Leftovers

• Chuck Carroll ☛ Minimizing and Finding Satisifaction with Less

  I've also realized how difficult it is to responsibly get rid of something once I've taken ownership of it. One cannot just toss everything into the recycling bin and expect that it gets recycled (in fact the majority of the stuff we put in the recycling bin ends up in a landfill). Goodwill (or similar) is an option, but there's still a good chance it will never get reused or even properly recycled. I've had some success with Craigslist, but then there's the time cost and I have to deal with random strangers, that may or may not be shady or flaky. I simply don't like the thought of throwing something out that could still be useful to someone.

• Bob Monsour ☛ Deconstructing these auto-generated OG images

  I've had a love-hate relationship with open graph images for a while now. There were times when I did not have any, or perhaps a fallback to my social media avatar, which looked outsized. Then I had a period where I had posts that were tagged as "Notes" or "TILs" (today-i-learned) and they had their own image that would be shared. And then I made sure that every post had its own image, and I would sometimes show it the post itself or not; but Notes and TILs still had their own special images.

• Science

  • Mark Litwintschik ☛ 12K+ JPEGs from NASA's Artemis II Mission

    In April, NASA sent four astronauts on a flyby mission around the Moon. They've since published 12,217 JPEGs that were captured during the 9-day journey.

  • John D Cook ☛ Calculating curvature

    Curvature is conceptually simple but usually difficult to calculate. For a level set curve f(x, y) = c, such as in the previous couple posts, the equation for curvature is

    \kappa = \frac{\left|f_y^2f_{xx}-2f_xf_yf_{xy}+f_x^2f_{yy}\right|}{\bigl(f_x^2+f_y^2\bigr)^{3/2}}

• Career/Education

  • [Old] Blain Smith ☛ 30 Years of Programming at 44 Years Old

    I'm thinking about co-ops and nonprofits and community organizations that need software but can't afford to have their data sold to advertisers. I'm thinking about tools that are secure by default, that don't phone home, that do one thing well and then get out of the way. I'm thinking about the kind of software I would have wanted to use when I was 14. The software that felt like it was made by someone who gave a damn.

    The irony isn't lost on me. I spent years building expertise in distributed systems and cloud infrastructure, and now I want to use that expertise to help people who are actively trying to avoid the cloud. I learned how to scale services to millions of users, and now I'm more interested in software that works for thousands. I got really good at the game, and now I want to play a different one.

    Maybe that's what 30 years buys you: the clarity to know what you actually want.

  • Manuel Moreale ☛ Nicola Losit

    This week on the People and Blogs series we have an interview with Nicola Losito, whose blog can be found at nicolalosito.it.

• Hardware

  • Daniel Estévez ☛ Getting peak TOPS on a Ryzen AI 7 350 NPU

    NPUs use the concept of TOPS (tera operations per second) as a high-level marketing figure of their capabilities. An operation is generally understood as an addition or multiplication for int8 data types, since the amount of parallelization that can be achieved depends on the datatype width. The NPU on the Ryzen AI 7 350 is marketed as a 50 TOPS NPU. The main goal of this post is to understand where this number comes from, in terms of hardware execution units and capabilities, understand under which conditions it can be reached, and write a small application that reaches this TOPS value.

• Proprietary

  • Wired ☛ The Canvas Hack Is a New Kind of Ransomware Debacle

    Universities like Harvard, Columbia, Rutgers, and Georgetown sent alerts to students about the situation in recent days; other institutions, including school districts in at least a dozen states, also appear to have been affected. In a list published by the hackers behind the attack on their ransom-focused dark-web site, they claim the breach affected more than 8,800 schools. The exact scale and reach of the breach is unclear, though. And the fact that Canvas was down throughout Thursday afternoon and evening further complicated the picture.

  • Macworld ☛ You now need to be a student or teacher to shop at Apple's education store

    In addition, shoppers are limited to how many items they can purchase with an educational discount each year: one desktop Mac, one Mac mini, one Mac laptop, two iPads, and two accessories that have education pricing.

