In 2014, I read a political science paper that nearly convinced me to quit my lifelong career as an activist: "Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens," published in Perspectives on Politics:
The paper's authors are Martin Gilens, a UCLA professor of Public Policy; and Northwestern's Benjamin Page, a professor of Decision Making. Gilens and Page studied a representative sample of 1,779 policy issues, analyzing the effect that the preferences of different groups of people had on the outcome. They wanted to find out what drove policy: money, or popularity?
It's money. It's totally, utterly money. When billionaires want something, it literally doesn't matter how much the rest of us hate it, they're gonna get their way. When billionaires hate something, it doesn't matter how popular it is with the rest of us, we're not gonna get it. As Gilens and Page put it:
economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence.
I know the cynics out there are hollering "no duh" at their computers right now, but bear with me here. Gilens and Page's research shows that you and I have no voice in policy outcomes. Based on these findings, the only way we can change society is to try and woo oligarchs so they champion our cause. This reduces democracy to a competition to see who can pour the most honey into a plutocrat's ear. Mass mobilizations – millions of people in the streets – only matter to the extent that they bring a tear to a billionaire's eye.
This just shattered me. I've been haunted by it ever since. I've tried some tactical gambits based on this data, but honestly, I don't want to improve the world by swaying the ultra-rich. Mostly, I've spent the decade since I read the Gilens/Page paper working on mass mobilizations and mass opionion-influencing. I reasoned (or maybe rationalized) that while oligarchs were running the nation now, that was subject to change, and that was a change that I was sure wouldn't come from America's plutocrats committing mass class-suicide.
Then, something incredible happened. All this decade, a tide of antitrust vigor has swept the planet. The EU has passed big, muscular tech competition laws like the Digital Markets Act and the Digital Services Act, and has by God enforced them, and have patched the enforcement weaknesses in the GDPR. EU member-states – France, Germany, Spain – have passed their own big, ambitious national laws that go further than DSA/DMA. Even Ireland – a country that deliberately prostrated itself to US Big Tech – is getting in on the act, with the country's Social Media Czar railing against the "enshittification" of tech:
Not just the EU, of course. Australia and Canada have taken some big swings at Big Tech, and Canada is pressing ahead with its digital services tax of 3% for onshore earnings of tech companies with more than CAD20m in annual turnover, despite the fact that Trump has promised to end all trade talks with Canada in retaliation:
https://financialpost.com/technology/canadas-digital-services-tax-g7
Antitrust fever has swept both of the world's superpowers. Under Trump I, the DOJ and FTC brought key cases against Facebook and Google, and then Biden's antitrust enforcers went to town on all forms of monopoly, carrying on the Trump cases and reviving some of the law's most elegant weapons from a more civilized age, like the Robinson-Patman Act:
Admittedly, Trump's FTC and DOJ have carried on some of Biden's work, even as they've killed some of the Biden era's most important cases, and made a general Trumpian mockery of the idea that antitrust law is a tool for economic justice:
https://economicpopulist.substack.com/p/weekly-rewind-62725
Trump killing antitrust law is normal. That's what politics have been like for this whole century, and it's what politics are like in every other domain: billionaires get their way on climate, on labor, on whatever bullshit they get into their fool fucking heads:
But it's a mistake to think that Trump killed antitrust enforcement in the USA out of a special conservative deference to millionaires and enthusiasm for corrosive and predatory monopolies. In the UK, four consecutive Conservative Prime Ministers presided over the best competition law enforcement in British history – and it was Labour's Keir Starmer who fired the head of the UK Competition and Markets Authority and replaced him with the ex-head of Amazon UK:
https://pluralistic.net/2025/01/22/autocrats-of-trade/#dingo-babysitter
It is completely normal for both "progressive" and "conservative" parties to wield the entire apparatus of state to the benefit of powerful monopolists. The antitrust enforcement – in the US, the UK, the EU, Australia, Germany, France and Spain – are totally aberrant. And it's not just in these countries where political science's law of gravity reversed itself: there've been giant, brutal antitrust cases in Japan and South Korea, and China has passed aggressive tech antitrust laws that strike directly at the giant Chinese tech companies that Cold War 2.0 creeps insist are just branches of the Chinese Communist Party:
https://pluralistic.net/2020/12/07/backstabbed/#big-data-backstabbing
This is fucking wild.
This is water flowing uphill.
This is pigs flying.
This is hell freezing over.
There is no billionaire constituency for antimonopoly work. Oligarchs aren't funneling dark money to trustbuster orgs. Antimonopoly work strikes at the beating heart of the system that creates and sustains billionaires.
This is a political outcome that the people want, and that billionaires hate, and billionaires are losing.
How is this happening? Why is this happening? I don't know, exactly. I suspect that some of this is related to Stein's Law: "anything that can't go on forever eventually stops." Monopolists corrupt our political system, maim and impoverish workers, gouge their customers on enshittified, overpriced garbage. They are an existential threat to the survival of the human species.
The system is so broken and the mainstream of politics endlessly gaslights us, telling us that corrupt and degraded institutions are either just fine ("America Was Always Great" -H. Clinton) or need to be destroyed, rather than redeemed ("Delete CFPB" -E. Musk). People know that the system only caters to the whims of billionaires and tells the rest of us to eat shit. They hate the fucking system.
Over and over again, we've seen outbreaks of furious, joyous, uncompromising leftist activism: Occupy, Bernie 2016, Bernie 2020, George Floyd, the Women's March, No Kings, Climate Strikes, on and on. Over and over, liberal "centrists" have joined with the right to crush these movements.
Meanwhile, the right has only moved from strength to strength by offering a libidinal, furious promise of root-and-branch change. The only team that's promising radical change is the right. Parties like UK Labour and the Democrats offer austerity and genocide with slightly more polite aesthetics ("[If I'm elected], fundamentally nothing will change" -J. Biden).
I think that centrist suppression of the left has pushed 90 percent of the energy for major change into right wing nihilist movements, but the anti-corporate, anti-monopolist energy has not dissipated. It's formed a kind of invisible political wind that has filled the sails of these antimonopoly projects all over the world.
But anything that can't go on forever eventually stops. Zohran Mamdani just won the NYC Democratic mayoral primary election. That wasn't supposed to happen. The worst people on Earth showered the hereditary King of New York with so much money it was coming out of his fucking pores and he still ate shit. Guys who've got so much money they were able to get Columbia University to collude in shipping its students off to gulags for having the temerity to oppose genocide tried to do it to Mamdani and we kicked their teeth in.
The world is organized around the whims of billionaires, but it doesn't have to be. Most of us are not esoteric authoritarian freaks pining for a CEO of America who'll track us all using mandatory Fitbits and assign us jobs based on an AI's estimation of our cranial geometry. Those ideas are not popular. Now, it's true that this century has been defined by extremely unpopular ideas winning the day. But anything that can't go on eventually stops.
Sure, they smeared Jeremy Corbyn and replaced him with Austeritybot 3000, and Labour is collapsing as a result, and if an election were called today, Nigel Farage would sweep the board, assuming the PM's seat ahead of a Ba'ath Party style majority.
But on today's Trashfuture podcast, I learned about the leadership contest for the Green Party, in which genuinely progressive candidate, Zack Polanski, is running:
Labour has walked away from voters. The Tories are in chaos. The Libdems permanently discredited themselves in the coalition government. The youthquake that buoyed up Corbyn was driven by a desperate hunger for change. The party grandees that purged Labour of everyone who wanted a better country have created a massive constituency that's up for grabs.
I'm desperate for change, too. I've joined the Greens, and I'll be voting for Polanski in the leadership race:
https://join.greenparty.org.uk/join-us/
(Image: Frank Vincentz, Petri Krohn, CC BY-SA 3.0, modified)
Republicans are flagged more often than Democrats for sharing misinformation on X’s Community Notes https://www.pnas.org/doi/10.1073/pnas.2502053122
Decon: Dual system offering an emergency decontamination tool for Chemical Crowd Control Agent (CCCA) exposure and app for protestor mobilization https://nedc.mesausa.org/team/california-2025/
Promises The ‘Trump Phone’ Would Be ‘Made In USA’ Lasted 1/100th Of A Scaramucci https://www.techdirt.com/2025/06/27/promises-the-trump-phone-would-be-made-in-usa-lasted-1-100th-of-a-scaramucci/
Digital Services Tax to stay in place despite G7 deal https://financialpost.com/technology/canadas-digital-services-tax-g7
#20yrsago Secret Congressional policy reports published https://web.archive.org/web/20050629020405/http://www.opencrs.com/
#20yrsago Brazil to US pharma co: slash AIDS drug prices or lose patent https://web.archive.org/web/20190918065156/https://www.ft.com/content/816699fe-e50a-11d9-95f3-00000e2511c8
#20yrsago Hilary Rosen: Killing Napster didn’t bring market control https://web.archive.org/web/20050629010724/http://www.huffingtonpost.com/theblog/archive/hilary-rosen/the-wisdom-of-the-court-_3259.html
#15yrsago Canadian cops’ history of agents provocateurs and the G20 https://memex.craphound.com/2010/06/27/canadian-cops-history-of-agents-provocateurs-and-the-g20/
#15yrsago Stiglitz: spending cuts won’t cure recession https://www.independent.co.uk/news/uk/politics/osborne-s-first-budget-it-s-wrong-wrong-wrong-2011501.html
#5yrsago Snowden on tech's Oppenheimers https://pluralistic.net/2020/06/27/belated-oppenheimers/#oppenheimers
#5yrsago Santa Cruz bans predictive policing https://pluralistic.net/2020/06/27/belated-oppenheimers/#banana-slugs
#1yrago Copyright takedowns are a cautionary tale that few are heeding https://pluralistic.net/2024/06/27/nuke-first/#ask-questions-never
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Forward Kentucky
https://www.youtube.com/watch?v=LpMxBBMBkZs
Democrats Abroad
https://creators.spotify.com/pod/profile/demsabroadca/episodes/Cory-Doctorow-on-Enshittification-e34blmg/a-ac0jn7i
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
Lawsuits like this one are not something to celebrate just because you hate Fox News.
I'm not normally one to agree with Fox, but they're right in their statement that suits like this are "designed to chill free speech critical of [Newsom]."
What better format for a biography of Ernie Bushmiller, creator of the daily Nancy strip, than a graphic novel? And who better to write and draw it than Bill Griffith, creator of Zippy the Pinhead, a long-running and famously surreal daily strip?
https://store.abramsbooks.com/products/three-rocks
Three Rocks: The Story of Ernie Bushmiller, the Man Who Created Nancy is more than a biography, though. Griffith is carrying on the work of Scott McCloud, whose definitive Understanding Comics used the graphic novel form to explain the significance and method of sequential art, singling out Nancy for special praise:
https://en.wikipedia.org/wiki/Understanding_Comics
For Griffith – and a legion of comics legends who worship Bushmiller – the story of Bushmiller's life and the story of Nancy and its groundbreaking methodology are inseparable. We watch as Bushmiller starts out as a teenaged dropout copy-boy in the bullpen at a giant news syndicate, running errands for the paper's publisher and, eventually, its cartoonists. Bushmiller burns to get into the funnies, and he's got a good head for gags, but his draftsmanship needs work. He secretly enrolls in a life-drawing class, which does him little good, but he applies himself and applies himself, and eventually is given his big break: taking over Fritzi Ritz, a daily cartoon serial about a sexy flapper.
Bushmiller's run on Fritzi Ritz outlasts flappers, and, as he struggles to keep the character relevant amidst changing times, he eventually hits on a "Cousin Oliver" gambit: adding in a sassy niece named Nancy:
https://tvtropes.org/pmwiki/pmwiki.php/Main/CousinOliver
Cousin Oliverae are rarely successful, but Nancy turned out to be the exception that proved the rule. Nancy took over the strip, and "Aunt Fritzi" receded in importance, taking a backstage to Nancy and her pal Sluggo.
As Nancy came into her own, so did Bushmiller. Bushmiller combined an impeccable sense of the gag (he started with his punchline panel – "the snapper" – and worked backwards) with a visual style that he refined to something so pure and refined that it inspired generations of comics creators.
Bushmiller was the master of simplifying, and then simplifying more, and then simplifying even more. Visually, his characters and his furniture (especially the iconic "three rocks" of the title) are refined to something so iconic they're practically ideograms. While some accused Bushmiller of re-using a small set of drawings, Griffith makes the convincing case that Bushmiller perfected a small number of icons, and repeated them as motifs. Indeed, these characters are so perfect and finely tuned that when Griffith inserts Nancy, Sluggo and other characters from Bushmillerville into his graphic novel, he doesn't re-draw them – rather, Griffith carefully crops these characters out and collages them into his own panels. Every image of Nancy in this book was drawn by Ernie Bushmiller.
This pared-down, severely restricted graphic style provides the perfect toolkit for the Bushmiller gag, which, at its best, is profoundly surrealistic, often playing on the form of the comic itself (for example, when Nancy asks Sluggo to give her a push on a bicycle, Sluggo obliges by stepping out of the comic and tipping the final panel at 45 degrees, sending Nancy rolling "downhill"). These meta-humorous gags give rise to Griffith's key insight: that Nancy isn't a comic about what it's like to be a kid – it's a comic about what it's like to be a cartoon character.
This is such a good organizing principle for understanding Nancy's staying power and influence. Other cartoons like Peanuts are nominally about being a kid, but are actually about being a small adult. Nancy, meanwhile, shares a lineage with, say, Animaniacs and Bugs Bunny and Groucho Marx (who, we learn, wore out his welcome with Bushmiller and his wife by relentlessly hitting on the latter at celebrity dinners at the Brown Derby). It's no wonder that Scott McCloud, the prophet-explainer of sequential art, loves Nancy: she practically invented stepping outside the frame and making us think about how these pictures and words worked, and why, and she made us laugh the whole time.
Bushmiller had a unique mind. He was a workaholic, turning out a 7-day/week strip for decades, even as he shouldered a variety of side-projects and other strips. Once he started making money, he moved to the Connecticut suburbs where he could have a work-room big enough to accommodate four drafting boards, so he could work on four strips at once. He would sometimes get a year ahead of schedule with his publishers. It was only very late in his life that Bushmiller took on any kind of assistants, and even then, he obsessively supervised them, counting the spikes in every depiction of Nancy's hair to ensure that they fell within the regulation 69-107 spikes.
Despite his massive following among artists, hipsters and intellectuals, Bushmiller insisted that the secret to his success was in his devotion to simplicity and the universality it brought. Bushmiller's editorial process seems to have consisted almost entirely of his removing words, images and lines from his panels, paring them down further and further until they became, essentially, narrated pictograms – almost funny Ikea assembly instructions.
Griffith – a daily cartoonist workaholic who has been turning out Zippy strips since 1971 – bursts with admiration for Bushmiller, and this biography saves a lot of space for Bushmiller himself, with long sections given over to reproductions of some of Nancy's best outings. Griffith has had more than half a century to think about what makes surreal comic-strips tick, and, like McCloud, he pours these out on the page, but largely confines himself to illustrating his insights with Bushmiller strips and panels. The result is a heady volume: a great biography and a great book of literary criticism and comic arts theory.
Nancy is still around, written and drawn by the amazing Olivia Jaimes, whose first collection of new Nancy comics I called "incredibly, fantastically, impossibly great":
John Hodgman Knows Where the Sewage-Treatment Plant Should Go https://www.curbed.com/article/interview-john-hodgman-joy-of-zoning-livestream-simcity2013.html
Zohran did not win because of TikTok and podcasts https://www.usermag.co/p/zohran-did-not-win-because-of-tiktok-and-podcasts-social-media
How Uber Became A Cash-Generating Machine https://len-sherman.medium.com/how-uber-became-a-cash-generating-machine-ef78e7a97230
#15yrsago Adventurer’s Club from Walt Disney World recreated in painstaking detail with Half-Life engine https://insidethemagic.net/2010/06/walt-disney-worlds-adventurers-club-virtually-recreated-for-fans-to-once-again-explore/
#15yrsago Texas GOP comes out against oral sex, the UN, and the Supreme Court https://web.archive.org/web/20100626003418/https://www.nydailynews.com/news/2010/06/22/2010-06-22_texas_gop_platform_criminalize_gay_marriage_and_ban_sodomy_outlaw_strip_clubs_an.html
#15yrsago Monkey-Pirate-Robot-Ninja-Zombie: Rock Paper Scissors 9.0 https://web.archive.org/web/20100625003931/http://markarayner.com/blog/archives/1613
#10yrsago Harry Reid tells BLM’s Burning Man squad to suck it up https://web.archive.org/web/20150628195105/http://hoh.rollcall.com/harry-reid-to-burning-man-rescue/
#10yrsago Supreme Court upholds marriage equality! https://www.theguardian.com/law/live/2015/jun/26/supreme-court-rules-same-sex-marriage
#10yrsago Wil Wheaton on depression https://www.youtube.com/watch?v=K6ACzT6PCDw
#10yrsago 2.5 million data points show: America’s ISPs suck, and AT&T sucks worst https://www.measurementlab.net/blog/interconnection_and_measurement_update/
#5yrsago Microcontent guidelines for 2020 https://pluralistic.net/2020/06/26/police-riots/#nielsen-98
#5yrsago "Violent protests" vs "violent police" https://pluralistic.net/2020/06/26/police-riots/#police-riot
#5yrsago Sympathy for the mask-shy https://pluralistic.net/2020/06/26/police-riots/#harm-reduction
#5yrsago Let's get rid of nursing homes https://pluralistic.net/2020/06/26/police-riots/#nursing-homes
#5yrsago Splash Mountain to purge Song of the South https://pluralistic.net/2020/06/26/police-riots/#minstrelsy
#5yrsago Copyright keeps police use-of-force training a secret https://pluralistic.net/2020/06/26/police-riots/#post-due
#1yrago Cleantech has an enshittification problem https://pluralistic.net/2024/06/26/unplanned-obsolescence/#better-micetraps
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Forward Kentucky
https://www.youtube.com/watch?v=LpMxBBMBkZs
Democrats Abroad
https://creators.spotify.com/pod/profile/demsabroadca/episodes/Cory-Doctorow-on-Enshittification-e34blmg/a-ac0jn7i
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
The "dictator's dilemma" pits a dictator's desire to create social stability by censoring public communications in order to prevent the spread of anti-regime messages with the dictator's need to know whether powerful elites are becoming restless and plotting a coup:
https://pluralistic.net/2023/07/26/dictators-dilemma/#garbage-in-garbage-out-garbage-back-in
Closely related to the dictator's dilemma is "authoritarian blindness," where an autocrat's censorship regime keeps them from finding out about important, socially destabilizing facts on the ground, like whether a corrupt local official is comporting themself so badly that the people are ready to take to the streets:
https://pluralistic.net/2020/02/24/pluralist-your-daily-link-dose-24-feb-2020/#thatswhatxisaid
The modern Chinese state has done more to skillfully navigate the twin hazards of the dictator's dilemma and authoritarian blindness than any other regime in history. Take Xi Jinping's 2012-2015 anticorruption purge, which helped him secure another ten year term as Party Secretary. Xi targeted legitimately corrupt officials in this sweeping purge, but – crucially – he only targeted corrupt officials in the power-base of his rivals for Party leader, while leaving corrupt officials in his own power base unscathed:
How did Xi accomplish this feat? Through intense, fine-grained surveillance, another area in which modern China excels. Chinese online surveillance is often paired with censorship, both petty (banning Winnie the Pooh, whom Xi is often mocked for resembling) and substantial (getting Apple to modify Airdrop for every user in the world in order to prevent the spread of anti-regime messages before a key Party leadership contest).
