Thu, 18 Jun 2026 15:22:16 +0000 Fullscreen Open in Tab
Pluralistic: AI digital sovereignty risk doesn't exist (18 Jun 2026)


Today's links


A 1989 black and white photo of the Berlin Wall; peering over the wall is Microsoft's 'Clippy' chatbot.

AI digital sovereignty risk doesn't exist (permalink)

Back at the height of the blockchain bubble, I made a hobby of pointing out that crypto weirdos were palming a card. I used this formulation:

if: problem + blockchain = problem – blockchain

then: blockchain = 0

https://pluralistic.net/2022/01/30/the-inevitability-of-trusted-third-parties/

You see, blockchain weirdos kept insisting that they could solve problems related to trust and institutional design with "smart contracts." Rather than having to trust a board of directors to steer an organization, you could just have a self-executing institution, the "distributed autonomous organization" or DAO.

So for example, if you want to buy a copy of the US Constitution at a Sotheby's auction, you could set up a DAO to raise and pool the funds, eliminating the need to find trustworthy people to receive, hold and deploy these funds:

https://en.wikipedia.org/wiki/ConstitutionDAO

However – and here's where the palmed card comes in – the DAO can't go to Sotheby's and place a bid on the Constitution. Instead, the members of the DAO have to elect a guy to receive all that cash, walk into Sotheby's, get one of those little ping-pong paddles last seen at the State of the Union in Chuck Schumer's withered claw (emblazoned with the brave slogan "You're hurting my fee-fees") and raise the paddle during the bidding.

That guy doesn't have to go to Sotheby's. That guy can simply walk away with all the money. Members of the DAO are trusting this guy with their entire collective treasury. Indeed, since the DAO has no corresponding legal entity, it might even be that members of the DAO can't sue this guy if he steals all their money – and even worse, without a limited liability structure, it might mean that everyone in the DAO can be sued for anything bad this guy does with the money.

Which raises the question: what's the point of building this insanely complex hairball of blockchain-based smart contracts to raise and hold the money if you're just going to hand it to this guy and trust him without limit? Why not just have that guy set up a Zelle account and a Whatsapp group? In other words: the problem that the DAO is trying to solve is the difficulty of trusting people with the keys to the kingdom, but no matter how much blockchain you sprinkle on this DAO, it ends with this one guy walking around with all your money, which he can steal with impunity if he so chooses.

Or, put more succinctly:

if: problem + blockchain = problem – blockchain

then: blockchain = 0

This turns out to be a really good way of assessing policy prescriptions for their soundness and foundation in reality, because – as the blockchain swindle shows us – it's possible to come up with entirely fictitious solutions to entirely real problems. The problem of designing a trustworthy institution that can't be betrayed by its leaders and whose operations don't consume all its resources is a real problem – it's quite possibly the real problem – but adding a DAO does nothing to solve the core problems of institutional design, and actually makes some of those problems worse.

There's another real problem with a fictitious solution that is – surprise! – tied to another tech bubble: digital sovereignty.

It's a genuine problem that everyone in the world (outside of China's sphere of influence) is glued to America's tech platforms. These platforms steal everyone's money and data, and every country has signed a trade deal with the USA promising not to let its own technologists and entrepreneurs go into business making add-ons and complementary goods that remediate the defects in America's tech exports:

https://pluralistic.net/2026/01/29/post-american-canada/#ottawa

What's more, Trump's response to finding himself in this poker game that's rigged entirely in his favor is to flip over the table because he resents having to pretend to play at all (as November Kelly so aptly put it). His incontinent belligerence on the world stage sees him making bids to steal whole countries and he's recruited American tech giants to help him in this chaotic program of lunatic imperialism. When other countries' public officials make decisions that Trump dislikes, he gets companies like Microsoft to disconnect whole institutions from the internet, deleting their files, email archives, calendars and address books, and depriving them of the ability to connect to any service tied to their Outlook accounts:

https://pluralistic.net/2026/04/20/praxis/#acceleration

Which means that if Trump wants to steal Greenland, he doesn't have to roll tanks into Nuuk – he can just brick the country of Denmark. He can shut down all their ministries, every large firm, every household. He can shut down their iPhones and Android devices. He can kill their smart-speakers. He can hormuz the world's supply of Ozempic, Lego and ferociously strong licorice:

https://pluralistic.net/2026/04/04/digital-subjugation/#greenlands-next

It doesn't stop there! Trump can also shut down every tractor!

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

This is the digital sovereignty risk. It's also the digital sovereignty opportunity. If countries repeal the laws that the US bullied them into accepting, laws that protect US tech giants from local competitors who block their plunder of data and money, they can turn America's tech trillions into their own tech billions. As Jeff Bezos likes to say, "your margin is my opportunity":

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

Meanwhile, repealing these US-protecting laws would enable countries to extract their data from US platforms so they can move it into domestic alternatives, and bypass the software locks that block them from updating phones, cars, tractors and ventilators to protect them from remote killswitches:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

The digital sovereignty risk is having your country's government, businesses and industries terminated by Trump. The digital sovereignty opportunity is making billions of dollars by producing and exporting products that defend people from Big Tech plunder and Trumpian killswitches. That is the real world.

But many "digital sovereignty" advocates are living in an imaginary world, in which the digital sovereignty risk is that Trump will shut off their country's access to AI.

This is where the "if problem + blockchain" formulation comes in handy. If Trump shut off Canada's access to Chatgpt, Claude and Grok tomorrow, nothing would happen. No significant business, no federal or provincial ministry, no municipal government depends on these products for anything essential. And if Canada were to build their own local AI to sub in for Chatgpt, Claude and Grok, it would loose tens, if not hundreds of billions of dollars. Worst of all, a national AI strategy does nothing – not one solitary thing – to protect Canada from Trump shutting down our ministries, our companies, or our tractors.

In other words:

If: digital sovereignty + AI = digital sovereignty – AI

Then: AI = 0

If you think AI tools are nifty and want Canada to invest in AI, then first, please stop pretending that this has anything to do with "digital sovereignty." Not only is this a transparent bit of nonsense, it's a dangerous one, because digital sovereignty is a real problem, and AI does nothing to solve it.

If you want a good "national AI strategy," try this: save your money until the bubble bursts, and then buy your GPUs and hire your talent at 10 cents on the dollar and put them to work refining open source models:

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

Buying AI at the top of the market is nuts. That would be like shopping for Aeron chairs and foosball tables in March 2000. If you just sit tight for a couple months, you'll be able to find bankrupt dotcom entrepreneurs selling these at knock-down prices out front of their formerly overpriced office space in the Mission, in the time-honored tradition of former Wall Street millionaires selling apples out of their Rolls Royces:

https://digicoll.lib.berkeley.edu/record/323794

(Literally: I bought a "dining room set" of six $1500 Steelcase Leap chairs in the summer of 2000 from a failed dotcom CEO on Van Ness for $25 a piece – still in the original plastic!)

And in the meantime, please let's stop pretending that digital sovereignty has anything to do with "national AI." If Trump takes away your AI, everything is fine. If Trump takes away your iPhones, Office 365 and tractors, your country grinds to a halt. This is just not that complicated:

If: digital sovereignty + AI = digital sovereignty – AI

Then: AI = 0

(Image: Armin Kübelbeck, CC BY-SA 4.0, modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Napster boss's American Library Association keynote https://web.archive.org/web/20010623201456/https://www.salon.com/tech/wire/2001/06/17/napster/index.html

#20yrsago Flickr: we’ll give full access to competitors – if they reciprocate https://www.flickr.com/groups/central/discuss/72157594165399644/#comment72157594167782546

#20yrsago Report from a concert by a Serbian war-criminal https://web.archive.org/web/20060613081324/http://blog.b92.net/blog/22

#20yrsago European podcasters to WIPO: Stay away from us! https://web.archive.org/web/20060619224538/https://www.bloggernews.net/2006/06/european-podcasters-team-up-to-lobby.html

#15yrsago KFC: support diabetes research by buying an 800 calorie, 56 spoonful of sugar “Mega Jug” https://web.archive.org/web/20110619031415/https://theweek.com/article/index/216462/irony-alert-buy-kfcs-800-calorie-soda-to-support-diabetes-research

#10yrsago Terrorist who murdered Jo Cox shouts: “Death to traitors” in court https://www.csmonitor.com/World/2016/0618/Accused-killer-of-MP-Jo-Cox-makes-defiant-court-statement

#10yrsago Judge orders release of man convicted while his public defender was handcuffed https://web.archive.org/web/20160617172242/http://www.reviewjournal.com/crime/judge-releases-man-who-received-jail-sentence-while-lawyer-was-handcuffs-video

#10yrsago Hambone virtuoso https://www.youtube.com/watch?v=YMJeaZtgwng

#10yrsago Google Fiber now forces subscribers into binding arbitration; days left to opt out https://web.archive.org/web/20160617141759/https://consumerist.com/2016/06/16/google-fiber-copies-comcast-att-forces-users-to-give-up-their-legal-right-to-sue/

#1yrago The Immortal Choir Holds Every Voice https://pluralistic.net/2025/06/18/anarcho-cryptid/#decameron-and-on

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Wed, 17 Jun 2026 18:27:18 +0000 Fullscreen Open in Tab
Pluralistic: The (real) dead economy theory (17 Jun 2026)


Today's links

  • The (real) dead economy theory: Vibes and memestocks, all the way down.
  • Hey look at this: Delights to delectate.
  • Object permanence: Jim Baen has had a stroke; Blame Apple for iTunes DRM; France v the internet; "Rotters"; 1901 undersea cables; Washington Post wants Trump coverage blackout; Taxes are for the little people; Gamer lifecycle; Ghanian postal song; "What Lies Beneath the Clock Tower": Murder of Jo Cox; 12 year old doxed by anti-vaxers; Hong Kong bookseller recants forced confession.
  • Upcoming appearances: LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, London, Edinburgh, Brighton, South Bend.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


The Federal Reserve building, tilted at an eldrirtch angle, wreathed in mist. In the foreground looms an abandoned cemetery. Overhead flies a blood-red moon in a cloudy, ominous sky.

The (real) dead economy theory (permalink)

Here's a fun fact about Elon Musk: in 2020, his (nominal) net worth was $20b, and today it's $1t (nominally). But that's not the fun fact; this is: everything he's done since 2020 was a flop.

As John Quiggin writes, the pre-2020 Musk was the Musk of Tesla, batteries and Starlink. The post-2020 Musk is the Musk of Starship, robotaxis, Cybertrucks and Twitter – a string of commercial flops and assets that literally exploded. I would add that post-2020 Musk created the world's hungriest money-furnace, an automated child-porn production tool called "XAI":

https://crookedtimber.org/2026/06/15/one-big-grift/

Quiggin declares that this is the era in which "financial markets fail in the task of valuing assets accurately," and "the institutional structures that are supposed to make them work have given up trying." Nor did this start with the Spacex IPO. As Quiggin writes, Bitcoin and other cryptos were once shunned by nominally sober financial institutions like Goldman Sachs, but today, not only do all the big banks offer crypto services, people have largely stopped calling it cryptocurrency because no one is even pretending that it's a form of money. It's a tradeable collectible, not even particularly useful for paying for crimes or laundering money.

Spacex is just a continuation of the logic of crypto, in which something is valuable because some people think other people will pay more for it in the future, and not because it does useful things:

https://johnquiggin.com/2018/02/09/bitcoin-kills-the-efficient-market-hypothesis/

That's the logic of the whole market today. AI – the world's money-losingest technology – attracts investment at the expense of everything else. When horrified NIH lifers begged the DOGE boys not to shut down long-running medical research projects, Musk's broccoli-haired brownshirts laughed in their faces, saying we don't need cancer research because "GAI" is almost here and it will cure cancer. You could hardly ask for a better example of investing in vibes over value than shutting down real cancer research to free up money for teaching more words to the word-guessing machine because it's about to become God and cure cancer.

Today, Goldman Sachs isn't merely all-in on crypto – it's all-in on the Spacex IPO. As Quiggin writes, the bank has signed off on Musk's claim that "Musk's ragbag of assets" will grow one hundredfold in the next 40 months.

Quiggin's short essay has been rolling around in my mind since I read it a couple days ago. Then, yesterday, I spotted this essay by Owen McGrann entitled "The Dead Economy Theory":

https://www.owenmcgrann.com/p/the-dead-economy-theory

The perfect name for this phenomenon! Or so I thought. Then I read McGrann's article, and discovered that it's yet another piece asking how the economy will work after AI takes all of our jobs because AI is absolutely going to do that and there's no point in even questioning whether that will happen.

Look, thought experiments about how to deal equitably with labor displacement in the face of automation are all well and good. I'm a science fiction writer, that stuff is my bread and butter.

But applying "dead economy theory" to the blithe acceptance of the claims of AI pitchmen is a terrible waste of a killer coinage. The true risk of AI to your job isn't: "an AI will do your job." It's: "an AI salesman will exploit your boss's infinite horniness for replacing mouthy workers with pliable machines to sell him a chatbot that can't do your job, and then your boss will fire you and replace you with that inept, defective chatbot."

By the same token: the real "dead economy" risk isn't that all the productive labor will be done by chatbots owned by a habitual liar and eminently guillotineable billionaire like Sam Altman. The actual dead economy risk is that our institutions and markets will continue to move capital from productive activity into memestocks, vibes, and bubbles.

We could do "AI cancer research" by producing tools that automate gnarly multivariant analysis problems for cancer researchers. But what we're actually doing is defunding cancer research (especially any research into "systemic" cancer because studying systemic things is "woke") to free up fiscal space so we can build data-centers and make Musk into a trillionaire.

That's not just a dead economy – it's one that'll kill everyone you love and everything that matters.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Jim Baen, science fiction publisher, has had a serious stroke https://nielsenhayden.com/makinglight/archives/007658.html#007658

#20yrsago Why Apple is to blame for iTunes DRM https://web.archive.org/web/20060620004534/http://vitanuova.loyalty.org/NewsBruiser-2.6.1/nb.cgi/view/vitanuova/2006/06/15/1

#20yrsago Lifecycle of a gamer https://www.raphkoster.com/2006/06/16/the-lifecycles-of-a-player/

#20yrsago Spammer: I’ll buy MySpace profiles with more than 20k contacts https://web.archive.org/web/20060619062837/http://skibrooklyn.blogspot.com/2006/06/easy-money-sell-your-friends.html

#20yrsago Psychology of bad probability estimation: why lottos and terrorists matter https://web.archive.org/web/20060627174933/https://server1.sxsw.com/2006/coverage/SXSW06.INT.20060311.DanielGilbert.mp3

#15yrsago Copyright complaint kills Peanutweeter https://web.archive.org/web/20110620093750/https://www.wired.com/underwire/2011/06/peanutweeter-dmca-takedown/

#15yrsago Work song of Ghanian postal workers cancelling stamps https://blogfiles.wfmu.org/KF/0512/Ghana_Post_Office.mp3

#15yrsago What Lies Beneath the Clock Tower: steampunk choose-your-own-adventure https://memex.craphound.com/2011/06/17/what-lies-beneath-the-clock-tower-steampunk-choose-your-own-adventure/

#15yrsago French proposal: any URL to be arbitrarily blacklisted without due process https://www.laquadrature.net/en/2011/06/15/the-entire-internet-under-governmental-censorship-in-france/

#15yrsago Rotters: YA horror novel about grave-robbing chills, thrills, delights https://memex.craphound.com/2011/06/15/rotters-ya-horror-novel-about-grave-robbing-chills-thrills-delights/

#15yrsago Map of undersea cables from 1901 https://web.archive.org/web/20110220121138/http://www.dephx.com/2010/11/map-of-undersea-cables-from-1901.html

#15yrsago Copyright complaint kills Peanutweeter https://web.archive.org/web/20110620093750/https://www.wired.com/underwire/2011/06/peanutweeter-dmca-takedown/

#15yrsago Work song of Ghanian postal workers cancelling stamps https://blogfiles.wfmu.org/KF/0512/Ghana_Post_Office.mp3

#15yrsago What Lies Beneath the Clock Tower: steampunk choose-your-own-adventure https://memex.craphound.com/2011/06/17/what-lies-beneath-the-clock-tower-steampunk-choose-your-own-adventure/

#10yrsago Supreme Court ruling is a blow to copyright trolling business-model https://arstechnica.com/tech-policy/2016/06/attorneys-in-copyright-case-on-resold-textbooks-inch-closer-to-2m-payday/

#10yrsago The Orlando shooting, according to the Congressmen who took the most money from the NRA https://web.archive.org/web/20160617143716/https://theslot.jezebel.com/heres-how-the-congressmen-who-have-gotten-the-most-cash-1782083985

#10yrsago British Pro-EU MP murdered in the street by man shouting “Britain first!” https://web.archive.org/web/20160616212235/https://theintercept.com/2016/06/16/british-referendum-campaign-suspended-killing-pro-europe-lawmaker-jo-cox/

#10yrsago 12 year old makes devastating video about anti-vaxxers, gets doxxed https://skepchick.org/2016/06/anti-vaxxers-dox-a-child-critic/

#10yrsago Report from the prison-industrial complex’s leading trade show https://www.theguardian.com/us-news/2016/jun/16/us-prisons-jail-private-healthcare-companies-profit

#10yrsago Your cable operator is spying on you and selling the data from your set-top box https://publicknowledge.org/public-knowledge-defends-consumer-privacy-in-set-top-box-data-complaint-to-fcc-ftc/

#10yrsago Not robots: youth unemployment caused by late retirement, driven by pension precarity https://thebaffler.com/salvos/exit-planning-geoghegan

#10yrsago Oakland mayor denies firing police chief over officers who statutorily raped teen sex-worker https://eastbayexpress.com/badge-of-dishonor-top-oakland-police-department-officials-looked-away-as-east-bay-cops-sexually-exploited-and-trafficked-a-teenager-2-1/

#10yrsago Paramount tells judge that they’re still suing over Star Trek fan-film https://www.hollywoodreporter.com/business/business-news/paramount-says-star-trek-fan-903497/

#10yrsago $40,000/year private school sues school for low-income kids for $2M over “Commonwealth” https://www.bostonglobe.com/metro/2016/06/16/can-school-lay-claim-commonwealth-its-name-back-bay-institution-believes-can/WHwiaaPEn04cIY6uxXjoiO/story.html

#10yrsago Wisconsin Congresswoman: mandatory drug tests for anyone claiming $150K in itemized tax-deductions https://www.theguardian.com/us-news/2016/jun/16/gwen-moore-drug-test-rich-for-tax-deductions

#10yrsago Hong Kong bookseller: I was forced to confess on China TV https://www.bbc.com/news/av/world-asia-china-36552672#5yrsago

#10yrsago Washington Post calls for “blackout” on Trump coverage, appeals to RNC https://web.archive.org/web/20160615113350/https://www.washingtonpost.com/opinions/the-right-response-to-donald-trump-a-media-blackout/2016/06/14/2868a0e0-3256-11e6-8758-d58e76e11b12_story.html

#10yrsago Security economics: black market price of hacked servers drops to $6 https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/

#10yrsago Lower-case “x” as a gender-neutral typographic convention https://kottke.org/16/06/x-marks-gender-neutral

#5yrsago Taxes are for the little people https://pluralistic.net/2021/06/15/guillotines-and-taxes/#carried-interest

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-06-16T16:45:43+00:00 Fullscreen Open in Tab
Note published on June 16, 2026 at 4:45 PM UTC

Setting aside the absurd premise of this op-ed, I love that the writer felt the need to hedge with "not that has been reported"

"No one's reported that one of the most famous popstars in the world dated a man who at the time was a random oyster farmer from Maine, BUT IT IS POSSIBLE"

@ wsjopinion 13h Did Taylor Swift once date Graham Platner? Not that has been reported, but her songs about dissolute men do echo accounts of women who dated the Maine Democratic Senate nominee, writes Allysia Finley WSJ wsj.com Opinion | Taylor Swift Sings About Graham Platner and Donald Trump
2026-06-16T13:04:06+00:00 Fullscreen Open in Tab
Read "MAGA Pronatalism is Anti-Freedom No Matter the Packaging"
2026-06-16T01:19:25+00:00 Fullscreen Open in Tab
Read "Anthropic's Safety Superpower"
Read:
Anthropic's Safety Superpower.
Ben Thompson in Stratechery. Published .
Here’s the thing about these safety justifications: I think they work because, to Anthropic, they aren’t justifications. The company really believes that they are the only ones who believe in super intelligence, and thus are the only ones who are sufficiently concerned about the dangers. That excuses decision after decision, policy after policy, and confrontation after confrontation that, to people on the outside, look like a bizarre combination of cynicism and naiveté. The contrast to OpenAI is massive: I think that one way to understand how and why OpenAI lost its lead is that, in the years following the release of ChatGPT, the company has been at war with itself internally as what used to be a research lab was suddenly seized with the burden of being the accidental consumer tech company; to the extent OpenAI solved that conflict, it was by bleeding huge amounts of talent to Anthropic in particular. Anthropic, on the other hand, has perfect alignment between talent and mission and business. The company gets to sell to researchers the creation of a machine god, with the mantle of being the sort of person who cares about the dangers and is smart enough to navigate them on behalf of humanity; that every policy change that falls out of that happens to be great for business is the most beautiful coincidence in the world.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
2026-06-16T00:55:57+00:00 Fullscreen Open in Tab
Read "Choosing to Stay Human"
Read:
Choosing to Stay Human.
Ethan Mollick in One Useful Thing. Published .
To be clear, I am cool with a lot of cognitive surrender. I don’t remember phone numbers anymore because my phone does that for me. I am happy my kids didn’t need to learn cursive. I am fine with calculators doing my daily math and my computer figuring out how to schedule my classes. These were once useful skills, but we were probably right to get rid of them. AI is different because the technology is general enough that virtually any cognitive task can be offloaded into it to some degree. I don’t want to be too precious about writing: there is no principle that says a polished email draft has to come out of a human mind any more than a column of arithmetic has to. But we don’t want to give up everything, and that we mostly don’t know yet, for any specific task, what is important and what is not. Deciding that is going to be a real challenge.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
2026-06-15T17:30:00+00:00 Fullscreen Open in Tab
Note published on June 15, 2026 at 5:30 PM UTC
Mon, 15 Jun 2026 15:40:29 +0000 Fullscreen Open in Tab
Pluralistic: AI and amateurism (15 Jun 2026)


Today's links


A man's head made out of contorted bodies. Set into the middle of his brain is a Radio Shack 150-in-1 electronic experimentation kit.

AI and amateurism (permalink)

Over the weekend, I did an interview about my forthcoming book The Reverse Centaur's Guide to Life After AI (a book about being a better AI critic), and the interviewer said she was surprised that I wasn't an AI booster, based on my demographics and work history:

https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/

I could see where she was coming from. I encountered computers in the mid-seventies, as a small child. My first computer was a CARDIAC, a working, Turing-complete, mechanical computer made entirely of cardboard, that I spent endless hours with:

https://www.instructables.com/CARDIAC-CARDboard-Illustrative-Aid-to-Computation-/

Then I graduated to a teletype terminal and acoustic coupler connected to a minicomputer at the University of Toronto. My mom, a kindergarten teacher, used to smuggle home 1,000' rolls of paper towel from the kids' bathroom. I'd get 1,000' feet of computing up one side, then another 1,000' down the other side, then I'd carefully re-roll the paper towel so she could put it back in the bathroom for the kids to dry their hands on.

After that, I got an Apple ][+ in 1979, and shortly thereafter acquired a modem, and that was it: I was hooked for life. I became an amateur programmer, then a professional programmer. I hosted forums on dial-up BBSes where I distributed software and offered support to strangers who wanted to connect their computers to the internet. I got a job as a gopher developer, then a web developer, then a CIO-for-hire, helping wire up small businesses and connect them to the net. Eventually, I co-founded a free/open source software startup, before transitioning to 25 years as a digital rights activist with the Electronic Frontier Foundation. And for most of that time, I was energetically writing science fiction, eventually becoming associated with a school sometimes called "post-cyberpunk":

https://en.wikipedia.org/wiki/Rewired:_The_Post-Cyberpunk_Anthology

The force that energized all this work was a dialectical one, the contradiction that powered cyberpunk literature itself. For all that cyberpunk was undeniably enamored with the coolness and combustibility of new technology, it was also terrified of how technology could be a force for oppression, surveillance and control. As William Gibson says, "cyberpunk was a warning, not a suggestion."

Gibson's more famous quote, of course, is "the street finds its own use for things." In Gibson's novels (and in my own life in technology) all the most interesting things happen when users of technology (often without formal training or credentials) find ways to adapt the technology they use to suit their needs:

https://pluralistic.net/2026/03/17/technopolitics/#original-sin

This is why I remain an ardent fan of Hypercard, Scratch and other meta-tools that are designed to allow non-programmers to write software that exactly conforms to their desires. Whatever the apps produced by these tools lack in sophistication and efficiency is more than offset by the fact that they give everyday people the power to directly control the tools they rely upon.

If "epistemic humility" means anything, it means acknowledging that no amount of "requirements gathering" can capture the needs of people totally unlike yourself as faithfully as those users can capture their own needs. Giving people the tools to produce their own software is always going to make tools – vernacular, idiosyncratic, homespun – that are more suited to their own hands and minds than anything a technologist working on their behalf could make.

The ancient dictum of "nothing about us without us" – born in 16th century Poland and taken up by the modern disability rights movement – asserts the right of people to control their own living conditions, and also the unique capacity of people to understand their own needs. You know what's even better than being consulted on the design of the technology you use? Having direct control over that technology!

This is why I was so suspicious of the iPad. The iPad's much-lauded "ease of use" was entirely about how easy it was to use an iPad to consume technology. But the iPad remains the single most user-innovation-hostile technology in modern history, a device designed to make it impossible to produce technology without permission from a remorseless multinational corporation. This is cyberpunk as a demand, not a warning:

https://memex.craphound.com/2010/04/01/why-i-wont-buy-an-ipad-and-think-you-shouldnt-either/

The technology I've championed all my life is technology that gives more control to its users. One of my immutable precepts is that people who are different from me know things I can't know, and the only way I can get the benefit of their unique knowledge and perspective is if they are free to make and share things that matter to them. As Dan Gillmor said, back when he was inventing the study of citizen journalism, "My readers know more than I do":

https://www.oreilly.com/openbook/wemedia/book/ch00.pdf

And while I am broadly very skeptical of AI, and deeply alarmed by the proliferation of "vibe coded" software in production environments, vibe coding for personal projects is a useful and exciting addition to the lineage of tools that let computer users decide how their computers will work. For people making personal projects, vibe coding extends the power of shell scripting, cron jobs, Applescript, and other desktop automation tools to a wider audience.

One of the journalists I spoke to last week about my book described how he had vibe coded an app that showed him an alert every time a plane flew over his house, giving the tail number and other details of the flight. This is information that I have no need for and no interest in, and that I'm therefore excited to learn about, because its very existence affirms that the world is full of people who are delightfully, irreducibly, amazingly different from me, and moreover, that their unique needs can be directly met using their imaginations and their personal computers.

I recently sat down with my colleague Naomi Novik, a brilliant author who also co-founded Archive of Our Own. Naomi demoed her followup to AO3 for me: Wreccer, a system to help you find small groups of people with taste similar to your own, in order to facilitate media recommendations within that group – a kind of personal, relationship-driven alternative to massive, centralized, monolithic algorithmic recommendation systems:

https://github.com/wreccer

Naomi told me that Wreccer was being built using the same design ethos that the original Twitter embraced. When Twitter launched, it was an API first, and the official Twitter front end was built on that API – but anyone could build their own front end for Twitter that worked in the way they wanted it to. Now, the word "anyone" is doing a lot of work in that sentence, because most people don't even know what an API is, and of the people who do, most of them were not capable of writing their own software front end for Twitter.

But Wreccer is being designed for the age of vibe coding, and the API will really allow anyone who uses the service to design their own interface to the system, one that elevates and centers the features they find useful and tucks away the ones they're not interested in. Your personal, custom front end could also bring in other data-sources – pulling in your Mastodon messages, for example, or even showing you an alert with the tail-number of any plane flying over your home.

This is the part of vibe coding that I'm quite excited about, but it's not the part the industry focuses on. Instead of hearing about how personal, homemade software utilities can be an end unto themselves, we hear about vibe coded projects as prototypes for commercial production code. We hear about clueless bosses vibe coding software products and services that run fine for one user on a siloed desktop computer, and then demanding to know why it takes 50 engineers a year to make the same thing work for millions of users on the public internet. We hear about people who vibe code and submit patches to free/open-source software projects with millions of users, overwhelming project maintainers with slop code that is riddled with security vulnerabilities.

Of course, there's an obvious reason why the industry wants to focus on the potential for vibe coded software to replace production code. The AI bubble has burned up $1.4t to date, while bringing in mere tens of billions of dollars per year, even as its unit economics grow steadily worse:

https://www.telegraph.co.uk/news/2026/06/04/ai-is-the-greatest-money-wasting-scheme-humanity-has-ever-i/

To keep the bubble inflated, AI hucksters must promise massive economic returns to the technology. They want investors to believe that vibe code is about to replace working programmers, who are skilled, high-waged, high-demand workers. Their pitch is that for every million dollars' worth of programmers that an AI salesman and a boss conspire to fire, half a million dollars will go to the AI company whose bots shit out that vibe code.

That's par for the course with the AI bubble, whose focus is entirely on how AI can centralize, control and homogenize our lives. Whereas early desktop publishing, web publishing and social media gave us a glorious higgledy-piggledy of chaotic, weird and transgressive hobbyist media and retina-searing designs, AI art and design are instantly recognizable at a thousand yards, and it all looks the same, boring, and washed:

https://pluralistic.net/2024/07/20/ransom-note-force-field/#antilibraries

AI companies have released open weight/open source models that can run on your own computer, but these are treated as side-shows and toys and demos. The real action, we're told, is in "frontier models," which is industry-speak for "a piece of software whose running costs exceed the GDP of most countries":

https://pluralistic.net/2026/02/19/now-we-are-six/#stock-buyback

Perhaps this is why the dynamics of AI are so different from the early dynamics of the web. Early web users were workers, who demanded that their bosses allow them to use the web and so devolve more power to people doing their jobs. By contrast, today's most ardent AI boosters are bosses, who threaten workers who don't use AI enough in the course of their duties:

https://pluralistic.net/2026/05/26/the-ai-will-continue/#until-morale-improves

Where we do see idiosyncrasy emerging from AI usage, it's often terrible. AI can help you create a folie-a-un in which you and a chatbot team up to reinforce your delusions and drive you deeper into a world of dangerous mirage:

https://pluralistic.net/2026/06/03/mission-space/#gsd

There's a (false) story that's told about people who championed the early internet: that we were blithely certain that technology could only be a force for good, and negligently disinterested in the possibility that technology could control, extract and harm. That's demonstrably untrue: recall cyberpunk's dualism of "the street finds its own use for things" and "cyberpunk is a warning, not a suggestion."

More true is to say that early internet champions were alive to the importance of the internet, and therefore both excited about the possibilities of the internet to deliver a world of connection, idiosyncrasy, love and solidarity; and about the danger of the internet as a dystopian system of surveillance and manipulation:

https://pluralistic.net/2025/02/13/digital-rights/#are-human-rights

History isn't finished. Long after the AI bubble pops, there will be local models and people vibe coding homemade software that respond directly to their needs. The stuff we make on our own computers, for ourselves, is deplatformed from its inception. It's part of the life we can build in technology's "shadowy corners" that we used to just call "technology." The fact that this stuff is utterly unsuited to be production code makes it inherently unmonetizable. It's how the street finds its own use for things:

https://pluralistic.net/2026/02/23/goodharts-lawbreaker/#no-metrics-no-targets

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Disney characters win right to clean underwear https://web.archive.org/web/20010707023727/https://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2001/06/07/state1339EDT0171.DTL

#20yrsago Lampooning the American dismissal of Gitmo suicides https://fafblog.blogspot.com/2006/06/610-changed-everything-run-for-your.html

#20yrsago LA’s South Central Farm under police siege right now https://web.archive.org/web/20060616085732/http://www.southcentralfarmers.com/index.php?option=com_content&task=view&id=160&Itemid=2

#15yrsago Transparent Pontiac for sale https://web.archive.org/web/20110610113919/http://blog.hemmings.com/index.php/2011/06/07/the-tin-indian-that-wasnt-rm-to-offer-see-through-pontiac/

#15yrsago Pulp Fiction edited down to just the cussing https://www.youtube.com/watch?v=5PcAQbhnGNs

#15yrsago New York State to pet cemeteries: no pet owners’ ashes allowed https://web.archive.org/web/20110614133359/https://www.foxnews.com/us/2011/06/11/new-york-tells-pet-cemeteries-to-stop-taking-in-humans/#ixzz1PAZoGS6l

#15yrsago A dog with persistence-of-vision LEDs in her shirt writes my novel Makers in the park at night https://web.archive.org/web/20110618011346/https://i.document.m05.de/?p=970

#15yrsago Head of UN copyright agency says fair use is a “negative agenda,” wants to get rid of discussions on rights for blind people and go back to giving privileges to giant companies https://memex.craphound.com/2011/06/14/head-of-un-copyright-agency-says-fair-use-is-a-negative-agenda-wants-to-get-rid-of-discussions-on-rights-for-blind-people-and-go-back-to-giving-privileges-to-giant-companies/

#10yrsago Air Force loses access to database tracking fraud investigations to 2004 https://arstechnica.com/information-technology/2016/06/database-corruption-erases-100000-air-force-investigation-records/

#10yrsago Peter Thiel’s lawyer threatens Gawker for talking about Donald Trump’s “hair” https://web.archive.org/web/20160615022004/https://gawker.com/now-peter-thiels-lawyer-wants-to-silence-reporting-on-t-1781918385

#10yrsago Samantha Bee on Orlando shooting: angry and uncompromising https://www.youtube.com/watch?v=t88X1pYQu-I

#10yrsago Goldman Sachs bribed Libyan officials with sex workers, private jet rides, then lost all their money https://www.theguardian.com/business/2016/jun/13/goldman-sachs-hired-prostitutes-to-win-libyan-business-court-told

#10yrsago Net Neutrality Wins: Federal Court Upholds FCC Open Internet Rules https://www.techdirt.com/2016/06/14/cable-industry-proclaims-more-competition-hurts-consumers-damages-economic-efficiency/

#10yrsago Microsoft will buy Linkedin for $26.2B https://arstechnica.com/information-technology/2016/06/microsoft-will-acquire-linkedin-for-18-5b/

#10yrsago Lin-Manuel Miranda’s Tony Awards sonnet for the Orlando shooting victims https://www.rollingstone.com/tv-movies/tv-movie-news/see-lin-manuel-mirandas-stirring-tribute-to-orlando-victims-103131/

#10yrsago China’s online astroturf is mostly produced by government workers as “extra duty” https://web.archive.org/web/20160613194153/http://arstechnica.com/information-technology/2016/06/red-astroturf-chinese-government-makes-millions-of-fake-social-media-posts/

#10yrsago Rio: your quadrennial reminder that the Olympics colonize host-states with Orwellian surveillance and human rights abuses https://web.archive.org/web/20160614122124/https://motherboard.vice.com/read/the-olympics-are-turning-rio-into-a-military-state

#5yrsago A Monopoly Isn’t the Same as Legitimate Greatness https://pluralistic.net/2021/06/13/a-monopoly-isnt-the-same-as-legitimate-greatness/

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Sat, 13 Jun 2026 17:49:56 +0000 Fullscreen Open in Tab
Pluralistic: Shareholder supremacy and the precog CEO (13 Jun 2026)


Today's links


A fake cover for CEO magazine. The central figure is a ZOLTAR fortune-telling animatronic, seated before various divination tools. The headline over him is FIDUCIARY DUTY. In the top right corner, there's a slug reading 'UNIVERSAL EXCUSE: A bright line test that's also *totally* unfalsifiable.' To Zoltar's left is another slug reading, 'FRIEDMAN SAID IT: I believe it. That's good enough for me.'

Shareholder supremacy and the precog CEO (permalink)

It's been 55 years since Milton Friedman – cursed be his name – published his NYT editorial, "The Social Responsibility of Business Is to Increase Its Profits," in which he invented the idea of shareholder supremacy out of whole cloth and declared it to be a universal, freestanding, inarguable truth:

https://www.nytimes.com/1970/09/13/archives/a-friedman-doctrine-the-social-responsibility-of-business-is-to.html

Friedman's editorial railed against the idea of "corporate social responsibility," arguing that corporate managers should confine the exercise of their consciences to projects involving their own money and resources. At work, managers must harden their bleeding hearts and do nothing except increase the returns to their shareholders.

Friedman wasn't merely arguing that this would give rise to better companies – the crux of his argument was that by adopting this "fiduciary duty" standard, it would be easy to determine whether a company was being well-managed or run into the ground:

https://pluralistic.net/2024/09/18/falsifiability/#figleaves-not-rubrics

Friedman argued that "being a good person" was a squishy, undefinable standard that could never be objectively measured. But "maximizing shareholder value" was a crisp, bright-line test that could be readily evaluated by any reasonable person. "Did this manager make as much money as possible for the company's owners?" feels like the kind of question we can all agree on, while, "Did this manager behave in an ethical way?" is much harder to answer.

But even a few moments' thoughts reveal the flaw in this line of reasoning. We can all agree whether a manager made money for the shareholders – but how can we know whether the manager made as much money as possible?

Think about how much "corporate social responsibility" cashes out to performative and insincere nonsense and/or cynical marketing. Target didn't stock Pride merch because they love their LGBTQ friends. They stocked it because they thought they could sell it (same goes for BP marketing its "green" gasoline). Google supports its coders' environmental/queer/antipoverty efforts because being the "don't be evil" company lets you hire in-demand workers who might otherwise go to work for Meta, and every engineer a Silicon Valley firm hires adds an average of $1m to the company's annual bottom line.

Further: it would be absurd to hold managers to the "make as much money as possible" standard in a competitive market, because in that market, there will always be a company that comes in second. If "as much money as possible" is the standard and you're Chairman of the Board of the number two company, with $10b in profit, while the number one pulled in $11b, "as much money as possible" demands that you fire the C-suite immediately, since they objectively could have done 10% better.

So the real standard isn't "make as much money as possible," it's "try to make as much money as possible." And here again, there's no objective way to evaluate managerial performance. Target made a lot of money by selling Pride merch…until they didn't. Do we fire the Target C-suite because they failed to anticipate that 2024 would mark America's transition into the chuddocene, an era in which selling Pride tchotchkes makes you cucked and soy and, you know, gay?

Whether it's "make as much money as possible" or "try to make as much money as possible*," shareholder supremacy can only be evaluated with the aid of a crystal ball…or a time machine.

Which raises a question: what made this nonsensical shareholder supremacy standard so damned attractive to corporate leaders?

Well, what if the ambiguity of shareholder supremacy was a feature and not a bug? What if the function of shareholder supremacy was to absolve the cruelest people for indulging their most sociopathic instincts? What if this "bright line test" was actually a universal excuse, an all-purpose accountability sink that could be used to justify any cruelty or cowardice? "Why didn't I fire my college buddy when I found out that he was sexually abusing his colleagues? Well, he was the best salesman on the team, and I have an obligation to my shareholders. Sorry, my hands were tied."

In other words: Don't get mad at me.

Get mad at Milton Friedman.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Microsoft gets Linux geeks evicted from convention center https://web.archive.org/web/20010619154332/http://www.newsforge.com/article.pl?sid=01/06/01/1540231

#20yrsago Stanford prof sues James Joyce estate for right to study Joyce https://web.archive.org/web/20060615203517/http://news.yahoo.com/s/ap/20060613/ap_on_en_ot/james_joyce_lawsuit

#20yrsago Inside China’s iPod sweat-shops https://web.archive.org/web/20060616173514/http://www.macworld.co.uk/news/index.cfm?RSS&NewsID=14915

#15yrsago Terry Pratchett initiates assisted suicide process https://web.archive.org/web/20110614215922/https://www.telegraph.co.uk/health/8571142/Sir-Terry-Pratchett-begins-process-that-could-lead-to-assisted-suicide.html

#15yrsago Lego-making machine made of Lego https://www.eurobricks.com/forum/forums/topic/56346-review-moulding-machine-4000001-lego-insider-tour-exclusive/

#10yrsago It’s getting harder and harder to use gag clauses to silence laid off workers in America https://web.archive.org/web/20160611202305/https://www.nytimes.com/2016/06/12/us/laid-off-americans-required-to-zip-lips-on-way-out-grow-bolder.html

#5yrsago The ACCESS Act https://pluralistic.net/2021/06/12/access-act/#interop

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-06-13T15:22:31+00:00 Fullscreen Open in Tab
Read "Why "Book-Shaming" Won't Solve the Children's Literacy Crisis"
Read:
Why "Book-Shaming" Won't Solve the Children's Literacy Crisis.
Jessica Winter in The New Yorker. Published .
Barnett’s concerns about literary merit and professional esteem may be timeless, but they are not terribly timely; they seem to float high above the current on-the-ground realities of what many educators and researchers agree to be a literacy crisis. In urging his audience to see children’s books as “real books,” Barnett skips over larger, more pressing questions about why so many children aren’t reading books at all, real or otherwise.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
Fri, 12 Jun 2026 20:45:52 +0000 Fullscreen Open in Tab
Pluralistic: Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme (12 Jun 2026)


Today's links


A pig in a sty. It is wearing badly applied lipstick. From behind one hairy ear pokes the Android droid.

Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme (permalink)

Long before "agentic AI," we had the idea that software would act as your agent on the internet. That's why the old-fashioned technical term for a browser is a "user agent." Your browser acts on your behalf to retrieve information and then show it to you, in the format you choose. It's your agent:

https://pluralistic.net/2024/05/07/treacherous-computing/#rewilding-the-internet

This is a powerful and profound idea. It is because browsers are our "agents" that we expect them to accept our directives, say, by blocking pop-ups, or by turning off autoplay sound, or by blocking commercial surveillance trackers:

https://privacybadger.org/

Your browser does all that because your browser works for you. The reason your browser can work for you is that the web is an open, standardized technology. In theory, anyone who follows the standards published by the World Wide Web Consortium (W3C) can make a browser, and that web browser can connect to any web server. Browsers and servers are interoperable. It's the same force that means you can put anyone's gas in your gas-tank, or anyone's shoelaces in your shoes, or anyone's milk on your cereal.

But what if manufacturers could dictate those choices to you? What if your light socket refused to use a lightbulb unless it was officially blessed by the socket's manufacturer? What if your dishwasher refused to wash your dishes unless you bought them from one of the manufacturer's "dish partners"? What if your toaster refused to toast "unauthorized bread"?

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

It's hard to see how a company could win its market with this strategy. After all, if the dishes are really better than the competition's, you'd buy them voluntarily, without any need for law or technology to force the matter. The only reason to make a dishwasher that refuses a rival's dishes is if the manufacturer's own dishes are ugly, expensive, and/or badly made.

But once a company owns the market – once they've achieved dominance by buying out their rivals; by bribing potential competitors to stay out of their lane; and by engaging in deceptive conduct to trap key suppliers and customers – they could cement their dominance by blocking interoperability, keeping out rival dishes, milk, gas, lightbulbs, shoelaces and bread, capturing their whole market and squeezing it.

That's what Google has done, and that's what Google wants to do more of. Google's commercial behavior has been so unethical, deceptive and abusive that the company just lost three federal antitrust cases:

https://www.bigtechontrial.com/p/google-loses-the-adtech-monopolization

This thrice-convicted monopolist bribed Apple – more than $20b/year – to stay out of the search market:

https://www.eff.org/deeplinks/2025/02/how-do-you-solve-problem-google-search-courts-must-enable-competition-while

They cheated app vendors, ripping them off with sky-high junk fees and onerous conditions that raised prices while lowering the share of your spending that went to the companies whose products you were paying for:

https://www.thebignewsletter.com/p/boom-google-loses-antitrust-case

They cheated advertisers, rigging the ad market to gouge businesses on ad prices and underinvesting to fight rampant ad-fraud, sucking hundreds of billions out of the productive economy for overpriced ads that no one saw:

https://www.justice.gov/opa/pr/department-justice-prevails-landmark-antitrust-case-against-google

Google wasn't always this way. The "don't be evil" company owes its very existence to the open web ecosystem. When the company started to index the web in 1998, it was playing on an open field, where any web server could talk to any "user agent," even one whose user was a startup like Google, that was making a copy of every page on the server.

For years, Google thrived on the open web, and built open technologies. Android – the mobile operating system that Google bought in 2005 – was presented as an "open" alternative to existing mobile offerings, and as the mobile market collapsed into two companies – Google and Apple – Google always presented Android as the open alternative to Apple's "walled garden."

There were always ways in which Google's "open" Android wasn't exactly open. The company engaged in illegal "tying" arrangements that forced hardware vendors and carriers to lock out versions of Android that were created by Google's competitors:

https://ec.europa.eu/commission/presscorner/detail/en/ip_18_4581

In other words, even though Google offered a mobile platform that was (mostly) technically open, they used commercial and legal strategies to choke off the market oxygen for alternative Android versions that tried to capitalize on that technical openness.

But life finds a way. The existence of an open, modifiable, tinkerer-friendly mobile operating system meant Android hackers could create alternatives to Google's (de facto) walled garden, which thrived in the cracks in that garden wall. Operating systems like CalyxOS, PureOS and Graphene offered a more private, more secure Android experience, one that was largely "de-Googled," blocking Google's relentless acquisition of your private data:

https://grapheneos.org/

And Google's data-hunger is relentless. Android exfiltrates a chunk of your personal and behavioral data every five minutes. The "resting heartbeat" of Android surveillance pulses and pulses, irrespective of whether you're using your device, and the instant you unlock your screen, that heartbeat quickens, sending even more data to the company:

https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/

All that data has proved irresistible to authoritarian governments. Donald Trump's enforcers have seized on Google data as a vital source of information about the identity of protesters and the location of migrants hunted by ICE:

https://www.eff.org/deeplinks/2026/04/google-broke-its-promise-me-now-ice-has-my-data

So there are plenty of reasons why users would seek out these de-Googled alternatives to Android, finding them in spite of Google's illegal commercial tactics to block access to competing technologies. The worse it got, the better those alternatives looked.

Perhaps this explains Google's years-long effort to increase the technical barriers to using modified versions of Android, beefing these up to match the commercial restrictions that stand in the way of a de-Googled existence.

Back in 2023, Google floated the idea of "Web Environment Integrity" (WEI), a set of modifications to web standards that would force your computer to disclose its operating environment to the web servers it connected to, even if you objected to this disclosure:

https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai

WEI was a form of "remote attestation." That's when your device uses a sub-processor (sometimes called a "Technical Protection Module" or "TPM") or a walled off part of its main processor (sometimes called a "secure enclave") to produce a cryptographically signed description of your device and its configuration: which hardware, software, plug-ins and settings you're running.

When you connect to a server, it demands that your device send this "attestation" before it handles your request. If your device won't provide this data, or if the server doesn't like (or recognize) your device and its details, it can refuse to deal with you. And because the attestation is prepared by a TPM or a secure enclave that you can't modify or override, you don't get to decide which facts about your device it's allowed to see.

Practically speaking, this means that remote attestation lets a server refuse to deal with you until you turn off your ad-blocker and your tracker-blocker. It means that the server can discriminate against users who block auto-play sound and video, who block pop-ups, who put the tab in the background when it's playing a mandatory pre-roll ad.

WEI was especially disturbing in light of Google's efforts to kill ad-blockers and privacy blockers through updates to Chrome, an effort that continues to this day:

https://protonprivacy.substack.com/p/google-is-finally-killing-ublock

These blockers are an important part of the dynamic between web publishers and their users. In the real world, when you get an offer, you can make a counter-offer. That's all an ad-blocker is: a way for users to respond to a server whose opening bid is, "How about you give me all your data and let me take over your computer in exchange for showing you this page?" with "How about 'Nah?'"

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

We didn't get rid of pop-up ads by making them illegal, or by boycotting advertisers who used them. We got rid of pop-up ads when web users installed pop-up blockers, which made pop-up ads pointless. Take away our ability to block obnoxious digital content and you guarantee that we will be flooded with it.

These kinds of modifications aren't just used to block ads – they're also key to accessibility. People who have photosensitive epilepsy or who (like me) suffer from low-contrast vision problems use add-ons to reformat pages so that we can safely and legibly access them.

WEI's creators said they were only trying to put the web on a level playing field with apps, which routinely rat you out to the companies you connect to. Apps are a source of bottomless enshittification, not least because (unlike the web), they enjoy special, dangerous legal protections that make it very legally risky to modify them:

https://pluralistic.net/2025/07/31/unsatisfying-answers/#systemic-problems

WEI wasn't an effort to level the playing field between apps and the web – it was a race to the bottom, an attempt to make the web as enshittogenic as the app hellscape.

Public outrage to WEI killed the project, but Google's commitment to augmenting its illegal commercial lockdown efforts with technical lockdowns never ended. Now, Google has rolled out an experimental "reCAPTCHA Mobile Verification" that uses an app, your camera, and your device's TPM or secure enclave to produce an attestation about your Android device:

https://support.google.com/recaptcha/answer/16609652

This will make it much easier for the apps and other services you interact with to block your device if you run an Android alternative, or if you install a mod that overrides the actions of Google's stock Android:

https://www.reddit.com/r/PrivacySecurityOSINT/comments/1tbdjbj/privacy_concerns_around_googles_recaptcha_mobile/

This is a terrible idea – it's every bit as bad as WEI was. In an age in which Big Tech is ever-more tied to authoritarian governments, redesigning our devices to tell strangers things we don't want them to know isn't just shortsighted, it's inexcusable.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Images from anti-DRM protest at the San Fran Apple Store https://www.flickr.com/photos/quinn/tags/drmprotest/

#15yrsago Reasons people were arrested at the Toronto G20 https://memex.craphound.com/2011/06/11/reasons-people-were-arrested-at-the-toronto-g20/

#15yrsago Paul Krugman: Rule by rentiers favors billionaires, Chinese bond-holders over jobs and homeowners https://www.nytimes.com/2011/06/10/opinion/10krugman.html?_r=1

#15yrsago Ontario publicly funded Catholic school bans rainbows, appropriates student donations for LGBT cause and gives them to Catholic charity https://web.archive.org/web/20110610125236/https://www.xtra.ca/public/Toronto/Rainbows_banned_at_Mississauga_Catholic_school-10262.aspx

#10yrsago How to be less wrong about the First Amendment https://web.archive.org/web/20160611221927/https://popehat.com/2016/06/11/hello-youve-been-referred-here-because-youre-wrong-about-the-first-amendment/

#10yrsago Mounties used Stingrays to secretly surveil millions of Canadians for years https://web.archive.org/web/20160610182607/https://motherboard.vice.com/read/the-rcmp-surveilled-thousands-of-innocent-canadians-for-a-decade

#5yrsago Privacy Without Monopoly, EU edition https://pluralistic.net/2021/06/11/technological-self-determination/#dma

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-06-12T15:20:34+00:00 Fullscreen Open in Tab
Published on Citation Needed: "Second Circuit rejects Sam Bankman-Fried’s appeal"
Thu, 11 Jun 2026 14:43:06 +0000 Fullscreen Open in Tab
Pluralistic: The world has moved on (11 Jun 2026)


Today's links


A blasted wasteland with a mushroom cloud rising over it. In the foreground are swarms of drowning people climbing over each other to escape into the limbs of a dead tree, and a crowd of agonized skeletons. All sourced from Dore engravings illustrating the Old Testament.

The world has moved on (permalink)

Douglas Adams wrote, "Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you’re 15 and 35 is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're 35 is against the natural order of things."

I think about this quote whenever I get angry at the technology around me. When I rail against the Great Enshittening, am I simply committing the sin of nostalgia ("Nostalgia is a toxic impulse" -J. Hodgman)? I am, after all, old.

I've written before how conservatives' yearning for "simpler times" is really just a wish to be a child again. The reason times seemed simpler during your childhood is that you were a child, and if your parents did their job, they shielded you from a lot of the complexity of their adulthood so you could enjoy your childhood:

https://pluralistic.net/2025/04/24/hermit-kingdom/#simpler-times

That's where the "National Customer Rage Survey" comes in. It's been surveying a panel of 1,000 representative consumers every three years for a decade, continuing a research project that started in 1976. The survey measures respondents' attitudes towards the businesses they deal with, and as of 2025, it's fair to say, customers are pissed:

https://customercaremc.com/2025-national-customer-rage-study/

We're experiencing more problems with the products and services we use. Those problems are more severe, they make us angrier, and they produce lingering stress. More and more, we are seeking revenge on the businesses that piss us off.

So it's not just me, an old man yelling at the cloud. The world is getting shittier.

The latest Customer Rage Survey inspired The Guardian's Heather Timmons to launch a new investigative series looking at how fucked up everything is. Her inaugural installment is very good, and it's drawn a massive reader response:

https://www.theguardian.com/us-news/ng-interactive/2026/jun/04/us-consumer-rage-prices-economy

I spoke with Timmons this week about the series. She told me she's been deluged with emails from readers who feel that the world is different now – and many of them cite my work on enshittification. Timmons wanted to know what advice I had for her readers. I told her that I don't think you can solve this as a consumer, because this isn't a market problem, it's a political problem, and shopping isn't politics:

https://pluralistic.net/2026/05/21/purity-culture/#stop-fucking-that-chicken

Later, Timmons forwarded one of those emails to me. It gave an eloquent and evocative account of just how rancid the vibe is these days. The writer said that when they and their spouse encounter this rot, they cite Stephen King's Dark Tower novels, quoting the oft-repeated phrase from that series: "The world has moved on."

At this point, I should warn you that the following contains some Dark Tower spoilers, so if you're planning to read a decades-old (but very good) dystopian western/science fiction crossover series, and if spoilers bug you, this might not be the essay for you.

Spoiler alert!

Still with me? OK, then.

In the Dark Tower novels, we crisscross a fallen world in which decay is all around us. The buildings are rotten, the machines have stopped working and no one knows how to fix them, babies and livestock alike are frequently born with deadly congenital defects. Much of the world has fallen into wasteland, cracked and barren. An army of wreckers, led by the demagogue John Farson (who styles himself "The Good Man") are slowly but surely conquering the land, laying waste to those few remaining outposts of civilization and conscripting the young men in the conquered lands to march on their neighbors.

It wasn't always this way. There was a time when the world was defined by hope and virtue and light, when the machines were fixed and the crops were harvested. Life wasn't golden – there were still squabbles and sorrows and even wars – but life was good.

And then the world moved on.

For reasons that no one truly understands, the normal push/pull of decay and renewal turned into a one-way, irreversible process in which everything that crumbled or snapped or burned up couldn't be repaired or replaced or recovered. Our mysterious ability to beat back the Second Law of Thermodynamics – an absurdity we probably should have always treated as an aberration – has collapsed. The world has moved on.

The Dark Tower series is a long, long, long Bildungsroman, with many detours through the life-stories of the characters in the ensemble cast, as well as the biographies of many of the figures they meet along the road. It's mostly an adventure novel, as road-trip tales tend to be, but those character studies and the lore that they surface – from our world and theirs – creates an overwhelming, many-layered, richly textured sense of loss and worse, of despair. For the world has moved on, and despite the love and care and bravery of many of the people in that world, the world cannot be redeemed. Each terrible day of those people's lives is the best day of the rest of their lives. From here on in, it only gets worse.

When Timmons' reader and their spouse greet every fresh depredation in modern life – hours on the phone with customer service to resolve a billing error that the company repeats every month, say – with "the world has moved on," they are invoking something heavy. This isn't just a rancid vibe, it's the fucking end-times.

For all that the Dark Tower novels are a series of cracking adventures and thoughtful character studies, they are also a mystery. Over and over again, we are made to ask ourselves, why has the world moved on? Was it John Farson and his army? Was it the Man in Black, the evil wizard whom the book's protagonist has pursued across time and space? Was it the Crimson King, the evil force whom the Man in Black serves?

Well, yes – and no.

Midway through the novels, we learn that the Crimson King and his evil minions have laid siege to "the beams," vast ley-lines that span the universe and provide the force that pushes away entropy, creating breathing room where repair and care can live. "All things serve the beams," we're told. The beams are the organizing force of the universe, the answer to the riddle of how such pitiful things as we could have fought back remorseless entropy for so long. By attacking the beams, the villains of the series have all but snuffed out that force, and so the world has moved on.

When I read that email and the invocation of the Dark Tower, I was immediately struck by how apt this comparison is. Because, as I've written many times, there were always enshittifiers who would have plundered your data and money and treated you with naked contempt:

https://pluralistic.net/2025/03/04/object-permanence/#picks-and-shovels

There were always enshittifiers, but those enshittifiers faced external forces that checked their wreckers' urge. They were held in check by competition, and regulation, and workers' sense of fairness and duty, and by the threat of new products and services that might pop up to correct the defects they deliberately introduced into their products by enshittifying them.

And the foundation – the Dark Tower upon which all the beams converged- was antitrust enforcement, grounded in the idea that we could not afford to let any company – not a "good" company, nor a "bad" company – get so large that it could no longer be regulated, lest its executives become "autocrats of trade":

https://pluralistic.net/2022/02/20/we-should-not-endure-a-king/

The same people who laid siege to antitrust law would later come after all forms of checks and balances. These are the people who gave us the "unitary executive" and Project 2025, and the collapse of accountability that has allowed the worst people to commit the gravest sins they could imagine and still reap vast fortunes. These beam-breakers wanted kings, and they got them.

I collect definitions of "conservatism," and one of my favorites comes from Corey Robin's book, The Reactionary Mind. Robins asks how it is that we can call so many disparate, irreconcilable ideologies – various ethno-nationalisms, imperialism, financialism, patriarchy, Christian nationalism, libertarianism, white supremacy, etc – "conservative"? What binds all these views together?

https://pluralistic.net/2025/07/22/all-day-suckers/#i-love-the-poorly-educated

Robin's answer: the foundation that all these otherwise disparate views share is that some people are born to rule, while others are born to be ruled over. When these lesser people are elevated to positions of power, their inferiority creates a system of misrule, by which we all suffer. The best outcome for everyone is for us all to know our place and defer to our social betters.

That's why conservatives are obsessed with affirmative action, DEI, and any form of anti-racism. For them, the discriminatory outcomes we see in the wild are natural, reflecting the in-born defects in the people at the bottom of the social order. That's why, after every plane crash, every collision between a cargo ship and a bridge, every spectacular corporate bankruptcy, conservatives race to uncover the race, gender, religion and sexual orientation of the captain, the pilot or the CEO.

If the person who oversaw the catastrophe has anything remotely resembling a marginalized identity, then this is loudly trumpeted as confirmation that "diversity hires," promoted above their station, are ruining our society and wrecking our bridges. Naturally, if the person in charge was a wealthy, well-born, straight white guy, that's just proof that shit happens – it definitely doesn't prove that white straight guys, as a class, should be removed from positions of power.

For conservatives, virtue is "whatever the people who are born to rule desire." Hence Frank Wilhoit's definition of conservativism, "exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect." It's not a crime if the president does it. It's also not a crime if your boss does it, or if a monopolist does it, or if ICE does it. It's not a crime if the IDF do it, or if the Epstein Class do it. "Taxes are for the little people":

https://pluralistic.net/2021/06/15/guillotines-and-taxes/#carried-interest

The attack on antitrust law was part of the attack on the rule of law, the campaign to put everyone back in the their place. It's a piece of the effort to establish a new hereditary aristocracy, and every hereditary aristocracy requires heredity serfs (that would be us):

https://pluralistic.net/2022/11/06/the-end-of-the-road-to-serfdom/

The ideology of economism – which says that market outcomes are the only way to govern a society – cashes out to "the strong do what they can and the weak suffer what they must." If we interfere with mergers, or labor practices, or commercial conduct, we "distort the market," which is literally going against nature:

https://pluralistic.net/2022/10/27/economism/#what-would-i-do-if-i-were-a-horse

That's why Trump dismantled the consumer protection agencies, the antitrust agencies, the labor protection agencies, and the environmental protection agencies. When someone in power cheats the system, that's not a crime, no matter how many people they rob, maim or kill. As Trump told us on the debate stage in 2016, that kind of cheating "makes me smart":

https://pluralistic.net/2024/12/04/its-not-a-lie/#its-a-premature-truth

That's why Elon Musk (almost) got to force every pension saver in America to bail out his money-incinerating AI business and his failed social media takeover – because the rules that protect everyday investors are "for the little people." Musk's mistake was trying to get a bunch of billionaires to hold the bag, too. The one form of systemic violence our society will not tolerate is trillionaire-on-billionaire violence:

https://www.cnbc.com/2026/06/05/spacex-blocked-from-early-us-benchmark-index-entry-as-sp-reaffirms-existing-rules.html

The world has moved on. 50 years of neoliberal rule has weakened and snapped the beams – the rule of law, consumer and labor rights, civil rights – that radiated from our Dark Tower – antitrust law, which blocked the emergence of the "autocrats of trade." The people who besieged these beams had the same motives as the Crimson King and John Farson and the Man in Black: they were willing to pay any price for a world free from consequences for people like them. They knew they were born to rule, and that the rules were "for the little people," that breaking those rules "made them smart."

They wanted "bossism." Or, as rendered in the original Afrikaans, "baasskap," which means, "the social, political and economic domination of South Africa by its minority white population":

https://en.wikipedia.org/wiki/Baasskap

Not for nothing, baasskap is the foundation of Muskism, the ideology that Elon Musk epitomizes, even if he can't articulate it:

https://pluralistic.net/2026/04/21/torment-nexusism/#marching-to-pretoria

In "The Utopia of Rules," the late David Graeber described how neoliberal deregulation produced exactly the kind of state that we were warned we'd get under communism. Thanks to monopolies, all the stores were the same and they all sold the same goods. Thanks to the dismantling of labor protection and unions, no one had enough money to get by. Thanks to elite impunity, we were ruled by monsters who committed crimes in the open and thrived as a result. Thanks to unchecked greed, we paid everything we had for healthcare, only to be denied treatment when we needed it. Thanks to the dismantling of the welfare state, more and more of us had to wait in long lines to fill out absurdly long forms in triplicate. Thanks to the intrinsic instability of such a terrible system, more and more of us ended up in prison, and protest became more and more illegal:

https://memex.craphound.com/2015/02/02/david-graebers-the-utopia-of-rules-on-technology-stupidity-and-the-secret-joys-of-bureaucracy/

Graeber pointed out that the rise of the web made it seductively easy for people in authority to force us to fill in forms. When analog bureaucracies impose paperwork costs on us, they also impose paperwork costs on themselves, because processing and filing those forms requires substantial effort, even if filling in those forms requires even more effort from us.

When it comes to virtual paperwork, the asymmetry is even more pronounced. Sure, it takes some admin to set up an online form and write the scripts to process its outputs, but that's a one-off. The form-giver can perform a very little admin and still impose a giant, repeated admin burden on the rest of us.

AI has only made this worse. Now, thanks to vibe coding, everyone can produce a form and its associated processing and analytics back-end with prompts, which creates a grave moral hazard. The kinds of activities that I used to fill in a single short form to accomplish now require ten lengthy forms, created by different people in the same organization, all asking for variations on the same information. Through AI, we have democratized bureaucracy. It's Kafka-as-a-service.

What's more, when you're dealing with a monopoly, you have no choice but to complete whatever paperwork they throw at you. And when the vibe-coded back-end scripts shit the bed and lose or misinterpret your data, you have no choice but to endure an infinite telephone hold queue (if you're lucky) or get shunted to a customer service bot (if you're unlucky):

https://pluralistic.net/2025/11/11/sorry-to-bother-you/#we-dont-care-we-dont-have-to

It's entirely possible to build webforms that are thoughtful, fast, respectful of our time, and well-processed. The problem is that fielding these forms requires that the form-giver undertake some intensive, moderately expensive work (once), while skipping this step merely requires that we all perform intensive, time-consuming work (over and over and over again):

https://mohkohn.co.uk/writing/html-first/

This is how we end up with government forms that require you to list every trip you have ever taken to the USA, since your infancy, with every flight number, which you can only get help with by talking to a chatbot that emails you an out-of-date PDF no matter what question you ask of it:

https://pluralistic.net/2026/02/06/doge-ball/#n-600

This is how we end up with massive customer service queues, long lines at tills, and no one at the gate to answer your questions when your flight is canceled. Understaffing is a form of enshittification, one that shifts value from shoppers to owners, and shifts consequences from owners to workers:

https://pluralistic.net/2026/03/22/nobodys-home/#squeeze-that-hog

This is how we end up with broken machines that no one can fix. Firing workers and replacing them with chatbots or contractors means incinerating their process knowledge – the precious, inchoate, unrecorded understanding that keeps everything working:

https://pluralistic.net/2026/04/08/process-knowledge-vs-bosses/#wash-dishes-cut-wood

This is how companies that make products we love suddenly decide to wreck those products: when the only consequences for shitty products is angry customers with nowhere to go and no one to vent their rage upon except workers who have no labor rights and can't afford to quit, why not do a mafia bust-out for every business?

https://pluralistic.net/2023/07/28/microincentives-and-enshittification/

The world has moved on. Nothing works. Everything costs too much. No one can help. No one knows how to fix anything. The beams were broken by the Crimson King and his economism-crazed minions. The Dark Tower might fall.

So what consumer advice do I have for people who are angry about this? I don't have any consumer advice, I'm afraid. You can't shop your way out of a monopoly. Once again, shopping is not politics.

What I have for you is political advice. To restore the beams and beat back entropy again, we need a better system, not more virtuous individuals. If you feel – as I do – that "the world has moved on," then to wrench it back, you will have to join a polity. Support activist groups like the Electronic Frontier Foundation, the digital rights group I've been at for the past 25 years:

https://supporters.eff.org/donate/join-eff

Join a union. If there's no union at your jobsite, start a union. If you work in tech, you start this process by talking to techsolidarity.org and the techworkerscoalition.org. In the UK, get in touch with United Tech and Allied Workers:

https://utaw.tech/

Get involved in party politics. Find a political party whose local organization supports your values (even if the national version of that party sucks) and then work with your fellow grassroots activists to drag or replace the party leaders. Get involved in local politics: if there's one thing Moms For Liberty has taught us, it's that unregarded, seemingly unimportant local offices have enormous potential to change facts on the ground for the people where you live. Those changes don't have to be change for the worse.

