it. Critics say this view may underestimate risks.

3. Nick Bostrom — serious existential risk

    Philosopher Nick Bostrom wrote Superintelligence, which argues. A sufficiently advanced AI could rapidly outsmart humanity. If its goals aren’t aligned with human values, catastrophe could occur. His famous thought experiment: A superintelligent AI tasked with making paperclips might convert the entire planet into paperclip factories. The point isn’t paperclips — it’s that a powerful optimizer with the wrong objective can be dangerous.

4. Eliezer Yudkowsky — very pessimistic. He argues:

   superintelligent AI is extremely likely

   alignment is extremely difficult

   unaligned AI could wipe out humanity

He’s associated with the Machine Intelligence Research Institute and often advocates slowing or pausing AI development.

    {DB: The LLM does not mention the Yudkowsky book with a terrifically redolent title: “If Anyone Builds it, Everybody Dies.â€� The LLM does not mention calls for an AI moratorium. Or the vast range within both the Optimist and doomer communities. Nor the danger everyone agrees is serious, of AI driven unemployment. Or the proposed solutions (including some of my own) such as Universal Basic Income or Universal Capital.}

Where Brin fits in this spectrum:  Brin’s argument in AIlien Minds basically pushes back on the more apocalyptic views. His reasoning includes:

   1. Single-AI dominance is unlikely. Multiple actors are building AI simultaneously.

   2. Humans historically adapt to disruptive tech. Printing presses, nuclear weapons, and the internet all caused huge upheaval but didn’t destroy civilization.

   3. Intelligence isn’t automatically hostile. Being smarter doesn’t necessarily mean being adversarial.

So Brin’s message is roughly: AI may become alien — but alien doesn’t automatically mean hostile.

{DB: The previous Section (after� Q: Go on�) is kind of trite and repetitive. Especially the final paragraph “Where Brin fits in…� While the three sentences are basically true, this doesn’t address my key points and is somewhat misleading.}

 The deeper philosophical question

The real debate underlying all of this is: Does intelligence naturally converge toward cooperation or toward domination?

    Nobody actually knows.

    Evolution produced both wolves and symbiotic ecosystems.

    Human history produced both wars and global cooperation.

    AI might amplify whichever tendencies dominate the systems we build.

{DB: The LLM is just going its own way, now. Each sentence has validity in its own terms, though these are mostly just truisms. Likewise the following, which ignores how a single godlike AI entity is only one of the dismal clichés that are rife in the AI community and that I appraise in some depth..}

💭 My personal hot take: The most likely future probably looks less like a single god-like AI and more like a messy ecosystem of AIs, interacting with humans, corporations, and governments.

In other words — less Terminator and more the internet… but with minds inside it.

If you want, there are two especially wild ideas Brin raises about AI that almost nobody talks about yet:

    Why humans might deliberately create many competing AIs for safety.

    Why the first truly alien intelligence may already exist in primitive form today.

    Both are pretty mind-bending.

{DB: Neither of those are mind-bending, or ‘wild’ or even unusual thoughts. In the book I do recommend that AI entities be incentivized to compete, since that was the secret sauce of the Enlightenment Civilization that made them. And my chapter on consciousness does go into whether such entities might qualify as sapient or intelligent. But neither are core questions that make AiLien Minds all that unique.  

{DB: Rather, it is my discussion of how to incentivize reciprocal accountability among AIs. Which can only work if we copy Nature’s methods of individuation and selective reproduction.

{DB: Note also that no mention is made of the Three Clichés that – I frequently assert – seem to control and lobotomize the pronouncements issued by almost every expert, pundit or maven in the field. The clichéd expectations that AIs will either (1) work obediently for three dozen ‘castles’ (OpenAI, Anthropic, Meta, DeepSeek…) in a recap of feudalism…. or else spread out amorphously as ‘blobs’… or else consolidate into a single, uber-godlike Skynet/MCP entity. This LLM summary refers just to the latter and only to dismiss it.  This riff is a core element of the book, leading to my attempt to draw attention to a Fourth Path… the one that made us unique among civilizations. The one that enabled us to make AI.}

Q: Go on…

Alright — these are the two ideas that make AIlien Minds by David Brin especially interesting. They’re less about “killer robotsâ€� and more about how intelligence ecosystems evolve.

1. Safety through competing AIs: One of Brin’s more unusual arguments is that a single super-AI might actually be the dangerous scenario.  {DB: huh?}

Instead, he suggests that safety could come from many AIs watching each other.