But there are a lot of instances where China spies on its people but doesn't censor them, even if they are expressing dissatisfaction with the government. Chinese censors allow a surprising amount of complaint about official incompetence, overreach and corruption, but they completely suppress any calls for mobilization to address these complaints. You can be as angry as you want with the government online, but you can't call for protests to do something about it:
https://www.science.org/doi/10.1126/science.1251722
This makes perfect sense in the context of "authoritarian blindness": by allowing online complaint, an autocrat can locate the hot-spots where things are reaching a boiling-over point, and by blocking public manifestations, the autocrat can prevent the public from turning their failings into a flashpoint that endangers the autocracy.
In other words, autocrats can reserve to themselves the power to decide how to defuse public anger: they can suppress it, using surveillance data about the people who led the online debate about official failures to figure out who to intimidate, arrest, or disappear. Or they can address it through measures like firing corrupt local officials or funding local social programs (toxic waste cleanups, smokestack regulation, building schools and hospitals, etc) that make people feel better about their government.
Autocracy is an inherently unstable social situation. No society can deliver everything that everyone in it desires: if you tear down existing low-density housing and build apartment blocks to decrease a housing shortage, you'll delight people who are un- or under-housed, and you'll infuriate people who are happily housed under the status quo. In every society, there's always someone getting their way at the expense of someone else.
Obviously, widespread unhappiness is inherently socially destabilizing. After all, no society can police every action of every person. From littering to parking in disabled parking spots, from paying your taxes to washing your hands before serving food, a society relies primarily on people following the rules even though they face little to no risk of being punished for breaking them. The easiest way to get people to follow the rules is to foster a sense of the rules' legitimacy: people may not agree with or understand the rationale for a rule, but if they view the process by which the rule was decided on as a legitimate one, then they may follow it anyway.
This legitimacy is a source of social stability. Sure, your candidate might lose the election, or the government might enact a policy you hate, but if you think the election was fair and you believe that you can change the policy through democratic means, then you will be on the side of preserving the system, rather than overturning it.
A democracy's claim to legitimacy lies in its popular mandate: "Sure, I don't like this decision, but it was fairly made." By contrast, a dictator's legitimacy comes from their claims to wisdom: "Sure, I don't like this decision, but the Supreme Generalissimo is the smartest man in history, and he says it was the right call."
You can see how this is a brittle arrangement, even if the dictator is a skilled autocrat who makes generally great decisions: even a great decision is going to have winners and losers, and it might be hard to convince the losers that they keep losing because they deserve to lose. And that's the best outcome, where an autocrat is right. But what about when the autocrat is wrong? What about when the autocrat makes a bunch of decisions that make nearly everyone consistently worse off, either because the autocrat is a fool, or because they are greedy and are stealing everything that isn't nailed down?
Every society needs stabilizers, but autocracies need more stabilizers than democracies, because the story about why you, personally, are getting screwed is a lot less convincing in an autocracy ("The autocrat is right and you are wrong, suck it up") than it is in a democracy ("This was the fairest compromise possible, and if it wasn't, we need to elect someone new so it changes").
The Snowden revelations taught us that there is no distinction between commercial surveillance and government surveillance. Governments spy, sure, but the most effective way for governments to spy on us is by raiding the data troves assembled by technology companies (for one thing, these troves are assembled at our own expense – we foot the bill for this spying whenever we send money to a phone or tech company). The tech companies were willing participants in this process: the original Snowden leak, about the "PRISM" program, showed how tech companies made millions of dollars by siphoning off user data to the NSA on demand:
https://en.wikipedia.org/wiki/PRISM
It was only later that we learned about another NSA program, "Upstream," through which the NSA was wiretapping the tech companies' data-centers, acquiring all of their user data, and then requesting the data that interested them through PRISM, as a form of "parallel construction," which is when an agency learns a fact through a secret system, and then uses a less-secret system to acquire the same fact, in order to maintain the secrecy of the first system:
https://www.eff.org/pages/upstream-prism
Upstream really pissed off the tech companies. After all, they'd been dutifully rolling over and handing out their users' data in violation of US law, risking their businesses to help the NSA do mass spying, and the NSA paid them back by secretly spying on the tech companies themselves! That's a hell of a way to say thank you to your co-conspirators. After Upstream, the tech companies finally started encrypting the links between their data-centers, which made Upstream-style collection infinitely harder:
But that hardly ended the mass surveillance private-public partnership. Congress continued to do nothing about privacy (the last federal consumer privacy law Congress gave Americans is 1988's Video Privacy Protection Act, which bans video store clerks from telling newspapers about the VHS cassettes you take home) (we used to be a country). That meant that tech companies could collect our data will-ye or nil-ye, and that data brokers could buy and sell that data without any oversight or limitation:
https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising
There's many reasons that Congress failed to act on privacy. Obviously, they face immense pressure from lobbyists for the commercial surveillance industry – but they also face covert and powerful pressure from public safety agencies, cops, and spies, who rely on private sector data as a source of off-the-books, warrantless, ubiquitous surveillance.
Why does America need so much spying? Well, because America has always been imperfectly democratic, from its inception as a enslaving nation where millions of people were denied both the ballot and personhood; and as a patriarchal nation where half of the remaining people were also denied the franchise; and as a colonialist nation where an entire culture of people had been subject to genocide, land theft, and systematic oppression. This is an obviously unstable arrangement. Whether in chains, on a reservation, or under the thumb of a husband or father, there were plenty of Americans who had no reason to buy into the system, accept its legitimacy, or follow its rules. To keep the system intact, it wasn't enough to terrorize these populations – America's rulers had to know where to inflict terror, which is to say, where order was closest to collapsing.
Some of America's first spies were private sector union-busters, the Pinkerton agency, who served as a private spy army for bosses who wanted to find the leverage points in the worker uprisings that swept the country. The Pinkertons' pitch was that it was cheaper to pay them to figure out who the most important union leaders were and target them for violence, kidnapping, and killing than it was to give all your workers a raise.
This is an important aspect of the surveillance project. Spying is part of a broader class of activities called "guard labor" – anything you might pay someone to do that results in fewer guillotines being built on your lawn. Guard labor can be paying someone to build a wall around your estate or neighborhood. It can be paying security guards to patrol the wall. It can be paying for CCTV operators, or drone operators. It can be paying for surveillance, too.
Guard labor isn't free. The pitch for guard labor is that it is a cheaper way to get social stability than the alternative: building schools and hospitals, paying a living wage, lowering prices, etc. It follows that when you make guard labor cheaper, you can build fewer schools and hospitals, pay lower wages, and raise prices more, and buy more guard labor to counter the destabilizing effect of these policies, and still come out ahead.
American politics have been growing ever more unstable since the 1970s, when the oil crisis gave way to the Reagan revolution and its raft of pro-oligarch, anti-human policies. Since then, we've seen an unbroken trend to wage stagnation and widening inequality. As a new American oligarch class emerged, they gained near-total control over the levers of power. In a now-famous 2014 paper, political scientists reviewed 1,779 policy fights and found that the only time these cashed out in a way that reflected popular will is when elites favored them, too. When elites objected to something, it literally didn't matter how popular it was with everyone else, it just didn't happen:
It's pretty hard to make the case that the system is legitimate when it only does things that rich people want, and never does things the vast majority of people want when these conflict with rich peoples' desires. Some of these outcomes are merely disgusting and immoral, like abetting genocide in Gaza, but more frequently, the policies elites favor are ones that make the rich richer: climate inaction, blocking Medicare for All, smashing unions, dismantling anti-corruption and campaign finance laws.
I don't think it's a coincidence that America's democracy has become significantly less democratic at the same time that mass surveillance has grown. Mass surveillance makes guard labor much cheaper, which means that the rich can make their lives better at all of our expense and still afford the amount of guard labor it takes to keep the guillotines at bay.
Cheap guard labor also allows the rich to strike devil's bargains that would otherwise be instantaneously destabilizing. For example, the second Trump election required an alliance between the tiny minority of ultra-rich with the much larger minority of virulent racists who were promised the realization of their psychotic fantasy of masked, armed goons snatching brown people off the streets and sending them to offshore slave labor camps. That alliance might be a good way to elect a president who'll dismantle anticorruption law and slash taxes, but it won't do you much good if the resulting ethnic cleansing terror provokes a popular uprising. But what if ICE can rely on Predator drones and cell-site simulators to track the identities of everyone who comes out to a protest:
https://www.wired.com/story/cbp-predator-drone-flights-la-protests/
What if ICE can buy off-the-shelf facial recognition tools and use them to identify people who are brave enough to step between snatch-squads and their neighbors?
Each advance in surveillance tech makes worse forms of oppression, misgovernance and corruption possible, by making it cheaper to counter the destabilizing effect of destroying the lives of the populace, through identifying the bravest, angriest, and most effective opposition figures so they can be targeted for harassment, violence, arrest, or kidnapping.
America's private sector surveillance industry has always served as a means of identifying and punishing people who fought for a better country. The first credit reporting bureau was the Retail Credit Company, which used a network of spies and paid informants to identify "race mixers," queers, union organizers and leftists so that banks could deny them credit, landlords could deny them housing, and employers could deny them jobs:
https://jacobin.com/2017/09/equifax-retail-credit-company-discrimination-loans/
Retail Credit continued to do this until 1975, when, finally, popular opinion turned against the company, so it changed its name…
…to Equifax.
Today, Equifax is joined by a whole industry of elite enforcers who use spying, legal harassments, mercenaries and troll armies to offset the socially destabilizing effects of the wealthy's misrule:
https://pluralistic.net/2023/08/23/launderers-enforcers-bagmen/#procurers
But despite centuries of American mass surveillance, America's oligarchs keep finding themselves in the midst of great existential crises. That's because guard labor – even surveillance-supercharged guard labor – is no substitute for policies that make the country better off. Oligarchs may want to tend the nation like a shepherd tends its flock, leaving enough lambs around to grow next year's wool. But they're all competing with one another, and they understand that the sheep they spare will like as not end up on a rival's dinner table. Under those circumstances, every oligarch ends up in a race to see who can turn us into lambchops first.
This is the dictator's dilemma, American style. The rich always overestimate how much social stability their guard labor has bought them, and they're easy marks for any creepy, malodorous troll with a barn full of machine-gun equipped drones:
https://twitter.com/postoctobrist/status/1909853731559973094
They accumulate mounting democratic debts, as destabilizing rage builds in the public, erupting in the Civil War, in the summer of 68, in the Battle of Seattle, in the Rodney King uprising, in the George Floyd protests, in Los Angeles rebellion. They think they can spy their way into a country where they have everything and we have nothing, and we like it (or at least, never dare complain about it).
They're wrong.
(Image: Cryteria, CC BY 3.0, modified)
The Rise And The Fall Of The Mail Chute https://hackaday.com/2025/06/25/the-rise-and-the-fall-of-the-mail-chute/
Bezos Wedding Guests Given Monogrammed Plastic Bottles To Urinate In During Ceremony https://theonion.com/bezos-wedding-guests-given-monogrammed-plastic-bottles-to-urinate-in-during-ceremony/
NPR staffers pick their favorite fiction reads of 2025 so far https://www.npr.org/2025/06/25/nx-s1-5356144/fiction-books-summer-2025
Inside the UFC Settlement Fighters Actually Deserve https://leftsideofthev.substack.com/p/knockout-victory-inside-the-ufc-settlement
#15yrsago Adventurer’s Club from Walt Disney World recreated in painstaking detail with Half-Life engine https://insidethemagic.net/2010/06/walt-disney-worlds-adventurers-club-virtually-recreated-for-fans-to-once-again-explore/
#15yrsago Texas GOP comes out against oral sex, the UN, and the Supreme Court https://web.archive.org/web/20100626003418/https://www.nydailynews.com/news/2010/06/22/2010-06-22_texas_gop_platform_criminalize_gay_marriage_and_ban_sodomy_outlaw_strip_clubs_an.html
#15yrsago Monkey-Pirate-Robot-Ninja-Zombie: Rock Paper Scissors 9.0 https://web.archive.org/web/20100625003931/http://markarayner.com/blog/archives/1613
#10yrsago Harry Reid tells BLM’s Burning Man squad to suck it up https://web.archive.org/web/20150628195105/http://hoh.rollcall.com/harry-reid-to-burning-man-rescue/
#10yrsago Supreme Court upholds marriage equality! https://www.theguardian.com/law/live/2015/jun/26/supreme-court-rules-same-sex-marriage
#10yrsago Wil Wheaton on depression https://www.youtube.com/watch?v=K6ACzT6PCDw
#10yrsago 2.5 million data points show: America’s ISPs suck, and AT&T sucks worst https://www.measurementlab.net/blog/interconnection_and_measurement_update/
#5yrsago Microcontent guidelines for 2020 https://pluralistic.net/2020/06/26/police-riots/#nielsen-98
#5yrsago "Violent protests" vs "violent police" https://pluralistic.net/2020/06/26/police-riots/#police-riot
#5yrsago Sympathy for the mask-shy https://pluralistic.net/2020/06/26/police-riots/#harm-reduction
#5yrsago Let's get rid of nursing homes https://pluralistic.net/2020/06/26/police-riots/#nursing-homes
#5yrsago Splash Mountain to purge Song of the South https://pluralistic.net/2020/06/26/police-riots/#minstrelsy
#5yrsago Copyright keeps police use-of-force training a secret https://pluralistic.net/2020/06/26/police-riots/#post-due
#1yrago Cleantech has an enshittification problem https://pluralistic.net/2024/06/26/unplanned-obsolescence/#better-micetraps
London: How To Academy with Riley Quinn, Jul 1
https://howtoacademy.com/events/cory-doctorow-the-fight-against-the-big-tech-oligarchy/
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Forward Kentucky
https://www.youtube.com/watch?v=LpMxBBMBkZs
Democrats Abroad
https://creators.spotify.com/pod/profile/demsabroadca/episodes/Cory-Doctorow-on-Enshittification-e34blmg/a-ac0jn7i
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
Tech workers at TikTok, Google, and across the industry share stories about how AI is changing, ruining, or replacing their jobs.
Hello! After many months of writing deep dive blog posts about the terminal, on Tuesday I released a new zine called “The Secret Rules of the Terminal”!
You can get it for $12 here: https://wizardzines.com/zines/terminal, or get an 15-pack of all my zines here.
Here’s the cover:
Here’s the table of contents:
I’ve been using the terminal every day for 20 years but even though I’m very confident in the terminal, I’ve always had a bit of an uneasy feeling about it. Usually things work fine, but sometimes something goes wrong and it just feels like investigating it is impossible, or at least like it would open up a huge can of worms.
So I started trying to write down a list of weird problems I’ve run into in terminal and I realized that the terminal has a lot of tiny inconsistencies like:
^[[DIf you use the terminal daily for 10 or 20 years, even if you don’t understand exactly why these things happen, you’ll probably build an intuition for them.
But having an intuition for them isn’t the same as understanding why they happen. When writing this zine I actually had to do a lot of work to figure out exactly what was happening in the terminal to be able to talk about how to reason about it.
It turns out that the “rules” for how the terminal works (how do
you edit a command you type in? how do you quit a program? how do you fix your
colours?) are extremely hard to fully understand, because “the terminal” is actually
made of many different pieces of software (your terminal emulator, your
operating system, your shell, the core utilities like grep, and every other random
terminal program you’ve installed) which are written by different people with different
ideas about how things should work.
So I wanted to write something that would explain:
Terminal internals are a mess. A lot of it is just the way it is because someone made a decision in the 80s and now it’s impossible to change, and honestly I don’t think learning everything about terminal internals is worth it.
But some parts are not that hard to understand and can really make your experience in the terminal better, like:
cating a binary to stdout messes up your terminal, you can just type reset and move onWhen I wrote How Git Works, I thought I
knew how Git worked, and I was right. But the terminal is different. Even
though I feel totally confident in the terminal and even though I’ve used it
every day for 20 years, I had a lot of misunderstandings about how the terminal
works and (unless you’re the author of tmux or something) I think there’s a
good chance you do too.
A few things I learned that are actually useful to me:
reset works under the hood (it does the equivalent of stty sane; sleep 1; tput reset) – basically I learned that I don’t ever need to worry about
remembering stty sane or tput reset and I can just run reset insteadunbuffer program > out; less out)sqlite3 are so annoying to use (they use libedit instead of readline)As usual these days I wrote a bunch of blog posts about various side quests:
terminfo database is serving us well todayA long time ago I used to write zines mostly by myself but with every project I get more and more help. I met with Marie Claire LeBlanc Flanagan every weekday from September to June to work on this one.
The cover is by Vladimir Kašiković, Lesley Trites did copy editing, Simon Tatham (who wrote PuTTY) did technical review, our Operations Manager Lee did the transcription as well as a million other things, and Jesse Luehrs (who is one of the very few people I know who actually understands the terminal’s cursed inner workings) had so many incredibly helpful conversations with me about what is going on in the terminal.
Here are some links to get the zine again:
As always, you can get either a PDF version to print at home or a print version shipped to your house. The only caveat is print orders will ship in August – I need to wait for orders to come in to get an idea of how many I should print before sending it to the printer.
Federal Housing Finance Agency Director William Pulte: “After significant studying, and in keeping with President Trump’s vision to make the United States the crypto capital of the world, today I ordered the Great Fannie Mae and Freddie Mac to prepare their businesses to count cryptocurrency as an asset for a mortgage”
Notably, at this point they are merely directed to “prepare a proposal for consideration”.
Also notable: “Each Enterprise is directed to consider only cryptocurrency assets that can be evidenced and stored on a U.S.-regulated centralized exchange”.
The "Eurostack" is a (long overdue) project to publicly fund a European "stack" of technology that is independent from American Big Tech (as well as other powers' technology that has less hold in Europe, such as Chinese and Russian tech):
But "technological soveriegnty" is a slippery and easily abused concept. Policies like "national firewalls" and "data localization" (where data on a country's population need to be kept on onshore servers) can be a means to different ends. Data localization is important if you want to keep an American company from funneling every digital fact about everyone in your country to the NSA. But it's also a way to make sure that your secret police can lay hands on population-scale data about anyone they might want to kidnap and torture:
https://doctorow.medium.com/theyre-still-trying-to-ban-cryptography-33aa668dc602
At its worst, "technological sovereignty" is a path to a shattered internet with a million dysfunctional borders that serve as checkpoints where thuggish customs inspectors can stop you from availing yourself of privacy-preserving technology and prevent you from communicating with exiled dissidents and diasporas.
But at its best, "technological sovereignty" is a way to create world-girding technology that can act as an impartial substrate on which all manner of domestic and international activities can play out, from a group of friends organizing a games night, to scientists organizing a symposium, to international volunteer corps organizing aid after a flood.
In other words, "technological sovereignty" can be a way to create a public internet that the whole public controls – not just governments, but also people, individuals who can exercise their own technological self-determination, controlling crucial aspects of their own technology usage, like "who will see this thing I'm saying?" and "whose communications will I see, and which ones can I block?"