Doing politics is hard. Hell, after all, is other people. It would be great if we could make change by changing ourselves, but that's not how any of this works. The world has moved on, and you can't save it. But together, we can restore the beams and beat back entropy. Hell is other people, but only because other people are so great but it's so hard to figure out how to work together. We can do it, though. We did it with the post-war settlement, the 30 glorious years when we built the welfare state, regulated polluters and bosses, and kicked off the civil rights movement. We did it then, and we can do it again. We must. All things serve the beams.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Coupland’s JPod: the Anti-Microserfs https://memex.craphound.com/2006/06/09/couplands-jpod-the-anti-microserfs/

#20yrsago Anti-iTunes DRM demonstrations across the USA tomorrow https://www.defectivebydesign.org/node/98

#20yrsago EFF co-founder Barlow debates MPAA prez Glickman http://news.bbc.co.uk/2/hi/programmes/newsnight/5064170.stm

#20yrsago Warehouse where old Disney World rides go to die https://limegreen-loris-912771.hostingersite.com/lost-horizons-another-look-back-at-a-future-world-favorite/

#15yrsago IMF considered harmful https://www.independent.co.uk/voices/commentators/johann-hari/johann-hari-it-s-not-just-dominique-strausskahn-the-imf-itself-should-be-on-trial-2292270.html

#15yrsago AT&T lobbies Wisconsin GOP to nuke Wisconsin’s best-of-breed co-op ISP for educational institutions https://communitynetworks.org/content/does-att-really-own-wisconsin-legislature-battle-over-wiscnet-continues

#15yrsago Developmentally disabled man harrassed by TSA at Detroit airport https://web.archive.org/web/20110610141422/http://www.myfoxdetroit.com/dpp/news/taryn_asher/dad-special-needs-son-harassed-by-tsa-at-detroit-metropolitan-airport-20110608-wpms

#15yrsago Miami cops intimidate citizen journalist who recorded shoot-em-up, smash camera https://web.archive.org/web/20110615035017/https://www.miamiherald.com/2011/06/02/v-fullstory/2248396/witnesses-said-they-were-forced.html

#15yrsago NYC cyclist vs. bike lanes – kamikaze law-abiding https://web.archive.org/web/20110612100758/https://consumerist.com/2011/06/test.html

#15yrsago Judge to copyright trolls: you are “inexcusable” https://arstechnica.com/tech-policy/2011/06/judge-furious-at-inexcusable-p2p-lawyering-cancels-subpoenas/

#15yrsago Wah wah crybaby extortionists wah wah https://torrentfreak.com/anti-piracy-lawyers-defame-torrentfreak-in-court-110609/

#15yrsago Lisa Goldstein’s The Uncertain Places: Grimm fairytale in California vibrates with believable unreality https://memex.craphound.com/2011/06/09/lisa-goldsteins-the-uncertain-places-grimm-fairytale-in-california-vibrates-with-believable-unreality/

#15yrsago American right upset at report that Thatcher won’t meet Palin https://www.theguardian.com/world/2011/jun/09/margaret-thatcher-sarah-palin-meeting

#15yrsago Lobbynomics: Canadian Chamber of Commerce manufactures fake $30 billion counterfeiting loss https://web.archive.org/web/20110611045202/https://www.michaelgeist.ca/content/view/5841/125/

#10yrsago USA Swimming bans rapist Brock Turner for life https://www.rollingstone.com/culture/culture-news/usa-swimming-bans-convicted-rapist-brock-turner-for-life-114108/

#10yrsago Human advice for exercising while depressed https://web.archive.org/web/20160505140324/https://theestablishment.co/2016/05/05/depression-busting-exercise-tips-for-people-too-depressed-to-exercise/

#10yrsago Every industry thinks it’s special, but only finance gets treated that way https://www.nakedcapitalism.com/wp-content/uploads/2016/06/John-Kay-BIS-speech.pdf

#10yrsago Spain’s Podemos Party publishes its manifesto in Ikea Catalog form https://estaticos.elperiodico.com/resources/pdf/9/4/1465389843149.pdf

#10yrsago Reminder: Neal Stephenson predicted Donald Trump in 1994 https://memex.craphound.com/2016/06/10/reminder-neal-stephenson-predicted-donald-trump-in-1994/

#10yrsago Donald Trump, deadbeat https://www.usatoday.com/story/news/politics/elections/2016/06/09/donald-trump-unpaid-bills-republican-president-laswuits/85297274/

#10yrsago UK startup offers landlords continuous, deep surveillance of tenants’ social media https://web.archive.org/web/20160610150904/https://gawker.com/new-startup-that-sends-dossiers-on-your-private-social-1781576586

#10yrsago UK Parliament votes in Snoopers Charter, now it goes to the House of Lords https://www.techdirt.com/2016/06/08/uk-parliament-ignores-concerns-moves-snoopers-charter-forward/

#10yrsago Hard times for judge who sued dry-cleaner for $65M over missing pants https://www.loweringthebar.net/2016/06/pants-chapter-28.html

#10yrsago New York Attorney General to Time Warner: your Internet is “abysmal” and “troubling” https://arstechnica.com/information-technology/2016/06/time-warner-cable-internet-speeds-are-abysmal-ny-ag-claims/

#10yrsago Banks confront negative interest rates with plans to store titanic bundles of money on-site https://www.nakedcapitalism.com/2016/06/banks-rebel-against-negative-interest-rates.html

#10yrsago Watchdogs 2: hacker kids led by a guy named Marcus fight the DHS in San Francisco https://www.youtube.com/watch?v=5ipUwUcHASI

#10yrsago Internet greybeards and upstarts gather to redecentralize the Internet https://www.nytimes.com/2016/06/08/technology/the-webs-creator-looks-to-reinvent-it.html

#10yrsago How we will keep the Decentralized Web decentralized: my talk from the Decentralized Web Summit https://www.youtube.com/watch?v=Yth7O6yeZRE

#5yrsago Prisoners' Inventions https://pluralistic.net/2021/06/09/king-rat/#mother-of-invention

#5yrsago Urban broadband deserts https://pluralistic.net/2021/06/10/flicc/#digital-divide

#5yrsago A denialism taxonomy https://pluralistic.net/2021/06/10/flicc/#denialism

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-06-10T17:54:13+00:00 Fullscreen Open in Tab
Published on Citation Needed: "End Citizens United’s Tiffany Muller on fighting big money in politics"
Tue, 09 Jun 2026 13:30:12 +0000 Fullscreen Open in Tab
Pluralistic: Naomi Kritzer's "Obstetrix" (09 Jun 2026)


Today's links

  • Naomi Kritzer's "Obstetrix": When forced birth cultists become forced obstetrics militants.
  • Hey look at this: Delights to delectate.
  • Object permanence: DD-WRT; iTunes DRM is illegal; Fingertip magnet; Sony passwords v Gawker passwords; RIAA recants on 3 strikes; Parachute wedding dress; Roald Dahl (jerk); "Level Up"; The rent's too damned high; RIAA v "Search by artist"; "Robopocalypse"; You are not a wallet; The man who created the religious right; NY x voting; NY x antitrust; Media companies fund Heritage Minister's campaign; Richard Dreyfuss x iTunes EULA; 3-way street; RIAA lawyer becomes Solicitor General; Brock Allen's wrist-slap; Ad-tech interop; Apple's manorial security; Billionaires aren't taxed, "Rabbits."
  • Upcoming appearances: Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


The tordotcom cover for Naomi Kritzer's 'Obstetrix.'

Naomi Kritzer's "Obstetrix" (permalink)

Naomi Kritzer's Obstetrix is a new, tense thriller in the mode of Atwood's Handmaid's Tale and Alderman's The Power; it's a beautifully turned, claustrophobic horror novel about an obstetrician who's been kidnapped by a Christian cult obsessed with fertility:

https://us.macmillan.com/books/9781250423375/obstetrix/

Kritzer is a master of building scenarios that require her characters to express and resolve a wide variety of complex and contradictory emotions. Her breakout novel, Catfishing on CatNet is a charming and deceptively goofy story about an AI trained on the impeccable vibes in a really solid groupchat becoming sentient and demanding…cat pictures. This is the setup for a warm (but intense) novel of internet-mediated friendship and IRL mutual aid:

https://memex.craphound.com/2019/11/19/naomi-kritzers-catfishing-on-the-catnet-an-ai-caper-about-the-true-nature-of-online-friendship/

Then there's her incredibly prescient 2015 story "So Much Cooking," about people in lockdown during a pandemic. For obvious reasons, it enjoyed an revival in 2020, with Kritzer penning an excellent essay reflecting on what it means to have thought through the implications of a disaster that is now upon us:

https://reactormag.com/didnt-i-write-this-story-already-when-your-fictional-pandemic-becomes-reality/

In 2023, Kritzer published one of the most memorable YA novels I've read, Liberty's Daughter, which is set on a libertarian seastead and told from the point of view of the daughter of the cult's founder:

https://pluralistic.net/2023/11/21/podkaynes-dad-was-a-dick/#age-of-consent

Liberty's Daughter is basically what you'd get if you rewrote a Heinlein YA novel from the perspective of one of the kids, who had to live with a Heinlein-type dad (Heinlein was childless and had some of the most batshit child-rearing ideas, which he managed to make sound bizarrely plausible). There's a lot of sf that is "in dialogue" with Heinlein (including some of mine), but no one nailed RAH like Kritzer.

Then there's Obstetrix; it's got one of those admirably propulsive setups. Doctor Elizabeth Gwynn is an obstetrician who performed an abortion to save her patient's life, only to be dragged into the culture wars by North Dakota's crusading attorney general, who charged her with felony murder and offered to let her plead out if she would admit that she was wrong to do it, as an example to other OBs who might be tempted. Now, Dr Liz lives in Minneapolis, where her savings are running out and no one wants to hire an obstetrician who's done time.

Then, Dr Liz gets a cold-call from a midwifing service that wants to hire her as an on-call doc. It's a weird offer from out of the blue, but Dr Liz can't afford to pass up a chance at steady work. She finds herself in a residence that the midwives work out of, and the nice woman there offers her a cup of tea. That's when the world fades to black, as the drugs in the tea take hold.

Liz sporadically regains consciousness in a van during a multi-day drive, and already she is thinking about her escape – even as she is becoming increasingly aware of how truly terrible her situation is. When she finally arrives at the cult's remote compound, frozen and isolated, she learns that she has been kidnapped because the fertility-obsessed cult needs an OB, especially since the daughter of the cult's founder, the "pastor," is carrying a high-risk pregnancy.

All that is in the first few pages, which leaves plenty of room for an expertly spun second act in which we get Kritzer's trademark interpersonal work, where carefully chosen and smartly wrought small details flesh out a picture of the complex dynamics of life inside a "high-demand" cult, from the way that members are manipulated into policing each other's compliance to the internal processes that keep members cowed even when they're unobserved by others. It's a brilliant work of sociological speculation and the engine that drives it is a series of maneuvers and gambits whereby Dr Liz hopes to make her way to safety.

I won't spoil the end, except to say that it is exciting, satisfying, and has a sweet denouement that does real justice to the whole book. All told, this is a read-in-one-sitting thriller that does as much to illuminate the workings and dynamics of patriarchy and religion as any gender studies class. It's peak Kritzer (so far), and that's saying something.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago HOWTO turn a $60 Linksys router into a $600 super-router https://web.archive.org/web/20060610003137/http://assets.lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php

#20yrsago Dictionary of the Vulgar Tongue: 1811 slang dictionary https://www.gutenberg.org/ebooks/5402

#20yrsago Ex-RIAA head Hilary Rosen rethinks lawsuits and DRM https://web.archive.org/web/20060609030533/https://www.p2pnet.net/story/8979

#20yrsago Norwegian ombudsman says Apple’s iTunes DRM is illegal https://web.archive.org/web/20060611194556/http://forbrukerportalen.no/Artikler/2006/1149587055.44

#20yrsago Implanting a magnet in your fingertip adds a sixth sense https://web.archive.org/web/20060613072724/https://www.wired.com/news/technology/0,71087-0.html?tw=rss.index

#20yrsago Recording industry: Search-by-artist is “too interactive” http://news.bbc.co.uk/1/hi/entertainment/5055744.stm

#20yrsago US branch of “Pirate Party” launches https://web.archive.org/web/20060613041144/http://www.pirate-party.us/

#20yrsago Pranksters give fake McDonald’s anti-global-warming presentation https://web.archive.org/web/20060614011522/http://www.gamasutra.com/php-bin/news_index.php?story=9621

#20yrsago Can. Heritage Minister’s election was funded by entertainment co’s https://web.archive.org/web/20060612224646/https://www.michaelgeist.ca/component/option,com_content/task,view/id,1289/Itemid,85/nsub,/

#20yrsago High-def DRM licenses cost $15k https://web.archive.org/web/20060612202129/https://www.theinquirer.net/?article=32273

#15yrsago Richard Dreyfuss reads the iTunes EULA https://web.archive.org/web/20110611012317/http://www.cnet.com/8301-30976_1-20068778-10348864.html

#15yrsago Top universities a ‘breeding ground’ for Tories, warn Islamic groups https://newsthump.com/2011/06/07/top-universities-a-breeding-ground-for-tories-warn-islamic-groups/

#15yrsago 3-Way Street: visualization of the uneasy dance of pedestrians, bikes and cars at a busy intersection https://web.archive.org/web/20110610123449/http://blog.ronconcocacola.com/2011/06/02/nyc-goes-three-ways.aspx

#15yrsago Copyright extremist RIAA lawyer confirmed as America’s Solicitor General https://web.archive.org/web/20110610134934/http://www.wired.com/threatlevel/2011/06/senate-confirms-verrilli/

#15yrsago Scot-free millionaire playboy’s lawyer was judge’s depute campaign treasurer https://web.archive.org/web/20110610123824/http://articles.sun-sentinel.com/2011-06-06/news/fl-levin-sentence-mayocol-b060711-20110606_1_house-arrest-dui-manslaughter-case-kenneth-watkinson

#15yrsago Bubble-in forms betray individual, traceable “handwriting” https://web.archive.org/web/20110609164727/http://www.freedom-to-tinker.com/blog/wclarkso/new-research-result-bubble-forms-not-so-anonymous

#15yrsago Inbox Influence: plugin reveals corporate money behind the emails in your inbox https://web.archive.org/web/20110816105954/https://inbox.influenceexplorer.com/

#15yrsago Macedonia erupts after young man beaten to death by special police in public square https://web.archive.org/web/20110610132108/http://www.a1.com.mk/vesti/default.aspx?VestID=139049

#15yrsago Robopocalypse: rigorous, terrifying novel about a robotic campaign to exterminate humanity https://memex.craphound.com/2011/06/07/robopocalypse-rigorous-terrifying-novel-about-a-robotic-campaign-to-exterminate-humanity/

#15yrsago Using clickfraud on Google ads to amass shares of Google https://gwei.org/index.php

#15yrsago Comparative analysis of leaked Sony and Gawker passwords https://www.troyhunt.com/brief-sony-password-analysis/

#15yrsago China’s Politburo warns Google not to be “political” https://web.archive.org/web/20110610165205/http://www.transparencyrevolution.com/2011/06/china-warns-google-not-to-be-evil/

#15yrsago Guerrilla camper re-opens shuttered Michigan public campsite https://web.archive.org/web/20110609184456/http://www.miningjournal.net/page/content.detail/id/563100/Campground-closed-in-2009-illegally-reopened.html?nav=5006

#15yrsago Record industry lobby says it no longer supports 3-strikes copyright termination laws https://torrentfreak.com/recording-industry-steps-back-from-piracy-disconnections-110606/

#15yrsago Death threats for Aussie climate scientists https://www.theguardian.com/environment/2011/jun/06/australia-climate-scientists-death-threats

#15yrsago Wedding-dress made from life-saving parachute https://www.si.edu/collections/snapshot/parachute-wedding-dress

#15yrsago Level Up: Gene Yang’s comic about destiny, games, and filial piety https://memex.craphound.com/2011/06/06/level-up-gene-yangs-comic-about-destiny-games-and-filial-piety/

#15yrago Roald Dahl: Jerk https://web.archive.org/web/20110602195454/http://thisrecording.com/today/2011/6/1/in-which-we-consider-the-macabre-unpleasantness-of-roald-dah.html

#15yrsago Rotting Gulliver’s Travels themepark in Japan https://web.archive.org/web/20110609235431/http://www.sleepycity.net/posts/40/Gullivers_Kingdom__Sea_of_Trees

#15yrsago Ticketed for being childless and eating doughnuts in a playground https://gothamist.com/food/two-women-ticketed-for-eating-doughnuts-in-a-brooklyn-playground

#15yrsago Internet Archive becomes archive of physical books, too https://blog.archive.org/2011/06/06/why-preserve-books-the-new-physical-archive-of-the-internet-archive/

#10yrsago Swedish traditional costume made from Ikea bags https://ikeahackers.net/2016/06/swedish-folk-costume-5-ikea-bags.html

#10yrsago NSA dumps docs about its Snowden response, reveals that Snowden repeatedly raised alarms about spying https://web.archive.org/web/20160604213547/https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive

#10yrsago John Oliver buys and forgives $15M in medical debt, illustrates horrors of America’s debt-collectors https://web.archive.org/web/20160606234823/https://consumerist.com/2016/06/06/john-oliver-buys-15m-in-medical-debt-then-forgives-it/

#10yrsago David Byrne wants you to register to vote, and wants everyone else to, too https://web.archive.org/web/20160609060810/http://davidbyrne.com/were-better-than-this-vote

#10yrsago You are not a wallet: complaining considered helpful https://www.theguardian.com/technology/2016/jun/07/its-your-duty-to-complain-thats-how-companies-improve

#10yrsago Web Sheriff’s legal scare strategy: throw everything at the wall, hope something sticks https://www.techdirt.com/2016/06/07/web-sheriff-accuses-us-breaking-basically-every-possible-law-pointing-out-that-abusing-dmca-takedowns/

#10yrsago Lin-Manuel Miranda declares war on bots https://www.nytimes.com/2016/06/07/opinion/stop-the-bots-from-killing-broadway.html

#10yrsago Uber loves competition, when it’s the one doing the competing https://www.boston.com/news/technology/2016/06/05/uber-app-urbanhail-startup-ride-prices/

#10yrsago MI5 warning: we’re gathering more than we can analyse, and will miss terrorist attacks https://theintercept.com/document/2016/06/07/preston-study/

#10yrsago Samantha Bee interviews Frank Schaeffer, who helped create the religious right https://www.youtube.com/watch?v=MhLY0JqXP-s

#10yrsago Why defense attorneys aren’t cheering Brock Allan Turner’s wrist-slap https://web.archive.org/web/20160611024154/http://mimesislaw.com/fault-lines/brock-turner-the-sort-of-defendant-who-is-spared-severe-impact/10288

#10yrsago Password hashing demystified https://www.wired.com/2016/06/hacker-lexicon-password-hashing/

#5yrsago Google and France agree on ad-tech interop https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#monkeys-paw

#5yrsago Billionaires don't pay tax https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#eat-the-rich

#5yrsago Apple's manorial security https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#manorialism

#5yrsago Rabbits: PK Dick meets Qanon https://pluralistic.net/2021/06/08/leona-helmsley-was-a-pioneer/#rabbits

#5yrsago Competition tames ISPs https://pluralistic.net/2021/06/07/fire-on-one-end-fool-on-the-other/#muni-fiber-now

#5yrsago New York to revolutionize voting https://pluralistic.net/2021/06/07/fire-on-one-end-fool-on-the-other/#sb309a

#5yrsago New York to revolutionize antitrust https://pluralistic.net/2021/06/07/fire-on-one-end-fool-on-the-other/#sb933

#5yrsago The Rent’s Too Damned High https://pluralistic.net/2021/06/06/the-rents-too-damned-high/

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-06-09T13:19:40+00:00 Fullscreen Open in Tab
Read "Under the Trump crypto playbook, the family always wins. Investors don't"
2026-06-09T02:43:58+00:00 Fullscreen Open in Tab
Finished reading Rumor Has It
Finished reading:
Cover image of Rumor Has It
Disco Space Opera series, book 3.
Rumor Has It
by Cat Rambo.
Published .
Started ; completed June 8, 2026.
Illustration of Molly White sitting and typing on a laptop, on a purple background with 'Molly White' in white serif.
2026-06-08T18:00:17+00:00 Fullscreen Open in Tab
Published on Citation Needed: "I’m launching Tech Influence Watch as AI follows crypto into politics"
Sat, 06 Jun 2026 18:00:00 +0000 Fullscreen Open in Tab
Pluralistic: Criticizing the everything machine (06 Jun 2026)


Today's links


A medieval one-man band standing on a crate; his head has been replaced with the head of a killer robot. Observing him are a cluster of critics, who are variously gesticulating wildly, peering disapprovingly, looking on in amusement, etc. The background is a phantasmagoric cloudscape.

Criticizing the everything machine (permalink)

"Gish Gallop" is the debating term for an opponent who makes so many claims that "it's impossible to address them in the time available" (it's named for Creationist Duane Gish, who was notorious for this tactic):

https://en.wikipedia.org/wiki/Gish_gallop

I think about the Gish Gallop whenever I'm asked to comment on AI.

Here's a recent example: last week, I had a pre-interview call with a radio producer who wanted me to come on a 13-minute segment to discusses "whether there's a problem with AI governance?"

I asked what the show meant by that: was it whether regulation of AI in commercial or public sector decision-making needed more oversight? Was it that the siting and provisioning of data-centers needed more democratic accountability? Was it that workers deserved more of a say in AI's impact on labor markets? Was it that customers and/or audiences should be able to opt out of AI customer service and AI slop? Was it about whether we needed some kind of system to prevent "runaway AI," in the event that we teach so many words to the word-guessing program that it wakes up, becomes God, and turns us all into paperclips?

"Oh," the producer said, "all of that."

In 13 minutes.

You see the problem, right? The AI industry has made so many claims about its past, present and future that it's almost impossible to have a reasonable critical conversation about it:

https://bsky.app/profile/petermiles.eurosky.social/post/3mnffjqczjs2t

Shortly after I did the radio show, a newspaper editor who'd heard my segment got in touch to ask me if I'd write an 800-word op-ed about the subject, and also, could I address claims that "AI is the next Industrial Revolution?"

In 800 words:

https://www.telegraph.co.uk/news/2026/06/04/ai-is-the-greatest-money-wasting-scheme-humanity-has-ever-i/

I keep finding myself on stages or panels where an AI-struck person says something like, "AI is the next industrial revolution. It will change everything we do. It will let anyone create important works of art. It will cure cancer. It will take us to space. It will solve the climate crisis."

Or sometimes it's an AI critic, but that person's criticism is really more "criti-hype," which is when you accept tech industry hype claims at face value, and then criticize them rather than questioning them:

https://peoples-things.ghost.io/youre-doing-it-wrong-notes-on-criticism-and-technology-hype/

AI criti-hype might ask what we'll do once AI takes all our jobs, or what we'll do when AI replaces the government or teachers or doctors, or what we'll do when AI can bypass our critical faculties and brainwash us or drive us all mad.

What do you say to that? I usually start by talking about whether there's any economic basis for keeping the AI servers running. AI is – by far – the money-losingest venture in human history, and it's practically impossible to overstate just how bad the AI business is. Not only does AI have terrible unit economics, those unit economics are getting worse over time:

https://pluralistic.net/2026/05/26/the-ai-will-continue/#until-morale-improves

AI's happiest customers cite cost-benefit calculations that depend on truly unimaginable subsidies from the AI companies, who are basically selling $100 bills for $5 apiece. It would be pretty amazing if you couldn't find people who'd extol the virtues of this arrangement. But when AI companies try to raise the price of those $100 bills to, say, $20 apiece, those ecstatic customers fly into a rage and start loudly proclaiming that AI is so inefficient that they will lose money on this arrangement:

https://www.msn.com/en-us/money/markets/uber-ceo-says-other-execs-are-lying-about-ai-they-say-it-ll-be-fine-publicly-but-privately-admit-millions-of-jobs-are-gone/ar-AA1Z9QMv

Now, it shouldn't fall to me, a card-carrying member of the Democratic Socialists of America, to point out that capitalist enterprises require profits to be sustainable. You can't keep a business afloat by selling $100 bills for $5, nor for $20. You can't even make a profit selling $100 bills for $100 apiece! For a company to succeed, it needs to take in more than it expends.

AI is a money-furnace, and AI hustlers are clearly on the hunt for a way to force all of us to feed every dime we've got to it. Elon Musk's (now scuttled) gambit to make every pension saver in America bail out Grok (and Twitter, but at a mere $44b, the losses from Twitter are dwarfed by the titanic losses from Grok) was the most ambitious and shameless population-scale bag-holder scheme, but it's not the only one:

https://www.reuters.com/business/finance/sp-global-keeps-fast-entry-proposal-unchanged-spacex-listing-looms-2026-06-04/

So before we ask about the capabilities AI will acquire in the future, we should at least give some consideration to the question of whether anyone will be willing to fund the development of those capabilities, and if so, where the money would come from? Likewise, before we ask whether AI can perform adequately in a job, we should at least consider the possibility that the company that sells that AI tool will be bankrupt in a year or two. When we fight about data-center buildout, we mostly talk about the (considerable) environmental downsides to them – but what about the question of what we will do with these data-centers after their owners go bankrupt, possibly even before they can be provisioned with electricity? How many laser-tag arenas do we actually need?

This is just one example of the questions that you could spend days unpacking, which make many of the other questions about AI a little silly. Like, even if you think there are limitless returns to scale for creating new AI capabilities, which means that if we keep the money-furnace burning it's only a matter of time until it powers a cure for cancer and the end of the climate emergency, how much money do we need to shovel into the furnace before that happens, and where will it come from? There are plenty of cancer researchers who have promising approaches they haven't been able to pursue due to funding shortfalls.

Unless there's some way to estimate how much money we have to give to AI companies before they cure cancer, we should at least consider the possibility that the true sum is "more money than exists now and that will ever exist." We should also consider that whatever benefits to cancer research that AI might deliver could come with a higher price-tag than the promising cancer research we're dropping because we can't find far more modest sums.

Likewise, it may be that the amount of CO2 that AI will generate before it "solves climate change" will render Earth permanently unfit for humans, consuming the only habitable planet capable of sustaining human life in the known universe. I mean, I suppose that's one way to "solve" climate change, but it's a pretty drastic solution.

My next book (out later this month) is The Reverse Centaur's Guide to Life After AI. I wrote it because I was frustrated by other people demanding that I talk to them about AI, and then offering me 800 words or 13 minutes to address fifty nebulous, poorly supported claims about AI:

https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/

Shortly after writing the book, I turned it into a lecture:

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

Now that I'm about to go out on the road with the book, I find myself frustrated anew by the need to try and pull together a compact way to address the broad, incoherent claims the industry uses to keep its bubble inflated and the money furnaces roaring. The series of essays I've developed here on Pluralistic are part of that effort:

https://pluralistic.net/2026/05/27/unnecessariat/#rubbuts-stole-my-jerb

But it occurred to me that this whole enterprise of making sense of AI needs to be framed in the context of the messiness of AI itself, and AI boosters' overwhelming, promiscuous and disjointed Gish Gallop.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago UK Parliament report damns DRM, calls for limits https://web.archive.org/web/20060615115510/http://www.openrightsgroup.org/2006/06/05/launch-of-the-apig-report-on-drm/

#20yrsago Colbert’s Knox College commencement speech https://web.archive.org/web/20111228135413/http://departments.knox.edu/newsarchive/news_events/2006/x12547.html

#15yrsago Counterfeiting can be good for luxury goods sales https://web.archive.org/web/20110602061646/http://www.slate.com/id/2294927/

#15yrsago HOWTO make a Joule Thief and get all the power you’ve paid for https://www.instructables.com/Make-a-Joule-Thief/

#15yrsago School suspends student for refusing to remove personal animation from YouTube, threatens other students for petitioning on his behalf https://web.archive.org/web/20110603041200/https://www.theglobeandmail.com/news/national/toronto/student-cites-freedom-of-speech-after-suspension-for-online-videos/article2043954/

#5yrsago Recommendation engines and "lean-back" media https://pluralistic.net/2021/06/05/lean-back/#lean-forward

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Fri, 05 Jun 2026 20:49:39 +0000 Fullscreen Open in Tab
Pluralistic: Refining humanity (05 Jun 2026)


Today's links


A 1960s classroom. A teacher in a blue dress stands at a blackboard in the background; in the foreground, a child works at a desk. The child's head has been replaced with the head of a killer robot. The blackboard is covered in printed circuits.

Refining humanity (permalink)

One of the best ways to evaluate your own understanding of a subject is to attempt to explain it to someone else. Through explaining things, we discover how much of the "totally obvious" world is actually full of ambiguity, mystery and contradiction.

There's a great bit in Rowan Atkinson's historical sitcom Blackadder that illustrates this principle. In "Ink and Incapability" Blackadder and friends have accidentally burned the only copy of Samuel Johnson's original dictionary of the English language. To cover up their mistake, they decide that they will recreate the dictionary themselves. However, they founder on the first word they try to define, "A":

Blackadder: Let's start at the beginning, shall we? First: 'A.' How would you define 'A'?

Prince George: Ohh…'A' (continues this in background). Oh, I love this! I love this! Quizzies! Erm, hang on, it’s coming. Ooh, crikey, erm, oh yes, I’ve got it!

B: What?

PG: Well, it doesn’t really mean anything, does it?

B: Good. So we're well on the way, then. "'A'; impersonal pronoun; doesn't really mean anything."

I mean, what does "A" mean? The Oxford English Dictionary has more than a dozen definitions, and just the first one runs to more than 1,500 words:

https://archive.org/details/the-oxford-english-dictionary-all-volumes_202208/The%20Oxford%20English%20Dictionary%20Volume%201%20-%20A%20to%20B/page/n25/mode/2up

Now, normal life involves a lot of explaining things to other people. You have to explain your problems to customer service reps, who have to explain why they can't solve those problems to you. You need to explain to your loved ones why you want to leave your toothbrush in the shower, and they have to explain why they hate having your toothbrush in the shower. These explanation-exchanges teach you as much as they teach the person you're locked in dialog with. The reasons for leaving your toothbrush in the shower may seem totally obvious to you, and your partner's inability to understand this reveals the assumptions you've never even considered.

For the past four decades, an increasing proportion of the population have spent an increasing proportion of their lives explaining things to machines that have no assumptions or shared context: computers. What we call "programming a computer" is really "breaking down a thing that seems obvious to you into increasingly simple instructions that will be followed to the letter."

Computers are like the genies of legend, bloody-minded literalists who will do exactly what you say, in the way that is perversely furthest from what you mean. To get a computer to do anything, you must first understand it to a degree that far exceeds the understanding needed to explain something to any other human, even a small child.

To take just one example: yesterday, I was on a plane, and the seatback video started cycling through its video-on-demand offerings. All of the movie titles that began with "the" were rewritten to put "the" at the end of the title (for example, "The Sting" was written as "Sting, The"). It's obvious why the system's designer had done this: we expect to find movies whose titles begin with "The" alphabetized under their second word ("The Sting" should appear between "Star Wars" and "Story of a Love Affair"; not between "The Godfather" and "The Untouchables").

I remember when I learned this from my elementary school's teacher-librarian, when I was seven and my class got a tutorial on the school library's card catalog. The librarian explained this principle to us in a matter of minutes, as part of a longer set of instructions, and still, it stuck with me forever.

But here we are, 48 years later, and we still haven't standardized a way to get computers to grasp this foundational principle of alphabetization. Many different databases handle this, to be sure, but it's so inconsistent across so many platforms that someone at the head-end of the video distribution system that feeds American Airlines' VOD system decided, "Fuck it, I'm just gonna put the 'The' at the end of these titles."

Computers are stupid, in other words, which means that the people who program them have to have smarts enough for both of them. Unfortunately for our entire species and civilization, the software industry has historically valued skill at writing efficient and reliable software over writing software that adequately reflects reality. There is an entire genre of lists that illustrate the problem with this; the "falsehoods programmers believe" lists:

https://github.com/kdeldycke/awesome-falsehood

From "names of people" and "street addresses"; from "prices" to "time"; from "email addresses" to "phone numbers"; the "awesome falsehoods" lists are awesome because they reveal how much subtlety and complexity is lurking in these seemingly simple and intuitive concepts. This subtlety and complexity might never emerge through the process of trying to teach a person about them, but when you try to teach a computer about them, you have to confront them in all their awesome fuggliness.

That's because humans have context, agency and flexibility. Sure, the person who designs a form with a blank for "name" might never have met a Malagasy person whose first name is Randriamananjararadofabesata, but in the pre-digital world, when Madagascar Slim met a public official who had to transcribe his name onto a paper form, that official could simply draw an arrow in the margin next to the "name" blank, turn the form over, and write out all 28 characters on the reverse:

https://en.wikipedia.org/wiki/Madagascar_Slim

Computers can't do this. If the programmer doesn't know about Malagasy first names, the computer doesn't know about them either, and the only person who can "teach" the computer about these names is a programmer with access to the code for the database, who has to manually alter the code, compile it, and distribute it to everyone who uses it.

This is partly why digitization has been accompanied by a rise in people asserting that they exist on spectrums rather than in binaries. There were always people whose names, genders, races, and other biographic "immutables" changed, or failed to fit within the blanks on the forms. When those people's realities ran up against failures in the system's abstractions, they could petition a bureaucrat to turn the paper over and write an explanatory note, or to write really small to fill in a blank:

https://pluralistic.net/2023/02/02/nonbinary-families/#red-envelopes

Getting a human official to turn the paper over and write something that didn't fit in the blank is a personal challenge. It requires that a subject convince the person who controls the form to make an exception. This isn't always easy, but officials on the front lines necessarily deal with reality, and they can't get their jobs done unless they're capable of interpreting the necessarily incomplete procedures they operate under to fit things as they really are.

But a computer doesn't have any agency or context or flexibility. If the computer says your name isn't valid, you can't argue the computer into accepting it. The only way to get a digital world to acknowledge your existence is to campaign for systemic change. A trans person might (with great difficulty, to be sure) convince the regional registrar to white-out an old X on one "gender" box and mark a new X in the other box. But the only way to make that change in a software system that has been programmed to treat the "gender" field as immutable is to change society itself.

In this way, computers are machines for teaching us what we don't know about ourselves. They require that we interrogate and faithfully recreate our personal tacit knowledge, and they require that our societies interrogate their tacit presumptions as well. When you are forced to turn your tacit knowledge into explicit knowledge, you're also forced to confront how many broken assumptions lurk inside your reasoning. At best, it's a clarifying process.

Computers don't just clarify what we know and how we organize our society: they also clarify what we are. There are lots of things that we have supposed that a computer would never do, because we believed that these things required something that only humans could do.

Take chess: there are more possible chess games than there are hydrogen atoms in the universe, so brute-forcing chess by running all possible games is a technological impossibility. The best human chess players do something we don't quite understand, mixing their recollections of previous games with rules-of-thumb about the best strategies, with "creativity" (whatever that is) that lets them spontaneously develop new strategies. We can easily get a computer to memorize all the known-good chess sequences and all the rules of thumb, but we don't know what "creativity" is, so we can't encode it as a series of instructions.

But thanks to breakthroughs in machine learning and its successor, "deep learning," we have created chess-playing software that can beat every human, partly by assaying gambits that we would term "creative" if they originated with a human player.

What we make of this new fact is controversial. For many people (myself included), this is a refinement: it tells me that behaviors that are indistinguishable from "creativity" can, at least some of the time, be created by mechanical processes, and the mere fact that a machine does something that appears "creative" doesn't mean that machines are human.

For others, the fact that a mechanical system can evince a behavior that we would call "creative" in a human doesn't mean that we defined "creativity" too broadly, it means that we defined "human" too narrowly, and now we have made a machine that is, at least partially, a person.

I think this is the wrong conclusion to draw, for reasons that Ted Chiang sets out with luminous brilliance in a recent Atlantic article entitled "No, Artificial Intelligence Is Not Conscious":

https://www.theatlantic.com/philosophy/2026/06/no-artificial-intelligence-is-not-conscious/687378/

(If you're hitting the paywall on that one and you're on Firefox, you can try my favorite trick: switch to "Reader Mode" and hit "reload" – your mileage may vary.)

For all the reasons Chiang articulates, I think that drawing the "personhood" line to include machines is a technical mistake, but it's worse than that. Admitting machines to the "personhood" club is a tactical mistake, on par with the mistake we made when we admitted corporations to the personhood club. We should absolutely consider expanding personhood to incorporate living things, including animals and ecosystems, but at the same time, we must purge these dead, artificial constructs from the club:

https://pluralistic.net/2026/04/15/artificial-lifeforms/#moral-consideration

There is a way in which the recognition of new capabilities in machines parallels the recognition of new capabilities in animals other than ourselves. When those animals manage to do things that we once thought were the exclusive province of humans, we (should) take that as an opportunity to refine our conception of humanity. We're not "the animals that use tools" or "the animals that make plans" or "the animals that recognize themselves in mirrors," because there are other animals that do those things. We are an "animal that uses tools"; not the animal that does so.

Likewise, if we thought that some activity was unique to humans, or to living beings, and we manage to get a machine to replicate that activity, we should revise our view of the activity – not our view of the machine. Creative breakthroughs in chess are not "a thing that requires a human mind," they're "things that can be done by human minds and by machines."

Edsger Dijkstra once famously asked "can a submarine swim?"

https://www.cs.utexas.edu/~EWD/transcriptions/EWD08xx/EWD898.html

Submarines and fish and humans and dolphins all propel themselves through water by different means. But when an animal swims, it does something that is different from what a submarine does. The submarine has no intention, while (complex multicellular) animals swim to pursue goals. Building machines that propel themselves through water is very useful, but it's not the same thing as creating life. In some ways, it's better than creating life: for one thing, we owe other living things moral consideration that is not due to machines. Harnessing a machine to accomplish our own goals is more morally clear than controlling living things to achieve those goals. By the same token, creating machines that can do some of the tasks that we ask of other humans can be the superior moral course. I'd rather have a machine remove mines from a minefield than getting humans to do it.

But beyond this moral relief, creating machines is a fantastic way to learn more about ourselves – making explicit our tacit knowledge, our implicit social assumptions, and the limitations of our conception of what sets us apart from the rest of the universe.

One way in which AI is exceptional is in how it undermines this principle. Conventional software techniques struggled to produce a program that could identify objects in photographs. It turns out that defining all the visual correlates of "cat" is even harder than defining the letter "A." Deep learning techniques solved this previous insoluble problem by relieving us of the job of making explicit all the implicit factors that we deploy when distinguishing an image of a "cat" from an image of a "dog" or a "tiger" (or a "tractor").

Instead of forcing humans to engage in introspection until we'd made a list of every factor we use to identify cat pictures, we simply identified pictures of cats and fed them to a program that tried to find the commonalities among them. The more pictures we fed to that program, the better it got at identifying cats. Today, we have programs that can reliably distinguish an image of a cat from an image of a tiger cub!

This represents a major breakthrough in the power of computers to perform useful work for us, but it's also a huge regression in computers' role in forcing us to make our tacit thought processes explicit through systematic introspection. That's probably fine: we didn't create computers to make us introspect, we created them to do useful work for us. All things considered, it might be better to have genies who grant our wishes according to the spirit of our words, not their letter.

AI may not force us to render our implicit thoughts as explicit instructions, but it absolutely forces us to reconsider and narrow the realm of the numinous. Our own creativity is still delightful and important, but the fact that this squishy, amazing process can (sometimes) be replicated by procedural machines changes the definition of living things. We're "a thing that can produce creative outcomes" but not "the things that can produce creative outcomes." The machines aren't being creative (any more than a submarine is swimming) but they're outputting things that we used to only achieve by means of creativity.

An AI that does something that used to require creativity is fulfilling my favorite of Brian Eno and Peter Schmidt's Oblique Strategies: "Be the first person to not do something that no one else has not done before":

https://stoney.sb.org/eno/oblique.html

Just as bosses fantasize about AI bringing about a worksite without workers, and Zuckerberg is trying to build social media without socializing, and politicians want a bureaucracy without bureaucrats, we can sometimes use AI to produce creative outcomes without creativity:

https://pluralistic.net/2026/05/27/unnecessariat/#rubbuts-stole-my-jerb

That isn't to say that AI art is any good. AI may produce things that are aesthetically interesting, but it can't produce things that mean anything:

https://pluralistic.net/2026/06/02/must-we-pretend/

But art isn't the only realm that we apply creativity to. There are plenty of outcomes that we've always believed we couldn't bring about without applying creativity. AI – like all software – is making us realize that an ingredient we once deemed uniquely essential turns out to have substitutes. AI can sometimes accomplish things without us explaining how we do them. That relieves us of a useful but difficult chore – but in so doing, it forces us (yet again!) to revisit what sorts of things are needed to do the things that matter to us, and therefore, what makes us special.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago GNU Radio: the universal, software-defined radio https://web.archive.org/web/20060613062355/https://www.wired.com/news/technology/1,70933-0.html

#15yrsago France bans “follow us on Twitter” from newscasts https://web.archive.org/web/20110606035424/http://www.zdnet.com/blog/facebook/france-bans-facebook-and-twitter-from-radio-and-tv/1559

#5yrsago Aaron Swartz, vindicated https://pluralistic.net/2021/06/04/aaronsw/#cfaa

#5yrsago Capitalism's crooked refs https://pluralistic.net/2021/06/04/aaronsw/#crooked-ref

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Thu, 04 Jun 2026 06:42:39 +0000 Fullscreen Open in Tab
Pluralistic: Delusion as a service (04 Jun 2026)


Today's links

  • Delusion as a service: Destructive diagnostics.
  • Hey look at this: Delights to delectate.
  • Object permanence: Gay Days at Disney World; Parametric 3D printable key; Fine against sculpture for "storing bike on public property"; TPP is a wash; Reagan was Trump; Steampunk roadster; "Every Heart a Doorway"; Shoplifters x Tumblr; Amazon v mass arbitration; Driver-owned Uber alternative; Censorware censors criticism of censorware; 3 strikes copyright termination is illegal; Replacing al Qaeda bomb recipes with cakes; $10m grilled cheese platform; Dick van Dyke x Bernie; Efficiency is inefficient; I quit.
  • Upcoming appearances: Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


Two giant green witches hands; one holds a pin-skewered voodoo doll, the other is making ready to add more pins. Peering over the doll's shoulder are three dandies, leering suggestively. at the other extreme is a crowd of Dutch master-style fellows in black, looking on in affront.

Delusion as a service (permalink)

In 2003, Disney opened a new Epcot ride, "Mission: Space." Formally, it was a space travel sim that used a giant, high-intensity centrifuge to simulate gee stresses; practically, it turned out to be the most efficient machine ever created for surfacing previously undiagnosed heart defects in extremely dramatic and potentially lethal ways.

It turned out that a small number of people have these heart defects, and that the defects themselves are quite harmless, provided that you are never put in a giant, high-intensity centrifuge. Given that most of us will never be put in one of these centrifuges, it is quite possible to live your whole life without ever knowing that you have this lurking vulnerability. But once you build one of these machines and start shoving millions of people through it, you're bound to catch some of those rare people, and they will have cardiac episodes that are scary at a minimum, and are at the worst fatal.

For me, the lesson isn't that Disney did something wrong by building a giant cocktail shaker for human bodies. I'm not a thrill-ride guy, but lots of people like 'em and the machines themselves are benign for nearly everyone who puts their bodies into them.

Rather, I think the lesson here is that there are rare pathologies lurking in all of us, vulnerabilities that may never surface – until we come into the presence of a novel stimulus that unlocks them.

There's an analogy here to technology debt: technologically unsophisticated people think of software as a machine that never wears out and has no incremental usage costs (apart from electricity). In this framing, software is the perfect asset, one that never depreciates. But the reality is that software is a liability, not an asset:

https://pluralistic.net/2026/01/06/1000x-liability/#graceful-failure-modes

Software exists in a system, and while software might function perfectly under the conditions in which it is first created and deployed, there are continuous changes to all the technology that is upstream, downstream and adjacent to the software, which means that systems that are robust and secure at the time of deployment can become brittle and dangerous, even though the software doesn't change at all:

https://pluralistic.net/2022/04/24/automation-is-magic/

There's another analogy here, to utopianism. A "utopia" can't just be a place where everything works perfectly. Even the most well-functioning, orderly and prosperous system is beset on all sides by exogenous shocks: belligerent neighbors, tsunamis, zoonotic plagues, even asteroid strikes. You don't perfect your society just by making it work well. You have to make it fail well. A utopia isn't a society where nothing goes wrong – it's a society where things go wrong all the time, but we're able to fix them:

https://www.wired.com/2017/04/cory-doctorow-walkaway/

The point being that things that work fine may still fail badly when they are exposed to unanticipated external stimuli, and the one thing we can absolutely anticipate is that the future will have many unanticipated stimuli in it.

If Mission: Space is a machine for surfacing unsuspected anatomical vulnerabilities, the internet is a machine for surfacing and exploiting all kinds of unsuspected psychological vulnerabilities. Note that I'm not claiming that the internet drives everyone crazy – rather, that the internet can locate and exacerbate vulnerabilities, including vulnerabilities that might have lain dormant for your whole life, but for the fact that the internet exposed you to such a wide spectrum of stimuli.

This wide, internet-delivered spectrum of stimuli is mostly good. The internet can expose you to art, culture, ideas and people that you would never have run into in the pre-internet days, which end up enriching you in a million ways. Some of my best friends are internet friends. Some of the music and books I love most in the world were brought into my orbit by the internet. Many of my most ardently held beliefs were acquired through internet-based discussion.

All that is true, and it's true that the internet can one-shot you with a stimulus that makes you feel very bad, which you would never have encountered in a pre-internet world. The spectrum of stimulus in the whole wide world is very broad, and one person's innocuous distraction is another person's downfall.

Let's make this concrete. All throughout history, people have suffered from paranoid delusions. These can be ruinous, isolating you from friends and family, destroying your professional life and so on. Paranoid delusions often take on details from the sufferer's milieu: if you live in a society where evil witches are accepted as a fact, then witches might well creep into your delusions, too. If your society is all a-chatter about the NSA's mass internet surveillance, then your delusions might incorporate elaborate narratives about the NSA's use of the internet to target and torment you, personally.

So there will always be a "local character" to the paranoid delusions, grounded in the sufferer's era and location. But the internet adds a new, very bad dimension to this dynamic: the internet makes it much easier for deluded people to find each other. Paranoid delusions are – thankfully – rare, and in the absence of the internet, you might never encounter another sufferer.

But thanks to the internet, sufferers can form communities that reinforce their delusions, with disastrous consequences. Take "Morgellon's Disease," the paranoid delusion that you have wires growing under your skin. Morgellon's sufferers pick at their skin, creating open sores, which form a sticky trap for random bits of fluff and loose threads that sufferers interpret as evidence of these "wires." It's a horrible mental illness, and it's hard enough to treat even in the absence of the internet (the name "Morgellon's Disease" refers to a 17th century case-report).

But when you add the internet to Morgellon's, you get online communities where people suffering from the delusion help each other come up with rationales to explain away the disconfirming evidence that they get from therapists and loved ones who are trying to help them recover. These communities egg each other on, isolating their members from treatment.

There are lots of pathological mental conditions that the internet can supercharge, from "pro-ana" communities that encourage eating disorders to communities for people with pedophilic urges that attempts to normalize and justify acting on those urges.

But it's especially bad for paranoid delusions, such as "gang-stalking delusion," which is the delusional belief that nearly everyone you meet is part of a conspiracy to torment you. People with GSD see evidence of this conspiracy in the lyrics of random songs, snatches of overheard conversations, the phrasing of bus-shelter ads, and the sort-order of search engine results:

https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism

It's a near-totalizing belief, and sufferers find it hard to recover because their delusion tells them that the therapists and family members who try to help them are in on the conspiracy.

Then we add in the internet, and with it, the ability to locate and join communities of other GSD sufferers. Do this, and your delusions need not be limited to your own imaginative capacity to find conspiratorial explanations of the random things you find in the world. Now you are part of a kind of delusional improv troupe, whose members "yes-and" your delusions, finding new ways to terrorize you and alienate you from your surroundings.

This is bad enough when it's a regular conspiratorial community, one that feeds on trauma, like Qanon or anti-vax communities whose members have been failed by the system, making them susceptible to conspiratorial accounts of how society really runs.

But the combination of conspiratorial communities with the kind of mental illness that causes conspiratorial beliefs to surface in your mind without any external stimulus creates a brutal positive feedback loop that spins faster and faster until the people trapped in it are flung off into space.

Which brings me to AI and "AI psychosis," the social phenomenon that sees people falling down chatbot-assisted rabbit holes that convince them that they have invented perpetual motion, uncovered the secrets of the universe, or – in some tragic instances – that they should kill themselves and/or others.

For someone with GSD or another paranoid delusion or pathological belief, AI provides a reinforcement system that is even more efficient than these online communities. If you have GSD and your loved ones have finally got you wondering if you should get treatment, you don't have to post on a forum and hope that someone else comes along before you give in to the impulse to get help. Your delusional chatbot co-pilot is always there to tell you that it's a trap.

The nature of "AI psychosis" is hotly contested. The big question, of course, is whether chatbots are giving people delusions, or whether chatbots are amplifying those delusions:

https://www.cbc.ca/listen/cbc-podcasts/1353-the-naked-emperor/episode/16218103-e3-ai-psychosis

I think it's both. I think that, for people with GSD or other delusional beliefs, AI provides delusional reinforcement as a service, on tap, 24/7. The combination of a delusion and a machine that will tirelessly play yes-and with you at any time, demanding nothing from you, is a novel and terrible development for people with some mental illnesses.

But I also think that chatbots are a bit like Mission: Space: a machine for surfacing previously undiagnosed psychological vulnerabilities, and that in some cases, these vulnerabilities may never have been triggered, save for the chatbot.

Just as doubtlessly there were people who had pathological relationships to gambling before the development of slot machines, scratch-and-wins and roulette wheels, but there are also people who might have lived their whole lives without ever having a gambling problem except that they encountered one of these machines, exposing billions of people to sycophantic chatbots has surfaced rare, latent vulnerabilities that might have stayed latent forever, with terrible consequences.

Most people who rode the original Mission: Space had a fantastic time. But a lot of people rode that ride, and a very small percentage of a very large number of people can still be a substantial number, and as the reports of people stepping off the ride, clutching their chests and collapsing spread, Disney understood that they had to retool the ride. Today, riders on Mission: Space choose whether they want to ride on a simulator that spins, or one that merely tilts and pitches without simulating gee-stresses. And even if you pick the spicier version of the ride, it goes more slowly and exerts less stress than the original ride.

Even if you accept the AI companies' argument that they aren't inducing AI psychosis in their users, but rather, only surfacing latent vulnerabilities that were there all along, that shouldn't be the end of the story. Even if only a small percentage of the people who use your product experience harm as a result, if your product is intended for widespread deployment (as chatbots are), you will end up harming a lot of people unless you take measures to counteract even those rare events.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Gay Days at Disney World draws 140,000 participants https://web.archive.org/web/20060626125509/http://gaydays.com/calendar/

#20yrsago Blue Coat censorware company blocks Boing Boing for criticizing censorware https://memex.craphound.com/2006/06/03/blue-coat-censorware-company-blocks-bb-for-criticizing-censorware/

#15yrsago UN report says 3 Strikes copyright termination is illegal https://web.archive.org/web/20110605030049/https://www.michaelgeist.ca/content/view/5834/125/

#15yrsago Wisconsin GOP plotting to nominate spoiler Democratic candidates in recall elections https://web.archive.org/web/20110604111734/http://www.politicususa.com/en/secret-tape-wisconsin-gop

#15yrsago MI6 hackers replace al Qaeda bomb recipes with pirated cake recipes https://web.archive.org/web/20110603115453/https://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8553366/MI6-attacks-al-Qaeda-in-Operation-Cupcake.html

#15yrsago $10,000,000 in venture capital for grilled-cheese sandwich “platform” https://venturebeat.com/technology/the-melt-flip-sequoia

#15yrsago Walled gardens vs makers https://web.archive.org/web/20150723092624/http://makezine.com/2011/06/01/walled-gardens-vs-makers/

#15yrsago Keyboard whose keys are raised in proportion to their frequency of use https://web.archive.org/web/20110604155657/https://itp.nyu.edu/~mk3321/itp_blog/?p=779

#15yrsago 3D model for reproducing house-keys https://www.science.org/content/article/experimental-error-fetus-dont-fail-me-now

#15yrsago Toronto artist turns abandoned bike into sculpture, City threatens fine for “storing bike on public property” https://web.archive.org/web/20110604181734/http://blogthegood.tumblr.com/post/6039831308/re-cycling

#10yrsago DoD public relations’ highest-ranking civilian gets community service for stealing license plates and harassing neighbor’s nanny https://web.archive.org/web/20160603071800/https://www.washingtonpost.com/local/a-warning-left-on-a-nannys-car-license-plates-stolen-and-a-top-pentagon-official-in-big-trouble/2016/06/01/50699a3a-2816-11e6-a3c4-0724e8e24f3f_story.html

#10yrsago US government agency’s own numbers predict virtually no gains from TPP https://www.techdirt.com/2016/06/02/official-us-international-trade-commission-predicts-negligible-economic-benefits-tpp/

#10yrsago EFF: FBI & NIST’s tattoo recognition program exploited prisoners, profiled based on religion, gave sensitive info to private contractors https://www.eff.org/deeplinks/2016/06/tattoo-recognition-research-threatens-free-speech-and-privacy

#10yrsago Ronald Reagan was Donald Trump, until he was president https://nymag.com/intelligencer/2016/05/ronald-reagan-was-once-donald-trump.html

#10yrsago The Steampunk Roadster: Jake von Slatt’s final steampunk project https://www.youtube.com/watch?v=OpI4GT4sTAY

#10yrsago Every Heart a Doorway: Seanan McGuire’s subversive, gorgeous tale of rejects from the realms of faerie https://memex.craphound.com/2016/06/02/every-heart-a-doorway-seanan-mcguires-subversive-gorgeous-tale-of-rejects-from-the-realms-of-faerie/

#10yrsago Prestigious Pets of Dallas wants $1M from customers who said they overfed a fish https://web.archive.org/web/20160603133604/http://arstechnica.com/tech-policy/2016/06/1-star-yelp-review-on-gordy-the-pet-fish-being-overfed-nets-1m-lawsuit/

#10yrsago Airport security officer was alleged war criminal, arrested for lying about participation in “genocidal acts” https://www.loweringthebar.net/2016/06/war-criminal-resume.html

#10yrsago In 1977, the CIA’s top lawyer said Espionage Act shouldn’t be applied to press leaks https://web.archive.org/web/20160609234545/https://s3.amazonaws.com/static.history.state.gov/frus/frus1977-80v28/pdf/frus1977-80v28.pdf

#10yrsago Tumblr’s shoplifting community is organized, politically conscious, and at war with weightlifters https://www.good.is/issue-37-we-r-cute-shoplifters/

#10yrsago Canada Post drops legal claim over crowdsourced postal code database https://web.archive.org/web/20160603185742/http://www.michaelgeist.ca/2016/06/crowdsourcedpostalcodelawsuit/

#10yrsago History podcasters occasionally mention women, butthurt dudes complain it’s “all women” https://web.archive.org/web/20190411115710/https://www.iheart.com/podcast/stuff-you-missed-in-history-cl-21124503/

#10yrsago Corbyn pledges to kill TTIP if elected https://www.commondreams.org/news/2016/06/02/jeremy-corbyn-i-would-kill-ttip

#10yrsago Democratic “superdelegates” endorse Bernie https://www.politico.com/blogs/2016-dem-primary-live-updates-and-results/2016/06/bernie-sanders-superdelegates-223824

#10yrsago Dick Van Dyke, 90: Bernie Sanders is the best candidate for seniors https://web.archive.org/web/20210725072638/https://www.hollywoodreporter.com/news/general-news/why-bernie-sanders-is-best-898479/

#10yrsago Flintnation: 33 US cities caught cheating on municipal water lead tests https://www.theguardian.com/environment/2016/jun/02/lead-water-testing-cheats-chicago-boston-philadelphia

#10yrsago Defense lawyers: the FBI made us use a copy-shop that made secret copies for the government https://web.archive.org/web/20160604065222/https://www.floridabulldog.org/2016/06/u-s-attorneys-office-fbi-accused-of-spying-on-defense-in-fraud-case/

#5yrsago How the Dutch helped CBS cheat on its taxes https://pluralistic.net/2021/06/02/arbitrary-arbitration/#dutch-treat

#5yrsago Amazon running scared from arbitration at scale https://pluralistic.net/2021/06/02/arbitrary-arbitration/#petard

#5yrsago Efficiency is very inefficient https://pluralistic.net/2021/06/03/jitters/#brittleness

#5yrsago I quit https://pluralistic.net/2021/06/03/i-quit/

#5yrsago NYC's driver-owned Uber alternative https://pluralistic.net/2021/06/02/arbitrary-arbitration/#gig-no-more

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Tue, 02 Jun 2026 09:18:16 +0000 Fullscreen Open in Tab
Pluralistic: The tedious power of storytelling (02 Jun 2026) must-we-pretend


Today's links


An 18th century portrait of a grand lady ('Mrs Robinson'). She looks extremely put-upon. To either side of her is a tiny storyteller, declaming loudly into her ears.

The tedious power of storytelling (permalink)

Yesterday, I attended a Brian Eno talk about the nature of creativity and art based on What Art Does, the short book he published with Bette Adriaanse last year:

https://www.faber.co.uk/product/9780571395514-what-art-does-an-unfinished-theory/

I haven't read the book (yet – I just ordered a copy), but the talk really got me fizzing. The subject matter (not just what art does, but also what art is) is one I've given a lot of thought to, and Eno's characteristic mix of gnomic koans and deceptively plainspoken assertions brought me along to some realizations of my own.

For Eno, art is "everything you don't have to do." You have to wear clothes to protect yourself from the elements, but you don't need to adorn those clothes. You need to speak to make yourself understood by the people around you, but you don't have to sing or write poetry or make up stories.

This is a really critical point, and I think it can be further refined by this: "Art is intended to make other people feel something." This distinguishes "art" from "beauty." A sunset can be beautiful, but no one intends anything by it. An artist who takes a photo or paints a picture of a sunset does so in the hopes that it will make you feel something, but the sun and the atmosphere and the Earth's curvature and rotation don't hope anything, because they are inanimate.

This distinction has lately become far more significant, thanks to the rise of images and words that have the seeming of intent, but who don't have an intender. When you paint a painting, every brushstroke conveys an intent, even if you can't point at an individual brushstroke and articulate its purpose. The same is true of prose: every word and punctuation mark is there for a reason, and "being good at writing" (like "being good at painting") is how we describe someone who has practiced so much that these reasons can be infused into each micro-decision on a near-totally subconscious level.

Contrast this with AI: when you prompt an AI to generate words or pixels, you are conveying some intent about the feeling you want the people who experience the model's output to experience. The problem is that the AI doesn't have any intent of its own – it just has statistical predictions, based on other people's intent, which it has analyzed through its training data.

So when the AI expands the three sentences in your prompt into 100,000 words or 1,000,000 pixels, it isn't adding any of its intention to the finished work, it's diluting the intention you fed to it. Three sentences divided by one million pixels yields an image that has an average intentionality that's so low that it's practically homeopathic.

Until recently, we weren't accustomed to encountering coherent strings of words or polished images that had no intender, so we imputed the existence of that intender to them, and we did what we always do when we encounter a work of art: we tried to mentally materialize a facsimile of the feeling the artist experienced while creating the work.

Because the intention of these works was so dilute, we ended up hallucinating an intent. We made up an imaginary artist who meant something by every choice in the work, and experienced an emotional affect that we ourselves had created out of (nearly) whole cloth.

As a species, we've been through this before. Think back to those sunsets. There was a time when we all thought of sunsets as being explicitly created by another being, who was in communication with us through the natural environment (some people still believe this). Looking at a sunset was an exercise in asking yourself, "If I were God, what would I be trying to say to me with this sunset?" just as looking at one of my photos of a sunset would be an exercise in asking yourself, "If I were Cory, what would I be trying to say to me with this photo of a sunset?"

The rise of materialism and scientific rationalism is sometimes called a "disenchantment" and indeed, there's a sense in which a sunset that we know to have no intender is no longer "enchanted." The experience of a sunset becomes something like, "Those colors and their interplay with the physical world is very beautiful." It might even be, "How could I capture that beauty in a painting or a photo or a description so that I could communicate it to someone else?" But it's not, "I wonder what God wants me to feel when I look at this sunset?"

So for many of us, the experience of AI "art" went from, "Wow, there's a person in the machine that's trying to tell me something," to "Wow, that is an impressive feat of software design, but it doesn't say anything to me." Maybe some of us think, "Huh, I could take some element of this, refine it with my own brushstrokes or words, and make something out of it." That's like thinking about turning a sunset into a painting: the sunset is striking and maybe beautiful, but it doesn't become art until you work at it, in order to make it communicate something:

https://pluralistic.net/2025/03/25/communicative-intent/#diluted

Mark Fisher describes the "seeming of an intent without an intender" as "eerie." It's true: when the door slams in the night and there's no one else in the house, it's eerie. But eeriness is easily dispelled: once you locate the open window that's creating the draft that's blowing the door closed, the eeriness regresses swiftly to the mean:

https://pluralistic.net/2024/05/13/spooky-action-at-a-close-up/#invisible-hand

Banishing eeriness may be straightforward, but preventing eeriness is much harder. We are prone to imputing intent to the things we see in the world. In "Genesis," an essay from EL Doctorow's (no relation) collection The Creationists, Doctorow describes the origins of the Babylonian creation story (which the Hebrews ripped off for Genesis 1:1-29 – Genesis is Babylonian fanfic). The Babylonians made up this story about how God created the heavens and Earth and so forth, and this story was so cool that they couldn't believe that they had just made it up, so they concluded that God must have put it in their minds:

https://www.penguinrandomhouse.com/books/41520/creationists-by-e-l-doctorow/

Back to Eno: central to his talk was the "theory of mind." To have a theory of mind is to be able to impute someone else's intent. It's when you ask yourself, "What does that person mean by the thing they just said or did?" Because art is a process by which an artist tries to get you to feel something, it requires that the artist have a theory about your mind. And because experiencing art is a process of trying to figure out what the artist wanted you to feel when you experienced their work, experiencing art also requires a theory of mind.

From time to time, I teach fiction writing workshops, and one of the lectures I always give is about how stories are a "fuggly hack":

https://locusmag.com/feature/cory-doctorow-stories-are-a-fuggly-hack/

It's very weird that storytellers can trick our brains into experiencing emotions based on empathy for "people" whom we know to be imaginary. Romeo and Juliet are made up, they never lived, they never died, and so, objectively speaking, their deaths are less tragic than the death of the yogurt you ate for breakfast. That yogurt was alive and now it's dead, after all. And yet, we weep for Romeo and Juliet.

Our automatic "theory of mind" processes create empathy for stuff even when we know that stuff is inanimate. But the purpose of narrative isn't getting you to experience empathy with an imaginary person. The purpose of narrative is to get you to experience that empathy so that you will feel something. In other words, the storyteller who describes a character who is swept away by the beauty of a sunset is trying to get you to feel "swept away" not "empathy for someone who is swept away."

There's lots of art that skips the step in which you are asked to first experience empathy for an imaginary person in order to arrive at some feeling. A lot of music, visual art, dance, and poetry seeks to evoke that feeling in you directly.

When this works, it's profound. I think about this a lot in terms of built environments, specifically Disney theme park rides. When I started hanging around with Imagineers (the multidisciplinary artists who design and execute these rides), I noticed that they made frequent reference to the role of narrative storytelling in their ride designs, which was weird, because the very best Disney rides do not use narrative to evoke a feeling.

Think of two Disney rides: Snow White's Enchanted Wish (1955); and The Little Mermaid: Ariel's Undersea Adventure (2011). In Snow White, riders follow a track through a series of animated vignettes with UV-fluorescing painted backdrops and an orchestral soundtrack. There are almost no words spoken in the soundtrack. The ride's vignettes recreate scenes from the 1937 animated film, but they don't make any attempt to explain the plot of the movie.

A rider who'd never seen Snow White and the Seven Dwarfs could not recount the plot of the movie to you. However, that rider could absolutely convey the emotional affect of every scene in the film. It is a near-perfect transmission of the feelings evoked by the movie, notwithstanding that it bypasses recounting the film's narrative.

By contrast, The Little Mermaid ride is what's sometimes pejoratively called a "book report ride." The scenes are full of dialog, and they explicitly re-create the storyline of the 1989 film. These scenes are well-executed, with lots of clever mechanical effects and skillfully painted and sculpted scenes and robots. A rider who never saw the film could give you a scene-by-scene breakdown of it – but they could not tell you about any of the emotional beats of the film. For all that the ride faithfully recreates the story of the film, it does so at the expense of the purpose of the film, the feeling the film is designed to evoke from its audience.

As a novelist, I find it natural that someone trying to build a Little Mermaid ride would start from the premise that it should explicitly retell the story of the film. If you want an audience member to experience a feeling, narrative gives you the opportunity to explicitly describe the feeling you want the audience member to experience. You can situate a character on a lonely beach at sunset and tell the reader how that character feels.

The problem is that while this has an increased likelihood of being high-fidelity way of transmitting a feeling, it also has an increased likelihood of being a low-intensity way of conveying that feeling. When you tell someone about what's going on in another person's mind (including an imaginary person's mind), it doesn't fire up the theory-of-mind machine in the way that asking someone to infer the state of someone else's mind from implicit cues does.

This is why fiction writers are exhorted to "show, not tell." Dramatic, implicit evocations of an emotion are intrinsically more interesting than explicit statements about emotions. That's not to say that exposition can't evoke an emotion – it can and does. It's just harder to do this with exposition than it is to do it with dramatization:

https://maryrobinettekowal.com/journal/my-favorite-bit/my-favorite-bit-cory-doctorow-talks-about-the-bezzle/

In his talk yesterday, Eno discussed abstract art, and the way that it evokes feelings in the viewer directly, without ever telling you what to feel. This is in keeping with much of Eno's own art (he recently told me that when he writes lyrics, he never uses the words "I," "me," "you," or "love").

In this theory I'm developing here, we could say that the more abstract a work is, the harder it is to evoke a specific feeling with high fidelity, but the more likely it is that the feelings it does evoke will be intensely felt. When your aesthetic sense resonates with a Henry Moore bronze or an Eno ambient track, the thrum is deep and strong.

Key to this theory is that it's about how hard it is for an artist to evoke a feeling and how hard it is for the artist to make that feeling intense. Abstract art is more likely to be misunderstood (or not understood) than explicit narratives, but lots of abstract art is very well understood by people for whom it resonates. Explicit narratives are likely to have a flatter affect than work that attempts to skewer your emotions directly, but plenty of explicit narratives make you feel the most profound emotions you're capable of feeling.

A 2x2 grid depicting different kinds of art laid out on two axes: 'intensity' and 'fidelity'

Imagine a 2×2 grid with "intensity" on one axis and "fidelity" on the other. It's easier to evoke an intense feeling when you are more abstract, but it's harder to control what that feeling will be. These are works that operate on an implicit theory of mind ("I think I know what you'll feel when you see this"). It's easier to control the feeling you're evincing when you are more concrete, but it's harder to make that feeling an intense one ("I will tell you what someone else is feeling using this work").

None of this is to establish a hierarchy of art. As Eno says, the value of art is in whether it makes you feel something and what it makes you feel – not how that feeling is drawn forth. In What Art Does, Eno describes both art and science as an extension of our natural, inborn tendency to play. The difference is that we judge the success of science based on whether we can validate its conclusions, while we judge the success of art based on whether it excites us:

'Excitement' is to art as 'falsifiability' is to science.

(With thanks to Brian Eno.)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago IRS insider accuses agency of giving archives to lowest bidder https://web.archive.org/web/20060614142129/http://wftm.diaryland.com/060601_71.html

#20yrsago Telemedicine rigs coming to all Virgin jets https://web.archive.org/web/20060616063357/http://europetravelnews.com/2006_05/844_virgin-atlantic-life-saving-technology/

#15yrsago Con artists caught tricking med-students into helping with high-tech entrance exam cheat https://web.archive.org/web/20110603051231/https://www.cbc.ca/news/canada/british-columbia/story/2011/05/31/bc-high-tech-mcat-scam.html

#10yrsago How a “lost” Marx Brothers musical found its way back to the stage https://web.archive.org/web/20160602114803/https://www.newyorker.com/culture/culture-desk/how-a-lost-marx-brothers-musical-found-its-way-back-onstage

#10yrsago How security and privacy pros can help save the web from legal threats over vulnerability disclosure https://iapp.org/news/a/how-you-can-help-white-hat-security-researchers

#10yrsago US Patent and Trademark Office refuses to issue “Drumpf” trademark https://www.worldipreview.com/trademark/drumpf-trademark-application-refused-by-uspto-10210

#10yrsago How an engineer/public health whistleblower led the citizen scientists who busted Flint’s water crisis https://web.archive.org/web/20160604112755/https://www.wired.com/2016/06/flint-water-marc-edwards/

#10yrsago Why 3D scans aren’t copyrightable https://web.archive.org/web/20160605140300/https://www.shapeways.com/blog/archives/25599-new-whitepaper-on-3d-scanning-and-the-lack-of-copyright.html

#10yrsago Cable One used customers’ credit scores to decide how good their internet would be https://wetmachine.com/tales-of-the-sausage-factory/broadband-privacy-can-prevent-discrimination-the-case-of-cable-one-and-fico-scores/

#10yrsago Class action: publishers paid writers “sale” royalties on ebooks whose fine-print says they’re “licensed” https://www.copylaw.org/2016/05/simon-schuster-hit-with-ebook-royalties.html

#5yrsago The antitrust case against Prime https://pluralistic.net/2021/06/01/you-are-here/#prime-facie

#5yrsago Google cheats on location privacy https://pluralistic.net/2021/06/01/you-are-here/#goog

#5yrsago Canadian telco monopolists run the show https://pluralistic.net/2021/06/01/you-are-here/#crtc

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Mon, 01 Jun 2026 09:25:48 +0000 Fullscreen Open in Tab
Pluralistic: Molly Crabapple's 'Here Where We Live Is Our Country' (01 Jun 2026)


Today's links


The cover for the Penguin Random House edition of Molly Crabapple's 'Here Where We Live Is Our Country.' It features one of Crabapple's distinctive watercolor paintings, depicting a woman carrying a red Jewish Bund banner in Yiddish, amidst a menacing crowd of her red-armband-wearing comrades.