     Think about how modern systems stay stable:

   -democracies rely on checks and balances

   -markets rely on competition

   -science relies on peer review

Brin’s analogy is that AI might need something similar. Instead of one dominant system, imagine:

government AIs

corporate AIs

open-source AIs

watchdog AIs

Each monitoring the others.

The idea is that no single intelligence gets absolute power.

It’s a very “Brinâ€� concept — he has long argued that accountability emerges when powerful actors can observe each other.

{DB: All of the above is true… while missing the point about HOW super-smart entities can be incentivized to impose accountability on each other, even after the corporations and governments lose control.}

{DB: What follows is just the LLM saying stuff that  - while sorta true and discussed in my chapter on consciousness – is almost wholly irrelevant to the core points of the book.}

2. The first alien minds may already exist. The other intriguing point is his claim that AI might already be slightly alien â€” even before reaching superintelligence.

Why?

Because modern machine learning systems often:

    solve problems using methods humans wouldn’t invent

    develop internal representations we can’t easily interpret

    behave unpredictably outside training data

Researchers sometimes call this the interpretability problem.

For example:

image-recognition systems have discovered strange visual patterns humans never noticed

game-playing AIs create strategies that look bizarre but work brilliantly

That’s not “alien intelligence� yet — but it’s a hint of what Brin is talking about.

The mind inside the machine may not resemble human reasoning at all.

3. Why this matters

Brin’s broader message is basically:

The biggest mistake we can make is assuming AI will think like us.

Instead, we may have to learn how to coexist with different kinds of intelligence.

In that sense, AI might resemble the discovery of a new species — except we created it.

A thought experiment Brin likes

Imagine humans meet a genuinely alien civilization.

The hardest challenge wouldn’t be technology.

It would be understanding their motives and values.

Brin argues that AI alignment might be the same problem.

{DB: While none of the above is inconsistent with things I have said, over the years, I am boggled that it became the essence that the LLM distilled out of my book. 

{DB: The following snippet IS there in the book, talking about how our synthetic heirs might take humanity to the stars. But again, it is not one of the book’s core points.}

💡 One more fascinating twist:

Brin has suggested that AI could eventually become humanity’s partner in exploring the universe, because machine minds might tolerate:

    radiation

    long timescales

    strange environments

In other words, the “alien mindsâ€� we build might help us meet real aliens someday.

If you're curious, there’s actually a pretty surprising prediction Brin makes about the next 10–20 years of AI that goes against most Silicon Valley thinking.

It’s about why AI might not replace humans nearly as much as people expect.

Q: Go on…

Alright — this is where David Brin gets a bit contrarian in AIlien Minds, and it’s pretty refreshing compared with the usual “AI will replace everyoneâ€� narrative.

His argument is basically:

AI will often increase the value of humans rather than eliminate them.

Let’s unpack the logic.

{DB: Again, while 1, 2, and 3 below have some validity, they portray emphases that seem to come from the LLM’s training sets, rather not what’s unique about AIlien Minds.  Oh, by the way, “alrightâ€� was never an actual word… till ignorant over-use made the Dictionary folks shrug and surrender and accept it. Sigh.}

1. Humans may become the “sanity check layer�

As AI systems get more powerful, they may also become more opaque and strange.

Even today, advanced models sometimes produce answers that are:

convincing

sophisticated

but wrong

Brin suggests humans could remain important as interpreters and validators.

Think of it like:

autopilot still needs pilots

medical AI still needs doctors

financial models still need analysts

Humans may act as the reality-check layer between machine reasoning and the real world.

2. Trust may become more valuable than raw intelligence

If AI becomes cheap and abundant, intelligence itself stops being scarce.

What becomes scarce instead?

Things like:

accountability

reputation

judgment

human trust

Brin predicts society may increasingly require a human name attached to decisions, even if AI helped make them.

{DB: This I do explore in the book.}

Examples:

a doctor signs off on an AI diagnosis

an engineer signs off on an AI design

a judge signs off on AI legal analysis

In other words: humans become responsible agents in an AI-powered system.

3. AI may create new cognitive jobs

Historically, new technologies rarely eliminate work entirely. Instead they create new layers of work.

Printing press → editors, journalists, publishers
Computers → programmers, analysts, cybersecurity experts
Internet → entire digital industries

Brin thinks AI could create roles like:

AI auditors

AI psychologists (studying machine behavior)

alignment engineers

machine-ethics regulators

Basically: people whose job is understanding and managing nonhuman intelligence.