A "public internet" isn't the same thing as "an internet that is operated by your government," but you can't get a public internet without government involvement, including funding, regulation, oversight and direct contributions.
Here's an example of different ways that governments can involve themselves in the management of one part of the internet, and the different ways in which this will create more or less "public" internet services: fiber optic lines.
Fiber is the platinum standard for internet service delivery. Nothing else comes even close to it. A plastic tube under the road that is stuffed with fiber optic strands can deliver billions of times more data than copper wires or any form of wireless, including satellite constellations like Starlink:
https://pluralistic.net/2021/03/30/fight-for-44/#slowpokes
(Starlink is the most antifuturistic technology imaginable – a vision of a global internet that gets slower and less reliable as more people sign up for it. It makes the dotcom joke of "we lose money on every sale but make it up in volume" look positively bankable.)
The private sector cannot deliver fiber. There's no economical way for a private entity to secure the rights of way to tear up every street in every city, to run wires into every basement or roof, to put poles on every street corner. Same goes for getting the rights of way to string fiber between city limits across unincorporated county land, or across the long hauls that cross national and provincial or state borders.
Fiber itself is cheap like borscht – it's literally made out of sand – but clearing the thicket of property rights and political boundaries needed to get wire everywhere is a feat that can only be accomplished through government intervention.
Fiber's opponents rarely acknowledge this. They claim, instead, that the physical act of stringing wires through space is somehow transcendentally hard, despite the fact that we've been doing this with phone lines and power cables for more than a century, through the busiest, densest cities and across the loneliest stretches of farmland. Wiring up a country is not the lost art of a fallen civilization, like building pyramids without power-tools or embalming pharoahs. It's something that even the poorest counties in America can manage, bringing fiber across forbidden mountain passes on the back of a mule named "Ole Bub":
When governments apply themselves to fiber provision, you get fiber. Don't take my word for it – ask Utah, a bastion of conservative, small-government orthodoxy, where 21 cities now have blazing fast 10gb internet service thanks to a public initiative called (appropriately enough) "Utopia":
https://pluralistic.net/2024/05/16/symmetrical-10gb-for-119/#utopia
So government have to be involved in fiber, but how should they involve themselves in it? One model – the worst one – is for the government to intervene on behalf of a single company, creating the rights of way for that company to lay fiber in the ground or string it from poles. The company then owns the network, even though the fiber and the poles were the cheapest part of the system, worth an unmeasurably infinitesimal fraction of the value of all those rights of way.
In the worst of the worst, the company that owns this network can do anything they want with its fiber. They can deny coverage to customers, or charge thousands of dollars to connect each new homes to the system. They can gouge on monthly costs, starve their customer service departments or replace them with mindless AI chatbots. They can skimp on maintenance and keep you waiting for days or weeks when your internet goes out. They can lard your bill with junk fees, or force you to accept pointless services like landlines and cable TV as a condition of getting the internet.
They can also play favorites with local businesses: maybe they give great service to every Domino's pizza place at knock-down rates, and make up for it by charging extra to independent pizza parlors that want to accept internet orders and stream big sports matches on the TV over the bar.
They can violate Net Neutrality, slowing down your connection to sites unless their owners agree to pay bribes for "premium carriage." They can censor your internet any way they see fit. Remember, corporations – unlike governments – are not bound by the First Amendment, which means that when a corporation is your ISP, they can censor anything they feel like:
https://pluralistic.net/2022/12/15/useful-idiotsuseful-idiots/#unrequited-love
Governments can improve on this situation by regulating a monopoly fiber company. They can require the company to assume a "universal service" mandate, meaning they must connect any home or business that wants it at a set rate. Governments can ban junk fees, set minimum standards for customer service and repair turnarounds, and demand neutral carriage. All of this can improve things, though its a lot of work to administer, and the city government may lack the resources and technical expertise to investigate every claim of corporate malfeasance, and to perform the technical analysis to evaluate corporate excuses for slow connections and bungled repairs.
That's the worst model: governments clear the way for a private monopolist to set up your internet, offering them a literally priceless subsidy in the form of rights of way, and then, maybe, try to keep them honest.
Here's the other extreme: the government puts in the fiber itself, running conduit under all the streets (either with its own crews or with contract crews) and threading a fiber optic through a wall of your choice, terminating it with a box you can plug your wifi router into. The government builds a data-center with all the necessary switches for providing service to you and your neighbors, and hires people to offer you internet service at a reasonable price and with reasonable service guarantees.
This is a pretty good model! Over 750 towns and cities – mostly conservative towns in red states – have this model, and they're almost the only people in America who consistently describe themselves as happy with their internet service:
https://ilsr.org/articles/municipal-broadband-skyrocket-as-alternative-to-private-models/
(They are joined in their satisfaction by a smattering of towns served by companies like Ting, who bought out local cable companies and used their rights of way to bring fiber to households.)
This is a model that works very well, but can fail very badly. Municipal governments can be pretty darned kooky, as five years of MAGA takeovers of school boards, library boards and town councils have shown, to say nothing of wildly corrupt big-city monsters like Eric Adams (ten quintillion congratulations to Zohran Mamdani!). If there's one thing I've learned from the brilliant No Gods No Mayors podcast, it's that mayors are the weirdest people alive:
https://www.patreon.com/collection/869728?view=condensed
Remember: Sarah Palin got her start in politics as mayor of Wasilla, Alaska. Do you want to have to rely on Sarah Palin for your internet service?
https://www.patreon.com/posts/119567308?collection=869728
How about Rob Ford? Do you want the crack mayor answering your tech support calls? I didn't think so:
https://www.patreon.com/posts/rob-ford-part-1-111985831
But that's OK! A public fiber network doesn't have to be one in which the government is your only choice for ISP. In addition to laying fiber and building a data-center and operating a municipal ISP, governments can also do something called "essential facilities sharing":
https://transition.fcc.gov/Bureaus/Common_Carrier/Orders/1999/fcc99238.pdf
Governments all over the world did this in the late 1990s and early 2000s, and some do it still. Under an essential facilities system, the big phone company (BT in the UK, Bell in Canada, AT&T and the Baby Bells in the USA) were required to rent space to their competitors in their data centers. Anyone who wants to set up an ISP can install their own switching gear at a telephone company central office and provide service to any business or household in the country.
If the government lays fiber in your town, they can both operate a municipal fiber ISP and allow anyone else to set up their own ISP, renting them shelf-space at the data-center. That means that the town college can offer internet to all its faculty and students (not just the ones who live in campus housing), and your co-op can offer internet service to its members. Small businesses can offer specialized internet, and so can informal groups of friends. So can big companies. In this model, everyone is guaranteed both the right to get internet access and the right to provide internet access. It's a great system, and it means that when Mayor Sarah Palin decides to cut off your internet, you don't need to sue the city – you can just sign up with someone else, over the same fiber lines.
That's where essential facilities sharing starts, but that's not where it needs to stop. When the government puts conduit (plastic tubes) in the ground for fiber, they can leave space for more fiber to fished through, and rent space in the conduit itself. That means that an ISP that wants to set up its own data center can run physically separate lines to its subscribers. It means that a university can do a point-to-point connection between a remote scientific instrument like a radio telescope and the campus data-center. A business can run its own lines between branch offices, and a movie studio can run dedicated lines from remote sound-stages to the edit suites at its main facility.
This is a truly public internet service – one where there is a publicly owned ISP, but also where public infrastructure allows for lots of different kinds of entities to provide internet access. It's insulated from the risks of getting your tech support from city hall, but it also allows good local governments to provide best-in-class service to everyone in town, something that local governments have a pretty great track record with.
The Eurostack project isn't necessarily about fiber, though. Right now, Europeans are thinking about technological sovereignty through the lens of software and services. That's fair enough, though it does require some rethinking of the global fiber system, which has been designed so that the US government can spy on and disconnect every other country in the world:
https://pluralistic.net/2023/10/10/weaponized-interdependence/#the-other-swifties
Just as with the example of fiber, there are a lot of ways the EU and member states could achieve "technological sovereignty." They could just procure data-centers, server software, and the operation of social media, cloud hosting, mobile OSes, office software, and other components of Europeans' digital lives from the private sector – sort of like asking a commercial operator to run your town's internet service.
The EU has pretty advanced procurement rules, designed to allow European governments to buy from the private sector while minimizing corruption and kickbacks. For example, there's a rule that the lowest priced bid that conforms to all standards needs to win the contract. This sounds good (and it is, in many cases) but it's how Newag keeps selling trains in Poland, even after they were caught boobytrapping their trains so they would immobilize themselves if the operator took them for independent maintanance:
https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure
The EU doesn't have to use public-private partnerships to build the Eurostack. They could do it all themselves. The EU and/or member states could operate public data centers. They could develop their own social media platforms, mobile OSes, and apps. They could be the equivalent of the municipal ISP that offers fast fiber to everyone in town.
As with public monopoly ISPs, this is a system that works well, but fails badly. If you think Elon Musk is a shitty social media boss, wait'll you see the content moderation policies of Viktor Orban – or Emmanuel Macron:
https://jacobin.com/2025/06/france-solidarity-urgence-palestine-repression
Publicly owned data centers could be great, but also, remember that EU governments have never given up on their project of killing working encryption so that their security services can spy on everyone. Austria's doing it right now!
https://www.yahoo.com/news/austrian-government-agrees-plan-allow-150831232.html
Ever since Snowden, EU governments have talked a good line about the importance of digital privacy. Remember Angela Merkel's high dudgeon about how her girlhood in the GDR gave her a special horror of NSA surveillance?
https://www.bbc.com/news/world-us-canada-24647268
Apparently, Merkel managed to get over her horror of mass surveillance and back total, unaccountable, continuous digital surveillance over all of Germany:
https://www.hrw.org/news/2021/06/24/germanys-new-surveillance-laws-raise-privacy-concerns
So there's good reasons to worry about having your data – and your apps – hosted in an EU cloud.
To create a European public internet, it's neither necessary nor desirable to have your digital life operated by the EU and its member states, nor by its private contractors. Instead, the EU could make Eurostack a provider of technological public goods.
For example, the EU could work to improve federated social media systems, like Mastodon and Bluesky. EU coders could contribute to the server and client software for both. They could participate in future versions of the standard. They could provide maintenance code in response to bug reports, and administer bug bounties. They could create tooling for server administrators, including moderation tools, both for Mastodon and for Bluesky, whose "composable moderation" system allows users to have the final say over their moderation choices. The EU could perform and/or fund labelling work to help with moderation.
The EU could also provide tooling to help server administrators stand up their own independent Mastodon and Bluesky servers. Bluesky needs a lot of work on this, still. Bluesky's CTO has got a critical piece of server infrastructure to run on a Raspberry Pi for a few euros per month:
https://justingarrison.com/blog/2024-12-02-run-a-bluesky-pds-from-home/
Previously, this required a whole data center and cost millions to operate, so this is great. But this now needs to be systematized, so that would-be Bluesky administrators can download a package and quickly replicate the feat.
Ultimately, the choice of Mastodon or Bluesky shouldn't matter all that much to Europeans. These standards can and should evolve to the point where everyone on Bluesky can talk to everyone on Mastodon and vice-versa, and where you can easily move your account from one server to another, or one service to another. The EU already oversees systems for account porting and roaming on mobile networks – they can contribute to the technical hurdles that need to be overcome to bring this to social media:
https://pluralistic.net/2024/12/14/fire-exits/#graceful-failure-modes
In addition to improving federated social media, the EU and its member states can and should host their own servers, both for their own official accounts and for public use. Giving the public a digital home is great, especially if anyone who chafes at the public system's rules can hop onto a server run by a co-op, a friend group, a small business or a giant corporation with just a couple clicks, without losing any of their data or connections.
This is essential facilities sharing for services. Combine it with public data centers and tooling for migrating servers from and to the public server to a private, or nonprofit, or co-op data-center, and you've got the equivalent of publicly available conduit, data-centers, and fiber.
In addition to providing code, services and hardware, the EU can continue to provide regulation to facilitate the public internet. They can expand the very limited interoperability mandates in the Digital Markets Act, forcing legacy social media companies like Meta and Twitter to stand up APIs so that when a European quits their service for new, federated media, they can stay in touch with the friends they left behind (think of it as Schengen for social media, with guaranteed free movement):
https://www.eff.org/interoperablefacebook
With the Digital Service Act, the EU has done a lot of work to protect Europeans from fraud, harassment and other online horribles. But a public internet also requires protections for service providers – safe harbors and carve outs that allow you to host your community's data and conversations without being dragged into controversies when your users get into flamewars with each other. If we make the people who run servers liable for their users' bad speech acts, then the only entities that will be able to afford the lawyers and compliance personnel will be giant American tech companies run by billionaires like Elon Musk and Mark Zuckerberg.
https://pluralistic.net/2020/12/04/kawaski-trawick/#230
A "public internet" isn't an internet that's run by the government: it's a system of publicly subsidized, publicly managed public goods that are designed to allow everyone to participate in both using and providing internet services. The Eurostack is a brilliant idea whose time arrived a decade ago. Digital sovereignty projects are among the most important responses to Trumpism, a necessary step to build an independent digital nervous system the rest of the world can use to treat the USA as damage and route around it. We can't afford to have "digital soveriegnty" be "national firewalls 2.0" – we need a public internet, not 200+ national internets.
Star Wars: Galactic Starcruiser – The Blockbuster to End All Blockbusters https://nordiclarp.org/2025/06/20/star-wars-galactic-starcruiser-the-blockbuster-to-end-all-blockbusters/
MIT student prints AI polymer masks to restore paintings in hours https://arstechnica.com/ai/2025/06/mit-student-prints-ai-polymer-masks-to-restore-paintings-in-hours/
Congress, Now More Than Ever, Our Nation Needs Your Cowardice https://theonion.com/letter-to-congress/
Dems’ Crypto Schemers Have Entered The Chat https://www.levernews.com/dems-crypto-schemers-have-entered-the-chat/?utm_source=buffer&utm_medium=social-link&utm_campaign=social-link-buffer
#20yrsago Tit of justice reinstated by Supreme Torturer Gonzales https://web.archive.org/web/20050910170445/http://www.usatoday.com/news/washington/2005-06-24-doj-statue_x.htm
#20yrsago What tomorrow’s Grokster Supreme Court ruling will mean https://web.archive.org/web/20050827114341/https://www.eff.org/deeplinks/archives/003742.php
#15yrsago Toronto’s secret ID law used to arrest G20 protestor https://web.archive.org/web/20100628022932/http://www.thestar.com/news/gta/torontog20summit/article/828372–man-arrested-and-left-in-wire-cage-under-new-g20-law
#10yrsago Why parents in Cincinnati camp out for 16 days to get a kindergarten spot https://medium.com/@hellogerard/waiting-for-kindergarten-62a14d4f1ce5
#10yrsago Stephen Harper ready to sign TPP and throw Tory rural base under the bus https://memex.craphound.com/2015/06/25/stephen-harper-ready-to-sign-tpp-and-throw-tory-rural-base-under-the-bus/
#10yrsago How the UK Prime Minister’s office gets around Freedom of Information requests https://www.independent.co.uk/news/uk/politics/downing-st-accused-of-deliberate-attempts-to-avoid-freedom-of-information-requests-as-exstaff-reveal-automated-deletion-system-10325231.html
#10yrsago They’re tearing down the Adventurer’s Club https://memex.craphound.com/2015/06/25/theyre-tearing-down-the-adventurers-club/
#10yrsago David Byrne and St Vincent celebrate Color Guard with astounding Contemporary Color show https://www.youtube.com/watch?v=K8jSWQtC_fA
#5yrsago 759 Trump atrocities https://pluralistic.net/2020/06/25/canada-reads/#m-o
#5yrsago How Big Tech distorts discourse https://pluralistic.net/2020/06/25/canada-reads/#oii
#1yrago Mirion Malle's "So Long Sad Love" https://pluralistic.net/2024/06/25/missing-step/#the-fog-of-love
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Forward Kentucky
https://www.youtube.com/watch?v=LpMxBBMBkZs
Democrats Abroad
https://creators.spotify.com/pod/profile/demsabroadca/episodes/Cory-Doctorow-on-Enshittification-e34blmg/a-ac0jn7i
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
this polymarket market tells a story
hottest day of the year and she's in her sleeping bag. my cat is part lizard.
Economists praise "price discrimination" as "efficient." That's when a company charges different customers different amounts based on inferences about their willingness to pay. But when a company sells you something for $2 that someone else can buy for $1, they're revaluing the dollars in your pocket at half the rate of the other guy's.
That's not how economists see it, of course. When a hotel sells you a room for $50 that someone else might get charged $500 for, that's efficient, provided that the hotelier is sure no $500 customers are likely to show up after you check in. The empty room makes them nothing, and $50 is more than nothing. There's a kind of metaphysics at work here, in which the room that is for sale at $500 is "a hotel room you book two weeks in advance and are sure will be waiting for you when you check in" while the $50 room is "a hotel room you can only get at the last minute, and if it's not available, you're sleeping in a chair at the Greyhound station."
But what if you show up at the hotel at 9pm and the hotelier can ask a credit bureau how much you can afford to pay for the room? What if they can find out that you're in chemotherapy, so you don't have the stamina to shop around for a cheaper room? What if they can tell that you have a 5AM flight and need to get to bed right now? What if they charge you more because they can see that your kids are exhausted and cranky and the hotel infers that you'll pay more to get the kids tucked into bed? What if they charge you more because there's a wildfire and there are plenty of other people who want the room?
The metaphysics of "room you booked two weeks ago" as a different product from "room you're trying to book right now" break down pretty quickly once you factor in the ability of sellers to figure out how desperate you are – or merely how distracted you are – and charge accordingly. "Surveillance pricing" is the practice of spying on you to figure out how much you're willing to spend – because you're wealthy, because you're desperate, because you're distracted, because it's payday – and charging you more:
https://pluralistic.net/2024/06/05/your-price-named/#privacy-first-again
For example, a McDonald's ventures portfolio company called Plexure offers drive-through restaurants the ability to raise the price of your regular order based on whether you've recently received your paycheck. They're just one of many "personalized pricing" companies that have attracted investor capital to figure out how to charge you more for the things you need, or merely for the small pleasures of life.
Personalized pricing (that is, "surveillance pricing") is part of the "pricing revolution" that is underway in the US and the world today. Another major element of this revolution are the "price clearinghouses" that charge firms within a sector to submit their prices to them, then "offer advice" on the optimum pricing. This advice – given to all the suppliers of a good or service – inevitably boils down to "everyone should raise their prices in unison." So long as everyone follows that advice, we poor suckers have nowhere else to go to get a better deal.
