Leftovers

• Sergio Visinoni ☛ A Humbling Experience, Lessons Learned, and Adventures in Self-Hosting

  The second is an update on recent investments in self-hosting, why I think it matters, and why now.

• Johnny Decimal ☛ 22.00.0126 Don't be lazy, don't be stupid

  I just wrote a blog post and messed it up by not following my own checklist -- lazy and stupid -- and then tested out a new code idea, and messed it up by just not reading the documentation. Lazy! And! Stupid!

• Science

  • Chris ☛ Wiggling Into Correlation

    Given the lack of pairing in the design, we’ll go back to basics, and compare sources of variation. The number of attendees at the dances wiggles up and down for a multitude of reasons. These reasons (and many more) are called sources of variation in the attendance.

  • Crooked Timber ☛ Five technological achievements! (That we won’t see any time soon.)

    I seem to have become CT’s resident moderate techno-optimist. So let me push back a little: here are five things that we’re not going to see between now and 2050.

• Career/Education

  • Simone Silvestroni ☛ So Be It

    Applying to jobs bearing the title 'Front-end Developer' never landed well with me. Seeing how I never accepted the demise of web designer, the imposed division between developers and "UX designers" felt like the fruit of a narrow-minded vision. Without any doubt, it was a large contributor to the multiplication of horrible and unusable web products. As a designer who can code, with an extensive experience, I used to be comfortable in being present at each stage of a web production.

  • Cynthia Dunlop ☛ Aaron Francis on Technical Blogging

    For years, Aaron has been inspiring people to try hard: to push yourself beyond your comfort zone, give it your all, and share what you learned. From blogging to screencasting, his work strikes a rare balance – high information density, but also approachable, personable, and memorable. Also, you can’t describe Aaron without using the phrase “just the nicest guy.”

  • Computational Complexity ☛ A Restless Soul

    When I first became a professor I had it all planned out, I would do research, teach and supervise students, get tenure and do more research, teach more courses, and supervise more students for the rest of my life. But once I got tenure, instead of feeling very excited, I felt kind of depressed. I achieved the main goal I put out for myself. Would I really just do the same stuff for the rest of my career?

• Proprietary

  • Artificial Intelligence (AI) / LLM Slop / Plagiarism

    • MIT Technology Review ☛ Help! My therapist is secretly using ChatGPT

      In all the cases mentioned in the piece, the therapist hadn’t provided prior disclosure of how they were using AI to their patients. So whether or not they were explicitly trying to conceal it, that’s how it ended up looking when it was discovered. I think for this reason, one of my main takeaways from writing the piece was that therapists should absolutely disclose when they’re going to use AI and how (if they plan to use it). If they don’t, it raises all these really uncomfortable questions for patients when it’s uncovered and risks irrevocably damaging the trust that’s been built.

    • Pivot to AI ☛ If AI coding is so good … where are the little apps?

      Then Mike saw the METR study that showed developers thought AI code completion made them 20% faster, but actually made them 19% slower. He liked that METR put numbers on the question.

      So Mike asked: if AI lets any bozo make an app now … where is it all? Where’s the shovelware? Where are the widgets? Where are the crappy little apps that one guy makes at home?

    • Sean McPherson ☛ Deleting my GPTs – seanmcp.com

      Today I deleted all of my public and private GPTs. I thought I would feel sad: they were the feature that convinced me to start paying for OpenAI last year. But instead it feels like an anticlimactic end to an experiment.

    • Pivot to AI ☛ We try Suno’s AI music generator — hear Suno fail the Fall

      But for music streamers, caring which song you’re hearing makes you a weird outlier. The majority of streaming listeners want a radio playing background music. You ask and they literally say “I just don’t care.”

  • Social Control Media

    • [Old] Cédric ☛ Why I'm Breaking Up with Instagram

      Yes, I’ve decided to leave Instagram for now. Maybe it’s just for a while (which I hope isn’t the case), but we’ll see.

    • New York Times ☛ Why Mark S. Zuckerberg Is Suing Facebook’s Parent Company

      So last week, Mr. Zuckerberg filed a lawsuit in Marion County Superior Court in Indiana accusing Facebook’s parent company, Meta, of negligence and breach of contract after continually deactivating his business account “for unjust and improper reasons.”

      Though the reason is singular: The site’s algorithm repeatedly flagged his accounts as “fake” because he is not the social media tycoon Mark E. Zuckerberg.

  • Windows TCO / Windows Bot Nets

    • Krebs On Security ☛ Microsoft Patch Tuesday, September 2025 Edition

      Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

    • Dark Reading ☛ Salesloft Breached via GitHub Account Compromise

      A threat actor compromised Salesloft's GitHub account earlier this year, which sparked last month's massive supply chain attack that compromised hundreds of Salesforce instances.

    • The Register UK ☛ Drift massive attack traced back to loose Salesloft GitHub account

      The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March.