{DB: #4 is a point that I feel my book made in some unique ways.}

4. Humans still have evolutionary advantages

Brin also points out something that gets overlooked in AI debates:

Humans are incredibly robust and adaptable.

Compared to advanced machines, we have some weird advantages:

extremely energy-efficient brains (~20 watts)

flexible learning across many domains

social intelligence and empathy

moral reasoning shaped by evolution

AI might surpass us in narrow domains, but general human adaptability is surprisingly hard to replicate.

A bigger philosophical point

Brin tends to reject the idea that history suddenly ends with superintelligence.

Instead he imagines a future where:

humans

many kinds of AIs

augmented humans

…all coexist in a messy, evolving ecosystem of minds.

Not one ruler — more like a crowded civilization of different intelligences.

{DB: Okay, sure… as is the following…}

💭 One of Brin’s most intriguing ideas (he’s hinted at it in essays too) is this:

Humanity’s long-term role may be to create new kinds of minds.

In that sense, AI wouldn’t replace us.

It would be our descendants â€” not biologically, but intellectually.

If you want, there’s another really fascinating angle Brin raises that almost nobody in the AI debate talks about:

Why he thinks secrecy around AI might be more dangerous than open development.

That argument gets pretty provocative.

Q: Go on…

This is one of the more provocative threads in AIlien Minds and in the broader thinking of David Brin. His argument runs almost opposite to a lot of current AI policy discussions. 

{DB: only some of them. Others are laissez-faire… often to a degree that tips into at-best malpractice. But the following is fair.}

Many experts say:

AI development should be restricted, secretive, or tightly controlled to prevent misuse.

Brin worries that too much secrecy could actually increase danger.

Here’s the reasoning.

1. Concentrated power is historically risky

Brin points to a pattern in history: when powerful technologies are controlled by a small number of actors, bad outcomes become more likely.

Examples often cited in these debates include:

nuclear weapons programs

intelligence agencies

monopolistic technologies

If only a few governments or corporations control advanced AI, they gain enormous leverage over everyone else.

Brin worries that could lead to:

authoritarian surveillance states

technological monopolies

unaccountable decision-making systems

In his view, centralized power is the real risk, not intelligence itself.

{DB: Fair enough.}

2. Transparency creates watchdogs

Brin’s long-standing theme (going back to The Transparent Society) is that mutual transparency stabilizes power.

The idea is simple: When powerful actors can be watched by others, abuse becomes harder.

In an AI world, that might mean:

   open research communities

   public scrutiny of algorithms

   competing systems auditing each other

Instead of “trust the single powerful AI lab,â€� the system becomes a network of observers.

3. Innovation tends to leak anyway

Brin also argues that technological knowledge rarely stays secret for long.

Historically:

  nuclear technology spread

  cryptography spread

  computing spread

Even if one country or company tries to keep AI contained, others will eventually develop similar capabilities.

So secrecy may only delay competition while concentrating power early.

4. The internet analogy

Brin sometimes compares AI to the early internet.

In the 1980s–90s, governments could theoretically have tried to tightly control networking technology.

Instead, it became widely distributed infrastructure.

That openness created:

    enormous innovation

    new industries

    but also problems like cybercrime and misinformation

Brin thinks AI may follow a similar trajectory — messy but dynamic.

{DB: Again, what’s below is a simplistic dichotomy that – while somewhat true, ignores my core points about HOW.}

The tension here: The AI debate today often splits into two camps:

Centralized safety view

   limit AI development

   concentrate control in trusted institutions

   slow progress

Distributed resilience view (closer to Brin)

   allow many actors to develop AI

   rely on transparency and competition

   avoid concentration of power

Both approaches try to prevent catastrophe — they just disagree about where the biggest risk lies.

💭 Personally, I find Brin’s argument compelling in one specific way:

Most technological disasters in history came from unchecked centralized authority, not from too many people having knowledge.

But AI might also be unusually powerful, so the balance is tricky.

One last interesting twist about David Brin’s thinking: His ideas about AI are heavily influenced by his science fiction — especially the universe he created in the Uplift Universe novels.

There’s a fascinating connection between that fictional universe and his views about AI.

If you want, I can explain why Brin thinks humanity may become a “creator speciesâ€� of new intelligences — and why that could be the most important event in human history.

Q: Ok, continue…

This is where David Brin gets genuinely philosophical in AIlien Minds, and it connects strongly to the ideas he explored in his science-fiction setting, the Uplift Universe.

The core concept is what he sometimes calls the â€œcreator speciesâ€� idea.