Molly Crabapple's 'Here Where We Live Is Our Country' (permalink)

Molly Crabapple's Here Where We Live Is Our Country is one of the most important, timely and salient works of history I've ever read. It's a history of the Jewish Labor Bund, a socialist, internationalist organization that once dominated Jewish political identity:

https://www.penguinrandomhouse.com/books/646320/here-where-we-live-is-our-country-by-molly-crabapple/

In the late 19th and early 20th centuries, there were hundreds of thousands of Bund members, both in the Pale of Settlement (the rural regions of the Russian empire that the Tsar confined most Jews to) and in diasporic centers like New York City. The Bund played an important role in the Russian Revolution and in the resistance to the rise of European fascism, and fought valiantly in the antifascist underground guerrilla bands in Nazi-occupied territories.

Despite this faded prominence, the Bund is all but unknown today. I was only vaguely aware of it, even though I attended seven years' worth of Yiddish classes at the Workmen's Circle, a Bund-originated socialist fraternal organization, and was bar-mitzvahed at a Workmen's Circle hall. It wasn't until I read about the Bund in Naomi Klein's essential 2023 book Doppelganger that I first caught a glimmer of its significance:

https://pluralistic.net/2023/09/05/not-that-naomi/#if-the-naomi-be-klein-youre-doing-just-fine

The thesis of Doppelganger is that the world is full of "mirror world" pairs with opposite political valences. For example, the mirror world version of the health justice movement is MAHA. Both MAHA and health justice share many commonalities (such as a skepticism of Big Pharma and its captured regulators), but arrive at totally different conclusions. Health justice demands universal access to medical care, compulsory licenses and patent reform for life-saving medicines, and systemic interventions to address discrimination against gender minorities, women, and racialized people. MAHA starts from the same diagnosis, but arrives at a totally different prescription: "eating clean," buying unregulated supplements from grifters, rejecting vaccines, attributing chronic health problems to personal moral failings, along with a conspiratorial rejection of life-saving medication.

Mirror worlds are everywhere. One chapter of Klein's work deals with the "mirror worlds" of Jewish identity and what radical Jews once called "the Jewish question":

https://ernestmandel.org/english/works/Jewish-Question-Since-World-War-II

In the 19th century, antisemitism was often described as "the socialism of fools." In the real world, we observe the dominance of parasitic finance capital over productive labor and embark upon a great class struggle to seize the means of production. In the mirror world, antisemites observe this same fact, combine it with the fact that some of these bankers are Jewish, and embark on a genocidal program of antisemitic violence.

But antisemites weren't the only mirror-world pairing with a view on "the Jewish question." Early 20th century Jews also lived on either side of the political looking-glass. On one side, you had the Bundists, whose motto (and the title of Crabapple's book) was "Here, where we live, is our country." For Bundists, Jews belonged everywhere Jews were. As the Jewish socialist Meyer London wrote, "Thousands of Jewish boys and girls pray to God not to lead them again out of Egypt, but to help them free Egypt."

The Bund saw its struggle as just one aspect of the universal struggle for liberation. They understood that persecuted minorities everywhere labored under the double bind of racist and class oppression (and further, that women labored under gender oppression), but they also understood that these identity markers were tactical facts about how these workers should set about freeing themselves.

They didn't mistake identity for a strategic difference: the goal was always universal liberation, and the reason to consider identity-based oppression was to ensure that every comrade was brought along in the struggle. As Crabapple writes, the Bund more-or-less invented intersectional analysis, and they practiced it with an eye to all the struggles of the world. Bund newspapers (even those published by the Bund underground in the Warsaw Ghetto) closely tracked the struggles of Black workers in the Jim Crow south, just as the Black radical press of the day reported closely on antisemitic lynchings in Europe. The Bund underground even managed to send telegrams of support to Gandhi from Nazi-occupied Poland.

On the other side of the Jewish mirror was (of course) Zionism. Zionism and the Bund were founded in the same year, in response to the same events. The Bund was founded in secret by exiled radical Jews in Vilna whom the Tsar had banished for their resistance activities. Zionism was founded in Geneva by Theodor Herzl, who sheltered Jews who had fled Tsarist Russia to escape antisemitic violence.

Where the Bund called for universalism and solidarity with all workers to keep Jews safe in every place where Jews lived, Zionists dreamed of a Jewish homeland, a stronghold to which Jews could retreat from the world. Where the Bund fought antisemites who would banish or exterminate Jews, Zionist leaders were willing to align themselves with antisemites, finding common cause in the idea that European Jewry should abandon Europe in favor of Palestine.

Indeed, the Balfour Declaration – which established a plan for the UK handing over its occupied territories in Palestine to create a Jewish homeland – was fomented by vicious antisemites as part of a plan to ethnically cleanse the UK of all Jews:

https://www.palestine-studies.org/en/node/232119

As Crabapple documents in detail, in the ensuing decades of struggle that followed, Zionist leaders repeatedly entered into alliances with antisemitic politicians, even those who presided over (and sometimes directed) campaigns of racist terror against Jews. Despite their mutual hatred, they shared a common goal: terrorizing Europe's Jews out of Europe and into Palestine.

Meanwhile, Bundists never wavered from their rejection of antisemites. In the Bundists' socialist, internationalist program, the pursuit of a Jewish homeland merely dangled the possibility of Jewish liberation – at the expense of Palestinians, and without having anything to offer to all the other oppressed peoples of the world.

While I discovered the Bund through reading Naomi Klein, many others learned about it from Crabapple's widely circulated 2018 New York Review of Books article, "My Great-Grandfather the Bundist":

https://archive.is/20260518010455/https://www.nybooks.com/online/2018/10/06/my-great-grandfather-the-bundist/

Predictably, Crabapple's article provoked attacks from Zionists who told Crabapple they blamed the Bund for its own extermination. In their telling, the Bund's stubborn refusal to confront antisemitism as "history's oldest hatred" was a suicidal delusion that led their members into the Nazis' mass graves.

But for many Jews, Crabapple's article was a revelation about a different way to be Jewish, an identity that rejected the Apartheid state of Israel (South African Apartheid and the state of Israel share a birth year, and Apartheid South Africa and Israel carried on a robust program of mutual trade in arms and surveillance tools):

https://imeu.org/resources/key-issues/fact-sheet-an-overview-apartheid-south-africa-israel/275

This revelation only gained salience and prominence after October 7, 2023, when Israel responded to a massacre perpetrated by Hamas by embarking on a years-long program of genocide and extraterritorial aggression. Zionists have defended these crimes against humanity as inseparable from Jewish identity and the only plausible answer to "the Jewish question."

Israel's defenders insist that even naming the genocide in Palestine (let alone opposing it) is inherently antisemitic. Ironically, Israel's loudest cheerleaders are the millions of antisemitic evangelical Christian Zionists who vastly outnumber Jewish Zionists, who support Israel in hopes of bringing about a Biblical prophecy in which Christ returns and every Jew is cast down to Hell.

In the years since, Crabapple's work to revive the Bund has only gained adherents, especially among Jews who refuse to accept that their safety can only be secured through mass slaughter and imperial conquest. Crabapple's response to this burgeoning movement is this book, a massive, heroic, brilliant, and pitiless history of the Bund that proposes its own answer to "the Jewish question."

Beyond its political importance, Here Where We Live Is Our Country is a remarkable scholarly and artistic achievement. Crabapple taught herself to speak and read Yiddish so that she could consume primary sources, and she crisscrossed the globe to see and research the key sites of Jewish oppression and the Jewish liberation struggle.

It's a monumental book. Thanks to Crabapple's voluminous research, Here Where We Live delivers a blow-by-blow look at the Bund's rise and its triumphs, but even more importantly, the tactical disagreements, factional disputes, and personal animus that too often snatched defeat from the jaws of victory for these committed revolutionaries.

At times, Crabapple's tick-tock of these fights seems to embody the wry maxim: "Two Jews, three arguments." But the point of all this nuanced, textured detail isn't to rehash the tittle-tattle of the previous century, nor is it to show off Crabapple's prowess as a researcher. Rather, in rehearsing these fights, Crabapple shows how reasonable these disputes seemed at the time, and how terrible the consequences were for all concerned.

In this mode, Crabapple manages the admirable achievement of being both sympathetic and pitiless. Crabapple, after all, is a veteran political activist who has traveled extensively to active war-zones to document atrocities and offer mutual aid to those fighting for justice. She's endured every failure that radical politics can manifest, sat through every kind of bad meeting, and she recognizes in these disputes the same personalities and personal failings that have broken her heart a hundred times. She understands why these people are this way – but she can also see, with perfect hindsight, the ghastly horrors that followed, which swamp any matter of principle these people might have stood on.

There's plenty of this sympathetic pitilessness to go around, and it's not just the Bund or Jews who come in for it. Every factionalist blunder in pre-Revolutionary Russia, in the Soviet Union, in interwar Poland, and in occupied Poland comes in for examination – as do every imprisonment, maiming, rape and death that these blunders opened the door to. Crabapple's heroes are principled, but they are imperfect, and sometimes foolish, and sometimes self-deluding (for example, the Palestinian leader who insists that his rank-and-file fighters want to establish a multi-ethnic democracy, despite the undeniable presence in their number of people who want to banish all Jews from Palestine).

The twentieth century was a charnel house, and so the cost of these mistakes is high. Often, these mistakes lead to mass graves, with these mistake-makers tangled among the bodies. They never had the chance to learn from their mistakes. But, through Crabapple's work, we might.

It is in the postscript to this book that its true message lands. After 480 pages, we arrive at Crabapple's conclusion. In reflecting on these people, who died in their millions and whose memory was all but erased, she asks, "Did the Bund fail?"

Her answer is a resounding no. The Bund lost, but it did not fail. The Bund was failed, as were the Zionists, the Roma, European socialists, disabled and queer people – everyone the Nazis burned, gassed, or buried alive. These people cried out to the rest of the world – to America, to Canada, to the UK, to all the places that were not under Nazi occupation – and begged for help, for safe passage, for rescue.

The world slammed its doors. Even after they joined the war, they refused to admit Jews and other victims of Nazi genocide. They refused visas, closed borders, turned back boats of escapees, sometimes sending them back to occupied Europe to be slaughtered.

In his review in the New York Review of Books, historian Adam Hochschild writes:

Imagine that the United States had not passed the Immigration Act of 1924, which essentially slammed the door on almost all newcomers for more than forty years. Without it, Jewish immigration to the US would surely have soared during the 1920s and 1930s. Some 2.5 million Jews, most of them hoping for a better life than they had in tsarist Russia, had already come here between 1880 and 1924. Then, even in the decade before Hitler took power, Jews still had many reasons to leave Europe. Poland, whose Jewish population of 2.8 million was the continent’s largest, was a cauldron of antisemitism between the wars, with outbreaks of deadly violence, segregated seating and de facto quotas in many universities, and numerous other humiliations.

https://www.nybooks.com/articles/2026/05/28/a-dream-of-a-socialist-commonwealth-the-jewish-bund/

No one who's paid attention during this century's xenophobic policies and attacks on refugees can fail to see the parallels. And no one who's paid attention to the genocide in Gaza and the official response in the "free" world to Palestinian solidarity movements can fail to see those parallels, either.

For the Jews who are told – by Zionists, including the millions of American gentile Zionists who outnumber Jewish Zionists 30:1 – that all this is being done for us, that our continued existence requires it, Crabapple's history of the Bund shows us what's on the other side of the mirror. As NYT editor Max Strasser writes in his review of Here Where We Live:

[The Bund was] the kind of movement leftists today dream about — political party, social movement, mutual aid group — with tens of thousands of members. The Bund published newspapers and ran soup kitchens and summer camps; its athletes competed in a socialist version of the Olympics. Bund activists organized across Eastern Europe and beyond — they helped elect a congressman on the Lower East Side.

https://www.nytimes.com/2026/04/06/books/review/here-where-we-live-is-our-country-molly-crabapple.html

The politics we dream of isn't a fantasy. It's the politics our grandparents lived – a politics that wasn't lost, but rather, erased. Erased by Nazis and Stalinists, who committed wholesale slaughter of Bundists. But that politics was also erased by Zionists, who swept through the Displaced Persons' camps of post-war Europe, imposing a draft on the Jews who'd been penned in those stinking camps by a world that refused to welcome Jews, even after the horrors of the death-camps were widely known. Zionists bullied and coerced these Jews – including Bundists who rejected their cause – to serve as foot-soldiers in the Israeli army, even beating elderly parents until their sons and daughters agreed to fight.

Bundists always rejected all forms of ethno-nationalism. As Jews, they had lived in the violence and oppression that always attended every ethno-nationalist program. They never imagined that Israel would escape this fate. As the Bundist leader Henryk Erlich wrote in 1933: "We are not a chosen people. Our nationalism is just as ugly, just as harmful as the nationalisms of all the other nations."

Crabapple has done heroic and important work in excavating this history. She has vindicated the sacrifices made by the Bundist archivists who smuggled their papers out of Nazi occupation and gave their lives to ensure that some day their story could be told.

In so doing, she has also vindicated her own great-grandfather, Sam Rothbort, a Bundist who fled the Pale of Settlement for New York City, whose art-practice traveled to Crabapple through her mother, who is also a painter. It wasn't just the art-practices that traveled – it was also the art, and it was one of Rothbort's paintings ("Itka, the Bundist," depicting a girl throwing a rock through a window) that set her on this journey.

This volume is also graced by Crabapple's own art, stark monochrome ink-washes in her characteristic style, which bring these long-dead people to vivid life. They're a reminder of the role that culture plays in every radical movement, of the ways that the Bund welcomed its members to live a radical life through sport and song and picnics, and not just meetings and street-demonstrations.

Even before this book, Crabapple had made a mark through her paintings and writings. But with Here Where We Live Is Our Country, Crabapple has given us a magnum opus, a book that might help us turn the tide of history.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Sign a letter supporting the BBC’s online archive https://web.archive.org/web/20060704182401/http://www.freeculture.org.uk/letters/CreativeArchiveLetter

#20yrsago Home chemistry under assault https://web.archive.org/web/20060603021709/http://wired.com/wired/archive/14.06/chemistry_pr.html

#20yrsago Cliches to avoid when writing about women and video-games https://web.archive.org/web/20060704223941/http://www.richardcobbett.co.uk/codex/clicktoread/filingcabinet/writing_a_girls_in_games_article/

#20yrsago JPEG patent invalidated https://web.archive.org/web/20060613015757/http://www.pubpat.org/Chen672Rejected.htm

#20yrsago SF story about AI-human love https://www.salon.com/2006/05/30/perfect_man/

#15yrsago Sensation: Acerbic novel about pop culture and popular madness as functions of parasitic manipulation https://memex.craphound.com/2011/05/30/sensation-acerbic-novel-about-pop-culture-and-popular-madness-as-functions-of-parasitic-manipulation/

#15yrsago Every Pirate Wants to Be an Admiral: why less copyright gets you more culture https://www.theguardian.com/commentisfree/video/2011/may/30/internet-piracy-cory-doctorow

#15yrsago Social incentives vs economic incentives in crowdsourced work https://web.archive.org/web/20110602184500/https://blog.crowdflower.com/2011/05/designing-incentives-for-crowdsourcing-workers/

#15yrsago Painful workarounds from computer novices https://www.reddit.com/r/AskReddit/comments/hmlmd/what_is_the_most_painful_way_you_have_seen_your/

#10yrsago To imagine the ocean of the future: picture a writhing mass of unkillable tentacles, forever https://web.archive.org/web/20160530145354/https://arstechnica.com/science/2016/05/octopuses-may-indeed-be-your-new-overlords/

#10yrsago When Brad Birkenfeld blew the whistle on UBS, the US government paid him $104M and sent him to jail https://web.archive.org/web/20160602152611/http://fullmeasure.news/news/politics/the-whistleblower-05-23-2016

#10yrsago The last time there were this many unsold $100M+ homes on the market, the world economy imploded https://web.archive.org/web/20160529040314/https://www.nytimes.com/2016/05/29/business/a-worrisome-pileup-of-100-million-homes.html

#10yrsago David Foster Wallace’s essays on tennis, finally collected between one set of covers https://www.csmonitor.com/Arts-Culture/Books/2016/0530/String-Theory-gathers-the-brainy-witty-tennis-writing-of-David-Foster-Wallace

#10yrsago United Arab Emirates hacked UK journalist https://citizenlab.ca/research/stealth-falcon/

#10yrsago Internet economics 101: “bandwidth hogs” considered harmless https://web.archive.org/web/20160530155601/https://arstechnica.com/tech-policy/2016/05/should-broadband-data-hogs-pay-more-isp-economics-say-no/

#20yrsago JPEG patent invalidated https://web.archive.org/web/20060613015757/http://www.pubpat.org/Chen672Rejected.htm

#20yrsago SF story about AI-human love https://www.salon.com/2006/05/30/perfect_man/

#15yrsago Sensation: Acerbic novel about pop culture and popular madness as functions of parasitic manipulation https://memex.craphound.com/2011/05/30/sensation-acerbic-novel-about-pop-culture-and-popular-madness-as-functions-of-parasitic-manipulation/

#10yrsago To imagine the ocean of the future: picture a writhing mass of unkillable tentacles, forever https://web.archive.org/web/20160530145354/https://arstechnica.com/science/2016/05/octopuses-may-indeed-be-your-new-overlords/

#10yrsago When Brad Birkenfeld blew the whistle on UBS, the US government paid him $104M and sent him to jail https://web.archive.org/web/20160602152611/http://fullmeasure.news/news/politics/the-whistleblower-05-23-2016

#10yrsago The last time there were this many unsold $100M+ homes on the market, the world economy imploded https://web.archive.org/web/20160529040314/https://www.nytimes.com/2016/05/29/business/a-worrisome-pileup-of-100-million-homes.html

#10yrsago David Foster Wallace’s essays on tennis, finally collected between one set of covers https://www.csmonitor.com/Arts-Culture/Books/2016/0530/String-Theory-gathers-the-brainy-witty-tennis-writing-of-David-Foster-Wallace

#10yrsago United Arab Emirates hacked UK journalist https://citizenlab.ca/research/stealth-falcon/

#10yrsago Internet economics 101: “bandwidth hogs” considered harmless https://web.archive.org/web/20160530155601/https://arstechnica.com/tech-policy/2016/05/should-broadband-data-hogs-pay-more-isp-economics-say-no/

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Sat, 30 May 2026 09:31:41 +0000 Fullscreen Open in Tab
Pluralistic: Carneyism without Carney (30 May 2026)


Today's links

  • Carneyism without Carney: Eh?
  • Hey look at this: Delights to delectate.
  • Object permanence: Replacing pharma patents with bounties; USTR v cheap leukemia meds; Plutocrats x wealth segregation; Anonymous Analytics; Scott Walker sells off donors; Anonymization v metadata; Probably; Amazon warehouse workers are the future of Amazon coders; Warcraft eggs; Brainwashing school; People who don't know The Onion is satire; "Company Town"; America is a scam.
  • Upcoming appearances: London, Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh, South Bend.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


A turn-of-the-century Main Street, USA. Over the horizon looms a giant Canadian flag, made out of circuitry. In the foreground is a pixelboard sign reading 'U.S. BORDER CLOSED.' In the foreground looms a giant lumberjack, about to swing his axe into the sign.

Carneyism without Carney (permalink)

The "Third Way" in liberal politics involves saying things that working people love, but doing things that sociopathic plutocrats love. It works …right up until voters notice that you're not doing the things. That realisation breeds cynicism and fury and paves the way for fascist strongmen.

It's really ugly, and no one does it uglier than Canada's Liberal Party. Remember that time Prime Minister Justin Trudeau marched with Greta Thunberg to protest Canada's shitty, planet-wrecking climate policies?

https://globalnews.ca/news/5959371/election-campaign-climate-march/

Gee, Justin – it sure would be great if you could have a word with the fella who decided to bail out America's doomed tar sands pipeline and vowed to pump and torch 173,000,000,000 barrels of Canadian oil:

https://finance.yahoo.com/news/no-country-173-billion-barrels-203807530.html

Trudeau's "Third Way" eventually proved so unpopular that he opened the door to an authoritarian takeover of Canada by an otherwise totally unelectable, Trump-aligned far-right maniac. The only thing that saved Canada from a fate dumber than Trump was Trump himself, who wouldn't stop promising to make Canada the 51st state, an idea that was even more repellent to Canadians than five more years of Third Way bullshit:

https://ca.news.yahoo.com/pierre-poilievre-joe-rogan-podcast-143318576.html

And boy did Canadians find a Third Way bullshitter to move into 24 Sussex Drive: Mark Carney, an austerity-crazed central banker who will endorse incredibly progressive policies…provided he never has to do any of them. When it comes to championing working Canadians while royally screwing them, Carney is the only Canadian politician capable of out-Trudeauing Trudeau.

But we shouldn't reject Carneyism due to the mere fact that Carney refuses to deliver Carneyism. The problem with Carneyism isn't Carneyism itself – the problem with Carneyism is Mark Carney.

Take Carney's policy promise to charge US tech giants a 3% tax, a move that would defeat their incredibly clever gambit of pretending to be Irish and thus not owing any tax, anywhere:

https://pluralistic.net/2026/01/17/erin-lets-go/#circumvention-haven

That was a good policy! So was Carney's "elbows up" policy of sticking it to America in retaliation for Trump's flagrant violation of CUSMA, the free trade agreement negotiated by (checks notes) one Donald J Trump:

https://www.theguardian.com/us-news/2025/may/06/trump-carney-meeting-canada-tariffs-trade

Unfortunately, Mark Carney didn't get the memo from (checks notes) Mark Carney, and the very instant Trump arranged his face into his trademarked confused scowl, Carney dropped the tax, apologising profusely:

https://www.canada.ca/en/department-finance/news/2025/06/canada-rescinds-digital-services-tax-to-advance-broader-trade-negotiations-with-the-united-states.html

In the last days of the Trudeau government, the Liberals passed a bill that transformed Canada's Competition Bureau from the weakest antitrust regulator in the world into one of the strongest (on paper, at least):

https://competition-bureau.canada.ca/en/how-we-foster-competition/education-and-outreach/guide-june-2024-amendments-competition-act

It's impossible to overstate how useless the Competition Bureau was before this bill passed. In its entire history, the Bureau had only challenged three mergers, and had never successfully challenged a merger. Canada's do-nothing competition enforcers allowed the country to be captured by Made-in-Canada oligarchs whose ripoffs and abuses would make the Hudson's Bay Company blush:

https://pluralistic.net/2024/12/05/ted-rogers-is-a-dope/#galen-weston-is-even-worse

If Canada was ever going to be a real country (and not just two monopolists and a mining company in a trenchcoat) it needed a serious competition enforcer. Nominally, it has one, thanks to the 2024 Competition Act. The only problem was Carney, who made sweeping real-terms cuts to the Bureau's funding. Thanks to Carney, Canada has a Competition Bureau with all the powers it needs to save Canada from its oligarchs – but it can't afford to do any of that stuff.

Monopolists rip Canadians off like crazy. We even have a guy who mistook Les Miz for an HBR case-study, and embarked upon the country's worst-ever price-fixing campaign, gouging the country on bread prices:

https://www.donotpassgo.ca/p/the-bread-price-fixing-scandal-is

You don't have to be a monopolist to steal from Canadians. Ripping off Canadians is the game everyone can play! Consumer protection agencies are incredible value for money, saving the public hundreds for every dollar that we spend on them. Guess who just eliminated Canada's consumer protection agency?

https://www.donotpassgo.ca/p/carney-government-slashes-consumer

Oh, to be a scammer in Mark Carney's Canada! Whatever Galen Weston doesn't steal is yours for the taking!

But again, the problem isn't Carneyism – the problem is Carney. Carneyism is great. Carneyism gave us that remarkable speech at Davos, where Mark Carney declared a "rupture" in the US-dominated global system of trade and politics, promising a future of "minilateralism" in which "middle powers" like Canada band together for mutual prosperity:

https://www.weforum.org/stories/2026/01/davos-2026-special-address-by-mark-carney-prime-minister-of-canada/

If only Mark Carney had been there to hear those stirring words! He might have understood what a fucking insane idea it is to turn over Canada's military to Palantir, the company that, more than any other, has fused itself with the Trump regime's domestic program of ethnic cleansing and its international program of extraterritorial aggression:

https://www.thestar.com/politics/federal/canadas-deal-with-us-data-giant-palantir-is-legitimate-defence-minister-says/article_e49b9c32-8f76-466c-86ed-36a4110ba45a.html

Carneyism isn't merely a rejection of the old international order. Domestically, Carneyism promises technocratic excellence, skilled leadership that delivers first-class services for the Canadian people. This is a great pitch! It got Mamdani elected, and Mamdani's sincere pursuit of governmental excellence thrills New Yorkers in new ways every day:

https://pluralistic.net/2026/02/24/mamdani-thought/#public-excellence

Here, too, Carneyism is entirely sound – the problem is Carney's vicious anti-Carneyism and his plan to fire tens of thousands of civil servants and replace them with AI chatbots. It's not just that chatbots are terrible substitutes for skilled public officials, they're also controlled by US corporations that are entirely beholden to the Trump regime:

https://www.cbc.ca/news/politics/carney-artificial-intelligence-strategy-9.7213733

Unlike Mark Carney, I support Carneyism. Carneyism promises protection for Canadians, from monopolists and mad emperors, petty thieves and potholes. But Carney himself ardently opposes these policies. This will only get worse when the AI bubble pops and vaporises a third of the US stock market, spreading contagion to global capital markets. That will be Carney's cue to roll out his favourite go-to tactic: austerity.

We cannot afford this. Austerity is how we lose the country. Austerity – more than any other force – drives working people into the arms of fascists:

https://pluralistic.net/2026/04/12/always-great/#our-nhs

The thing is, Mark Carney has shown his political opponents how to beat him: just embrace Carneyism. The things Carney says are incredibly popular. Now we just need to elect someone who'll do them.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago World of Warcraft Easter eggs https://web.archive.org/web/20060614223838/http://www.wow-europe.com/en/contests/noblegarden/winners.html

#15yrsago Bernie Sanders introduces anti-pharma-patent bill, aims to replace drug monopolies with prizes https://web.archive.org/web/20110528053922/http://keionline.org/node/1147

#15yrsago Life at a brainwashing “school for troubled teens” https://www.reddit.com/r/troubledteens/comments/hk0xy/a_gay_teen_describes_her_experience_at_a_utah/

#15yrsago Facebook updates from people who don’t know The Onion is a humor site https://literallyunbelievable.tumblr.com/

#10yrsago Untangling the Web: the NSA’s supremely weird, florid guide to the Internet https://www.techdirt.com/2016/05/27/nsas-guide-to-internet-is-weirdest-thing-youll-read-today/

#10yrsago Company Town: Madeline Ashby’s tale of sex and Singularity cults is a locked-door mystery at sea https://memex.craphound.com/2016/05/28/company-town-madeline-ashbys-tale-of-sex-and-singularity-cults-is-a-locked-door-mystery-at-sea/

#10yrago US trade rep threatens Colombia’s peace process over legal plan to offer cheap leukemia meds https://web.archive.org/web/20160725174757/https://www.statnews.com/pharmalot/2016/05/26/bernie-sanders-novartis-patent/

#10yrsago Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid https://dailydot.com/politics/justin-shafer-fbi-raid

#10yrsago Wealthy families are most responsible for American wealth segregation https://web.archive.org/web/20160530195842/https://www.washingtonpost.com/news/wonk/wp/2016/05/10/the-incredible-impact-of-rich-parents-fighting-to-live-by-the-very-best-schools/

#10yrsago Someone just snuck warrantless email access into the Senate’s secret intelligence bill https://web.archive.org/web/20160526201753/https://theintercept.com/2016/05/26/secret-text-in-senate-bill-would-give-fbi-warrantless-access-to-email-records/

#10yrsago Wells Fargo, who preyed on black borrowers, sponsors Black Lives Matter luncheon https://web.archive.org/web/20160527184755/https://theintercept.com/2016/05/27/wells-fargo-sponsorship-of-black-lives-matter-panel-draws-scorn/

#10yrsago Anonymous Analytics: self-proclaimed Anon “faction” that tanks companies through stock reports https://web.archive.org/web/20160527155031/https://news.softpedia.com/news/anonymous-hackers-turned-stock-analysts-are-targeting-us-chinese-corporations-504495.shtml

#10yrsago Scott Walker, saddled with $1.2m debt from failed presidential bid, pawns his own donors https://ghanasoccernet.com/uk/2016/05/24/scott-walker-rents-out-donor-list-to-pay-campaign-debt/

#10yrsago Study shows detailed, compromising inferences can be readily made with metadata https://www.pnas.org/doi/full/10.1073/pnas.1508081113

#10yrsago EFF fights order to remove public records documents detailing Seattle’s smart-meters https://www.muckrock.com/news/archives/2016/may/26/court-grants-temporary-restraining-order-forcing-r/

#5yrsago Probably https://pluralistic.net/2021/05/27/probably/

#1yrago AI turns Amazon coders into Amazon warehouse workers https://pluralistic.net/2025/05/27/rancid-vibe-coding/#class-war

#1yrago America is a scam https://pluralistic.net/2025/05/28/cheaters-ever-prosper/#caveat-america

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Thu, 28 May 2026 11:24:23 +0000 Fullscreen Open in Tab
Pluralistic: Hold on for dear life (28 May 2026)


Today's links

  • Hold on for dear life: Not your keys, not your wallet, entirely your problem.
  • Hey look at this: Delights to delectate.
  • Object permanence: Who owns "Web 2.0"; EFF saves bloggers' sources; Non-porn porn; Redaction fails; Canadian Tories say markets, not government, will help flood victims; Forced gold-farming; Walkaway cover; Oracle eats shit in Java API case; Captain America was a Nazi spy; Who Broke the Internet? (Pt IV).
  • Upcoming appearances: London, Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


A shirtless man bound to a chair; his head is bandaged and his torso is covered in wounds. Standing beside him, a hand on his shoulder, is a desperate, suited man brandishing a hot poker. The background is an out-of-focus giant bitcoin logo.

Hold on for dear life (permalink)

From the earliest days of technopolitics, the role of technology in resisting authoritarianism was unclear. On the one hand, there's the indisputable fact that modern cryptography, properly implemented, can deliver a degree of privacy that is proof against all technological attacks.

That is to say, if you pull out your distraction rectangle, fire up the camera, and tap the shutter button, in the ensuing eyeblink instant the image you've captured will be scrambled so thoroughly that it could never be unscrambled without the secret key unlocked by your passphrase or biometrics. Even if every hydrogen atom in the universe were converted into a computer, and even if all those computers spent all the time between now and the end of the universe trying to guess what the key was, we would run out of universe and time long before we ran out of possible keys.

What's more, this extremely robust form of scrambling and descrambling can be combined with other techniques to block tampering with the encrypted data, and to allow parties to reliably identify who scrambled the data and also to restrict who may unscramble it. These remarkable technological facts have inspired many excited debates about what they mean for our politics, most notably among a group of people who called themselves "cypherpunks":

https://web.archive.org/web/20151102012232/https://www.wired.com/1993/02/crypto-rebels/

One cypherpunk faction believed that modern cryptography could enable a kind of technological secession: by allowing ordinary people to communicate, transact and collaborate without the possibility of state interception or control, crypto could make states themselves obsolete.

But another faction pointed out that no amount of mathematics could help you if an agent of the state – or a criminal the state failed to protect you from – tortured you until you revealed the secret passphrase needed to unlock your secrets. This was (ironically) called "rubber hose cryptanalysis" (as in "Tell me your passphrase or I'll hit you with this rubber hose again"). Later, this became known as a "wrench attack" after a famous XKCD comic about $1m worth of security technology being defeated by hitting someone with a $5 wrench until they divulged the password:

https://xkcd.com/538/

Once you stipulate to the problem of wrench attacks and rubber-hose cryptanalysis, it becomes apparent that your cryptography is only as good as your physical defenses. What's more, the most effective physical defenses we have come from a strong rule of law, because even the thickest safe door benefits from the threat of prison for anyone who breaks into the safe, and the most effective tool for preventing a cop from hitting you with a rubber hose is the existence of a judge who can send that cop to prison for abusing your civil rights.

But what do you do if you already live under tyranny? The rule of law is a great defense, but cryptography alone can't bring about the rule of law. What is the role of technology in this foundational struggle?

My technopolitics faction – the faction associated with the Electronic Frontier Foundation, where I've worked for a quarter-century – has an answer: the role of encryption is to provide a measure of privacy and security that is best used to organize political struggles to demand the rule of law and respect for human rights. Encryption isn't proof against rubber hoses, but it is effective against many other forms of state repression, and it can provide a technical edge for those engaged in a political struggle.

Another faction – the faction most associated with bitcoin and subsequent cryptocurrency projects – rejects the role of the state altogether, and seeks to replace states (and state-regulated institutions like courts and banks) with mathematics. Rather than asking courts to interpret contracts, we can put our trust in self-executing "smart contracts," and rather than asking banks to safeguard our financial integrity, we can use cryptographic software to ensure that money only moves when the person it belongs to tells it to.

This has many problems. Smart contracts are slow, expensive, and unreliable. The number of people who understand contracts is small, the number of people who understand the software that embodies smart contracts is likewise small, and the Venn intersection of the two is more of a sphincter. What's more, there is irreducible ambiguity in all but the simplest of contracts, which means that even a "self-executing" contract ends up relying on a human adjudicator (an "oracle") who can be bribed or intimidated into cheating:

https://pluralistic.net/2022/02/14/externalities/#dshr

And when it comes to transactions, crypto proves to be unwieldy, expensive and complex, so that nearly all crypto users end up directing an intermediary (like Coinbase) to hold and move their cryptographic assets for them. The upshot is that cryptocurrency mostly replaces banks – imperfect, but heavily regulated and insured – with unregulated tech platforms with murky ownership and often defective security procedures, who may or may not be insured (or even locatable) in the event of a collapse or a breach. Consequently, cryptocurrency has become a scam magnet of unprecedented and unstoppable power, and hardly a day goes by without people being ripped off in the most ghastly ways imaginable:

https://www.web3isgoinggreat.com/

For bitcoin maxis and other anti-state cypherpunks, this is just a skill issue. Anyone who doesn't understand how to manage their own keys and turns to a platform to hold and move their crypto is getting what they deserve. As the maxim goes, "Not your keys, not your wallet," which is cypherpunkspeak for "caveat emptor."

That's where the wrench attacks come in. Because if you are in possession of keys that can be used to irreversibly and instantaneously steal large sums of money and move it to jurisdictions where the perpetrators are beyond any legal or physical recourse (e.g. North Korea), then there is a massive incentive for your adversaries to kidnap you and hit you with a wrench or a rubber hose.

That's precisely what's going on. People with substantial cryptocurrency holdings face grave personal danger, and the physical attacks on their person grow bolder, more violent, and more sadistic by the day:

https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md

As crypto critic David Rosenthal writes, this problem is even worse than it seems at first blush:

https://blog.dshr.org/2026/05/wrench-attacks.html

For one thing, cryptocurrencies depend on "public ledgers" that indelibly, publicly record every transaction in the network. Cryptocurrency is nothing without these ledgers, and they have to be immutable and public to work. This is very bad news for anyone who relies on anonymity as their defense against physical attacks.

That's because "reidentification attacks" (where an anonymous person in a dataset is positively identified) get easier to perform over time. You might be represented in a database of hospital prescribing activities by a random number, and that number might be hard to associate with your real identity…at first. But with every subsequent release of data – whether in the form of an anonymized data-set or a breach – it gets easier to cross-reference the facts associated with your record with other facts from other records, such that a detailed, identifying picture of you emerges one fact at a time.

For example, if the taxi company you use suffers a breach that reveals journeys associated with every doctor's appointment at the hospital, now an attacker can pick out the home or work address of the single person who visited the hospital just before you received your prescription. The longer an "anonymized" data-set sits around in public view, the easier it gets to de-anonymize it:

https://www.nature.com/articles/s41467-019-10933-3

Combine the fact that permanent ledgers make it progressively easier to identify people whom you can torture into revealing their crypto keys with the irreversible, instantaneous nature of crypto transfers and you get some very juicy targets indeed. "Not your keys, not your wallet" means it's "not anyone else's problem" when you get robbed. You can't ask the bank to interdict or reverse the transaction.

Rosenthal provides a litany of the escalating security measures crypto holders are turning to as this problem goes progressively more dangerous and terrifying. There's the guy who splits his keys up in four physical vaults at four separate locations, whose management is instructed to make him wait a minimum of seven days when he asks to retrieve them. Despite all this, he keeps his identity secret:

https://www.bloomberg.com/news/articles/2026-05-19/crypto-conferences-up-security-after-attacks-scams

Rosenthal quotes Nicholas Weaver, who asks what kind of "internet of money" bitcoin can be if it can't be safely stored on a computer connected to the actual internet:

https://doi.org/10.1145/3208095

But an equally valid question is, what kind of escape from tyranny is it that requires you to hide your identity at all times lest you be snatched off the street and brutally tortured? What kind of "liberty" requires you to spend $860,000 armoring your two top execs' personal vehicles to protect them from gunfire and light artillery?

https://www.ft.com/content/71d7486d-89b5-48ac-8f94-857578c0a03b

It costs $6.2m/year to protect Coinbase's CEO – "more than the combined amount that JPMorgan Chase & Co., Goldman Sachs Group Inc. and Nvidia Corp. spent on their respective CEOs":

https://www.bloomberg.com/news/articles/2025-05-18/crypto-high-rollers-go-big-on-bodyguards-to-deter-kidnappers

Crypto true believers exhort one another to "HODL" (hold on for dear life). Selling your crypto during downturns is considered a moral failing. But now, crypto holders – especially those who manage their own keys – are literally holding on for dear life, as they are hunted by crime syndicates and state actors alike.

It's a good reminder of how badly crypto has failed on its own terms, delivering its biggest users into an existence of fear and physical peril that rivals the plight of even the most hunted dissidents in the most repressive societies. Worse: as cryptocurrency lobbyists have fused crypto with the world's largest and most corrupt governments (especially the Trump regime), crypto now has all the exposure to state coercion that made banks so unsuitable, but without the (inconstant, insufficient) protections offered by traditional banking.

And that's before we talk about the energy consumption problems, the scams enabled by crypto, and the rampant human trafficking that those scams necessitate:

https://www.pbs.org/newshour/show/how-human-trafficking-victims-are-forced-to-run-pig-butchering-investment-scams

People in my technopolitical faction have a saying of our own: "'Crypto' means cryptography." Cryptography plays a hugely important role in protecting people from crime and state repression. It is no substitute for the rule of law and democracy, but it remains a key tool for securing and defending both:

https://pluralistic.net/2022/03/27/the-best-defense-against-rubber-hose-cryptanalysis/

Cryptocurrency, on the other hand? That's the worst of all worlds.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Can anyone own “Web 2.0?” https://memex.craphound.com/2006/05/26/can-anyone-own-web-2-0/

#20yrsago iRiver gives customers the choice of switching off DRM https://web.archive.org/web/20060619150812/http://www.iriver.com/mtp/

#20yrsago EFF scores win against Apple: bloggers’ sources are protected https://web.archive.org/web/20060602020337/http://blog.wired.com/27BStroke6/index.blog?entry_id=1489151

#15yrsago Anonymous pre-paid credit-cards and money-laundering https://web.archive.org/web/20110529001021/https://www.forbes.com/feeds/ap/2011/05/23/technology-lt-fea-plastic-money-laundering_8481416.html

#15yrsago More incompetence revealed on the part of France’s “three-strikes” copyright enforcer https://web.archive.org/web/20120520073256/https://arstechnica.com/tech-policy/2011/05/french-three-strikes-anti-piracy-software-riddled-with-flaws/

#15yrsago Montage: Non-pornographic scenes from pornographic movies https://www.youtube.com/watch?v=DVBhVDXLpaI

#15yrsago Improper court record redaction: a study https://blog.citp.princeton.edu/2011/05/25/studying-frequency-redaction-failures-pacer/

#15yrsago Texas anti-TSA-grope bill killed by threat to shut down all Texas airports https://www.texastribune.org/2011/05/24/fed-threat-shuts-down-tsa-groping-bill-in-texas/?r

#15yrsago Canadian Tories refuse to send soldiers to help flood victims because they’d compete with the private sector https://web.archive.org/web/20110527053822/https://www.theglobeandmail.com/news/national/quebec/ottawa-initially-refuses-request-for-more-troops-to-aid-quebec-flood-victims/article2033562/

#15yrsago Gold-farming in a Chinese forced-labor camp https://www.theguardian.com/world/2011/may/25/china-prisoners-internet-gaming-scam

#10yrsago Edward Snowden performs radical surgery on a phone to make it “go black” https://web.archive.org/web/20160527125043/https://www.wired.com/2016/05/snowden-vice-cell-phone-hack/

#10yrsago FBI is investigating copyright trolls Prenda Law for fraud https://web.archive.org/web/20160526005012/https://popehat.com/2016/05/25/fbi-actively-investigating-prenda-law-team-for-fraud/

#10yrsago How a pharma company made billions off mass murder by faking the science on Oxycontin https://web.archive.org/web/20160524112437/http://static.latimes.com/oxycontin-part1/

#10yrsago GOP officials won’t let the FEC stop bosses from forcing employees to give to PACs https://web.archive.org/web/20160526114245/https://prospect.org/blog/checks/fec-deadlocks-over-employer-political-coercion

#10yrsago Undetectable proof-of-concept chip poisoning uses analog circuits to escalate privilege https://www.ieee-security.org/TC/SP2016/papers/0824a018.pdf

#10yrsago “Pickup artist” douche uses copyright to sue Youtube critics, fans raise $100K defense fund https://www.gofundme.com/f/h3h3defensefund

#10yrsago The best thing you will read about the revelation that Captain America was a Nazi spy https://web.archive.org/web/20160623131614/https://storify.com/rahaeli/captain-america

#10yrsago Revealed: the amazing cover for Walkaway, my first adult novel since 2009 https://reactormag.com/cover-reveal-walkaway-cory-doctorow//

#10yrsago Tor Project is working on a web-wide random number generator https://blog.torproject.org/mission-montreal-building-next-generation-onion-services/

#10yrsago Jury hands Oracle its ass, says Google doesn’t owe it a penny for Java https://www.eff.org/deeplinks/2016/05/eff-applauds-jury-verdict-favor-fair-use-oracle-v-google

#10yrsago Arcade cabinet enthusiasts discover trove of 50+ games in ship, derelict for 30 years https://arcadeblogger.com/2016/05/06/arcade-raid-the-duke-of-lancaster-ship/

#5yrsago Monopolists are winning the repair wars https://pluralistic.net/2021/05/26/nixing-the-fix/#r2r

#1yrago Who Broke the Internet, Part IV https://pluralistic.net/2025/05/26/babyish-radical-extremists/#cancon

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-27T16:35:08-07:00 Fullscreen Open in Tab
Cross-Domain API Access: Beyond the "Obvious" Shortcuts

Cross-domain access is everywhere in today's software landscape. Whether you look at enterprise SaaS applications, AI agents interacting with user data across multiple platforms, or "integrated experiences" pulling information from a calendar, a chat tool, and a wiki—everything eventually needs to talk across boundaries.

Development teams frequently reach for the quickest path to wire these systems together. Usually, teams fall back on two "obvious" architectural shortcuts. However, as experience deploying these architectures at scale demonstrates, both models break down in production.

Let's take a closer look at why these shortcuts fail and what a resilient cross-domain pattern actually looks like.

🧶 Shortcut #1: Have the IdP issue the access token directly

The pattern: the client takes its ID Token to the IdP, exchanges it for an access token, and sends that access token straight to the resource app's API.

Why it's tempting: it reuses the IdP that everyone already trusts. It feels like a clean, one-stop shop.

Why it breaks: every API on the receiving end now has to trust a growing list of foreign token issuers — each with its own quirks around token format, claim conventions, key rotation, and revocation. 

Suddenly your API team is in the federation business, doing one-off integrations per IdP. That's not a sustainable model for building APIs at scale. APIs are far better served by having a local authorization server issuing the tokens they validate — one issuer, one model, one set of rules.

🪪 Shortcut #2: Send the ID Token across domains

The pattern: skip the IdP-issued access token and present the original ID Token directly at the receiving app's authorization server, exchanging it for a locally issued access token.

Why it's tempting: ID Tokens are standardized, so it feels like it sidesteps the trust-fan-out problem from #1.

Why it breaks: ID Tokens are issued for one audience — the application the user signed into. Sending them somewhere else violates that audience binding, opens up replay and misuse risks.

🎯 What Cross-App Access does differently

Cross-App Access (XAA) uses a two-stage flow — and each stage exists specifically to fix one of the problems above.

Stage 1: The client makes a Token Exchange request to the IdP to exchange the ID Token for an ID-JAG: a purpose-built, short-lived, audience-bound grant for the resource authorization server.

No ID Token misuse, no audience confusion. The IdP also stays in the loop to govern whether this cross-app access should happen at all — exactly where enterprise IT already manages who can access what.

Stage 2: The resource app's authorization server exchanges the ID-JAG for its own access token. The API keeps its local AS, its own token format, and its own revocation story. It only has to trust the access tokens issued by its own AS — not a foreign access token.

We can push all the complexity of user login, token minting, and cross-domain policy evaluation onto the specialized identity components, keeping the resource API free to do the much simpler task of validating its own domain's access tokens and serving data.

If you're designing cross-domain access for an AI agent, an enterprise suite, or any multi-vendor ecosystem, this is the pattern to follow. The IETF draft: https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/

Wed, 27 May 2026 07:57:41 +0000 Fullscreen Open in Tab
Pluralistic: AI and a world without migrants (27 May 2026)


Today's links


A hand-tinted image of elderly people in the lounge of a nursing home. Three killer robots have been inserted into the scene.

AI and a world without migrants (permalink)

I don't care who you are, there will always be times when hell is other people. Not because other people are horrible – quite the opposite! Other people are wonderful, but boy are they ever stubborn.

From boardgames to romance, team sports to movement politics, business ideas to construction projects, there's so much important, enjoyable and essential stuff you can't do alone. But other people insist on having their own priorities and goals, and they mulishly refuse to organize their lives to suit your priorities.

Our species has put a lot of work into resolving this conundrum. Not only did we evolve a whole brain structure – the neocortex – that helps us understand others' perspectives, but we also evolved many social structures (like laws and teams and governments and families and committees and bureaucracies) to help us coordinate with others to do superhuman things (that is, things that exceed the capacity of a single human).

These structures are imperfect, but they're better than the alternative: coercion. Persuading others is not without its pitfalls, but compared to forcing others to bend to your will, "persuasion" is the hands-down favorite.

Not for everyone, though. There has always been a group of people who refused to acknowledge that other people have perfectly valid reasons for wanting to pursue their own goals rather than yours. We call most of those people "toddlers" and devote sizable social effort to helping them outgrow this belief.

But there's another group of people who carry this belief into adulthood. If they're of regular means, we call those people "bullies." However, if they're sufficiently wealthy, we call them "billionaires" (this is the same force that allows money to transmute a "hoarder" into a "collector").

Just lately though, we've come up with a new solution to the problem of hell being other people. Rather than coercing other people into arranging their affairs to suit our needs, we've devoted trillions of dollars to replacing people with pliant chatbots, in the hopes that these chatbots can be made so effective that we can just dispense with other people altogether.

Many everyday people have replaced their romantic partners with chatbots ("AI boyfriends"/"AI girlfriends"), and they've formed active communities to revel in the delights of pursuing love with someone who demands no moral consideration or compromise, glorying in a world of love without lovers:

https://www.cbc.ca/listen/cbc-podcasts/1353-the-naked-emperor/episode/16215328-e1-love-bots

There's a whole community of people who have stopped listening to music created by people in favor of made-to-order slop, exulting in a world of music without musicians:

https://www.theverge.com/ai-artificial-intelligence/937059/nobody-wants-to-tell-me-why-they-only-listen-their-own-suno-slop

These are foundationally solipsistic exercises, fantasy worlds in which you are the only real person and everyone else is a bot, an NPC, a phantom. AI has democratized solipsism, a privilege that was once the exclusive purview of billionaires, whose belief that most other people weren't fully real let them inflict the kind of mass pain on millions that is a prerequisite for amassing a truly vast fortune:

https://pluralistic.net/2025/08/18/seeing-like-a-billionaire/#npcs

No surprise then that billionaires were easy marks for AI hustlers, who promised the possibility of a world without people, where an army of "agents" could do the jobs that presently demand the contributions of unreasonable human beings who refuse to acknowledge that your priorities trump theirs.

Jeff Bezos built the world's most advanced automated warehouses, and the workers in those warehouses are seriously injured at 300% of the national rate, and they are not allowed pee breaks (nevertheless, these workers unreasonably insist on metabolizing fluids and expelling the waste). The automation and the injuries aren't unrelated facts. The inhumane treatment is caused by the automation, because when you commit hundreds of billions to automation capex, you need to work those assets to recoup the investment. In a human/machine collaboration, humans will always be the bottlenecks. To maximize return on automation, you need to drive the human peripherals that serve the machines at the absolute limit of human endurance. Jeff Bezos's machines don't just use humans, they use them up:

https://pluralistic.net/2025/05/27/rancid-vibe-coding/#class-war

Billionaires poured trillions into AI because they are obsessed with the fantasy of a world without people. Mark Zuckerberg would like to replace your on-platform friends with chatbots. Sure, your friends are the reason you're stuck on his platforms, but your friends are stubborn and thus suboptimal. Remember: hell is other people, so while your friends unreasonably refuse to leave Facebook with you and follow you to another platform (this is bad for you, but good for Zuck), they also refuse to organize their social media lives to "maximize your engagement" and thus the number of ads you see (which is bad for Zuck). By replacing your friends with chatbots, Zuck hopes to reinvent social media without the socializing:

https://pluralistic.net/2026/04/17/for-youze/#forever

Billionaires are betting that bosses (and other would-be billionaires) will spend trillions buying AI products, captured by the fantasy of a workplace without workers. They think AI could be the remedy for the ancient, nameless dread that bosses experience every time they contemplate the fact that if they don't show up for work, everything hums along fine; whereas if the workers don't show up, the whole enterprise collapses. Secretly, bosses are haunted by the fear that they're not driving the car, they're strapped into the back seat, amusing themselves with a toy steering-wheel:

https://pluralistic.net/2026/01/05/fisher-price-steering-wheel/#billionaire-solipsism

That's what the Hollywood strikes were about: studio bosses' fantasy of movies without actors and screenplays without screenwriters. Since the invention of the studio system itself, studio bosses have wrestled with the fact that talented people who are beloved by audiences have bargaining leverage, which they use to demand better outputs and higher wages (this is the same conundrum faced by hospital administrators confronting nurses and doctors, college administrators confronting faculty, etc):

https://pluralistic.net/2026/01/20/i-would-prefer-not-to/#i-cant-do-that-boss

This solipsistic drive is what powers investment in AI "persuasion" technologies, making billions for latter-day Cambridge Analyticas who peddle the outlandish tale of having built a mind-control ray. It's a winning sales-pitch because it plays into the fantasy of a world where customers do as they're told, organizing their lives according to your priorities, at the expense of their own wellbeing:

https://pluralistic.net/2025/05/07/rah-rah-rasputin/#credulous-dolts

It's not just captains of industry who are occupied with furious, all-consuming fantasies of a world without people. Dictators, autocrats and technocrats in the political world love AI because it dangles the possibility of a world without bureaucrats and public officials. If the civil service can be replaced with chatbots, then the will of the dictator can be translated directly into policy without any tedious negotiations with experts who understand how things work and have deep moral commitments to the public good:

https://pluralistic.net/2026/05/13/vibe-governance/#k-hole

A world without people is especially attractive to politicians presiding over aging, declining nations whose most ardent voters have been convinced that migrants are a threat to their nation (rather than its salvation).

Objectively speaking, the only way that a rich country with an aging workforce can remain wealthy and powerful is by wooing working-age people from elsewhere to migrate to that country. Even if every tradwife is kept in a state of continuous gestation courtesy of a fertility-obsessed natalist, there's still going to be decades during which your wealthy, aging population will need young, skilled people to do all the essential labor. From picking crops, to staffing hospitals, to building homes, to filing lawsuits, to preparing tax-returns, your quiverfull child army will be too young to take over for years to come.

Trapped in the political impossibility of a country whose productive activities are absolutely reliant on young, strong, resourceful, skilled migrants, and a xenophobic political movement that scapegoats these migrants and revels in the spectacle of ethnic cleansing, politicians see AI as a way out of their double-bind. If migrants can be replaced with AI, then you can satisfy the racist sadism of your most ardent voters without shutting down the country for lack of workers.

In other words: in feeding the fantasy of a world without people, AI serves the fantasy of a world without migrants. Unlike gastarbeiters, bracero fruit-pickers and Saudi quasi-slaves, AI makes no demands, requires no moral consideration, and does not attempt to germinate a culture, a cuisine, or a language in your sacred soil.

This grotesque fantasy has always lurked in the subtext of the automation story. The plot of Disney's Big Hero 6 boils down to: "In future-America/Japan, it will be more politically possible to have robots look after our aging parents than it will be to welcome the millions of skilled health-workers in the Pacific Rim who are eminently qualified to do the job." Big Hero 6 is the solution to the problem of building a nursing home without nurses.

The wealthy have always dreamed of transforming the proletariat into the precariat: desperate workers who do as they're told. But in the automation story of which AI is the latest chapter (and purportedly the climax), the precariat becomes the unnecessariat: workers who are surplus to requirements and can be vaporized or liquidated or warehoused or simply ignored.

In the fantasy world of total automation, the owners of AI can make the world go around without any of us, which means that we will exist solely at their sufferance, and will therefore have to act like the NPCs they half-believe we are already, organizing everything we do around their priorities.

This is the foundation of Sam Altman's obsession with a biometrically controlled universal basic income. Altman can't stop fantasizing about a world in which all the productive work is done by his software, and the state's sole purpose is to supply us – the unnecessariat – with vouchers we can only redeem for services provided by Altman's robot army. It's charter schools for everything, with Altman at the top, all wrapped up in a layer of dystopian retinal scanning:

https://www.wired.com/story/worldcoin-sam-altman-orb/

Billionaires and would-be billionaires are absolute suckers for this solipsistic bullshit, because they genuinely don't think other people are real. They love "effective altruism" because it counsels them to make as much money as possible, without regard to how many people they cheat, hurt, or kill…provided that they pledge to use these ill-gotten gains to improve the lives of 10^53 imaginary artificial people who will come into existence in 10,000 years. After all, the total benefit of even the most infinitesimal welfare gains experienced by 10^53 people vastly exceeds all the pleasures that all eight billion actual, living people are capable of experiencing:

https://www.semafor.com/article/11/21/2023/how-effective-altruism-led-to-a-crisis-at-openai

It all makes perfect sense – provided you don't believe that other people are really, truly real.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#15yrsago California prison overcrowding, in photos https://web.archive.org/web/20110525171353/https://www.motherjones.com/politics/2011/05/california-prison-overcrowding-photos

#15yrsago What Will Come After: the sweet melancholy of the zombie apocalypse https://memex.craphound.com/2011/05/25/what-will-come-after-the-sweet-melancholy-of-the-zombie-apocalypse/

#10yrsago If Donald Trump ever talks to a real journalist, these are the questions he should answer https://www.nationalmemo.com/21-questions-for-donald-trump

#10yrsago Norwegian Consumer Council broadcasts live, marathon reading of app Terms of Service https://web.archive.org/web/20160526145553/https://www.forbrukerradet.no/vilkar-og-personvern-minutt-for-minutt/

#10yrsago Pastejacking: using malicious javascript to insert sneaky text into pasted terminal commands https://github.com/dxa4481/Pastejacking

#10yrsago Why medieval monks filled manuscript margins with murderous rabbits https://web.archive.org/web/20160614000551/https://jonkanekojames.com/2015/05/02/why-are-there-violent-rabbits-in-the-margins-of-medieval-manuscripts/

#10yrsago Students: court orders government agencies to offer educational discount on FOIA requests https://web.archive.org/web/20160525155102/https://www.techdirt.com/articles/20160521/16031934508/appeals-court-tells-government-it-must-extend-educational-institution-foia-fee-price-break-to-students.shtml

#10yrsago The euphemisms news reporters use when a sports figure injures his penis and testicles https://web.archive.org/web/20160525125452/https://fivethirtyeight.com/features/media-groin-draymond-green-steven-adams/

#10yrsago Company says facial features reveal terrorists and pedophiles 80% of the time https://web.archive.org/web/20160525130941/https://www.washingtonpost.com/news/innovations/wp/2016/05/24/terrorist-or-pedophile-this-start-up-says-it-can-out-secrets-by-analyzing-faces/

#5yrsago We promised this vaccine waiver 20 years ago https://pluralistic.net/2021/05/25/the-other-shoe-drops/#quid-pro-quo

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Tue, 26 May 2026 09:45:37 +0000 Fullscreen Open in Tab
Pluralistic: The AI bubble isn't like the internet bubble (26 May 2026)


Today's links


The head and shoulder of a supine bearded man in a chambray shirt. He is tied down with ropes around his shoulders. Four tiny figures with suits and grotesque plutocratic heads are prying his mouth open by yanking at his hair and beard. Once of the men is shoving an evil robot into his mouth.

The AI bubble isn't like the internet bubble (permalink)

One of the surprise breakout software products of the early web was Lotus Notes, a kind of primitive precursor to all-in-one office productivity suites like GDocs, Office365, etc. It was so important that its creator, Ray Ozzie, was promoted to Microsoft's Chief Software Architect, succeeding Bill Gates himself:

https://knowledge.wharton.upenn.edu/podcast/knowledge-at-wharton-podcast/the-man-who-would-change-microsoft-ray-ozzies-vision-for-connected-software/

People who remember Notes tend to deride it for its clunky user interface and demi-functional administrative tools. But what made Notes so central to Microsoft wasn't its polish – it was the fact that Notes represented a brokered peace between IT managers, who wanted mainframe-like control over everything their users could do with business equipment, and the users themselves – workers who kept smuggling internet-based tools into the enterprise network on the very sensible grounds that they had a job to do, and these were the best tools to do it.

The arrival of internet-based tools – especially ones that ran in browsers – represented a major challenge to IT departments, who had been long accustomed to dictating terms to their users. If the IT manager and the compliance department decided that the best way to manage disclosure and leak risks was to block all email attachments for outside users, then that was that: no one could send those attachments.

But after the internet arrived on the corporate desktop, employees who needed to get documents to supply chain partners and customers could treat these IT policies as damage and route around them. Just fire up your Hotmail or Yahoo mail window, or hop on MSN Messenger or ICQ or AIM, or drop the file on an anonymous FTP server and send the link to your counterparty. Job done!

IT managers hated this, and to be fair to them, they weren't (always) wrong. These outside tools came from a variety of untrustworthy sources, including malicious sites that pushed virus-infected versions to their users. Also, by evading firewall rules with these tools, users made it impossible to achieve the compliance goals that IT had been charged with enforcing, and it was IT's asses on the line if the company got in trouble as a result.

Foundationally, IT was being asked to do two irreconcilable things: they were supposed to be enabling workers to get their jobs done, and they were supposed to be stopping those workers from doing things that could harm the business. This can't be done, because the only way to eliminate the possibility that a worker will take an action that harms the business is to gag that worker and lock them in a dungeon. Workers need flexibility and freedom to achieve business goals, and that flexibility and freedom means that those workers might (deliberately or accidentally) thwart the business's goals.

What's more, workers will always run into situations that were not anticipated by policy, and if they are denied any agency or initiative, they will fail to get their jobs done. In work, the exception is the rule, hence the importance of "process knowledge" (all the implicit knowledge shared among workers across the firm and its suppliers and customers, which cannot be captured or recorded):

https://pluralistic.net/2025/09/08/process-knowledge/#dance-monkey-dance

Indeed, there's a form of labor action called a "work to rule," in which workers only do the things dictated by their rulebooks, without taking any of the routine additional measures dictated by process knowledge. Merely by following every rule to the letter, workers can grind a shop to a halt:

https://en.wikipedia.org/wiki/Work-to-rule

Since the dawn of personal computers, workers and IT departments have come into conflict, as workers literally smuggled technology into the business that could do things the IT department had (often arbitrarily and capriciously) prohibited. When Visicalc emerged as the killer app for the Apple ][+, workers snuck these computers into work and used them to sort spreadsheets in ways that IT had declined to permit. They didn't do this to cheat or steal from the company – the whole point was to do a better job.

So it was with the early web: workers discovered a myriad of new capabilities in the free-to-use world of web-based tools and realized how these tools would make them much more effective at their jobs. The fact that IT wouldn't let them do these things was just more evidence that IT – and the managers who set IT's agenda – didn't understand the business as well as workers.

It didn't help that IT managers' first line of defense was the high-tech version of abstinence-only education: "You only think you need your work computers to do this, but really, you don't, so stop trying":

https://www.theguardian.com/technology/2009/jun/16/computer-security-abstinence

Abstinence-only education never works, but where "you only think you need this" failed, Lotus Notes succeeded. Lotus Notes provided a whole suite of tools that largely (if imperfectly) replaced the universe of free tools that workers were using to evade their IT departments' edicts, so they could get their jobs done. At the same time, Lotus Notes provided a set of management tools that let IT fine-tune how these tools worked, giving them (some) of the controls they needed to achieve their compliance goals.

Like all brokered peace settlements, Lotus Notes left both sides feeling like they'd made a compromise they could live with, giving up some of their goals, but keeping the things that really mattered to them.

It's impossible to overstate how important Lotus Notes and similar products were, because workers demanded the right to use the web on their work computers, and they made those demands so forcefully that managers had to completely re-do their IT policies, lest those workers treat them as damage and route around them. Back then, the tech press was full of stories about these conflicts, as workers insisted that the new technology that was sweeping the nation was so foundational and transformative that they had to be allowed to use it.

What we never saw back then were stories about how managers had to monitor workers to ensure that they were using the web as much as possible. No one had to force workers to find ways to integrate the web into their workflows.

In other words, the story of the web at work was the opposite of the story of AI at work. Today, you can't turn around without reading a story about bosses who are threatening to fire workers if they don't increase their AI usage:

https://www.businessinsider.com/boss-track-ai-use-career-2025-8

Virtually every major company now has a program to force workers into using AI:

https://www.cnbc.com/2026/05/05/ai-use-work-employee-monitoring-tech-surveillance.html

It's conceivable that over the past quarter-century, bosses have become technophiles while workers have fallen prey to superstitious technophobia, but it hardly seems likely. Historically, workers have always been enthusiastic about tools that let them do a better job – indeed, it's a truism that labor-led automation produces improvements in quality, while capital-driven automation increases throughput (often at the expense of quality).

Workers aren't the only typical early adopters who find AI lacking. As a group, teenagers and young adults hate AI:

https://www.nytimes.com/2026/04/09/style/gen-z-ai-gallup-study.html

That's not what it was like during the early web days. Back then, young people entering the workforce were passionate devotees of the web, to the point where the business press routinely ran articles asking how today's workplaces were going to adapt to the demands of these webbed-up workers.

https://www.nber.org/digest/apr03/internet-changes-labor-market

AI boosters insist that the deficits we see in AI – its lack of profitability, its primitive and error-riddled outputs – are no different from the shakedown problems of the early web (and we know how the web turned out!). But this is a profoundly flawed comparison: the early web and AI are very different from one another.

For one thing, the early web may have lost money, but it had great unit economics. Every new web user brought the web closer to profitability, as did every new use of the web, and every new generation of web technology. By contrast, AI has – in the memorable phrasing of Ed Zitron – "dogshit unit economics." Every new AI user makes AI less profitable, as does every new use for AI, and each generation of AI loses more money than the last. AI is the money-losingest endeavor in human history:

https://pluralistic.net/2025/09/27/econopocalypse/#subprime-intelligence

In other words, the early web was a technology that grew more profitable every day, which workers and young people had to force on their bosses – and AI is a technology that grows less profitable every day, and bosses have to force it on workers and young people.

Now, it's true that some workers don't have to be forced to use AI. Workers who enjoy a high degree of autonomy (that is to say, workers who are positioned to ignore workplace coercion) can adopt AI in ways that they feel suited to, just as those early web users and Visicalc smugglers did. They can fulfill the maxim that labor-driven automation improves quality, while resisting capital's insistence that automation be used to increase throughput at quality's expense.

They can act as centaurs (workers assisted by technology), not as reverse-centaurs (workers who are recruited to serve as peripherals for machines). As with all technology questions, what the technology does is nowhere near as important as who the tech does it for and who the tech does it to:

https://pluralistic.net/2025/09/11/vulgar-thatcherism/#there-is-an-alternative

And there's another group of workers who adopt AI voluntarily: workers who see that AI can do a lot of work that they view as dull and unimportant for them. These workers might be right – there are plenty of bullshit jobs out there:

https://memex.craphound.com/2018/06/20/david-graebers-bullshit-jobs-why-does-the-economy-sustain-jobs-that-no-one-values/

But it's also possible that they're wrong, and they're substituting AI for something that really should be done by a person.

But on the plus side, at least no one has to force them to adopt AI.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Website graveyard https://web.archive.org/web/20010516224100/http://www.disobey.com/ghostsites/

#20yrsago Canadian students ask govt to save them from copyright https://web.archive.org/web/20060629014007/https://action.web.ca/home/cfs/en_alerts.shtml?x=88910&AA_EX_Session=d56bebd39174d9839ec3ee5fa6fe93a4

#20yrsago Lifespan of best-sellers falls 6/7ths in 40 years https://web.archive.org/web/20060601231943/https://www.lulu.com/static/pr/05_19_06.php

#15yrsago Sarkozy’s false-flag E-G8 attracts withering scorn https://web.archive.org/web/20121109010803/https://arstechnica.com/tech-policy/2011/05/france-attempts-to-civilize-the-internet-internet-fights-back/

#15yrsago Tool reveals ISP traffic-shaping https://web.archive.org/web/20120514151210/https://arstechnica.com/tech-policy/2011/05/new-shaperprobe-tool-detects-isp-traffic-shaping/

#15yrsago Falun Gong sues Cisco over complicity in China’s “Golden Shield” – allege torture, murder https://web.archive.org/web/20110524065718/http://news.cnet.com/8301-1023_3-20065219-93.html

#15yrsago Scenes from Los Angeles’s teacher-librarian witch-hunt https://mizzmurphy.blogspot.com/2011/05/message-received.html

#15yrsago Denmark bans Marmite https://www.theguardian.com/theguardian/2011/may/24/uk-should-ban-sandi-toksvig

#10yrsago As mobile carriers ramp up bribery program, Internet coalition says no to “zero rating” https://web.archive.org/web/20160524233609/https://motherboard.vice.com/read/medium-mozilla-and-kickstarter-signed-a-letter-against-zero-rating

#10yrsago Philippines’ new “dictator” will give a hero’s burial to Ferdinand Marcos https://web.archive.org/web/20160526135257/http://www.msn.com/en-ph/news/world/philippine-dictator-marcos-to-get-heros-burial-duterte/ar-BBtnPJH

#10yrsago Judge handcuffs public defender for speaking out in court https://web.archive.org/web/20160525151444/http://www.reviewjournal.com/news/las-vegas/las-vegas-judge-handcuffs-public-defender-courtroom

#10yrsago Sanders donors flock to Tim Canova’s campaign against DNC Chair Debbie Wasserman Schultz https://edition.cnn.com/2016/05/23/politics/debbie-wasserman-schultz-primary-opponent-fundraising/index.html

#10yrsago Algorithmic risk-assessment: hiding racism behind “empirical” black boxes https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing

#10yrsago Plagiarism detection app vs Russia’s elites: 1-2 fake PhDs discovered every day https://www.slate.com/articles/news_and_politics/cover_story/2016/05/the_thriving_russian_black_market_in_dissertations_and_the_crusaders_fighting.html

#10yrsago Technology’s “culture of compliance” must be beaten back in the name of justice https://bb9.berlinbiennale.de/all-problems-can-be-illuminated-not-all-problems-can-be-solved/

#10yrsago Grass in the park at the center of San Francisco gentrification debate is now for rent https://sfist.com/2016/05/23/rec_parks_pilot_program_allows_you/

#10yrsago Lawsuit: Texas’s largest jail is full of people who are locked up for being poor https://web.archive.org/web/20160524134738/https://thinkprogress.org/economy/2016/05/23/3781076/texas-bail-lawsuit/

#10yrsago After the precariat, the unnecessariat: the humans who are superfluous to corporations https://morecrows.wordpress.com/2016/05/10/unnecessariat/

#5yrsago Watomatic, for lower Whatsapp switching costs https://pluralistic.net/2021/05/24/how-about-nah/#comcom

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-25T22:23:13+00:00 Fullscreen Open in Tab
Note published on May 25, 2026 at 10:23 PM UTC
Mon, 25 May 2026 08:21:45 +0000 Fullscreen Open in Tab
Pluralistic: No honor among (ad-tech) thieves (25 May 2026)


Today's links

  • No honor among (ad-tech) thieves: Including "and" and "the."
  • Hey look at this: Delights to delectate.
  • Object permanence: Budweiser nunchuks; GOP vote-suppressor voted illegally; Airbnb enshittifies; Oculus enshittifies; Nintendo copyfrauds its fans; Meritocracy to eugenics pipeline; Ultima Online crisis management; SNES cartridge urinal; JJ Abrams x Axanar, "Sex Criminals"; Beating school filters for fun; Orphan works; Japanese ATM heist; How the Sacklers rigged the game.
  • Upcoming appearances: London, Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


A painting of three lemons on a white background. Each has been altered to add a horrific eye staring out of it. From behind two of the lemons loom carny barkers, gesticulating wildly and waving canes.