      This new information comes from a Saturday update into the Mandiant-led investigation - Salesloft hired the incident response firm to determine the root cause and scope of the incident - and a Sunday alert that the integration between Salesloft and Salesforce has now been restored.

      We now know that crims got their initial access sometime in March. Between then and June, the attackers accessed the Salesloft GitHub account, downloaded content from "multiple" repositories, added a guest user, and established workflows.

    • The Record ☛ Major blood center says thousands had data leaked in January ransomware attack

      One of the largest independent blood centers serving over 75 million people across the U.S. began sending data breach notification letters to victims this week after suffering a ransomware attack in January.

    • Dark Reading ☛ 'MostereRAT' Blends In, Blocks Security Tools

      In a report released Monday, Fortinet’s FortiGuard Labs warned the campaign represents a troubling escalation in attacker tactics, particularly with regard to disabling antivirus (AV) and endpoint defenses, and concealing malicious activity by blending into normal IT activity. As for victimology, the campaign has so far targeted Microsoft Windows users in Japan, but the endgame remains unclear, says Yurren Wan, threat researcher with Fortinet's FortiGuard Labs.

• Security

  • Privacy/Surveillance

    • The Register UK ☛ Citrix products sold under old licenses to get glitchy

      The claim about better innovation stems from the fact that the new licensing scheme allows Citrix to gather information about how customers use its products. The company promises to use that data to focus its R&D efforts.

  • Confidentiality

    • Bruce Schneier ☛ New Cryptanalysis of the Fiat-Shamir Protocol

      What this result does, though, is make it impossible to provide general proofs of security for Fiat-Shamir. It is the most interesting result in this research area, and demonstrates that we are still far away from fully understanding what is the exact security guarantee provided by the Fiat-Shamir transform.

    • [Old] Quanta Magazine ☛ Computer Scientists Figure Out How To Prove Lies | Quanta Magazine

      Now, a new paper has shaken that bedrock assumption. It demonstrates a method for tricking a commercially available proof system into certifying false statements, even though the system is demonstrably secure if you accept the random oracle model. Proof systems related to this one are essential for the blockchains that record cryptocurrency transactions, where they are used to certify computations performed by outside servers.

• Defence/Aggression

  • Jacobin Magazine ☛ The World Is About to Have Trillionaires. Enough Already.

    We can argue about exactly how much inequality a decent society would tolerate, or which principles we should apply to decide whether any given inequality can be justified. Plato believed that, ideally, a well-run city shouldn’t allow any citizen to accumulate more than four times as much as any other. He believed such a vast gulf in wealth made it impossible for people to feel like they were part of a single community and thought that — at least in a city being started from scratch, where such excessive inequalities could be nipped in the bud — the laws should allow any citizen suspected of exceeding this maxim to be taken to court. Plato’s proposal makes Mamdani’s proposal that New Yorkers who make at least a million dollars a year pay an extra $20,000 in taxes to fund programs to make the city more livable for the working class sound downright conservative.

  • The Register UK ☛ US Army relaunches AR headset program with Anduril award

    The previous mixed reality program, called the Integrated Visual Augmentation System (IVAS), was in the hands of Anduril when it gave way to the SBMC project in April, but Anduril wasn't the lead contractor for the bulk of the largely failed program. That honor belongs to Microsoft, which handed management of IVAS off to Palantir in February 2025 after four years of delays.

  • Paul Krugman ☛ Can a Despised Autocrat Consolidate Power?

    Now on to my main subject. Let me start with a couple of incidents that illustrate the great political puzzle we now face.

  • Mike Brock ☛ The Supreme Court's Constitutional Treason

    The Supreme Court just authorized exactly what Americans fought a revolution to prevent. In a decision that would make King George III proud, Justice Brett Kavanaugh and a conservative majority have constitutionalized the general warrant logic that sparked the American Revolution—ruling that demographic statistics can justify stopping anyone, anywhere, to demand proof of their right to exist in their own country.

• AstroTurf/Lobbying/Politics

  • FAIR ☛ CBS Drifts Further Toward Right-Wing State Television

    After Trump’s Homeland Security Secretary Kristi Noem (X, 8/31/25) complained that several minutes of her August 31 Face the Nation interview had been “shamefully edited…to whitewash the truth,” CBS News announced that its flagship Sunday morning program will no longer edit its interviews, except for “legal or national security” reasons (AP, 9/5/25).

  • Linuxiac ☛ Libreboot Joins SPI as an Official Associated Project

    Libreboot, the free software firmware project based on Coreboot, is now officially part of Software in the Public Interest (SPI). For those unfamiliar, it provides open-source boot firmware as a replacement for proprietary BIOS and UEFI on certain Intel, AMD, and ARM-based hardware.

  • Jérôme Marin ☛ Silicon Valley bows before Donald Trump

    Other prominent tech executives took part in this carefully staged display, just eight months after their high-profile attendance in the front row at Trump’s inauguration. One after another, they showered their host with praise on camera — sometimes without seeming to truly believe their own words.