This is a pretty thin pretext. Price-fixing is illegal, after all. These companies pretend that when all the meat-packers in America send their pricing data to a "neutral" body like Agri-Stats, which then tells them all to jack up the price of meat, that this isn't a price-fixing conspiracy, since the actual conspiracy takes the form of strongly worded suggestions from an entity that isn't formally part of the industry:
https://pluralistic.net/2023/10/04/dont-let-your-meat-loaf/#meaty-beaty-big-and-bouncy
Same goes for when all the landlords in town send their rental data to a company like Realpage, which then offers "advice" about the optimum price, along with stern warnings not to rent below that price: apparently that's not price-fixing either:
https://popular.info/p/feds-raid-corporate-landlord-escalating
It's not just sellers who engage in this kind of price-fixing – it's also buyers. Specifically buyers of labor, AKA "bosses." Take contract nursing, where a cartel of three staffing apps have displaced the many small regional staffing agencies that historically served the sector. These companies buy nurses' credit history from the unregulated, Wild West data-brokerage sector. They're checking to see whether a nurse who's looking for a shift has a lot of credit-card debt, especially delinquent debt, because these nurses are facing economic hardship and will accept a lower wage than their better-off compatriots:
https://pluralistic.net/2024/12/18/loose-flapping-ends/#luigi-has-a-point
This is surveillance pricing for buyers, and as with the sell-side pricing revolution, buyers also make use of a third party as an accountability sink (a term coined by Dan Davies): the apps that they use to buy nursing labor are a convenient way for hospitals to pretend that they're not engaged in price-fixing for labor.
Veena Dubal calls this "algorithmic wage discrimination." Algorithmic wage discrimination doesn't need to use third-party surveillance data: Uber, who invented the tactic, use their own in-house data as a way to make inferences about drivers' desperation and thus their willingness to accept a lower wage. Drivers who are less picky about which rides they accept are treated as more desperate, and offered lower wages than their pickier colleagues:
https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men
But this gets much creepier and more powerful when combined with aggregated surveillance data. This is one of the real labor consequences of AI: not the hypothetical millions of people who will become technologically unemployed, numbers that AI bosses pull out of their asses and hand to dutiful stenographers in the tech press who help them extol the power of their products; but rather the millions of people whose wages are suppressed by algorithms that continuously recalculate how desperate a worker is apt to be and lower their wages accordingly.
This is as good a candidate for AI regulation as any, but it's also a very good reason to regulate data brokers, who operate with total impunity. Thankfully, Biden's Consumer Finance Protection Bureau passed a rule that made data brokers effectively illegal:
https://pluralistic.net/2024/06/10/getting-things-done/#deliverism
But then Trump got elected and his despicable minions killed that rule, giving data brokers carte blanche to spy on you and sell your data, effectively without restriction:
https://www.wired.com/story/cfpb-quietly-kills-rule-to-shield-americans-from-data-brokers/
(womp-womp)
Also, Biden's FTC was in the middle of an antitrust investigation into surveillance pricing on the eve of the election, a prelude to banning the practice in America:
https://pluralistic.net/2024/07/24/gouging-the-all-seeing-eye/#i-spy
But then Trump got elected and his despicable minions killed that investigation and instead created a snitch line where FTC employees could complain about colleagues who were "woke":
https://www.ftc.gov/system/files/ftc_gov/pdf/bedoya-statement-emergency-motion.pdf
(Womp.)
(Womp.)
Naomi Klein's Doppelganger proposes a "mirror world" that the fever-swamp right lives in – a world where concern for children takes the form of Pizzagate conspiracies, while ignoring the starving babies in Gaza and the kids whose parents are being kidnapped by ICE:
https://pluralistic.net/2023/09/05/not-that-naomi/#if-the-naomi-be-klein-youre-doing-just-fine
The pricing revolution is a kind of mirror-world Marxism, grounded in "From each according to their ability to pay; to each according to their economic desperation":
https://pluralistic.net/2025/01/11/socialism-for-the-wealthy/#rugged-individualism-for-the-poor
A recent episode of the excellent Organized Money podcast featured an interview with Lee Hepner, an antitrust lawyer who is on the front lines of the pricing revolution (on the side of workers and buyers) (not bosses):
https://www.organizedmoney.fm/p/the-wild-world-of-surveillance-pricing
Hepner is the one who proposed the formulation that personalized pricing is a way for corporations to decide that your dollars are worth less than your neighbors' dollars – a form of economic discrimination that treats the poorest, most desperate, and most precarious among us as the people who should pay the most, because we are the people whose dollars are worth the least.
Now, this isn't always true. Earlier this month, Delta, United and American were caught charging more for single travelers than they charged pairs of groups:
https://thriftytraveler.com/news/airlines/airlines-charging-solo-travelers-higher-fares/
That's a way to charge business travelers extra – for valuing their dollars less than the dollars of families, not because business travelers are desperate, but because they are, on average, richer than holidaymakers (because their bosses are presumed to be buying their tickets). Sometimes, price discrimination really does charge richer people more to subsidize everyone else.
But here's the difference: when the news about the business-traveler's premium broke, its victims – powerful people with social capital and also regular capital – rose up in outrage, and the airlines reversed the policy:
https://thriftytraveler.com/news/airlines/delta-rethinks-higher-fares-solo-travelers/
If the airlines are still pursuing this kind of price discrimination, they'll do something sneakier, like buying our credit histories before showing us a price. This is something British Airways is already teeing up, by offering essentially zero reward miles to frequent travelers for partner airline tickets unless they're purchased from BA's own website:
https://onemileatatime.com/news/the-british-airways-club/
But BA operates in the UK, where most of the pre-Brexit, EU-based privacy regime is still intact, despite the best efforts of Keir Starmer to destroy it, something that neither Boris Johnson, nor Theresa May, nor Rishi Sunak, nor Liz Truss could manage:
So for now, BA travelers might be safe from surveillance pricing, at least in the UK and EU. And that's the thing, America is pretty much cooked. It might be generations – centuries – before the USA emerges from its Trumpian decline and becomes a civilized democracy again. Americans have little hope of a future in which their government protects them from corporate predators, rather than serving them up on a toothpick, along with a little cocktail napkin.
The future of the fight against corporate power and oligarchy is something for the rest of the world to carry on, as the American hermit kingdom sinks into ever-deeper collapse:
https://pluralistic.net/2025/06/21/billionaires-eh/#galen-weston-is-a-rat
And as it happens, Canada's Competition Bureau, newly equipped with muscular enforcement powers thanks to a 2024 law, is seeking public comment on surveillance pricing and whether Canada should do something about it:
I'm writing comments for this one. If you're in Canada, or a Canadian abroad (like me), perhaps you could, too. If you're looking for an excellent Canadian perspective to crib from, check out this episode of The Globe and Mail's Lately podcast on the subject:
https://www.theglobeandmail.com/podcasts/lately/article-the-end-of-the-fixed-price/
Just because America jumped off the Empire State Building, that's no reason for Canada to jump off the CN Tower, after all.
(Eh?)
(Image: Cryteria, CC BY 3.0, modified)
Scrambled Eggs and Paralyzed Policy: Breaking Up Consummated Mergers and Dominant Firms https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3736613
The McMansionization of the White House, or: Regional Car Dealership Rococo: a treatise https://www.patreon.com/posts/mcmansionization-126873692
SnapNotSell https://snapnotsell.netlify.app
Engineered Estrangement https://www.bylinesupplement.com/p/engineered-estrangement-an-interview
#20yrsago Notes from fight to turn WIPO into a humanitarian agency https://web.archive.org/web/20050903072827/https://www.eff.org/deeplinks/archives/003722.php
#20yrsago Software patents are bad for coders like literary patents would be for writers https://web.archive.org/web/20050622023635/http://www.guardian.co.uk/online/comment/story/0,12449,1510566,00.html
#20yrsago WIPO Development Agenda meeting docs photographed and posted https://web.archive.org/web/20051127092845/http://homes.eff.org/~renbucholz/wipo/
#20yrsago Dear Kansas: Why stop at “Intelligent Design?” What about Spaghetti Monsters? https://web.archive.org/web/20050626010148/http://www.venganza.org/
#15yrsago Blacksad: hardboiled detective fiction about anthropomorphic animals (no, really) https://memex.craphound.com/2010/06/21/blacksad-hardboiled-detective-fiction-about-anthropomorphic-animals-no-really/
#15yrsago White House guts bill that would rein in CEO salaries; you can stop them http://www.aaronsw.com/weblog/proxyreform
#15yrsago New Apple terms allow them to collect and share your “precise, real-time location” https://web.archive.org/web/20100622165913/https://consumerist.com/2010/06/privacy-change-apple-knows-your-phone-is-and-is-telling-people.html
#10yrsago Doctoral dissertation in graphic novel form https://spinweaveandcut.com/unflattening/
#10yrsago EU set to kill street photography https://medium.com/vantage/freedom-of-panorama-is-under-attack-6cc5353b4f65
#5yrsago The politicization of K-pop stans https://pluralistic.net/2020/06/21/stans/#kpop-stans
#5yrsago Yahoo is a deadbeat billionaire zombie https://pluralistic.net/2020/06/21/stans/#altaba
#1yrago Neither the devil you know nor the devil you don't https://pluralistic.net/2024/06/21/off-the-menu/#universally-loathed
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Democrats Abroad
https://creators.spotify.com/pod/profile/demsabroadca/episodes/Cory-Doctorow-on-Enshittification-e34blmg/a-ac0jn7i
FediForum Keynote
https://www.youtube.com/watch?v=7_Gs1t0qe78
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
A major problem with letting billionaires decide how your country is run is that they will back whichever psycho promises the lowest taxes and least regulation, no matter how completely batshit and unfit that person is:
https://www.hamiltonnolan.com/p/nations-are-people
Billionaires have farcical, almost unimaginable resources. These let them take over whole political parties, even "left" parties, with the result that all real electoral options disappear. Voting for the other party gets you a different set of aesthetics, but the same existential threats to the human race and the planet:
After generations of increasingly oligarch-friendly policies and billionaire entryism into the Democratic Party, America may well be cooked, a total write-off for generations to come. The path to saving the world and our species arguably lies through strengthening other countries to resist American psychos and protect the planet from the consequences of their brainwormed leadership.
Writing for Jacobin, Alex Hemingway sets out a plan for imposing a wealth-tax on Canada's oligarchs, one that incorporates lessons from previous attempts at such a tax:
https://jacobin.com/2025/06/wealth-tax-canada-inequality-austerity/
Even on the left, the idea of a wealth-tax is controversial – not because leftists are sympathetic to billionaires, but because they are skeptical that a wealth tax can be carried out. It's a practical, not an ideological objection:
https://pileusmmt.libsyn.com/196-the-problem-with-wealth-taxes-with-steven-hail-part-1
After all, under capitalism, wealth always grows faster than the economy at large, meaning that over time, the rich will get steadily richer, and inequality will widen and widen:
https://memex.craphound.com/2014/06/24/thomas-pikettys-capital-in-the-21st-century/
Ideally, we would counter the trend of wealth piling up into dynastic fortunes with continuous redistribution and predistribution: taxing capital gains at the same rate (or a higher rate) than income, so that income from labor isn't treated worse than income from ownership; steeply graded progressive taxes, with top rates of 70-99%, high inheritance taxes, and so on. We had a system like that, from the end of WWII (when the rich were poorer than they'd been in centuries, with their influence in tatters) until the Reagan era (when the rich had rebuilt their fortunes and were able to seize the reins of power). In the 45 years since the rise of the new oligarchy, we've lived through accelerating wealth accumulation, and as the rich got richer, they used their wealth to dismantle any barrier to creating new aristocratic dynasties.
So here we are, trapped in the new oligarchy. It's too late to rely on income taxes, not if we're going to euthanize enough rentiers to free out politics from their toxic influence and save the human race any of several foreseeable mass-extinction events. Making the ultra-rich poor again is going to require new tactics.
In Canada, the 1% owns 29% of the country's wealth. The 87 richest families in Canada control as much wealth as the bottom 12 million Canadians combined. This is better than the US (where the 1% own 35% of the country), but not by much:
https://www.policyalternatives.ca/wp-content/uploads/attachments/Born%20to%20Win.pdf
Can we make a wealth tax work? Here's Hemingway's program for making it work in Canada:
Aim it at the super-rich alone. Avoid even the upper middle-class, who lack the liquid assets to pay the tax and could get wrecked if they have to liquidate their holdings at the same time as everyone else, which will depress asset prices;
Use third-party assessments of asset values. Don't take billionaires' word for how much their assets are worth! Canada's got an advantage here, thanks to the Canada Revenue Agency's requirement for financial institutions to report their account holders' income, including capital gains. Canada's also recently created "beneficial owner" registries that record the true owners of assets;
Use lifestyle audits: anyone caught engaging in tax-evasion will face severe penalties, as will the enablers at financial services firms that help them.
One frequent objection to high taxes is that it encourages capital flight – rich people hopping to another territory to avoid taxation. That's a reasonable fear, given how pants-wettingly terrified the rich are of paying tax. Hemingway points out that a wealth tax is different from an income tax – income taxes are levied on the outcome of productive activities, while wealth taxes target accumulated wealth. High income taxes can starve a country of the capital it needs for a productive economy, but that's not the case with wealth taxes.
Hemingway points to the OECD's Common Reporting Standard, through which more than 100 countries have agreed to share financial information, which will help Canada catch billionaires as they funnel their wealth offshore. Meanwhile, if the rich try to move with their money, we can hit them with an exit tax, like the 40% that Elizabeth Warren has proposed.
It's an article of faith that the rich will move offshore at the first hint of a wealth tax, but the research shows that rich people often have reasons to stay that trump their taxophobia. The economic effect of rich people Going Galt is pretty darned small:
The modern prophet of oligarchy and its origins is the French economist Thomas Piketty. In a recent Le Monde column, Piketty examines the failure of a French wealth tax proposal that would have shaved a modest 2% off the fortunes of the 1,800 French people with more than €100 million:
https://www.lemonde.fr/blog/piketty/2025/06/17/the-senate-beside-the-story/
The proposal passed the National Assembly, only to die in the Senate, an institution with a long history of pro-oligarchic activism (the Senate killed every French income tax passed by the Assembly from 1896-1914). The Assembly's wealth tax addressed the problem of tax exiles, levying the wealth tax for 5 years after an oligarch relocated. For Piketty, this didn't go far enough: he wants a pro-rated tax based on the number of years an oligarch spent in France in their lifetime: if you were educated and cared for at French expense from birth and went on to become a billionaire, then a modest share of your wealth would forever be owed to the country that made it possible. Piketty says that a wealth tax could be paid in shares instead of cash, with the stock going into a trust for workers, who would get board seats as well.
He points out that decarbonization is going to require large sacrifices from all of us, but that these will be impossible to demand with a straight face so long as the super-rich are paying taxes that are trivial relative to their assets and income.
FTC competition comment jointly submitted by EFF and Authors Alliance https://www.eff.org/files/2025/06/05/ftc_competition_comment_jointly_submitted_by_eff_and_authorsalliance.pdf
McMansion Hell urges all New Yorkers to Rank Zohran Mamdani #1 for Mayor of NYC https://mcmansionhell.com/post/786540193484341248/mcmansion-hell-urges-all-new-yorkers-to-rank
Arbitration Information https://arbitrationinformation.org/docs/problems/
Apple to Australians: You’re Too Stupid to Choose Your Own Apps https://www.eff.org/deeplinks/2025/06/apple-australians-youre-too-stupid-choose-your-own-apps
#20yrsago Snapple floods Manhattan with 17.5 tons of frozen kiwi-strawberry slurry https://nielsenhayden.com/makinglight/archives/006460.html#006460
#20yrsago Beloved Toronto singing cowboy/mayoral candidate Ben Kerr, RIP https://www.blogto.com/city/2005/06/ben_kerr_a_toronto_legend_passes_away/
#20yrsago Heinlein’s house https://web.archive.org/web/20050625235954/http://www.heinleinsociety.org/rah/history/bonnydoon1.html
#20yrsago Banned Nepali radio station transmits via megaphone https://reliefweb.int/report/nepal/banned-air-nepal-news-radio-hits-streets
#20yrsago Queen Liz: Sony remotes are too hard to use https://web.archive.org/web/20050815080728/http://www.macworld.co.uk/news/index.cfm?email&NewsID=11914
#15yrsago ASCAP raising money to fight Free Culture https://memex.craphound.com/2010/06/23/ascap-raising-money-to-fight-free-culture/
#15yrsago Original Pac-Man sketches https://www.control-online.nl/2010/06/22/iwatani-toont-gamesgeschiedenis-in-meest-pure-vorm/
#15yrsago Viacom v Internet: round one to Internet https://memex.craphound.com/2010/06/23/viacom-v-internet-round-one-to-internet/
#15yrsago A Canadian author’s perspective on “radical extremism” and copyright https://memex.craphound.com/2010/06/23/a-canadian-authors-perspective-on-radical-extremism-and-copyright/
#15yrsago Gate guarded McMansion suburb in Walt Disney Worldhttps://insidethemagic.net/2010/06/disney-unveils-golden-oak-luxury-homes-offering-a-chance-to-live-in-the-walt-disney-world-resort/
#15yrsago Canadian Heritage Minister declares war on copyright reformers https://web.archive.org/web/20100626073040/http://www.michaelgeist.ca/content/view/5138/125/
#15yrsago Bruce Sterling’s Shareable.net story about astroturfer gulag https://www.shareable.net/the-exterminators-want-ad/
#15yrsago Corruption: FCC’s closed-door meetings on open Internet https://web.archive.org/web/20100626222659/http://blog.broadband.gov/?entryId=518087
#15yrsago Canadian Heritage Minister smears DMCA opponents as “radical extremists” https://www.michaelgeist.ca/2010/06/moore-and-radical-extremists/
#15yrsago US IP Czar’s report sells out the American public to Big Content https://memex.craphound.com/2010/06/22/us-ip-czars-report-sells-out-the-american-public-to-big-content/
#15yrsago I Love Paree: new sf story podcast https://craphound.com/news/2010/06/22/i-love-paree-part-1/
#10yrsago Australia’s own Immortan Joe turns off the water, I mean, Internet https://arstechnica.com/tech-policy/2015/06/australia-passes-controversial-anti-piracy-web-censorship-law/
#10yrsago GCHQ psychological operations squad targeted Britons for manipulation https://theintercept.com/2015/06/22/controversial-gchq-unit-domestic-law-enforcement-propaganda/
#10yrsago GCHQ hacking squad worried about getting sued for copyright violation https://theintercept.com/2015/06/22/gchq-reverse-engineering-warrants/
#10yrsago The Girl With the Parrot on Her Head https://memex.craphound.com/2015/06/22/the-girl-with-the-parrot-on-her-head/
#10yrsago FDA & FTC mull homeopathy’s future https://sciencebasedmedicine.org/homeopathic-industry-and-its-acolytes-make-poor-showing-before-fda/
#10yrsago Tie your shoes the Ukrainian way http://shnurovka.com/en/step-by-step-instructions-english/
#10yrsago Outstanding paper on the impact of ebook DRM on readers, writers, publishers and distributors https://www.law.berkeley.edu/files/Bittar_Ana_Carolina.pdf
#10yrsago You’ll falafel about this horrifying new pita-sized crypto-key-sniffing hack https://www.wired.com/2015/06/radio-bug-can-steal-laptop-crypto-keys-fits-inside-pita/
#5yrsago Against AI phrenology https://pluralistic.net/2020/06/23/cryptocidal-maniacs/#phrenology
#5yrsago Privacy in tracing tokens https://pluralistic.net/2020/06/23/cryptocidal-maniacs/#trace-together
#5yrsago Congress wants to read all your DMs https://pluralistic.net/2020/06/23/cryptocidal-maniacs/#crypto-wars
#5yrsago Blueleaks https://pluralistic.net/2020/06/23/cryptocidal-maniacs/#ddosecrets
#5yrsago Surveillance electoralism https://pluralistic.net/2020/06/23/cryptocidal-maniacs/#aaronsw
#5yrsago The real cyberwar is Goliath, slaughtering an army of Davidshttps://pluralistic.net/2020/06/22/jobs-guarantee/#selection-bias
#5yrsago The Case for a Job Guarantee https://pluralistic.net/2020/06/22/jobs-guarantee/#job-guarantee
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
FediForum Keynote
https://www.youtube.com/watch?v=7_Gs1t0qe78
Science Fiction is EXPOSING Scams and AI Dystopia (Bad Faith)
https://www.youtube.com/watch?v=SlrKlp_Iiko
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
To provide political cover for supporting the crypto industry’s legislative giveaway, group chat members suggested pro-crypto allies in the Democratic caucus could introduce symbolic anti-corruption amendments to the final bill prohibiting President Donald Trump and elected officials from profiting from cryptocurrencies knowing the effort would be “doa,” or dead on arrival, since the language would likely be voted down by Republicans.– “Dems’ Crypto Schemers Have Entered The Chat”, The Lever
Less than a week ago Schiff voted for the GENIUS Act crypto bill, which Trump has urged Congress to pass.