  • So-Called 'Artificial Intelligence' ('AI') / LLM Slop / Plagiarism

    • The Verge ☛ DOGE [sic] used ChatGPT in a way that was both dumb and illegal, judge rules

      The ruling, which stems from a 2025 lawsuit filed by humanities groups, says “it could not be more obvious that DOGE [sic] used the mere presence of particular, protected characteristics to disqualify grants from continued funding” from the National Endowment for the Humanities (NEH). Judge McMahon cites several instances in which DOGE [sic] appeared to use ChatGPT to scan and eliminate grants using their relation to characteristics like race, national origin, religion, and sexuality.

    • SQ Magazine ☛ ClaudeBleed Bug Lets Chrome Extensions Hijack Claude AI

      Cybersecurity researchers at LayerX uncovered a major security vulnerability in Anthropic’s “Claude in Chrome” extension that could allow attackers to take over the AI assistant through malicious browser extensions. The issue, named ClaudeBleed, reportedly affects the way the extension trusts scripts running on the claude.ai domain.

      Researchers say the flaw allows even low privilege or zero permission Chrome extensions to send commands directly to Claude AI and trick it into performing sensitive actions on behalf of users.

    • Mike Brock ☛ We Haven’t Invented Artificial Intelligence at All

      I have written about pieces of this argument before. In There is No Curve, I argued that the doomer-and-accelerationist debate is a fight about a graph that does not exist — that the order parameter both sides are litigating does not refer to anything natural, and the actual mechanism producing the appearance of intelligence-rising is utility-coverage extension within a fixed-class regime. That piece was operating at the metaphysical level. The work this Dispatch does is land the philosophical-categorical move that the metaphysical argument gestured at but did not quite name, and then anchor the move in a piece of empirical evidence that has just become impossible to ignore.

    • Dr Molly Tov ☛ fuck off with your AI that doesn't even understand my job

      Oh, shut up. Even calling yourself "AI for Librarians" doesn't change the fact that you are CLEARLY gunning for our jobs. This thing is selling itself as a way to replace librarians with $15 an hour parapros.

    • David Pogue ☛ Why Can’t AI Just Admit It Doesn’t Know?

      Amazing!

      Except that every single one was wrong.

    • Pivot to AI ☛ Google Chrome force-installs a 4-gigabyte AI model — how to get rid of it

      A lot of people just found out that Google’s Chrome web browser happily downloads a four-gigabyte AI model. For all users.

      The model is “Gemini Nano”, which is a smaller, distilled version of Gemini.

      Gemini Nano first showed up in Google Pixel phones in December 2023. Google put it into the desktop version of Chrome in 2024. It’s been widely publicised this week, and getting the backlash it deserves

    • Martin Alderson ☛ Open weights are quietly closing up - and that's a problem

      In the relatively brief history of LLMs, there's been two[1] types of LLMs - closed and "open weights". Closed models include nearly everything from OpenAI (despite the name!) with open weights models being released from other labs. Famously the Llama series of models were open weights, but more recently the Chinese labs such as MiniMax, Z.ai, DeepSeek and Qwen (Alibaba) have been the leading open weights models, with Google's Gemma series and OpenAI's gpt-oss models generally coming somewhere behind the Chinese ones.

      Open weights models allow anyone to run the model on their own hardware. Typically models that were worth running required very beefy hardware - but this is rapidly changing, with smaller models becoming far more useful.

  • Social Control Media

    • SQ Magazine ☛ Social Media Addiction Statistics 2026: Mental Health Data • SQ Magazine

      Roughly one in five US teens (about 19%) say they are on TikTok or YouTube (15%) almost constantly, according to a Pew Research Center survey conducted in 2025. A pooled meta-analysis across 32 countries using the Bergen Social Media Addiction Scale put global problematic-use rates at 24% of users, ranging from 14% in individualistic nations to 31% in collectivistic cultures.

      About 44% of US parents identified social media as the single most negative influence on teen mental health in the same Pew survey, ranking it above any other factor, including violence in entertainment, drugs, or peer pressure. The numbers below cover prevalence, usage time, mental health correlations, sleep disruption, demographic breakdowns, and the regulatory arc that has carried the word “addictive” from clinical literature into government statute over the past 30 months. Companion patterns appear in our Roblox player data for younger gamers and our Character AI chatbot data on the next attention-capture frontier.