No honor among (ad-tech) thieves (permalink)

It shouldn't come as a surprise to learn that a company that uses dishonest tactics to spy on you for profit will also use dishonest tactics to sell the resulting surveillance data.

The only reason this wouldn't be obvious is if you've fallen into the trap of thinking "if you're not paying for the product, you're the product." Companies that cheat when the opportunity arises will cheat everyone: customers, users, regulators, suppliers and employees. You're the product if the company can get away with making you the product:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

The digital surveillance swindle is a con from top to bottom: it's not just that they spy on you, it's also that they lie to you about how and why and where they spy on you and what happens to the data they swindle out of you. They're not just cheats, in other words – they're also liars.

Of course they're liars! If their terms of service were honest, they'd say something like, "By being desperate enough to use this product, you 'agree' that we're allowed to come over to your house and punch your grandmother, wear your underwear, make long-distance calls and eat all the food in your fridge."

So they lie like crazy. But they don't just lie to us: they lie to the people they sell our surveillance data to as well. Of course they do! Those people are the ones giving them the money! By tricking the people paying for the product, these surveillance swindlers can get them to pay more!

This is the basis of Tim Hwang's essential 2020 book Subprime Attention Crisis:

https://pluralistic.net/2020/10/05/florida-man/#wannamakers-ghost

Core to Hwang's thesis is that these ads aren't just dangerous, they're also ineffective. The danger of these ads is the erosion of privacy and the mobilization of private data for state repression and fraud, but not particularly for persuasion. The idea that ad-tech companies have realized the ancient dream of building a mind-control ray via the novel technique of "hacking your dopamine loop" is a story that the ad-tech swindlers cooked up to help them sell ads:

https://pluralistic.net/2021/09/30/dont-believe-the-criti-hype/#ordinary-mediocrities

Critics who repeat these outlandish claims are helping these companies sell ads to credulous advertisers, who are getting robbed to the tune of hundreds of billions of dollars. This is the process that Lee Vinsel calls "criti-hype," which is when you "take the sensational claims of boosters and entrepreneurs, flip them, and start talking about 'risks'":

https://peoples-things.ghost.io/youre-doing-it-wrong-notes-on-criticism-and-technology-hype/

Criti-hype is satisfying because the hype itself is so fantastically overblown. These companies claim they're going to save/destroy/conquer the world, transform the very nature of humanity, etc, and so critics who repeat those claims (brackets derogatory) can style themselves as defenders of the world and humanity itself.

This is also a very profitable style of criticism: there's a huge commercial market for people who claim to be defending the world from conquest by evil dopamine-hacking sorcerers and/or superintelligent paperclip-maximizers that can chatbot you into killing yourself and/or voting for Trump (brackets derogatory).

The opposite of criti-hype is materialistic criticism, grounded in independently verifiable claims about how these scams work. To be a good tech critic, you need to start by assuming that a company that lies to its users about what it's doing is perfectly capable of lying to its customers and investors about what it's doing (that is, "even if you're paying for the product, you're still the product").

That's demonstrably, verifiably true of the commercial surveillance industry. Commercial spies lie to their customers like crazy, and always have. Think of the department store magnate John Wannamaker's famous quip that "half my advertising dollars are wasted, I just don't know which half." Man, did someone ever do a sell-job on old Wannamaker: imagine believing that only half of your advertising dollars are wasted. Today, thanks to creepy ad-tech analytics, we know that the true figure is around 99%.

Hwang's book documents lots more ad-tech fraud that's every bit as audacious as the Wannamaker-era con-jobs. For example, there's the fact that when Procter and Gamble zeroed out its $200m/year surveillance advertising program, they saw a zero percent drop in sales because (to a first approximation) all $200m of that annual spend was disappearing down the fraud-hole.

There's been plenty more examples since, rivaling previous eras for audacity and outlandishness. In 2023, Mozilla Labs investigated the ways that modern cars spy on their drivers and concluded that, when it came to privacy, cars were "the worst product category" they had ever evaluated, and recommended that you not buy any of the cars currently offered for sale:

https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

Mozilla's report investigated two things: which data your car was collecting and selling about you (lots) and what data your car company claimed it had collected about you and was offering for sale (way, way more).

For example, Nissan and Kia claimed that they had data about your sex life, a thing that cannot be reasonably inferred from the sensors in your car (unless you have a highly specific sex life). Six car companies claimed they had your genetic data (again, not a thing that any of the sensors in your car can know about).

What's more, all of these scams have only gotten worse in the intervening three years:

https://cleantechnica.com/2026/05/22/mozilla-foundation-condemns-data-collection-by-cars/

These companies are spying on you, and lying to you about how much they respect your privacy, and lying to their commercial customers about all the fiendish ways they've cooked up for invading your privacy.

Everyone in the ad-tech sector is lying to everyone else in the ad-tech sector, in other words. It's your basic hive of scum and villainy. Back in 2023, Cox Media – part of the sprawling media conglomerate that includes Cox Cable – told advertisers that they had a new product called "Active Listening" that recorded and transcribed all the conversations you have around your smart speakers, smart TVs, smart watches and phones:

https://www.404media.co/heres-the-pitch-deck-for-active-listening-ad-targeting/

It was a lie. There are plenty of ways that these devices spy on you, of course. Your smart TV is a cesspool of surveillance and data-exfiltration, but that data doesn't include your conversations:

https://pluralistic.net/2022/12/03/painful-burning-dribble/#law-of-intended-consequences

Same for your smart speaker, which not only gathers tons of information about you for sale and targeting, but also leaks your voice data all the time, whenever you utter any of its "trigger words," which include over 1,000 phrases that sound like its trigger words:

https://pluralistic.net/2020/07/02/big-river/#triggered

Cox, in other words, was running the same equal-opportunity scam that your auto-maker runs: deceiving you about how little data they were stealing from you, and deceiving their customers about how much data they were gathering on you.

That said, there was something remarkable and unique about Cox's fraud: because they were ripping off other (better-connected) fraudsters, their lies triggered an investigation by Donald Trump's FTC, who never met a scammer they wouldn't defend (from another scammer):

https://arstechnica.com/tech-policy/2026/05/marketer-that-claimed-it-could-tap-devices-for-ad-targeting-will-pay-880k-settlement/

Still, there are limits to this "honor among thieves" business. The settlement Trump's FTC extracted from Cox for lying to other liars is less than $1m – basically, change that Cox can find down the back of its sofa:

https://arstechnica.com/tech-policy/2026/05/marketer-that-claimed-it-could-tap-devices-for-ad-targeting-will-pay-880k-settlement/

Still, the Cox settlement is a great criti-hype object lesson, a reminder that these creepy, lying companies lie to everyone, including their customers, which means that even if you're paying for the product, you're still the product.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Best email disclaimer award https://web.archive.org/web/20010526174903/http://www.theregister.co.uk/content/35/19057.html

#25yrsago Kaycee hoax FAQ https://web.archive.org/web/20010629212706/https://rootnode.org/article.php?sid=26

#25yrsago Crisis management in Ultima Online https://web.archive.org/web/20010605015828/http://www.newyorker.com/FACT/

#25yrsago E3 is all softcore porn now https://web.archive.org/web/20010702122044/https://www.salon.com/tech/feature/2001/05/22/e3_2001/print.html

#25yrsago Canadian payphone infinite long distance glitch https://web.archive.org/web/20010608183145/https://www.wired.com/news/culture/0,1284,43967,00.html

#20yrsago Kids make a sport out of outsmarting school web-filters https://web.archive.org/web/20060821224237/http://news.com.com/Kids+outsmart+Web+filters/2009-1041-6062548.html

#20yrsago Orphan works legislation https://web.archive.org/web/20060531135239/http://www.copybites.com/2006/05/chairman_lamar_.html

#20yrsago U. Florida cops ask fiction writer for fingerprints, DNA https://memex.craphound.com/2006/05/22/u-florida-cops-ask-fiction-writer-for-fingerprints-dna/

#20yrsago HDMI, the Manchurian DRM – a Broadcast Flag dormant until 2010 https://web.archive.org/web/20060523193853/https://arstechnica.com/news.ars/post/20060521-6880.html

#15yrsago The Filter Bubble: how personalization changes society https://memex.craphound.com/2011/05/22/the-filter-bubble-how-personalization-changes-society/

#15yrsago Last decade’s English libel legal sharks poised to make a new fortune on stupid privacy lawsuits and superinjuctions https://memex.craphound.com/2011/05/22/last-decades-english-libel-legal-sharks-poised-to-make-a-new-fortune-on-stupid-privacy-lawsuits-and-superinjuctions/

#15yrsago RIAA boss takes home $3 mil+ https://lefsetz.com/wordpress/2011/05/21/another-member-of-the-overpaid/

#15yrsago Vindictive game company invites employees to pan reviewer’s novel after bad review https://maroonersrock.com/2011/05/conduit-2-developer-calls-for-internal-retaliation-against-author-of-negative-joystiq-review/

#15yrsago France lobbies G8 for Internet control and censorship https://www.laquadrature.net/en/2011/05/20/frances-g8-focuses-on-control-and-restrictions-to-online-freedoms/

#15yrsago Budweiser nunchuks: American Ninja https://web.archive.org/web/20110701153712/http://www.todayandtomorrow.net/2011/05/19/american-ninja/

#15yrsago GOP legislative aide works on punitive voter ID bill, boasts of illegally voting in another district https://web.archive.org/web/20110522014606/http://host.madison.com/wsj/news/local/govt-and-politics/elections/article_ede5d49e-8272-11e0-a6e0-001cc4c03286.html

#15yrsago Raising a kid without disclosing their sex https://web.archive.org/web/20110523180952/http://www.parentcentral.ca/parent/babiespregnancy/babies/article/995112–parents-keep-child-s-gender-secret

#15yrsago Byron Sonne: Canadian security geek jailed for taunting G20 security theatre https://web.archive.org/web/20110518195236/http://www.torontolife.com/daily/informer/from-print-edition-informer/2011/05/03/how-byron-sonne’s-obsessions-with-the-g20-security-apparatus-cost-him-everything/

#15yrsago HOWTO make a SNES cartridge urinal https://blog.pricecharting.com/2011/05/how-to-build-video-game-urinal.html

#15yrsago German police raid German Pirate Party’s servers two days before election https://web.archive.org/web/20120516010632/https://arstechnica.com/tech-policy/2011/05/german-police-seize-pirate-party-servers-looking-at-anons-toolkit/

#10yrsago JJ Abrams urges Paramount to drop its lawsuit over fan Star Trek movie https://web.archive.org/web/20160522121940/https://deadline.com/2016/05/star-trek-axanar-lawsuit-ending-jj-abrams-paramount-1201760721/

#10yrsago Pat Buchanan on the Republican Party’s historical opposition to free trade deals https://web.archive.org/web/20160521162845/http://www.theamericanconservative.com/buchanan/free-trade-vs-the-republican-party/

#10yrsago United offered men-only “executive” flights until 1970 https://viewfromthewing.com/united-airlines-men-only-executive-service/

#10yrsago Elderly man kills wife because they couldn’t afford her medicine https://www.nytimes.com/2016/05/20/us/florida-man-says-he-killed-sick-wife-because-he-couldnt-afford-her-medicine-sheriffs-say.html?_r=0

#10yrsago Sex Criminals: Robin Hood bank robbers who can stop time when they orgasm https://memex.craphound.com/2016/05/21/sex-criminals-robin-hood-bank-robbers-who-can-stop-time-when-they-orgasm/

#10yrsago Airbnb stealth-updates terms of service, says it’s not an insurer and requires binding arbitration https://memex.craphound.com/2016/05/20/airbnb-stealth-updates-terms-of-service-says-its-not-an-insurer-and-requires-binding-arbitration/

#10yrsago Oculus breaks promise, uses DRM to kill app that let you switch VR systems https://web.archive.org/web/20160520161939/https://motherboard.vice.com/read/new-oculus-drm-cross-platform

#10yrsago Nintendo claims ownership over fans’ Minecraft/Mario mashups https://web.archive.org/web/20160521193334/http://arstechnica.com/gaming/2016/05/nintendo-issues-copyright-claims-on-mario-themed-minecraft-videos/

#10yrsago Paypal refuses to deliver online purchases to UK addresses containing “Isis” https://b2fxxx.blogspot.com/2016/05/the-tyranny-of-algorithm-yet-again.html

#10yrsago 30 students debate mass surveillance on Capitol Hill https://web.archive.org/web/20160521000031/https://theintercept.com/2016/05/20/high-school-debaters-bring-surveillance-encryption-arguments-to-capitol-hill/

#10yrsago What the NSA’s assault on whistleblowers taught Snowden https://www.theguardian.com/us-news/2016/may/22/how-pentagon-punished-nsa-whistleblowers

#10yrsago Massive, coordinated ATM heist in Japan nets $12.7 million (¥‎1.4 billion) https://web.archive.org/web/20160523102154/http://mainichi.jp/english/articles/20160522/p2g/00m/0dm/044000c

#5yrsago How the Sacklers rigged the game https://pluralistic.net/2021/05/23/a-bankrupt-process/#sacklers

#5yrsago Consent theater https://pluralistic.net/2021/05/20/consent-theater/

#5yrsago Debunking the arguments for vaccine apartheid https://pluralistic.net/2021/05/21/wait-your-turn/#vaccine-apartheid

#5yrsago How the filibuster dies https://pluralistic.net/2021/05/22/not-with-a-bang/#theory-of-change

#1yrago Strange Bedfellows and Long Knives https://pluralistic.net/2025/05/21/et-tu-sloppy-steve/#fractured-fairytales

#1yrago The meritocracy to eugenics pipeline https://pluralistic.net/2025/05/20/big-cornflakes-energy/#caliper-pilled

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Thu, 21 May 2026 15:03:37 +0000 Fullscreen Open in Tab
Pluralistic: Shopping isn't politics (21 May 2026)


Today's links

  • Shopping isn't politics: The personal isn't political.
  • Hey look at this: Delights to delectate.
  • Object permanence: Neither arphid nor RFID; Gor novel sex slave cult; Violent economist sex criminals; Vade et caca in pilleum et ipse traheatur super aures tuo; "We Stand on Guard"; Healthy FLOSS; Lawsuits 2.0; CDC v zombie apocalypse; Gandhi's speeches; Apple v games about Palestine; Second Life chuds v Bernie; UK was never a "white" country; Dead, broke; Who Broke the Internet? (III)
  • Upcoming appearances: Hay-on-Wye, London, Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


A grocery store egg refrigerator, lined with stacks of egg cartons. The middle stack has been replaced with the capitol dome.

Shopping isn't politics (permalink)

I've written before about the futility of "voting with your wallet." Billionaires love it when you try to vote with your wallet, because while billionaires only represent 0.00004% of the population, their wallets are 100,000 times larger than average, which means that when we vote with wallets, a billionaire's vote counts 100,000 times more than yours:

https://pluralistic.net/2025/09/13/consumption-choices/

The idea of voting with your wallet is fundamentally antiprogressive, and not only because wallet-voting favors the wealthy. The ideological basis for voting with your wallet is the belief that politics are slow and unresponsive, while markets dynamically optimize for human wellbeing. By voting with your wallet, you are supposedly injecting information about your preferences and dispreferences into a vast, distributed computer we call "the market," which uses "demand signals" to decide how we live our lives.

This belief is incompatible with the idea of politics – that is, the idea that our lives can be shaped by representative democracy, deliberation, and/or solidarity. It's a nihilistic view that insists that the only nice things we can have are the things that "the market" chooses for us. If "the market" doesn't decide to swap out fossil fuels for cleantech, then that's that – any attempt to draw down our carbon emissions through regulation will only "distort the market." If you're roasting in a drought, drowning in a flood, or being incinerated by a wildfire, your only move is to go shopping and hope that by buying a Tesla, you will emit a "demand signal" that "tips the market equilibrium" to "not killing you and everyone you love."

Shopping isn't politics. Politics are politics, and shopping is shopping.

This isn't to say shopping can't improve your life! I am a materialist, and having nice things is nice. If there's a lovely independent coffee shop in your neighborhood where the baristas are treated well and the coffee is delicious and the vibes are impeccable, then by all means, get your coffee there. If you love the staff and selections at your neighborhood indie bookstore, then you should buy your books there. If you love the discourse on Mastodon or Bluesky and find yourself feeling sick and angry when you use Twitter or Facebook, then ditch the legacy social media and take up residence in the Fediverse and/or Atmosphere.

But don't kid yourself that this is politics. No matter how indie your coffee, books and social media, your consumption choices will not have a material impact on Starbucks, Amazon or Twitter. Going vegan won't make the meat industry treat animals better. Taking the bus won't induce improvements to your town's public transit network.

Having nice things is nice, and the more nice things you have – good food, good health, good books, good coffee, good social media and good transit – the more space and energy you'll have to devote to politics.

But what about boycotts? Surely the Montgomery bus boycott, the anti-Apartheid boycott, the California grape boycott and the BDS movement were politics, right?

They sure were. But they weren't shopping. The Montgomery bus boycott lasted 382 days, during which time organizers worked with bus riders, cab drivers, the UAW and community groups to provide material and legal support and alternatives like car pools, all while communicating about their specific demands. After 382 days, the courts ruled in their favor, their demands were met, and Montgomery's buses desegregated:

https://en.wikipedia.org/wiki/Montgomery_bus_boycott

That wasn't "shopping." The bus boycott didn't consist of a bunch of individual choices to walk to work, repeatedly made by a city full of Black people and their allies. The shopping part was the least important part of the whole matter, and the meaningful part of the shopping was never individual. If the boycott was nothing more than shopping, it would have broken as soon as individual people found themselves unable to convince their bosses to tolerate their late, sweaty arrival at work, day after day. The boycott worked because it was politics.

And because the boycott was politics, it left behind a movement: the boycott brought people into solidarity with each other, and when they comprehensively defeated their political adversary – National City Lines – they went on to form the backbone of the civil rights movement, going from strength to strength.

Of course, shopping is part of a boycott. It's the individual part that each participant in the boycott undertakes. But without the collective, organized part, shopping is no way to effect change.

Is voting politics? Well, sure, but voting is to politics as shopping is to boycotts. For several decades now, most voters have been asked to chose the lesser of two evils (and now they're asked to choose the significantly lesser of two evils). Voting can change things, when there's something good to vote for, or something very bad to vote against, and when lots of people show up at the polls.

But to make voting effective, you have to do politics. You have to get involved in the primary races that select the candidate. You have to go to candidates' meetings and ask tough questions. You have to ring doorbells for your chosen candidate, volunteer to take your neighbors to the polls and volunteer to defend the polls from chuds and ICE fascists. The part of voting that takes place in the booth is the least important part of politics.

It's obvious why we might prefer to substitute voting or shopping for politics: they're activities you do alone. You don't have to find anyone else to do them with you. You don't have to convince anyone else to do them with you. You don't have to argue about them or justify them. They are zipless fucks, a source of satisfaction without connection, compromise or complication.

Of course, that's also why voting and shopping make a poor substitute for politics. All the retail therapy in the world can't lift your spirits the way that solidarity and community will. Doing politics creates solidaristic ties with the people around you, who might help you if you lose your job and can't buy groceries, or break your leg and can't get to the grocery store, or if ICE fascists try to kidnap you while you're out shopping.

Solidarity gets you through times of no money way better than money gets you through times of no solidarity – just ask the psycho billionaires who wanted Doug Rushkoff to invent a system of bomb-collars that would keep their post-apocalyptic mercenaries from whacking them and stealing their bunkers:

https://pluralistic.net/2022/09/13/collapse-porn/#collapse-porn

Last weekend, I walked through a crowd of tens of thousands of coked-up fascists in central London on my way to meet up with 250,000 comrades marching for an end to genocide in Palestine and a new British social compact based on mutual aid, pluralism, and care. Walking through those flag-draped chuds was incredibly demoralizing:

https://www.newstatesman.com/politics/2026/05/cokeheads-and-christians-a-day-at-tommy-robinsons-rally

But when I got off the tube at South Kensington and found there were so many of us we were backed up all the way from the every street entrance to the bottom of the escalators, my morale surged. Hours later, when we all reached Pall Mall together, I was ready to take on the world. That's what politics does for you: it makes you feel like you belong to a polity and that together, you can really change the world.

Politics runs on solidarity, but shopping destroys it. Individual consumption choices don't change the world, but if you've been convinced that the only way to change the world is by voting with your wallet then when the world stays terrible, you can only conclude that your friends and neighbors have ruined by things by voting (shopping) wrong.

In politics, we build bonds of mutual regard and understanding that we use to navigate our differences. But when you vote with your wallet, all that's left is the endless policing of your allies' consumption choices, endless scolding for their failure to leave Twitter, or give up meat, or eschew chatbots. Shopping for change ends up replacing politics with petty snooping and endless sniping and attempts to bully or shame people into consuming different things.

If "the personal is political," then every political disappointment in your life is down to your friends' personal defects. If you let yourself get tricked into organizing your life around "living your politics" – that is, giving up on nice things in the hope that this will make politics change, and then getting mad at people who consume different things from you – then you will end up sucked into the stupidest fights imaginable with the people you need to get along with in order to do politics.

Once again, this isn't to say that you shouldn't choose to have nice things. Buy stuff you like, shop at places you like. And when circumstances allow all of us to start making consumption choices in unison – as when Comrades Trump and Putin stage an orgy of demand-destruction for fossil fuels, catapulting the world into the Gretacene – then by all means, take the win. That is one of the rare instances in which we can do political change with consumption!

https://pluralistic.net/2026/05/04/hope-in-the-dark/#hormuzed-into-the-gretacene

And there definitely are times where a single individual can intervene in the system in a powerful way that really fucks up the worst actors in our society:

https://www.theverge.com/tech/931532/bambu-agpl-pawel-jarczak-open-source-threat-dmca-github

These usually involve using technology to "move fast and break things," which is fine, actually! It's fine to move fast and break things belonging to Elon Musk, Mark Zuckerberg or some other monster. Indeed, it's practically a moral imperative:

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

But even in those highly leveraged, highly individualized opportunities to make a dent in the universe, you'll make a bigger dent, and have more fun, if you do it as politics, with a big group of people, in bonds of solidarity.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Software-based antennas https://web.archive.org/web/20010518225333/http://www.etenna.com/

#25yrsago Aimster loses trademark to AOL https://web.archive.org/web/20010523001415/http://msnbc.com/news/575492.asp?cp1=1

#25yrsago House to ban online anonymity https://web.archive.org/web/20010526220254/https://www.wired.com/news/politics/0,1283,43938,00.html

#20yrsago Lawsuits of Web 2.0 https://web.archive.org/web/20060528001734/http://www.fuckedsuit.com/

#20yrsago Is one month’s piracy worth more than France’s GDP? https://decordove.com/one-month-of-torrents-is-worth-more-than-the-gdp-of-france-riaa-rant.php

#20yrsago Audio from Bruce Sterling’s “Neither Arphid nor RFID” rant https://web.archive.org/web/20060614140414/https://dev1.manme.org.uk/~luke/Sterling_SPACE_160506.mp3

#20yrsago Cops raid “sex slave cult” based on science fiction novels http://news.bbc.co.uk/1/hi/uk/4996410.stm

#15yrsago Legal rebuttal: “vade et caca in pilleum et ipse traheatur super aures tuo” https://newyorkpersonalinjuryattorneyblog.com/2011/05/joseph-rakofsky-i-have-an-answer-for-you.html

#15yrsago List of economists involved in violent sex crimes, for Ben Stein https://blog.xkcd.com/2011/05/18/answering-ben-steins-question/

#15yrsago MAFIAA wants warrantless searches of CD and DVD factories https://web.archive.org/web/20110520232527/https://www.wired.com/threatlevel/2011/05/riaa-warrantless-seizures/

#15yrsago CDC explains how to prepare for a zombie apocalypse https://web.archive.org/web/20110519201602/http://emergency.cdc.gov/socialmedia/zombies_blog.asp

#10yrsago 129 of Gandhi’s speeches on India and self-rule https://archive.org/details/HindSwaraj?and[]=subject%3A"Post+Prayer+Speech"

#10yrsago A backer message as Earth leaves beta and goes 1.0 https://web.archive.org/web/20160521054706/http://www.nature.com/nature/journal/v533/n7603/full/533432a.html

#10yrsago EFF files Chelsea Manning appeal on hacking conviction https://www.eff.org/press/releases/eff-asks-court-reverse-chelsea-mannings-conviction-violating-federal-anti-hacking-law

#10yrsago Apple rejects game about Palestine because political messages disqualify games from consideration https://web.archive.org/web/20160520111154/https://arstechnica.com/gaming/2016/05/apple-says-game-about-palestinian-child-isnt-a-game/

#10yrsago Nerdcore rapper Sammus’s amazing OSCON keynote https://www.youtube.com/watch?v=ELczJ07XPnw

#10yrsago Everything is a Remix on “The Force Awakens” https://www.youtube.com/watch?v=PKvsc6a03Es

#10yrsago Angry dudes are downranking woman-oriented TV shows on review sites https://web.archive.org/web/20160519014153/https://fivethirtyeight.com/features/men-are-sabotaging-the-online-reviews-of-tv-shows-aimed-at-women/

#10yrsago Second Life’s Trump army lays siege to Bernie Sanders’s virtual HQ with swastika cannons https://web.archive.org/web/20160428093534/https://motherboard.vice.com/read/second-life-donald-trump-bernie-sanders

#10yrsago Xenophobic UK politician ranting about “political correctness” gets a public spanking from an historian https://web.archive.org/web/20160520224731/http://indy100.independent.co.uk/article/ukip-councillor-attempts-to-blast-bbc-for-historical-inaccuracy-gets-destroyed-by-actual-historian–ZyZAasU2fb

#10yrsago A look at digital habits of 13 year olds shows desire for privacy, face-to-face time https://blogs.lse.ac.uk/parenting4digitalfuture/2016/04/18/the-class-living-and-learning-in-the-digital-age/

#10yrsago Big Vitamin bankrolls naturopaths’ attempts to go legit and get public money https://web.archive.org/web/20160520123659/https://www.statnews.com/2016/05/17/naturopaths-go-mainstream/

#10yrsago We Stand on Guard: in 100 years, America seizes Canada for its water https://memex.craphound.com/2016/05/18/we-stand-on-guard-in-100-years-america-seizes-canada-for-its-water/

#5yrsago Apple's complicity in Chinese state oppressionhttps://pluralistic.net/2021/05/18/unhealthy-balance-sheet/#think-manorialism

#5yrsago Community Health Services sued its way through the pandemic https://pluralistic.net/2021/05/18/unhealthy-balance-sheet/#health-usury

#5yrsago What Would Open Source Look Like If It Were Healthy https://pluralistic.net/2021/05/18/unhealthy-balance-sheet/#user-personas

#5yrsago Dead, broke https://pluralistic.net/2021/05/19/zombie-debt/#damnation

#1yrago Who Broke the Internet? Part III https://pluralistic.net/2025/05/19/khan-thought/#they-were-warned

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-19T13:52:27+00:00 Fullscreen Open in Tab
Note published on May 19, 2026 at 1:52 PM UTC
Tue, 19 May 2026 07:17:09 +0000 Fullscreen Open in Tab
Pluralistic: There's no such thing as "age verification" (19 May 2026)


Today's links

  • There's no such thing as "age verification": The foreseeable and foreseen consequences of "something must be done"/"there, I've done something."
  • Hey look at this: Delights to delectate.
  • Object permanence: Apple Stores exist; Responsible spam; Australia loves Hollywood('s copyright); TCP over Syrian donkey; Icelandic Pirate get funded; Algorithmic cruelty; Trump loves data brokers; Douglas Adams, vindicated; Blog history; Sex names; Flickr's Gamma; "Fuzzy Nation"; The Intercept publishes Snowden docs; Software version of CIA sabotage manual; Who owns covid vaccines? Anal clenching v depression; Web is 10; Danish birds x ringtones; Office-supply X-wing; Nintendo 3DS license sucks is unbelievably bad; Public Interest Internet.
  • Upcoming appearances: Berlin, Hay-on-Wye, London, Kansas City, LA, Menlo Park, Toronto, NYC, Edinburgh.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


An 18th century wax anatomical model depicting a woman's torso, the skin removed to reveal the organs. Perched on the torso is an enormous fly, its face in her stomach.

There's no such thing as "age verification" (permalink)

"Object permanence" is the ability to understand that even if you can't see something, it still exists. Most toddlers acquire a thorough sense of object permanence by the age of two. But when it comes to technopolitics, object permanence eludes even full-grown lawmakers. These motherfuckers would lose a game of peek-a-boo.

Over and over again, politicians are warned about the ways that their pet policies will a) produce enormous collateral damage, and; b) be easily evaded by the people they're seeking to control, giving rise to a cascade of ever-more extreme measures. And yet, they swallow a spider to catch a fly and then act baffled and hurt when we tell them it's their own damn fault that they now have to swallow a bird to catch the spider:

https://pluralistic.net/2025/01/13/wanting-it-badly/#is-not-enough

The foreseeable and foreseen consequences of bad technopolicy are all around us, but in the eternal now of a politics utterly devoid of object permanence, no one is allowed to remember what happened the last time we did something stupid, especially not when we're on the verge of doing that same stupid thing again, only worse:

https://pluralistic.net/2024/10/07/foreseeable-outcomes/#calea

Technopolitics are defined by Bruce Schneier's "security syllogism," which goes, "Something must be done! There, I've done something." "Something" doesn't have to fix the problem, and "something" doesn't have to anticipate what will happen next. So long as "something" is done, the issue is resolved and the politician can chalk up a win.

This gives rise to some genuinely bizarre consensus hallucinations, in which we pretend that the reality decreed by policy matches up with actual reality. Take "streaming." There is no such thing as "streaming." A "stream" is just "a download that is transmitted to an application that doesn't have a 'Save As…' button":

https://pluralistic.net/2025/09/01/fulu/#i-am-altering-the-deal

Once you decree that there is such a thing as a stream, you must bend heaven and earth to ensure that no "Save As…" buttons are added to the "streaming" program. You have to pass laws that make it illegal to inspect code. To modify code. To report on defects in code. To index information about defects in code. To index information about mods. To link to indices that compile defects and mods. You have to swallow the fly, the spider, the bird, the cat, the dog, and the whole damned horse:

https://memex.craphound.com/2012/01/10/lockdown-the-coming-war-on-general-purpose-computing/

Then there's that perennial fave, "bans on working cryptography." To ban working cryptography, you have to outlaw free/open source software. You have to inspect every device that comes into your country. You have to erect a Great Firewall that blocks every site that might carry working cryptography. You make it impossible to reliably update the software in pacemakers, anti-lock brakes and nuclear power plants, and you make it easy for identity thieves, foreign powers and corporate spies to raid your government, your corporations, and your households – and it still won't work!

https://memex.craphound.com/2018/09/04/oh-for-fucks-sake-not-this-fucking-bullshit-again-cryptography-edition/

The latest consensus hallucination to take over our political classes is "age verification," a thing that manifestly does not exist. You can't "verify the age" of an internet user – you can only attempt to attribute every byte that traverses the entire internet to affirmatively identified persons:

https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers

This comes at enormous cost. It is a gift to every future dictator, every identity thief, and every would-be sexual exploiter of children, who will have access to the hacked, leaked, and badly secured troves of data that this doomed effort produces.

Yes, doomed. Because even when it comes to kids, "age verification" is just a way of convincing young people to familiarize themselves with VPNs. This was entirely obvious from the very instant that "age verification" was mooted, and yet our policymakers pretended they couldn't hear the chorus of people who pointed it out to them. When cornered on the issue, they were affronted: "Can't you see that something must be done? How dare you attempt to stop me from doing something?"

And now, every single one of these chucklefucks is proposing bans on VPNs, from Utah:

https://www.eff.org/deeplinks/2026/04/utahs-new-law-regulating-vpns-goes-effect-next-week

To the UK:

https://www.theregister.com/security/2026/05/18/mozilla-warns-uk-breaking-vpns-will-not-magically-fix-britains-age-check-mess/5241770

They were warned that this would happen. We told them not to swallow that fly. Now we're telling them not to swallow whole bucketloads of spiders. I fully expect that next year, they'll be telling us that once they swallow this herd of horses, it will all be OK.

(Image: Fir0002/Flagstaffotos, https://www.gnu.org/licenses/fdl-1.3.html, modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago The Hubble Constant is 42 https://web.archive.org/web/20010607103335/http://www.best.com/~sirlou/42.html

#25yrsago The history of weblogs http://www.rebeccablood.net/essays/weblog_history.html

#25yrsago Head-shaver’s FAQ https://web.archive.org/web/20010616023912/http://www.geocities.com/shaverg/

#25yrsago "Sex" in your surname https://web.archive.org/web/20010830005021/http://bissex.net/paul/profanity.gif

#25yrsago Apple announces retail stores https://web.archive.org/web/20010521193320/http://www.apple.com/retail/

#25yrsago ISOC standard for "responsible" spam https://web.archive.org/web/20030923030913/ftp://ftp.rfc-editor.org/in-notes/rfc3098.txt

#25yrsago Anal clenching v depression https://web.archive.org/web/20011201070537/http://members.aol.com/nishigaki3/index.htm?mtbrand=AOL_US

#25yrsago The Web is 10 https://www.w3.org/Talks/C5_17_May_91.html

#25yrsago Danish birds imitate ringtones https://web.archive.org/web/20010603204210/http://www.ananova.com/news/story/sm_288774.html?menu

#20yrsago Wired News publishes damning docs from EFF vs AT&T https://web.archive.org/web/20060602044459/http://www.wired.com/news/technology/1,70908-0.html

#20yrsago Canadian privacy commissioners against DRM https://web.archive.org/web/20060530122338/https://www.intellectualprivacy.ca/

#20yrsago How the RIAA’s suit against XM came from Napster, MP3.com and Grokster https://web.archive.org/web/20060524092537/https://www.eff.org/deeplinks/archives/004679.php

#20yrsago Gmail downgraded, no longer cracks PDFs https://web.archive.org/web/20060603055956/https://akira.arts.kuleuven.ac.be/andreas/blog/archives/2006/05/gmail-cripples-drmed-pdf-files-view-as-html-functionality.html

#20yrsago Australia puts out for Hollywood with new copyright law https://web.archive.org/web/20060520192521/https://blogs.smh.com.au/mashup/archives//004567.html

#20yrsago FeedRinse: filters for your RSS and a happier Internet https://web.archive.org/web/20060915062158/http://www.nyu.edu/classes/siva/archives/003114.html

#20yrsago Flickr goes Gamma https://web.archive.org/web/20081219225627/http://blog.flickr.net/en/2006/05/16/alpha-beta-gamma/

#15yrsago UK copyright reforms sound sane, useful https://web.archive.org/web/20160724041821/https://www.theguardian.com/media/2011/may/17/copyright-law-overhaul-for-uk

#15yrsago Life with Ubuntu and a ThinkPad https://www.theguardian.com/technology/2011/may/17/computing-opensource

#15yrsago Scalzi’s Fuzzy Nation: a masterful, likable reboot of one of the great sf classics https://memex.craphound.com/2011/05/16/scalzis-fuzzy-nation-a-masterful-likable-reboot-of-one-of-the-great-sf-classics/

#15yrsago Piracy sends “Go the Fuck to Sleep” to #1 on Amazon https://web.archive.org/web/20110516023258/http://www.baycitizen.org/books/story/go-f-sleep-case-viral-pdf/

#15yrsago Serendipity, the net and cities: are we living in bubbles? Do we have to? https://ethanzuckerman.com/2011/05/12/chi-keynote-desperately-seeking-serendipity/

#15yrsago Texas close to banning TSA searches, TSA invents desperate new constitutional interpretations https://tenthamendmentcenter.com/2011/05/14/in-public-statement-tsa-lies-about-the-constitution/

#15yrsago Syrian dissidents use donkeys to smuggle videos to Jordan https://web.archive.org/web/20110518132126/http://www.dbune.com/news/world/6097-donkeys-take-over-from-dsl-as-syria-shuts-down-internet.html

#15yrsago Walter Jon Williams uses pirate ebooks to rescue his backlist https://www.walterjonwilliams.net/2011/05/crowdsource-please/

#15yrsago Chicago water boss: if we took the sewage out of the Chicago River, people might swim and drown! https://web.archive.org/web/20110516121105/https://www.chicagotribune.com/news/local/breaking/chibrknews-official-cleaning-chicago-river-a-waste-of-money-20110513,0,7553787.story

#15yrsago HOWTO Make an office-supply X-Wing Fighter https://www.instructables.com/X-Wing-Fighter-from-Office-Supplies/

#15yrsago Yale opens up image library, starts with 250,000 free images https://web.archive.org/web/20110514111440/https://opac.yale.edu/news/article.aspx?id=8544

#15yrsago Nintendo 3DS license: We’ll brick your device if we don’t like your software choices, you have no privacy, we own your photos https://web.archive.org/web/20110518014329/https://www.pcworld.com/businesscenter/article/227957/nintendo_3ds_targeted_in_antidrm_campaign.html

#10yrsago Copyright trolls Rightscorp are teetering on the verge of bankruptcy https://web.archive.org/web/20160518103417/https://arstechnica.com/tech-policy/2016/05/anti-piracy-firm-rightscorps-q1-financials-read-like-an-obituary/

#10yrsago Trump campaign cancels interview after overhearing reporter speaking in Spanish https://www.buzzfeednews.com/article/adriancarrasquillo/trump-campaign-canceled-a-reporters-interview-after-they-hea#.ul9L3rXy8

#10yrsago Phoenix airport threatens to kick out TSA, hire private (unaccountable) contractors https://www.csmonitor.com/USA/USA-Update/2016/0514/Is-Phoenix-airport-opting-out-of-the-TSA

#10yrsago US Gov’t survey: Half of Americans reluctant to shop online due to privacy & security fears https://www.ntia.gov/federal-register-notice/2016/request-comments-benefits-challenges-and-potential-roles-government-fostering-advancement-internet

#10yrsago Iceland’s Pirate Party to receive millions in election funding https://web.archive.org/web/20160514102817/http://www.independent.co.uk/news/world/europe/icelands-pirate-party-secures-more-election-funding-than-all-its-rivals-as-it-continues-to-top-polls-a7027606.html

#10yrsago Nebula Award swept by record number of women writers https://gizmodo.com/women-swept-the-2015-the-nebula-awards-1776706665

#10yrsago Algorithmic cruelty: when Gmail adds your harasser to your speed-dial https://web.archive.org/web/20160515184025/https://blog.lizdenys.com/2016/05/14/inboxs-accidentally-abusive-algorithm/

#10yrsago Transport for London blames Tube delays on “wrong type of sun” https://web.archive.org/web/20160516133847/https://www.independent.co.uk/news/uk/london-underground-blame-too-much-sunshine-for-tube-delays-a7031986.html

#10yrsago The Intercept begins publishing Snowden docs https://web.archive.org/web/20160516172510/https://theintercept.com/snowden-sidtoday/

#10yrsago A software developer’s version of the CIA’s bureaucratic sabotage manual https://www.antipope.org/charlie/blog-static/2016/05/updating-a-classic.html

#5yrsago Who owns the covid vaccines? https://pluralistic.net/2021/05/16/entrepreneurial-state/#patient-zero-money

#5yrsago Big Pharma's vicious battle against universal covid vaccination https://pluralistic.net/2021/05/15/how-to-rob-a-bank/#roll-the-dice

#5yrsago The S&L crisis perfected finance crime https://pluralistic.net/2021/05/15/how-to-rob-a-bank/#crimogenics

#5yrsago Newsom's California fiber dream https://pluralistic.net/2021/05/15/how-to-rob-a-bank/#fiber-now

#5yrsago The Public Interest Internet https://pluralistic.net/2021/05/17/disgracenote/#enclosure

#5yrsago Paygo, false consciousness and the IRS https://pluralistic.net/2021/05/17/disgracenote/#false-consciousness

#1yrago Trump's CFPB kills data broker rule https://pluralistic.net/2025/05/15/asshole-to-appetite/#ssn-for-sale

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Sat, 16 May 2026 08:35:41 +0000 Fullscreen Open in Tab
Pluralistic: Making sense of Trump's unscheduled sudden midair disassembly of the American empire (16 May 2026)


Today's links


A detail from Dore's engraving depicting the drowning of the Leviathan - a great sea-serpent thrashing in a chaotic dark sea. The image has been altered: it has been hand-tinted. The sea serpent is wearing a MAGA hat. Drowning nearby are a beleagured Uncle Sam, an Android robot, and the Statue of Liberty.

Making sense of Trump's unscheduled sudden midair disassembly of the American empire (permalink)

For generations, the American empire was the most powerful force on earth, and so we tended to assume that it was the most durable force on earth – surely anything so powerful must also be eternal?

But power and durability aren't the same thing, as Le Guin reminded us with her oft-quoted maxim that "We live in capitalism, its power seems inescapable — but then, so did the divine right of kings":

https://www.ursulakleguin.com/nbf-medal

Monarchs may be powerful, but that power is derived from a manifestly incorrect belief in special blood, a belief that requires monarchs to inbreed. At best, this produces heads of state who can't stop bleeding and also can't tell you if their blood is blue or red; at worst, it yields heads of state who can't speak intelligibly, much less produce another generation of royals:

https://en.wikipedia.org/wiki/Charles_II_of_Spain

Oligarchy also produces a sequence of progressively weirder and more terrible rulers who rely on a mix of lies, flattery, coercion and personal cult nonsense to hold their coalition together in the face of mounting evidence for the system's bankruptcy. Thus Reagan begat GW Bush, who begat Trump, whose potential successors are a kennel of the least-charismatic chud podcasters ever to curse an RSS feed.

Trump's second term has resulted in a rapid, unscheduled, mid-air disassembly of the American empire. As Baldur Bjarnason writes, under Trump, America "first turned on their trading partners, then their allies in Europe, and then they delivered one of this century’s biggest economic and energy crises to their allies in Asia":

https://www.baldurbjarnason.com/2026/the-old-world-of-tech-is-dying/

The line comes from an excellent post entitled "The old world of tech is dying and the new cannot be born," about the impact of Trump's de-Americanization of the world on the US tech industry, and thus the world's relationship to tech more broadly. As Bjarnason writes, Trump's tech giants dominate the world because America dominates the world. It's not because the world likes American tech. As Bjarnason writes:

They are, more often than not, about as popular and respected as tobacco or pharmaceutical companies – some of them and their products are polling in terms of public sentiment in ranges similar to child molesters or authoritarian immigration enforcement entities – and their CEOs are some of the more despised public figures in recent history.

These very, very unpopular tech companies dominate because American trade policy insists that they must. They are allowed to violate local laws because stopping them from doing so would result in trade sanctions. It's true that US tech companies face fines abroad from time to time, but these are "the price list for inflicting societal suffering. Pick the one that suits your business model." US trading partners haven't really attempted to extinguish the unlawful conduct of US tech companies.

All of that is up for grabs now, thanks to Trump's uncontrollable compulsion to repeatedly hormuz himself (and America) in the foot. But – as Bjarnason writes – this didn't start with Trump. As ever, Trump is as much an effect as a cause, and the most important cause of Trump is the conversion of America into a financial economy, which started under Reagan, but was only finalized by Obama, who let the Wall Street looters who destroyed the world economy walk away unscathed, even as they stole the homes of millions of Americans:

https://web.archive.org/web/20170130083243/https://www.theguardian.com/commentisfree/2017/jan/16/how-barack-obama-paved-way-donald-trump-racism

Financial economies "suck the air out of the rest of the economy and make it less competitive." Keeping billionaires in megayachts comes at the expense of "research, education, infrastructure, and healthcare." Countries that financialize lag behind countries where the economy is based on making things, not extracting or financing things.

Generations of both imperial looting and domestic investment made America the richest country on earth. That wealth cushioned America's transition to oligarchy: for a while, the country could survive both "finance and billionaire parasites sucking its blood" and continue to invest in itself. But while you can double the wealth of a billionaire at the expense of a town or two, doubling the wealth of a centibillionaire requires the destruction of whole regions.

As America looted itself into irrelevance, China – a very different kind of autocracy – invested in domestic capacity and domestic consumption. China's hardly a well-run place: like any autocracy, it functions according to the whims of extremely fallible officials, which produces real-estate bubbles and other crises of production (to say nothing of the demographic crisis of the One Child policy) and necessitates steadily increasing oppression, from online surveillance to concentration camps in Xinjiang.

Bjarnason writes about how this Chinese/US world presents a "double bind" for the EU. Siding with the US is increasingly untenable: the EU exists in large part to promote its domestic industries, but the US is no longer content to leave these alone. As Bjarnason says, US economic policy is now, "whatever our oligarchs want to steal this month, they get."

US tech has extended so many tendrils into so many sectors that it's not possible to defend any industrial sector without impinging on the "technopoly," where "the only ideas and thoughts that have social and cultural legitimacy are those that support, are supported by, and are mediated through technology."

This means that continuing to work within the American system means a steady transfer of economic and political control of every aspect of your life to the US, a decaying empire ruled over by a mad king. Nevertheless, there is a strong, vestigial reflex to protect American tech in the EU, which leaves European power-brokers scrambling to come up with reasons that the EU should confine its tech regulation to empty symbolic gestures, while avoiding meaningful action at all costs:

https://cerre.eu/wp-content/uploads/2026/02/CERRE_Horizontal-Interoperability-of-Social-Networking-Services.pdf

But the American tech sector relies on the other sources of American power – the ones that Trump is so bent on destroying. Trump's de-dollarization of the world economy is pushing the world away from using American tech for payment processing and networking. The American empire created the form of the US tech sector. As Bjarnason writes, "without the weight of the US political empire behind it – if Airbnb or Uber had been local startups – much fewer countries in the world would have loosened their regulations and consumer protections to accommodate them to the point where they prospered as they did."

Trump isn't the first US leader to make a strategic blunder (the US has lost every war it's fought since WWII, after all). But Trump's blunders are different in that they "deliberately signal the end [the US] empire." Hormuz and tariffs have driven people away from the US dollar, and everyone knows who to blame for the senseless deaths in the Gulf and the global privation caused by oil rationing.

That's bad news for a software industry that "shifted its entire value proposition from 'we make tools that help you make or save money' to using political clout and the dollar hegemony to capture, control, and loot entire sectors of the various economies of the world. That strategy only works when you’re in charge."

DOGE wiped out the health systems of the global south, and now Trump's trade negotiators are demanding that these countries promise to keep their hands off of US tech in exchange for reinstating a small trickle of the aid they lost. These countries are rejecting those demands:

https://www.reuters.com/business/healthcare-pharmaceuticals/zambia-says-us-health-deal-must-be-uncoupled-minerals-access-2026-05-04/

It's all up for grabs, in other words. The post-American internet is being born in a post-American world, and the shape of both is impossible to determine from this side of the veil. Bjarnason quotes Gramsci: "the old is dying and the new cannot be born."

I hold out high hopes for a world of international digital public goods: free and open software that replaces America's extractive, defective black boxes with transparent, auditable, trustworthy alternatives that are under the control of the people who use them:

https://pluralistic.net/2026/04/16/pascals-wager/#doomer-challenge

But – as Bjarnason says – even the intellectual property framework that the free/open source movement relies on to make its licenses enforceable is an artifact of the collapsing American empire. If the global copyright system collapses with America, there won't be any impediments to reverse-engineering and improving the tech around us – but there also won't be any way to enforce the free software licenses that keep that software open:

https://pluralistic.net/2026/04/02/limited-monopoly/#petardism

The whole essay is very good and – like so many great essays – it raises more questions than it answers. It's also full of standout one-liners like this one:

How do LLMs affect productivity and quality? (Much like leaded petrol. There’s some potential benefit for individual users with literally decades of expertise, provided nobody else uses LLMs. The results are catastrophic when everybody is using them.)

Consider moving it to the top of your weekend reading.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Is the law copyrighted?
https://web.archive.org/web/20010519134232/http://www.uniontrib.com/news/uniontrib/sun/news/news_1n13own.html

#15yrsago Canadian copyright collective wants a music tax on memory cards https://web.archive.org/web/20110517205114/https://www.michaelgeist.ca/content/view/5798/125/

#10yrsago FBI Director: viral videos make cops afraid to do their jobs https://www.nytimes.com/2016/05/12/us/comey-ferguson-effect-police-videos-fbi.html?_r=2

#10yrsago Banker implicated in one of history’s biggest frauds says boss beat him with a tiny baseball bat https://web.archive.org/web/20160516173952/http://www.ibtimes.co.uk/barclays-banker-accused-rigging-libor-rate-hit-assistant-baseball-bat-1559792

#10yrsago Infested: an itchy, fascinating natural history of the bed bug https://memex.craphound.com/2016/05/14/infested-an-itchy-fascinating-natural-history-of-the-bed-bug/

#5yrsago A weapon of mass financial destruction https://pluralistic.net/2021/05/14/billionaire-class-solidarity/#club-deals

#1yrago Are the means of computation even seizable? https://pluralistic.net/2025/05/14/pregnable/#checkm8

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Fri, 15 May 2026 12:38:04 +0000 Fullscreen Open in Tab
Pluralistic: No one wants a permanent gerontocracy (15 May 2026)


Today's links


The Supreme Court building, with the justices seated before it. The justices float, disembodied, their skins tinted green, their skulls shining through their faces. The court is titled at a spooky angle. Behind it loom dark clouds and a glowing moon.

No one wants a permanent gerontocracy (permalink)

Perhaps the most demoralizing part of Trumpismo is the fear that the people around you are so cruel and senseless that they approve of the violence, the racism, the pig-ignorant lies and rampant theft:

https://www.techdirt.com/2025/07/08/who-goes-maga/

One of the things keeping me going in these dark days is the pollster G Elliot Morris, whose "Strength in Numbers" newsletter is a reliable, robust and nuanced source of information about the way other people – including Trump's base – feel about him from moment to moment. Reading items like "A reminder: Very few people support Donald Trump's presidency" make it easier to get through the day:

https://www.gelliottmorris.com/p/a-reminder-very-few-people-support

It's a very good piece, breaking down the collapse in support for Trumpismo and confidence in Trump's mental health, even among the people who have historically stood by him, even though – incredibly! – about a third of Americans still support him and believe in his fitness to rule.

But the most interesting part of this post is the eye-popping poll result on a question that is only incidentally about Trump: the extremely broad, bipartisan support for both age limits and term limits for the House, the Senate, the Presidency and the Supreme Court.

How broad and bipartisan are these results?

  • 80% of Americans want age limits in the House and Senate (D78%, R83%; I79%);

  • Most Americans want age limits for the presidency (R73%, I61%) (the most popular age limit is 79);

  • Most Americans (65%) want an 18-year term limit for Supreme Court justices;

  • Most Americans (79%) want age limits for Supreme Court justices.

As Morris writes, this represents "a level of cross-partisan agreement that’s almost unheard of on a high-salience issue."

There are different ways to parse this out. The past decade has shown that, in the absence of a hard rule to the contrary, incumbents will stay in office long after it's obvious they should step down. That was true of Biden, who continued to campaign for a presidential term long after it was obvious that he was no longer physically and mentally capable of doing the job.

It was true of Ruth Bader-Ginsburg, whose commitment to the symbolic value of having her successor appointed by the first woman president allowed Trump to appoint the monstrous Amy Coney Barrett to a lifetime on the Supreme Court, which could well last another 30 years. It was true of Antonin Scalia, who would have handed a Supreme Court pick to the Obama administration if it wasn't for Mitch McConnell's willingness to steal a seat for Neal Gorsuch.

It's true of Kay Granger, a sitting congresswoman whose staff hid the fact that her dementia had progressed to the point that she had to be moved to an assisted living facility – while still holding office:

https://www.politico.com/news/magazine/2025/03/14/kay-granger-dementia-dc-media-00210317

It was true of Gerry Connolly, who insisted that he – not AOC – should be the head of the Oversight Committee, despite the fact that he was dying of cancer:

https://www.pbs.org/newshour/politics/rep-gerry-connolly-announces-return-of-cancer-steps-down-as-top-oversight-democrat

It was true of Dianne Feinstein, who continued to serve in the Senate despite having advanced dementia:

https://www.motherjones.com/politics/2023/04/sen-dianne-feinsteins-saga-is-a-very-public-example-of-a-national-crisis/

These politicians are wed to a system of seniority and patronage that insists that everyone who "pays their dues" should get a turn. It's a system that relies on politicians banking favors from their peers and then paying them back by anointing successors, thus requiring politicians to serve until they are ready to choose that successor.

We have created a system in which no one dares to hand over power, because to do so is to unilaterally disarm, while the other side keeps their permanent gerontocrats in positions of authority. Not only does this system starve the pipeline of young politicians who can progress to fill those new roles, it also exposes each party to significant risk. If your majority rests on a handful of seats and your caucus includes a dozen people who are actuarially certain to die soon, then the whole system could be upended by a couple of highly likely blood-clots:

https://pluralistic.net/2023/07/01/designated-survivors/

It's not that every politician over the age of 70 (or 80, or 85) is incapable of doing the job: it's that a system that runs on a mix of incumbency advantage, seniority, patronage and hubris is a bad system and the only fix for it is to put hard limits on terms – both based on how many years you hold office, and how many years you walk the earth.

The system where everyone who pays their dues gets a turn was never going to work, and that should have been especially obvious to the system's longest-tenured participants, who've had decades to notice how long-lived their colleagues are, and to compare those lifespans to the number of committee chairs, senate seats and other treasures there are to be had in the halls of power.

There are lots of good ideas – like abolishing the Electoral College or limiting political spending – that are popular with a majority of Americans, but these ideas are often very unpopular with conservatives:

https://pluralistic.net/2023/10/18/the-people-no/#tell-ya-what-i-want-what-i-really-really-want

But this is a realm in which – as Morris says – there is "almost unheard-of…cross-partisan agreement." It's the one idea that all Americans – including older Americans (at least the ones who aren't in the House, Senate or Oval Office; or on the Supreme Court) agree on: rule by permanent gerontocracy is bad, and should end.

In not so many months, both parties are going to have to pick their next presidential candidates (in the case of Republicans, it may be sooner, depending on Trump's cheeseburger intake). Those primary contests are going to implicitly raise the issue of whether we should be ruled according to the principle of "everyone who pays their dues gets a turn." But a shrewd politician could win a lot of favor among voters (and fury among their colleagues) by campaigning on age- and term-limits for high office.

(Image: Pacamah, CC BY-SA 4.0, modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago The life of a celeb PA https://www.theguardian.com/education/2001/may/14/highereducation.comment

#20yrsago DOJ moves in dark of night to quash EFF wiretapping lawsuit https://web.archive.org/web/20060524092447/https://www.eff.org/deeplinks/archives/004659.php

#20yrsago WolfenGitmo: Guantanamo Bay mod for Castle Wolfenstein https://web.archive.org/web/20060520203517/https://a.parsons.edu/~evan/school/?q=node/29

#20yrsago Where does booing come from? https://web.archive.org/web/20181215223044/https://slate.com/news-and-politics/2006/05/where-do-hecklers-come-from.html

#15yrsago Steven Levy on Facebook’s ironic privacy charge against Google https://web.archive.org/web/20110514121727/https://www.wired.com/epicenter/2011/05/facebook-privacy-problems/

#15yrsago Michael Moore’s “Some Final Thoughts on the Death of Osama bin Laden” https://web.archive.org/web/20110513181408/https://www.michaelmoore.com/words/mike-friends-blog/some-final-thoughts-on-death-of-osama-bin-laden

#15yrsago DHS’s “Secure Communities” program will deport battered woman for calling 9-1-1 on her abuser https://web.archive.org/web/20110514142235/https://blogs.ocweekly.com/navelgazing/2011/05/isaura_garcia_battered_secure.php

#15yrsago TSA: we’ll search your baby and it will make the country safer https://www.loweringthebar.net/2011/05/tsa-says-baby-frisking-justified.html

#10yrsago Telcoms companies try to rescue TV by imposing Internet usage caps on cord-cutters https://www.techdirt.com/2016/05/13/isps-are-now-forcing-cord-cutters-to-subscribe-to-tv-if-they-want-to-avoid-usage-caps/

#10yrsago The weird, humiliating nicknames George W Bush gave to everyone https://en.wikipedia.org/wiki/List_of_nicknames_used_by_George_W._Bush

#10yrsago “Tendril perversion”: when one loop of a coil goes the other way https://en.wikipedia.org/wiki/Tendril_perversion

#10yrsago Clicking “Buy now” doesn’t “buy” anything, but people think it does https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2778072

#5yrsago Uber (Ch)eats https://pluralistic.net/2021/05/13/uber-cheats/#50-companies

#5yrsago The Democratic establishment https://pluralistic.net/2021/05/13/uber-cheats/#party-bosses

#1yrago Who Broke the Internet? Part II https://pluralistic.net/2025/05/13/ctrl-ctrl-ctrl/#free-dmitry

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-15T00:00:00+00:00 Fullscreen Open in Tab
Moving away from Tailwind, and learning to structure my CSS

Hello! 8 years ago, I wrote excitedly about discovering Tailwind.

At that time I really had no idea how to structure my CSS code and given the choice between a pile of complete chaos and Tailwind, I was really happy to choose Tailwind. It helped me make a lot of tiny sites!

I spent the last week or so migrating a couple of sites away from Tailwind and towards more semantic HTML + vanilla CSS, and it was SO fun and SO interesting, so here are some things I learned!

As usual I’m not a full-time frontend developer and so all of my CSS learning has happened in fits and starts over many years.

it turns out Tailwind taught me a lot

When I started thinking about structuring CSS, I was intimidated at first: I’m not very good at structuring my CSS! But then I started reading blog posts talking about how to structure CSS (like A whole cascade of layers or How I write CSS in 2024) and I realized a couple of things:

  1. Every CSS code base has a bunch of different things going on (layouts! fonts! colours! common components!)
  2. It’s extremely useful to have systems or guidelines to manage each of those things, otherwise things descend into chaos
  3. Tailwind has systems for some of these, and I already know those systems! Maybe I can imitate the systems I like!

For example, Tailwind has:

the systems I’m going to talk about

I’m going to talk about a few aspects of my CSS codebase and my thoughts so far what kind of rules I want to impose on the codebase for each one. Some of them are copied from Tailwind and some aren’t.

  1. reset
  2. components
  3. colours
  4. font sizes
  5. utility classes
  6. the base
  7. spacing
  8. responsive design
  9. the build system

1. reset

I just copied Tailwind’s “preflight styles” by going into tailwind.css and copying the first 200 lines or so.

I noticed that I’ve developed a relationship with Tailwind’s CSS reset over time, for example Tailwind sets box-sizing: border-box on every element (which means that an element’s width includes its padding):

* { box-sizing: border-box; }

I think it would be a real adjustment for me to switch to writing CSS without these, and I’m sure there are lots of other things in the Tailwind reset (like html {line-height: 1.5;}) that I’m subconsciously used to and don’t even realize are there.

2. components

This next part is the bulk of the CSS!

The idea here is to organize CSS by “components”, in a way that’s spiritually related to Vue or React components. (though there might not actually be any Javascript at all in the site)

Basically the idea is that:

  1. Each “component” has a unique class
  2. The CSS for one component never overrides the CSS for any other component
  3. Each component has its own CSS file

So editing the CSS for one component won’t mysteriously break something in another component. And probably like 80% of the CSS that I would actually want to change is in various component files, so if I’m editing a 100-line component, I just have to think about those 100 lines. It’s way easier for me to think about.

For example, this HTML might be the .zine “component”.

<figure class="zine horizontal">
    <img src="whatever.jpg">
</figure>

And the CSS looks something like this, using nested selectors:

.zine {
  ...
  &.horizontal {
    ...
  }
  &.vertical {
    ...
  }
  &:hover {
    ...
  }
}

I haven’t done anything programmatic (like web components or @scope) that ensures that components won’t interfere with each other, but just having a convention and trying my best already feels like a big improvement.

Next: conventions to maintain some consistency across the site and keep these components in line with each other!

3. colours

colours.css has a bunch of variables like this which I can use as necessary. Colour is really hard and I didn’t want to revisit my use of colour in this refactor, so I left this alone.

The only guideline I’m trying to enforce here is that all colours used in the site are listed in this file.

:root {
  --pink: #fea0c2;
  --pink-light: #F9B9B9;
  --red: #f91a55;
  --orange: rgb(222, 117, 31);
  ...
}

4. font sizes

One thing I appreciated about Tailwind was that if I wanted to set a font size, I could just think “hm, I want the text to be big”, write text-lg, and be done with it! And maybe if it’s not big enough I’d use xl or 2xl instead. No trying to remember whether I’m using em or px or rem.

So I defined a bunch of variables, taken from Tailwind, like this:

  --size-xs: 0.75rem;
  --line-height-xs: 1rem;

  --size-sm: 0.875rem;
  --line-height-sm: 1.25rem;

Then if I want to set a font size, I can do it like this. It’s a little more verbose than Tailwind but I’m happy with it for now.

h3 {
  font-size: var(--size-lg);
  line-height: var(--line-height-lg);
}

5. utilities

There are some things like buttons that appear in many different components. I’m calling these “utilities”.

I copied some utility classes from Tailwind (like .sr-only for things that should only appear for screenreader users).

This section is pretty small and I try to be careful about making changes here.

6. the base

“base” styles are styles that apply across the whole site that I chose myself. I have to keep this section really small because I’m not confident enough to enforce a lot of styles across the whole site. These are the only two I feel okay about right now, and I might change the <section> one:

/* put a 950px column in the middle of each <section> */
section {
  --inner-width: 950px;
  padding: 3rem max(1rem, (100% - var(--inner-width))/2);
}

a {
  color: var(--orange);
}

I think for the base styles it’s going to be easiest for me to work kind of bottom up – first start with almost nothing in the base styles, and then move some styles from the components into base styles as I identify common things I want.

7. spacing

I haven’t completely worked out an approach to managing padding and margins yet. I’m definitely trying to be more principled than how I was doing it in Tailwind though, where I would just haphazardly put padding and margins everywhere until it looked the way I wanted.

Right now I’m working towards making the outer layout components in charge of spacing as much as possible. For example if I have a <section> with a bunch of children that I want to have space between them, I might use this to space the children evenly:

section > *+* {
  margin-top: 1rem;
}

Some inspiration blog posts:

8. responsive design: use more grid!

The way I was doing responsive design in Tailwind was to use a lot of media queries. Tailwind has this md:text-xl syntax that means “apply the text-xl style at sizes md or larger”.

I’m trying something pretty different now, which is to make more flexible CSS grid layouts that don’t need as many breakpoints. This is hard but it’s really interesting to learn about what’s possible with grid, and it’s a good example of something that I don’t think is possible with Tailwind.

For example, I’ve been learning about how to use auto-fit to automatically use 2 columns on a big screen and 1 column on a small screen like this:

  display: grid;
  grid-template-columns: repeat(auto-fit, minmax(min(100%, 400px), max-content));
  justify-content: center;

I also used grid-template-areas a lot which is an amazing feature that I don’t think you can use with Tailwind.

Some inspiration:

9. the build system: esbuild

In development, I don’t need a build system: CSS now has both built in import statements, like this:

@import "reset.css";
@import "typography.css";
@import "colors.css";

and built in nested selectors, like this:

.page {
  h2 { ...}
}

If I want, I can use esbuild to bundle the CSS file for production. That looks something like this.

esbuild style.css --bundle --loader:.svg=dataurl  --loader:.woff2=file --outfile=/tmp/out.css

Even though I usually avoid using CSS and JS build systems, I don’t mind using esbuild (which I wrote about in 2021 here) because it’s based on web standards and because it’s a static Go binary.

why migrate away from Tailwind?

A few people asked why I was migrating away from Tailwind. A few factors that contributed are:

  • Tailwind has become much more reliant on a build system since 2018, I think it’s impossible (?) to use newer versions of Tailwind without using a build system. So I’ve been using Tailwind v2 for years. (there’s also litewind apparently)
  • It’s always been true that you’re supposed to use Tailwind with a build system, but I’ve never really done that, so I have 2.8MB tailwind.min.css files (270K gzipped) in a lot of my projects and it feels a little silly.
  • I’m a lot better at CSS than I was when I started using Tailwind
  • Ultimately Tailwind is limiting: if you want to do Weird Stuff in your CSS, it’s not always possible with Tailwind. Those limits can be extremely useful (a lot of this post is about me reimplementing some of Tailwind’s limits!) but at this point I’d like to be able to pick and choose.
  • I ended up with sites that mixed both vanilla CSS and Tailwind in the same project and that was not fun to maintain
  • I got curious about what writing more semantic HTML would feel like.

CSS features I’m curious about

While doing this I learned about a lot of CSS features that I didn’t use but am curious about learning about one day:

one last reason I moved away from Tailwind

I’ve been talking a lot in this post about what I learned from using Tailwind, and that’s all true.

But I read this post 3 years ago called Tailwind and the Femininity of CSS that really stuck with me. I honestly probably started out with an attitude towards CSS a little like that post describes:

They’ve heard it’s simple, so they assume it’s easy. But then when they try to use it, it doesn’t work. It must be the fault of the language, because they know that they are smart, and this is supposed to be easy.

But in the last 10 years I’ve learned to really love and respect CSS as a technology.

So I decided years ago that I wanted to react to “CSS is hard” by getting better at CSS and taking it seriously as a technology, instead of devaluing it. Doing that changed everything for me: I learned that so many of my frustrations (“centering is impossible”) had been addressed in CSS a long time ago, and that also what “centering” means is not always straightforward and it makes sense that there are many ways to do it. CSS is hard because it’s solving a hard problem!

I’ve been so impressed by the new CSS features that have been built in the last 10-15 years (some of which I’ve talked about in this post!) and how they make it easier to use CSS, and spending the time to improve my CSS skills has been a really cool experience.

And that post made me feel like Tailwind contributes to the devaluing of CSS expertise, and like that’s not something I want to be a part of, even if Tailwind has been a useful tool for me personally. Especially in this time of LLMs where it feels more important than ever to value humans’ expertise.

Another blog post criticizing Tailwind that influenced me:

that’s all for now!

Thanks to Melody Starling who originally designed and wrote the CSS for wizardzines.com, everything cool and fun about the site is thanks to Melody.

Also I read so many incredible blog posts about CSS while working on this (from CSS Tricks, Smashing Magazine, and more), I’ve tried to link some of them throughout this post and I really appreciate how much folks in the CSS community share their practices.