I picked up Daniel de Visé's The Blues Brothers: An Epic Friendship, the Rise of Improv, and the Making of an American Film Classic at LA's Diesel Books; it was on the receiving table I sat next to as I signed books after a book-tour reading, and I snuck peeks at the back cover while I chatted with the long line of attendees:
By the time the line was cleared, there was no question that I was going to buy this book, even though it wasn't formally for sale for a couple days (the bookstore staff were kind enough to make an exception for me, not least because I promised them that I wouldn't get a chance to read it for quite some time as I flitted from city to city on the rest of the tour).
Like many people of my generation, I grew up with The Blues Brothers. I taped the movie off of TV when I was about 14 and literally wore the tape out in the next four years, re-watching and re-re-watching the movies on that tape – Animal House, The Blues Brothers and Spinal Tap – so many times that I can still just about recite those movies verbatim, more than 30 years later.
The Blues Brothers is sunk so deep into my psyche that I don't know that I ever questioned why they were so embedded in my outlook. I don't know if I can even tell you when I first saw the movie. Certainly, my friend-group was very into the movie, and my best friend and I went as Jake and Elwood on multiple Hallowe'ens at the Rocky Horror Picture Show at Toronto's Roxy Theatre, until it became such a cliche for us that we felt the need to mix it up and dress up as zombie Jake and Elwood.
But beyond the movie, I was taken with the Blues Brothers' music. I didn't know much about blues, boogie woogie and other roots music before the Blues Brothers came into my life. The combination of the Blues Brothers movie and its sound-track sent me on a treasure hunt for music by the band, its musical guests, and the artists whose song they covered. By the time I was 20, I'd amassed a vast collection of used records, tapes and CDs featuring Cab Calloway, Ray Charles, John Lee Hooker, Aretha Franklin, Willy Mabon, The Chips, Floyd Dixon and more. Soon, I was leaping from one artist to others. I found an incredible Pop Staples/Steve Cropper/Albert King collaboration "Jammed Together":
https://www.youtube.com/watch?v=8Sarzs8VRSg
Within a few hops, I'd found my way to Sonny Terry and Brownie McGhee and thence to the immortal James Cotton:
https://www.youtube.com/watch?v=kl4IcMlrJwM
I started skipping Rocky Horror to see the house band at Chicago's on Queen Street, and from there found my way to the weekend jams at Grossman's:
https://torontobluessociety.com/venue/grossmans-tavern-2/
It's not an overstatement to say that The Blues Brothers altered my life, changing the music I listened to and the way I understood the musical ancestry of everything that went into my ears. Indeed, the effects that The Blues Brothers had on my life are so pervasive that I effectively stopped noticing them. When I put on a Memphis Slim album, it doesn't occur to me that the reason that music is on my hard-drive has something to do with that worn-out VHS cassette in my parents' living room in the 1980s.
Standing there at the counter at Diesel Books for an hour, sneaking peeks at the back cover of de Visé's book, set me to considering exactly how this weird and remarkable phenomenon came to be. I knew a little, of course – my friends and I used to trade the information that Aykroyd came from a family of famous Ontario Tories the same way we would have gossiped had his father been a famous serial-killer. And no one could escape some of the more salacious details of Belushi's death, though I absorbed most of what I knew via one of the greatest short stories I've ever read, Bradley Denton's "Calvin Coolidge Home for Dead Comedians," about Belushi and Lenny Bruce leading a revolt in Comedian Hell:
https://en.wikipedia.org/wiki/The_Calvin_Coolidge_Home_for_Dead_Comedians
So I bought a copy off the receiving table, straight out of the warehouse box, and I've finally gotten around to reading it, and holy moly is it fascinating! I confess that in the months since I brought the book home and stuck it on the TBR shelf, I'd mostly forgotten why I'd picked it up and had started to view it as a book full of production trivia, and when I picked it up this week, it was with an eye to skimming it quickly before putting it out at the curb in my Little Free Library. Instead, I found myself utterly engrossed in a brilliantly told, brilliantly researched tale that left me with a much deeper understanding of – and appreciation for – the cultural phenomenon that I was (and am) swept up in.
De Visé devotes the first third of the book to snappy, revealing biographies of Belushi and Aykroyd, who grew up in very different milieux, and were of very different temperaments, but who both found their way into comedy just as the tradition of Borscht Belt comics and variety shows were giving way to a younger, weirder kind of comedy, a mixture of Monty Python, National Lampoon and improv.
These biographical sketches are short, but they don't shy away from nuance – Belushi's parents, for example, are simultaneously painted as loving and also reckless and self-involved. De Visé gives the lion's share of attention to Belushi, but he doesn't stint on detail about Aykroyd, strongly implying that "Danny" is on the spectrum, with a deep collection of "special interests" and a deep discomfort with eye contact that accounts for habit of wearing sunglasses.
As the two men find their way into various pioneering comedy projects – Second City, National Lampoon radio shows – they start to inch towards Lorne Michaels, and thus to each other. As de Visé painstakingly traces the ups and downs of their comedy careers, he paints a vivid picture of the wild swings of talented, striving artists at the start of their careers. By the time we get to the SNL chapters, the show itself becomes the star, and its rocky early days strongly echo the struggles of the comedians we've followed to its stage.
The actual production story of The Blues Brothers movie doesn't start until more than halfway through the narrative. By that time, we've been set up with the way that filmmaking, comedy, popular culture, and politics have all changed to make The Blues Brothers movie a possibility. De Visé shows us how Belushi had won over a long list of household names in the entertainment industry, and how Aykroyd's meticulous, obsessive nature honed and directed Belushi's wild talent.
The actual production of, and reception to, The Blues Brothers movie arrives in the book as a kind of extended climax and denouement, and yes, there are tons of funny bits of production trivia and gossip in this section. From winning over the mayor of Chicago (who reversed a decades-long policy of all-but-total prohibitions on filming permits in the city) to dropping a Ford Pinto thousands of feet, to the garage where, every night, dozens of surplus police cars that had been crashed that day were refurbished and gotten into shape to be crashed again the next day.
And while all of this is going on, de Visé gives us a vivid portrayal of Belushi's spiraling addiction, the disease that is killing him right there, in front of everyone who loves him. That story carries over into the film's aftermath, as it is laboriously cut from more than three hours (it was originally intended to be shown with an intermission!) and released to hostile critics and an adoring public.
These are the final days of Belushi, something we all know and can see coming. But even as Belushi approaches his final days, we learn how The Blues Brothers movie had created a legacy. It was Aykroyd who got Belushi into the blues, and the schtick they did about wanting to preserve this music from a world that was set to bury it and forget it wasn't just for the movie.
Aykroyd and Belushi wanted to bring the music back. They couldn't stand that the likes of Cab Calloway, Aretha Franklin, Ray Charles and James Brown were playing county fairs and half-full night clubs. They wanted the music to escape from history and live again. And they succeeded. In a "where are they now" coda straight out of the closing credits of Animal House, de Visé documents how the artists featured in the movie – and the musical traditions they represented – experienced a massive revival following the film's release, which the musicians themselves credit to the movie.
Which is where I came in, I suppose. That's how I got here, in this form, with a hard drive full of R&B, blues, country swing, jazz, boogie woogie and jump blues that vie with Talking Heads for play in my shuffle.
This isn't a book about a movie; it's a rich and engrossing tale of an extraordinary creative collaboration that found an unlikely foothold at just the right time and place. It's a sensitive, funny, and revealing account of Belushi, Aykroyd, and the comedians, impresarios and friends in their orbit. Even if you didn't wear out a VHS cassette and memorize the whole damned movie, you will find something surprising and delightful in these pages.
McMansion Hell urges all New Yorkers to Rank Zohran Mamdani #1 for Mayor of NYC https://mcmansionhell.com/post/786540193484341248/mcmansion-hell-urges-all-new-yorkers-to-rank
Arbitration Information https://arbitrationinformation.org/docs/problems/
Apple to Australians: You’re Too Stupid to Choose Your Own Apps https://www.eff.org/deeplinks/2025/06/apple-australians-youre-too-stupid-choose-your-own-apps
Steps towards an Ecology for the Internet https://arxiv.org/html/2506.06469v1
#20yrsago Canada’s DMCA introduced https://web.archive.org/web/20051027190726/http://www.michaelgeist.ca/home.php?blog_disp_vars=days&blog_date=20050620&day=20&month=06&year=2005&blog_arch=2&v=99
#20yrsago Dead online game resurrected by dumpster-diving its servers https://games.slashdot.org/story/05/06/21/0133233/classic-mmog-raised-from-the-dead-by-past-players
#15yrsago Mickey Mouse, amphetamine shill https://www.erowid.org/library/books_online/mickey_mouse_medicine_man/mickey_mouse_medicine_man.shtml
#15yrsago Economic reality versus ideology: spending cuts and recovery https://www.nytimes.com/2010/06/18/opinion/18krugman.html
#10yrsago UK High Court’s insane ruling: ripping CDs is illegal again https://www.eff.org/deeplinks/2015/06/european-copyright-madness-court-strikes-down-law-allowing-users-rip-their-own-cds
#10yrsago Schneier: China and Russia probably did get the Snowden leaks — by hacking the NSA https://www.wired.com/2015/06/course-china-russia-snowden-documents/
#10yrsago The snitch in your pocket: making sense of Stingrays https://www.wnycstudios.org/podcasts/notetoself/episodes/stingray-conspiracy-theory-daniel-rigmaiden-radiolab
#5yrsago Juneteenth in the Internet Archive https://pluralistic.net/2020/06/20/everybody-knows/#juneteenth
#5yrsago "Longshot" NYPD surveillance transparency law passes https://pluralistic.net/2020/06/20/everybody-knows/#Quis-custodiet-ipsos-custodes
#5yrsago Everybody Knows https://pluralistic.net/2020/06/20/everybody-knows/#slicey-boi
#1yrago How to design a tech regulation https://pluralistic.net/2024/06/20/scalesplaining/#administratability
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
FediForum Keynote
https://www.youtube.com/watch?v=7_Gs1t0qe78
Science Fiction is EXPOSING Scams and AI Dystopia (Bad Faith)
https://www.youtube.com/watch?v=SlrKlp_Iiko
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
Private equity firms are the demon princes of the hellspace that is the imploding, life-destroying, plutocrat-generating American economy. Their favorite scam, the "leveraged buyout" is a mafia bustout dressed up in respectable clothes, and if you mourn a beloved, failed business, chances are that an LBO was the murder weapon, and PE was the killer:
https://pluralistic.net/2024/05/23/spineless/#invertebrates
(Despite simplistic explanations and bad-faith apologetics, a leveraged buyout is nothing like a mortgage – it is a sinister, complex, destructive form of financial fraud:)
https://pluralistic.net/2024/08/05/rugged-individuals/#misleading-by-analogy
As bad as this is, it's ten quintillion times worse when applied to healthcare. When PE buys your hospital, people die. A lot of people:
https://pluralistic.net/2024/02/28/5000-bats/#charnel-house
PE doesn't even have to buy the whole hospital – for a long time, PE groups bought out anesthetist practices affilated with hospitals and pulled them out of the hospital's insurance affiliation. Unsuspecting patients who went in for routine surgical care at a hospital that was in-network for their insurer would get a rude awakening from their sedation: "surprise bills" running to tens or hundred of thousands of dollars. PE groups did the same thing with emergency rooms, so that people experiencing serious medical emergencies who had the presence of mind to insist upon being brought to an in-network ER nevertheless got hit with life-ruining surprise bills:
https://pluralistic.net/2022/03/14/unhealthy-finances/#steins-law
Donald Trump sometimes panders to anti-elitist elements in his base by threatening the private equity racket. For example, Trump has frequently railed against the "carried interest" tax loophole that allows PE bosses to pay half as much tax as you or I would on their vast takings. "Carried interest" is a tax law that gave 16th century sea-captains a break on their "interest" in the cargo they "carried." It is both weird and fantastically unjust that the richest, worst financiers in America are able to take advantage of this Moby Dick-ass-law:
https://pluralistic.net/2021/04/29/writers-must-be-paid/#carried-interest
But while Trump sometimes talks a good line about fighting private equity looters, he does not, has not, and will not lift a finger to them. He dares not. The carried interest tax scam is preserved in the Big Beautiful Bill, joined with many other giveaways to the least productive, most guillotineable looters America has produced:
Working people cannot rely on Trump's federal government and the Republican Congress to protect us from these vampires. But this is America: when the feds fail, that creates an opportunity for state legislators to step in and act. And that's just what's happened in Oregon, where the state legislature has passed sweeping, bipartisan legislation that bans corporations from owning or operating a medical practice in the state:
https://prospect.org/health/2025-06-13-united-health-care-oregon-corporate-medicine/
This is called the "corporate practice of medicine" (CPOM) and it's already banned. The American Medical Association has a longstanding, absolute prohibition on medical practices that are run by anyone except a doctor. Oregon has had a CPOM ban on the law-books since 1947. Private equity meets this prohibition with a very transparent ruse indeed: they get a "rent a doc," often out of state, to serve as the nominal owner of their practices, and the doctor takes orders from the PE firm, and hires the PE firm's outsource agencies to actually operate the clinic or hospital, absorbing the entirety of the practice's profits.
The Oregon bill closes this loophole, and not a minute too soon. Giant healthcare monopolists – most notably groups associated with Unitedhealth, the largest health corporation in America – have embarked on a statewide buying spree, buying and shutting down rural hospitals and clinics, and transforming the remaining facilities into understaffed charnel houses that hemorrhage doctors.
The bill took several tries to get through the legislature. As Oregon House Majority Leader Representative Ben Bowman told Matt Stoller and David Dayen on their Organized Money podcast, the statehouse was crawling with lobbyists hired by out of state private health-care firms who were worried about "contagion" if Oregon's bill passed and spread to other states:
https://www.organizedmoney.fm/p/how-oregon-is-ending-corporate-run
But the bill passed anyway, thanks to a combination of two factors. First, during the bill's legislative adventure, Unitedhealth's Optum bought out the Oregon Medical Group and made working conditions so terrible that dozens of doctors quit, leaving thousands of rural patients (from predominantly Republican districts) without medical care. Optum "fired" thousands of patients, including some who were undergoing cancer treatment, on the basis that they weren't profitable enough to care for:
https://www.thebignewsletter.com/p/private-equity-unitedhealth-take
In the midst of all this, another Unitedhealth monopolist, Change Health, got hacked and virtually no one in America could get a prescription filled – worse, the hack exposed the health records of almost everyone in America, the largest health-related breach in US history:
https://pluralistic.net/2024/06/28/dealer-management-software/#antonin-scalia-stole-your-car
Then, as icing on the cake, Unitedhealth's Oregon operation screwed over multiple, cancer-fighting lawmakers who were serving in the state-house as the bill was under debate. Combine this with testimony from doctors who described how they were unable to practice medicine after leaving Unitedhealth's terrible facilities because they had been trapped with noncompete clauses in their contracts, nor could they warn other doctors away from falling prey to this trap because they were also bound by nondisparagement clauses.
The new bill, SB 951, passed out of the legislature and was signed by the governor earlier this month. It is now good law in Oregon, which means that corporations can't operate medical practices, and that medical personnel can't be subjected to noncompete clauses (fun fact: every noncompete clause is written by a lawyer, but the American Bar Association prohibits noncompetes for lawyers).
Now it's time for those out-of-state healthcare looters' worst fears to be realized. It's time for the contagion to spread to other states.
The US federal system is a big, gnarly mess, but by design, it leaves a lot of power in local hands. That's bad news when local power is being used to ban trans people from peeing, or to attack school librarians, or to ban masking. But it's good news when states and cities can use the American system to create sanctuary systems that welcome asylum seekers and treat them with dignity (which is why the American right, the standard bearer for "states' rights" when it came to school segregation and voter suppression, is now all-in on sending armed soldiers to terrorize their fellow Americans with assault rifles).
Another reason to like state and local politics: local Democrats often suck way less than the necrotic federal Dem establishment. Some of them are even good! In Philly, Mayor Cherelle Parker just signed the Protect Our Workers, Enforce Rights (POWER) Act, which protects 750,000 workers from wage theft:
https://prospect.org/labor/2025-06-18-how-philadelphia-secured-basic-rights-for-750-000-workers/
The POWER Act shifts the burden of proof for wage theft allegations from workers to their bosses and allows them to recover their stolen wages plus $2,000 in statutory damages per violation; it sets up a new fund (replenished with employer fines) that gives money to victims of retaliation, and it creates a public "bad boss" database of repeat offenders.
As Brock Hrehor writes for The American Prospect, the POWER Act was passed after Trump gutted the National Labor Relations Board and left it unable to protect American workers. The POWER Act tackles one of the most pernicious forms of crime in America: wage theft, which accounts for more losses than all property crime in America combined, with losses overwhelming borne by Black and brown workers, especially women. Wage theft is notoriously hard to police, thanks to fear of retaliation and the precarity of victims of this crime.
The POWER Act passed as a result of the combined efforts of unions (SEIU, AFL-CIO) and the Working Families Party. Along with the Oregon Corporate Practice of Medicine ban, it shows how local, grassroots activism can protect everyday, working people from even the worst corporate criminals, even in Donald Trump's America.