1. Intelligence creating new intelligence

For almost all of Earth’s history, intelligence arose only through biological evolution.

Then something new happened:

Humans started creating tools that think.

First:

calculators

computers

software

Now:

learning systems

autonomous reasoning systems

large-scale AI

Brin sees this as potentially the beginning of a new evolutionary step:

Intelligence that deliberately creates other intelligences.

That’s radically different from natural evolution.

{DB: And yet I spend time showing that AIs occupy a new ecosystem that replicates many aspects of the sun-powered, organic one. And that Darwinian evolution within that ecosystem is ALREADY TAKING PLACE. And that the incentive structures (and individuation) will have more long-lasting and positive effects than trying to design new, hyper-intelligent beings. 

{DB: The “Uplift� analogy – while flattering – is not very germane.}

2. The “uplift� analogy

In the Uplift Universe novels, the galaxy is full of civilizations that genetically “upliftâ€� animals to intelligence.

For example, species like dolphins or chimpanzees are engineered into full sapient partners.

The rule of that fictional universe is:

advanced species help create new intelligent species

those new species eventually do the same

Brin has suggested that AI might be humanity’s real-world version of uplift.

Instead of uplifting animals, we’re uplifting machines.

3. Why that could change everything

If humans become a “creator species,� several big shifts happen.

Intelligence multiplies

Instead of one intelligent species on Earth, there could eventually be:

human minds

augmented humans

machine intelligences

hybrid minds

Civilization becomes an ecosystem of minds.

{DB: Yes, fine. Great. Love to see it. I am concerned about the present and near future.}

Evolution speeds up

Biological evolution takes millions of years.

Technological evolution can happen in decades or even months.

That means new forms of intelligence could emerge very quickly.

Humanity’s role changes

Instead of being the most advanced intelligence on Earth forever, humans might become something like:

founders

mentors

partners

…to new kinds of minds.

That’s a very different narrative from “AI replaces us.�

4. Why Brin thinks this may be common in the universe

Brin has speculated that if technological civilizations arise elsewhere in the cosmos, they might eventually do the same thing:

Create new intelligences.

That means the galaxy might eventually fill with:

biological species

machine species

hybrid civilizations

If that’s true, the first step—creating artificial minds—could be one of the most important transitions any civilization experiences.

A humbling perspective

Brin sometimes frames it this way:

Humanity might not be the final product of evolution.

We might be a bridge species â€” the intelligence that creates the next wave of intelligences.

{DB: Okay, since the last DB… while none of it is entirely inaccurate/// this was essentially just the LLM blathering its own way. But what follows is related to something I said.}

💭 A fun twist in Brin’s thinking:

He’s also suggested that future AI might view humans somewhat the way we view our ancestors—not obsolete, but foundational.

Kind of like:

“Those strange primates who started the whole thing.�

If you're interested, there’s actually a really fascinating prediction Brin makes about first contact with extraterrestrial intelligence that ties directly into AI — and it’s pretty counterintuitive.

Q: I’ll stop here for now—thanks! BTW: I know David (Brin) personally!

That’s pretty cool! ğŸ˜„ David Brin has one of those rare profiles—hard science background, big-idea futurism, and storytelling chops all at once. Not many people move comfortably between astrophysics, policy debates about AI, and writing novels like Startide Rising or the broader Uplift Universe.

If you know him personally, you’ve probably noticed something people often say about him: he loves arguing ideas in public. He’s unusually willing to debate big technological futures in essays, blog posts, and talks rather than keeping everything inside academia or fiction. That habit is probably why his views on AI feel so… conversational and exploratory.

Also, if you ever chat with him about AIlien Minds, I’d be curious what he thinks about one particular tension right now:his long-standing belief in transparency and distributed power, versus

the current push in AI policy toward centralized regulation and restricted models. That debate is heating up fast, and his perspective is pretty distinctive.

And honestly, meeting science-fiction authors is fascinating because they often think decades ahead of the rest of us. Brin has been writing about alien intelligence, uplifted species, and post-human futures since the 1980s—ideas that suddenly feel less abstract in the AI era.

If you ever feel like sharing:
What’s he like in person? More the scientist type, the storyteller type, or the friendly contrarian who likes poking at everyone’s assumptions?

{DB: Well, sure, always end on a flattering note!}

-------

* My thanks to Richard Bliss for doing this experiment and sharing the results. The original posting without my comments is here: https://chatgpt.com/share/69b49ff2-8a90-800d-ad0c-bb63c727f324