    • Nick Heer ☛ Reddit Joins Other Social Media Platforms in Worsening Its Website and Pushing Visitors to Apps

      Like other major social media platforms, this turns Reddit into a walled garden. Presumably, this is in part of the company’s aggressive strategy to license users’ posts for A.I. training, plus encouraging user growth. It sucks that the open web is getting torn apart because commercial websites are incentivized to direct people to apps where large-scale scraping is a bigger challenge. This whole thing used to feel so quaint.

    • Ava ☛ kicking out human slop from my online space

      How I slid into this happened slowly. Some of the creators making these weren't always this way, I just noticed them pivoting more and more into this and now have lost interest. On the other hand, I often needed 30-60 minute videos for the treadmill, and these were easily available and at least somewhat entertaining. I am also not immune to certain shock topics.

    • Tome ☛ Goodbye, Tome - Tome: app for fantasy readers

      We have sad news to deliver: Tome is shutting down, and the last day that it will be online is May 29th, 2026. Even with a community we love, Tome wasn't financially viable to keep running. Social apps with tons of memes, GIFs, and videos are expensive to operate, and the Tome Keeper model and badge marketplace, as much as it meant to us, didn't reach the scale we needed to cover those costs.

    • BoingBoing ☛ France summons Musk for X criminal charges

      French law enforcement raided X's Paris offices in February to gather evidence. Prosecutors said Thursday that the case is now an official criminal investigation.

• Security

  • Integrity/Availability/Authenticity

    • Cyble Inc ☛ Online Safety Act Exposes Age Verification System Flaws

      One of the most widely discussed examples involved a 12-year-old boy who reportedly used an eyebrow pencil to create a fake moustache before facing a facial age estimation check. According to the report, the altered appearance convinced the system that he was 15 years old, allowing him to bypass restrictions designed for younger users. The incident has become a symbol of broader concerns about the reliability of AI-driven age-verification technologies.

    • Fortra LLC ☛ One in eight UK Workers has Sold Their Company Passwords, and Bosses Think it's Fine

      The Workplace Fraud Trends report, published by Cifas, claims that an eyebrow-raising 13% of those surveyed (roughly one in eight) have either sold company login details in the past year, or know someone who has.

      Survey respondents were presented with five fictional scenarios involving workplace fraud, which included bogus references, moonlighting for competitors, fiddling expenses, and gambling with company money.

    • Joachim Hendrik Schipper ☛ Stop MITM on the first SSH connection, on any VPS or cloud provider

      This little script stops attacks on the first SSH connection to a new VM, even on providers (like Hetzner Cloud) that don't offer a proprietary solution; we only need cloud-init, which is widely supported.

      Summary (for experts; read on for a longer explanation): inject a temporary SSH host (private) key via cloud-init, and trust that temporary SSH host key just long enough to generate and retrieve the "real" (long-term) SSH host keys. The script is a simple but hardened implementation of this technique; the comments in the script discuss implementation choices. The technique appears to be new: I haven't found a proper write-up of this, nor of any other provider-independent solution (but I'd welcome a correction).

      This technique actually protects the first connection, whereas just answering "yes" when ssh asks "The authenticity of host [...] can't be established" (i.e. Trust On First Use) leaves you open to an attacker rerouting your traffic to a proxy, or to an attacker generously deciding to provide your VM (... for now).

  • Privacy/Surveillance

    • PC World ☛ Gmail's AI writing tool now mimics your style and mines your inbox

      In a recent Google Workspace Updates blog post, the company announced that it has begun rolling out two updates to the “Help me write” feature in Gmail, which are designed to do two things: make AI-generated emails sound more like you wrote them yourself, and enable the ability to gather more context for generated emails.

    • Michael Geist ☛ Make It Make Sense: My Appearance Before the Standing Committee on Public Safety and National Security on Bill C-22’s Lawful Access Plan

      Fresh off appearing before a Senate committee on AI on Wednesday, yesterday I provided expert testimony to the Standing Committee on Public Safety and National Security as part of its study on Bill C-22, the government’s latest lawful access plan. Appearing alongside David Fraser and Robert Diab (the same trio that discussed the bill on my Law Bytes podcast), I opened my remarks by noting that technologies change, the governments may change, but the challenge with lawful access has always been the same: to give law enforcement and security agencies the tools they need to address serious crime while respecting Canadians’ privacy rights and the constitutional framework the Supreme Court has built around privacy in decisions such as Spencer and Bykovets. I focused on three major concerns with the bill, including mandatory metadata retention, the inadequacy of the systemic vulnerability safeguards, and the lowering of the production order threshold for subscriber information. My full opening statement is embedded below.