Police use controversial AI tool that looks at people’s sex lives and beliefs https://inews.co.uk/news/police-use-controversial-ai-tool-sex-lives-beliefs-3747154
Micro Macintosh https://www.tindie.com/products/djmason9/micro-macintosh/
You don't need an API key to archive Twitter Data https://shkspr.mobi/blog/2025/04/you-dont-need-an-api-key-to-archive-twitter-data/
Talking Heads – Psycho Killer (Official Video) https://www.youtube.com/watch?v=CJ54eImz88w
#10yrsago What’s in the Pope’s barn-storming environmental message? https://www.wired.com/2015/06/popes-memo-climate-change-mind-blower/
#5yrsago Microsoft criticizes Apple's monopolism https://pluralistic.net/2020/06/19/art-of-the-deal/#honi-soit-qui-mal-y-pense
#5yrsago Austerity in disrepute https://pluralistic.net/2020/06/19/art-of-the-deal/#breadlines-r-us
#5yrsago Avia, c'est mort https://pluralistic.net/2020/06/19/art-of-the-deal/#avia
#5yrsago Trump's covid "test-tubes" are contaminated miniature soda bottles https://pluralistic.net/2020/06/19/art-of-the-deal/#art-of-the-deal
#5yrsago Trump wants to dismantle the OTF https://pluralistic.net/2020/06/19/art-of-the-deal/#save-otf
PDX: Picks and Shovels with bunnie Huang at Barnes and Noble, Jun 20
https://stores.barnesandnoble.com/event/9780062183697-0
Tualatin Public Library, Jun 22:
https://www.tualatinoregon.gov/library/author-talk-cory-doctorow
London: How To Academy with Riley Quinn, Jul 1
https://howtoacademy.com/events/cory-doctorow-the-fight-against-the-big-tech-oligarchy/
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Science Fiction is EXPOSING Scams and AI Dystopia (Bad Faith)
https://www.youtube.com/watch?v=SlrKlp_Iiko
The Rideshare Guy
https://www.youtube.com/watch?v=iKeoCxJWVVE
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance."
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583.
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
The GENIUS Act passes the Senate after explicit threats to Democrats from the crypto lobby, and shady crypto billionaire Justin Sun cozies up even closer to the Trump family
Back in 2006, AOL tried something incredibly bold and even more incredibly stupid: they dumped a data-set of 20,000,000 "anonymized" search queries from 650,000 users (yes, AOL had a search engine – there used to be lots of search engines!):
https://en.wikipedia.org/wiki/AOL_search_log_release
The AOL dump was a catastrophe. In an eyeblink, many of the users in the dataset were de-anonymized. The dump revealed personal, intimate and compromising facts about the lives of AOL search users. The AOL dump is notable for many reasons, not least because it jumpstarted the academic and technical discourse about the limits of "de-identifying" datasets by stripping out personally identifying information prior to releasing them for use by business partners, researchers, or the general public.
It turns out that de-identification is fucking hard. Just a couple of datapoints associated with an "anonymous" identifier can be sufficient to de-anonymize the user in question:
https://www.pnas.org/doi/full/10.1073/pnas.1508081113
But firms stubbornly refuse to learn this lesson. They would love it if they could "safely" sell the data they suck up from our everyday activities, so they declare that they can safely do so, and sell giant data-sets, and then bam, the next thing you know, a federal judge's porn-browsing habits are published for all the world to see:
https://www.theguardian.com/technology/2017/aug/01/data-browsing-habits-brokers
Indeed, it appears that there may be no way to truly de-identify a data-set:
https://pursuit.unimelb.edu.au/articles/understanding-the-maths-is-crucial-for-protecting-privacy
Which is a serious bummer, given the potential insights to be gleaned from, say, population-scale health records:
https://www.nytimes.com/2019/07/23/health/data-privacy-protection.html
It's clear that de-identification is not fit for purpose when it comes to these data-sets:
https://www.cs.princeton.edu/~arvindn/publications/precautionary.pdf
But that doesn't mean there's no safe way to data-mine large data-sets. "Trusted research environments" (TREs) can allow researchers to run queries against multiple sensitive databases without ever seeing a copy of the data, and good procedural vetting as to the research questions processed by TREs can protect the privacy of the people in the data:
https://pluralistic.net/2022/10/01/the-palantir-will-see-you-now/#public-private-partnership
But companies are perennially willing to trade your privacy for a glitzy new product launch. Amazingly, the people who run these companies and design their products seem to have no clue as to how their users use those products. Take Strava, a fitness app that dumped maps of where its users went for runs and revealed a bunch of secret military bases:
https://gizmodo.com/fitness-apps-anonymized-data-dump-accidentally-reveals-1822506098
Or Venmo, which, by default, let anyone see what payments you've sent and received (researchers have a field day just filtering the Venmo firehose for emojis associated with drug buys like "pills" and "little trees"):
https://www.nytimes.com/2023/08/09/technology/personaltech/venmo-privacy-oversharing.html
Then there was the time that Etsy decided that it would publish a feed of everything you bought, never once considering that maybe the users buying gigantic handmade dildos shaped like lovecraftian tentacles might not want to advertise their purchase history:
But the most persistent, egregious and consequential sinner here is Facebook (naturally). In 2007, Facebook opted its 20,000,000 users into a new system called "Beacon" that published a public feed of every page you looked at on sites that partnered with Facebook:
https://en.wikipedia.org/wiki/Facebook_Beacon
Facebook didn't just publish this – they also lied about it. Then they admitted it and promised to stop, but that was also a lie. They ended up paying $9.5m to settle a lawsuit brought by some of their users, and created a "Digital Trust Foundation" which they funded with another $6.5m. Mark Zuckerberg published a solemn apology and promised that he'd learned his lesson.
Apparently, Zuck is a slow learner.
Depending on which "submit" button you click, Meta's AI chatbot publishes a feed of all the prompts you feed it:
https://techcrunch.com/2025/06/12/the-meta-ai-app-is-a-privacy-disaster/
Users are clearly hitting this button without understanding that this means that their intimate, compromising queries are being published in a public feed. Techcrunch's Amanda Silberling trawled the feed and found:
"people ask[ing] for help with tax evasion"
"[whether family members would be arrested for their proximity to white-collar crimes"
"how to write a character reference letter for an employee facing legal troubles, with that person’s first and last name included."
While the security researcher Rachel Tobac found "people’s home addresses and sensitive court details, among other private information":
https://twitter.com/racheltobac/status/1933006223109959820
There's no warning about the privacy settings for your AI prompts, and if you use Meta's AI to log in to Meta services like Instagram, it publishes your Instagram search queries as well, including "big booty women."
As Silberling writes, the only saving grace here is that almost no one is using Meta's AI app. The company has only racked up a paltry 6.5m downloads, across its ~3 billion users, after spending tens of billions of dollars developing the app and its underlying technology.
The AI bubble is overdue for a pop:
https://www.wheresyoured.at/measures/
When it does, it will leave behind some kind of residue – cheaper, spin-out, standalone models that will perform many useful functions:
https://locusmag.com/2023/12/commentary-cory-doctorow-what-kind-of-bubble-is-ai/
Those standalone models were released as toys by the companies pumping tens of billions into the unsustainable "foundation models," who bet that – despite the worst unit economics of any technology in living memory – these tools would someday become economically viable, capturing a winner-take-all market with trillions of upside. That bet remains a longshot, but the littler "toy" models are beating everyone's expectations by wide margins, with no end in sight:
https://www.nature.com/articles/d41586-025-00259-0
I can easily believe that one enduring use-case for chatbots is as a kind of enhanced diary-cum-therapist. Journalling is a well-regarded therapeutic tactic:
https://www.charliehealth.com/post/cbt-journaling
And the invention of chatbots was instantly followed by ardent fans who found that the benefits of writing out their thoughts were magnified by even primitive responses:
https://en.wikipedia.org/wiki/ELIZA_effect
Which shouldn't surprise us. After all, divination tools, from the I Ching to tarot to Brian Eno and Peter Schmidt's Oblique Strategies deck have been with us for thousands of years: even random responses can make us better thinkers:
https://en.wikipedia.org/wiki/Oblique_Strategies
I make daily, extensive use of my own weird form of random divination:
https://pluralistic.net/2022/07/31/divination/
The use of chatbots as therapists is not without its risks. Chatbots can – and do – lead vulnerable people into extensive, dangerous, delusional, life-destroying ratholes:
But that's a (disturbing and tragic) minority. A journal that responds to your thoughts with bland, probing prompts would doubtless help many people with their own private reflections. The keyword here, though, is private. Zuckerberg's insatiable, all-annihilating drive to expose our private activities as an attention-harvesting spectacle is poisoning the well, and he's far from alone. The entire AI chatbot sector is so surveillance-crazed that anyone who uses an AI chatbot as a therapist needs their head examined:
https://pluralistic.net/2025/04/01/doctor-robo-blabbermouth/#fool-me-once-etc-etc
AI bosses are the latest and worst offenders in a long and bloody lineage of privacy-hating tech bros. No one should ever, ever, ever trust them with any private or sensitive information. Take Sam Altman, a man whose products routinely barf up the most ghastly privacy invasions imaginable, a completely foreseeable consequence of his totally indiscriminate scraping for training data.
Altman has proposed that conversations with chatbots should be protected with a new kind of "privilege" akin to attorney-client privilege and related forms, such as doctor-patient and confessor-penitent privilege:
I'm all for adding new privacy protections for the things we key or speak into information-retrieval services of all types. But Altman is (deliberately) omitting a key aspect of all forms of privilege: they immediately vanish the instant a third party is brought into the conversation. The things you tell your lawyer are privileged, unless you discuss them with anyone else, in which case, the privilege disappears.
And of course, all of Altman's products harvest all of our information. Altman is the untrusted third party in every conversation everyone has with one of his chatbots. He is the eternal Carol, forever eavesdropping on Alice and Bob:
https://en.wikipedia.org/wiki/Alice_and_Bob
Altman isn't proposing that chatbots acquire a privilege, in other words – he's proposing that he should acquire this privilege. That he (and he alone) should be able to mine your queries for new training data and other surveillance bounties.
This is like when Zuckerberg directed his lawyers to destroy NYU's "Ad Observer" project, which scraped Facebook to track the spread of paid political misinformation. Zuckerberg denied that this was being done to evade accountability, insisting (with a miraculously straight face) that it was in service to protecting Facebook users' (nonexistent) privacy:
https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck
We get it, Sam and Zuck – you love privacy.
We just wish you'd share.
(Image: Japanexperterna.se, CC BY-SA 2.0, modified)
Creative Commons 4.0 has arrived on Flickr! https://blog.flickr.net/en/2025/06/18/creative-commons-4-0-has-arrived-on-flickr/
LA Law Enforcement Agencies Rioted So Hard They Ended Up Shooting Each Other https://www.techdirt.com/2025/06/16/la-law-enforcement-agencies-rioted-so-hard-they-ended-up-shooting-each-other/
“The Clandestina,” a fantasy novel by Jasmina Tesanovic https://bruces.medium.com/the-clandestina-a-fantasy-novel-by-jasmina-tesanovic-part-one-af51d5c73cb7
Kagi for Libraries https://kagi.com/libraries
#10yrsago What’s in the Pope’s barn-storming environmental message? https://www.wired.com/2015/06/popes-memo-climate-change-mind-blower/
#5yrsago Microsoft criticizes Apple's monopolism https://pluralistic.net/2020/06/19/art-of-the-deal/#honi-soit-qui-mal-y-pense
#5yrsago Austerity in disrepute https://pluralistic.net/2020/06/19/art-of-the-deal/#breadlines-r-us
#5yrsago Avia, c'est mort https://pluralistic.net/2020/06/19/art-of-the-deal/#avia
#5yrsago Trump's covid "test-tubes" are contaminated miniature soda bottles https://pluralistic.net/2020/06/19/art-of-the-deal/#art-of-the-deal
#5yrsago Trump wants to dismantle the OTF https://pluralistic.net/2020/06/19/art-of-the-deal/#save-otf
PDX: Picks and Shovels with bunnie Huang at Barnes and Noble, Jun 20
https://stores.barnesandnoble.com/event/9780062183697-0
Tualatin Public Library, Jun 22:
https://www.tualatinoregon.gov/library/author-talk-cory-doctorow
London: How To Academy with Riley Quinn, Jul 1
https://howtoacademy.com/events/cory-doctorow-the-fight-against-the-big-tech-oligarchy/
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 8
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Science Fiction is EXPOSING Scams and AI Dystopia (Bad Faith)
https://www.youtube.com/watch?v=SlrKlp_Iiko
The Rideshare Guy
https://www.youtube.com/watch?v=iKeoCxJWVVE
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
Quid pro quo between cryptocurrency firms, the Trump administration, and the Trump family’s crypto ventures.
Margaret Killjoy writes fantasy stories of relentless tension, boundless wonder, thrilling adventure…and completely radical, unflinching anarchist politics. Her 2024 YA novel "The Sapling Cage" is a queer coming-of-age epic that motors with all the narrative energy of a genderbent Conan epic:
https://pluralistic.net/2024/09/24/daughters-of-the-empty-throne/#witchy
Today, Strangers In a Tangled Wilderness Press publishes The Immortal Choir Holds Every Voice, a collection of three linked short stories set in Killjoy's celebrated Danielle Cain series, which Alan Moore called "ideal reading for a post-truth world":
https://www.tangledwilderness.org/shop/p/the-immortal-choir-holds-every-voice
Danielle Cain is a freight-train-hopping, anarcho-queer hero whose adventures are shared by solidaristic crews of spellcasting, cryptid-battling crustypunk freaks and street-fighters. In Immortal Choir, the action opens with Danielle and a motley band around a campfire in a dark Idaho woods, surrounded by the night-screams of some distant demonic presence. It's Samhain, and the veil between the realm of the living and the dead is as thin as it gets. Bad things are stalking the night.
To save themselves, they must court their own dead, welcoming them to their circle. They pile a camp-plate high with food for the dead to eat, build the fire up, and begin the tell the stories of their dead comrades, summoning them as a defense against the monstrous forces that stalk the All Saints night. This is the setup for the three linked short stories that make up this short book.
This is a great setup: a group of endangered comrades, huddled together against the darkness without, telling tales to buoy up their bravery. It's the framing device that makes The Decameron an enduring classic after 800 years and counting. In Killjoy's hands, it sings.
The first story is "The Troll King's Court," a ghost story about a Norwegian troll cult that came to America in a failed Manhattan-Adjacent Project to create a mystical superweapon with which to win WWII. It's ultimately a story about how the competent people who have their shit together in our lives are just as broken as the rest of us, and about the many ways that release, fulfillment and actualization can take place. It's spooky as fuck.
The middle story is "The Fairies of the Spring," which summons up the old, mean roots of the Fair Folk, the cruelty behind their beauty and merry laughter. Pratchett did one of these (Lords and Ladies), and so have many others – but no one's done it where the resistance comes from a motley band of queer punk club-owners in a rural town, who team up with local shitkickers to hunt the elves and banish them to their realm.
The final tale is "The Battle of Miami," a story about a streetfighting anti-globalist battle. It's a tale of Black Bloc tactics and true queer love, that lights up with joy.
Killjoy's really onto something with this series. She's tapping into the deep roots of fantasy – maybe the socialist parables woven into William Morris's stories. She's also connecting with the roots of urban fantasy (I was delighted to see a reference to Terri Windling's superb, absolutely amazing Borderland series). These three tales stand alone, so there's no need to read the previous volumes before diving into this one. But you should read the other two, because they're great:
https://reactormag.com/excerpts-margaret-killjoy-the-lamb-will-slaughter-the-lion/
https://reactormag.com/excerpts-the-barrow-will-send-what-it-may-margaret-killjoy/
Why I Became a Crypto Shill https://www.youtube.com/watch?v=eDsSg-Xm1ms
Russian edition of "Attack Surface" https://mamot.fr/@pluralistic/114636648703596013
#15yrsago Canadian copyright astroturf site gives marching orders to its users https://www.michaelgeist.ca/2010/06/astroturf-campaign-mandatory-letter/
#10yrsago Corbis will cheerfully charge you up the wazoo for public domain images https://www.pcmag.com/opinions/stock-photos-will-drive-photoshop-use-into-the-ground
#10yrsago Privacy activists mass-quit U.S. government committee on facial recognition privacy https://theintercept.com/2015/06/16/privacy-advocates-resign-protest-u-s-facial-recognition-code-conduct-2/
#10yrsago FCC fines AT&T $100M for throttling “unlimited” customers https://www.washingtonpost.com/news/the-switch/wp/2015/06/17/att-just-got-hit-with-a-100-million-fine-after-slowing-down-its-unlimited-data/?utm_content=buffere69ad&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
#10yrsago Seattle’s tent cities https://grist.org/cities/tent-cities-seattles-unique-approach-to-homelessness/
#5yrsago This is the EU's interoperability moment https://pluralistic.net/2020/06/18/digital-services-act/#interop
#5yrsago Sterilizer company vs Right to Repair https://pluralistic.net/2020/06/18/digital-services-act/#steris
#1yrago It's been twenty years since my Microsoft DRM talk https://pluralistic.net/2024/06/18/greetings-fellow-pirates/#arrrrrrrrrr
PDX: Picks and Shovels with bunnie Huang at Barnes and Noble, Jun 20
https://stores.barnesandnoble.com/event/9780062183697-0
Tualatin Public Library, Jun 22:
https://www.tualatinoregon.gov/library/author-talk-cory-doctorow
London: How To Academy with Riley Quinn, Jul 1
https://howtoacademy.com/events/cory-doctorow-the-fight-against-the-big-tech-oligarchy/
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
Manchester: Co-operatives UK Co-op Congress keynote, Jul 4
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
Virtual: ORG at 20: in conversation with Maria Farrell, Jul 16
https://www.openrightsgroup.org/events/org-at-20-cory-doctorow-in-conversation-with-maria-farrell/
DC: Enshittification at Politics and Prose, Oct 10
https://politics-prose.com/cory-doctorow-10825
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
San Francisco: Enshittification at Public Works (The Booksmith), Oct 20
https://app.gopassage.com/events/doctorow25
Science Fiction is EXPOSING Scams and AI Dystopia (Bad Faith)
https://www.youtube.com/watch?v=SlrKlp_Iiko
The Rideshare Guy
https://www.youtube.com/watch?v=iKeoCxJWVVE
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
Big Tech: we invented the torment nexus
Glasses brands: for $54.95, you can slightly reduce the torment
(Note: while I did finally buy some new glasses, I did not spring for the anti-IR option, which is a total gimmick)
GENIUS Act (stablecoin bill) has passed the Senate.
Here's the breakdown of the 68-30 vote on the GENIUS Act. Same 16 Democrats who voted yea in the previous cloture vote except for Blunt Rochester (DE), and new yea votes from Hickenlooper (CO), Kim (NJ), and Warnock (GA).
All Republicans supported, except for Hawley (MO) and Paul (KY) who voted against and Cotton (AR) who didn't vote.
All Dem yeas: Alsobrooks (MD), Booker (NJ), Cortez Masto (NV), Fetterman (PA), Gallego (AZ), Gillibrand (NY), Hassan (NH), Heinrich (NM), Hickenlooper (CO), Kim (NJ), Lujan (NM), Ossoff (GA), Padilla (CA), Rosen (NV), Schiff (CA), Slotkin (MI), Warner (VA), and Warnock (GA)
just checking in on the financial revolution that was meant to sidestep banks, tech giants, and the state
The true solution, perhaps, is more solidarity and more sincerity.
I made a quick video about media literacy and the misleading Wall Street Journal headline I highlighted this weekend
@molly0xfff Media literacy is important! #medialiteracy #mediabias #wallstreetjournal #wsj #nokings ♬ original sound - Molly White
I have never been a C programmer but every so often I need to compile a C/C++
program from source. This has been kind of a struggle for me: for a
long time, my approach was basically “install the dependencies, run make, if
it doesn’t work, either try to find a binary someone has compiled or give up”.
“Hope someone else has compiled it” worked pretty well when I was running Linux but since I’ve been using a Mac for the last couple of years I’ve been running into more situations where I have to actually compile programs myself.