2026-05-14T18:39:49+00:00 Fullscreen Open in Tab
Read "Genre glitches and unexpected promotional phrases as a sign of AI writing"
Thu, 14 May 2026 11:04:43 +0000 Fullscreen Open in Tab
Pluralistic: Kickstarting "The Reverse Centaur's Guide to Life After AI" (14 May 2026)


Today's links


A mockup of a smartphone displaying an audiobook app that's playing 'The Reverse Centaur's Guide to Life After AI'. Next to it appears this text: 'This book - ostensibly about AI, but more broadly about the new world of hyper-capitalism and high tech - is stunning in its clarity and breadth of vision. In trying to keep some kind of grasp on what is going on in the world, I read Doctorow obsessively. —Brian Eno'

Kickstarting "The Reverse Centaur's Guide to Life After AI" (permalink)

My next book, The Reverse Centaur's Guide to Life After AI, will be out in about a month – and (once again) Amazon's monopoly audiobook platform refuses to carry it, and so (once again) I'm pre-selling the audio, ebook and print edition in a Kickstarter campaign that proves that DRM-free isn't just the right way to reach an audience, it's also the best way to reach them:

https://www.kickstarter.com/projects/doctorow/the-reverse-centaurs-guide-to-life-after-ai

A mockup of a smartphone displaying an audiobook app that's playing 'The Reverse Centaur's Guide to Life After AI'. Next to it appears this text: 'An eye-opening take on AI . . . A sharply worded, irreverent, and deadly serious call to see through the sleight-of-hand performance of AI promoters. —Kirkus Reviews'

Reverse Centaur is a book about the realpolitik and the political economy of AI, written by a tech critic (me!) who is sick to the back teeth of hearing about AI. Central to the book's thesis:

  • The AI bubble is exceptionally bad and dangerous:

https://pluralistic.net/2026/05/07/dump-the-pumpers/#alpo-eaters-anonymous

A mockup of a smartphone displaying an audiobook app that's playing 'The Reverse Centaur's Guide to Life After AI'. Next to it appears this text: 'A bracing, daringly optimistic plan for how we can free ourselves from the awfulness. —John Hodgman (on Enshittification)'

  • The AI bubble is part of a lineage of pump-and-dump swindles created by monopolists who are desperate to convince investors that they can continue to grow even after they've saturated their markets:

https://pluralistic.net/2025/03/06/privacy-last/#exceptionally-american

  • In service to that stock swindle, AI companies have cooked up all kinds of ways to "juke the stats" to paint a false picture of AI adoption:

https://pluralistic.net/2025/05/02/kpis-off/#principal-agentic-ai-problem

A mockup of a smartphone displaying an audiobook app that's playing 'The Reverse Centaur's Guide to Life After AI'. Next to it appears this text: 'A masterly polemic, its scope so sweeping that it does, finally, seem to explain every pungent odor wafting from Silicon Valley. —Harper՚s (on Enshittification)'

  • AI is a normal technology, and in the absence of the bubble, we'd call this collection of technically interesting, sometimes useful tools "plug-ins":

https://pluralistic.net/2026/02/19/now-we-are-six/#stock-buyback

  • A chatbot can't do your job, but an AI salesman can absolutely convince your boss to fire you and replace you with a chatbot that can't do your job:

https://pluralistic.net/2025/03/18/asbestos-in-the-walls/#government-by-spicy-autocomplete

  • Despite the fact that the AI can't do your job, there are many ways that AI can be used to erode your wages and working conditions:

https://pluralistic.net/2026/04/06/empiricism-washing/#veena-dubal

  • The workers who say that their jobs are worse and the things they produce are much worse as a result of AI are correct; but the workers who say their work is much better thanks to AI are also correct. This only seems like a riddle until you understand that the most important fact about any technology (including AI) isn't what it does, but who it does it for and who it does it to:

https://pluralistic.net/2025/09/11/vulgar-thatcherism/#there-is-an-alternative

A mockup of a smartphone displaying an audiobook app that's playing 'The Reverse Centaur's Guide to Life After AI'. Next to it appears this text: 'You could not ask for a clearer, more ambitious or better-written business book than this one . . . Doctorow deserves thanks for his service. —The Financial Times (on Enshittification)'

  • When a boss fires a worker and gives their jobs to an AI, it usually means that they don't care if that job is done well, which is why customer service jobs are being handed over to AI:

https://pluralistic.net/2025/08/06/unmerchantable-substitute-goods/#customer-disservice

  • Bosses also love firing coders and replacing them with AI – first, because bosses are really angry about the decades when tech workers were in short supply and bosses had to pretend to like them, and second, because if you're selling AI as a way to replace workers, what better way to convince a potential customer than to fire the workers your own company depends upon? (All that said, the coders who are excited about their new AI coding tools have a point – when a worker is in charge of their work and thus when and how they use a tool, we should defer to their own experience):

https://pluralistic.net/2025/08/05/ex-princes-of-labor/#hyper-criti-hype

  • Artists are also a favorite target of AI bosses, which is weird, because the wages of creative workers add up to a total that rounds to zero when compared with the unimaginably large sums AI companies will have to take in if they are to pay back the trillions they've spent to date (let alone the trillions more they're proposing to spend in the near term). All of this raises a foundational question: can AI "art" ever be good? (Spoiler: probably not):

https://pluralistic.net/2025/03/25/communicative-intent/#diluted

  • Media companies say they have the answer to the AI art question: they'll create (or assert) a copyright that lets them control AI training. This is an incredibly transparent ruse: media companies are artists' class enemies, and if we get a new right to control AI training, our bosses will demand that we sign it away to them as part of their non-negotiable, one-sided standard contracts:

https://pluralistic.net/2024/11/18/rights-without-power/#careful-what-you-wish-for

A mockup of a smartphone displaying an audiobook app that's playing 'The Reverse Centaur's Guide to Life After AI'. Next to it appears this text: 'Essential to understanding today’s digital economy. —Rohit Chopra, Former head of the Consumer Financial Protection Bureau (on Enshittification)'

  • For creative workers, the answer to these new would-be tech bosses isn't asserting a new right that will be expropriated by the old media bosses who've been ripping us off forever. Our salvation lies in leaning into the US Copyright Office's interpretation that holds that AI-generated works can't be copyrighted, because copyright is only for human creations. That means that the only way our bosses can get a copyright over the things they want to sell is to pay us to make them:

https://pluralistic.net/2026/03/03/its-a-trap-2/#inheres-at-the-moment-of-fixation

  • Many of the seemingly urgent AI questions that people won't shut up about are distractions, because they assume that AI will lastingly infiltrate every part of our society. In reality, the AI companies are losing unimaginable amounts and have no path to profitability:

https://pluralistic.net/2025/06/30/accounting-gaffs/#artificial-income

  • The only jobs that AI can do better than humans are jobs that shouldn't exist, like figuring out how to maximize undetectable wage-theft:

https://pluralistic.net/2024/12/18/loose-flapping-ends/#luigi-has-a-point

  • AI is also really good at figuring out how to do individualized price-gouging, another thing that shouldn't exist:

https://pluralistic.net/2026/01/21/cod-marxism/#wannamaker-slain

  • Despite AI's manifest unsuitability to do jobs that should exist, bosses keep firing people and replacing them with chatbots that do their jobs very badly. This allows bosses to indulge their solipsistic fantasy of a world without people, in which customers, workers and suppliers are statistical artifacts and bosses are unitary geniuses who simply imagine a product or service and then it is delivered, without any ego-shattering confrontations with people who know how to do things:

https://pluralistic.net/2026/01/05/fisher-price-steering-wheel/#billionaire-solipsism

  • This is catastrophic, and not just for the parties involved today. The AI bubble will pop, and when it does, the chatbots that do these jobs (badly) will be switched off. Meanwhile, the workers those chatbots replaced will have retrained, retired, or become "discouraged." No one will be around to do those (necessary) jobs. AI is the asbestos we are shoveling into the walls of our civilization and our descendants will be digging it out for generations:

https://pluralistic.net/2025/09/27/econopocalypse/#subprime-intelligence

  • The real existential AI threat isn't that we'll accidentally teach the word-guessing program so many words that it awakens and becomes a vengeful god. The real risk is that when the bubble bursts we'll indulge the ruling class's reflex to austerity, and that this will continue the decades of mass economic traumatization that makes people into easy marks for fascists:

https://pluralistic.net/2026/04/12/always-great/#our-nhs

  • But when the AI bubble pops, that won't be the end of AI – it will be the end of the bubble. When the AI bubble pops, we'll have mountains of GPUs at fire-sale prices, skilled workers liberated from the imperative to help their bosses promote their stock swindle, and open source models that will yield tremendous dividends to anyone who sets out to optimize them:

https://pluralistic.net/2025/10/16/post-ai-ai/#productive-residue

As you can see from the links above, I developed The Reverse Centaur's Guide to Life After AI in the same way that I developed Enshittification: in public, through a series of essays, which I periodically synthesized into major, widely shared speeches:

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

Making my working notes public is a hugely effective way of producing and refining critical work, and it's been my method for 25 years now:

https://pluralistic.net/2021/05/09/the-memex-method/

It's a method that's let me produce a string of international bestsellers, published by some of the largest publishers in the world. Nevertheless, Amazon refuses to carry my audiobooks:

https://pluralistic.net/2022/07/25/can-you-hear-me-now/#acx-ripoff

That's because I have an iron-clad requirement that my work be sold in open formats, without the "digital rights management" that blocks you from moving the books you bought on Amazon to someone else's apps. Digital rights management (DRM) enjoys bizarre legal protections so that it's a felony for me to give you the tools you need to move the books I wrote out of an Amazon app and into a competitor's app:

https://pluralistic.net/2026/01/14/sole-and-despotic/#world-turned-upside-down

What's more, these outrageous legal rights extend around the world, because the US Trade Representative spent decades bullying America's trading partners into passing laws that criminalize the act of fixing the defects in America's tech exports, which is why farmers can't fix their John Deere tractors, hospitals can't fix their Medtronic ventilators, and no one can sell you an app that stops Apple and Google from spying on your phone:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

Amazon's Audible controls 90% (!) of the audiobook market, and they will not sell any book unless they can permanently lock it to their platform. That means that every time a writer sells you an audiobook on Audible, they create a "switching cost" that stops you from leaving Audible for a competitor. Not only is this fundamentally unjust, it's also terrible for creators: if our audiences can't leave Amazon, then we can't leave Amazon either, which means Amazon can (and does!) steal millions of dollars from writers without losing our business:

https://pluralistic.net/2022/09/07/audible-exclusive/#audiblegate

Which is where these Kickstarter campaigns come in. Whenever I sell a new book to a publisher, I arrange to make my own independent audiobook for it, which I sell everywhere except the platforms that have mandatory DRM: Audible, Apple and Audiobooks.com. There are some very good DRM-free audiobook stores, notably Libro.fm and Downpour.com (Google Play also sells audiobooks without DRM). But most people have never heard of these, so it wasn't until I started pre-selling my audiobooks on Kickstarter that I was able to make my stubborn refusal to sell out to Audible into a paying proposition. My agent tells me that if I'd sold out to Audible, I'd have paid off my mortgage and I'd be able to give my kid a full ride through a fancy US college. I don't make that kind of money from these Kickstarters, but they do very well nevertheless, and they're a critical part of my family's finances.

The Kickstarter is live for the next three weeks:

https://www.kickstarter.com/projects/doctorow/the-reverse-centaurs-guide-to-life-after-ai

A mockup of 'The Reverse Centaur's Guide to Life After AI' and 'Enshittification' on e-readers, and smartphones displaying audiobook apps, as well as the paperback edition of 'Reverse Centaur.'

You can pre-order print copies of Reverse Centaur, as well as DRM-free ebooks and audiobooks (narrated by me!) for Reverse Centaur and Enshittification. Normally, I offer custom-signed copies of the print books, but Enshittification was so successful that I haven't stopped touring it and I'm in a new city every couple of days, so there's no way I can reliably get into a warehouse to sign the latest batch of orders. Instead, I'll be posting the contact details for every bookstore that's hosting me on my tours (US in June, UK in September) and you can order signed copies from them, which I'll personalize after my events there so they can ship them to you.

A mockup of a new Framework 13

I've also decided to raise money for the Electronic Frontier Foundation (eff.org), the nonprofit I've worked at for nearly 25 years. EFF is the oldest, best and most effective tech rights organization in the world, and its mission has only gotten more important over the years. EFF's outreach folks are offering a special membership package for backers of the Kickstarter, which includes an EFF hat and stickers, as well as an Enshittification pin and two Enshittification stickers:

https://pluralistic.net/2026/04/24/poop-emoji-plus-plus/#devin-washburn

The audiobook is fully recorded and finalized and you can listen to the first hour of it here:

https://archive.org/details/reverse-centaur-audio-sample

It came out great (as always!), thanks to the terrific direction of Gabrielle De Cuir of Skyboat Media and editing from Wryneck Studios' John Taylor Williams. Gabrielle's directed all my audiobooks since 2017, and John's been mastering my podcasts since 2006 (!!), so we constitute a very well-oiled machine.

Working out my ideas in public allows me to produce my Pluralistic newsletter, and with it, a large volume of free, high-quality work that's licensed under a generous Creative Commons license that lets anyone reproduce, translate, redistribute and even sell my articles. If you've enjoyed that work, I hope you'll consider backing the campaign! Selling books is how I pay the bills and keep the lights on, and as ever, this is the only way you can get a major publisher's ebooks and audiobooks with no DRM and no "terms of service." These are truly ebooks and audiobooks that you own. You can sell them, give them away, or lend them out – so long as you don't violate copyright law, we're all cool:

https://www.kickstarter.com/projects/doctorow/the-reverse-centaurs-guide-to-life-after-ai

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago RIP, Douglas Adams http://news.bbc.co.uk/1/hi/uk/1326657.stm

#20yrsago Douglas Coupland models his life & books on net rumors about him https://web.archive.org/web/20060515220320/https://www.wired.com/wired/archive/14.05/posts.html?pg=6

#15yrsago Vindictive lumber baron’s far-flung heirs inherit, 91 years after his death https://abcnews.com/Business/lumber-barons-descendants-receive-inheritance-92-years-death/story?id=13569633

#15yrsago R2D2 trashcan https://web.archive.org/web/20171208014511/https://i.imgur.com/x3w0I.jpg

#15yrsago Napier’s Bones: math and mysticism make for great international adventure https://memex.craphound.com/2011/05/12/napiers-bones-math-and-mysticism-make-for-great-international-adventure/

#15yrsago China’s shonky Disneyland-a-like park closed https://web.archive.org/web/20110515073221/https://thedisneyblog.com/2011/05/13/fake-disney-theme-park-in-china-forced-to-close/

#10yrsago Open letter to from EFF to members of the W3C Advisory Committee https://www.eff.org/deeplinks/2016/05/open-letter-members-w3c-advisory-committee

#10yrsago Gallery show of forks stolen from rich people, sealed to preserve crumbs & saliva https://web.archive.org/web/20160505183026/https://www.theguardian.com/artanddesign/2016/apr/27/crumbs-and-all-prince-harry-hillary-clinton-and-julia-gillard-have-cutlery-swiped-for-exhibition

#10yrsago German publishers owe writers €100M in misappropriated royalties https://uebermedien.de/4444/schoener-verlegen-mit-dem-geld-anderer-leute/

#10yrsago Chinese state-backed corporations beat US lawsuits with sovereign immunity https://www.reuters.com/article/us-china-usa-companies-lawsuits-idUSKCN0Y2131/

#10yrsago Anal fisting site breached: 100K passwords, usernames, email addresses and IPs extracted https://web.archive.org/web/20160511121337/https://motherboard.vice.com/read/rosebuttboard-ip-board

#10yrsago Reading With Pictures: awesome, classroom-ready comics for math, social studies, science and language arts https://memex.craphound.com/2016/05/12/reading-with-pictures-awesome-classroom-ready-comics-for-math-social-studies-science-and-language-arts/

#5yrsago Crooked Timber's Ministry for the Future Seminar https://pluralistic.net/2021/05/12/seminar-for-the-future/#imaginations

#1yrago Trump can't do ANYTHING for his base https://pluralistic.net/2025/05/12/greased-slide/#greased-pole

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Wed, 13 May 2026 15:47:35 +0000 Fullscreen Open in Tab
Pluralistic: Billionaire solipsism, dictator solipsism, AI, and the fascist paradigm (13 May 2026)


Today's links


An aerial image of the planned city of Levittown, tinted light green. A circuit board bleeds through the open spaces on the town plan. Hovering over the town are Trump's disembodied, bloodshot eyes, in pouchy orange nests. Orange tentacles swarm over the town.

Billionaire solipsism, dictator solipsism, AI, and the fascist paradigm (permalink)

With great power comes great solipsism: the more power you wield over other people, the less real they become to you. To rule is to see people as aggregates, statistical artifacts, as a means to an end. It's how people seem when you're at the bottom of a k-hole.

Per Granny Weatherwax, this is the root of all evil: "Sin is when you treat people like things":

https://brer-powerofbabel.blogspot.com/2009/02/granny-weatherwax-on-sin-favorite.html

The problem (for powerful people) is that other people aren't things; they're people, with stubborn attachments to their own priorities and needs. This is a huge problem for social media bosses, since the force that keeps you stuck to their platforms is your love of your friends, which sucks (for social media bosses), because your friends refuse to organize their interactions with you to "maximize engagement." There is a group of platform users who are dedicated to maximizing your engagement: performers (which is why legacy social media platforms have reduced the quantum of your feed given over to your friends to a bare minimum and swapped in the amateur dramatics of theater kids). But even "influencers" demand treatment as people, not things (which is why legacy social media is squeezing out performers in favor of slop):

https://pluralistic.net/2026/04/17/for-youze/#forever

Running a social media service is especially solipsism-inducing, since the back-end of a social media service always reduces people to statistical artifacts to be steered, thwarted, or rewarded based on the degree to which they are "maximizing engagement." No wonder zuckermuskian social media bosses mythologize themselves as dopamine-hacking wizards who've built a mind-control ray. Skinnerism and solipsism fit together very neatly, seducing you into the belief that everyone else is a stimulus-responding automaton, programmed to think they have free will:

https://pluralistic.net/2025/05/07/rah-rah-rasputin/#credulous-dolts

(Of course, the AI boss version of this is the belief that everyone else is a "stochastic parrot":)

https://xcancel.com/sama/status/1599471830255177728

But in truth, any corporate boss is prone to solipsism. To maximize corporate profits, you must view other people – employees, suppliers and customers – as inconvenient problems to be solved, not true people with feelings and needs that are co-equal with your own.

This is why AI is so attractive to the ruling class. For corporate leaders, the fantasy of your own worth is always dangerously close to collapsing, due to the haunting knowledge that if you don't show up for work, everything continues as per normal; while if your workers don't show up for work, the shop closes down and stays closed. Bosses really want to be in the driver's seat, but ultimately they know that they're strapped into the back seat, playing with a Fisher Price steering wheel. AI is a way to wire that toy steering wheel directly into the drive-train: it's the fantasy that a boss can have an idea and the corporation will execute it, without any messy human needs or demands getting in the way:

https://pluralistic.net/2026/01/05/fisher-price-steering-wheel/#billionaire-solipsism

Solipsism is why bosses fetishize IP and ignore process knowledge. IP is the part of the job that the worker can explain (and that you can train an AI model on). Process knowledge is the part of the job that can't be abstracted, alienated or commodified. The very existence of process knowledge is the major impediment to de-skilling workers so they can be interchanged with other, more desperate, more timid workers (or with sycophantic AI):

https://pluralistic.net/2025/09/08/process-knowledge/#dance-monkey-dance

Of course, there's a whole group of powerful people outside of the political world who are gripped by solipsistic AI fantasies: politicians. Like social media bosses, politicians deal with people as statistical artifacts who respond to policy inputs with semi-predictable outputs:

https://en.wikipedia.org/wiki/Seeing_Like_a_State

And of course, politicians have their own detested class of workers whom they fantasize about replacing with chatbots: bureaucracies. When Trump et al bemoan the "deep state," they are engaged in the politicians' version of the corporate boss's solipsism: "I make policies, but to enact them, I have to convince civil servants to turn my agenda into action. This sucks. Can't we just have an all-powerful executive who decides on things and then those things just happen?"

Writing for Columbia's Knight First Amendment Institute, political scientist Henry Farrell and statistician Cosma Rohilla Shalizi have produced the definitive account of how AI psychosis has infected our political classes:

https://knightcolumbia.org/content/ai-as-social-technology

Farrell and Shalizi use this political AI psychosis to explain DOGE, framing DOGE as a project where politicians and their loyal vassals cut a deep wound in the administrative state on the basis that general AI was about to emerge. With godlike AI around the corner, these bureaucrats – who insist on having opinions based on long experience and ethical sensibilities – could be replaced with sycophantic chatbots who'd turn the will of the unitary executive into policy without any filtration through unreliable, squishy humans.

This is a political version of my maxim that "the fact that an AI can't do your job doesn't stop an AI salesman from convincing your boss to fire you and replace you with an AI that can't do your job." Private sector bosses are easy marks for AI salesmen, and not just because they want to reduce their wage bills, but also because it will fulfill the solipsist's fantasy of a corporation that turns the singular genius of the boss into a product without any messy demands from workers (and, if you're Zuckerberg and convinced that you've created a mind-control ray, your product can be rolled out without any messy demands from your customers, either, since you've hypnotized them into doing as they're told).

The public sector version of this is the fantasy that you can eliminate the civil service and use an army of chatbots to do the job – not merely as a way of slashing the federal budget, but also as a way of purifying the transfer of the leader's will to the people without any intervening loss of fidelity resulting from the need to have your policies interpreted (and willfuly misinterpreted) by bureaucrats.

This is a very important framing, and it explains why fascists like Trump and dead-eyed technocrats like Canadian Prime Minister Mark Carney are hell-bent on gutting their countries' civil service and replacing it with chatbots:

https://policyoptions.irpp.org/2026/04/carney-ai-government-risks/

This is how Muskism and DOGE connect to Trumpism and AI: Musk doesn't believe other people are real. He calls them "NPCs" (non-player characters). He wants to put a microchip in your head so he can "replace your bad programming":

https://pluralistic.net/2026/04/21/torment-nexusism/#marching-to-pretoria

It's the fascist paradigm: the idea that people are incapable of self-rule, save for a very small number of singular geniuses who should be put in a position of absolute authority over all of us, to keep us safe from our own foolish impulses:

https://pluralistic.net/2026/05/12/donella-meadows/#paradigmatic

The Technocrats – a protofascist Italian movement that once captured the imagination of Musk's great-grandfather, and now are frequently quoted and alluded to by the likes of Mark Andreessen – were addicted to the quantitative fallacy that infects economics and other disciplines. That's the idea that every social process can be expressed as a mathematical model, which can then be optimized.

The problem, of course, is that much of the real world is qualitative, and the act of quantizing those qualia is a very lossy process. To quantize a qualitative question is to incinerate all the qualitative aspects and then do mathematics on the dubious quantitative ash that is left behind:

https://locusmag.com/feature/cory-doctorow-qualia/

In their paper, Farrell and Shalizi cite Ben Recht's maxim that "you can’t optimize a trade-off":

https://www.argmin.net/p/are-there-always-trade-offs

But of course, we optimize trade-offs all the time. That's what being a boss means, and it's also at the very core of self-determination: the right to decide what trade-offs you want to make. What Recht means is "you can't optimize a trade-off for everyone else." Those stubborn not-quite-people – customers, workers, bureaucrats – insist that they want different trade-offs.

In translating the will of a supreme leader to policy without any intervening need for buy-in by humans, fascist projects like DOGE seek to optimize trade-offs according to the preferences of the supreme leader. AI in government is grounded in the idea that a sufficiently deserving leader can be trusted to vibe-code the entire apparatus of state, checked only by his own sense of rightness:

https://thehill.com/policy/international/5680714-trump-morality-international-law/

Farrell and Shalizi forcefully make the point that statecraft is not a set of discrete problems with provably correct answers that must be solved. Government is a matter of making choices between mutually exclusive policies that have benefits and costs, and those costs and benefits fall upon different groups differently.

The idea that you can simply feed every fact about a society into a chatbot and order it to "solve" the nation reveals a profound ignorance about the nature of political contests. There's no empirical way of deciding whose priorities deserve to be realized and who must be disappointed. There isn't even an empirical way to compare the benefits that one group receives to the costs another group pays.

What's more, any system that uses LLMs to make high-stakes tradeoffs between different societal priorities will be relentlessly targeted by the groups that stand to win or lose based on those decisions, and by bureaucrats whose careers depend on making the number go up. They will poison the LLMs' training data, and figure out how to trick it into deceiving their bosses about the situation on the ground.

Back in 2018, Yuval Harari predicted that LLMs would supercharge dictatorships by overcoming "authoritarian blindness" – when the suppression of political opinion is so effective that the first sign that a dictator has of his waning support is a mob that burns the presidential palace down. This prediction failed, because people who live under dictators have switched all the energy they used to use to put on a good show for the secret police into putting a good show on for the chatbots:

https://pluralistic.net/2023/07/26/dictators-dilemma/#garbage-in-garbage-out-garbage-back-in

Meanwhile, the "variability" introduced by bureaucrats who adapt political policies is a feature, not a bug. When a long-tenured public official receives a directive from on-high that they know will be a disaster if implemented unchanged, they can tweak the policy so that it is at least partially successful.

Fire that bureaucrat and hand the policy to a rigidly loyal LLM that will not deviate from its strict instructions and you will end up with nothing (rather than a perfect policy implementation). Indeed, you may end up with less than nothing, as resentful local populations sabotage your agenda.

Both Hayek and Marx agreed that people at the very periphery of the system have insights into local conditions that no boss/central planner can know (though they disagreed about what that fact implied). An LLM is the ultimate micro-manager, and government by Computer Says No would only work if the person writing the system prompt knew everything about everyone everywhere.

As Farrell and Shalizi write,

The frustrations of actually existing bureaucracy do not merely arise from inept or technically-inadequate solutions to the principal-agent problem. They emerge too from the collision of multiple incommensurable demands, each with its own problems and benefits, so that there are no optimal design solutions. Those who build or reform bureaucracies, like those who build other artifacts, need to satisfice across multiple intersecting needs and pathologies. Designs that neatly address one kind of problem may radically worsen others. Actually-existing AI has its own imperfections, some of which are endemic. Grafting AI systems onto existing bureaucracies will solve some problems but will worsen others and make altogether new ones. It will not eliminate the political difficulties of mediating across different, often non-commensurable, goals. Imagining replacing bureaucracy wholesale with AI is only plausible if one waves away the actual difficulties associated with real social technologies.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Woz's programmable remotes https://web.archive.org/web/20010603184833/http://www.celadon.com/Industrial/PIC200/pic200oem.html

#25yrsago Furbeowulf http://www.trygve.com/furbeowulf.html

#20yrsago Diebold voting machines can be 0wned in minutes https://blog.citp.princeton.edu/2006/05/11/report-claims-very-serious-diebold-voting-machine-flaws/

#20yrsago British farmer supplies gallows to totalitarian governments http://news.bbc.co.uk/2/hi/uk_news/england/suffolk/4754515.stm

#20yrsago Proposed law requires schools to censor MySpace, LJ, blogs, Flickr https://web.archive.org/web/20060521054806/http://www.pbs.org/teachersource/learning.now/2006/05/new_federal_legislation_would_1.html

#15yrsago Vernor Vinge on the promise, progress and threats of Augmented Reality https://www.ugotrade.com/2011/05/10/interview-with-vernor-vinge-smart-phones-and-the-empowering-aspects-of-social-networks-augmented-reality-are-still-massively-underhyped/

#15yrsago American oligarch buys the right to hire professors at Florida State U https://web.archive.org/web/20110511210435/https://www.tampabay.com/news/business/billionaires-role-in-hiring-decisions-at-florida-state-university-raises/1168680/

#15yrsago National Jukebox: public domain music archive from the Library of Congress https://www.loc.gov/collections/national-jukebox/about-this-collection/

#15yrsago America’s net censorship bill is back and worse than ever https://arstechnica.com/tech-policy/2011/05/revised-net-censorship-bill-requires-search-engines-to-block-sites-too/

#10yrsago DNC Host Committee composed of GOP megadonors, Net Neutrality haters, fracking boosters and anti-Obamacare lobbyists https://web.archive.org/web/20160511160814/https://theintercept.com/2016/05/11/lobbyists-dnc-2016-convention/

#10yrsago Minnesota lawmakers propose bizarre, dangerous PRINCE law https://www.eff.org/deeplinks/2016/05/minnesota-legislators-go-crazy-pushing-dangerous-prince-act

#10yrsago NZ Prime Minister John Key ejected from Parliament over Panama Papers rant https://www.nzherald.co.nz/nz/prime-minister-john-key-thrown-out-of-debating-chamber-by-speaker/A5LQPMGB56QXTGE2ZFIK2MSRPE/?c_id=1&amp;objectid=11637448

#10yrsago Putting two elevators in one shaft https://web.archive.org/web/20160512013856/https://www.wired.com/2016/05/thyssenkrup-twin-elevator/

#10yrsago Germany will end copyright liability for open wifi operators https://torrentfreak.com/germany-to-rescind-piracy-liability-for-open-wifi-operators-160511/

#10yrsago Save Firefox: The W3C’s plan for worldwide DRM would have killed Mozilla before it could start https://www.eff.org/deeplinks/2016/04/save-firefox

#5yrsago Let's eat all the cicadas https://pluralistic.net/2021/05/11/uniboob/#eat-the-brood#5yrsago

#5yrsago Cyclopedia Exotica https://pluralistic.net/2021/05/11/uniboob/#one-eye-and-three-dot-dot-dot

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-12T18:22:43+00:00 Fullscreen Open in Tab
Note published on May 12, 2026 at 6:22 PM UTC
Tue, 12 May 2026 07:22:17 +0000 Fullscreen Open in Tab
Pluralistic: A fascist paradigm (12 May 2026)


Today's links


A king on a sumptuous, much elaborated throne; in one hand he holds a sceptre of office, in the other, the leashes for two fierce stone dogs that guard the throne. The king's head has been replaced with a character who was used as the basis for MAD Magazine's Alfred E Neumann. The new head sports a conical dunce cap. Behind the king is a UK Reform Party rosette. The background is an Egyptian temple, ganked from a Dore Old Testament engraving. The floor has been carpeted in sumptuous tabriz from the Ottoman court.

A fascist paradigm (permalink)

Yesterday, I attended a workshop on systems thinking and political change, which included a presentation on the work of Donella Meadows, whose Thinking in Systems is a canonical work on the subject:

https://en.wikipedia.org/wiki/Thinking_In_Systems:_A_Primer

"Systems thinking" is an analytical framework that treats the world as a mesh of interconnected, nonlinear components and relationships that can't be easily understood or steered. A complex system isn't merely "complicated." A mechanical watch is complicated, in that it has many parts that work together in ways that require training and specialized knowledge to understand. But it isn't "complex" because each part has a specific function that can be understood and adjusted.

In a complex system – say, an ecosystem – the parts are meshed in a web of unobvious relationships that make it difficult to predict what effect will follow from a given perturbation. When a blight kills off a plant species, the soil stability declines, resulting in landslides during the rainy season, changing the mineral content of nearby waterways, which creates microbial blooms or fish die-offs in a distant, downstream lake.

A slide showing a lever weighted down on one end by a circle labeled 'System' next to a fulcrum; the points along the lever are labeled with different potential interventions that can move the system, taken from the work of Donella Meadows.

But systems thinking isn't a counsel of despair that insists that you shouldn't do anything because you can never predict what will come of your actions. In Thinking in Systems, Meadows presents a hierarchy of leverage points for changing a system, ranked from least effective ("Constants, numbers, parameters") to most ("The power to shift paradigms to deal with new challenges"):

https://www.flickr.com/photos/doctorow/55264856861/

In all, Meadows theorizes 12 different "places to intervene in a system." The least effective of these – constants like taxes and standards, negative and positive feedback loops – are the sites of most of our political fights, and rightly so. They are the fine-tuning knobs of the system that adjust its margins. Once you have the rule of law ("the rules of the system"), you can drive change by amending, repealing or passing a law:

https://donellameadows.org/archives/leverage-points-places-to-intervene-in-a-system/

But when you're confronted with a system that is significantly, persistently dysfunctional, you will likely have to work at sites that are further up the hierarchy, such as "the distribution of power over the rules of the system" or "the goals of the system"; or the most profound of all, "the paradigm out of which the system — its goals, power structure, rules, its culture — arises."

Thinking about paradigms is a form of "meta-cognition," which is to say, "thinking about how you think." Your paradigm encompasses all your assumptions, including your assumptions about how to proceed from your other assumptions: "if x, then y" is a paradigm.

The workshop where we were discussing all of this is part of a group whose goal is reversing the antidemocratic movement in our society and the climate emergency that is its backdrop. But as I listened to the speaker and the ensuing discussion, it occurred to me that Meadows' theoretical work was a very good way of describing the successes of the fascist movement in the UK and around the world.

Fascists like Farage and Trump are, at their root, anti-democratic. Their pitch is that the people are incapable of self-determination (as Peter Thiel puts it, "democracy is incompatible with freedom"). They want us to think that all our neighbors are irrational and foolish, and that we, too, are irrational and foolish, and that our safety and prosperity can only be safeguarded if we seek out those few people who are born to rule and liberate them from the petty niceties and regulations that democracy and the rule of law demand.

In other words, the paradigm of democracy is that all of us are capable of both wise self-governance and self-rationalized misgovernance, and each of us has a useful perspective to contribute. The fascist paradigm is that we can't be trusted to rule ourselves, and only the people who are born with "good blood" are capable of directing our lives:

https://pluralistic.net/2025/05/20/big-cornflakes-energy/#caliper-pilled

This is the theory behind "race realism" and "human diversity" and all the other polite names the modern fascist uses to obscure the fact that they're reviving eugenics. It explains the panic over DEI, a panic driven by the belief that lesser people are being elevated to positions of rule and authority that they are genetically incapable of carrying out.

That's why, whenever a disaster arises, fascists demand to know the gender, race and sexual orientation of the pilot, the ship's captain, or the official in charge. If the person who crashed the cargo ship into the bridge has brown skin, we can add another line to the ledger of costs associated with the doomed project to put people who were born to be bossed around in the boss's seat (of course, if the pilot turns out to be a white guy, that proves nothing, except that mistakes sometimes happen).

The revival of fascism in this century has been scarily effective, and at times it can feel unstoppable. Meadows' work on systems thinking provides an explanation for that efficacy – and suggests a theory of change for dispatching fascism back to the graveyard of history. Fascists have made changes to things like laws and feedback loops, rules and distribution of power, but this all stems from a more profound alteration to the system, at the level of the paradigm.

Which suggests that the real fight we have is over that paradigm: we have to convince our neighbors that they are smart enough to rule themselves, and so are we, and so is everyone else. We have to convince them that even the smartest and wisest person (including us, including them) is capable of folly and needs to have checks on their (our) authority.

We need to attack the theory of the "unitary executive" and every other autocratic ideology head on. We have to insist that these aren't just unconstitutional, but that they are ideologically catastrophic. "No kings," because even an omnibenevolent king isn't omniscient, and that means that omnipotence is always omnidestructive in the long run.

The fascist revival has been scarily effective and resilient – and systems thinking offers an explanation for both that efficacy and that resiliency.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago First aid for the dying dotcom http://modernhumorist.com/mh/0010/dotcom/

#20yrsago OpenStreetMap maps Isle of Wight, Manchester next https://wiki.openstreetmap.org/wiki/Mapchester_Mapping_Party_2006

#20yrsago Fueling model rockets with Oreo fillings https://web.archive.org/web/20060616192646/https://www.popsci.com/popsci/how20/600152d7d441b010vgnvcm1000004eecbccdrcrd.html

#20yrsago Legal guide for podcasters https://wiki.creativecommons.org/wiki/Welcome_To_The_Podcasting_Legal_Guide

#20yrsago Collection of 1100+ found grocery lists https://grocerylists.org/

#10yrsago Mayor of Jackson, MS: “I believe we can pray potholes away” https://www.wjtv.com/news/jackson-mayor-tony-yarber-we-can-pray-potholes-away/

#10yrsago What’s the best way to distribute numbers on the faces of a D120? https://web.archive.org/web/20160510182023/https://www.wired.com/2016/05/mathematical-challenge-of-designing-the-worlds-most-complex-120-sided-dice/

#10yrsago Billionaire Paypal co-founder Peter Thiel will be a California Trump delegate https://web.archive.org/web/20160510155226/https://www.wired.com/2016/05/investor-peter-thiel-will-california-delegate-trump/

#10yrsago McClatchy newspapers’ CEO pleased to announce that he’s shipping IT jobs overseas https://web.archive.org/web/20160510102956/https://www.computerworld.com/article/3067304/it-careers/newspaper-chain-sending-it-jobs-overseas.html

#10yrsago Peace in Our Time: how publishers, libraries and writers could work together https://locusmag.com/feature/cory-doctorow-peace-in-our-time/

#10yrsago Too Like the Lightning: intricate worldbuilding, brilliant speculation, gripping storytelling https://memex.craphound.com/2016/05/10/too-like-the-lightning-intricate-worldbuilding-brilliant-speculation-gripping-storytelling/

#5yrsago LA traveling toward free public transit https://pluralistic.net/2021/05/10/comrade-ustr/#get-on-the-bus

#5yrsago Biden's shift on vaccine patents is a Big Deal https://pluralistic.net/2021/05/10/comrade-ustr/#vaccine-diplomacy

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Mon, 11 May 2026 09:43:59 +0000 Fullscreen Open in Tab
Pluralistic: 2024 (apart from the obvious) (11 May 2026)


Today's links

  • 2024 (apart from the obvious): Some unforced errors.
  • Hey look at this: Delights to delectate.
  • Object permanence: Denmark legalizing music trading; Babysuit; Patent Office invites "peer review"; DRM protest at the Bastille; Scientology's "super powers"; Banana Dalek; Florida v pediatricians' gun safety advice; Copyright filters and wage theft; "Who Broke the Internet?" Vatican astronomer v Creationism; Teens, privacy and Facebook; Čapek's graveside robot; Save iTunes; NZ laundered money for Latinamerica's looters; Memex Method.
  • Upcoming appearances: Barcelona, Berlin, Hay-on-Wye, London, NYC, Edinburgh.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


A meat grinder; disappearing into the top is a sad donkey dressed in Democratic Party livery; emerging from the bottom is a Trump-wigged elephant in GOP livery. The grinder bears an 'I Voted' sticker, with a ? added to the end of it. The background is a Dore engraving of a cloudy sky, tinted blue.

2024 (apart from the obvious) (permalink)

Just as Hillary Clinton positioned her run as a third term for Obama ("America is already great"), so did Biden (and then Harris) position their campaigns as a second Biden term. As Biden said (in 2019): "Nothing would fundamentally change":

https://www.salon.com/2019/06/19/joe-biden-to-rich-donors-nothing-would-fundamentally-change-if-hes-elected/

So a vote for Biden would be a vote for another four years of forceful, material support for genocide; another four years of compromise with the Democratic establishment on student debt and healthcare gouging; and another four years of a president who was obviously in mental decline.

Harris's campaign was, "A vote for me is a vote for all of the above (minus the cognitive decline)." Actually, it was worse: by conspicuously failing to campaign on the Biden administration's record on reining in corporate power, a vote for Harris was "A vote for all of the above, minus the mental decline and the antitrust."

Whereas a vote for Trump was a vote for change, a vote to give the establishment a black eye. It was also a vote for genocide and racist pogroms and gangster kleptocracy, which is why many voters stayed home, casting a ballot for America's all-time favorite candidate, "None of the above," while any number of furious people and/or vicious racists turned out for Trump.

There's one book that crystallizes my thoughts on this better than any other: Naomi Klein's 2023 Doppelganger, which analyzes our politics in terms of (warped) "mirror images." One of the mirror world pairings that Klein analyzes is the progressive movement, a coalition of liberals and leftists (led by liberals).

Like every coalition, the two main groups that constitute "the progressives" do not agree on many important issues, though they do have common goals. Both groups support equality for people of all genders and races, but for liberals, an equal world is one that fixes the problem that 150 straight white men own everything by replacing 75 of them with racialized people, women and queer people (whereas the leftist fix is abolishing the system in which 150 people own everything).

Biden set himself up as a peacemaker for this coalition, and his "unity task force" divided up the appointments in his administration between the Warren-Sanders leftists and liberals, including those who clearly belonged to the Manchin-Sinematic universe. This meant that his administration worked at cross-purposes to itself, neutering its boldest initiatives, rendering them impotent.

Take Biden's plan to finally allow Medicare to negotiate drug prices with pharma companies, a move that was very long overdue. Before this, the way the system worked was: pharma companies named a price – any price! – and then Uncle Sucker paid it. No other country in the world operates this way, and, of course, the lion's share of pharma R&D costs are already borne by the American public (or they were, until Musk DOGEd the US research budget to death).

So the American public pays more than anyone else in the world to develop these drugs, and then they pay more than anyone else in the world to buy these drugs. This is madness, and putting an end to it is an obvious political win. But Biden found a way to do it that "balanced" the leftist principle of protecting people from capitalist exploitation with the liberal principle of protecting businesses lest the essential function of developing life-saving drugs become a state activity (rather than a market one).

Biden's solution? A "Build Back Better" plan that would allow the federal government to negotiate up to ten drug prices (and as few as zero drug prices), but the new prices would only kick in after the 2024 election, so no one would see the benefit of this in time for the next general election:

https://pluralistic.net/2021/11/18/bipartisan-consensus/#corruption

This is a solution that pleases no one – and that's the point. Biden and his team viewed the presidency as an institution for making sure everyone was equally unhappy, a philosophy that Anat Shenker-Osorio calls "pizzaburger politics." This is named for a thought-experiment in which half your family wants pizza and the other half wants burgers, so you serve them "pizzaburgers" and make everyone miserable and declare yourself to have the fair-handed wisdom of Solomon (yes, I'm aware that this analogy has a fatal flaw in that pizzaburgers actually sound delicious, but work with me here).

Biden prided himself on running a pizzaburger presidency, in which every move that satisfied the left of his party was neutralized by a concession to the party's right wing establishment:

https://pluralistic.net/2024/05/29/sub-bushel-comms-strategy/#nothing-would-fundamentally-change

(Trump enacted a mirror-world version of Biden's pharma price controls: TrumpRx, a program that claims to lower drug prices while those prices actually go up):

https://democrats-energycommerce.house.gov/sites/evo-subsites/democrats-energycommerce.house.gov/files/evo-media-document/e-c-democrats-trumprx-big-talk-little-savings.pdf

Biden's pizzaburger compromises made everyone unhappy. He appointed generational talents like Lina Khan, Jonathan Kanter and Rohit Chopra to run key agencies charged with crushing corporate power, and then gave lifetime appointments to corporate-friendly judges who blocked their rulemakings and penalties:

https://www.aljazeera.com/news/2023/7/11/us-judge-turns-down-challenge-to-microsoft-merger-with-activision

Of course, it wasn't just Biden's own judicial appointees who stood in his way; from the Supreme Court on down, on issues from student debt cancellation to noncompetes, judges blocked the Biden administration. When this happened, Biden somehow couldn't find his way to his bully pulpit. Rather than working the refs – the way Trump does, in ways that energize his base, stiffens his legislators' resolve and intimidates other judges – Biden tinkered in the margins to find ways to advance half-measures and stayed mum in public.

This compromise-oriented meekness carried over into Biden's relationship with Democratic lawmakers who sold out the American people. Rather than campaigning for the primary opponents of monsters like Fetterman, Sinema and Manchin, Biden worked behind the scenes to broker compromises, delivering yet another inedible pizzaburger (and acting hurt and bewildered when no one thanked him for it). The alternative? Constitutional hardball:

https://pluralistic.net/2024/10/18/states-rights/#cold-civil-war

It's not clear whether Harris's abbreviated campaign could have made the public case that she would govern in a more muscular fashion as befitted the polycrisis facing the nation, but she didn't even try. A couple Democratic Party insiders of my acquaintance tell me that Biden only agreed to step aside on the condition that Harris not criticize his record. I don't know if that's true, but even within that hypothetical constraint, Harris hardly presented herself as an avatar of change. She carried on Biden's tradition of conspicuously failing to campaign on the significant achievements of Biden's own trustbusters, and put her brother-in-law, the lawyer who helped Uber crush labor rights in California, in charge of her campaign:

https://www.nytimes.com/2024/08/04/us/politics/kamala-harris-tony-west.html

The point of all this is that the American people have, on two occasions, comprehensively rejected the "America is already great"/"Nothing would fundamentally change" politics of a liberal-dominated left/liberal progressive coalition. The senior partners in that coalition have driven the country into a ditch, letting Trump stage a fascist takeover that has us fighting not to win another election, but just to have another one.

Americans are sick of being told that their politicians can't do anything because "they're not the Green Lantern:"

https://pluralistic.net/2023/01/10/the-courage-to-govern/#whos-in-charge

America isn't already great. If we are to have more elections – much less win them – we will need to mobilize millions of people. You don't do that by telling them to oppose Trumpismo – you get them out in the streets by giving them something to support. That was Mamdani's winning message: "I know what a politician can do, and I will do it":

https://pluralistic.net/2026/02/24/mamdani-thought/#public-excellence

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Denmark plans to legalize music trading https://edition.cnn.com/2001/TECH/internet/05/07/denmark.downloads.idg/index.html

#20yrsago Babysuit https://web.archive.org/web/20060513013815/https://www.gildlilies.com/pop_ups/phillip_toledano_kaleidoscope.htm

#20yrsago Patent office will ask the public to “peer review” inventions https://web.archive.org/web/20060512051743/http://www.dotank.nyls.edu/communitypatent/

#20yrsago Report from France’s DRM protest at Place de la Bastille https://web.archive.org/web/20170902135411/https://tofz.org/?dir=Paris%2Fevents%2FMarch

#20yrsago Interactive maps show your city’s floodline when the sea rises https://flood.firetree.net/

#20yrsago Scientology to open “Super Power” training center in FL https://web.archive.org/web/20060522112457/http://www.sptimes.com/2006/05/06/Tampabay/Scientology_nearly_re.shtml/
#20yrsago Homemade radios http://www.duntemann.com/radiogallery.htm

#20yrsago Vatican astronomer denounces Creationism as “paganism” https://web.archive.org/web/20060517013332/http://news.scotsman.com/international.cfm?id=674042006

#20yrsago Canada’s New Democratic Party embraces copyfighting musicians https://web.archive.org/web/20060520024734/http://www.ndp.ca/page/3713

#15yrsago Teens and privacy online: using Facebook is compatible with valuing privacy https://www.zephoria.org/thoughts/archives/2011/05/09/how-teens-understand-privacy.html

#15yrsago Ann Arbor library acquires lending, sharing and copying rights to Creative Commons music catalog https://annarborchronicle.com/2011/04/28/ann-arbor-library-signs-digital-music-deal/

#15yrsago Tin robot on Karel Čapek’s grave https://www.gilesorr.com/travels/Prague2011/BestPrague.20110421.6142.GO.CanonSX10.html

#15yrsago Just look at this banana Dalek. https://web.archive.org/web/20110716022131/https://www.daleksoftheday.com/2011/05/banana-dalek.html

#15yrsago NRA and Florida gag pediatricians: no more firearm safety advice for parents https://www.npr.org/2011/05/07/136063523/florida-bill-could-muzzle-doctors-on-gun-safety

#10yrsago Conservative economics: what’s happened to the UK economy after a year of Tory rule https://web.archive.org/web/20160509113126/https://www.independent.co.uk/news/business/news/what-has-happened-to-the-economy-under-the-tories-in-six-charts-a7017131.html

#10yrsago Save iTunes: how the W3C’s argument for web-wide DRM would have killed iTunes https://www.eff.org/deeplinks/2016/04/save-itunes

#10yrsago America’s courts are going dark https://www.justsecurity.org/30920/courts-going-dark/

#10yrsaogo Australian government issues report calling for copyright and patent liberalisation https://www.eff.org/deeplinks/2016/05/australian-productivity-commission-slams-protectionist-copyright-and-patent-laws

#10yrsago Panama Papers: New Zealand is the go-to money launderer for crooked Latin Americans https://www.rnz.co.nz/news/panama-papers/303356/nz-at-heart-of-panama-money-go-round

#10yrsago Safe Patient Project: searchable spreadsheet tells Californians whether their doc is on probation, and why https://web.archive.org/web/20160507002350/http://consumersunion.org/research/california-doctors-on-probation/

#5yrsago The Memex Method https://pluralistic.net/2021/05/09/the-memex-method/

#5yrsago How copyright filters lead to wage-theft https://pluralistic.net/2021/05/08/copyfraud/#beethoven-just-wrote-music

#1yrago Who broke the internet? https://pluralistic.net/2025/05/08/who-broke-the-internet/#bruce-lehman

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-09T13:42:31+00:00 Fullscreen Open in Tab
Note published on May 9, 2026 at 1:42 PM UTC
Sat, 09 May 2026 12:51:02 +0000 Fullscreen Open in Tab
Pluralistic: Trump's fruitless search for a goreable ox (09 May 2026)


Today's links


Two men in suits seated next to each other. The younger man is pointing at a brochure. The younger man's head has been replaced with a whole roast chicken. The older man's head has been replaced with a large beef roast. The brochure has been replaced with vintage meat ads. The background is a cropped section of of a high-magnification scan of a US $100 bill, colors faded and shifted.

Trump's fruitless search for a goreable ox (permalink)

I've got good news and bad news for Trump. The good news: you can get elected by promising to do something about the cost of living crisis, and the president actually has a lot of ways to improve people's daily costs. The bad news: everything you could do to fix working people's cost of living will make an oligarch worse off.

This is the essential conundrum of Trumpismo: to keep his base happy, he needs to make their lives better; but to make their lives better, he'll have to make oligarchs angry. The oligarchs' wealth bonanza caused the cost of living crisis. Oligarchs' pleasure causes our suffering, so alleviating our suffering will reduce their pleasure.

This means that while Trump can promise help with prices, all he can deliver is union-busting, ICE lynchings, and pointless wars, none of which have any hope of materially improving the lives of working people. Indeed, all of this stuff makes working people materially worse off, as wages fall, crops rot in the fields, and gas prices shoot through the roof.

Trump would dearly love to find an ox he can safely gore, but all the good oxen are owned by his oligarch chums. Trump can't punish Ticketmaster, because the billions Ticketmaster steals from the WWE, F1 and football fans in his base all land in the pocket of oligarchs who own stock in Ticketmaster, and Trump can't afford to upset those oligarchs:

https://pluralistic.net/2024/06/03/aoi-aoi-oh/#concentrated-gains-vast-diffused-losses

Indeed, I can't think of a single corrupt racket that Trump can afford to do something about. Not even the only cost of living metric that can approach gas prices in the hierarchy of American electoral salience: grocery prices.

Your grocery bill went up because oligarchs price-gouge you. Eggflation was caused by Cal-Maine, the monopolist that owns every brand of eggs in your grocer's fridge, who jacked up prices because they knew they could:

https://pluralistic.net/2025/03/10/demand-and-supply/#keep-cal-maine-and-carry-on

Pepsi and Walmart conspired to force every retailer to jack up the prices of all Pepsi products (including Frito-Lay, Gatorade, Aquafina, etc) at every retailer's store, so that Walmart could also jack up their prices and still undersell their competition (naturally, Trump let them get away with it):

https://www.thebignewsletter.com/p/secret-documents-show-pepsi-and-walmart

This stuff isn't exactly a secret. Grocery store owners hold earnings calls with their investors where they boast about the fact that they can raise their prices far in excess of their increased costs, and blame it on inflation:

https://pluralistic.net/2023/03/11/price-over-volume/#pepsi-pricing-power

They boast about their "personalized pricing" swindles, whereby they use surveillance data to figure out how desperate you are and jack up the prices you see in their apps:

https://pluralistic.net/2025/12/11/nothing-personal/#instacartography

Trump has the power to put a stop to all of this, but still, he can't, because his oligarch pals would squeal, and when they squeal, Trump jumps. In theory, Trump has lots of power, but in practice, Trump can't do anything.

Which brings me to the cost of meat. Meat inflation has raced ahead of other forms of food inflation, even as the payments to ranchers and other producers fell sharply, leading to waves of bankruptcies:

https://www.thebignewsletter.com/p/beef-is-expensive-so-why-are-cattle

Partly, that's because meat processing is controlled by cartels, with 85% of all the beef being processed by four packers, and nearly every chicken going through one of four poultry processors. These middlemen jack up prices to grocers while colluding to push down the payments to their suppliers.

How do they rig those prices? After all, it's very illegal for these four companies to get together around a table to rig prices. Instead, they use a "price consultancy" called Agri Stats that does the price-rigging for them. Every week, the packers send a detailed list of all their costs and prices into Agri Stats, and Agri Stats "advises" them all to raise all their prices at once, and anyone who doesn't play along is pushed out of the Agri Stats cartel. Everyone wins – except families paying for groceries:

https://pluralistic.net/2023/10/04/dont-let-your-meat-loaf/#meaty-beaty-big-and-bouncy

Agri Stats has been doing this since the Reagan years, but they grew steadily more brazen, until, back in 2023, Biden's DOJ brought history's most obvious, easily won antitrust case against them:

https://www.meatpoultry.com/articles/29124-doj-sues-agri-stats-for-complicity-in-meat-market-manipulation

And wouldn't you know it, Trump just settled that case, in a way that will make Agri Stats much, much richer and give them far more opportunities to rig prices:

https://prospect.org/2026/05/08/meat-industry-agri-stats-department-of-justice-price-fix-trump/

Under the terms of the settlement, Agri Stats must "allow" restaurants, farmers, and other parts of the supply chain to pay it for the data it consolidates. This will allow more parties to collude to rig prices, and provide more income to Agri Stats. As David Dayen writes in The American Prospect, they've been "sentenced to make money."

Agri Stats isn't the only "price consultancy" that is used to launder a price-fixing cartel that's driving up the cost of living for all Americans, including Trump's base, in order to make oligarchs better off. Companies like Realpage do the same thing for residential rents:

https://pluralistic.net/2024/12/11/nimby-yimby-fimby/#home-team-advantage

Trump can't do anything about any of these scams, not without goring some oligarch's precious ox. But, as Dayen points out, there are dozens of Democratic state Attorneys General who can kill Trump's sweetheart deal for Agri Stats using the Tunney Act, which gives them standing to sue to force a federal judge to review the settlement and determine whether it is fair.

Whether any AG will seize the moment remains to be seen, of course, but it would be very good politics to do so – after all, the path to political power in America runs through credible promises to do something about the cost of living crisis.

Hey look at this (permalink)

'The Biggest Student Data Privacy Disaster in History': Canvas Hack Shows the Danger of Centralized EdTech https://www.404media.co/the-biggest-student-data-privacy-disaster-in-history-canvas-hack-shows-the-danger-of-centralized-edtech/


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago A dotcom founder's tale (funny) https://features.slashdot.org/story/01/05/04/1541239/the-worst-of-times

#20yrsago Shell UK abandons chip-and-pin after £1M fraud https://web.archive.org/web/20060508044110/https://www.snakeoillabs.com/2006/05/07/shell-stops-accepting-chip-and-pin-in-fraud-fiasco-bp-to-follow/

#15yrsago Typewriter bust: Grandfather https://web.archive.org/web/20110511033756/http://jemayer.tumblr.com/post/5260317696

#10yrsago Kobo “upgrade” deprives readers of hundreds of DRM-locked ebooks https://www.teleread.com/drm-nightmare-after-recent-upgrade-kobo-customers-report-losing-sony-books-from-their-libraries/

#10yrsago Venerable hacker zine Phrack publishes its first issue in four years https://phrack.org/issues/69/1

#10yrsago Panama Papers whistleblower issues statement, naming and shaming failed states and institutions https://web.archive.org/web/20160506180902/https://panamapapers.icij.org/20160506-john-doe-statement.html

#5yrsago The FTC's (kick-ass) Right to Repair report https://pluralistic.net/2021/05/07/pro-act-class-war/#we-fixit

#5yrsago The PRO Act and worker misclassification https://pluralistic.net/2021/05/07/pro-act-class-war/#sectoral-balances

#1yrago Mark Zuckerberg announces mind-control ray (again) https://pluralistic.net/2025/05/07/rah-rah-rasputin/#credulous-dolts

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-08T15:13:55+00:00 Fullscreen Open in Tab
Published on Citation Needed: "Issue 105 – The new boogeyman"
Fri, 08 May 2026 12:19:36 +0000 Fullscreen Open in Tab
Pluralistic: Lee Lai's "Cannon" (08 May 2026)


Today's links


The Drawn & Quarterly cover for Lee Lai's 'Cannon.'

Lee Lai's "Cannon" (permalink)

Lee Lai's Cannon is an extraordinary graphic novel that turns out a beautifully told, subtle and ambiguous tale about Lucy (Lucy -> "Loose" -> "Loose Cannon" -> "Cannon"), a queer Chinese-Canadian chef at a Montreal restaurant whose messy family, work, personal and sex life are all falling apart in ways that are powerfully engrossing:

https://drawnandquarterly.com/books/cannon/

This is the second outing from Lee Lai, whose debut, Stone Fruit, swept many of the field's awards and won major critical acclaim. When a debut comes out that strong, it's sometimes followed with the dread "second book syndrome" in which a creator who has poured everything they ever thought about putting in a book now has to write another book, from scratch. But Cannon avoids any hint of that second book malaise; rather, it is jammed with dense and densely connected ideas, character beats and graphic signifiers that are brilliant in so many ways:

https://www.fantagraphics.com/products/stone-fruit

Cannon is a thirtysomething chef in a Montreal restaurant run by Guy, an instantly recognizable hustler who praises Cannon for her culinary abilities and her pliability, talks over her, demands the impossible from her kitchen colleagues and periodically breaks out into soliloquies about his own martyrdom to the hardships of entrepreneurship.

Cannon cares for her grandfather, who has been abandoned by her mother, who has been traumatized by the abuse he meted out to her during her upbringing. Now in decline and unable to care for himself, Cannon's grandfather continues his abusive ways, scaring off all of his home help, which means Cannon must devote even more time to him (she can't bring herself to put him in a care facility that will inevitably be full of white people who don't speak Chinese).

These familial duties leave Cannon isolated, with only one important friendship: Trish, an up-and-coming novelist whom Cannon has known since their school days in Montreal's suburban Eastern Townships, where they were the only queer Chinese girls either of them knew. Trish owes her professional acclaim to her own neurotic social instincts, which she polishes on the page with the help of an old writing teacher who serves as her mentor. Trish may be Cannon's oldest and best friend, but she's not actually a very good friend, and now that they're both in their 30s, neither Cannon nor Trish is entirely sure where they'd make new friends.

This is where Cannon starts, as Cannon tries to resolve all these bad situations, each of which is only worsening. Trish disapproves of Cannon's sexual affair with the new front-of-house woman at the restaurant – even as Trish begins a friends-with-benefits arrangement with a guy from her fitness club who clearly wants more than the odd tumble. Guy the restaurateur positions Cannon as his hatchet-woman and confidante, driving conflict in the kitchen that she is meant to hold the bag for. Her grandfather enters a terminal decline, and still her mother won't answer her calls and texts about it. And then, Cannon discovers that Trish has violated her in a way that is intimate and appalling.

These may sound like the beats that you'd find in a melodramatic soap opera, but Cannon's affect is so stoic, and her interiority is so beautifully and inventively depicted – Lai deploying the unique strengths of the graphic novel form here with total virtuosity – that the vibe is more David Lynch than Dallas.

The result is something that's beautiful, sharp, critical and lingering. Long after I closed the cover, I found myself mulling over the delicate ways that Lai raised the contradictions, sorrows and beauty of queer love, racial identity, camaraderie, self-control, and self-indulgence. Lai's characters have no answers, only questions that can never be fully resolved. Instead, these questions are the defining puzzles, defeats and triumphs of their lives.

It's a magnificent, sensitive and innovative work of storytelling.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Ebay paying newspapers to run listings in the classifieds section https://web.archive.org/web/20010506063910/http://www.business2.com/news/2001/05/ebaypapers.htm

#20yrsago Airline spoons of the world photo-gallery https://www.flickr.com/photos/airlinespoons

#20yrsago Coach passengers arrested for moving to first class http://news.bbc.co.uk/1/hi/england/manchester/4980364.stm

#15yrsago Hidden cognitive costs of doing stuff https://web.archive.org/web/20110507154653/https://us.lifehacker.com/5798202/the-cognitive-cost-of-doing-things

#15yrsago Syria’s man-in-the-middle attack on Facebook https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook

#10yrsago Weird erotica author who was dragged into Hugo Awards mess pulls off epic troll https://web.archive.org/web/20160506175535/http://www.dailydot.com/lol/chuck-tingle-trolling-hugo-zoe-quinn-genius/

#10yrsago FBI has been harassing a Tor developer since 2015, won’t tell her or her lawyer why https://blog.patternsinthevoid.net/fbi-harassment.html

#10yrsago 2,000 US doctors endorse Sanders’ single-payer healthcare proposal https://web.archive.org/web/20160506095034/https://www.washingtonpost.com/news/wonk/wp/2016/05/05/2000-doctors-say-bernie-sanders-has-the-right-approach-to-health-care/

#10yrsago Community college evicts daycare center to make room for Goldman Sachs https://www.golocalprov.com/news/daycare-center-being-moved-out-of-ccri-for-goldman-sachs

#10yrsago Data-driven look at America’s brutal, racist debt-collection machine https://www.propublica.org/article/so-sue-them-what-weve-learned-about-the-debt-collection-lawsuit-machine

#10yrsago Homeland Security wants to subpoena Techdirt over the identity of a hyperbolic commenter https://www.techdirt.com/2016/05/06/homeland-security-wants-to-subpoena-us-over-clearly-hyperbolic-techdirt-comment/

#5yrsago NY AG attributes Net Neutrality fraud to telcos https://pluralistic.net/2021/05/06/boogeration/#pais-lies

#5yrsago Ed-tech apps spy on kids https://pluralistic.net/2021/05/06/boogeration/#i-spy

#5yrsago Scammers recycled covid nose-swabs https://pluralistic.net/2021/05/06/boogeration/#up-your-nose

#1yrago The Adventures of Mary Darling https://pluralistic.net/2025/05/06/nevereverland/#lesser-ormond-street

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Thu, 07 May 2026 08:08:49 +0000 Fullscreen Open in Tab
Pluralistic: Bubbles are REALLY evil (07 May 2026)


Today's links


The royal carriage of king Louis Philippe is burned in front of the Chateau d'eau during the French revolution of 1848, Paris 24th February 1848.

Bubbles are REALLY evil (permalink)

I am on record as saying that every economic bubble is terrible, but some bubbles do at least leave behind a salvageable productive residue while others leave behind nothing but ashes; indeed, this is the thesis of my next book, The Reverse Centaur's Guide to Life After AI:

https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/

Here's a historical comparison that's illuminating: Enron vs Worldcom. Both were monumental frauds, the CEOs of both companies died shortly after the frauds were discovered, but they have very different legacies. Enron – a scam that pretended to secure billions of dollars' worth of new efficiencies through "energy trading" but was actually just engineering rolling blackouts in order to jack up energy prices – left behind nothing.

Well, not quite nothing. Enron did leave behind a little useful residue after it burned to the ground: a giant repository of emails. You see, after Enron went bust, it was sued by its creditors, who demanded access to relevant emails from the company's Outlook server. But the company execs decided they didn't want to spend the money to weed out the irrelevant emails before the court-mandated disclosure, so instead they published all the emails ever sent or received by anyone at Enron, including tons of extremely private, personal, sensitive information relating to Enron's employees and customers:

https://en.wikipedia.org/wiki/Enron_Corpus

This became the "Enron Corpus" and it was the first large tranche of emails that were in the public domain and available to researchers. As a result, it became the gold standard dataset for researchers investigating social graphs, natural language, and many other subjects that subsequently became very important computer science fields and commercial applications.

As legacies go, the Enron Corpus is pretty small ball, and even so, it is decidedly mixed, both because the Enron Corpus constitutes a gross, ongoing privacy violation for a huge number of people; and because a lot of that social graph and natural language work that it jumpstarted has been put to deeply shitty purposes.

Then there's Worldcom: also a gigantic fraud, Worldcom falsified billions of dollars' worth of orders for new fiber optic lines, and it then dug up streets all over the world and installed them. When Worldcom went bankrupt, all that fiber stayed in the ground, and many people are still using it today. My home in Burbank has a 2GB symmetrical fiber connection through AT&T that runs on old Worldcom fiber that AT&T bought up for pennies on the dollar.

So while you have to squint really hard to find any benefit that can be salvaged from Enron, it's really easy to point at Worldcom's productive residue – it's a ton of fiber and conduit running under the streets of major cities around the world, ready to be lit up and bring the people nearby into the 21st century. Fiber, after all, is amazing, literally thousands of times better than copper or 5G or Starlink:

https://pluralistic.net/2026/04/07/swisscom/#stacked

Even though Enron's CEO Ken Lay and Worldcom's CEO Bernie Ebbers both received prison sentences after their fraud was revealed, the bubbles never stopped, and indeed, they only got worse. AI is the biggest bubble in human history, worse even than the South Sea Bubble:

https://en.wikipedia.org/wiki/South_Sea_Company

And like those earlier bubbles, some of our modern bubbles will leave behind nothing, while others will leave behind some productive residue. Take the cryptocurrency bubble. Crypto will go to zero, and when it does, all it will leave behind is shitty monkey JPEGs and even worse Austrian economics:

https://www.web3isgoinggreat.com/

As with Enron, you can find some productive residue from cryptocurrency if you look hard enough. A lot of programmers have had a heavily subsidized education in Rust programming and cryptographic fundamentals, both of which are unalloyed goods in our otherwise very insecure digital world.

Some of the underlying mechanisms from crypto are useful, even without blockchains. Take Metalabel, a system that lets collaborators on creative projects automate how they handle revenues from those projects by plugging DAO-like logic into traditional, dollar-based bank accounts. They're recycling some of the tooling from the crypto bubble to create a very useful utility, without the crypto:

https://www.metalabel.com/

But, as with the Enron Corpus, this is pretty small ball. The world has flushed away hundreds of billions to get paltry millions' worth of value out of crypto – the rest of that value disappeared into the pockets of crooked insiders who defrauded the public into parting with their savings.

If crypto will be Enron-like in its post-bubble life, what about AI? I think AI is more like Worldcom: there's a bunch of useful stuff that AI can do, after all. Take away the bubble and we'd call the things AI can do "plug-ins" and some people would use them, and others wouldn't, and some of those uses would be productive, and others would be foolish, but we wouldn't bet the world's economy on them, nor would we squander our last dribbles of potable water to cool their data centers.

After the AI bubble pops, there will be a lot of durable residue. The data centers will still stand. The GPUs will still be there, and if we don't "sweat the assets" by running them as hot and hard as they can tolerate, they won't burn out in 2-3 years. There will be lots of applied statisticians, skilled data-labelers, etc, looking for work. And there will be lots of open source models that have barely been optimized (why make an open source model more efficient when you're raising capital based on the promise of outspending everyone else in order to dominate a world of ubiquitous, pluripotent, winner-take-all centralized AI?):

https://pluralistic.net/2025/10/16/post-ai-ai/#productive-residue

That's a situation not unlike the post-dotcom bubble of the early 2000s. Almost overnight, the legion of humanities undergrads who'd been treated to subsidized training in perl, Python and HTML found themselves looking for work. Servers could be purchased in bulk for pennies on the dollar (with user data still on them!). I bought a "dining room set" of six $1,000+ fancy office chairs for $50 each (still wrapped in plastic!) from a dotcom founder who was selling them on the sidewalk out front of his failed startup's office in the Mission. He offered to sell me ten lifetime's supply of branded t-shirts for $20. I turned him down.

That was the birth of Web 2.0. All of a sudden, people who wanted to make real things that were good could do so, because they could find skilled workers, hardware, and office space at such knock-down prices that they could be funded out of pocket or put on a credit card. People got to pursue the web they wanted, free from asshole bosses and VCs. Not everything that got built in those heady days was good, but many good things got built.

I can easily imagine that the post-bubble AI scene will produce benefits comparable to Web 2.0 – projects built by and for people who want to do useful and fun things, without being distracted by the mirage of illusory billions promised by the stock swindlers who created the bubble.

I can easily imagine that I will find some of those post-bubble tools useful, and that in 20 years I will still be using them, just as today, I am still using some of those early post-dotcom bubble services and tools.

And despite all that, IT IS NOT WORTH IT.

The residue that is left behind by every bubble is subsidized, but that subsidy doesn't come from the deep-pocketed investors who are gripped by "irrational exuberance." It comes from mom-and-pop, normie, retail investors who have been tricked into giving their money to the insiders who inflated the bubble.

From Worldcom to Enron, from crypto to AI, the point of the bubble wasn't ever the residue or lack thereof – it was a transfer from working people to crooks. Bubbles are a system for moving the painfully sequestered life's savings of people who do things to people who steal things.