    Alongside Zuckerberg were Apple’s Tim Cook, Microsoft’s Satya Nadella, Google’s Sundar Pichai, and OpenAI’s Sam Altman. Notably absent were Elon Musk, openly at odds with Trump, and Nvidia’s Jensen Huang. The broad smiles on display, whether genuine or forced, stood in sharp contrast to their grim expressions at their first meeting with Trump in late 2016, when Silicon Valley was still reeling from his shock election victory.

  • Paste Media Group ☛ We Paid Some Etsy Witches to Curse Charlie Kirk

    Now, is it ethical to curse a man I’ve never met? Probably not. But is it unethical to let him keep talking? Yes. So here we are, in the gray area.

  • Anil Dash ☛ How Tim Cook sold out Steve Jobs

    The son of an immigrant, a child of the counterculture, a man offering an unmistakable fuck-you to Big Brother, and a person who, above all, would never kiss the ass of someone who had absolutely awful taste. This was Steve Jobs.

    And then Tim Cook handed a big shiny golden turd to Donald Trump, and couldn’t wait to stammer out how much he’d love to polish that turd for him, please sir — the emperor’s clothes look especially lavish today! It’s an embarrassment, a humiliation, not least because it was absolutely unnecessary. The iPhone is far, far more popular than this administration. Apple is powerful! An Apple that still held onto Steve Jobs’ spirit could have played the strong hand that it has, and bet with confidence on the enthusiasm and loyalty of the American people, and called Trump’s bluff, especially since this kind of appeasement is only going to embolden the administration to demand even more tithes from Apple in the future.

  • Lee Peterson ☛ Separating Tim Cook from the products

    I’m torn, I’ve enjoyed using Apple stuff for years and whilst I dislike the actions of Tim Cook, does that mean I should get annoyed that people still buy their products? I have to admit that I’m very drawn to the Orange 17 Pro and already checked trade in prices on my 15 and my iPad sale covers it but morally I don’t know what to do.

• Freedom of Information / Freedom of the Press

  • CPJ ☛ CPJ urges the Trump administration to drop proposed changes to journalist visas 

    “The shortened timeframe for I visa renewals creates a framework for possible editorial censorship in which the Trump administration can trade access for compliance in reporting.” said CPJ U.S., Canada and Caribbean Program Coordinator Katherine Jacobsen. “Foreign correspondents provide invaluable insights and curtailing their ability to stay in the United States will deprive audiences at home and abroad of important perspectives on American society and politics.”

  • The Telegraph UK ☛ Murdoch buys out liberal children to end succession battle

    Deal expected to secure the continued Right-wing slant of Fox News

• Civil Rights/Policing

  • The Register UK ☛ Microsoft employees ordered back to office

    Seattle-area workers are still getting a good deal compared to the peons at Amazon. They've been under a five-day office regime since this year and some staff are peeved at the change.

    Just three years ago, Microsoft was touting research about how working from home was just fine. Recent evidence also shows RTO mandates can discourage staff. But that was then and this is now, and most of the big tech firms are now requiring a three-office-day week at least.

  • CoryDoctorow ☛ Pluralistic: Trump steals $400b from American workers

    Trump's stolen a lot of workers' wages over the years, but this week, he has become history's greatest thief of wages, having directed his FTC to stop enforcing its ban on noncompetes "agreements," a move that will cost American workers $400 billion over the next ten years: [...]

  • Armin Ronacher ☛ 996 | Armin Ronacher's Thoughts and Writings

    And this is when this is your own company! When you devote 72 hours a week to someone else’s startup, you need to really think about that arrangement a few times. I find it highly irresponsible for a founder to promote that model. As a founder, you are not an employee, and your risks and leverage are fundamentally different.

Monopolies/Monopsonies

• Copyrights

  • Pivot to AI ☛ Anthropic AI pays off authors with just $1.5 billion

    This settlement pays $1.5 billion for 465,000 works — about $3,000 per book. Anthropic and the authors are compiling a list of works covered.

    Anthropic’s won here. They’ll feel that $1.5 billion — they lost $5.3 billion in 2024 — but it won’t be crippling. And they can keep their models.

    But Anthropic’s a bonfire for money. Anthropic has until the bubble deflates and the venture cash stops flowing. Then it dies.

  • The New Stack ☛ Why Tech Professionals Must Lead the Charge on GenAI Safety

    Copyright, which exists to protect and regulate a piece of work — whether it’s a book, painting, piece of music or software — might protect creative professionals in the short term. However, the status of copyright with regard to generative AI is not settled.

    And trampling on copyright is only one of several ways in which generative AI can create new categories of harm that we’re not prepared for. Vulnerabilities loom in compliance and data privacy, governance and security. GenAI systems also pose risks to our already fragile environment and our psychosocial well-being.