So let’s talk about what you might have to do to compile a C program! I’ll use a couple of examples of specific C programs I’ve compiled and talk about a few things that can go wrong. Here are three programs we’ll be talking about compiling:
This is pretty simple: on an Ubuntu system if I don’t already have a C compiler I’ll install one with:
sudo apt-get install build-essential
This installs gcc, g++, and make. The situation on a Mac is more
confusing but it’s something like “install xcode command line tools”.
Unlike some newer programming languages, C doesn’t have a dependency manager. So if a program has any dependencies, you need to hunt them down yourself. Thankfully because of this, C programmers usually keep their dependencies very minimal and often the dependencies will be available in whatever package manager you’re using.
There’s almost always a section explaining how to get the dependencies in the README, for example in paperjam’s README, it says:
To compile PaperJam, you need the headers for the libqpdf and libpaper libraries (usually available as libqpdf-dev and libpaper-dev packages).
You may need
a2x(found in AsciiDoc) for building manual pages.
So on a Debian-based system you can install the dependencies like this.
sudo apt install -y libqpdf-dev libpaper-dev
If a README gives a name for a package (like libqpdf-dev), I’d basically
always assume that they mean “in a Debian-based Linux distro”: if you’re on a
Mac brew install libqpdf-dev will not work. I still have not 100% gotten
the hang of developing on a Mac yet so I don’t have many tips there yet. I
guess in this case it would be brew install qpdf if you’re using Homebrew.
./configure (if needed)Some C programs come with a Makefile and some instead come with a script called
./configure. For example, if you download sqlite’s source code, it has a ./configure script in
it instead of a Makefile.
My understanding of this ./configure script is:
Makefile or fails because you’re missing some
dependency./configure script is part of a system called
autotools
that I have never needed to learn anything about beyond “run it to generate
a Makefile”.I think there might be some options you can pass to get the ./configure
script to produce a different Makefile but I have never done that.
makeThe next step is to run make to try to build a program. Some notes about
make:
make -j8 to parallelize the build and make it go
fasterHere’s an error I got while compiling paperjam on my Mac:
/opt/homebrew/Cellar/qpdf/12.0.0/include/qpdf/InputSource.hh:85:19: error: function definition does not declare parameters
85 | qpdf_offset_t last_offset{0};
| ^
Over the years I’ve learned it’s usually best not to overthink problems like
this: if it’s talking about qpdf, there’s a good change it just means that
I’ve done something wrong with how I’m including the qpdf dependency.
Now let’s talk about some ways to get the qpdf dependency included in the right way.
Before we talk about how to fix dependency problems: building C programs is split into 2 steps:
gcc or clang)ld)It’s important to know this when building a C program because sometimes you need to pass the right flags to the compiler and linker to tell them where to find the dependencies for the program you’re compiling.
make uses environment variables to configure the compiler and linkerIf I run make on my Mac to install paperjam, I get this error:
c++ -o paperjam paperjam.o pdf-tools.o parse.o cmds.o pdf.o -lqpdf -lpaper
ld: library 'qpdf' not found
This is not because qpdf is not installed on my system (it actually is!). But
the compiler and linker don’t know how to find the qpdf library. To fix this, we need to:
"-I/opt/homebrew/include" to the compiler (to tell it where to find the header files)"-L/opt/homebrew/lib -liconv" to the linker (to tell it where to find library files and to link in iconv)And we can get make to pass those extra parameters to the compiler and linker using environment variables!
To see how this works: inside paperjam’s Makefile you can see a bunch of environment variables, like LDLIBS here:
paperjam: $(OBJS)
$(LD) -o $@ $^ $(LDLIBS)
Everything you put into the LDLIBS environment variable gets passed to the
linker (ld) as a command line argument.
CPPFLAGSMakefiles sometimes define their own environment variables that they pass to
the compiler/linker, but make also has a bunch of “implicit” environment
variables which it will automatically pass to the C compiler and linker. There’s a full list of implicit environment variables here,
but one of them is CPPFLAGS, which gets automatically passed to the C compiler.
(technically it would be more normal to use CXXFLAGS for this, but this
particular Makefile hardcodes CXXFLAGS so setting CPPFLAGS was the only
way I could find to set the compiler flags without editing the Makefile)
makeI learned thanks to @zwol that there are actually two ways to pass environment variables to make:
CXXFLAGS=xyz make (the usual way)make CXXFLAGS=xyzThe difference between them is that make CXXFLAGS=xyz will override the
value of CXXFLAGS set in the Makefile but CXXFLAGS=xyz make won’t.
I’m not sure which way is the norm but I’m going to use the first way in this post.
CPPFLAGS and LDLIBS to fix this compiler errorNow that we’ve talked about how CPPFLAGS and LDLIBS get passed to the
compiler and linker, here’s the final incantation that I used to get the
program to build successfully!
CPPFLAGS="-I/opt/homebrew/include" LDLIBS="-L/opt/homebrew/lib -liconv" make paperjam
This passes -I/opt/homebrew/include to the compiler and -L/opt/homebrew/lib -liconv to the linker.
Also I don’t want to pretend that I “magically” knew that those were the right arguments to pass, figuring them out involved a bunch of confused Googling that I skipped over in this post. I will say that:
-I compiler flag tells the compiler which directory to find header files in, like /opt/homebrew/include/qpdf/QPDF.hh-L linker flag tells the linker which directory to find libraries in, like /opt/homebrew/lib/libqpdf.a-l linker flag tells the linker which libraries to link in, like -liconv means “link in the iconv library”, or -lm means “link math”make $FILENAMEYesterday I discovered this cool tool called
qf which you can use to quickly
open files from the output of ripgrep.
qf is in a big directory of various tools, but I only wanted to compile qf.
So I just compiled qf, like this:
make qf
Basically if you know (or can guess) the output filename of the file you’re
trying to build, you can tell make to just build that file by running make $FILENAME
I sometimes write 5-line C programs with no dependencies, and I just learned
that if I have a file called blah.c, I can just compile it like this without creating a Makefile:
make blah
It gets automaticaly expanded to cc -o blah blah.c, which saves a bit of
typing. I have no idea if I’m going to remember this (I might just keep typing
gcc -o blah blah.c anyway) but it seems like a fun trick.
If you’re having trouble building a C program, maybe other people had problems building it too! Every Linux distribution has build files for every package that they build, so even if you can’t install packages from that distribution directly, maybe you can get tips from that Linux distro for how to build the package. Realizing this (thanks to my friend Dave) was a huge ah-ha moment for me.
For example, this line from the nix package for paperjam says:
env.NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isDarwin "-liconv";
This is basically saying “pass the linker flag -liconv to build this on a
Mac”, so that’s a clue we could use to build it.
That same file also says env.NIX_CFLAGS_COMPILE = "-DPOINTERHOLDER_TRANSITION=1";. I’m not sure what this means, but when I try
to build the paperjam package I do get an error about something called a
PointerHolder, so I guess that’s somehow related to the “PointerHolder
transition”.
Once you’ve managed to compile the program, probably you want to install it somewhere!
Some Makefiles have an install target that let you install the tool on your
system with make install. I’m always a bit scared of this (where is it going
to put the files? what if I want to uninstall them later?), so if I’m compiling
a pretty simple program I’ll often just manually copy the binary to install it
instead, like this:
cp qf ~/bin
Once I figured out how to do all of this, I realized that I could use my new
make knowledge to contribute a paperjam package to Homebrew! Then I could
just brew install paperjam on future systems.
The good thing is that even if the details of how all of the different packaging systems, they fundamentally all use C compilers and linkers.
I think all of this is an interesting example of how it can useful to understand some basics of how C programs work (like “they have header files”) even if you’re never planning to write a nontrivial C program if your life.
It feels good to have some ability to compile C/C++ programs myself, even
though I’m still not totally confident about all of the compiler and linker
flags and I still plan to never learn anything about how autotools works other
than “you run ./configure to generate the Makefile”.
Two things I left out of this post:
LD_LIBRARY_PATH / DYLD_LIBRARY_PATH (which you use to tell the dynamic
linker at runtime where to find dynamically linked files) because I can’t
remember the last time I ran into an LD_LIBRARY_PATH issue and couldn’t
find an example.pkg-config, which I think is important but I don’t understand yetI've seen a lot of complaints about how MCP isn't ready for the enterprise.
I agree, although maybe not for the reasons you think. But don't worry, this isn't just a rant! I believe we can fix it!
The good news is the recent updates to the MCP authorization spec that separate out the role of the authorization server from the MCP server have now put the building blocks in place to make this a lot easier.
But let's back up and talk about what enterprise buyers expect when they are evaluating AI tools to bring into their companies.
At a minimum, an enterprise admin expects to be able to put an application under their single sign-on system. This enables the company to manage which users are allowed to use which applications, and prevents their users from needing to have their own passwords at the applications. The goal is to get every application managed under their single sign-on (SSO) system. Many large companies have more than 200 applications, so having them all managed through their SSO solution is a lot better than employees having to manage 200 passwords for each application!
There's a lot more than SSO too, like lifecycle management, entitlements, and logout. We're tackling these in the IPSIE working group in the OpenID Foundation. But for the purposes of this discussion, let's stick to the basics of SSO.
So what does this have to do with MCP?
An AI agent using MCP is just another application enterprises expect to be able to integrate into their single-sign-on (SSO) system. Let's take the example of Claude. When rolled out at a company, ideally every employee would log in to their company Claude account using the company identity provider (IdP). This lets the enterprise admin decide how many Claude licenses to purchase and who should be able to use it.
The next thing that should happen after a user logs in to Claude via SSO is they need to connect Claude to their other enterprise apps. This includes the built-in integrations in Claude like Google Calendar and Google Drive, as well as any MCP servers exposed by other apps in use within the enterprise. That could cover other SaaS apps like Zoom, Atlassian, and Slack, as well as home-grown internal apps.
Today, this process involves a somewhat cumbersome series of steps each individual employee must take. Here's an example of what the user needs to do to connect their AI agent to external apps:
First, the user logs in to Claude using SSO. This involves a redirect from Claude to the enterprise IdP where they authenticate with one or more factors, and then are redirected back.
Next, they need to connect the external app from within Claude. Claude provides a button to initiate the connection. This takes the user to that app (in this example, Google), which redirects them to the IdP to authenticate again, eventually getting redirected back to the app where an OAuth consent prompt is displayed asking the user to approve access, and finally the user is redirected back to Claude and the connection is established.
The user has to repeat these steps for every MCP server that they want to connect to Claude. There are two main problems with this:
Both of these are significant problems. If you have even just 10 MCP servers rolled out in the enterprise, you're asking users to click through 10 SSO and OAuth prompts to establish the connections, and it will only get worse as MCP is more widely adopted within apps. But also, should we really be asking the user if it's okay for Claude to access their data in Google Drive? In a company context, that's not actually the user's decision. That decision should be made by the enterprise IT admin.
In "An Open Letter to Third-party Suppliers", Patrick Opet, Chief Information Security Officer of JPMorgan Chase writes:
"Modern integration patterns, however, dismantle these essential boundaries, relying heavily on modern identity protocols (e.g., OAuth) to create direct, often unchecked interactions between third-party services and firms' sensitive internal resources."
Right now, these app-to-app connections are happening behind the back of the IdP. What we need is a way to move the connections between the applications into the IdP where they can be managed by the enterprise admin.
Let's see how this works if we leverage a new (in-progress) OAuth extension called "Identity and Authorization Chaining Across Domains", which I'll refer to as "Cross-App Access" for short, enabling the enterprise IdP to sit in the middle of the OAuth exchange between the two apps.
In this example, we'll use Claude as the application that is trying to connect to Slack's (hypothetical) MCP server. We'll start with a high-level overview of the flow, and later go over the detailed protocol.
First, the user logs in to Claude through the IdP as normal. This results in Claude getting either an ID token or SAML assertion from the IdP, which tells Claude who the user is. (This works the same for SAML assertions or ID tokens, so I'll use ID tokens in the example from here out.) This is no different than what the user would do today when signing in to Claude.
Then, instead of prompting the user to connect Slack, Claude takes the ID token back to the IdP in a request that says "Claude is requesting access to this user's Slack account."
The IdP validates the ID token, sees it was issued to Claude, and verifies that the admin has allowed Claude to access Slack on behalf of the given user. Assuming everything checks out, the IdP issues a new token back to Claude.
Claude takes the intermediate token from the IdP to Slack saying "hi, I would like an access token for the Slack MCP server. The IdP gave me this token with the details of the user to issue the access token for." Slack validates the token the same way it would have validated an ID token. (Remember, Slack is already configured for SSO to the IdP for this customer as well, so it already has a way to validate these tokens.) Slack is able to issue an access token giving Claude access to this user's resources in its MCP server.
This solves the two big problems:
The other nice side effect of this is since there is no user interaction required, the first time a new user logs in to Claude, all their enterprise apps will be automatically connected without them having to click any buttons!
Now let's look at what this looks like in the actual protocol. This is based on the adopted in-progress OAuth specification "Identity and Authorization Chaining Across Domains". This spec is actually a combination of two RFCs: Token Exchange (RFC 8693), and JWT Profile for Authorization Grants (RFC 7523). Both RFCs as well as the "Identity and Authorization Chaining Across Domains" spec are very flexible. While this means it is possible to apply this to many different use cases, it does mean we need to be a bit more specific in how to use it for this use case. For that purpose, I've written a profile of the Identity Chaining draft called "Identity Assertion Authorization Grant" to fill in the missing pieces for the specific use case detailed here.
Let's go through it step by step. For this example we'll use the following entities:
First, Claude gets the user to sign in using a standard OpenID Connect (or SAML) flow in order to obtain an ID token. There isn't anything unique to this spec regarding this first stage, so I will skip the details of the OpenID Connect flow and we'll start with the ID token as the input to the next step.
Claude, the requesting application, then makes a Token Exchange request (RFC 8693) to the IdP's token endpoint with the following parameters:
requested_token_type: The value urn:ietf:params:oauth:token-type:id-jag indicates that an ID Assertion JWT is being requested.audience: The Issuer URL of the Resource Application's authorization server.subject_token: The identity assertion (e.g. the OpenID Connect ID Token or SAML assertion) for the target end-user.subject_token_type: Either urn:ietf:params:oauth:token-type:id_token or urn:ietf:params:oauth:token-type:saml2 as defined by RFC 8693.This request will also include the client credentials that Claude would use in a traditional OAuth token request, which could be a client secret or a JWT Bearer Assertion.
POST /oauth2/token HTTP/1.1
Host: acme.okta.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:token-exchange
&requested_token_type=urn:ietf:params:oauth:token-type:id-jag
&audience=https://auth.slack.com/
&subject_token=eyJraWQiOiJzMTZ0cVNtODhwREo4VGZCXzdrSEtQ...
&subject_token_type=urn:ietf:params:oauth:token-type:id_token
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyIn0...
At this point, the IdP evaluates the request and decides whether to issue the requested "ID Assertion JWT". The request will be evaluated based on the validity of the arguments, as well as the configured policy by the customer.
For example, the IdP validates that the ID token in this request was issued to the same client that matches the provided client authentication. It evaluates that the user still exists and is active, and that the user is assigned the Resource Application. Other policies can be evaluated at the discretion of the IdP, just like it can during a single sign-on flow.
If the IdP agrees that the requesting app should be authorized to access the given user's data in the resource app's MCP server, it will respond with a Token Exchange response to issue the token:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
"issued_token_type": "urn:ietf:params:oauth:token-type:id-jag",
"access_token": "eyJhbGciOiJIUzI1NiIsI...",
"token_type": "N_A",
"expires_in": 300
}
The claims in the issued JWT are defined in "Identity Assertion Authorization Grant". The JWT is signed using the same key that the IdP signs ID tokens with. This is a critical aspect that makes this work, since again we assumed that both apps would already be configured for SSO to the IdP so would already be aware of the signing key for that purpose.
At this point, Claude is ready to request a token for the Resource App's MCP server
The JWT received in the previous request can now be used as a "JWT Authorization Grant" as described by RFC 7523. To do this, Claude makes a request to the MCP authorization server's token endpoint with the following parameters:
grant_type: urn:ietf:params:oauth:grant-type:jwt-bearerassertion: The Identity Assertion Authorization Grant JWT obtained in the previous token exchange stepFor example:
POST /oauth2/token HTTP/1.1
Host: auth.slack.com
Authorization: Basic yZS1yYW5kb20tc2VjcmV0v3JOkF0XG5Qx2
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
assertion=eyJhbGciOiJIUzI1NiIsI...
Slack's authorization server can now evaluate this request to determine whether to issue an access token. The authorization server can validate the JWT by checking the issuer (iss) in the JWT to determine which enterprise IdP the token is from, and then check the signature using the public key discovered at that server. There are other claims to be validated as well, described in Section 6.1 of the Identity Assertion Authorization Grant.
Assuming all the validations pass, Slack is ready to issue an access token to Claude in the token response:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
"token_type": "Bearer",
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"expires_in": 86400
}
This token response is the same format that Slack's authorization server would be responding to a traditional OAuth flow. That's another key aspect of this design that makes it scalable. We don't need the resource app to use any particular access token format, since only that server is responsible for validating those tokens.
Now that Claude has the access token, it can make a request to the (hypothetical) Slack MCP server using the bearer token the same way it would have if it got the token using the traditional redirect-based OAuth flow.
Note: Eventually we'll need to define the specific behavior of when to return a refresh token in this token response. The goal is to ensure the client goes through the IdP often enough for the IdP to enforce its access policies. A refresh token could potentially undermine that if the refresh token lifetime is too long. It follows that ultimately the IdP should enforce the refresh token lifetime, so we will need to define a way for the IdP to communicate to the authorization server whether and how long to issue refresh tokens. This would enable the authorization server to make its own decision on access token lifetime, while still respecting the enterprise IdP policy.
Here's the flow again, this time as a sequence diagram.
At this point, the user is logged in to the MCP client. Everything up until this point has been a standard OpenID Connect flow.
For a more detailed step by step of the flow, see Appendix A.3 of the Identity Assertion Authorization Grant.
If this is something you're interested in, we'd love your help! The in-progress spec is publicly available, and we're looking for people interested in helping prototype it. If you're building an MCP server and you want to make it enterprise-ready, I'd be happy to help you build this!
You can find me at a few related events coming up:
And of course you can always find me on LinkedIn or email me at aaron.parecki@okta.com.
Let's not overthink auth in MCP.
Yes, the MCP server is going to need its own auth server. But it's not as bad as it sounds. Let me explain.
First let's get a few pieces of terminology straight.
The confusion that's happening in the discussions I've seen so far is because the spec and diagrams show that the MCP server itself is handing authorization. That's not necessary.
In OAuth, we talk about the "authorization server" and "resource server" as distinct roles. I like to think of the authorization server as the "token factory", that's the thing that makes the access tokens. The resource server (usually an API) needs to be able to validate the tokens created by the authorization server.
It's possible to build a single server that is both a resource server and authorization server, and in fact many OAuth systems are built that way, especially large consumer services.
But nothing about the spec requires that the two roles are combined, it's also possible to run these as two totally unrelated services.
This flexibility that's been baked into OAuth for over a decade is what has led to the rapid adoption, as well the proliferation of open source and commercial products that provide an OAuth authorization server as a service.
So how does this relate to MCP?
I can annotate the flow from the Model Context Protocol spec to show the parts where the client talks to the MCP Resource Server separately from where the client talks to the MCP Authorization Server.