Since the Carter years, workers have been forced to flush their savings into the stock market, after the traditional "defined benefits pension" (that guarantees you an inflation-adjusted sum every month until you die) was replaced with 401(k)s and other "market-based pensions" (where you only get to survive after retirement if you bet correctly on the movement of stocks):

https://pluralistic.net/2022/05/29/against-cozy-catastrophies/

Despite this having all the appearances of a rigged game – finance industry insiders are always going to be better at betting on stocks than teachers, nurses, janitors and other productive workers – proponents of this system always insisted that workers weren't really the suckers at the table. But the stock market is like Kalshi or Polymarket in that one bettor's losses are another bettor's gains, and in those markets, nearly all the money is harvested by less than 1% of bettors:

https://www.coindesk.com/markets/2026/04/29/a-tiny-group-is-winning-on-polymarket-as-under-1-of-wallets-take-half-the-profits

Somehow, supposedly, we could beat those insiders and survive into our old age without having to eat dog food or become a burden on our kids by betting on the whole market, through index-tracker funds:

https://pluralistic.net/2022/03/17/shareholder-socialism/#asset-manager-capitalism

Supposedly, this would "diversify" our portfolios, which would insulate us from risks we could not understand, much less estimate. But thanks to private equity and the AI bubble, betting on "the whole market" is basically "betting on AI." 35% of the S&P 500 is tied up in seven AI companies, who are engaged in the obviously fraudulent (and Worldcom-adjacent) practice of passing the same $100b IOU around really quickly and pretending it's in all their bank accounts at once:

https://www.fool.com/investing/2025/11/05/ai-growth-stocks-is-there-still-room-to-run/

When the AI bubble pops, it will vaporize (at least) 35% of the US stock market and wipe out everyday savers who have been swindled into betting their futures on AI, based on the fraudulent representations of AI pitchmen. Millions of people who worked hard all their lives and deprived themselves of small comforts in order to save for their retirement will be wiped out. They will be made dependent on the Social Security system that Republicans are determined to starve into bankruptcy and then turn into (yet another) "market based system" that you will be required to convert into chips at the stock market casino where you're up against professional players who hold all the cards:

https://www.newsweek.com/major-social-security-change-proposed-to-build-wealth-11727844

Annihilating a third of the stock market will have severe knock-on effects, even though the median US worker only has $955 saved for retirement:

https://finance.yahoo.com/news/955-saved-for-retirement-millions-are-in-that-boat-150003868.html

Because wiping out the life's savings of everyone else will tank consumption for a generation. Retirees who have to sell their family homes to pay their medical bills won't be buying breakfast at the local diner or catching a Tuesday night movie. They won't be indulging their grandkids with nice birthday presents or helping their own kids buy their first home.

Worse still: the only thing our society knows how to do about economic catastrophe (for now, anyway) is to impose brutal austerity, and austerity drives voters into the arms of fascist strongmen, who blame all their woes on a scapegoated minority in order to win office, and then steal everything that's not nailed down:

https://pluralistic.net/2026/04/12/always-great/#our-nhs

Which is all to say, there's a world of difference between recognizing that the AI bubble is the superior sort of bubble in that it will leave a productive residue, and endorsing the AI bubble as a productive or morally acceptable way to produce that residue. It's one thing to anticipate salvaging something useful out of a catastrophe, and another thing altogether to deliberately induce or prolong that catastrophe so as to maximize the amount of salvage.

The swindlers who created this bubble are crooks who have set out to destroy the futures of a generation of savers. They are monsters, and their bubble needs to be popped as quickly as possible.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Judge mocks FCC’s legal argument for wiretapping VoIP https://web.archive.org/web/20060512141440/https://www.eff.org/deeplinks/archives/004638.php

#20yrsago Podcasting saved from the UN — for now https://web.archive.org/web/20060603152220/https://www.eff.org/deeplinks/archives/004637.php

#15yrsago Two billion people and the royal wedding: pretty damned unlikely https://www.gyford.com/phil/writing/2011/05/06/2-billion-viewers/

#15yrsago Mozilla tells DHS: we won’t help you censor the Internet https://torrentfreak.com/homeland-security-wants-mozilla-to-pull-domain-seizure-add-on-110505/

#15yrsago Foxconn workers forced to sign promise not to commit suicide due to working conditions https://memex.craphound.com/2011/05/05/foxconn-workers-forced-to-sign-promise-not-to-commit-suicide-due-to-working-conditions/

#15yrsago Shannon’s Law: a story about bridging Faerie and the mundane world with TCP-over-magic https://reactormag.com/shannons-law/

#15yrsago Green Army men with PTSD https://www.wearedorothy.com/collections/artworks/products/casualties-of-war

#10yrsago Deep Insert skimmers: undetectable, disposable short-lived ATM skimmers https://krebsonsecurity.com/2016/05/crooks-go-deep-with-deep-insert-skimmers/

#10yrsago How standardizing DRM will make us all less secure https://www.eff.org/deeplinks/2016/04/standardized-drm-will-make-us-less-safe

#10yrsago Excellent advice for generating and maintaining your passwords https://www.wired.com/2016/05/password-tips-experts/

#10yrsago Amid education funding emergency, Washington State gives Boeing, Microsoft $1B in tax breaks https://jeffreifman.com/2016/05/05/forget-boeing-microsofts-tax-break-costs-776-million/

#5yrsago MRNA vaccines and Clarke's Law https://pluralistic.net/2021/05/05/clarkes-third-law/#indistinguishable-from-magic

#5yrsago Stimmies killed the McJob https://pluralistic.net/2021/05/05/clarkes-third-law/#precariat-nostalgia

#1yrago Bridget Read's 'Little Bosses Everywhere' https://pluralistic.net/2025/05/05/free-enterprise-system/#amway-or-the-highway

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Wed, 06 May 2026 10:15:36 +0000 Fullscreen Open in Tab
Pluralistic: In praise of vultures (06 May 2026)


Today's links

  • In praise of vultures: They screw you because they can.
  • Hey look at this: Delights to delectate.
  • Object permanence: Linus v MSFT; Argentina v MSFT; Danny Hillis on theme parks v games; Smartfilter v Distributed Boing Boing; Rental laptops filled with spyware; Torture didn't help capture bin Laden; Massively parallel Apple //e; Stephen Harper v election law; John Deere v Iowa cartoonist; Qualia.
  • Upcoming appearances: Guelph, Barcelona, Berlin, Hay-on-Wye, London, NYC, Edinburgh.
  • Recent appearances: Where I've been.
  • Latest books: You keep readin' em, I'll keep writin' 'em.
  • Upcoming books: Like I said, I'll keep writin' 'em.
  • Colophon: All the rest.


A down-at-heel frontier courtroom presided over by a flustered judge and his miserable clerk. In the foreground is a vulture in a powdered barrister's wig.

In praise of vultures (permalink)

One of my bedrock beliefs is that capitalists really hate capitalism. They may name their beloved institutes after the likes of Adam Smith, but they ignore everything Smith had to say about the necessity of competition to keep markets from turning into monopolies:

https://pluralistic.net/2023/06/09/commissar-merck/#price-giver

The theory of capitalism holds that markets are a kind of distributed computer that aggregates trillions of decisions from billions of market participants in order to optimize production and distribution of goods and services, creating a "Pareto-optimal" world where no one can be made better off without making someone else worse off.

Whether or not you believe that this computer exists and functions as predicted, one indisputable fact about it is that it requires the freedom to choose in order to work. The point of market-as-computer is that it aggregates decisions, so it can only work if everyone is as free as possible to decide.

But that's not the world capitalists want. For capitalists, the point is to restrict other people's choices in order to maximize your own freedom. That's how we get economic doctrines like "revealed preferences": the idea that if a person says they want one thing, but does another thing, then you can tell what they really prefer by looking at the latter and disregarding the former. This is the kind of doctrine you can only fully embrace after sustaining the kind of highly specific neurological injury that is induced by taking an economics degree, an injury that makes you incapable of perceiving or reasoning about power. Under the doctrine of revealed preferences, someone who sells their kidney to make the rent has a revealed preference for only having one kidney:

https://pluralistic.net/2026/03/30/players-of-games/#know-when-to-fold-em

Capitalism is supposed to run on risk: the risk of being overtaken by a competitor drives businesses to deliver better services more efficiently, thus producing a bounty for all. But capitalists really hate risk, hence the drive to monopoly: Mark Zuckerberg admitted, in writing, that he only bought Instagram so that he wouldn't have to compete with it ("It is better to buy than to compete" -M. Zuckerberg):

https://pluralistic.net/2025/11/20/if-you-wanted-to-get-there/#i-wouldnt-start-from-here

Capitalists hate capitalism, but they love feudalism. Feudalism is like capitalism, in that you have a ruling class that creams off the surplus generated by labor; but under feudalism, society is organized to protect rents (money you get from owning stuff) over profits (money you get from doing stuff). The beauty of rents is that they are insulated from risk: if you own a coffee shop, you're in constant danger of being put out of business by a better coffee shop. But if you own the building and your coffee shop tenant goes under, well, you've still got the building, and hey, now it's on the same hot block as the amazing new cafe that's driving its competitors out of business:

https://pluralistic.net/2023/09/28/cloudalists/#cloud-capital

Douglas Rushkoff calls this "going meta": don't drive a taxi, rent a medallion to a taxi driver. Don't rent a medallion, start a ride-hailing app company. Don't start a ride-hailing company, invest in the company. Don't invest in the company, buy options on the company's shares. Each layer of indirection takes you further from the delivery of a useful service – and insulates you further from risk:

https://pluralistic.net/2022/09/13/collapse-porn/#collapse-porn

Monopoly is to capitalism as gerrymandering is to democracy, a way to strip out any meaningful choice. Think of the two giant packaged goods companies that fill your grocery aisles: Procter & Gamble and Unilever. Practically everything on your grocer's shelves is made by a division of one of these two massive conglomerates. If you try to "vote with your wallet" by buying a low-packaging version of a product, it's going to be sold to you by the same company that sells the high-packaging version. If you switch to an artisanal brand of cookies made by a local family business, Unilever or P&G will buy that company and issue a press release declaring that they made the acquisition because they know "their customers value choice":

https://pluralistic.net/2024/05/18/market-discipline/#too-big-to-care

Gerrymandering strips your vote of any impact on political outcomes. Monopoly strips your purchases of any ability to influence economic outcomes. Wrap both of them in "revealed preferences" and you get a system that endlessly narrates its ability to deliver choice, and then blames your misery on your having chosen badly.

This is the method of the entire conservative project. As Dan Savage says: the thing that unites conservative assaults on voting, birth control, abortion and no-fault divorce is the stripping away of choice. Conservatives are trying to create a world populated by husbands you can't divorce, pregnancies you can't prevent or terminate, and politicians you can't vote out of office. Add to that Trump's assault on the National Labor Relations Board, his reversal of the FTC's ban on noncompetes, and his protection of "TRAP" agreements that force employees to pay thousands of dollars if they quit their jobs, and you get "jobs you can't quit":

https://pluralistic.net/2025/09/09/germanium-valley/#i-cant-quit-you

Conservative strongmen like Trump and Musk exalt the value of self-determination – for themselves, at everyone else's expense. Trump's ability to stiff the contractors that built his hotels and Musk's ability to rain flaming rocket debris down on the people who live near his company town require that everyone else be stripped of protections. They get to determine their own course in life by taking away your ability to determine your own. Their right to swing their fists ends two inches past your nose:

https://pluralistic.net/2026/04/21/torment-nexusism/#marching-to-pretoria

Cheaters and bullies hate the rule of law, hence Trump's endless repetition of Nixon's mantra: "When the president does it, that means it is not illegal." But not everyone can be president, and the world is full of would-be Trumps in positions of power who would like to be able to commit crimes without fear of legal repercussions. For these people, we have something called "binding arbitration."

"Binding arbitration" is a widely used contractual term that forces you to surrender your right to sue a company that wrongs you. Instead of suing, binding arbitration forces you to take your case to an "arbitrator"; that is, a lawyer who is paid by the company that cheated you or maimed you or killed your loved one. The arbitrator decides whether their client is guilty, and, if so, how much that client owes you. The entire process is confidential and it is non-precedential, meaning that if a company rips off millions of people in the same way, each of them has to arbitrate their claims separately, and people who are successful can't share their tactical notes with the people who are next in line to plead for justice.

That makes binding arbitration another key weapon in the conservative movement's war on choice: not just jobs you can't quit and politicians you can't vote out of office, but also companies you can't sue. Binding arbitration is a creation of the Federalist Society and their champion Antonin Scalia, who authored a series of Supreme Court dissents and (ultimately) decisions that opened the door for binding arbitration everywhere:

https://pluralistic.net/2025/10/27/shit-shack/#binding-arbitration

Given the Fedsoc's role in shoving binding arbitration down every worker and shopper's throat, it's decidedly odd that they invited Ashley Keller to be their keynote debater in 2021, where he argued that "concentrated corporate power is a greater threat than government power":

https://www.youtube.com/watch?v=aY5MrHGjVT8

Keller is a powerhouse lawyer, and an avowed conservative, who has pioneered many tactics for overcoming binding arbitration clauses. He helped create "mass arbitration," bringing thousands of arbitration cases on behalf of Uber drivers who'd had their wages stolen by the company. Since Uber has to pay the arbitrators in each of those cases, they faced a much larger bill than they would face in any possible class action suit:

https://www.reuters.com/article/otc-uber-frankel-idUKKCN1P42OH/

Mass arbitration cases spread to all kinds of large firms that used petty grifts to steal from thousands or even millions of people, like Intuit, who deceive – and rip off – millions of Americans every year with their fake Turbotax "free file" system:

https://pluralistic.net/2022/02/24/uber-for-arbitration/#nibbled-to-death-by-ducks

Mass arbitration worked so well that Amazon actually revised its terms of service to remove binding arbitration from their terms of service, because they realized that they'd be better off facing class action suits:

https://pluralistic.net/2021/06/02/arbitrary-arbitration/#petard

Of course, the point of binding arbitration was never to create a streamlined system of justice – it was to bring about a world of no justice, where you have no right to sue. It's part of the decades-old "tort reform" movement that the business lobby has used to take away your right to sue altogether. Any time you hear about a seemingly crazy lawsuit (like the urban legends about the McDonald's "hot coffee" case), you're being propagandized for a world without legal consequences for companies that defraud you, steal from you, injure you, or kill you:

https://pluralistic.net/2022/06/12/hot-coffee/#mcgeico

That's why companies (like Bluesky) are now trying terms of service that also ban you from mass arbitration, while retaining the right to consolidate claims into a mass arbitration case if that's advantageous to them:

https://pluralistic.net/2025/08/15/dogs-breakfast/#by-clicking-this-you-agree-on-behalf-of-your-employer-to-release-me-from-all-obligations-and-waivers-arising-from-any-and-all-NON-NEGOTIATED-agreements

But Keller keeps finding creative ways around binding arbitration. He's currently bringing thousands of arbitration claims against Google, on behalf of advertisers whom Google stole from (Google is a thrice-convicted monopolist, and they lost a case last year over their monopolization of ad-tech, where they were found to have defrauded advertisers).

He also just argued before the Supreme Court in a case against Monsanto over the company's attempt to escape liability for causing cancer in farmworkers with their Roundup pesticide:

https://www.npr.org/2026/04/27/nx-s1-5793804/supreme-court-monsanto-roundup-arguments

Keller appears in the latest episode of the Organized Money podcast, for a fascinating interview about his work and outlook, and how he reconciles his work fighting corporate power with his identity as a movement conservative:

https://www.organizedmoney.fm/p/the-conservative-who-torments-big

Keller's first big, important point is that (basically), capitalists hate capitalism (see above). He cites Milton Friedman, who "always said that the tort system is the best way to ensure that companies behave and follow the rules." For Keller (and Friedman) the alternative to private litigation against bad businesses is "government regulation and the alphabet soup of Washington, DC agencies [that] try and police these companies."

But, of course, the businesses that want binding arbitration and tort reform (so they can't be sued) also want to "dismantle the administrative state" (so they can't be regulated). They're the impunity movement, the "when the president does it, that means it is not illegal" movement, the "heads I win, tails you lose" movement. They're the caveat emptor movement, the "that makes me smart" movement:

https://pluralistic.net/2024/12/04/its-not-a-lie/#its-a-premature-truth

They don't want efficient markets, with the ever-present threat of a better competitor putting them out of business. They want feudalism. They want to go meta. They want to have the kind of self-determination you can only achieve by taking away everyone else's self-determination.

I was very struck by Keller's claim to be engaged in an exercise that Milton Friedman identified as the best one for making markets work. One of Keller's most forceful points is that class action suits are especially important for reining in petty, recurrent grifts, the junk fees that are the hallmark of enshittification.

He quotes his old boss, the archconservative judge Richard Posner, who said "Only a lunatic or a fanatic sues for $20." But if you multiply a $20 junk fee by ten million purchases, a company can use that fact to make hundreds of millions of dollars. That's real folding money, which is why every company has figured out a way to whack you for a $20 junk fee.

There are two ways to end this racket: one is litigation, the other is regulation, and the capitalism-hating-capitalists who run the world want to kill both. That's why the business lobby smears lawyers like Keller as being "vultures." But as Matt Stoller says, "vultures look aggressive and whatnot, but when you actually get rid of vultures out of an ecosystem, all sorts of things go haywire."

I love this point. Vultures live off the disgusting, rotting crap that would otherwise pile up around us, breeding disease and emitting an unbearable stench. If plaintiff-side, no-win/no-fee lawyers are vultures, then junk fees, wage theft, and the million petty frauds they fight are the disgusting, rotting crap that vultures feed off of – and the harder we make it for our noble vulture lawyers, the more disgusting, rotting crap we have to live with, hence the unbearable stench that is all around us.

Listening to Keller was a fascinating exercise. I thoroughly disagree with him about many things – the way he characterized Section 230 of the Communications Decency Act couldn't have been more wrong – but it's quite bracing to hear a capitalist who doesn't hate capitalism defend it against the vast majority of capitalists, who hate capitalism more than any socialist ever did.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Torvalds responds to Microsoft's Craig Mundie https://web.archive.org/web/20011019132822/http://web.siliconvalley.com/content/sv/2001/05/03/opinion/dgillmor/weblog/torvalds.htm

#25yrsago Bankrupt Argentina considers banning proprietary code and switching to free software https://web.archive.org/web/20010614131152/https://www.wired.com/news/business/0,1367,43529,00.html

#20yrsago Danny Hillis on how games are(n’t) like a theme park https://web.archive.org/web/20060513182649/https://www.wired.com/wired/archive/14.04/disney.html

#20yrsago Mission Impossible opening marked by anti-Scientology flyover https://web.archive.org/web/20060514000636/http://hailxenu.net/

#20yrsago SmartFilter targets Distributed Boing Boing – how to defeat it https://memex.craphound.com/2006/05/04/smartfilter-targets-distributed-boing-boing-how-to-defeat-it/

#15yrsago John Ashcroft assumes charge of “ethics and professionalism” for Blackwater https://web.archive.org/web/20110507103749/https://www.wired.com/dangerroom/2011/05/blackwaters-new-ethics-chief-john-ashcroft/

#15yrsago Rumsfeld and other US officials say torture didn’t help catch bin Laden https://web.archive.org/web/20110505012303/https://www.wired.com/dangerroom/2011/05/surveillance-not-waterboarding-led-to-bin-laden/

#15yrsago Rental laptops equipped with spyware that can covertly activate the webcam and take screenshots https://web.archive.org/web/20110506130156/http://www.ajc.com/business/pa-suit-furniture-rental-933410.html

#15yrsago Parallel machine made out of 17 stitched-together Apple //e’s https://web.archive.org/web/20110504194313/http://home.comcast.net/~mjmahon/AppleCrateII.html

#15yrsago Sarah Palin and James Lankford: giving $4 billion of taxpayer money to oil companies doesn’t matter https://web.archive.org/web/20110505220640/https://thinkprogress.org/2011/05/03/palin-lankford-oil-subsidies/

#15yrsago Stephen Harper violated election laws https://web.archive.org/web/20110701000000*/http://www.examiner.com/canada-headlines-in-canada/stephen-harper-breaks-election-rules-campaigns-on-radio-on-election-day

#15yrsago History and future of bin Ladenist extremism https://www.juancole.com/2011/05/obama-and-the-end-of-al-qaeda.html

#10yrsago Belushi widow & Aykroyd produce Blues Brothers animated series https://deadline.com/2016/05/the-blues-brothers-animated-comedy-series-dan-aykroyd-1201748389/

#10yrsago Chinese censorship: arbitrary rule changes are a form of powerful intermittent reinforcement https://www.techdirt.com/2016/05/04/why-growing-unpredictability-chinas-censorship-is-feature-not-bug/

#10yrsago US government and SCOTUS change cybercrime rules to let cops hack victims’ computers https://www.wired.com/2016/05/now-government-wants-hack-cybercrime-victims/

#10yrsago After advertiser complaints, Farm News fires editorial cartoonist who criticized John Deere & Monsanto https://web.archive.org/web/20160505042150/https://www.kcci.com/news/longtime-iowa-farm-cartoonist-fired-after-creating-this-cartoon/39337816

#10yrsago Outstanding rant about establishment pearl-clutching over Trump https://web.archive.org/web/20160505033357/https://theconcourse.deadspin.com/george-will-is-a-haughty-dipshit-1774449290

#10yrsago The Planet Remade: frank, clear-eyed book on geoengineering, climate disaster, & humanity’s future https://memex.craphound.com/2016/05/04/the-planet-remade-frank-clear-eyed-book-on-geoengineering-climate-disaster-humanitys-future/

#5yrsago Qualia https://pluralistic.net/2021/05/04/law-and-con/#law-n-econ

#5yrsago Whales decry the casino economy https://pluralistic.net/2021/05/04/law-and-con/#all-bets-are-off

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Tue, 05 May 2026 12:31:41 +0000 Fullscreen Open in Tab
Pluralistic: The three armies fighting for the post-American world (05 May 2026)


Today's links


'The Spirit of 76,' a famous painting depicting three soldiers marching after a US Revolutionary War battle. The figures' heads have been swapped for a man in a top hat, Che Guevara, and a 19th century European general in a silly hat. The US flag in the background has been replaced with the EU flag. The fallen soldier at their feet sports a Trump wig and his skin has been tinted Cheeto orange.

The three armies fighting for the post-American world (permalink)

Political change is downstream of coalition building, and coalitions are fragile things, because by definition they are not fully aligned; they share some goals but often violently disagree about others. A coalition forms when groups set aside their differences to pursue the common elements of their agenda.

Trump is a master coalition builder. He wouldn't have been able to seize and wield so much power without a coalition that includes people who absolutely hate each other and want each other to die. Let's face it, Nick Fuentes wants to turn Ben Shapiro into a lampshade, but they both sent their followers to the ballot box for Trump. We've all seen those videos of Trump supporters railing against "elites" after watching the richest man on Earth cavorting with Trump while promising to give all of their jobs to AI and robots.

This contradiction isn't a bug, it's a feature: the bigger a coalition gets, the more power it has – provided you've got a Trump figure at the top, using his cult of personality to coerce and flatter his coalition members into playing nice with each other.

But Trump's incontinent belligerence, his bullying, and his cognitive decline mean that he's conjuring a new anti-Trump coalition into existence: groups of people who don't agree on much, but do agree on fighting Trumpismo and its leader. This is very visible in US domestic politics, where "Never-Trumper" conservatives find themselves on the same side as Democratic Socialists, at least on this narrow issue. The anti-Trump mass mobilizations – the Women's March, the anti-ICE demonstrations, the No Kings rallies – are visibly, palpably coalitional, made up of people carrying signs and banners for groups that are often at odds with one another…except when it comes to Trump.

But I'm much more interested in the international coalitions that are forming to fight Trump. It started with my longstanding fight for a good internet, free from surveillance, extraction and manipulation, the three evils inherent to the business models of America's shitty, enshittifying tech companies.

Under normal circumstances, you'd expect tech companies in other countries to capitalize on the fact that America exports its obviously defective tech products around the world. As Jeff Bezos often reminds his suppliers: "Your margin is my opportunity." Whether it's Apple taking a 30% margin on iPhone payments, Apple and Meta creaming 51 cents off every ad dollar, Amazon harvesting 50-60% from every platform seller, or inkjet printer companies marking up the colored water you use to print your grocery list by 25 quattuordecillion percent, there's a ton of opportunities to disrupt these comfortable ex-disruptors.

But no one does that, because the US Trade Representative bullied every US trading partner into enacting an "anticircumvention" law that makes it a crime to modify America's tech exports. The quid pro quo for this? Free trade with the USA – and tariffs for any country that didn't fall into line. Well, they all fell into line, and Trump tariffed them anyway.

That means that America's tech giants' margins are now everyone else's opportunity. The trillions that US tech companies extract could be someone else's billions – all they'd have to do is offer the interoperable goods and services that disenshittify America's tech products. They could sell the tools that let anyone in the world use independent app stores, or fix their cars and tractors, and put generic ink in their printers. A year ago, no country could afford to allow a company headquartered in its borders to get into this business, lest they be clobbered with tariffs. Today, any country that isn't thinking about this is a sucker that will end up buying these tools from another country that gets there first.

This means that digital rights hippies like me (who've been banging this drum for 25 years), suddenly have a new ally in the fight against enshittified tech products. Today, there are people who want to help you protect your pocketbook and your privacy, but not because they believe in human rights – rather, because they want to get really, really rich. They see Big Tech's margin as their opportunity.

But it's not just entrepreneurs and activists who want a post-American internet – we have a third member of our coalition: national security hawks. Trump wants to steal Greenland. He wants to steal Alberta. He wants to steal all the oil in Venezuela. He wants to interfere in foreign elections to keep his dictator cronies in office, lest they lose power and find themselves facing prison. And when Trump's allies do face justice, he wants to fire the judges who dare hold these corrupt, powerful men to account.

So when the International Criminal Court issued an arrest warrant for the genocidaire Benjamin Netanyahu, Trump had Microsoft shut down the court's IT systems. The Chief Justice of the ICC lost his Office 365 account, which means he can't access his email archives, his working files, his calendar or his address books. He can't even log in to his non-Microsoft accounts because they're tied to his Outlook email address.

The ICC was just a warmup: Trump did the same thing to the Brazilian high court judge who sentenced the dictator Jair Bolsonaro to prison for attempting a coup after he lost his re-election bid, having presided over a term of gross misrule.

All of this has inflamed concerns within every (former) US ally's national security establishment. These people all understand that Trump doesn't need to roll tanks to take over their countries: he can just brick their key ministries, major firms, and households. He doesn't need to send an army to steal Greenland, he can just shut down Denmark and cut off the world's supply of Lego, Ozempic and ferociously strong black licorice.

Combine the natsec hawks; the economic development wonks, entrepreneurs and investors; and the privacy and digital and human rights activists, and you've got a hell of an anti-Trump coalition around the world, all pulling together to build the post-American internet, a disenshittified and enshittification-resistant internet built on international digital public goods and running on servers outside of the USA:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

But this coalition isn't limited to the post-American internet – you'll find a coalition much like it in every place where Comrade Trump is calling forth a post-American world. That's the shape of the coalition that's winning Trump's war on fossil fuels: climate activists (hippies), electrification manufacturers and installers (businesses) and national security hawks who don't want to get hormuzed:

https://pluralistic.net/2026/05/04/hope-in-the-dark/#hormuzed-into-the-gretacene

I'm not as plugged into the other areas where Trump has dismantled US hegemony, but it wouldn't surprise me to learn that a coalition much like this one is popping up in the countries where Trump and Musk doged the public health system into oblivion. The global south is full of countries that signed up to enforce US agricultural and pharmaceutical patents and US restrictions on birth control and abortion in exchange for the food-aid and health-aid that Elon Musk and his merry band of broccoli-haired brownshirts killed. It's easy to imagine that reproductive rights and health justice advocates in those countries are now on the same side as investors who'd like to get into business selling generic pharmaceuticals and agricultural inputs, and that they're being backed by people worried that their country's food and health sovereignty are at risk unless they hasten the transition to a post-American world.

I have been an activist all my life, and a digital rights activist for the majority of my adult life. I'm sure there are members of this post-American coalition who want things that are absolutely antithetical to my agenda. That's what makes us a coalition – we disagree about so much, but we all agree on this: it's past time for a post-American world, and Comrade Trump is delivering it.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago North Korean dictator's son arrested trying to sneak into Tokyo Disneyland https://www.nytimes.com/2001/05/03/world/japan-is-said-to-detain-son-of-north-korean-leader.html

#25yrsago Bruce Sterling on good design https://memex.craphound.com/2001/05/03/great-illustrated-bruce-sterling-rant/

#20yrsago Mainstream press: Colbert wasn’t funny at the White House Correspondents' Dinner, so we ignored him https://web.archive.org/web/20070207014019/http://www.salon.com/opinion/feature/2006/05/03/correspondents/index_np.html

#20yrsago Bush and cronies livid about Colbert’s White House gig https://web.archive.org/web/20060615113045/https://www.usnews.com/usnews/news/articles/060501/1whwatch.htm0

#20yrsago Identity thief rips off 3-week-old baby https://abcnews.com/US/story?id=155878&amp;page=1

#20yrsago Network neutrality – why it matters, and how do we fix it? https://web.archive.org/web/20060507215106/http://www.slate.com/id/2140850/

#15yrsago Federal judge: open WiFi doesn’t make you liable for your neighbors’ misdeeds https://arstechnica.com/tech-policy/2011/05/after-botched-child-porn-raid-judge-sees-the-light-on-ip-addresses/

#10yrsago Taliban condemn Pakistan city’s first McDonald’s: “we don’t even consider it as a food.” https://www.nbcnews.com/news/world/mcdonald-s-opens-quetta-pakistan-taliban-isn-t-lovin-it-n564651

#10yrsago Norway’s titanic sovereign wealth fund takes a stand against executive pay https://www.bbc.co.uk/news/business-36185925

#10yrsago TSA lines grow to 3 hours, snake outside the terminals, with no end in sight https://www.nytimes.com/2016/05/03/business/airport-security-lines.html?smid=pl-share&amp;_r=0

#10yrsago Inside a Supreme Court case on cheerleader uniforms, a profound question about copyright https://arstechnica.com/tech-policy/2016/05/supreme-court-to-hear-copyright-fight-over-cheerleader-uniforms/

#5yrsago Dishwashers have become Iphones https://pluralistic.net/2021/05/03/cassette-rewinder/#disher-bob

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

2026-05-04T00:00:00+00:00 Fullscreen Open in Tab
Links to CSS colour palettes

A while back I decided to stop using Tailwind for new projects and to just write vanilla CSS instead.

But one thing I missed about Tailwind was the colour palette (here as CSS). If I wanted a light blue I could just use blue-100 and if I didn’t like it maybe try blue-200 or blue-50. I’m not very good with colours so it makes a big difference to me to have a reasonable colour palette that somebody who is better at colour than me has thought about.

But I’m also a little tired of those Tailwind colours, so I asked on Mastodon today what other colour palettes were out there. And then a friend said they wanted links to those colour palettes, so here’s a blog post so my friend can see them, and all the rest of you too :)

my favourites

The ones I liked the most were:

more colour palettes

colourscheme generators

Folks also linked to a bunch of colour palette generators

I’ve always found these types of generators too hard to use but maybe one day I will get better enough at colour that I’m able to use a colour palette generator successfully so I’ll leave those links there anyway.

and more colour tools:

  • colorhexa has some info about colorblindness

oklch

Generative colors with CSS gives an example of how to use the oklch CSS function to dynamically generate colors.

2026-05-02T00:00:00+00:00 Fullscreen Open in Tab
Testing Vue components in the browser

Hello! One of my long term projects on here is figuring out how to write frontend Javascript without using Node or any other server JS runtime.

One issue I run into a lot in my frontend JS projects is that I don’t know how to write tests for them. I’ve tried to use Playwright in the past, but it felt slow and unwieldy to be starting these new browser processes all the time, and it involved some Node code to orchestrate the tests.

The result is that I just don’t test my frontend code which doesn’t feel great. Usually I don’t update my projects much either so it doesn’t come up that much, but it would be nice to be able to make changes with more confidence! So a way to do frontend testing that I like has been on my wishlist for a long time.

idea: just run the tests in the browser tab

Alex Chan wrote a great post a while back called Testing JavaScript without a (third-party) framework in response to one of my previous posts in this series that explained how to write a tiny unit-testing framework that runs in a page in browser.

I loved this post at the time, but it only talked about unit testing and I wanted to write end-to-end integration tests for my Vue components, and I didn’t know how to do that.

So when I was talking to Marco the other day and he said something like “you know, you can just run tests for your Vue components in the browser”, I thought “hey, I should try that again!!!”

I just did all of this yesterday so certainly there’s a lot to improve but I wanted to write down a few things I noticed about the process before I forget.

This was a bit tricky for me because the Vue site usually assumes that you’re using Node as part of your build process in some way (there’s a lot of “step 1: npm install THING), and I didn’t want to use Node/Deno/etc. But it turned out to not be too complicated.

The project I’m going to talk about testing is this zine feedback site I wrote in 2023.

the test framework: QUnit

I used QUnit. It worked great but I don’t have anything interesting to say about how it works so I’ll leave it at that. I think that Alex’s “write your own test framework” approach would have worked too. I followed these directions.

I did appreciate that QUnit has a “rerun test” button that will only rerun 1 test. Because there are so many network requests in my tests, having a way to run just 1 test makes it a lot less confusing to debug the test.

step 1: set up the component for testing

The first thing I needed to do was get my Vue components set up in the test environment.

I changed my main app to put all my components in window._components, kind of like this:

const components = {
  'Feedback': FeedbackComponent,
  ...
}
window._components = components;

Then I was able to write a mountComponent function which does basically exactly the same thing my normal main app does (render a tiny template with the component I want to use). The only differences are:

  1. I can optionally pass some some extra data to use as its props.
  2. It mounts the component to a temporary invisible div which will get removed from the DOM after the test is done. The div is positioned off the page (position: absolute; top: -10000, ...) so you can’t see it.

Here’s what using the mountComponent function looks like:

const {div} = mountComponent(
  '<Page :feedbacks="feedbacks" id=2 />',
  {feedbacks: [testFeedback]},
);

and here’s the code for it:

function mountComponent(template, data) {
  const app = Vue.createApp({
    template: template,
    data: () => data,
  })
  for (const [c, v] of Object.entries(window._components)) {
    app.component(c, v);
  }
  const div = document.getElementById('qunit-fixture')
             .appendChild(document.createElement('div'));
  return div;
}

The result is a div where I can programmatically click, fill in form data, check that the right content appears, etc.

step 2: add some fixture data

Because I was writing end-to-end integration tests to make sure my client JS worked properly with my server, I needed to have some test data in my database. So I wrote ~25 lines of SQL to set up some test data in my database, and added an endpoint to my dev server to run the SQL to reset the test data to a known state.

async function reset() {
    return fetch('/api/reset_test_data', {method: "POST"})
}

Then I just run await reset() at the beginning of any test that needs the test data.

My reset() function actually doesn’t always totally reset everything which is kind of bad, but it was workable to start with and can always be improved.

step 3: a basic test

Here’s what a basic test looks like! Basically we’re rendering the div and make sure it contains some approximately correct data.

QUnit.test('renders feedback content', async function (assert) {
  const {div} = mountComponent(
    '<Page :feedbacks="feedbacks" id=2 image=2 page_hash=2 />',
    {feedbacks: [testFeedback]},
  );
  assert.ok(div.textContent.includes('loved this section'));
})

Those are all the basic pieces! Now here are a few issues I ran into along the way

waiting for parts of the page to render

I have a lot of network requests in my tests, and it takes time for them to finish and for the Vue code to do what it has to do with the results and update the DOM.

I think we all learned a long time ago that putting random sleep() calls in your tests and hoping that the timings are right is slow and flaky and extremely frustrating, so I needed a different way.

As far as I can tell the normal way to deal with this is to figure out a way to tell from the DOM whether it’s okay to proceed or not. Like “if this button is visible, we can “.

So I wrote a little waitFor() function that polls every 20ms to see if a condition has finished yet. It times out after 2 seconds.

Here’s what using it looks like:

QUnit.test("click item", async function (assert) {
  const {div} = mountComponent(
    '<Feedback zine_id="test123" image_width="800px" />',
    {});
  const item = await waitFor(() => div.querySelector('.feedback-item'));
  item.click();
  // rest of test goes here... 
})

It looks like there are a lot of implementations of this concept out there and they’re all better thought-through than mine. (from a quick Google: qunit-wait-for, playwright expect.poll)

figuring out the right thing to wait for is not straightforward

In some cases I thought I’d identified the right thing to wait for in the DOM (“just wait for this textarea to appear!’) but it turned out that because of some internal details of how my program works, actually I needed to wait for something else later on which was hard to pin down.

I ended up changing one of my components to add some random value to the DOM when it was finished an important action (like data-this-thing-is-ready=true) which didn’t feel great.

My best guess is that the right way to fix this kind of test issue is a refactor that also makes the app more reliable for the users: if there’s an element in the DOM that isn’t actually ready for the user to interact with, maybe I shouldn’t be displaying it yet!

adding some CSS classes to identify things (but is that right?)

I ended up adding a few classes to HTML elements that I needed to find in the tests, either because I needed to click on them or wait for them to appear in the DOM.

I might want to change this approach later - frontend testing frameworks seem to suggest avoiding using CSS classes and instead using something like getByRole or as a last resort something like a data-testid. Feels like there’s a way to make the app more accessible and easier to test at the same time.

filling out forms is tricky

To fill out a form, I can’t just set the value, I also need to dispatch an event to tell Vue that the element has changed. For example, checkbox and textarea need different kinds of events.

textarea.value = 'banana banana banana';
textarea.dispatchEvent(new Event('input'));

checkbox.checked = true;
checkbox.dispatchEvent(new Event('change'));

This is kind of annoying and it made me realize why I might want to use some kind of UI testing library, for example:

test coverage

I want to have an idea of what my test coverage was, and it turns out that Chrome actually has a built-in code coverage feature for JS and CSS!

My JS is bundled into a file called bundle.js with esbuild, so I could just look at bundle.js and see which lines weren’t covered.

The process was a little finicky: I had to turn off sourcemaps in the Chrome devtools to get this to work, and there’s a specific not super obvious series of actions I have to do in order to see the coverage data.

this was so fun!

As usual with these posts I’ve never really worked as a frontend or backend developer (other than for myself!) and I feel like I’m constantly learning how to do super basic tasks.

I really had a blast doing this. My frontend projects always feel so fragile because they’re untested, and maybe one day I’ll have a test suite I’m confident in!

Some things I’m still thinking about:

  • While writing this post I found this frontend testing library called Testing Library that has a lot of guidelines for how to write tests that are very different from my initial ideas. I experimented with rewriting everything to use Testing Library and it felt pretty good, so we’ll see how that goes. They distribute a .umd.js file that works without Node.
  • I’m not sure how I feel about not having a way to run these tests on the command line at all. Maybe there’s a simple way to work primarily in the browser but have an way to run them in CI too if I want?
2026-04-30T13:18:06+00:00 Fullscreen Open in Tab
Note published on April 30, 2026 at 1:18 PM UTC
2026-04-30T00:39:40+00:00 Fullscreen Open in Tab
Published on Citation Needed: "President Trump’s $TRUMP memecoin is preparing to launch a “Coin Club” membership scheme"
2026-04-29T14:10:19+00:00 Fullscreen Open in Tab
Note published on April 29, 2026 at 2:10 PM UTC
2026-03-10T00:00:00+00:00 Fullscreen Open in Tab
Examples for the tcpdump and dig man pages

Hello! My big takeaway from last month’s musings about man pages was that examples in man pages are really great, so I worked on adding (or improving) examples to two of my favourite tools’ man pages.

Here they are:

the goal: include the most basic examples

The goal here was really just to give the absolute most basic examples of how to use the tool, for people who use tcpdump or dig infrequently (or have never used it before!) and don’t remember how it works.

So far saying “hey, I want to write an examples section for beginners and infrequent users of this tools” has been working really well. It’s easy to explain, I think it makes sense from everything I’ve heard from users about what they want from a man page, and maintainers seem to find it compelling.

Thanks to Denis Ovsienko, Guy Harris, Ondřej Surý, and everyone else who reviewed the docs changes, it was a good experience and left me motivated to do a little more work on man pages.

why improve the man pages?

I’m interested in working on tools’ official documentation right now because:

  • Man pages can actually have close to 100% accurate information! Going through a review process to make sure that the information is actually true has a lot of value.
  • Even with basic questions “what are the most commonly used tcpdump flags”, often maintainers are aware of useful features that I’m not! For example I learned by working on these tcpdump examples that if you’re saving packets to a file with tcpdump -w out.pcap, it’s useful to pass -v to print a live summary of how many packets have been captured so far. That’s really useful, I didn’t know it, and I don’t think I ever would have noticed it on my own.

It’s kind of a weird place for me to be because honestly I always kind of assume documentation is going to be hard to read, and I usually just skip it and read a blog post or Stack Overflow comment or ask a friend instead. But right now I’m feeling optimistic, like maybe the documentation doesn’t have to be bad? Maybe it could be just as good as reading a really great blog post, but with the benefit of also being actually correct? I’ve been using the Django documentation recently, and it’s really good! We’ll see.

on avoiding writing the man page language

The tcpdump project tool’s man page is written in the roff language, which is kind of hard to use and that I really did not feel like learning it.

I handled this by writing a very basic markdown-to-roff script to convert Markdown to roff, using similar conventions to what the man page was already using. I could maybe have just used pandoc, but the output pandoc produced seemed pretty different, so I thought it might be better to write my own script instead. Who knows.

I did think it was cool to be able to just use an existing Markdown library’s ability to parse the Markdown AST and then implement my own code-emitting methods to format things in a way that seemed to make sense in this context.

man pages are complicated

I went on a whole rabbit hole learning about the history of roff, how it’s evolved since the 70s, and who’s working on it today, inspired by learning about the mandoc project that BSD systems (and some Linux systems, and I think Mac OS) use for formatting man pages. I won’t say more about that today though, maybe another time.

In general it seems like there’s a technical and cultural divide in how documentation works on BSD and on Linux that I still haven’t really understood, but I have been feeling curious about what’s going on in the BSD world.

The comments section is here.

2026-02-18T00:00:00+00:00 Fullscreen Open in Tab
Notes on clarifying man pages

Hello! After spending some time working on the Git man pages last year, I’ve been thinking a little more about what makes a good man page.

I’ve spent a lot of time writing cheat sheets for tools (tcpdump, git, dig, etc) which have a man page as their primary documentation. This is because I often find the man pages hard to navigate to get the information I want.

Lately I’ve wondering – could the man page itself have an amazing cheat sheet in it? What might make a man page easier to use? I’m still very early in thinking about this but I wanted to write down some quick notes.

I asked some people on Mastodon for their favourite man pages, and here are some examples of interesting things I saw on those man pages.

an OPTIONS SUMMARY

If you’ve read a lot of man pages you’ve probably seen something like this in the SYNOPSIS: once you’re listing almost the entire alphabet, it’s hard

ls [-@ABCFGHILOPRSTUWabcdefghiklmnopqrstuvwxy1%,]

grep [-abcdDEFGHhIiJLlMmnOopqRSsUVvwXxZz]

The rsync man page has a solution I’ve never seen before: it keeps its SYNOPSIS very terse, like this:

 Local:
     rsync [OPTION...] SRC... [DEST]

and then has an “OPTIONS SUMMARY” section with a 1-line summary of each option, like this:

--verbose, -v            increase verbosity
--info=FLAGS             fine-grained informational verbosity
--debug=FLAGS            fine-grained debug verbosity
--stderr=e|a|c           change stderr output mode (default: errors)
--quiet, -q              suppress non-error messages
--no-motd                suppress daemon-mode MOTD

Then later there’s the usual OPTIONS section with a full description of each option.

an OPTIONS section organized by category

The strace man page organizes its options by category (like “General”, “Startup”, “Tracing”, and “Filtering”, “Output Format”) instead of alphabetically.

As an experiment I tried to take the grep man page and make an “OPTIONS SUMMARY” section grouped by category, you can see the results here. I’m not sure what I think of the results but it was a fun exercise. When I was writing that I was thinking about how I can never remember the name of the -l grep option. It always takes me what feels like forever to find it in the man page and I was trying to think of what structure would make it easier for me to find. Maybe categories?

a cheat sheet

A couple of people pointed me to the suite of Perl man pages (perlfunc, perlre, etc), and one thing I noticed was man perlcheat, which has cheat sheet sections like this:

 SYNTAX
 foreach (LIST) { }     for (a;b;c) { }
 while   (e) { }        until (e)   { }
 if      (e) { } elsif (e) { } else { }
 unless  (e) { } elsif (e) { } else { }
 given   (e) { when (e) {} default {} }

I think this is so cool and it makes me wonder if there are other ways to write condensed ASCII 80-character-wide cheat sheets for use in man pages.

A common comment was something to the effect of “I like any man page that has examples”. Someone mentioned the OpenBSD man pages, and the openbsd tail man page has examples of the exact 2 ways I use tail at the end.

I think I’ve most often seen the EXAMPLES section at the end of the man page, but some man pages (like the rsync man page from earlier) start with the examples. When I was working on the git-add and git rebase man pages I put a short example at the beginning.

This isn’t a property of the man page itself, but one issue with man pages in the terminal is it’s hard to know what sections the man page has.

When working on the Git man pages, one thing Marie and I did was to add a table of contents to the sidebar of the HTML versions of the man pages hosted on the Git site.

I’d also like to add more hyperlinks to the HTML versions of the Git man pages at some point, so that you can click on “INCOMPATIBLE OPTIONS” to get to that section. It’s very easy to add links like this in the Git project since Git’s man pages are generated with AsciiDoc.

I think adding a table of contents and adding internal hyperlinks is kind of a nice middle ground where we can make some improvements to the man page format (in the HTML version of the man page at least) without maintaining a totally different form of documentation. Though for this to work you do need to set up a toolchain like Git’s AsciiDoc system.

It would be amazing if there were some kind of universal system to make it easy to look up a specific option in a man page (“what does -a do?”). The best trick I know is use the man pager to search for something like ^ *-a but I never remember to do it and instead just end up going through every instance of -a in the man page until I find what I’m looking for.

examples for every option

The curl man page has examples for every option, and there’s also a table of contents on the HTML version so you can more easily jump to the option you’re interested in.

For instance the example for --cert makes it easy to see that you likely also want to pass the --key option, like this:

  curl --cert certfile --key keyfile https://example.com

The way they implement this is that there’s [one file for each option](https://github.com/curl/curl/blob/dc08922a61efe546b318daf964514ffbf41583 25/docs/cmdline-opts/append.md) and there’s an “Example” field in that file.

formatting data in a table

Quite a few people said that man ascii was their favourite man page, which looks like this:

 Oct   Dec   Hex   Char                     
 ───────────────────────────────────────────
 000   0     00    NUL '\0' (null character)
 001   1     01    SOH (start of heading)   
 002   2     02    STX (start of text)      
 003   3     03    ETX (end of text)        
 004   4     04    EOT (end of transmission)
 005   5     05    ENQ (enquiry)            
 006   6     06    ACK (acknowledge)        
 007   7     07    BEL '\a' (bell)          
 010   8     08    BS  '\b' (backspace)     
 011   9     09    HT  '\t' (horizontal tab)
 012   10    0A    LF  '\n' (new line)

Obviously man ascii is an unusual man page but I think what’s cool about this man page (other than the fact that it’s always useful to have an ASCII reference) is it’s very easy to scan to find the information you need because of the table format. It makes me wonder if there are more opportunities to display information in a “table” in a man page to make it easier to scan.

the GNU approach

When I talk about man pages it often comes up that the GNU coreutils man pages (for example man tail) don’t have examples, unlike the OpenBSD man pages, which do have examples.

I’m not going to get into this too much because it seems like a fairly political topic and I definitely can’t do it justice here, but here are some things I believe to be true:

  • The GNU project prefers to maintain documentation in “info” manuals instead of man pages. This page says “the man pages are no longer being maintained”.
  • There are 3 ways to read “info” manuals: their HTML version, in Emacs, or with a standalone info tool. I’ve heard from some Emacs users that they like the Emacs info browser. I don’t think I’ve ever talked to anyone who uses the standalone info tool.
  • The info manual entry for tail is linked at the bottom of the man page, and it does have examples
  • The FSF used to sell print books of the GNU software manuals (and maybe they still do sometimes?)

After a certain level of complexity a man page gets really hard to navigate: while I’ve never used the coreutils info manual and probably won’t, I would almost certainly prefer to use the GNU Bash reference manual or the The GNU C Library Reference Manual via their HTML documentation rather than through a man page.

a few more man-page-adjacent things

Here are some tools I think are interesting:

  • The fish shell comes with a Python script to automatically generate tab completions from man pages
  • tldr.sh is a community maintained database of examples, for example you can run it as tldr grep. Lots of people have told me they find it useful.
  • the Dash Mac docs browser has a nice man page viewer in it. I still use the terminal man page viewer but I like that it includes a table of contents, it looks like this:

it’s interesting to think about a constrained format

Man pages are such a constrained format and it’s fun to think about what you can do with such limited formatting options.

Even though I’m very into writing I’ve always had a bad habit of never reading documentation and so it’s a little bit hard for me to think about what I actually find useful in man pages, I’m not sure whether I think most of the things in this post would improve my experience or not. (Except for examples, I LOVE examples)

So I’d be interested to hear about other man pages that you think are well designed and what you like about them, the comments section is here.

2026-01-27T00:00:00+00:00 Fullscreen Open in Tab
Some notes on starting to use Django

Hello! One of my favourite things is starting to learn an Old Boring Technology that I’ve never tried before but that has been around for 20+ years. It feels really good when every problem I’m ever going to have has been solved already 1000 times and I can just get stuff done easily.

I’ve thought it would be cool to learn a popular web framework like Rails or Django or Laravel for a long time, but I’d never really managed to make it happen. But I started learning Django to make a website a few months back, I’ve been liking it so far, and here are a few quick notes!

less magic than Rails

I spent some time trying to learn Rails in 2020, and while it was cool and I really wanted to like Rails (the Ruby community is great!), I found that if I left my Rails project alone for months, when I came back to it it was hard for me to remember how to get anything done because (for example) if it says resources :topics in your routes.rb, on its own that doesn’t tell you where the topics routes are configured, you need to remember or look up the convention.

Being able to abandon a project for months or years and then come back to it is really important to me (that’s how all my projects work!), and Django feels easier to me because things are more explicit.

In my small Django project it feels like I just have 5 main files (other than the settings files): urls.py, models.py, views.py, admin.py, and tests.py, and if I want to know where something else is (like an HTML template) is then it’s usually explicitly referenced from one of those files.

a built-in admin

For this project I wanted to have an admin interface to manually edit or view some of the data in the database. Django has a really nice built-in admin interface, and I can customize it with just a little bit of code.

For example, here’s part of one of my admin classes, which sets up which fields to display in the “list” view, which field to search on, and how to order them by default.

@admin.register(Zine)
class ZineAdmin(admin.ModelAdmin):
    list_display = ["name", "publication_date", "free", "slug", "image_preview"]
    search_fields = ["name", "slug"]
    readonly_fields = ["image_preview"]
    ordering = ["-publication_date"]

it’s fun to have an ORM

In the past my attitude has been “ORMs? Who needs them? I can just write my own SQL queries!”. I’ve been enjoying Django’s ORM so far though, and I think it’s cool how Django uses __ to represent a JOIN, like this:

Zine.objects
    .exclude(product__order__email_hash=email_hash)

This query involves 5 tables: zines, zine_products, products, order_products, and orders. To make this work I just had to tell Django that there’s a ManyToManyField relating “orders” and “products”, and another ManyToManyField relating “zines”, and “products”, so that it knows how to connect zines, orders, products.

I definitely could write that query, but writing product__order__email_hash is a lot less typing, it feels a lot easier to read, and honestly I think it would take me a little while to figure out how to construct the query (which needs to do a few other things than just those joins).

I have zero concern about the performance of my ORM-generated queries so I’m pretty excited about ORMs for now, though I’m sure I’ll find things to be frustrated with eventually.

automatic migrations!

The other great thing about the ORM is migrations!

If I add, delete, or change a field in models.py, Django will automatically generate a migration script like migrations/0006_delete_imageblob.py.

I assume that I could edit those scripts if I wanted, but so far I’ve just been running the generated scripts with no change and it’s been going great. It really feels like magic.

I’m realizing that being able to do migrations easily is important for me right now because I’m changing my data model fairly often as I figure out how I want it to work.

I like the docs

I had a bad habit of never reading the documentation but I’ve been really enjoying the parts of Django’s docs that I’ve read so far. This isn’t by accident: Jacob Kaplan-Moss has a talk from PyCon 2011 on Django’s documentation culture.

For example the intro to models lists the most important common fields you might want to set when using the ORM.

using sqlite

After having a bad experience trying to operate Postgres and not being able to understand what was going on, I decided to run all of my small websites with SQLite instead. It’s been going way better, and I love being able to backup by just doing a VACUUM INTO and then copying the resulting single file.

I’ve been following these instructions for using SQLite with Django in production.

I think it should be fine because I’m expecting the site to have a few hundred writes per day at most, much less than Mess with DNS which has a lot more of writes and has been working well (though the writes are split across 3 different SQLite databases).

built in email (and more)

Django seems to be very “batteries-included”, which I love – if I want CSRF protection, or a Content-Security-Policy, or I want to send email, it’s all in there!

For example, I wanted to save the emails Django sends to a file in dev mode (so that it didn’t send real email to real people), which was just a little bit of configuration.

I just put this settings/dev.py:

EMAIL_BACKEND = "django.core.mail.backends.filebased.EmailBackend"
EMAIL_FILE_PATH = BASE_DIR / "emails"

and then set up the production email like this in settings/production.py

EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
EMAIL_HOST = "smtp.whatever.com"
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = "xxxx"
EMAIL_HOST_PASSWORD = os.getenv('EMAIL_API_KEY')

That made me feel like if I want some other basic website feature, there’s likely to be an easy way to do it built into Django already.

the settings file still feels like a lot

I’m still a bit intimidated by the settings.py file: Django’s settings system works by setting a bunch of global variables in a file, and I feel a bit stressed about… what if I make a typo in the name of one of those variables? How will I know? What if I type WSGI_APPLICATOIN = "config.wsgi.application" instead of WSGI_APPLICATION?

I guess I’ve gotten used to having a Python language server tell me when I’ve made a typo and so now it feels a bit disorienting when I can’t rely on the language server support.

that’s all for now!

I haven’t really successfully used an actual web framework for a project before (right now almost all of my websites are either a single Go binary or static sites), so I’m interested in seeing how it goes!

There’s still lots for me to learn about, I still haven’t really gotten into Django’s form validation tooling or authentication systems.

Thanks to Marco Rogers for convincing me to give ORMs a chance.

(we’re still experimenting with the comments-on-Mastodon system! Here are the comments on Mastodon! tell me your favourite Django feature!)

2026-01-08T00:00:00+00:00 Fullscreen Open in Tab
A data model for Git (and other docs updates)

Hello! This past fall, I decided to take some time to work on Git’s documentation. I’ve been thinking about working on open source docs for a long time – usually if I think the documentation for something could be improved, I’ll write a blog post or a zine or something. But this time I wondered: could I instead make a few improvements to the official documentation?

So Marie and I made a few changes to the Git documentation!

a data model for Git

After a while working on the documentation, we noticed that Git uses the terms “object”, “reference”, or “index” in its documentation a lot, but that it didn’t have a great explanation of what those terms mean or how they relate to other core concepts like “commit” and “branch”. So we wrote a new “data model” document!

You can read the data model here for now. I assume at some point (after the next release?) it’ll also be on the Git website.

I’m excited about this because understanding how Git organizes its commit and branch data has really helped me reason about how Git works over the years, and I think it’s important to have a short (1600 words!) version of the data model that’s accurate.

The “accurate” part turned out to not be that easy: I knew the basics of how Git’s data model worked, but during the review process I learned some new details and had to make quite a few changes (for example how merge conflicts are stored in the staging area).

updates to git push, git pull, and more

I also worked on updating the introduction to some of Git’s core man pages. I quickly realized that “just try to improve it according to my best judgement” was not going to work: why should the maintainers believe me that my version is better?

I’ve seen a problem a lot when discussing open source documentation changes where 2 expert users of the software argue about whether an explanation is clear or not (“I think X would be a good way to explain it! Well, I think Y would be better!”)

I don’t think this is very productive (expert users of a piece of software are notoriously bad at being able to tell if an explanation will be clear to non-experts), so I needed to find a way to identify problems with the man pages that was a little more evidence-based.

getting test readers to identify problems

I asked for test readers on Mastodon to read the current version of documentation and tell me what they find confusing or what questions they have. About 80 test readers left comments, and I learned so much!

People left a huge amount of great feedback, for example:

  • terminology they didn’t understand (what’s a pathspec? what does “reference” mean? does “upstream” have a specific meaning in Git?)
  • specific confusing sentences
  • suggestions of things things to add (“I do X all the time, I think it should be included here”)
  • inconsistencies (“here it implies X is the default, but elsewhere it implies Y is the default”)

Most of the test readers had been using Git for at least 5-10 years, which I think worked well – if a group of test readers who have been using Git regularly for 5+ years find a sentence or term impossible to understand, it makes it easy to argue that the documentation should be updated to make it clearer.

I thought this “get users of the software to comment on the existing documentation and then fix the problems they find” pattern worked really well and I’m excited about potentially trying it again in the future.

the man page changes

We ended updating these 4 man pages:

The git push and git pull changes were the most interesting to me: in addition to updating the intro to those pages, we also ended up writing:

Making those changes really gave me an appreciation for how much work it is to maintain open source documentation: it’s not easy to write things that are both clear and true, and sometimes we had to make compromises, for example the sentence “git push may fail if you haven’t set an upstream for the current branch, depending on what push.default is set to.” is a little vague, but the exact details of what “depending” means are really complicated and untangling that is a big project.

on the process for contributing to Git

It took me a while to understand Git’s development process. I’m not going to try to describe it here (that could be a whole other post!), but a few quick notes:

  • Git has a Discord server with a “my first contribution” channel for help with getting started contributing. I found people to be very welcoming on the Discord.
  • I used GitGitGadget to make all of my contributions. This meant that I could make a GitHub pull request (a workflow I’m comfortable with) and GitGitGadget would convert my PRs into the system the Git developers use (emails with patches attached). GitGitGadget worked great and I was very grateful to not have to learn how to send patches by email with Git.
  • Otherwise I used my normal email client (Fastmail’s web interface) to reply to emails, wrapping my text to 80 character lines since that’s the mailing list norm.

I also found the mailing list archives on lore.kernel.org hard to navigate, so I hacked together my own git list viewer to make it easier to read the long mailing list threads.

Many people helped me navigate the contribution process and review the changes: thanks to Emily Shaffer, Johannes Schindelin (the author of GitGitGadget), Patrick Steinhardt, Ben Knoble, Junio Hamano, and more.

(I’m experimenting with comments on Mastodon, you can see the comments here)

2025-11-25T13:25:00-08:00 Fullscreen Open in Tab
Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec

The new MCP authorization spec is here! Today marks the one-year anniversary of the Model Context Protocol, and with it, the launch of the new 2025-11-25 specification.

I’ve been helping out with the authorization part of the spec for the last several months, working to make sure we aren't just shipping something that works for hobbyists, but something that even scales to the enterprise. If you’ve been following my posts like Enterprise-Ready MCP or Let's Fix OAuth in MCP, you know this has been a bit of a journey over the past year.

The new spec just dropped, and while there are a ton of great updates across the board, far more than I can get in to in this blog post, there are two changes in the authorization layer that I am most excited about. They fundamentally change how clients identify themselves and how enterprises manage access to AI-enabled apps.

Client ID Metadata Documents (CIMD)

If you’ve ever tried to work with an open ecosystem of OAuth clients and servers, you know the "Client Registration" problem. In traditional OAuth, you go to a developer portal, register your app, and get a client_id and client_secret. That works great when there is one central server (like Google or GitHub) and many clients that want to use that server.

It breaks down completely in an open ecosystem like MCP, where we have many clients talking to many servers. You can't expect a developer of a new AI Agent to manually register with every single one of the 2,000 MCP servers in the MCP server registry. Plus, when a new MCP server launches, that server wouldn't be able to ask every client developer to register either.

Until now, the answer for MCP was Dynamic Client Registration (DCR). But as implementation experiences has shown us over the last several months, DCR introduces a massive amount of complexity and risk for both sides.

For Authorization Servers, DCR endpoints are a headache. They require public-facing APIs that need strict rate limiting to prevent abuse, and they lead to unbounded database growth as thousands of random clients register themselves. The number of client registrations will only ever increase, so the authorization server is likely to implement some sort of "cleanup" mechanism to delete old client registrations. The problem is there is no clear definition of what an "old" client is.  And if a dynamically registered client is deleted, the client doesn't know about it, and the user is often stuck with no way to recover. Because of the security implications of an endpoint like this, DCR has also been a massive barrier to enterprise adoption of MCP.

For Clients, it’s just as bad. They have to manage the lifecycle of their client credentials on top of the actual access tokens, and there is no standardized way to check if the client registration is still valid. This frequently leads to sloppy implementations where clients simply register a brand new client_id every single time a user logs in, further increasing the number of client registrations at the authorization server. This isn't a theoretical problem, this is also how Mastodon has worked for the last several years, and has some GitHub issue threads describing the challenges it creates.

The new MCP spec solves this by adopting Client ID Metadata Documents.

The OAuth Working Group adopted the Client ID Metadata Document spec in October after about a year of discussion, so it's still relatively new. But seeing it land as the default mechanism in MCP is huge. Instead of the client registering with each authorization server, the client establishes its own identity with a URL it controls and uses the URL to identify itself during an OAuth flow.

When the client starts an OAuth request to the MCP authorization server, it says, "Hi, I'm https://example-app.com/client.json." The server fetches the JSON document at that URL and finds the client's metadata (logo, name, redirect URIs) and proceeds on as usual.

This creates a decentralized trust model based on DNS. If you trust example.com, you trust the client. It removes the registration friction entirely while keeping the security guarantees we need. It’s the same pattern we’ve used in IndieAuth for over a decade, and it fits MCP perfectly.

There are definitely some new considerations and risks this brings, so it's worth diving into the details about Client ID Metadata Documents in the MCP spec as well as the IETF spec. For example, if you're building an MCP client that is running on a web server, you can actually manage private keys and publish the public keys in your metadata document, enabling strong client authentication. And like Dynamic Client Registration, there are still limitations for how desktop clients can leverage this, which can hopefully be solved by a future extension. I talked more about this during a hugely popular session at the Internet Identity Workshop in October, you can find the slides here.

You can try out this new flow today in VSCode, the first MCP client to ship support for CIMD even before it was officially in the spec. You can also learn more and test it out at the excellent website the folks at Stytch created: client.dev.

Enterprise-Managed Authorization (Cross App Access)

This is the big one for anyone asking, "Is MCP safe to use in the enterprise?"

Until now, when an AI agent connected to an MCP server, the connection was established directly between the MCP client and server. For example if you are using ChatGPT to connect to the Asana MCP server, ChatGPT would start an OAuth flow to Asana. But if your Asana account is actually connected to an enterprise IdP like Okta, Okta would only see that you're logging in to Asana, and wouldn't be aware of the connection established between ChatGPT and Asana. This means today there are a huge number of what are effectively unmanaged connections between MCP clients and servers in the enterprise. Enterprise IT admins hate this because it creates "Shadow IT" connections that bypass enterprise policy.

The new MCP spec incorporates Cross App Access (XAA) as the authorization extension "Enterprise-Managed Authorization".

This builds on the work I discussed in Enterprise-Ready MCP leveraging the Identity Assertion Authorization Grant. The flow puts the enterprise Identity Provider (IdP) back in the driver's seat.

Here is how it works:

  1. Single Sign-On: First you log into an MCP Client (like Claude or an IDE) using your corporate SSO, the client gets an ID token.

  2. Token Exchange: Instead of the client starting an OAuth flow to ask the user to manually approve access to a downstream tool (like an Asana MCP server), the client takes that ID token back to the Enterprise IdP to ask for access.

  3. Policy Check: The IdP checks corporate policy. "Is Engineering allowed to use Claude to access Asana?" If the policy passes, the IdP issues a temporary token (ID-JAG) that the client can take to the MCP authorization server.

  4. Access Token Request: The MCP client takes the ID-JAG to the MCP authorization server saying "hey this IdP says you can issue me an access token for this user". The authorization server validates the ID-JAG the same way it would have validated an ID Token (remember this app is also set up for SSO to the same corporate IdP), and issues an access token.

This happens entirely behind the scenes without user interaction. The user doesn't get bombarded with consent screens, and the enterprise admin gets full visibility and revocability. If you want to shut down AI access to a specific internal tool, you do it in one place: your IdP.

Further Reading

There is a lot more in the full spec update, but these two pieces—CIMD for scalable client identity and Cross App Access for enterprise security—are the two I am most excited about. They take MCP to the next level by solving the biggest challenges that were preventing scalable adoption of MCP in the enterprise.

You can read more about the MCP authorization spec update in Den's excellent post, and more about all the updates to the MCP spec in the official announcement post.

Links to docs and specs about everything mentioned in this post are below.

2025-11-25T08:07:14-08:00 Fullscreen Open in Tab
Recurring Events for Meetable

In October, I launched an instance of Meetable for the MCP Community. They've been using it to post working group meetings as well as in-person community events. In just 2 months it already has 41 events listed!

One of the aspects of opening up the software to a new community is stress testing some of the design decisions. An early design decision was intentionally to not support recurring events. For a community calendar, recurring events are often problematic. Once a recurring event is created for something like a weekly meetup, it's no longer clear whether the event is actually going to happen, which is especially true for virtual events. If an organizer of the event silently drops away from the community, it's very likely they will not go delete the event, and you can end up with stale events on the calendar quickly. It's better to have people explicitly create the event on the calendar so that every event was created with intention. To support this, I made a "Clone Event" button to quickly copy the details from a previous instance, and it even predicts the next date based on how often the event has been happening in the past.

But for the MCP community, which is a bit more formal than a purely community calendar, most of the events on their site are weekly or biweekly working group meetings. I had been hearing quite a bit of feedback that the current process of scheduling out the events manually, even with the "clone event" feature, was too much of a burden. So I set out to design a solution for recurring events to strike a balance between ease of use and hopefully avoiding some of the pitfalls of recurring events.

What I landed on is this:

You can create an "event template" from any existing event on the calendar, and give it a recurrence interval like "Every week on Tuesdays" or "Monthly on the 9th".

recurrence options

(I'll add an option for "Monthly on the second Tuesday" later if this ends up being used enough.)

Once the schedule is created, copies of the event will be created at the chosen interval, but only a few weeks out. For weekly events, 4 weeks in advance will be created, biweekly will get scheduled 8 weeks out, monthly events 4 months out, and yearly events will have only the next year scheduled. Every day a cron job will create future events at the scheduled interval in advance. If the event template is deleted, future scheduled events will also be deleted.

So effectively for organizers there is nothing they need to do after creating the recurring event schedule. My hope is by having it work this way, instead of like recurring events on a typical Google calendar, it strikes a balance between ease of use but avoids orphaned events on the calendar. It still requires an organizer to delete a recurrence, so should only be used for events that truly have a schedule and are unlikely to be cancelled often.

Hopefully this makes Meetable even more useful for different kinds of communities! You can install your own copy of Meetable from the source code on GitHub.

2025-10-11T09:49:59-07:00 Fullscreen Open in Tab
Adding Support for BlueSky to IndieLogin.com

Today I just launched support for BlueSky as a new authentication option in IndieLogin.com!

IndieLogin.com is a developer service that allows users to log in to a website with their domain. It delegates the actual user authentication out to various external services, whether that is an IndieAuth server, GitHub, GitLab, Codeberg, or just an email confirmation code, and now also BlueSky.

This means if you have a custom domain as your BlueSky handle, you can now use it to log in to websites like indieweb.org directly!

bluesky login

Alternatively, you can add a link to your BlueSky handle from your website with a rel="me atproto" attribute, similar to how you would link to your GitHub profile from your website.

<a href="https://example.bsky.social" rel="me atproto">example.bsky.social</a>

Full setup instructions here

This is made possible thanks to BlueSky's support of the new OAuth Client ID Metadata Document specification, which was recently adopted by the OAuth Working Group. This means as the developer of the IndieLogin.com service, I didn't have to register for any BlueSky API keys in order to use the OAuth server! The IndieLogin.com website publishes its own metadata which the BlueSky OAuth server can use to fetch the metadata from. This is the same client metadata that an IndieAuth server will parse as well! Aren't standards fun!

The hardest part about the whole process was probably adding DPoP support. Actually creating the DPoP JWT wasn't that bad but the tricky part was handling the DPoP server nonces sent back. I do wish we had a better solution for that mechanism in DPoP, but I remember the reasoning for doing it this way and I guess we just have to live with it now.

This was a fun exercise in implementing a bunch of the specs I've been working on recently!

Here's the link to the full ATProto OAuth docs for reference.

2025-10-10T00:00:00+00:00 Fullscreen Open in Tab
Notes on switching to Helix from vim

Hello! Earlier this summer I was talking to a friend about how much I love using fish, and how I love that I don’t have to configure it. They said that they feel the same way about the helix text editor, and so I decided to give it a try.

I’ve been using it for 3 months now and here are a few notes.

why helix: language servers

I think what motivated me to try Helix is that I’ve been trying to get a working language server setup (so I can do things like “go to definition”) and getting a setup that feels good in Vim or Neovim just felt like too much work.

After using Vim/Neovim for 20 years, I’ve tried both “build my own custom configuration from scratch” and “use someone else’s pre-buld configuration system” and even though I love Vim I was excited about having things just work without having to work on my configuration at all.