    • Michael Geist ☛ U.S. Congressional Leaders Warn Canadian Lawful Access Plans Harm U.S. National Security and Economic Interests

      As I’ve previously posted, the provisions in question are part of the Supporting Authorized Access to Information Act (SAAIA), the second half of Bill C-22. Providers would be required to develop, implement, assess, test, and maintain operational and technical capabilities to allow authorized persons to access encrypted data and information. The bill includes a non-compliance caveat where compliance would introduce a “systemic vulnerability,” but the letter correctly notes that the term is “vague and ultimately subject to a future regulatory process.” They also flag the secret ministerial order power in clause 7(1), under which the Minister can issue targeted demands to providers that are subject only to Intelligence Commissioner review and kept confidential by design.

• Defence/Aggression

  • The Next Move ☛ After NATO

    “It’s a fake.” I went on to say. “It’s N-A-T-O, four letters.”

    It were as if I’d committed heresy! Some people are still mad at me for saying this! I guess it makes sense that they responded this way, since my point was that Article 5 is actually an article of faith—not a functioning enforcement mechanism.

    If Russia were to probe the alliance with a small incursion—say, nabbing one predominantly Russian-speaking city in Latvia or Estonia, would Spanish or Portuguese troops really get into a shooting war with Moscow?

    Would Canada get involved?

• Transparency/Investigative Reporting

  • Bitdefender ☛ Inside Department 4: Russia's secret school for hackers

    Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups.

    A new investigation by a consortium of journalists from The Guardian, Der Spiegel, Le Monde, and The Insider, amongst others, has lifted the lid on a secretive faculty inside one of Russia's most prestigious technical universities - that has spent years grooming students to become hackers for Russian military intelligence.

• Environment

  • Paul Krugman ☛ Grand Theft Oil Futures

    At this point it’s almost routine: Almost every time Donald Trump makes a major announcement about the Iran War, that announcement is preceded — sometimes by only a few minutes — by huge and hugely profitable bets in the oil market.

  • SFGate ☛ Brain-eating amoeba detected in western national park waters

    Researchers detected Naegleria fowleri, a microscopic amoeba that causes a typically fatal brain infection, in water samples collected from thermally influenced recreation sites across the West, such as hot springs, geothermal systems and shallow warm-water areas. The study, published by the U.S. Geological Survey and its partner agencies, tested 185 water samples from 40 sites and detected the amoeba in about one-third of all samples collected.

• Finance

  • Android Headlines ☛ Verizon Is Cutting Hundreds More Jobs Just Months After Its Biggest Layoff Ever

    While Verizon confirmed that hundreds of jobs are being cut, the carrier wouldn’t say how many employees exactly will be losing their jobs. However, Verizon claims that the number was less than 1% of its overall headcount. Based on the number of employees, it is estimated that fewer than 890 people will be affected.

    It seems that the largest job cuts are taking place at its headquarters in Basking Ridge, New Jersey. Interestingly enough, Verizon says there are more than 1,000 job listings on its website. Employees who were affected by these cuts are eligible to apply. We’re not sure why they could just move employees around, but that’s Verizon’s call to make.

    A company spokesperson also issued a statement on the recent cuts. They said, “We’re continuing to add head count to grow parts of the business that are growing while making targeted job reductions to portions of the business where this is needed.”

• AstroTurf/Lobbying/Politics

  • The Verge ☛ Apple reportedly has a deal to use Intel-made chips again

    The WSJ says that it’s “still unclear” what Apple products will get Intel chips. Intel spokesperson Kiana Ducey declined to comment. Apple didn’t immediately reply to a request for comment.

  • Inside Towers ☛ Lumen to Acquire Alkira

    Lumen Technologies, Inc. (NYSE: LUMN) has entered into an agreement to acquire Alkira, a cloud-native, carrier-agnostic networking platform that enables enterprises to design, deploy, and operate connectivity and network services across hybrid and multi-cloud environments. The purchase price is $475 million in an all-cash transaction. The transaction is expected to close in the third quarter of 2026, subject to customary regulatory approvals and closing conditions.