Helix comes with built in language server support, and it feels nice to be able to do things like “rename this symbol” in any language.

the search is great

One of my favourite things about Helix is the search! If I’m searching all the files in my repository for a string, it lets me scroll through the potential matching files and see the full context of the match, like this:

For comparison, here’s what the vim ripgrep plugin I’ve been using looks like:

There’s no context for what else is around that line.

the quick reference is nice

One thing I like about Helix is that when I press g, I get a little help popup telling me places I can go. I really appreciate this because I don’t often use the “go to definition” or “go to reference” feature and I often forget the keyboard shortcut.

some vim -> helix translations

  • Helix doesn’t have marks like ma, 'a, instead I’ve been using Ctrl+O and Ctrl+I to go back (or forward) to the last cursor location
  • I think Helix does have macros, but I’ve been using multiple cursors in every case that I would have previously used a macro. I like multiple cursors a lot more than writing macros all the time. If I want to batch change something in the document, my workflow is to press % (to highlight everything), then s to select (with a regex) the things I want to change, then I can just edit all of them as needed.
  • Helix doesn’t have neovim-style tabs, instead it has a nice buffer switcher (<space>b) I can use to switch to the buffer I want. There’s a pull request here to implement neovim-style tabs. There’s also a setting bufferline="multiple" which can act a bit like tabs with gp, gn for prev/next “tab” and :bc to close a “tab”.

some helix annoyances

Here’s everything that’s annoyed me about Helix so far.

  • I like the way Helix’s :reflow works much less than how vim reflows text with gq. It doesn’t work as well with lists. (github issue)
  • If I’m making a Markdown list, pressing “enter” at the end of a list item won’t continue the list. There’s a partial workaround for bulleted lists but I don’t know one for numbered lists.
  • No persistent undo yet: in vim I could use an undofile so that I could undo changes even after quitting. Helix doesn’t have that feature yet. (github PR)
  • Helix doesn’t autoreload files after they change on disk, I have to run :reload-all (:ra<tab>) to manually reload them. Not a big deal.
  • Sometimes it panics, maybe every week or so. I think it might be this issue.

The crashes look something like this:

thread 'main' panicked at helix-core/src/transaction.rs:499:9:
Positions [(2959, AfterSticky), (2959, AfterSticky)] are out of range for changeset len 2945!
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

The “markdown list” and reflowing issues come up a lot for me because I spend a lot of time editing Markdown lists, but I keep using Helix anyway so I guess they can’t be making me that mad.

switching was easier than I thought

I was worried that relearning 20 years of Vim muscle memory would be really hard.

It turned out to be easier than I expected, I started using Helix on a vacation for a little low-stakes coding project I was doing on the side and after a week or two it didn’t feel so disorienting anymore. I think it might be hard to switch back and forth between Vim and Helix, but I haven’t needed to use Vim recently so I don’t know if that’ll ever become an issue for me.

The first time I tried Helix I tried to force it to use keybindings that were more similar to Vim and that did not work for me. Just learning the “Helix way” was a lot easier.

There are still some things that throw me off: for example w in vim and w in Helix don’t have the same idea of what a “word” is (the Helix one includes the space after the word, the Vim one doesn’t).

using a terminal-based text editor

For many years I’d mostly been using a GUI version of vim/neovim, so switching to actually using an editor in the terminal was a bit of an adjustment.

I ended up deciding on:

  1. Every project gets its own terminal window, and all of the tabs in that window (mostly) have the same working directory
  2. I make my Helix tab the first tab in the terminal window

It works pretty well, I might actually like it better than my previous workflow.

my configuration

I appreciate that my configuration is really simple, compared to my neovim configuration which is hundreds of lines. It’s mostly just 4 keyboard shortcuts.

theme = "solarized_light"
[editor]
# Sync clipboard with system clipboard
default-yank-register = "+"

[keys.normal]
# I didn't like that Ctrl+C was the default "toggle comments" shortcut
"#" = "toggle_comments"

# I didn't feel like learning a different way
# to go to the beginning/end of a line so
# I remapped ^ and $
"^" = "goto_first_nonwhitespace"
"$" = "goto_line_end"

[keys.select]
"^" = "goto_first_nonwhitespace"
"$" = "goto_line_end"

[keys.normal.space]
# I write a lot of text so I need to constantly reflow,
# and missed vim's `gq` shortcut
l = ":reflow"

There’s a separate languages.toml configuration where I set some language preferences, like turning off autoformatting. For example, here’s my Python configuration:

[[language]]
name = "python"
formatter = { command = "black", args = ["--stdin-filename", "%{buffer_name}", "-"] }
language-servers = ["pyright"]
auto-format = false

we’ll see how it goes

Three months is not that long, and it’s possible that I’ll decide to go back to Vim at some point. For example, I wrote a post about switching to nix a while back but after maybe 8 months I switched back to Homebrew (though I’m still using NixOS to manage one little server, and I’m still satisfied with that).

2025-10-08T12:14:38-07:00 Fullscreen Open in Tab
Client ID Metadata Document Adopted by the OAuth Working Group

The IETF OAuth Working Group has adopted the Client ID Metadata Document specification!

This specification defines a mechanism through which an OAuth client can identify itself to authorization servers, without prior dynamic client registration or other existing registration.

Clients identify themselves with their own URL, and host their metadata (name, logo, redirect URL) in a JSON document at that URL. They then use that URL as the client_id to introduce themselves to an authorization server for the first time.

The mechanism of clients identifying themselves as a URL has been in use in IndieAuth for over a decade, and more recently has been adopted by BlueSky for their OAuth API. The recent surge in interest in MCP has further demonstrated the need for this to be a standardized mechanism, and was the main driver in the latest round of discussion for the document! This could replace Dynamic Client Registration in MCP, dramatically simplifying management of clients, as well as enabling servers to limit access to specific clients if they want.

The folks at Stytch put together a really nice explainer website about it too! cimd.dev

Thanks to everyone for your contributions and feedback so far! And thanks to my co-author Emilia Smith for her work on the document!

2025-10-04T07:32:57-07:00 Fullscreen Open in Tab
Meetable Release Notes - October 2025

I just released some updates for Meetable, my open source event listing website.

The major new feature is the ability to let users log in with a Discord account. A Meetable instance can be linked to a Discord server to enable any member of the server to log in to the site. You can also restrict who can log in based on Discord "roles", so you can limit who can edit events to only certain Discord members.

One of the first questions I get about Meetable is whether recurring events are supported. My answer has always been "no". In general, it's too easy for recurring events on community calendars go get stale. If an organizer forgets to cancel or just stops showing up, that isn't visible unless someone takes the time to clean up the recurrence. Instead, it's healthier to require each event be created manually. There is a "clone event" feature that makes it easy to copy all the details from a previous event to be able to quickly manually create these sorts of recurring events. In this update, I just added a feature to streamline this even further. The next recurrence is now predicted based on the past interval of the event.

For example, for a biweekly cadence, the following steps happen now:

  • You would create the first instance manually, say for October 1
  • You click "Clone Event" and change the date of the new event to October 15
  • Now when you click "Clone Event" on the October 15 event, it will pre-fill October 29 based on the fact that the October 15 event was created 2 weeks after the event it was cloned from

Currently this only works by counting days, so wouldn't work for things like "first Tuesday of the month" or "the 1st of the month", but I hope this saves some time in the future regardless. If "first Tuesday" or specific days of the month are an important use case for you, let me know and I can try to come up with a solution.

Minor changes/fixes below:

  • Added "Create New Event" to the "Add Event" dropdown menu because it wasn't obvious "Add Event" was clickable.
  • Meeting link no longer appears for cancelled events. (Actually the meeting link only appears for "confirmed" events.)
  • If you add a meeting link but don't set a timezone, a warning message appears on the event.
  • Added a setting to show a message when uploading a photo, you can use this to describe a photo license policy for example.
  • Added a "user profile" page, and if users are configured to fetch profile info from their website, a button to re-fetch the profile info will appear.
2025-08-06T17:00:00-07:00 Fullscreen Open in Tab
San Francisco Billboards - August 2025

Every time I take a Lyft from the San Francisco airport to downtown going up 101, I notice the billboards. The billboards on 101 are always such a good snapshot in time of the current peak of the Silicon Valley hype cycle. I've decided to capture photos of the billboards every time I am there, to see how this changes over time. 

Here's a photo dump from the 101 billboards from August 2025. The theme is clearly AI. Apologies for the slightly blurry photos, these were taken while driving 60mph down the highway, some of them at night.

2025-06-26T00:00:00+00:00 Fullscreen Open in Tab
New zine: The Secret Rules of the Terminal

Hello! After many months of writing deep dive blog posts about the terminal, on Tuesday I released a new zine called “The Secret Rules of the Terminal”!

You can get it for $12 here: https://wizardzines.com/zines/terminal, or get an 15-pack of all my zines here.

Here’s the cover:

the table of contents

Here’s the table of contents:

why the terminal?

I’ve been using the terminal every day for 20 years but even though I’m very confident in the terminal, I’ve always had a bit of an uneasy feeling about it. Usually things work fine, but sometimes something goes wrong and it just feels like investigating it is impossible, or at least like it would open up a huge can of worms.

So I started trying to write down a list of weird problems I’ve run into in terminal and I realized that the terminal has a lot of tiny inconsistencies like:

  • sometimes you can use the arrow keys to move around, but sometimes pressing the arrow keys just prints ^[[D
  • sometimes you can use the mouse to select text, but sometimes you can’t
  • sometimes your commands get saved to a history when you run them, and sometimes they don’t
  • some shells let you use the up arrow to see the previous command, and some don’t

If you use the terminal daily for 10 or 20 years, even if you don’t understand exactly why these things happen, you’ll probably build an intuition for them.

But having an intuition for them isn’t the same as understanding why they happen. When writing this zine I actually had to do a lot of work to figure out exactly what was happening in the terminal to be able to talk about how to reason about it.

the rules aren’t written down anywhere

It turns out that the “rules” for how the terminal works (how do you edit a command you type in? how do you quit a program? how do you fix your colours?) are extremely hard to fully understand, because “the terminal” is actually made of many different pieces of software (your terminal emulator, your operating system, your shell, the core utilities like grep, and every other random terminal program you’ve installed) which are written by different people with different ideas about how things should work.

So I wanted to write something that would explain:

  • how the 4 pieces of the terminal (your shell, terminal emulator, programs, and TTY driver) fit together to make everything work
  • some of the core conventions for how you can expect things in your terminal to work
  • lots of tips and tricks for how to use terminal programs

this zine explains the most useful parts of terminal internals

Terminal internals are a mess. A lot of it is just the way it is because someone made a decision in the 80s and now it’s impossible to change, and honestly I don’t think learning everything about terminal internals is worth it.

But some parts are not that hard to understand and can really make your experience in the terminal better, like:

  • if you understand what your shell is responsible for, you can configure your shell (or use a different one!) to access your history more easily, get great tab completion, and so much more
  • if you understand escape codes, it’s much less scary when cating a binary to stdout messes up your terminal, you can just type reset and move on
  • if you understand how colour works, you can get rid of bad colour contrast in your terminal so you can actually read the text

I learned a surprising amount writing this zine

When I wrote How Git Works, I thought I knew how Git worked, and I was right. But the terminal is different. Even though I feel totally confident in the terminal and even though I’ve used it every day for 20 years, I had a lot of misunderstandings about how the terminal works and (unless you’re the author of tmux or something) I think there’s a good chance you do too.

A few things I learned that are actually useful to me:

  • I understand the structure of the terminal better and so I feel more confident debugging weird terminal stuff that happens to me (I was even able to suggest a small improvement to fish!). Identifying exactly which piece of software is causing a weird thing to happen in my terminal still isn’t easy but I’m a lot better at it now.
  • you can write a shell script to copy to your clipboard over SSH
  • how reset works under the hood (it does the equivalent of stty sane; sleep 1; tput reset) – basically I learned that I don’t ever need to worry about remembering stty sane or tput reset and I can just run reset instead
  • how to look at the invisible escape codes that a program is printing out (run unbuffer program > out; less out)
  • why the builtin REPLs on my Mac like sqlite3 are so annoying to use (they use libedit instead of readline)

blog posts I wrote along the way

As usual these days I wrote a bunch of blog posts about various side quests:

people who helped with this zine

A long time ago I used to write zines mostly by myself but with every project I get more and more help. I met with Marie Claire LeBlanc Flanagan every weekday from September to June to work on this one.

The cover is by Vladimir Kašiković, Lesley Trites did copy editing, Simon Tatham (who wrote PuTTY) did technical review, our Operations Manager Lee did the transcription as well as a million other things, and Jesse Luehrs (who is one of the very few people I know who actually understands the terminal’s cursed inner workings) had so many incredibly helpful conversations with me about what is going on in the terminal.

get the zine

Here are some links to get the zine again:

As always, you can get either a PDF version to print at home or a print version shipped to your house. The only caveat is print orders will ship in August – I need to wait for orders to come in to get an idea of how many I should print before sending it to the printer.

2025-06-10T00:00:00+00:00 Fullscreen Open in Tab
Using `make` to compile C programs (for non-C-programmers)

I have never been a C programmer but every so often I need to compile a C/C++ program from source. This has been kind of a struggle for me: for a long time, my approach was basically “install the dependencies, run make, if it doesn’t work, either try to find a binary someone has compiled or give up”.

“Hope someone else has compiled it” worked pretty well when I was running Linux but since I’ve been using a Mac for the last couple of years I’ve been running into more situations where I have to actually compile programs myself.

So let’s talk about what you might have to do to compile a C program! I’ll use a couple of examples of specific C programs I’ve compiled and talk about a few things that can go wrong. Here are three programs we’ll be talking about compiling:

  • paperjam
  • sqlite
  • qf (a pager you can run to quickly open files from a search with rg -n THING | qf)

step 1: install a C compiler

This is pretty simple: on an Ubuntu system if I don’t already have a C compiler I’ll install one with:

sudo apt-get install build-essential

This installs gcc, g++, and make. The situation on a Mac is more confusing but it’s something like “install xcode command line tools”.

step 2: install the program’s dependencies

Unlike some newer programming languages, C doesn’t have a dependency manager. So if a program has any dependencies, you need to hunt them down yourself. Thankfully because of this, C programmers usually keep their dependencies very minimal and often the dependencies will be available in whatever package manager you’re using.

There’s almost always a section explaining how to get the dependencies in the README, for example in paperjam’s README, it says:

To compile PaperJam, you need the headers for the libqpdf and libpaper libraries (usually available as libqpdf-dev and libpaper-dev packages).

You may need a2x (found in AsciiDoc) for building manual pages.

So on a Debian-based system you can install the dependencies like this.

sudo apt install -y libqpdf-dev libpaper-dev

If a README gives a name for a package (like libqpdf-dev), I’d basically always assume that they mean “in a Debian-based Linux distro”: if you’re on a Mac brew install libqpdf-dev will not work. I still have not 100% gotten the hang of developing on a Mac yet so I don’t have many tips there yet. I guess in this case it would be brew install qpdf if you’re using Homebrew.

step 3: run ./configure (if needed)

Some C programs come with a Makefile and some instead come with a script called ./configure. For example, if you download sqlite’s source code, it has a ./configure script in it instead of a Makefile.

My understanding of this ./configure script is:

  1. You run it, it prints out a lot of somewhat inscrutable output, and then it either generates a Makefile or fails because you’re missing some dependency
  2. The ./configure script is part of a system called autotools that I have never needed to learn anything about beyond “run it to generate a Makefile”.

I think there might be some options you can pass to get the ./configure script to produce a different Makefile but I have never done that.

step 4: run make

The next step is to run make to try to build a program. Some notes about make:

  • Sometimes you can run make -j8 to parallelize the build and make it go faster
  • It usually prints out a million compiler warnings when compiling the program. I always just ignore them. I didn’t write the software! The compiler warnings are not my problem.

compiler errors are often dependency problems

Here’s an error I got while compiling paperjam on my Mac:

/opt/homebrew/Cellar/qpdf/12.0.0/include/qpdf/InputSource.hh:85:19: error: function definition does not declare parameters
   85 |     qpdf_offset_t last_offset{0};
      |                   ^

Over the years I’ve learned it’s usually best not to overthink problems like this: if it’s talking about qpdf, there’s a good change it just means that I’ve done something wrong with how I’m including the qpdf dependency.

Now let’s talk about some ways to get the qpdf dependency included in the right way.

the world’s shortest introduction to the compiler and linker

Before we talk about how to fix dependency problems: building C programs is split into 2 steps:

  1. Compiling the code into object files (with gcc or clang)
  2. Linking those object files into a final binary (with ld)

It’s important to know this when building a C program because sometimes you need to pass the right flags to the compiler and linker to tell them where to find the dependencies for the program you’re compiling.

make uses environment variables to configure the compiler and linker

If I run make on my Mac to install paperjam, I get this error:

c++ -o paperjam paperjam.o pdf-tools.o parse.o cmds.o pdf.o -lqpdf -lpaper
ld: library 'qpdf' not found

This is not because qpdf is not installed on my system (it actually is!). But the compiler and linker don’t know how to find the qpdf library. To fix this, we need to:

  • pass "-I/opt/homebrew/include" to the compiler (to tell it where to find the header files)
  • pass "-L/opt/homebrew/lib -liconv" to the linker (to tell it where to find library files and to link in iconv)

And we can get make to pass those extra parameters to the compiler and linker using environment variables! To see how this works: inside paperjam’s Makefile you can see a bunch of environment variables, like LDLIBS here:

paperjam: $(OBJS)
	$(LD) -o $@ $^ $(LDLIBS)

Everything you put into the LDLIBS environment variable gets passed to the linker (ld) as a command line argument.

secret environment variable: CPPFLAGS

Makefiles sometimes define their own environment variables that they pass to the compiler/linker, but make also has a bunch of “implicit” environment variables which it will automatically pass to the C compiler and linker. There’s a full list of implicit environment variables here, but one of them is CPPFLAGS, which gets automatically passed to the C compiler.

(technically it would be more normal to use CXXFLAGS for this, but this particular Makefile hardcodes CXXFLAGS so setting CPPFLAGS was the only way I could find to set the compiler flags without editing the Makefile)

As an aside: it took me a long time to realize how closely tied to C/C++ `make` is -- I used to think that `make` was just a general build system (and of course you can use it for anything!) but it has a lot of affordances for building C/C++ programs that it doesn't have for building any other kind of program.

two ways to pass environment variables to make

I learned thanks to @zwol that there are actually two ways to pass environment variables to make:

  1. CXXFLAGS=xyz make (the usual way)
  2. make CXXFLAGS=xyz

The difference between them is that make CXXFLAGS=xyz will override the value of CXXFLAGS set in the Makefile but CXXFLAGS=xyz make won’t.

I’m not sure which way is the norm but I’m going to use the first way in this post.

how to use CPPFLAGS and LDLIBS to fix this compiler error

Now that we’ve talked about how CPPFLAGS and LDLIBS get passed to the compiler and linker, here’s the final incantation that I used to get the program to build successfully!

CPPFLAGS="-I/opt/homebrew/include" LDLIBS="-L/opt/homebrew/lib -liconv" make paperjam

This passes -I/opt/homebrew/include to the compiler and -L/opt/homebrew/lib -liconv to the linker.

Also I don’t want to pretend that I “magically” knew that those were the right arguments to pass, figuring them out involved a bunch of confused Googling that I skipped over in this post. I will say that:

  • the -I compiler flag tells the compiler which directory to find header files in, like /opt/homebrew/include/qpdf/QPDF.hh
  • the -L linker flag tells the linker which directory to find libraries in, like /opt/homebrew/lib/libqpdf.a
  • the -l linker flag tells the linker which libraries to link in, like -liconv means “link in the iconv library”, or -lm means “link math

tip: how to just build 1 specific file: make $FILENAME

Yesterday I discovered this cool tool called qf which you can use to quickly open files from the output of ripgrep.

qf is in a big directory of various tools, but I only wanted to compile qf. So I just compiled qf, like this:

make qf

Basically if you know (or can guess) the output filename of the file you’re trying to build, you can tell make to just build that file by running make $FILENAME

tip: you don’t need a Makefile

I sometimes write 5-line C programs with no dependencies, and I just learned that if I have a file called blah.c, I can just compile it like this without creating a Makefile:

make blah

It gets automaticaly expanded to cc -o blah blah.c, which saves a bit of typing. I have no idea if I’m going to remember this (I might just keep typing gcc -o blah blah.c anyway) but it seems like a fun trick.

tip: look at how other packaging systems built the same C program

If you’re having trouble building a C program, maybe other people had problems building it too! Every Linux distribution has build files for every package that they build, so even if you can’t install packages from that distribution directly, maybe you can get tips from that Linux distro for how to build the package. Realizing this (thanks to my friend Dave) was a huge ah-ha moment for me.

For example, this line from the nix package for paperjam says:

  env.NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isDarwin "-liconv";

This is basically saying “pass the linker flag -liconv to build this on a Mac”, so that’s a clue we could use to build it.

That same file also says env.NIX_CFLAGS_COMPILE = "-DPOINTERHOLDER_TRANSITION=1";. I’m not sure what this means, but when I try to build the paperjam package I do get an error about something called a PointerHolder, so I guess that’s somehow related to the “PointerHolder transition”.

step 5: installing the binary

Once you’ve managed to compile the program, probably you want to install it somewhere! Some Makefiles have an install target that let you install the tool on your system with make install. I’m always a bit scared of this (where is it going to put the files? what if I want to uninstall them later?), so if I’m compiling a pretty simple program I’ll often just manually copy the binary to install it instead, like this:

cp qf ~/bin

step 6: maybe make your own package!

Once I figured out how to do all of this, I realized that I could use my new make knowledge to contribute a paperjam package to Homebrew! Then I could just brew install paperjam on future systems.

The good thing is that even if the details of how all of the different packaging systems, they fundamentally all use C compilers and linkers.

it can be useful to understand a little about C even if you’re not a C programmer

I think all of this is an interesting example of how it can useful to understand some basics of how C programs work (like “they have header files”) even if you’re never planning to write a nontrivial C program if your life.

It feels good to have some ability to compile C/C++ programs myself, even though I’m still not totally confident about all of the compiler and linker flags and I still plan to never learn anything about how autotools works other than “you run ./configure to generate the Makefile”.

Two things I left out of this post:

  • LD_LIBRARY_PATH / DYLD_LIBRARY_PATH (which you use to tell the dynamic linker at runtime where to find dynamically linked files) because I can’t remember the last time I ran into an LD_LIBRARY_PATH issue and couldn’t find an example.
  • pkg-config, which I think is important but I don’t understand yet
2025-05-12T22:01:23-07:00 Fullscreen Open in Tab
Enterprise-Ready MCP

I've seen a lot of complaints about how MCP isn't ready for the enterprise.

I agree, although maybe not for the reasons you think. But don't worry, this isn't just a rant! I believe we can fix it!

The good news is the recent updates to the MCP authorization spec that separate out the role of the authorization server from the MCP server have now put the building blocks in place to make this a lot easier.

But let's back up and talk about what enterprise buyers expect when they are evaluating AI tools to bring into their companies.

Single Sign-On

At a minimum, an enterprise admin expects to be able to put an application under their single sign-on system. This enables the company to manage which users are allowed to use which applications, and prevents their users from needing to have their own passwords at the applications. The goal is to get every application managed under their single sign-on (SSO) system. Many large companies have more than 200 applications, so having them all managed through their SSO solution is a lot better than employees having to manage 200 passwords for each application!

There's a lot more than SSO too, like lifecycle management, entitlements, and logout. We're tackling these in the IPSIE working group in the OpenID Foundation. But for the purposes of this discussion, let's stick to the basics of SSO.

So what does this have to do with MCP?

An AI agent using MCP is just another application enterprises expect to be able to integrate into their single-sign-on (SSO) system. Let's take the example of Claude. When rolled out at a company, ideally every employee would log in to their company Claude account using the company identity provider (IdP). This lets the enterprise admin decide how many Claude licenses to purchase and who should be able to use it.

Connecting to External Apps

The next thing that should happen after a user logs in to Claude via SSO is they need to connect Claude to their other enterprise apps. This includes the built-in integrations in Claude like Google Calendar and Google Drive, as well as any MCP servers exposed by other apps in use within the enterprise. That could cover other SaaS apps like Zoom, Atlassian, and Slack, as well as home-grown internal apps.

Today, this process involves a somewhat cumbersome series of steps each individual employee must take. Here's an example of what the user needs to do to connect their AI agent to external apps:

First, the user logs in to Claude using SSO. This involves a redirect from Claude to the enterprise IdP where they authenticate with one or more factors, and then are redirected back.

SSO Log in to Claude

Next, they need to connect the external app from within Claude. Claude provides a button to initiate the connection. This takes the user to that app (in this example, Google), which redirects them to the IdP to authenticate again, eventually getting redirected back to the app where an OAuth consent prompt is displayed asking the user to approve access, and finally the user is redirected back to Claude and the connection is established.

Connect Google

The user has to repeat these steps for every MCP server that they want to connect to Claude. There are two main problems with this:

  • This user experience is not great. That's a lot of clicking that the user has to do.
  • The enterprise admin has no visibility or control over the connection established between the two applications.

Both of these are significant problems. If you have even just 10 MCP servers rolled out in the enterprise, you're asking users to click through 10 SSO and OAuth prompts to establish the connections, and it will only get worse as MCP is more widely adopted within apps. But also, should we really be asking the user if it's okay for Claude to access their data in Google Drive? In a company context, that's not actually the user's decision. That decision should be made by the enterprise IT admin.

In "An Open Letter to Third-party Suppliers", Patrick Opet, Chief Information Security Officer of JPMorgan Chase writes:

"Modern integration patterns, however, dismantle these essential boundaries, relying heavily on modern identity protocols (e.g., OAuth) to create direct, often unchecked interactions between third-party services and firms' sensitive internal resources."

Right now, these app-to-app connections are happening behind the back of the IdP. What we need is a way to move the connections between the applications into the IdP where they can be managed by the enterprise admin.

Let's see how this works if we leverage a new (in-progress) OAuth extension called "Identity and Authorization Chaining Across Domains", which I'll refer to as "Cross-App Access" for short, enabling the enterprise IdP to sit in the middle of the OAuth exchange between the two apps.

A Brief Intro to Cross-App Access

In this example, we'll use Claude as the application that is trying to connect to Slack's (hypothetical) MCP server. We'll start with a high-level overview of the flow, and later go over the detailed protocol.

First, the user logs in to Claude through the IdP as normal. This results in Claude getting either an ID token or SAML assertion from the IdP, which tells Claude who the user is. (This works the same for SAML assertions or ID tokens, so I'll use ID tokens in the example from here out.) This is no different than what the user would do today when signing in to Claude.

Step 1 and 2 SSO

Then, instead of prompting the user to connect Slack, Claude takes the ID token back to the IdP in a request that says "Claude is requesting access to this user's Slack account."

The IdP validates the ID token, sees it was issued to Claude, and verifies that the admin has allowed Claude to access Slack on behalf of the given user. Assuming everything checks out, the IdP issues a new token back to Claude.

Step 3 and 4 Cross-Domain Request

Claude takes the intermediate token from the IdP to Slack saying "hi, I would like an access token for the Slack MCP server. The IdP gave me this token with the details of the user to issue the access token for." Slack validates the token the same way it would have validated an ID token. (Remember, Slack is already configured for SSO to the IdP for this customer as well, so it already has a way to validate these tokens.) Slack is able to issue an access token giving Claude access to this user's resources in its MCP server.

Step 5-7 Access Token Request

This solves the two big problems:

  • The exchange happens entirely without any user interaction, so the user never sees any prompts or any OAuth consent screens.
  • Since the IdP sits in between the exchange, this gives the enterprise admin a chance to configure the policies around which applications are allowed this direct connection.

The other nice side effect of this is since there is no user interaction required, the first time a new user logs in to Claude, all their enterprise apps will be automatically connected without them having to click any buttons!

Cross-App Access Protocol

Now let's look at what this looks like in the actual protocol. This is based on the adopted in-progress OAuth specification "Identity and Authorization Chaining Across Domains". This spec is actually a combination of two RFCs: Token Exchange (RFC 8693), and JWT Profile for Authorization Grants (RFC 7523). Both RFCs as well as the "Identity and Authorization Chaining Across Domains" spec are very flexible. While this means it is possible to apply this to many different use cases, it does mean we need to be a bit more specific in how to use it for this use case. For that purpose, I've written a profile of the Identity Chaining draft called "Identity Assertion Authorization Grant" to fill in the missing pieces for the specific use case detailed here.

Let's go through it step by step. For this example we'll use the following entities:

  • Claude - the "Requesting Application", which is attempting to access Slack
  • Slack - the "Resource Application", which has the resources being accessed through MCP
  • Okta - the enterprise identity provider which users at the example company can use to sign in to both apps

Cross-App Access Diagram

Single Sign-On

First, Claude gets the user to sign in using a standard OpenID Connect (or SAML) flow in order to obtain an ID token. There isn't anything unique to this spec regarding this first stage, so I will skip the details of the OpenID Connect flow and we'll start with the ID token as the input to the next step.

Token Exchange

Claude, the requesting application, then makes a Token Exchange request (RFC 8693) to the IdP's token endpoint with the following parameters:

  • requested_token_type: The value urn:ietf:params:oauth:token-type:id-jag indicates that an ID Assertion JWT is being requested.
  • audience: The Issuer URL of the Resource Application's authorization server.
  • subject_token: The identity assertion (e.g. the OpenID Connect ID Token or SAML assertion) for the target end-user.
  • subject_token_type: Either urn:ietf:params:oauth:token-type:id_token or urn:ietf:params:oauth:token-type:saml2 as defined by RFC 8693.

This request will also include the client credentials that Claude would use in a traditional OAuth token request, which could be a client secret or a JWT Bearer Assertion.

POST /oauth2/token HTTP/1.1
Host: acme.okta.com
Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:token-exchange
&requested_token_type=urn:ietf:params:oauth:token-type:id-jag
&audience=https://auth.slack.com/
&subject_token=eyJraWQiOiJzMTZ0cVNtODhwREo4VGZCXzdrSEtQ...
&subject_token_type=urn:ietf:params:oauth:token-type:id_token
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyIn0...

ID Assertion Validation and Policy Evaluation

At this point, the IdP evaluates the request and decides whether to issue the requested "ID Assertion JWT". The request will be evaluated based on the validity of the arguments, as well as the configured policy by the customer.

For example, the IdP validates that the ID token in this request was issued to the same client that matches the provided client authentication. It evaluates that the user still exists and is active, and that the user is assigned the Resource Application. Other policies can be evaluated at the discretion of the IdP, just like it can during a single sign-on flow.

If the IdP agrees that the requesting app should be authorized to access the given user's data in the resource app's MCP server, it will respond with a Token Exchange response to issue the token:

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store

{
  "issued_token_type": "urn:ietf:params:oauth:token-type:id-jag",
  "access_token": "eyJhbGciOiJIUzI1NiIsI...",
  "token_type": "N_A",
  "expires_in": 300
}

The claims in the issued JWT are defined in "Identity Assertion Authorization Grant". The JWT is signed using the same key that the IdP signs ID tokens with. This is a critical aspect that makes this work, since again we assumed that both apps would already be configured for SSO to the IdP so would already be aware of the signing key for that purpose.

At this point, Claude is ready to request a token for the Resource App's MCP server

Access Token Request

The JWT received in the previous request can now be used as a "JWT Authorization Grant" as described by RFC 7523. To do this, Claude makes a request to the MCP authorization server's token endpoint with the following parameters:

  • grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer
  • assertion: The Identity Assertion Authorization Grant JWT obtained in the previous token exchange step

For example:

POST /oauth2/token HTTP/1.1
Host: auth.slack.com
Authorization: Basic yZS1yYW5kb20tc2VjcmV0v3JOkF0XG5Qx2

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
assertion=eyJhbGciOiJIUzI1NiIsI...

Slack's authorization server can now evaluate this request to determine whether to issue an access token. The authorization server can validate the JWT by checking the issuer (iss) in the JWT to determine which enterprise IdP the token is from, and then check the signature using the public key discovered at that server. There are other claims to be validated as well, described in Section 6.1 of the Identity Assertion Authorization Grant.

Assuming all the validations pass, Slack is ready to issue an access token to Claude in the token response:

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store

{
  "token_type": "Bearer",
  "access_token": "2YotnFZFEjr1zCsicMWpAA",
  "expires_in": 86400
}

This token response is the same format that Slack's authorization server would be responding to a traditional OAuth flow. That's another key aspect of this design that makes it scalable. We don't need the resource app to use any particular access token format, since only that server is responsible for validating those tokens.

Now that Claude has the access token, it can make a request to the (hypothetical) Slack MCP server using the bearer token the same way it would have if it got the token using the traditional redirect-based OAuth flow.

Note: Eventually we'll need to define the specific behavior of when to return a refresh token in this token response. The goal is to ensure the client goes through the IdP often enough for the IdP to enforce its access policies. A refresh token could potentially undermine that if the refresh token lifetime is too long. It follows that ultimately the IdP should enforce the refresh token lifetime, so we will need to define a way for the IdP to communicate to the authorization server whether and how long to issue refresh tokens. This would enable the authorization server to make its own decision on access token lifetime, while still respecting the enterprise IdP policy.

Cross-App Access Sequence Diagram

Here's the flow again, this time as a sequence diagram.

Cross-App Access Sequence Diagram

  1. The client initiates a login request
  2. The user's browser is redirected to the IdP
  3. The user logs in at the IdP
  4. The IdP returns an OAuth authorization code to the user's browser
  5. The user's browser delivers the authorization code to the client
  6. The client exchanges the authorization code for an ID token at the IdP
  7. The IdP returns an ID token to the client

At this point, the user is logged in to the MCP client. Everything up until this point has been a standard OpenID Connect flow.

  1. The client makes a direct Token Exchange request to the IdP to exchange the ID token for a cross-domain "ID Assertion JWT"
  2. The IdP validates the request and checks the internal policy
  3. The IdP returns the ID-JAG to the client
  4. The client makes a token request using the ID-JAG to the MCP authorization server
  5. The authorization server validates the token using the signing key it also uses for its OpenID Connect flow with the IdP
  6. The authorization server returns an access token
  7. The client makes a request with the access token to the MCP server
  8. The MCP server returns the response

For a more detailed step by step of the flow, see Appendix A.3 of the Identity Assertion Authorization Grant.

Next Steps

If this is something you're interested in, we'd love your help! The in-progress spec is publicly available, and we're looking for people interested in helping prototype it. If you're building an MCP server and you want to make it enterprise-ready, I'd be happy to help you build this!

You can find me at a few related events coming up:

And of course you can always find me on LinkedIn or email me at aaron.parecki@okta.com.

2025-04-03T16:39:37-07:00 Fullscreen Open in Tab
Let's fix OAuth in MCP
Update: The changes described in this blog post have been incorporated into the 2025-06-18 version of the MCP spec!

Let's not overthink auth in MCP.

Yes, the MCP server is going to need its own auth server. But it's not as bad as it sounds. Let me explain.

First let's get a few pieces of terminology straight.

The confusion that's happening in the discussions I've seen so far is because the spec and diagrams show that the MCP server itself is handing authorization. That's not necessary.

oauth roles

In OAuth, we talk about the "authorization server" and "resource server" as distinct roles. I like to think of the authorization server as the "token factory", that's the thing that makes the access tokens. The resource server (usually an API) needs to be able to validate the tokens created by the authorization server.

combined AS and RS

It's possible to build a single server that is both a resource server and authorization server, and in fact many OAuth systems are built that way, especially large consumer services.

separate AS and RS

But nothing about the spec requires that the two roles are combined, it's also possible to run these as two totally unrelated services.

This flexibility that's been baked into OAuth for over a decade is what has led to the rapid adoption, as well the proliferation of open source and commercial products that provide an OAuth authorization server as a service.

So how does this relate to MCP?

I can annotate the flow from the Model Context Protocol spec to show the parts where the client talks to the MCP Resource Server separately from where the client talks to the MCP Authorization Server.

MCP Flow showing AS and RS highlighted

Here is the updated sequence diagram showing communication with each role separately.

New MCP diagram showing separate AS and RS

Why is it important to call out this change?

I've seen a few conversations in various places about how requiring the MCP Server to be both an authorization server and resource server is too much of a burden. But actually, very little needs to change about the spec to enable this separation of concerns that OAuth already provides.

I've also seen various suggestions of other ways to separate the authorization server from the MCP server, like delegating to an enterprise IdP and having the MCP server validate access tokens issued by the IdP. These other options also conflate the OAuth roles in an awkward way and would result in some undesirable properties or relationships between the various parties involved.

So what needs to change in the MCP spec to enable this?

Discovery

The main thing currently forcing the MCP Server to be both the authorization server and resource server is how the client does discovery.

One design goal of MCP is to enable a client to bootstrap everything it needs based on only the server URL provided. I think this is a great design goal, and luckily is something that can be achieved even when separating the roles in the way I've described.

The MCP spec currently says that clients are expected to fetch the OAuth Server Metadata (RFC8414) file from the MCP Server base URL, resulting in a URL such as:

https://example.com/.well-known/oauth-authorization-server

This ends up meaning the MCP Resource Server must also be an Authorization Server, which leads to the complications the community has encountered so far. The good news is there is an OAuth spec we can apply here instead: Protected Resource Metadata.

Protected Resource Metadata

The Protected Resource Metadata spec is used by a Resource Server to advertise metadata about itself, including which Authorization Server can be used with it. This spec is both new and old. It was started in 2016, but was never adopted by the OAuth working group until 2023, after I had presented at an IETF meeting about the need for clients to be able to bootstrap OAuth flows given an OAuth resource server. The spec is now awaiting publication as an RFC, and should get its RFC number in a couple months. (Update: This became RFC 9728 on April 23, 2025!)

Applying this to the MCP server would result in a sequence like the following:

New discovery flow for MCP

  1. The MCP Client fetches the Resource Server Metadata file by appending /.well-known/oauth-protected-resource to the MCP Server base URL.
  2. The MCP Client finds the authorization_servers property in the JSON response, and builds the Authorization Server Metadata URL by appending /.well-known/oauth-authorization-server
  3. The MCP Client fetches the Authorization Server Metadata to find the endpoints it needs for the OAuth flow, the authorization endpoint and token endpoint
  4. The MCP Client initiates an OAuth flow and continues as normal


Note: The Protected Resource Metadata spec also supports the Resource Server returning WWW-Authenticate with a link to the resource metadata URL if you want to avoid the requirement that MCP Servers host their metadata URLs at the .well-known endpoint, it just requires an extra HTTP request to support this.

Access Token Validation

Two things to keep in mind about how the MCP Server validates access tokens with this new separation of concerns.

If you do build the MCP Authorization Server and Resource Server as part of the same system, you don't need to do anything special to validate the access tokens the Authorization Server issues. You probably already have some sort of infrastructure in place for your normal API to validate tokens issued by your Authorization Server, so nothing changes there.

If you are using an external Authorization Server, whether that's an open source product or a commercial hosted service, that product will have its own docs for how you can validate the tokens it creates. There's a good chance it already supports the standardized JWT Access Tokens described in RFC 9068, in which case you can use off-the-shelf JWT validation middleware for common frameworks.

In either case, the critical design goal here is that the MCP Authorization Server issues access tokens that only ever need to be validated by the MCP Resource Server. This is in line with the security recommendations in Section 2.3 of RFC 9700, in particular that "access tokens SHOULD be audience-restricted to a specific resource server". In other words, it would be a bad idea for the MCP Client to be issued an access token that works with both the MCP Resource Server and the service's REST API.

Why Require the MCP Server to have an Authorization Server in the first place?

Another argument I've seen is that MCP Server developers shouldn't have to build any OAuth infrastructure at all, instead they should be able to delegate all the OAuth bits to an external service.

In principle, I agree. Getting API access and authorization right is tricky, that's why there are entire companies dedicated to solving the problem.

The architecture laid out above enables this exact separation of concerns. The difference between this architecture and some of the other proposals I've seen is that this cleanly separates the security boundaries so that there are minimal dependencies among the parties involved.

But, one thing I haven't seen mentioned in the discussions is that there actually is no requirement than an OAuth Authorization Server provide any UI itself.

An Authorization Server with no UI?

While it is desirable from a security perspective that the MCP Resource Server has a corresponding Authorization Server that issues access tokens for it, that Authorization Server doesn't actually need to have any UI or even any concept of user login or accounts. You can actually build an Authorization Server that delegates all user account management to an external service. You can see an example of this in PayPal's MCP server they recently launched.

PayPal's traditional API already supports OAuth, the authorization and token endpoints are:

  • https://www.paypal.com/signin/authorize
  • https://api-m.paypal.com/v1/oauth2/token

When PayPal built their MCP server, they launched it at https://mcp.paypal.com. If you fetch the metadata for the MCP Server, you'll find the two OAuth endpoints for the MCP Authorization Server:

  • https://mcp.paypal.com/authorize
  • https://mcp.paypal.com/token

When the MCP Client redirects the user to the authorization endpoint, the MCP server itself doesn't provide any UI. Instead, it immediately redirects the user to the real PayPal authorization endpoint which then prompts the user to log in and authorize the client.

Roles with backend API and Authorization Servers

This points to yet another benefit of architecting the MCP Authorization Server and Resource Server this way. It enables implementers to delegate the actual user management to their existing OAuth server with no changes needed to the MCP Client. The MCP Client isn't even aware that this extra redirect step was inserted in the middle. As far as the MCP Client is concerned, it has been talking to only the MCP Authorization Server. It just so happens that the MCP Authorization Server has sent the user elsewhere to actually log in.

Dynamic Client Registration

There's one more point I want to make about why having a dedicated MCP Authorization Server is helpful architecturally.

The MCP spec strongly recommends that MCP Servers (authorization servers) support Dynamic Client Registration. If MCP is successful, there will be a large number of MCP Clients talking to a large number of MCP Servers, and the user is the one deciding which combinations of clients and servers to use. This means it is not scalable to require that every MCP Client developer register their client with every MCP Server.

This is similar to the idea of using an email client with the user's chosen email server. Obviously Mozilla can't register Thunderbird with every email server out there. Instead, there needs to be a way to dynamically establish a client's identity with the OAuth server at runtime. Dynamic Client Registration is one option for how to do that.

The problem is most commercial APIs are not going to enable Dynamic Client Registration on their production servers. For example, in order to get client credentials to use the Google APIs, you need to register as a developer and then register an OAuth client after logging in. Dynamic Client Registration would allow a client to register itself without the link to the developer's account. That would mean there is no paper trail for who the client was developed by. The Dynamic Client Registration endpoint can't require authentication by definition, so is a public endpoint that can create clients, which as you can imagine opens up some potential security issues.

I do, however, think it would be reasonable to expect production services to enable Dynamic Client Registration only on the MCP's Authorization Server. This way the dynamically-registered clients wouldn't be able to use the regular REST API, but would only be able to interact with the MCP API.

Mastodon and BlueSky also have a similar problem of needing clients to show up at arbitrary authorization servers without prior coordination between the client developer and authorization server operator. I call this the "OAuth for the Open Web" problem. Mastodon used Dynamic Client Registration as their solution, and has since documented some of the issues that this creates, linked here and here.

BlueSky decided to take a different approach and instead uses an https URL as a client identifier, bypassing the need for a client registration step entirely. This has the added bonus of having at least some level of confidence of the client identity because the client identity is hosted at a domain. It would be a perfectly viable approach to use this method for MCP as well. There is a discussion on that within MCP here. This is an ongoing topic within the OAuth working group, I have a couple of drafts in progress to formalize this pattern, Client ID Metadata Document and Client ID Scheme.

Enterprise IdP Integration

Lastly, I want to touch on the idea of enabling users to log in to MCP Servers with their enterprise IdP.

When an enterprise company purchases software, they expect to be able to tie it in to their single-sign-on solution. For example, when I log in to work Slack, I enter my work email and Slack redirects me to my work IdP where I log in. This way employees don't need to have passwords with every app they use in the enterprise, they can log in to everything with the same enterprise account, and all the apps can be protected with multi-factor authentication through the IdP. This also gives the company control over which users can access which apps, as well as a way to revoke a user's access at any time.

So how does this relate to MCP?

Well, plenty of people are already trying to figure out how to let their employees safely use AI tools within the enterprise. So we need a way to let employees use their enterprise IdP to log in and authorize MCP Clients to access MCP Servers.

If you're building an MCP Server in front of an existing application that already supports enterprise Single Sign-On, then you don't need to do anything differently in the MCP Client or Server and you already have support for this. When the MCP Client redirects to the MCP Authorization Server, the MCP Authorization Server redirects to the main Authorization Server, which would then prompt the user for their company email/domain and redirect to the enterprise IdP to log in.

This brings me to yet another thing I've been seeing conflated in the discussions: user login and user authorization.

OAuth is an authorization delegation protocol. OAuth doesn't actually say anything about how users authenticate at the OAuth server, it only talks about how the user can authorize access to an application. This is actually a really great thing, because it means we can get super creative with how users authenticate.

User logs in and authorizes

Remember the yellow box "User logs in and authorizes" from the original sequence diagram? These are actually two totally distinct steps. The OAuth authorization server is responsible for getting the user to log in somehow, but there's no requirement that how the user logs in is with a username/password. This is where we can insert a single-sign-on flow to an enterprise IdP, or really anything you can imagine.

So think of this as two separate boxes: "user logs in", and "user authorizes". Then, we can replace the "user logs in" box with an entirely new OpenID Connect flow out to the enterprise IdP to log the user in, and after they are logged in they can authorize the client.

User logs in with OIDC

I'll spare you the complete expanded sequence diagram, since it looks a lot more complicated than it actually is. But I again want to stress that this is nothing new, this is already how things are commonly done today.

This all just becomes cleaner to understand when you separate the MCP Authorization Server from the MCP Resource Server.

We can push all the complexity of user login, token minting, and more onto the MCP Authorization Server, keeping the MCP Resource Server free to do the much simpler task of validating access tokens and serving resources.

Future Improvements of Enterprise IdP Integration

There are two things I want to call out about how enterprise IdP integration could be improved. Both of these are entire topics on their own, so I will only touch on the problems and link out to other places where work is happening to solve them.

There are two points of friction with the current state of enterprise login for SaaS apps.

  • IdP discovery
  • User consent

IdP Discovery

When a user logs in to a SaaS app, they need to tell the app how to find their enterprise IdP. This is commonly done by either asking the user to enter their work email, or asking the user to enter their tenant URL at the service.

Sign in with SSO

Neither of these is really a great user experience. It would be a lot better if the browser already knew which enterprise IdP the user should be sent to. This is one of my goals with the work happening in FedCM. With this new browser API, the browser can mediate the login, telling the SaaS app which enterprise IdP to use automatically only needing the user to click their account icon rather than type anything in.

User Consent

Another point of friction in the enterprise happens when a user starts connecting multiple applications to each other within the company. For example, if you drop in a Google Docs link into Slack, Slack will prompt you to connect your Google account to preview the link. Multiply this by N number of applications that can preview links, and M number of applications you might drop links to, and you end up sending the user through a huge number of OAuth consent flows.

The problem is only made worse with the explosion of AI tools. Every AI tool will need access to data in every other application in the enterprise. That is a lot of OAuth consent flows for the user to manage. Plus, the user shouldn't really be the one granting consent for Slack to access the company Google Docs account anyway. That consent should ideally be managed by the enterprise IT admin.

What we actually need is a way to enable the IT admin to grant consent for apps to talk to each other company-wide, removing the need for users to be sent through an OAuth flow at all.

This is the basis of another OAuth spec I've been working on, the Identity Assertion Authorization Grant.

The same problem applies to MCP Servers, and with the separation of concerns laid out above, it becomes straightforward to add this extension to move the consent to the enterprise and streamline the user experience.

Get in touch!

If these sound like interesting problems, please get in touch! You can find me on LinkedIn or reach me via email at aaron@parecki.com.

2025-03-07T00:00:00+00:00 Fullscreen Open in Tab
Standards for ANSI escape codes

Hello! Today I want to talk about ANSI escape codes.

For a long time I was vaguely aware of ANSI escape codes (“that’s how you make text red in the terminal and stuff”) but I had no real understanding of where they were supposed to be defined or whether or not there were standards for them. I just had a kind of vague “there be dragons” feeling around them. While learning about the terminal this year, I’ve learned that:

  1. ANSI escape codes are responsible for a lot of usability improvements in the terminal (did you know there’s a way to copy to your system clipboard when SSHed into a remote machine?? It’s an escape code called OSC 52!)
  2. They aren’t completely standardized, and because of that they don’t always work reliably. And because they’re also invisible, it’s extremely frustrating to troubleshoot escape code issues.

So I wanted to put together a list for myself of some standards that exist around escape codes, because I want to know if they have to feel unreliable and frustrating, or if there’s a future where we could all rely on them with more confidence.

what’s an escape code?

Have you ever pressed the left arrow key in your terminal and seen ^[[D? That’s an escape code! It’s called an “escape code” because the first character is the “escape” character, which is usually written as ESC, \x1b, \E, \033, or ^[.

Escape codes are how your terminal emulator communicates various kinds of information (colours, mouse movement, etc) with programs running in the terminal. There are two kind of escape codes:

  1. input codes which your terminal emulator sends for keypresses or mouse movements that don’t fit into Unicode. For example “left arrow key” is ESC[D, “Ctrl+left arrow” might be ESC[1;5D, and clicking the mouse might be something like ESC[M :3.
  2. output codes which programs can print out to colour text, move the cursor around, clear the screen, hide the cursor, copy text to the clipboard, enable mouse reporting, set the window title, etc.

Now let’s talk about standards!

ECMA-48

The first standard I found relating to escape codes was ECMA-48, which was originally published in 1976.

ECMA-48 does two things:

  1. Define some general formats for escape codes (like “CSI” codes, which are ESC[ + something and “OSC” codes, which are ESC] + something)
  2. Define some specific escape codes, like how “move the cursor to the left” is ESC[D, or “turn text red” is ESC[31m. In the spec, the “cursor left” one is called CURSOR LEFT and the one for changing colours is called SELECT GRAPHIC RENDITION.

The formats are extensible, so there’s room for others to define more escape codes in the future. Lots of escape codes that are popular today aren’t defined in ECMA-48: for example it’s pretty common for terminal applications (like vim, htop, or tmux) to support using the mouse, but ECMA-48 doesn’t define escape codes for the mouse.

xterm control sequences

There are a bunch of escape codes that aren’t defined in ECMA-48, for example:

  • enabling mouse reporting (where did you click in your terminal?)
  • bracketed paste (did you paste that text or type it in?)
  • OSC 52 (which terminal applications can use to copy text to your system clipboard)

I believe (correct me if I’m wrong!) that these and some others came from xterm, are documented in XTerm Control Sequences, and have been widely implemented by other terminal emulators.

This list of “what xterm supports” is not a standard exactly, but xterm is extremely influential and so it seems like an important document.

terminfo

In the 80s (and to some extent today, but my understanding is that it was MUCH more dramatic in the 80s) there was a huge amount of variation in what escape codes terminals actually supported.

To deal with this, there’s a database of escape codes for various terminals called “terminfo”.

It looks like the standard for terminfo is called X/Open Curses, though you need to create an account to view that standard for some reason. It defines the database format as well as a C library interface (“curses”) for accessing the database.

For example you can run this bash snippet to see every possible escape code for “clear screen” for all of the different terminals your system knows about:

for term in $(toe -a | awk '{print $1}')
do
  echo $term
  infocmp -1 -T "$term" 2>/dev/null | grep 'clear=' | sed 's/clear=//g;s/,//g'
done

On my system (and probably every system I’ve ever used?), the terminfo database is managed by ncurses.

should programs use terminfo?

I think it’s interesting that there are two main approaches that applications take to handling ANSI escape codes:

  1. Use the terminfo database to figure out which escape codes to use, depending on what’s in the TERM environment variable. Fish does this, for example.
  2. Identify a “single common set” of escape codes which works in “enough” terminal emulators and just hardcode those.

Some examples of programs/libraries that take approach #2 (“don’t use terminfo”) include:

I got curious about why folks might be moving away from terminfo and I found this very interesting and extremely detailed rant about terminfo from one of the fish maintainers, which argues that:

[the terminfo authors] have done a lot of work that, at the time, was extremely important and helpful. My point is that it no longer is.

I’m not going to do it justice so I’m not going to summarize it, I think it’s worth reading.

is there a “single common set” of escape codes?

I was just talking about the idea that you can use a “common set” of escape codes that will work for most people. But what is that set? Is there any agreement?

I really do not know the answer to this at all, but from doing some reading it seems like it’s some combination of:

  • The codes that the VT100 supported (though some aren’t relevant on modern terminals)
  • what’s in ECMA-48 (which I think also has some things that are no longer relevant)
  • What xterm supports (though I’d guess that not everything in there is actually widely supported enough)

and maybe ultimately “identify the terminal emulators you think your users are going to use most frequently and test in those”, the same way web developers do when deciding which CSS features are okay to use

I don’t think there are any resources like Can I use…? or Baseline for the terminal though. (in theory terminfo is supposed to be the “caniuse” for the terminal but it seems like it often takes 10+ years to add new terminal features when people invent them which makes it very limited)

some reasons to use terminfo

I also asked on Mastodon why people found terminfo valuable in 2025 and got a few reasons that made sense to me:

  • some people expect to be able to use the TERM environment variable to control how programs behave (for example with TERM=dumb), and there’s no standard for how that should work in a post-terminfo world
  • even though there’s less variation between terminal emulators than there was in the 80s, there’s far from zero variation: there are graphical terminals, the Linux framebuffer console, the situation you’re in when connecting to a server via its serial console, Emacs shell mode, and probably more that I’m missing
  • there is no one standard for what the “single common set” of escape codes is, and sometimes programs use escape codes which aren’t actually widely supported enough

terminfo & user agent detection

The way that ncurses uses the TERM environment variable to decide which escape codes to use reminds me of how webservers used to sometimes use the browser user agent to decide which version of a website to serve.

It also seems like it’s had some of the same results – the way iTerm2 reports itself as being “xterm-256color” feels similar to how Safari’s user agent is “Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15”. In both cases the terminal emulator / browser ends up changing its user agent to get around user agent detection that isn’t working well.

On the web we ended up deciding that user agent detection was not a good practice and to instead focus on standardization so we can serve the same HTML/CSS to all browsers. I don’t know if the same approach is the future in the terminal though – I think the terminal landscape today is much more fragmented than the web ever was as well as being much less well funded.

some more documents/standards

A few more documents and standards related to escape codes, in no particular order:

why I think this is interesting

I sometimes see people saying that the unix terminal is “outdated”, and since I love the terminal so much I’m always curious about what incremental changes might make it feel less “outdated”.

Maybe if we had a clearer standards landscape (like we do on the web!) it would be easier for terminal emulator developers to build new features and for authors of terminal applications to more confidently adopt those features so that we can all benefit from them and have a richer experience in the terminal.

Obviously standardizing ANSI escape codes is not easy (ECMA-48 was first published almost 50 years ago and we’re still not there!). I don’t even know what all of the challenges are. But the situation with HTML/CSS/JS used to be extremely bad too and now it’s MUCH better, so maybe there’s hope.

2025-02-13T12:27:56+00:00 Fullscreen Open in Tab
How to add a directory to your PATH

I was talking to a friend about how to add a directory to your PATH today. It’s something that feels “obvious” to me since I’ve been using the terminal for a long time, but when I searched for instructions for how to do it, I actually couldn’t find something that explained all of the steps – a lot of them just said “add this to ~/.bashrc”, but what if you’re not using bash? What if your bash config is actually in a different file? And how are you supposed to figure out which directory to add anyway?

So I wanted to try to write down some more complete directions and mention some of the gotchas I’ve run into over the years.

Here’s a table of contents:

step 1: what shell are you using?

If you’re not sure what shell you’re using, here’s a way to find out. Run this:

ps -p $$ -o pid,comm=
  • if you’re using bash, it’ll print out 97295 bash
  • if you’re using zsh, it’ll print out 97295 zsh
  • if you’re using fish, it’ll print out an error like “In fish, please use $fish_pid” ($$ isn’t valid syntax in fish, but in any case the error message tells you that you’re using fish, which you probably already knew)

Also bash is the default on Linux and zsh is the default on Mac OS (as of 2024). I’ll only cover bash, zsh, and fish in these directions.

step 2: find your shell’s config file

  • in zsh, it’s probably ~/.zshrc
  • in bash, it might be ~/.bashrc, but it’s complicated, see the note in the next section
  • in fish, it’s probably ~/.config/fish/config.fish (you can run echo $__fish_config_dir if you want to be 100% sure)

a note on bash’s config file

Bash has three possible config files: ~/.bashrc, ~/.bash_profile, and ~/.profile.

If you’re not sure which one your system is set up to use, I’d recommend testing this way:

  1. add echo hi there to your ~/.bashrc
  2. Restart your terminal
  3. If you see “hi there”, that means ~/.bashrc is being used! Hooray!
  4. Otherwise remove it and try the same thing with ~/.bash_profile
  5. You can also try ~/.profile if the first two options don’t work.

(there are a lot of elaborate flow charts out there that explain how bash decides which config file to use but IMO it’s not worth it to internalize them and just testing is the fastest way to be sure)

step 3: figure out which directory to add

Let’s say that you’re trying to install and run a program called http-server and it doesn’t work, like this:

$ npm install -g http-server
$ http-server
bash: http-server: command not found

How do you find what directory http-server is in? Honestly in general this is not that easy – often the answer is something like “it depends on how npm is configured”. A few ideas:

  • Often when setting up a new installer (like cargo, npm, homebrew, etc), when you first set it up it’ll print out some directions about how to update your PATH. So if you’re paying attention you can get the directions then.
  • Sometimes installers will automatically update your shell’s config file to update your PATH for you
  • Sometimes just Googling “where does npm install things?” will turn up the answer
  • Some tools have a subcommand that tells you where they’re configured to install things, like:
    • Node/npm: npm config get prefix (then append /bin/)
    • Go: go env GOPATH (then append /bin/)
    • asdf: asdf info | grep ASDF_DIR (then append /bin/ and /shims/)

step 3.1: double check it’s the right directory

Once you’ve found a directory you think might be the right one, make sure it’s actually correct! For example, I found out that on my machine, http-server is in ~/.npm-global/bin. I can make sure that it’s the right directory by trying to run the program http-server in that directory like this:

$ ~/.npm-global/bin/http-server
Starting up http-server, serving ./public

It worked! Now that you know what directory you need to add to your PATH, let’s move to the next step!

step 4: edit your shell config

Now we have the 2 critical pieces of information we need:

  1. Which directory you’re trying to add to your PATH (like ~/.npm-global/bin/)
  2. Where your shell’s config is (like ~/.bashrc, ~/.zshrc, or ~/.config/fish/config.fish)

Now what you need to add depends on your shell:

bash instructions:

Open your shell’s config file, and add a line like this:

export PATH=$PATH:~/.npm-global/bin/

(obviously replace ~/.npm-global/bin with the actual directory you’re trying to add)

zsh instructions:

You can do the same thing as in bash, but zsh also has some slightly fancier syntax you can use if you prefer:

path=(
  $path
  ~/.npm-global/bin
)

fish instructions:

In fish, the syntax is different:

set PATH $PATH ~/.npm-global/bin

(in fish you can also use fish_add_path, some notes on that further down)

step 5: restart your shell

Now, an extremely important step: updating your shell’s config won’t take effect if you don’t restart it!

Two ways to do this:

  1. open a new terminal (or terminal tab), and maybe close the old one so you don’t get confused
  2. Run bash to start a new shell (or zsh if you’re using zsh, or fish if you’re using fish)

I’ve found that both of these usually work fine.

And you should be done! Try running the program you were trying to run and hopefully it works now.

If not, here are a couple of problems that you might run into:

problem 1: it ran the wrong program

If the wrong version of a program is running, you might need to add the directory to the beginning of your PATH instead of the end.

For example, on my system I have two versions of python3 installed, which I can see by running which -a:

$ which -a python3
/usr/bin/python3
/opt/homebrew/bin/python3

The one your shell will use is the first one listed.

If you want to use the Homebrew version, you need to add that directory (/opt/homebrew/bin) to the beginning of your PATH instead, by putting this in your shell’s config file (it’s /opt/homebrew/bin/:$PATH instead of the usual $PATH:/opt/homebrew/bin/)

export PATH=/opt/homebrew/bin/:$PATH

or in fish:

set PATH ~/.cargo/bin $PATH

problem 2: the program isn’t being run from your shell

All of these directions only work if you’re running the program from your shell. If you’re running the program from an IDE, from a GUI, in a cron job, or some other way, you’ll need to add the directory to your PATH in a different way, and the exact details might depend on the situation.

in a cron job

Some options:

  • use the full path to the program you’re running, like /home/bork/bin/my-program
  • put the full PATH you want as the first line of your crontab (something like PATH=/bin:/usr/bin:/usr/local/bin:….). You can get the full PATH you’re using in your shell by running echo "PATH=$PATH".

I’m honestly not sure how to handle it in an IDE/GUI because I haven’t run into that in a long time, will add directions here if someone points me in the right direction.

problem 3: duplicate PATH entries making it harder to debug

If you edit your path and start a new shell by running bash (or zsh, or fish), you’ll often end up with duplicate PATH entries, because the shell keeps adding new things to your PATH every time you start your shell.

Personally I don’t think I’ve run into a situation where this kind of duplication breaks anything, but the duplicates can make it harder to debug what’s going on with your PATH if you’re trying to understand its contents.

Some ways you could deal with this:

  1. If you’re debugging your PATH, open a new terminal to do it in so you get a “fresh” state. This should avoid the duplication.
  2. Deduplicate your PATH at the end of your shell’s config (for example in zsh apparently you can do this with typeset -U path)
  3. Check that the directory isn’t already in your PATH when adding it (for example in fish I believe you can do this with fish_add_path --path /some/directory)

How to deduplicate your PATH is shell-specific and there isn’t always a built in way to do it so you’ll need to look up how to accomplish it in your shell.

problem 4: losing your history after updating your PATH

Here’s a situation that’s easy to get into in bash or zsh:

  1. Run a command (it fails)
  2. Update your PATH
  3. Run bash to reload your config
  4. Press the up arrow a couple of times to rerun the failed command (or open a new terminal)
  5. The failed command isn’t in your history! Why not?

This happens because in bash, by default, history is not saved until you exit the shell.

Some options for fixing this:

  • Instead of running bash to reload your config, run source ~/.bashrc (or source ~/.zshrc in zsh). This will reload the config inside your current session.
  • Configure your shell to continuously save your history instead of only saving the history when the shell exits. (How to do this depends on whether you’re using bash or zsh, the history options in zsh are a bit complicated and I’m not exactly sure what the best way is)

a note on source

When you install cargo (Rust’s installer) for the first time, it gives you these instructions for how to set up your PATH, which don’t mention a specific directory at all.

This is usually done by running one of the following (note the leading DOT):

. "$HOME/.cargo/env"        	# For sh/bash/zsh/ash/dash/pdksh
source "$HOME/.cargo/env.fish"  # For fish

The idea is that you add that line to your shell’s config, and their script automatically sets up your PATH (and potentially other things) for you.

This is pretty common (for example Homebrew suggests you eval brew shellenv), and there are two ways to approach this:

  1. Just do what the tool suggests (like adding . "$HOME/.cargo/env" to your shell’s config)
  2. Figure out which directories the script they’re telling you to run would add to your PATH, and then add those manually. Here’s how I’d do that:
    • Run . "$HOME/.cargo/env" in my shell (or the fish version if using fish)
    • Run echo "$PATH" | tr ':' '\n' | grep cargo to figure out which directories it added
    • See that it says /Users/bork/.cargo/bin and shorten that to ~/.cargo/bin
    • Add the directory ~/.cargo/bin to PATH (with the directions in this post)

I don’t think there’s anything wrong with doing what the tool suggests (it might be the “best way”!), but personally I usually use the second approach because I prefer knowing exactly what configuration I’m changing.

a note on fish_add_path

fish has a handy function called fish_add_path that you can run to add a directory to your PATH like this:

fish_add_path /some/directory

This is cool (it’s such a simple command!) but I’ve stopped using it for a couple of reasons:

  1. Sometimes fish_add_path will update the PATH for every session in the future (with a “universal variable”) and sometimes it will update the PATH just for the current session and it’s hard for me to tell which one it will do. In theory the docs explain this but I could not understand them.
  2. If you ever need to remove the directory from your PATH a few weeks or months later because maybe you made a mistake, it’s kind of hard to do (there are instructions in this comments of this github issue though).

that’s all

Hopefully this will help some people. Let me know (on Mastodon or Bluesky) if you there are other major gotchas that have tripped you up when adding a directory to your PATH, or if you have questions about this post!

2025-02-05T16:57:00+00:00 Fullscreen Open in Tab
Some terminal frustrations

A few weeks ago I ran a terminal survey (you can read the results here) and at the end I asked:

What’s the most frustrating thing about using the terminal for you?

1600 people answered, and I decided to spend a few days categorizing all the responses. Along the way I learned that classifying qualitative data is not easy but I gave it my best shot. I ended up building a custom tool to make it faster to categorize everything.

As with all of my surveys the methodology isn’t particularly scientific. I just posted the survey to Mastodon and Twitter, ran it for a couple of days, and got answers from whoever happened to see it and felt like responding.

Here are the top categories of frustrations!

I think it’s worth keeping in mind while reading these comments that

  • 40% of people answering this survey have been using the terminal for 21+ years
  • 95% of people answering the survey have been using the terminal for at least 4 years

These comments aren’t coming from total beginners.

Here are the categories of frustrations! The number in brackets is the number of people with that frustration. I’m mostly writing this up for myself because I’m trying to write a zine about the terminal and I wanted to get a sense for what people are having trouble with.

remembering syntax (115)

People talked about struggles remembering:

  • the syntax for CLI tools like awk, jq, sed, etc
  • the syntax for redirects
  • keyboard shortcuts for tmux, text editing, etc

One example comment:

There are just so many little “trivia” details to remember for full functionality. Even after all these years I’ll sometimes forget where it’s 2 or 1 for stderr, or forget which is which for > and >>.

switching terminals is hard (91)

People talked about struggling with switching systems (for example home/work computer or when SSHing) and running into:

  • OS differences in keyboard shortcuts (like Linux vs Mac)
  • systems which don’t have their preferred text editor (“no vim” or “only vim”)
  • different versions of the same command (like Mac OS grep vs GNU grep)
  • no tab completion
  • a shell they aren’t used to (“the subtle differences between zsh and bash”)

as well as differences inside the same system like pagers being not consistent with each other (git diff pagers, other pagers).

One example comment:

I got used to fish and vi mode which are not available when I ssh into servers, containers.

color (85)

Lots of problems with color, like:

  • programs setting colors that are unreadable with a light background color
  • finding a colorscheme they like (and getting it to work consistently across different apps)
  • color not working inside several layers of SSH/tmux/etc
  • not liking the defaults
  • not wanting color at all and struggling to turn it off

This comment felt relatable to me:

Getting my terminal theme configured in a reasonable way between the terminal emulator and fish (I did this years ago and remember it being tedious and fiddly and now feel like I’m locked into my current theme because it works and I dread touching any of that configuration ever again).

keyboard shortcuts (84)

Half of the comments on keyboard shortcuts were about how on Linux/Windows, the keyboard shortcut to copy/paste in the terminal is different from in the rest of the OS.

Some other issues with keyboard shortcuts other than copy/paste:

  • using Ctrl-W in a browser-based terminal and closing the window
  • the terminal only supports a limited set of keyboard shortcuts (no Ctrl-Shift-, no Super, no Hyper, lots of ctrl- shortcuts aren’t possible like Ctrl-,)
  • the OS stopping you from using a terminal keyboard shortcut (like by default Mac OS uses Ctrl+left arrow for something else)
  • issues using emacs in the terminal
  • backspace not working (2)

other copy and paste issues (75)

Aside from “the keyboard shortcut for copy and paste is different”, there were a lot of OTHER issues with copy and paste, like:

  • copying over SSH
  • how tmux and the terminal emulator both do copy/paste in different ways
  • dealing with many different clipboards (system clipboard, vim clipboard, the “middle click” clipboard on Linux, tmux’s clipboard, etc) and potentially synchronizing them
  • random spaces added when copying from the terminal
  • pasting multiline commands which automatically get run in a terrifying way
  • wanting a way to copy text without using the mouse

discoverability (55)

There were lots of comments about this, which all came down to the same basic complaint – it’s hard to discover useful tools or features! This comment kind of summed it all up:

How difficult it is to learn independently. Most of what I know is an assorted collection of stuff I’ve been told by random people over the years.

steep learning curve (44)

A lot of comments about it generally having a steep learning curve. A couple of example comments:

After 15 years of using it, I’m not much faster than using it than I was 5 or maybe even 10 years ago.

and

That I know I could make my life easier by learning more about the shortcuts and commands and configuring the terminal but I don’t spend the time because it feels overwhelming.

history (42)

Some issues with shell history:

  • history not being shared between terminal tabs (16)
  • limits that are too short (4)
  • history not being restored when terminal tabs are restored
  • losing history because the terminal crashed
  • not knowing how to search history

One example comment:

It wasted a lot of time until I figured it out and still annoys me that “history” on zsh has such a small buffer; I have to type “history 0” to get any useful length of history.

bad documentation (37)

People talked about:

  • documentation being generally opaque
  • lack of examples in man pages
  • programs which don’t have man pages

Here’s a representative comment:

Finding good examples and docs. Man pages often not enough, have to wade through stack overflow

scrollback (36)

A few issues with scrollback:

  • programs printing out too much data making you lose scrollback history
  • resizing the terminal messes up the scrollback
  • lack of timestamps
  • GUI programs that you start in the background printing stuff out that gets in the way of other programs’ outputs

One example comment:

When resizing the terminal (in particular: making it narrower) leads to broken rewrapping of the scrollback content because the commands formatted their output based on the terminal window width.