  • Unmitigated Risk ☛ AI Is Not Why They Are Cutting (Yet)

    Then two things changed at roughly the same time. Rates went from zero to five, and Section 174 of the tax code stopped letting companies expense software developer salaries in the year incurred. The R&D amortization rule from TCJA kicked in for the 2022 tax year, forcing five-year amortization domestically and fifteen years for work done offshore. At the exact moment capital got expensive, a major software-company cost center became less friendly from a cash-tax and after-tax economics perspective.

  • Rui Carmo ☛ Cloudflare Cuts 20% of Workforce for the 'Agentic AI Era'

    And yet: 1,100 jobs gone–roughly 20% of their workforce–with the explanation being that internal AI adoption changed what the company actually needs. I can follow the logic even if I find the timing jarring. I have friends in the Lisbon office–one of their larger European engineering bases, and one of the better things to happen to the local tech scene in recent years–and I’m genuinely hoping they’re alright.

  • Protesilaos Stavrou ☛ On Yanis Varoufakis’ appearance at ‘The Rest Is Politics’ podcast

    Yanis is a freethinker extraordinaire. This necessarily makes him a misfit in the world of politics. To me, this is honourable. Where I think Yanis failed as a policy-maker is in his ambiguity on the notorious theme of “Grexit” (the exit of Greece from the Euro Area). Back when Yanis was the Greek finance minister there was a decent chance that Greece would discontinue using the euro. He never told us what he wanted from the negotiations he was engaging in at the time: to keep the euro, to switch back to the drachma, to have some kind of dual currency arrangement, or something else entirely.

    In the podcast he employs the analogy of not taking on a credit card to pay off a debt while you are bankrupt. It is common sense. Then what is the policy proposal or at least the big picture view? I never heard it.

  • The Guardian UK ☛ Powerful US utilities secretly fund ‘grassroots’ groups to sway cities away from switch to public power

    The utility industry is quietly dispatching a network of front groups to thwart the growing push for public power across the US – a push that comes amid mounting frustration over sky-high utility bills, electric outages, a slow transition to clean energy and private utilities’ soaring profits.

• Civil Rights / Policing / Accessibility

  • Paul Krugman ☛ The Super-Rich are Different from You and Me

    But it is a paradise basically for the 5%. The city has never been safer. It has never offered a greater diversity of cuisine, of culture. It’s a great place. Not quite the same as places with cafes where you can sit for hours and no one will bother you; they’re kind of scarce in New York. But anyway but it’s great for the affluent.

    But if you’re super rich, if you spend your time being driven around in a car with tinted windows, if you don’t go anywhere without an entourage and probably at the upper limits of wealth with bodyguards, then you lose the whole the life of the streets.

• Internet Policy/Net Neutrality

  • [Old] New York Times ☛ John Perry Barlow, 70, Dies; Championed an Unfettered Internet

    “There are a lot of similarities between cyberspace and open space,” Mr. Barlow, who was raised on his family’s 22,000-acre cattle ranch in Wyoming, told People magazine in 1995. “There is a lot of room to define yourself. You can literally make yourself up.”

    His plea for an open [Internet] was inspired, in part, by the Grateful Dead’s uncommon practice of welcoming audiences to record the band’s concerts.

    Lawyers recruited or supported by the Electronic Frontier Foundation were instrumental in winning court rulings that granted electronic mail the same privacy protection as telephone calls, and that defined written software code as free speech guaranteed by the First Amendment.

• Monopolies/Monopsonies

  • Ruben Schade ☛ Linux monoculture is just as bad for security

    I concede, Linux isn’t necessarily a monoculture in the way Windows used to be, back when that OS was widely relevant. Different distributions do offer a wide and varying degree of support for packages and systems. My Alpine Linux server running Busybox and OpenRC, and my NetBSD laptop I dual-boot with Slackware (also running pkgsrc!), are very different beasts from RHEL, or Ubuntu. But by definition they’re all running the same kernel (albeit with different patches), likely the same drivers, and much of the same software. For a platform touted as giving people ultimate control over what they run, the ecosystem has largely coalesced around the same set of userland tools, and a digital hydra that used to cosplay as an init system. I don’t ascribe malicious intent here (much); consolidation tends to be how these things shake out.