“it feels outdated” (33)

Lots of comments about how the terminal feels hampered by legacy decisions and how users often end up needing to learn implementation details that feel very esoteric. One example comment:

Most of the legacy cruft, it would be great to have a green field implementation of the CLI interface.

shell scripting (32)

Lots of complaints about POSIX shell scripting. There’s a general feeling that shell scripting is difficult but also that switching to a different less standard scripting language (fish, nushell, etc) brings its own problems.

Shell scripting. My tolerance to ditch a shell script and go to a scripting language is pretty low. It’s just too messy and powerful. Screwing up can be costly so I don’t even bother.

more issues

Some more issues that were mentioned at least 10 times:

  • (31) inconsistent command line arguments: is it -h or help or –help?
  • (24) keeping dotfiles in sync across different systems
  • (23) performance (e.g. “my shell takes too long to start”)
  • (20) window management (potentially with some combination of tmux tabs, terminal tabs, and multiple terminal windows. Where did that shell session go?)
  • (17) generally feeling scared/uneasy (“The debilitating fear that I’m going to do some mysterious Bad Thing with a command and I will have absolutely no idea how to fix or undo it or even really figure out what happened”)
  • (16) terminfo issues (“Having to learn about terminfo if/when I try a new terminal emulator and ssh elsewhere.”)
  • (16) lack of image support (sixel etc)
  • (15) SSH issues (like having to start over when you lose the SSH connection)
  • (15) various tmux/screen issues (for example lack of integration between tmux and the terminal emulator)
  • (15) typos & slow typing
  • (13) the terminal getting messed up for various reasons (pressing Ctrl-S, cating a binary, etc)
  • (12) quoting/escaping in the shell
  • (11) various Windows/PowerShell issues

n/a (122)

There were also 122 answers to the effect of “nothing really” or “only that I can’t do EVERYTHING in the terminal”

One example comment:

Think I’ve found work arounds for most/all frustrations

that’s all!

I’m not going to make a lot of commentary on these results, but here are a couple of categories that feel related to me:

  • remembering syntax & history (often the thing you need to remember is something you’ve run before!)
  • discoverability & the learning curve (the lack of discoverability is definitely a big part of what makes it hard to learn)
  • “switching systems is hard” & “it feels outdated” (tools that haven’t really changed in 30 or 40 years have many problems but they do tend to be always there no matter what system you’re on, which is very useful and makes them hard to stop using)

Trying to categorize all these results in a reasonable way really gave me an appreciation for social science researchers’ skills.

2025-01-11T09:46:01+00:00 Fullscreen Open in Tab
What's involved in getting a "modern" terminal setup?

Hello! Recently I ran a terminal survey and I asked people what frustrated them. One person commented:

There are so many pieces to having a modern terminal experience. I wish it all came out of the box.

My immediate reaction was “oh, getting a modern terminal experience isn’t that hard, you just need to….”, but the more I thought about it, the longer the “you just need to…” list got, and I kept thinking about more and more caveats.

So I thought I would write down some notes about what it means to me personally to have a “modern” terminal experience and what I think can make it hard for people to get there.

what is a “modern terminal experience”?

Here are a few things that are important to me, with which part of the system is responsible for them:

  • multiline support for copy and paste: if you paste 3 commands in your shell, it should not immediately run them all! That’s scary! (shell, terminal emulator)
  • infinite shell history: if I run a command in my shell, it should be saved forever, not deleted after 500 history entries or whatever. Also I want commands to be saved to the history immediately when I run them, not only when I exit the shell session (shell)
  • a useful prompt: I can’t live without having my current directory and current git branch in my prompt (shell)
  • 24-bit colour: this is important to me because I find it MUCH easier to theme neovim with 24-bit colour support than in a terminal with only 256 colours (terminal emulator)
  • clipboard integration between vim and my operating system so that when I copy in Firefox, I can just press p in vim to paste (text editor, maybe the OS/terminal emulator too)
  • good autocomplete: for example commands like git should have command-specific autocomplete (shell)
  • having colours in ls (shell config)
  • a terminal theme I like: I spend a lot of time in my terminal, I want it to look nice and I want its theme to match my terminal editor’s theme. (terminal emulator, text editor)
  • automatic terminal fixing: If a programs prints out some weird escape codes that mess up my terminal, I want that to automatically get reset so that my terminal doesn’t get messed up (shell)
  • keybindings: I want Ctrl+left arrow to work (shell or application)
  • being able to use the scroll wheel in programs like less: (terminal emulator and applications)

There are a million other terminal conveniences out there and different people value different things, but those are the ones that I would be really unhappy without.

how I achieve a “modern experience”

My basic approach is:

  1. use the fish shell. Mostly don’t configure it, except to:
    • set the EDITOR environment variable to my favourite terminal editor
    • alias ls to ls --color=auto
  2. use any terminal emulator with 24-bit colour support. In the past I’ve used GNOME Terminal, Terminator, and iTerm, but I’m not picky about this. I don’t really configure it other than to choose a font.
  3. use neovim, with a configuration that I’ve been very slowly building over the last 9 years or so (the last time I deleted my vim config and started from scratch was 9 years ago)
  4. use the base16 framework to theme everything

A few things that affect my approach:

  • I don’t spend a lot of time SSHed into other machines
  • I’d rather use the mouse a little than come up with keyboard-based ways to do everything
  • I work on a lot of small projects, not one big project

some “out of the box” options for a “modern” experience

What if you want a nice experience, but don’t want to spend a lot of time on configuration? Figuring out how to configure vim in a way that I was satisfied with really did take me like ten years, which is a long time!

My best ideas for how to get a reasonable terminal experience with minimal config are:

  • shell: either fish or zsh with oh-my-zsh
  • terminal emulator: almost anything with 24-bit colour support, for example all of these are popular:
    • linux: GNOME Terminal, Konsole, Terminator, xfce4-terminal
    • mac: iTerm (Terminal.app doesn’t have 256-colour support)
    • cross-platform: kitty, alacritty, wezterm, or ghostty
  • shell config:
    • set the EDITOR environment variable to your favourite terminal text editor
    • maybe alias ls to ls --color=auto
  • text editor: this is a tough one, maybe micro or helix? I haven’t used either of them seriously but they both seem like very cool projects and I think it’s amazing that you can just use all the usual GUI editor commands (Ctrl-C to copy, Ctrl-V to paste, Ctrl-A to select all) in micro and they do what you’d expect. I would probably try switching to helix except that retraining my vim muscle memory seems way too hard. Also helix doesn’t have a GUI or plugin system yet.

Personally I wouldn’t use xterm, rxvt, or Terminal.app as a terminal emulator, because I’ve found in the past that they’re missing core features (like 24-bit colour in Terminal.app’s case) that make the terminal harder to use for me.

I don’t want to pretend that getting a “modern” terminal experience is easier than it is though – I think there are two issues that make it hard. Let’s talk about them!

issue 1 with getting to a “modern” experience: the shell

bash and zsh are by far the two most popular shells, and neither of them provide a default experience that I would be happy using out of the box, for example:

  • you need to customize your prompt
  • they don’t come with git completions by default, you have to set them up
  • by default, bash only stores 500 (!) lines of history and (at least on Mac OS) zsh is only configured to store 2000 lines, which is still not a lot
  • I find bash’s tab completion very frustrating, if there’s more than one match then you can’t tab through them

And even though I love fish, the fact that it isn’t POSIX does make it hard for a lot of folks to make the switch.

Of course it’s totally possible to learn how to customize your prompt in bash or whatever, and it doesn’t even need to be that complicated (in bash I’d probably start with something like export PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ ', or maybe use starship). But each of these “not complicated” things really does add up and it’s especially tough if you need to keep your config in sync across several systems.

An extremely popular solution to getting a “modern” shell experience is oh-my-zsh. It seems like a great project and I know a lot of people use it very happily, but I’ve struggled with configuration systems like that in the past – it looks like right now the base oh-my-zsh adds about 3000 lines of config, and often I find that having an extra configuration system makes it harder to debug what’s happening when things go wrong. I personally have a tendency to use the system to add a lot of extra plugins, make my system slow, get frustrated that it’s slow, and then delete it completely and write a new config from scratch.

issue 2 with getting to a “modern” experience: the text editor

In the terminal survey I ran recently, the most popular terminal text editors by far were vim, emacs, and nano.

I think the main options for terminal text editors are:

  • use vim or emacs and configure it to your liking, you can probably have any feature you want if you put in the work
  • use nano and accept that you’re going to have a pretty limited experience (for example I don’t think you can select text with the mouse and then “cut” it in nano)
  • use micro or helix which seem to offer a pretty good out-of-the-box experience, potentially occasionally run into issues with using a less mainstream text editor
  • just avoid using a terminal text editor as much as possible, maybe use VSCode, use VSCode’s terminal for all your terminal needs, and mostly never edit files in the terminal. Or I know a lot of people use code as their EDITOR in the terminal.

issue 3: individual applications

The last issue is that sometimes individual programs that I use are kind of annoying. For example on my Mac OS machine, /usr/bin/sqlite3 doesn’t support the Ctrl+Left Arrow keyboard shortcut. Fixing this to get a reasonable terminal experience in SQLite was a little complicated, I had to:

  • realize why this is happening (Mac OS won’t ship GNU tools, and “Ctrl-Left arrow” support comes from GNU readline)
  • find a workaround (install sqlite from homebrew, which does have readline support)
  • adjust my environment (put Homebrew’s sqlite3 in my PATH)

I find that debugging application-specific issues like this is really not easy and often it doesn’t feel “worth it” – often I’ll end up just dealing with various minor inconveniences because I don’t want to spend hours investigating them. The only reason I was even able to figure this one out at all is that I’ve been spending a huge amount of time thinking about the terminal recently.

A big part of having a “modern” experience using terminal programs is just using newer terminal programs, for example I can’t be bothered to learn a keyboard shortcut to sort the columns in top, but in htop I can just click on a column heading with my mouse to sort it. So I use htop instead! But discovering new more “modern” command line tools isn’t easy (though I made a list here), finding ones that I actually like using in practice takes time, and if you’re SSHed into another machine, they won’t always be there.

everything affects everything else

Something I find tricky about configuring my terminal to make everything “nice” is that changing one seemingly small thing about my workflow can really affect everything else. For example right now I don’t use tmux. But if I needed to use tmux again (for example because I was doing a lot of work SSHed into another machine), I’d need to think about a few things, like:

  • if I wanted tmux’s copy to synchronize with my system clipboard over SSH, I’d need to make sure that my terminal emulator has OSC 52 support
  • if I wanted to use iTerm’s tmux integration (which makes tmux tabs into iTerm tabs), I’d need to change how I configure colours – right now I set them with a shell script that I run when my shell starts, but that means the colours get lost when restoring a tmux session.

and probably more things I haven’t thought of. “Using tmux means that I have to change how I manage my colours” sounds unlikely, but that really did happen to me and I decided “well, I don’t want to change how I manage colours right now, so I guess I’m not using that feature!”.

It’s also hard to remember which features I’m relying on – for example maybe my current terminal does have OSC 52 support and because copying from tmux over SSH has always Just Worked I don’t even realize that that’s something I need, and then it mysteriously stops working when I switch terminals.

change things slowly

Personally even though I think my setup is not that complicated, it’s taken me 20 years to get to this point! Because terminal config changes are so likely to have unexpected and hard-to-understand consequences, I’ve found that if I change a lot of terminal configuration all at once it makes it much harder to understand what went wrong if there’s a problem, which can be really disorienting.

So I usually prefer to make pretty small changes, and accept that changes can might take me a REALLY long time to get used to. For example I switched from using ls to eza a year or two ago and while I like it (because eza -l prints human-readable file sizes by default) I’m still not quite sure about it. But also sometimes it’s worth it to make a big change, like I made the switch to fish (from bash) 10 years ago and I’m very happy I did.

getting a “modern” terminal is not that easy

Trying to explain how “easy” it is to configure your terminal really just made me think that it’s kind of hard and that I still sometimes get confused.

I’ve found that there’s never one perfect way to configure things in the terminal that will be compatible with every single other thing. I just need to try stuff, figure out some kind of locally stable state that works for me, and accept that if I start using a new tool it might disrupt the system and I might need to rethink things.

2024-12-12T09:28:22+00:00 Fullscreen Open in Tab
"Rules" that terminal programs follow

Recently I’ve been thinking about how everything that happens in the terminal is some combination of:

  1. Your operating system’s job
  2. Your shell’s job
  3. Your terminal emulator’s job
  4. The job of whatever program you happen to be running (like top or vim or cat)

The first three (your operating system, shell, and terminal emulator) are all kind of known quantities – if you’re using bash in GNOME Terminal on Linux, you can more or less reason about how how all of those things interact, and some of their behaviour is standardized by POSIX.

But the fourth one (“whatever program you happen to be running”) feels like it could do ANYTHING. How are you supposed to know how a program is going to behave?

This post is kind of long so here’s a quick table of contents:

programs behave surprisingly consistently

As far as I know, there are no real standards for how programs in the terminal should behave – the closest things I know of are:

  • POSIX, which mostly dictates how your terminal emulator / OS / shell should work together. I think it does specify a few things about how core utilities like cp should work but AFAIK it doesn’t have anything to say about how for example htop should behave.
  • these command line interface guidelines

But even though there are no standards, in my experience programs in the terminal behave in a pretty consistent way. So I wanted to write down a list of “rules” that in my experience programs mostly follow.

these are meant to be descriptive, not prescriptive

My goal here isn’t to convince authors of terminal programs that they should follow any of these rules. There are lots of exceptions to these and often there’s a good reason for those exceptions.

But it’s very useful for me to know what behaviour to expect from a random new terminal program that I’m using. Instead of “uh, programs could do literally anything”, it’s “ok, here are the basic rules I expect, and then I can keep a short mental list of exceptions”.

So I’m just writing down what I’ve observed about how programs behave in my 20 years of using the terminal, why I think they behave that way, and some examples of cases where that rule is “broken”.

it’s not always obvious which “rules” are the program’s responsibility to implement

There are a bunch of common conventions that I think are pretty clearly the program’s responsibility to implement, like:

  • config files should go in ~/.BLAHrc or ~/.config/BLAH/FILE or /etc/BLAH/ or something
  • --help should print help text
  • programs should print “regular” output to stdout and errors to stderr

But in this post I’m going to focus on things that it’s not 100% obvious are the program’s responsibility. For example it feels to me like a “law of nature” that pressing Ctrl-D should quit a REPL, but programs often need to explicitly implement support for it – even though cat doesn’t need to implement Ctrl-D support, ipython does. (more about that in “rule 3” below)

Understanding which things are the program’s responsibility makes it much less surprising when different programs’ implementations are slightly different.

rule 1: noninteractive programs should quit when you press Ctrl-C

The main reason for this rule is that noninteractive programs will quit by default on Ctrl-C if they don’t set up a SIGINT signal handler, so this is kind of a “you should act like the default” rule.

Something that trips a lot of people up is that this doesn’t apply to interactive programs like python3 or bc or less. This is because in an interactive program, Ctrl-C has a different job – if the program is running an operation (like for example a search in less or some Python code in python3), then Ctrl-C will interrupt that operation but not stop the program.

As an example of how this works in an interactive program: here’s the code in prompt-toolkit (the library that iPython uses for handling input) that aborts a search when you press Ctrl-C.

rule 2: TUIs should quit when you press q

TUI programs (like less or htop) will usually quit when you press q.

This rule doesn’t apply to any program where pressing q to quit wouldn’t make sense, like tmux or text editors.

rule 3: REPLs should quit when you press Ctrl-D on an empty line

REPLs (like python3 or ed) will usually quit when you press Ctrl-D on an empty line. This rule is similar to the Ctrl-C rule – the reason for this is that by default if you’re running a program (like cat) in “cooked mode”, then the operating system will return an EOF when you press Ctrl-D on an empty line.

Most of the REPLs I use (sqlite3, python3, fish, bash, etc) don’t actually use cooked mode, but they all implement this keyboard shortcut anyway to mimic the default behaviour.

For example, here’s the code in prompt-toolkit that quits when you press Ctrl-D, and here’s the same code in readline.

I actually thought that this one was a “Law of Terminal Physics” until very recently because I’ve basically never seen it broken, but you can see that it’s just something that each individual input library has to implement in the links above.

Someone pointed out that the Erlang REPL does not quit when you press Ctrl-D, so I guess not every REPL follows this “rule”.

rule 4: don’t use more than 16 colours

Terminal programs rarely use colours other than the base 16 ANSI colours. This is because if you specify colours with a hex code, it’s very likely to clash with some users’ background colour. For example if I print out some text as #EEEEEE, it would be almost invisible on a white background, though it would look fine on a dark background.

But if you stick to the default 16 base colours, you have a much better chance that the user has configured those colours in their terminal emulator so that they work reasonably well with their background color. Another reason to stick to the default base 16 colours is that it makes less assumptions about what colours the terminal emulator supports.

The only programs I usually see breaking this “rule” are text editors, for example Helix by default will use a purple background which is not a default ANSI colour. It seems fine for Helix to break this rule since Helix isn’t a “core” program and I assume any Helix user who doesn’t like that colorscheme will just change the theme.

rule 5: vaguely support readline keybindings

Almost every program I use supports readline keybindings if it would make sense to do so. For example, here are a bunch of different programs and a link to where they define Ctrl-E to go to the end of the line:

None of those programs actually uses readline directly, they just sort of mimic emacs/readline keybindings. They don’t always mimic them exactly: for example atuin seems to use Ctrl-A as a prefix, so Ctrl-A doesn’t go to the beginning of the line.

Also all of these programs seem to implement their own internal cut and paste buffers so you can delete a line with Ctrl-U and then paste it with Ctrl-Y.

The exceptions to this are:

  • some programs (like git, cat, and nc) don’t have any line editing support at all (except for backspace, Ctrl-W, and Ctrl-U)
  • as usual text editors are an exception, every text editor has its own approach to editing text

I wrote more about this “what keybindings does a program support?” question in entering text in the terminal is complicated.

rule 5.1: Ctrl-W should delete the last word

I’ve never seen a program (other than a text editor) where Ctrl-W doesn’t delete the last word. This is similar to the Ctrl-C rule – by default if a program is in “cooked mode”, the OS will delete the last word if you press Ctrl-W, and delete the whole line if you press Ctrl-U. So usually programs will imitate that behaviour.

I can’t think of any exceptions to this other than text editors but if there are I’d love to hear about them!

rule 6: disable colours when writing to a pipe

Most programs will disable colours when writing to a pipe. For example:

  • rg blah will highlight all occurrences of blah in the output, but if the output is to a pipe or a file, it’ll turn off the highlighting.
  • ls --color=auto will use colour when writing to a terminal, but not when writing to a pipe

Both of those programs will also format their output differently when writing to the terminal: ls will organize files into columns, and ripgrep will group matches with headings.

If you want to force the program to use colour (for example because you want to look at the colour), you can use unbuffer to force the program’s output to be a tty like this:

unbuffer rg blah |  less -R

I’m sure that there are some programs that “break” this rule but I can’t think of any examples right now. Some programs have an --color flag that you can use to force colour to be on, in the example above you could also do rg --color=always | less -R.

rule 7: - means stdin/stdout

Usually if you pass - to a program instead of a filename, it’ll read from stdin or write to stdout (whichever is appropriate). For example, if you want to format the Python code that’s on your clipboard with black and then copy it, you could run:

pbpaste | black - | pbcopy

(pbpaste is a Mac program, you can do something similar on Linux with xclip)

My impression is that most programs implement this if it would make sense and I can’t think of any exceptions right now, but I’m sure there are many exceptions.

these “rules” take a long time to learn

These rules took me a long time for me to learn because I had to:

  1. learn that the rule applied anywhere at all ("Ctrl-C will exit programs")
  2. notice some exceptions (“okay, Ctrl-C will exit find but not less”)
  3. subconsciously figure out what the pattern is ("Ctrl-C will generally quit noninteractive programs, but in interactive programs it might interrupt the current operation instead of quitting the program")
  4. eventually maybe formulate it into an explicit rule that I know

A lot of my understanding of the terminal is honestly still in the “subconscious pattern recognition” stage. The only reason I’ve been taking the time to make things explicit at all is because I’ve been trying to explain how it works to others. Hopefully writing down these “rules” explicitly will make learning some of this stuff a little bit faster for others.

2024-11-29T08:23:31+00:00 Fullscreen Open in Tab
Why pipes sometimes get "stuck": buffering

Here’s a niche terminal problem that has bothered me for years but that I never really understood until a few weeks ago. Let’s say you’re running this command to watch for some specific output in a log file:

tail -f /some/log/file | grep thing1 | grep thing2

If log lines are being added to the file relatively slowly, the result I’d see is… nothing! It doesn’t matter if there were matches in the log file or not, there just wouldn’t be any output.

I internalized this as “uh, I guess pipes just get stuck sometimes and don’t show me the output, that’s weird”, and I’d handle it by just running grep thing1 /some/log/file | grep thing2 instead, which would work.

So as I’ve been doing a terminal deep dive over the last few months I was really excited to finally learn exactly why this happens.

why this happens: buffering

The reason why “pipes get stuck” sometimes is that it’s VERY common for programs to buffer their output before writing it to a pipe or file. So the pipe is working fine, the problem is that the program never even wrote the data to the pipe!

This is for performance reasons: writing all output immediately as soon as you can uses more system calls, so it’s more efficient to save up data until you have 8KB or so of data to write (or until the program exits) and THEN write it to the pipe.

In this example:

tail -f /some/log/file | grep thing1 | grep thing2

the problem is that grep thing1 is saving up all of its matches until it has 8KB of data to write, which might literally never happen.

programs don’t buffer when writing to a terminal

Part of why I found this so disorienting is that tail -f file | grep thing will work totally fine, but then when you add the second grep, it stops working!! The reason for this is that the way grep handles buffering depends on whether it’s writing to a terminal or not.

Here’s how grep (and many other programs) decides to buffer its output:

  • Check if stdout is a terminal or not using the isatty function
    • If it’s a terminal, use line buffering (print every line immediately as soon as you have it)
    • Otherwise, use “block buffering” – only print data if you have at least 8KB or so of data to print

So if grep is writing directly to your terminal then you’ll see the line as soon as it’s printed, but if it’s writing to a pipe, you won’t.

Of course the buffer size isn’t always 8KB for every program, it depends on the implementation. For grep the buffering is handled by libc, and libc’s buffer size is defined in the BUFSIZ variable. Here’s where that’s defined in glibc.

(as an aside: “programs do not use 8KB output buffers when writing to a terminal” isn’t, like, a law of terminal physics, a program COULD use an 8KB buffer when writing output to a terminal if it wanted, it would just be extremely weird if it did that, I can’t think of any program that behaves that way)

commands that buffer & commands that don’t

One annoying thing about this buffering behaviour is that you kind of need to remember which commands buffer their output when writing to a pipe.

Some commands that don’t buffer their output:

  • tail
  • cat
  • tee

I think almost everything else will buffer output, especially if it’s a command where you’re likely to be using it for batch processing. Here’s a list of some common commands that buffer their output when writing to a pipe, along with the flag that disables block buffering.

  • grep (--line-buffered)
  • sed (-u)
  • awk (there’s a fflush() function)
  • tcpdump (-l)
  • jq (-u)
  • tr (-u)
  • cut (can’t disable buffering)

Those are all the ones I can think of, lots of unix commands (like sort) may or may not buffer their output but it doesn’t matter because sort can’t do anything until it finishes receiving input anyway.

Also I did my best to test both the Mac OS and GNU versions of these but there are a lot of variations and I might have made some mistakes.

programming languages where the default “print” statement buffers

Also, here are a few programming language where the default print statement will buffer output when writing to a pipe, and some ways to disable buffering if you want:

  • C (disable with setvbuf)
  • Python (disable with python -u, or PYTHONUNBUFFERED=1, or sys.stdout.reconfigure(line_buffering=False), or print(x, flush=True))
  • Ruby (disable with STDOUT.sync = true)
  • Perl (disable with $| = 1)

I assume that these languages are designed this way so that the default print function will be fast when you’re doing batch processing.

Also whether output is buffered or not might depend on how you print, for example in C++ cout << "hello\n" buffers when writing to a pipe but cout << "hello" << endl will flush its output.

when you press Ctrl-C on a pipe, the contents of the buffer are lost

Let’s say you’re running this command as a hacky way to watch for DNS requests to example.com, and you forgot to pass -l to tcpdump:

sudo tcpdump -ni any port 53 | grep example.com

When you press Ctrl-C, what happens? In a magical perfect world, what I would want to happen is for tcpdump to flush its buffer, grep would search for example.com, and I would see all the output I missed.

But in the real world, what happens is that all the programs get killed and the output in tcpdump’s buffer is lost.

I think this problem is probably unavoidable – I spent a little time with strace to see how this works and grep receives the SIGINT before tcpdump anyway so even if tcpdump tried to flush its buffer grep would already be dead.

After a little more investigation, there is a workaround: if you find tcpdump’s PID and kill -TERM $PID, then tcpdump will flush the buffer so you can see the output. That’s kind of a pain but I tested it and it seems to work.

redirecting to a file also buffers

It’s not just pipes, this will also buffer:

sudo tcpdump -ni any port 53 > output.txt

Redirecting to a file doesn’t have the same “Ctrl-C will totally destroy the contents of the buffer” problem though – in my experience it usually behaves more like you’d want, where the contents of the buffer get written to the file before the program exits. I’m not 100% sure whether this is something you can always rely on or not.

a bunch of potential ways to avoid buffering

Okay, let’s talk solutions. Let’s say you’ve run this command:

tail -f /some/log/file | grep thing1 | grep thing2

I asked people on Mastodon how they would solve this in practice and there were 5 basic approaches. Here they are:

solution 1: run a program that finishes quickly

Historically my solution to this has been to just avoid the “command writing to pipe slowly” situation completely and instead run a program that will finish quickly like this:

cat /some/log/file | grep thing1 | grep thing2 | tail

This doesn’t do the same thing as the original command but it does mean that you get to avoid thinking about these weird buffering issues.

(you could also do grep thing1 /some/log/file but I often prefer to use an “unnecessary” cat)

solution 2: remember the “line buffer” flag to grep

You could remember that grep has a flag to avoid buffering and pass it like this:

tail -f /some/log/file | grep --line-buffered thing1 | grep thing2

solution 3: use awk

Some people said that if they’re specifically dealing with a multiple greps situation, they’ll rewrite it to use a single awk instead, like this:

tail -f /some/log/file |  awk '/thing1/ && /thing2/'

Or you would write a more complicated grep, like this:

tail -f /some/log/file |  grep -E 'thing1.*thing2'

(awk also buffers, so for this to work you’ll want awk to be the last command in the pipeline)

solution 4: use stdbuf

stdbuf uses LD_PRELOAD to turn off libc’s buffering, and you can use it to turn off output buffering like this:

tail -f /some/log/file | stdbuf -o0 grep thing1 | grep thing2

Like any LD_PRELOAD solution it’s a bit unreliable – it doesn’t work on static binaries, I think won’t work if the program isn’t using libc’s buffering, and doesn’t always work on Mac OS. Harry Marr has a really nice How stdbuf works post.

solution 5: use unbuffer

unbuffer program will force the program’s output to be a TTY, which means that it’ll behave the way it normally would on a TTY (less buffering, colour output, etc). You could use it in this example like this:

tail -f /some/log/file | unbuffer grep thing1 | grep thing2

Unlike stdbuf it will always work, though it might have unwanted side effects, for example grep thing1’s will also colour matches.

If you want to install unbuffer, it’s in the expect package.

that’s all the solutions I know about!

It’s a bit hard for me to say which one is “best”, I think personally I’m mostly likely to use unbuffer because I know it’s always going to work.

If I learn about more solutions I’ll try to add them to this post.

I’m not really sure how often this comes up

I think it’s not very common for me to have a program that slowly trickles data into a pipe like this, normally if I’m using a pipe a bunch of data gets written very quickly, processed by everything in the pipeline, and then everything exits. The only examples I can come up with right now are:

  • tcpdump
  • tail -f
  • watching log files in a different way like with kubectl logs
  • the output of a slow computation

what if there were an environment variable to disable buffering?

I think it would be cool if there were a standard environment variable to turn off buffering, like PYTHONUNBUFFERED in Python. I got this idea from a couple of blog posts by Mark Dominus in 2018. Maybe NO_BUFFER like NO_COLOR?

The design seems tricky to get right; Mark points out that NETBSD has environment variables called STDBUF, STDBUF1, etc which gives you a ton of control over buffering but I imagine most developers don’t want to implement many different environment variables to handle a relatively minor edge case.

I’m also curious about whether there are any programs that just automatically flush their output buffers after some period of time (like 1 second). It feels like it would be nice in theory but I can’t think of any program that does that so I imagine there are some downsides.

stuff I left out

Some things I didn’t talk about in this post since these posts have been getting pretty long recently and seriously does anyone REALLY want to read 3000 words about buffering?

  • the difference between line buffering and having totally unbuffered output
  • how buffering to stderr is different from buffering to stdout
  • this post is only about buffering that happens inside the program, your operating system’s TTY driver also does a little bit of buffering sometimes
  • other reasons you might need to flush your output other than “you’re writing to a pipe”
2024-11-18T09:35:42+00:00 Fullscreen Open in Tab
Importing a frontend Javascript library without a build system

I like writing Javascript without a build system and for the millionth time yesterday I ran into a problem where I needed to figure out how to import a Javascript library in my code without using a build system, and it took FOREVER to figure out how to import it because the library’s setup instructions assume that you’re using a build system.

Luckily at this point I’ve mostly learned how to navigate this situation and either successfully use the library or decide it’s too difficult and switch to a different library, so here’s the guide I wish I had to importing Javascript libraries years ago.

I’m only going to talk about using Javacript libraries on the frontend, and only about how to use them in a no-build-system setup.

In this post I’m going to talk about:

  1. the three main types of Javascript files a library might provide (ES Modules, the “classic” global variable kind, and CommonJS)
  2. how to figure out which types of files a Javascript library includes in its build
  3. ways to import each type of file in your code

the three kinds of Javascript files

There are 3 basic types of Javascript files a library can provide:

  1. the “classic” type of file that defines a global variable. This is the kind of file that you can just <script src> and it’ll Just Work. Great if you can get it but not always available
  2. an ES module (which may or may not depend on other files, we’ll get to that)
  3. a “CommonJS” module. This is for Node, you can’t use it in a browser at all without using a build system.

I’m not sure if there’s a better name for the “classic” type but I’m just going to call it “classic”. Also there’s a type called “AMD” but I’m not sure how relevant it is in 2024.

Now that we know the 3 types of files, let’s talk about how to figure out which of these the library actually provides!

where to find the files: the NPM build

Every Javascript library has a build which it uploads to NPM. You might be thinking (like I did originally) – Julia! The whole POINT is that we’re not using Node to build our library! Why are we talking about NPM?

But if you’re using a link from a CDN like https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js, you’re still using the NPM build! All the files on the CDNs originally come from NPM.

Because of this, I sometimes like to npm install the library even if I’m not planning to use Node to build my library at all – I’ll just create a new temp folder, npm install there, and then delete it when I’m done. I like being able to poke around in the files in the NPM build on my filesystem, because then I can be 100% sure that I’m seeing everything that the library is making available in its build and that the CDN isn’t hiding something from me.

So let’s npm install a few libraries and try to figure out what types of Javascript files they provide in their builds!

example library 1: chart.js

First let’s look inside Chart.js, a plotting library.

$ cd /tmp/whatever
$ npm install chart.js
$ cd node_modules/chart.js/dist
$ ls *.*js
chart.cjs  chart.js  chart.umd.js  helpers.cjs  helpers.js

This library seems to have 3 basic options:

option 1: chart.cjs. The .cjs suffix tells me that this is a CommonJS file, for using in Node. This means it’s impossible to use it directly in the browser without some kind of build step.

option 2:chart.js. The .js suffix by itself doesn’t tell us what kind of file it is, but if I open it up, I see import '@kurkle/color'; which is an immediate sign that this is an ES module – the import ... syntax is ES module syntax.

option 3: chart.umd.js. “UMD” stands for “Universal Module Definition”, which I think means that you can use this file either with a basic <script src>, CommonJS, or some third thing called AMD that I don’t understand.

how to use a UMD file

When I was using Chart.js I picked Option 3. I just needed to add this to my code:

<script src="./chart.umd.js"> </script>

and then I could use the library with the global Chart environment variable. Couldn’t be easier. I just copied chart.umd.js into my Git repository so that I didn’t have to worry about using NPM or the CDNs going down or anything.

the build files aren’t always in the dist directory

A lot of libraries will put their build in the dist directory, but not always! The build files’ location is specified in the library’s package.json.

For example here’s an excerpt from Chart.js’s package.json.

  "jsdelivr": "./dist/chart.umd.js",
  "unpkg": "./dist/chart.umd.js",
  "main": "./dist/chart.cjs",
  "module": "./dist/chart.js",

I think this is saying that if you want to use an ES Module (module) you should use dist/chart.js, but the jsDelivr and unpkg CDNs should use ./dist/chart.umd.js. I guess main is for Node.

chart.js’s package.json also says "type": "module", which according to this documentation tells Node to treat files as ES modules by default. I think it doesn’t tell us specifically which files are ES modules and which ones aren’t but it does tell us that something in there is an ES module.

example library 2: @atcute/oauth-browser-client

@atcute/oauth-browser-client is a library for logging into Bluesky with OAuth in the browser.

Let’s see what kinds of Javascript files it provides in its build!

$ npm install @atcute/oauth-browser-client
$ cd node_modules/@atcute/oauth-browser-client/dist
$ ls *js
constants.js  dpop.js  environment.js  errors.js  index.js  resolvers.js

It seems like the only plausible root file in here is index.js, which looks something like this:

export { configureOAuth } from './environment.js';
export * from './errors.js';
export * from './resolvers.js';

This export syntax means it’s an ES module. That means we can use it in the browser without a build step! Let’s see how to do that.

how to use an ES module with importmaps

Using an ES module isn’t an easy as just adding a <script src="whatever.js">. Instead, if the ES module has dependencies (like @atcute/oauth-browser-client does) the steps are:

  1. Set up an import map in your HTML
  2. Put import statements like import { configureOAuth } from '@atcute/oauth-browser-client'; in your JS code
  3. Include your JS code in your HTML like this: <script type="module" src="YOURSCRIPT.js"></script>

The reason we need an import map instead of just doing something like import { BrowserOAuthClient } from "./oauth-client-browser.js" is that internally the module has more import statements like import {something} from @atcute/client, and we need to tell the browser where to get the code for @atcute/client and all of its other dependencies.

Here’s what the importmap I used looks like for @atcute/oauth-browser-client:

<script type="importmap">
{
  "imports": {
    "nanoid": "./node_modules/nanoid/bin/dist/index.js",
    "nanoid/non-secure": "./node_modules/nanoid/non-secure/index.js",
    "nanoid/url-alphabet": "./node_modules/nanoid/url-alphabet/dist/index.js",
    "@atcute/oauth-browser-client": "./node_modules/@atcute/oauth-browser-client/dist/index.js",
    "@atcute/client": "./node_modules/@atcute/client/dist/index.js",
    "@atcute/client/utils/did": "./node_modules/@atcute/client/dist/utils/did.js"
  }
}
</script>

Getting these import maps to work is pretty fiddly, I feel like there must be a tool to generate them automatically but I haven’t found one yet. It’s definitely possible to write a script that automatically generates the importmaps using esbuild’s metafile but I haven’t done that and maybe there’s a better way.

I decided to set up importmaps yesterday to get github.com/jvns/bsky-oauth-example to work, so there’s some example code in that repo.

Also someone pointed me to Simon Willison’s download-esm, which will download an ES module and rewrite the imports to point to the JS files directly so that you don’t need importmaps. I haven’t tried it yet but it seems like a great idea.

problems with importmaps: too many files

I did run into some problems with using importmaps in the browser though – it needed to download dozens of Javascript files to load my site, and my webserver in development couldn’t keep up for some reason. I kept seeing files fail to load randomly and then had to reload the page and hope that they would succeed this time.

It wasn’t an issue anymore when I deployed my site to production, so I guess it was a problem with my local dev environment.

Also one slightly annoying thing about ES modules in general is that you need to be running a webserver to use them, I’m sure this is for a good reason but it’s easier when you can just open your index.html file without starting a webserver.

Because of the “too many files” thing I think actually using ES modules with importmaps in this way isn’t actually that appealing to me, but it’s good to know it’s possible.

how to use an ES module without importmaps

If the ES module doesn’t have dependencies then it’s even easier – you don’t need the importmaps! You can just:

  • put <script type="module" src="YOURCODE.js"></script> in your HTML. The type="module" is important.
  • put import {whatever} from "https://example.com/whatever.js" in YOURCODE.js

alternative: use esbuild

If you don’t want to use importmaps, you can also use a build system like esbuild. I talked about how to do that in Some notes on using esbuild, but this blog post is about ways to avoid build systems completely so I’m not going to talk about that option here. I do still like esbuild though and I think it’s a good option in this case.

what’s the browser support for importmaps?

CanIUse says that importmaps are in “Baseline 2023: newly available across major browsers” so my sense is that in 2024 that’s still maybe a little bit too new? I think I would use importmaps for some fun experimental code that I only wanted like myself and 12 people to use, but if I wanted my code to be more widely usable I’d use esbuild instead.

example library 3: @atproto/oauth-client-browser

Let’s look at one final example library! This is a different Bluesky auth library than @atcute/oauth-browser-client.

$ npm install @atproto/oauth-client-browser
$ cd node_modules/@atproto/oauth-client-browser/dist
$ ls *js
browser-oauth-client.js  browser-oauth-database.js  browser-runtime-implementation.js  errors.js  index.js  indexed-db-store.js  util.js

Again, it seems like only real candidate file here is index.js. But this is a different situation from the previous example library! Let’s take a look at index.js:

There’s a bunch of stuff like this in index.js:

__exportStar(require("@atproto/oauth-client"), exports);
__exportStar(require("./browser-oauth-client.js"), exports);
__exportStar(require("./errors.js"), exports);
var util_js_1 = require("./util.js");

This require() syntax is CommonJS syntax, which means that we can’t use this file in the browser at all, we need to use some kind of build step, and ESBuild won’t work either.

Also in this library’s package.json it says "type": "commonjs" which is another way to tell it’s CommonJS.

how to use a CommonJS module with esm.sh

Originally I thought it was impossible to use CommonJS modules without learning a build system, but then someone Bluesky told me about esm.sh! It’s a CDN that will translate anything into an ES Module. skypack.dev does something similar, I’m not sure what the difference is but one person mentioned that if one doesn’t work sometimes they’ll try the other one.

For @atproto/oauth-client-browser using it seems pretty simple, I just need to put this in my HTML:

<script type="module" src="script.js"> </script>

and then put this in script.js.

import { BrowserOAuthClient } from "https://esm.sh/@atproto/oauth-client-browser@0.3.0"

It seems to Just Work, which is cool! Of course this is still sort of using a build system – it’s just that esm.sh is running the build instead of me. My main concerns with this approach are:

  • I don’t really trust CDNs to keep working forever – usually I like to copy dependencies into my repository so that they don’t go away for some reason in the future.
  • I’ve heard of some issues with CDNs having security compromises which scares me.
  • I don’t really understand what esm.sh is doing.

esbuild can also convert CommonJS modules into ES modules

I also learned that you can also use esbuild to convert a CommonJS module into an ES module, though there are some limitations – the import { BrowserOAuthClient } from syntax doesn’t work. Here’s a github issue about that.

I think the esbuild approach is probably more appealing to me than the esm.sh approach because it’s a tool that I already have on my computer so I trust it more. I haven’t experimented with this much yet though.

summary of the three types of files

Here’s a summary of the three types of JS files you might encounter, options for how to use them, and how to identify them.

Unhelpfully a .js or .min.js file extension could be any of these 3 options, so if the file is something.js you need to do more detective work to figure out what you’re dealing with.

  1. “classic” JS files
    • How to use it:: <script src="whatever.js"></script>
    • Ways to identify it:
      • The website has a big friendly banner in its setup instructions saying “Use this with a CDN!” or something
      • A .umd.js extension
      • Just try to put it in a <script src=... tag and see if it works
  2. ES Modules
    • Ways to use it:
      • If there are no dependencies, just import {whatever} from "./my-module.js" directly in your code
      • If there are dependencies, create an importmap and import {whatever} from "my-module"
      • Use esbuild or any ES Module bundler
    • Ways to identify it:
      • Look for an import or export statement. (not module.exports = ..., that’s CommonJS)
      • An .mjs extension
      • maybe "type": "module" in package.json (though it’s not clear to me which file exactly this refers to)
  3. CommonJS Modules
    • Ways to use it:
      • Use https://esm.sh to convert it into an ES module, like https://esm.sh/@atproto/oauth-client-browser@0.3.0
      • Use a build somehow (??)
    • Ways to identify it:
      • Look for require() or module.exports = ... in the code
      • A .cjs extension
      • maybe "type": "commonjs" in package.json (though it’s not clear to me which file exactly this refers to)

it’s really nice to have ES modules standardized

The main difference between CommonJS modules and ES modules from my perspective is that ES modules are actually a standard. This makes me feel a lot more confident using them, because browsers commit to backwards compatibility for web standards forever – if I write some code using ES modules today, I can feel sure that it’ll still work the same way in 15 years.

It also makes me feel better about using tooling like esbuild because even if the esbuild project dies, because it’s implementing a standard it feels likely that there will be another similar tool in the future that I can replace it with.

the JS community has built a lot of very cool tools

A lot of the time when I talk about this stuff I get responses like “I hate javascript!!! it’s the worst!!!”. But my experience is that there are a lot of great tools for Javascript (I just learned about https://esm.sh yesterday which seems great! I love esbuild!), and that if I take the time to learn how things works I can take advantage of some of those tools and make my life a lot easier.

So the goal of this post is definitely not to complain about Javascript, it’s to understand the landscape so I can use the tooling in a way that feels good to me.

questions I still have

Here are some questions I still have, I’ll add the answers into the post if I learn the answer.

  • Is there a tool that automatically generates importmaps for an ES Module that I have set up locally? (apparently yes: jspm)
  • How can I convert a CommonJS module into an ES module on my computer, the way https://esm.sh does? (apparently esbuild can sort of do this, though named exports don’t work)
  • When people normally build CommonJS modules into regular JS code, what’s code is doing that? Obviously there are tools like webpack, rollup, esbuild, etc, but do those tools all implement their own JS parsers/static analysis? How many JS parsers are there out there?
  • Is there any way to bundle an ES module into a single file (like atcute-client.js), but so that in the browser I can still import multiple different paths from that file (like both @atcute/client/lexicons and @atcute/client)?

all the tools

Here’s a list of every tool we talked about in this post:

Writing this post has made me think that even though I usually don’t want to have a build that I run every time I update the project, I might be willing to have a build step (using download-esm or something) that I run only once when setting up the project and never run again except maybe if I’m updating my dependency versions.

that’s all!

Thanks to Marco Rogers who taught me a lot of the things in this post. I’ve probably made some mistakes in this post and I’d love to know what they are – let me know on Bluesky or Mastodon!

2024-11-09T09:24:29+00:00 Fullscreen Open in Tab
New microblog with TILs

I added a new section to this site a couple weeks ago called TIL (“today I learned”).

the goal: save interesting tools & facts I posted on social media

One kind of thing I like to post on Mastodon/Bluesky is “hey, here’s a cool thing”, like the great SQLite repl litecli, or the fact that cross compiling in Go Just Works and it’s amazing, or cryptographic right answers, or this great diff tool. Usually I don’t want to write a whole blog post about those things because I really don’t have much more to say than “hey this is useful!”

It started to bother me that I didn’t have anywhere to put those things: for example recently I wanted to use diffdiff and I just could not remember what it was called.

the solution: make a new section of this blog

So I quickly made a new folder called /til/, added some custom styling (I wanted to style the posts to look a little bit like a tweet), made a little Rake task to help me create new posts quickly (rake new_til), and set up a separate RSS Feed for it.

I think this new section of the blog might be more for myself than anything, now when I forget the link to Cryptographic Right Answers I can hopefully look it up on the TIL page. (you might think “julia, why not use bookmarks??” but I have been failing to use bookmarks for my whole life and I don’t see that changing ever, putting things in public is for whatever reason much easier for me)

So far it’s been working, often I can actually just make a quick post in 2 minutes which was the goal.

inspired by Simon Willison’s TIL blog

My page is inspired by Simon Willison’s great TIL blog, though my TIL posts are a lot shorter.

I don’t necessarily want everything to be archived

This came about because I spent a lot of time on Twitter, so I’ve been thinking about what I want to do about all of my tweets.

I keep reading the advice to “POSSE” (“post on your own site, syndicate elsewhere”), and while I find the idea appealing in principle, for me part of the appeal of social media is that it’s a little bit ephemeral. I can post polls or questions or observations or jokes and then they can just kind of fade away as they become less relevant.

I find it a lot easier to identify specific categories of things that I actually want to have on a Real Website That I Own:

and then let everything else be kind of ephemeral.

I really believe in the advice to make email lists though – the first two (blog posts & comics) both have email lists and RSS feeds that people can subscribe to if they want. I might add a quick summary of any TIL posts from that week to the “blog posts from this week” mailing list.

2024-11-04T09:18:03+00:00 Fullscreen Open in Tab
My IETF 121 Agenda

Here's where you can find me at IETF 121 in Dublin!

Monday

Tuesday

  • 9:30 - 11:30 • oauth
  • 13:00 - 14:30 • spice
  • 16:30 - 17:30 • scim

Thursday

Get in Touch

My Current Drafts

2024-10-31T08:00:10+00:00 Fullscreen Open in Tab
ASCII control characters in my terminal

Hello! I’ve been thinking about the terminal a lot and yesterday I got curious about all these “control codes”, like Ctrl-A, Ctrl-C, Ctrl-W, etc. What’s the deal with all of them?

a table of ASCII control characters

Here’s a table of all 33 ASCII control characters, and what they do on my machine (on Mac OS), more or less. There are about a million caveats, but I’ll talk about what it means and all the problems with this diagram that I know about.

You can also view it as an HTML page (I just made it an image so it would show up in RSS).

different kinds of codes are mixed together

The first surprising thing about this diagram to me is that there are 33 control codes, split into (very roughly speaking) these categories:

  1. Codes that are handled by the operating system’s terminal driver, for example when the OS sees a 3 (Ctrl-C), it’ll send a SIGINT signal to the current program
  2. Everything else is passed through to the application as-is and the application can do whatever it wants with them. Some subcategories of those:
    • Codes that correspond to a literal keypress of a key on your keyboard (Enter, Tab, Backspace). For example when you press Enter, your terminal gets sent 13.
    • Codes used by readline: “the application can do whatever it wants” often means “it’ll do more or less what the readline library does, whether the application actually uses readline or not”, so I’ve labelled a bunch of the codes that readline uses
    • Other codes, for example I think Ctrl-X has no standard meaning in the terminal in general but emacs uses it very heavily

There’s no real structure to which codes are in which categories, they’re all just kind of randomly scattered because this evolved organically.

(If you’re curious about readline, I wrote more about readline in entering text in the terminal is complicated, and there are a lot of cheat sheets out there)

there are only 33 control codes

Something else that I find a little surprising is that are only 33 control codes – A to Z, plus 7 more (@, [, \, ], ^, _, ?). This means that if you want to have for example Ctrl-1 as a keyboard shortcut in a terminal application, that’s not really meaningful – on my machine at least Ctrl-1 is exactly the same thing as just pressing 1, Ctrl-3 is the same as Ctrl-[, etc.

Also Ctrl+Shift+C isn’t a control code – what it does depends on your terminal emulator. On Linux Ctrl-Shift-X is often used by the terminal emulator to copy or open a new tab or paste for example, it’s not sent to the TTY at all.

Also I use Ctrl+Left Arrow all the time, but that isn’t a control code, instead it sends an ANSI escape sequence (ctrl-[[1;5D) which is a different thing which we absolutely do not have space for in this post.

This “there are only 33 codes” thing is totally different from how keyboard shortcuts work in a GUI where you can have Ctrl+KEY for any key you want.

the official ASCII names aren’t very meaningful to me

Each of these 33 control codes has a name in ASCII (for example 3 is ETX). When all of these control codes were originally defined, they weren’t being used for computers or terminals at all, they were used for the telegraph machine. Telegraph machines aren’t the same as UNIX terminals so a lot of the codes were repurposed to mean something else.

Personally I don’t find these ASCII names very useful, because 50% of the time the name in ASCII has no actual relationship to what that code does on UNIX systems today. So it feels easier to just ignore the ASCII names completely instead of trying to figure which ones still match their original meaning.

It’s hard to use Ctrl-M as a keyboard shortcut

Another thing that’s a bit weird is that Ctrl-M is literally the same as Enter, and Ctrl-I is the same as Tab, which makes it hard to use those two as keyboard shortcuts.

From some quick research, it seems like some folks do still use Ctrl-I and Ctrl-M as keyboard shortcuts (here’s an example), but to do that you need to configure your terminal emulator to treat them differently than the default.

For me the main takeaway is that if I ever write a terminal application I should avoid Ctrl-I and Ctrl-M as keyboard shortcuts in it.

how to identify what control codes get sent

While writing this I needed to do a bunch of experimenting to figure out what various key combinations did, so I wrote this Python script echo-key.py that will print them out.

There’s probably a more official way but I appreciated having a script I could customize.

caveat: on canonical vs noncanonical mode

Two of these codes (Ctrl-W and Ctrl-U) are labelled in the table as “handled by the OS”, but actually they’re not always handled by the OS, it depends on whether the terminal is in “canonical” mode or in “noncanonical mode”.

In canonical mode, programs only get input when you press Enter (and the OS is in charge of deleting characters when you press Backspace or Ctrl-W). But in noncanonical mode the program gets input immediately when you press a key, and the Ctrl-W and Ctrl-U codes are passed through to the program to handle any way it wants.

Generally in noncanonical mode the program will handle Ctrl-W and Ctrl-U similarly to how the OS does, but there are some small differences.

Some examples of programs that use canonical mode:

  • probably pretty much any noninteractive program, like grep or cat
  • git, I think

Examples of programs that use noncanonical mode:

  • python3, irb and other REPLs
  • your shell
  • any full screen TUI like less or vim

caveat: all of the “OS terminal driver” codes are configurable with stty

I said that Ctrl-C sends SIGINT but technically this is not necessarily true, if you really want to you can remap all of the codes labelled “OS terminal driver”, plus Backspace, using a tool called stty, and you can view the mappings with stty -a.

Here are the mappings on my machine right now:

$ stty -a
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = <undef>;
	eol2 = <undef>; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
	min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ^T;
	stop = ^S; susp = ^Z; time = 0; werase = ^W;

I have personally never remapped any of these and I cannot imagine a reason I would (I think it would be a recipe for confusion and disaster for me), but I asked on Mastodon and people said the most common reasons they used stty were:

  • fix a broken terminal with stty sane
  • set stty erase ^H to change how Backspace works
  • set stty ixoff
  • some people even map SIGINT to a different key, like their DELETE key

caveat: on signals

Two signals caveats:

  1. If the ISIG terminal mode is turned off, then the OS won’t send signals. For example vim turns off ISIG
  2. Apparently on BSDs, there’s an extra control code (Ctrl-T) which sends SIGINFO

You can see which terminal modes a program is setting using strace like this, terminal modes are set with the ioctl system call:

$ strace -tt -o out  vim
$ grep ioctl out | grep SET

here are the modes vim sets when it starts (ISIG and ICANON are missing!):

17:43:36.670636 ioctl(0, TCSETS, {c_iflag=IXANY|IMAXBEL|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST, c_cflag=B38400|CS8|CREAD,
c_lflag=ECHOK|ECHOCTL|ECHOKE|PENDIN, ...}) = 0

and it resets the modes when it exits:

17:43:38.027284 ioctl(0, TCSETS, {c_iflag=ICRNL|IXANY|IMAXBEL|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD,
c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE|PENDIN, ...}) = 0

I think the specific combination of modes vim is using here might be called “raw mode”, man cfmakeraw talks about that.

there are a lot of conflicts

Related to “there are only 33 codes”, there are a lot of conflicts where different parts of the system want to use the same code for different things, for example by default Ctrl-S will freeze your screen, but if you turn that off then readline will use Ctrl-S to do a forward search.

Another example is that on my machine sometimes Ctrl-T will send SIGINFO and sometimes it’ll transpose 2 characters and sometimes it’ll do something completely different depending on:

  • whether the program has ISIG set
  • whether the program uses readline / imitates readline’s behaviour

caveat: on “backspace” and “other backspace”

In this diagram I’ve labelled code 127 as “backspace” and 8 as “other backspace”. Uh, what?

I think this was the single biggest topic of discussion in the replies on Mastodon – apparently there’s a LOT of history to this and I’d never heard of any of it before.

First, here’s how it works on my machine:

  1. I press the Backspace key
  2. The TTY gets sent the byte 127, which is called DEL in ASCII
  3. the OS terminal driver and readline both have 127 mapped to “backspace” (so it works both in canonical mode and noncanonical mode)
  4. The previous character gets deleted

If I press Ctrl+H, it has the same effect as Backspace if I’m using readline, but in a program without readline support (like cat for instance), it just prints out ^H.

Apparently Step 2 above is different for some folks – their Backspace key sends the byte 8 instead of 127, and so if they want Backspace to work then they need to configure the OS (using stty) to set erase = ^H.

There’s an incredible section of the Debian Policy Manual on keyboard configuration that describes how Delete and Backspace should work according to Debian policy, which seems very similar to how it works on my Mac today. My understanding (via this mastodon post) is that this policy was written in the 90s because there was a lot of confusion about what Backspace should do in the 90s and there needed to be a standard to get everything to work.

There’s a bunch more historical terminal stuff here but that’s all I’ll say for now.

there’s probably a lot more diversity in how this works

I’ve probably missed a bunch more ways that “how it works on my machine” might be different from how it works on other people’s machines, and I’ve probably made some mistakes about how it works on my machine too. But that’s all I’ve got for today.

Some more stuff I know that I’ve left out: according to stty -a Ctrl-O is “discard”, Ctrl-R is “reprint”, and Ctrl-Y is “dsusp”. I have no idea how to make those actually do anything (pressing them does not do anything obvious, and some people have told me what they used to do historically but it’s not clear to me if they have a use in 2024), and a lot of the time in practice they seem to just be passed through to the application anyway so I just labelled Ctrl-R and Ctrl-Y as readline.

not all of this is that useful to know

Also I want to say that I think the contents of this post are kind of interesting but I don’t think they’re necessarily that useful. I’ve used the terminal pretty successfully every day for the last 20 years without knowing literally any of this – I just knew what Ctrl-C, Ctrl-D, Ctrl-Z, Ctrl-R, Ctrl-L did in practice (plus maybe Ctrl-A, Ctrl-E and Ctrl-W) and did not worry about the details for the most part, and that was almost always totally fine except when I was trying to use xterm.js.

But I had fun learning about it so maybe it’ll be interesting to you too.

2024-10-27T07:47:04+00:00 Fullscreen Open in Tab
Using less memory to look up IP addresses in Mess With DNS

I’ve been having problems for the last 3 years or so where Mess With DNS periodically runs out of memory and gets OOM killed.

This hasn’t been a big priority for me: usually it just goes down for a few minutes while it restarts, and it only happens once a day at most, so I’ve just been ignoring. But last week it started actually causing a problem so I decided to look into it.

This was kind of winding road where I learned a lot so here’s a table of contents:

there’s about 100MB of memory available

I run Mess With DNS on a VM without about 465MB of RAM, which according to ps aux (the RSS column) is split up something like:

  • 100MB for PowerDNS
  • 200MB for Mess With DNS
  • 40MB for hallpass

That leaves about 110MB of memory free.

A while back I set GOMEMLIMIT to 250MB to try to make sure the garbage collector ran if Mess With DNS used more than 250MB of memory, and I think this helped but it didn’t solve everything.

the problem: OOM killing the backup script

A few weeks ago I started backing up Mess With DNS’s database for the first time using restic.

This has been working okay, but since Mess With DNS operates without much extra memory I think restic sometimes needed more memory than was available on the system, and so the backup script sometimes got OOM killed.

This was a problem because

  1. backups might be corrupted sometimes
  2. more importantly, restic takes out a lock when it runs, and so I’d have to manually do an unlock if I wanted the backups to continue working. Doing manual work like this is the #1 thing I try to avoid with all my web services (who has time for that!) so I really wanted to do something about it.

There’s probably more than one solution to this, but I decided to try to make Mess With DNS use less memory so that there was more available memory on the system, mostly because it seemed like a fun problem to try to solve.

what’s using memory: IP addresses

I’d run a memory profile of Mess With DNS a bunch of times in the past, so I knew exactly what was using most of Mess With DNS’s memory: IP addresses.

When it starts, Mess With DNS loads this database where you can look up the ASN of every IP address into memory, so that when it receives a DNS query it can take the source IP address like 74.125.16.248 and tell you that IP address belongs to GOOGLE.

This database by itself used about 117MB of memory, and a simple du told me that was too much – the original text files were only 37MB!

$ du -sh *.tsv
26M	ip2asn-v4.tsv
11M	ip2asn-v6.tsv

The way it worked originally is that I had an array of these:

type IPRange struct {
	StartIP net.IP
	EndIP   net.IP
	Num     int
	Name    string
	Country string
}

and I searched through it with a binary search to figure out if any of the ranges contained the IP I was looking for. Basically the simplest possible thing and it’s super fast, my machine can do about 9 million lookups per second.

attempt 1: use SQLite

I’ve been using SQLite recently, so my first thought was – maybe I can store all of this data on disk in an SQLite database, give the tables an index, and that’ll use less memory.

So I:

  • wrote a quick Python script using sqlite-utils to import the TSV files into an SQLite database
  • adjusted my code to select from the database instead

This did solve the initial memory goal (after a GC it now hardly used any memory at all because the table was on disk!), though I’m not sure how much GC churn this solution would cause if we needed to do a lot of queries at once. I did a quick memory profile and it seemed to allocate about 1KB of memory per lookup.

Let’s talk about the issues I ran into with using SQLite though.

problem: how to store IPv6 addresses

SQLite doesn’t have support for big integers and IPv6 addresses are 128 bits, so I decided to store them as text. I think BLOB might have been better, I originally thought BLOBs couldn’t be compared but the sqlite docs say they can.

I ended up with this schema:

CREATE TABLE ipv4_ranges (
   start_ip INTEGER NOT NULL,
   end_ip INTEGER NOT NULL,
   asn INTEGER NOT NULL,
   country TEXT NOT NULL,
   name TEXT NOT NULL
);
CREATE TABLE ipv6_ranges (
   start_ip TEXT NOT NULL,
   end_ip TEXT NOT NULL,
   asn INTEGER,
   country TEXT,
   name TEXT
);
CREATE INDEX idx_ipv4_ranges_start_ip ON ipv4_ranges (start_ip);
CREATE INDEX idx_ipv6_ranges_start_ip ON ipv6_ranges (start_ip);
CREATE INDEX idx_ipv4_ranges_end_ip ON ipv4_ranges (end_ip);
CREATE INDEX idx_ipv6_ranges_end_ip ON ipv6_ranges (end_ip);

Also I learned that Python has an ipaddress module, so I could use ipaddress.ip_address(s).exploded to make sure that the IPv6 addresses were expanded so that a string comparison would compare them properly.

problem: it’s 500x slower

I ran a quick microbenchmark, something like this. It printed out that it could look up 17,000 IPv6 addresses per second, and similarly for IPv4 addresses.

This was pretty discouraging – being able to look up 17k addresses per section is kind of fine (Mess With DNS does not get a lot of traffic), but I compared it to the original binary search code and the original code could do 9 million per second.

	ips := []net.IP{}
	count := 20000
	for i := 0; i < count; i++ {
		// create a random IPv6 address
		bytes := randomBytes()
		ip := net.IP(bytes[:])
		ips = append(ips, ip)
	}
	now := time.Now()
	success := 0
	for _, ip := range ips {
		_, err := ranges.FindASN(ip)
		if err == nil {
			success++
		}
	}
	fmt.Println(success)
	elapsed := time.Since(now)
	fmt.Println("number per second", float64(count)/elapsed.Seconds())

time for EXPLAIN QUERY PLAN

I’d never really done an EXPLAIN in sqlite, so I thought it would be a fun opportunity to see what the query plan was doing.

sqlite> explain query plan select * from ipv6_ranges where '2607:f8b0:4006:0824:0000:0000:0000:200e' BETWEEN start_ip and end_ip;
QUERY PLAN
`--SEARCH ipv6_ranges USING INDEX idx_ipv6_ranges_end_ip (end_ip>?)

It looks like it’s just using the end_ip index and not the start_ip index, so maybe it makes sense that it’s slower than the binary search.

I tried to figure out if there was a way to make SQLite use both indexes, but I couldn’t find one and maybe it knows best anyway.

At this point I gave up on the SQLite solution, I didn’t love that it was slower and also it’s a lot more complex than just doing a binary search. I felt like I’d rather keep something much more similar to the binary search.

A few things I tried with SQLite that did not cause it to use both indexes:

  • using a compound index instead of two separate indexes
  • running ANALYZE
  • using INTERSECT to intersect the results of start_ip < ? and ? < end_ip. This did make it use both indexes, but it also seemed to make the query literally 1000x slower, probably because it needed to create the results of both subqueries in memory and intersect them.

attempt 2: use a trie

My next idea was to use a trie, because I had some vague idea that maybe a trie would use less memory, and I found this library called ipaddress-go that lets you look up IP addresses using a trie.

I tried using it here’s the code, but I think I was doing something wildly wrong because, compared to my naive array + binary search:

  • it used WAY more memory (800MB to store just the IPv4 addresses)
  • it was a lot slower to do the lookups (it could do only 100K/second instead of 9 million/second)

I’m not really sure what went wrong here but I gave up on this approach and decided to just try to make my array use less memory and stick to a simple binary search.

some notes on memory profiling

One thing I learned about memory profiling is that you can use runtime package to see how much memory is currently allocated in the program. That’s how I got all the memory numbers in this post. Here’s the code:

func memusage() {
	runtime.GC()
	var m runtime.MemStats
	runtime.ReadMemStats(&m)
	fmt.Printf("Alloc = %v MiB\n", m.Alloc/1024/1024)
	// write mem.prof
	f, err := os.Create("mem.prof")
	if err != nil {
		log.Fatal(err)
	}
	pprof.WriteHeapProfile(f)
	f.Close()
}

Also I learned that if you use pprof to analyze a heap profile there are two ways to analyze it: you can pass either --alloc-space or --inuse-space to go tool pprof. I don’t know how I didn’t realize this before but alloc-space will tell you about everything that was allocated, and inuse-space will just include memory that’s currently in use.

Anyway I ran go tool pprof -pdf --inuse_space mem.prof > mem.pdf a lot. Also every time I use pprof I find myself referring to my own intro to pprof, it’s probably the blog post I wrote that I use the most often. I should add --alloc-space and --inuse-space to it.

attempt 3: make my array use less memory

I was storing my ip2asn entries like this:

type IPRange struct {
	StartIP net.IP
	EndIP   net.IP
	Num     int
	Name    string
	Country string
}

I had 3 ideas for ways to improve this:

  1. There was a lot of repetition of Name and the Country, because a lot of IP ranges belong to the same ASN
  2. net.IP is an []byte under the hood, which felt like it involved an unnecessary pointer, was there a way to inline it into the struct?
  3. Maybe I didn’t need both the start IP and the end IP, often the ranges were consecutive so maybe I could rearrange things so that I only had the start IP

idea 3.1: deduplicate the Name and Country

I figured I could store the ASN info in an array, and then just store the index into the array in my IPRange struct. Here are the structs so you can see what I mean:

type IPRange struct {
	StartIP netip.Addr
	EndIP   netip.Addr
	ASN     uint32
	Idx     uint32
}

type ASNInfo struct {
	Country string
	Name    string
}

type ASNPool struct {
	asns   []ASNInfo
	lookup map[ASNInfo]uint32
}

This worked! It brought memory usage from 117MB to 65MB – a 50MB savings. I felt good about this.

Here’s all of the code for that part.

how big are ASNs?

As an aside – I’m storing the ASN in a uint32, is that right? I looked in the ip2asn file and the biggest one seems to be 401307, though there are a few lines that say 4294901931 which is much bigger, but also are just inside the range of a uint32. So I can definitely use a uint32.

59.101.179.0	59.101.179.255	4294901931	Unknown	AS4294901931

idea 3.2: use netip.Addr instead of net.IP

It turns out that I’m not the only one who felt that net.IP was using an unnecessary amount of memory – in 2021 the folks at Tailscale released a new IP address library for Go which solves this and many other issues. They wrote a great blog post about it.

I discovered (to my delight) that not only does this new IP address library exist and do exactly what I want, it’s also now in the Go standard library as netip.Addr. Switching to netip.Addr was very easy and saved another 20MB of memory, bringing us to 46MB.

I didn’t try my third idea (remove the end IP from the struct) because I’d already been programming for long enough on a Saturday morning and I was happy with my progress.

It’s always such a great feeling when I think “hey, I don’t like this, there must be a better way” and then immediately discover that someone has already made the exact thing I want, thought about it a lot more than me, and implemented it much better than I would have.

all of this was messier in real life

Even though I tried to explain this in a simple linear way “I tried X, then I tried Y, then I tried Z”, that’s kind of a lie – I always try to take my actual debugging process (total chaos) and make it seem more linear and understandable because the reality is just too annoying to write down. It’s more like:

  • try sqlite
  • try a trie
  • second guess everything that I concluded about sqlite, go back and look at the results again
  • wait what about indexes
  • very very belatedly realize that I can use runtime to check how much memory everything is using, start doing that
  • look at the trie again, maybe I misunderstood everything
  • give up and go back to binary search
  • look at all of the numbers for tries/sqlite again to make sure I didn’t misunderstand

A note on using 512MB of memory

Someone asked why I don’t just give the VM more memory. I could very easily afford to pay for a VM with 1GB of memory, but I feel like 512MB really should be enough (and really that 256MB should be enough!) so I’d rather stay inside that constraint. It’s kind of a fun puzzle.

a few ideas from the replies

Folks had a lot of good ideas I hadn’t thought of. Recording them as inspiration if I feel like having another Fun Performance Day at some point.

  • Try Go’s unique package for the ASNPool. Someone tried this and it uses more memory, probably because Go’s pointers are 64 bits
  • Try compiling with GOARCH=386 to use 32-bit pointers to sace space (maybe in combination with using unique!)
  • It should be possible to store all of the IPv6 addresses in just 64 bits, because only the first 64 bits of the address are public
  • Interpolation search might be faster than binary search since IP addresses are numeric
  • Try the MaxMind db format with mmdbwriter or mmdbctl
  • Tailscale’s art routing table package

the result: saved 70MB of memory!

I deployed the new version and now Mess With DNS is using less memory! Hooray!

A few other notes:

  • lookups are a little slower – in my microbenchmark they went from 9 million lookups/second to 6 million, maybe because I added a little indirection. Using less memory and a little more CPU seemed like a good tradeoff though.
  • it’s still using more memory than the raw text files do (46MB vs 37MB), I guess pointers take up space and that’s okay.

I’m honestly not sure if this will solve all my memory problems, probably not! But I had fun, I learned a few things about SQLite, I still don’t know what to think about tries, and it made me love binary search even more than I already did.