Here is the updated sequence diagram showing communication with each role separately.
Why is it important to call out this change?
I've seen a few conversations in various places about how requiring the MCP Server to be both an authorization server and resource server is too much of a burden. But actually, very little needs to change about the spec to enable this separation of concerns that OAuth already provides.
I've also seen various suggestions of other ways to separate the authorization server from the MCP server, like delegating to an enterprise IdP and having the MCP server validate access tokens issued by the IdP. These other options also conflate the OAuth roles in an awkward way and would result in some undesirable properties or relationships between the various parties involved.
So what needs to change in the MCP spec to enable this?
The main thing currently forcing the MCP Server to be both the authorization server and resource server is how the client does discovery.
One design goal of MCP is to enable a client to bootstrap everything it needs based on only the server URL provided. I think this is a great design goal, and luckily is something that can be achieved even when separating the roles in the way I've described.
The MCP spec currently says that clients are expected to fetch the OAuth Server Metadata (RFC8414) file from the MCP Server base URL, resulting in a URL such as:
https://example.com/.well-known/oauth-authorization-server
This ends up meaning the MCP Resource Server must also be an Authorization Server, which leads to the complications the community has encountered so far. The good news is there is an OAuth spec we can apply here instead: Protected Resource Metadata.
The Protected Resource Metadata spec is used by a Resource Server to advertise metadata about itself, including which Authorization Server can be used with it. This spec is both new and old. It was started in 2016, but was never adopted by the OAuth working group until 2023, after I had presented at an IETF meeting about the need for clients to be able to bootstrap OAuth flows given an OAuth resource server. The spec is now awaiting publication as an RFC, and should get its RFC number in a couple months. (Update: This became RFC 9728 on April 23, 2025!)
Applying this to the MCP server would result in a sequence like the following:
/.well-known/oauth-protected-resource to the MCP Server base URL.authorization_servers property in the JSON response, and builds the Authorization Server Metadata URL by appending /.well-known/oauth-authorization-server
Note: The Protected Resource Metadata spec also supports the Resource Server returning WWW-Authenticate with a link to the resource metadata URL if you want to avoid the requirement that MCP Servers host their metadata URLs at the .well-known endpoint, it just requires an extra HTTP request to support this.
Two things to keep in mind about how the MCP Server validates access tokens with this new separation of concerns.
If you do build the MCP Authorization Server and Resource Server as part of the same system, you don't need to do anything special to validate the access tokens the Authorization Server issues. You probably already have some sort of infrastructure in place for your normal API to validate tokens issued by your Authorization Server, so nothing changes there.
If you are using an external Authorization Server, whether that's an open source product or a commercial hosted service, that product will have its own docs for how you can validate the tokens it creates. There's a good chance it already supports the standardized JWT Access Tokens described in RFC 9068, in which case you can use off-the-shelf JWT validation middleware for common frameworks.
In either case, the critical design goal here is that the MCP Authorization Server issues access tokens that only ever need to be validated by the MCP Resource Server. This is in line with the security recommendations in Section 2.3 of RFC 9700, in particular that "access tokens SHOULD be audience-restricted to a specific resource server". In other words, it would be a bad idea for the MCP Client to be issued an access token that works with both the MCP Resource Server and the service's REST API.
Another argument I've seen is that MCP Server developers shouldn't have to build any OAuth infrastructure at all, instead they should be able to delegate all the OAuth bits to an external service.
In principle, I agree. Getting API access and authorization right is tricky, that's why there are entire companies dedicated to solving the problem.
The architecture laid out above enables this exact separation of concerns. The difference between this architecture and some of the other proposals I've seen is that this cleanly separates the security boundaries so that there are minimal dependencies among the parties involved.
But, one thing I haven't seen mentioned in the discussions is that there actually is no requirement than an OAuth Authorization Server provide any UI itself.
While it is desirable from a security perspective that the MCP Resource Server has a corresponding Authorization Server that issues access tokens for it, that Authorization Server doesn't actually need to have any UI or even any concept of user login or accounts. You can actually build an Authorization Server that delegates all user account management to an external service. You can see an example of this in PayPal's MCP server they recently launched.
PayPal's traditional API already supports OAuth, the authorization and token endpoints are:
https://www.paypal.com/signin/authorizehttps://api-m.paypal.com/v1/oauth2/tokenWhen PayPal built their MCP server, they launched it at https://mcp.paypal.com. If you fetch the metadata for the MCP Server, you'll find the two OAuth endpoints for the MCP Authorization Server:
https://mcp.paypal.com/authorizehttps://mcp.paypal.com/tokenWhen the MCP Client redirects the user to the authorization endpoint, the MCP server itself doesn't provide any UI. Instead, it immediately redirects the user to the real PayPal authorization endpoint which then prompts the user to log in and authorize the client.
This points to yet another benefit of architecting the MCP Authorization Server and Resource Server this way. It enables implementers to delegate the actual user management to their existing OAuth server with no changes needed to the MCP Client. The MCP Client isn't even aware that this extra redirect step was inserted in the middle. As far as the MCP Client is concerned, it has been talking to only the MCP Authorization Server. It just so happens that the MCP Authorization Server has sent the user elsewhere to actually log in.
There's one more point I want to make about why having a dedicated MCP Authorization Server is helpful architecturally.
The MCP spec strongly recommends that MCP Servers (authorization servers) support Dynamic Client Registration. If MCP is successful, there will be a large number of MCP Clients talking to a large number of MCP Servers, and the user is the one deciding which combinations of clients and servers to use. This means it is not scalable to require that every MCP Client developer register their client with every MCP Server.
This is similar to the idea of using an email client with the user's chosen email server. Obviously Mozilla can't register Thunderbird with every email server out there. Instead, there needs to be a way to dynamically establish a client's identity with the OAuth server at runtime. Dynamic Client Registration is one option for how to do that.
The problem is most commercial APIs are not going to enable Dynamic Client Registration on their production servers. For example, in order to get client credentials to use the Google APIs, you need to register as a developer and then register an OAuth client after logging in. Dynamic Client Registration would allow a client to register itself without the link to the developer's account. That would mean there is no paper trail for who the client was developed by. The Dynamic Client Registration endpoint can't require authentication by definition, so is a public endpoint that can create clients, which as you can imagine opens up some potential security issues.
I do, however, think it would be reasonable to expect production services to enable Dynamic Client Registration only on the MCP's Authorization Server. This way the dynamically-registered clients wouldn't be able to use the regular REST API, but would only be able to interact with the MCP API.
Mastodon and BlueSky also have a similar problem of needing clients to show up at arbitrary authorization servers without prior coordination between the client developer and authorization server operator. I call this the "OAuth for the Open Web" problem. Mastodon used Dynamic Client Registration as their solution, and has since documented some of the issues that this creates, linked here and here.
BlueSky decided to take a different approach and instead uses an https URL as a client identifier, bypassing the need for a client registration step entirely. This has the added bonus of having at least some level of confidence of the client identity because the client identity is hosted at a domain. It would be a perfectly viable approach to use this method for MCP as well. There is a discussion on that within MCP here. This is an ongoing topic within the OAuth working group, I have a couple of drafts in progress to formalize this pattern, Client ID Metadata Document and Client ID Scheme.
Lastly, I want to touch on the idea of enabling users to log in to MCP Servers with their enterprise IdP.
When an enterprise company purchases software, they expect to be able to tie it in to their single-sign-on solution. For example, when I log in to work Slack, I enter my work email and Slack redirects me to my work IdP where I log in. This way employees don't need to have passwords with every app they use in the enterprise, they can log in to everything with the same enterprise account, and all the apps can be protected with multi-factor authentication through the IdP. This also gives the company control over which users can access which apps, as well as a way to revoke a user's access at any time.
So how does this relate to MCP?
Well, plenty of people are already trying to figure out how to let their employees safely use AI tools within the enterprise. So we need a way to let employees use their enterprise IdP to log in and authorize MCP Clients to access MCP Servers.
If you're building an MCP Server in front of an existing application that already supports enterprise Single Sign-On, then you don't need to do anything differently in the MCP Client or Server and you already have support for this. When the MCP Client redirects to the MCP Authorization Server, the MCP Authorization Server redirects to the main Authorization Server, which would then prompt the user for their company email/domain and redirect to the enterprise IdP to log in.
This brings me to yet another thing I've been seeing conflated in the discussions: user login and user authorization.
OAuth is an authorization delegation protocol. OAuth doesn't actually say anything about how users authenticate at the OAuth server, it only talks about how the user can authorize access to an application. This is actually a really great thing, because it means we can get super creative with how users authenticate.
Remember the yellow box "User logs in and authorizes" from the original sequence diagram? These are actually two totally distinct steps. The OAuth authorization server is responsible for getting the user to log in somehow, but there's no requirement that how the user logs in is with a username/password. This is where we can insert a single-sign-on flow to an enterprise IdP, or really anything you can imagine.
So think of this as two separate boxes: "user logs in", and "user authorizes". Then, we can replace the "user logs in" box with an entirely new OpenID Connect flow out to the enterprise IdP to log the user in, and after they are logged in they can authorize the client.
I'll spare you the complete expanded sequence diagram, since it looks a lot more complicated than it actually is. But I again want to stress that this is nothing new, this is already how things are commonly done today.
This all just becomes cleaner to understand when you separate the MCP Authorization Server from the MCP Resource Server.
We can push all the complexity of user login, token minting, and more onto the MCP Authorization Server, keeping the MCP Resource Server free to do the much simpler task of validating access tokens and serving resources.
There are two things I want to call out about how enterprise IdP integration could be improved. Both of these are entire topics on their own, so I will only touch on the problems and link out to other places where work is happening to solve them.
There are two points of friction with the current state of enterprise login for SaaS apps.
When a user logs in to a SaaS app, they need to tell the app how to find their enterprise IdP. This is commonly done by either asking the user to enter their work email, or asking the user to enter their tenant URL at the service.
Neither of these is really a great user experience. It would be a lot better if the browser already knew which enterprise IdP the user should be sent to. This is one of my goals with the work happening in FedCM. With this new browser API, the browser can mediate the login, telling the SaaS app which enterprise IdP to use automatically only needing the user to click their account icon rather than type anything in.
Another point of friction in the enterprise happens when a user starts connecting multiple applications to each other within the company. For example, if you drop in a Google Docs link into Slack, Slack will prompt you to connect your Google account to preview the link. Multiply this by N number of applications that can preview links, and M number of applications you might drop links to, and you end up sending the user through a huge number of OAuth consent flows.
The problem is only made worse with the explosion of AI tools. Every AI tool will need access to data in every other application in the enterprise. That is a lot of OAuth consent flows for the user to manage. Plus, the user shouldn't really be the one granting consent for Slack to access the company Google Docs account anyway. That consent should ideally be managed by the enterprise IT admin.
What we actually need is a way to enable the IT admin to grant consent for apps to talk to each other company-wide, removing the need for users to be sent through an OAuth flow at all.
This is the basis of another OAuth spec I've been working on, the Identity Assertion Authorization Grant.
The same problem applies to MCP Servers, and with the separation of concerns laid out above, it becomes straightforward to add this extension to move the consent to the enterprise and streamline the user experience.
Get in touch!
If these sound like interesting problems, please get in touch! You can find me on LinkedIn or reach me via email at aaron@parecki.com.
Hello! Today I want to talk about ANSI escape codes.
For a long time I was vaguely aware of ANSI escape codes (“that’s how you make text red in the terminal and stuff”) but I had no real understanding of where they were supposed to be defined or whether or not there were standards for them. I just had a kind of vague “there be dragons” feeling around them. While learning about the terminal this year, I’ve learned that:
So I wanted to put together a list for myself of some standards that exist around escape codes, because I want to know if they have to feel unreliable and frustrating, or if there’s a future where we could all rely on them with more confidence.
Have you ever pressed the left arrow key in your terminal and seen ^[[D?
That’s an escape code! It’s called an “escape code” because the first character
is the “escape” character, which is usually written as ESC, \x1b, \E,
\033, or ^[.
Escape codes are how your terminal emulator communicates various kinds of information (colours, mouse movement, etc) with programs running in the terminal. There are two kind of escape codes:
ESC[D, “Ctrl+left arrow” might be ESC[1;5D, and clicking the mouse might
be something like ESC[M :3.Now let’s talk about standards!
The first standard I found relating to escape codes was ECMA-48, which was originally published in 1976.
ECMA-48 does two things:
ESC[ + something and “OSC” codes, which are ESC] + something)ESC[D, or “turn text red” is ESC[31m. In the spec, the “cursor left”
one is called CURSOR LEFT and the one for changing colours is called
SELECT GRAPHIC RENDITION.The formats are extensible, so there’s room for others to define more escape codes in the future. Lots of escape codes that are popular today aren’t defined in ECMA-48: for example it’s pretty common for terminal applications (like vim, htop, or tmux) to support using the mouse, but ECMA-48 doesn’t define escape codes for the mouse.
There are a bunch of escape codes that aren’t defined in ECMA-48, for example:
I believe (correct me if I’m wrong!) that these and some others came from xterm, are documented in XTerm Control Sequences, and have been widely implemented by other terminal emulators.
This list of “what xterm supports” is not a standard exactly, but xterm is extremely influential and so it seems like an important document.
In the 80s (and to some extent today, but my understanding is that it was MUCH more dramatic in the 80s) there was a huge amount of variation in what escape codes terminals actually supported.
To deal with this, there’s a database of escape codes for various terminals called “terminfo”.
It looks like the standard for terminfo is called X/Open Curses, though you need to create an account to view that standard for some reason. It defines the database format as well as a C library interface (“curses”) for accessing the database.
For example you can run this bash snippet to see every possible escape code for “clear screen” for all of the different terminals your system knows about:
for term in $(toe -a | awk '{print $1}')
do
echo $term
infocmp -1 -T "$term" 2>/dev/null | grep 'clear=' | sed 's/clear=//g;s/,//g'
done
On my system (and probably every system I’ve ever used?), the terminfo database is managed by ncurses.
I think it’s interesting that there are two main approaches that applications take to handling ANSI escape codes:
TERM environment variable. Fish does this, for example.Some examples of programs/libraries that take approach #2 (“don’t use terminfo”) include:
I got curious about why folks might be moving away from terminfo and I found this very interesting and extremely detailed rant about terminfo from one of the fish maintainers, which argues that:
[the terminfo authors] have done a lot of work that, at the time, was extremely important and helpful. My point is that it no longer is.
I’m not going to do it justice so I’m not going to summarize it, I think it’s worth reading.
I was just talking about the idea that you can use a “common set” of escape codes that will work for most people. But what is that set? Is there any agreement?
I really do not know the answer to this at all, but from doing some reading it seems like it’s some combination of:
and maybe ultimately “identify the terminal emulators you think your users are going to use most frequently and test in those”, the same way web developers do when deciding which CSS features are okay to use
I don’t think there are any resources like Can I use…? or Baseline for the terminal though. (in theory terminfo is supposed to be the “caniuse” for the terminal but it seems like it often takes 10+ years to add new terminal features when people invent them which makes it very limited)
I also asked on Mastodon why people found terminfo valuable in 2025 and got a few reasons that made sense to me:
TERM environment variable to
control how programs behave (for example with TERM=dumb), and there’s
no standard for how that should work in a post-terminfo worldThe way that ncurses uses the TERM environment variable to decide which
escape codes to use reminds me of how webservers used to sometimes use the
browser user agent to decide which version of a website to serve.
It also seems like it’s had some of the same results – the way iTerm2 reports itself as being “xterm-256color” feels similar to how Safari’s user agent is “Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15”. In both cases the terminal emulator / browser ends up changing its user agent to get around user agent detection that isn’t working well.
On the web we ended up deciding that user agent detection was not a good practice and to instead focus on standardization so we can serve the same HTML/CSS to all browsers. I don’t know if the same approach is the future in the terminal though – I think the terminal landscape today is much more fragmented than the web ever was as well as being much less well funded.
A few more documents and standards related to escape codes, in no particular order:
I sometimes see people saying that the unix terminal is “outdated”, and since I love the terminal so much I’m always curious about what incremental changes might make it feel less “outdated”.
Maybe if we had a clearer standards landscape (like we do on the web!) it would be easier for terminal emulator developers to build new features and for authors of terminal applications to more confidently adopt those features so that we can all benefit from them and have a richer experience in the terminal.
Obviously standardizing ANSI escape codes is not easy (ECMA-48 was first published almost 50 years ago and we’re still not there!). I don’t even know what all of the challenges are. But the situation with HTML/CSS/JS used to be extremely bad too and now it’s MUCH better, so maybe there’s hope.
I was talking to a friend about how to add a directory to your PATH today. It’s
something that feels “obvious” to me since I’ve been using the terminal for a
long time, but when I searched for instructions for how to do it, I actually
couldn’t find something that explained all of the steps – a lot of them just
said “add this to ~/.bashrc”, but what if you’re not using bash? What if your
bash config is actually in a different file? And how are you supposed to figure
out which directory to add anyway?
So I wanted to try to write down some more complete directions and mention some of the gotchas I’ve run into over the years.
Here’s a table of contents:
If you’re not sure what shell you’re using, here’s a way to find out. Run this:
ps -p $$ -o pid,comm=
97295 bash97295 zsh$$ isn’t valid syntax in fish, but in any case the error
message tells you that you’re using fish, which you probably already knew)Also bash is the default on Linux and zsh is the default on Mac OS (as of 2024). I’ll only cover bash, zsh, and fish in these directions.
~/.zshrc~/.bashrc, but it’s complicated, see the note in the next section~/.config/fish/config.fish (you can run echo $__fish_config_dir if you want to be 100% sure)Bash has three possible config files: ~/.bashrc, ~/.bash_profile, and ~/.profile.
If you’re not sure which one your system is set up to use, I’d recommend testing this way:
echo hi there to your ~/.bashrc~/.bashrc is being used! Hooray!~/.bash_profile~/.profile if the first two options don’t work.(there are a lot of elaborate flow charts out there that explain how bash decides which config file to use but IMO it’s not worth it to internalize them and just testing is the fastest way to be sure)
Let’s say that you’re trying to install and run a program called http-server
and it doesn’t work, like this:
$ npm install -g http-server
$ http-server
bash: http-server: command not found
How do you find what directory http-server is in? Honestly in general this is
not that easy – often the answer is something like “it depends on how npm is
configured”. A few ideas:
cargo, npm, homebrew, etc),
when you first set it up it’ll print out some directions about how to update
your PATH. So if you’re paying attention you can get the directions then.PATH for younpm config get prefix (then append /bin/)go env GOPATH (then append /bin/)asdf info | grep ASDF_DIR (then append /bin/ and /shims/)Once you’ve found a directory you think might be the right one, make sure it’s
actually correct! For example, I found out that on my machine, http-server is
in ~/.npm-global/bin. I can make sure that it’s the right directory by trying to
run the program http-server in that directory like this:
$ ~/.npm-global/bin/http-server
Starting up http-server, serving ./public
It worked! Now that you know what directory you need to add to your PATH,
let’s move to the next step!
Now we have the 2 critical pieces of information we need:
~/.npm-global/bin/)~/.bashrc, ~/.zshrc, or ~/.config/fish/config.fish)Now what you need to add depends on your shell:
bash instructions:
Open your shell’s config file, and add a line like this:
export PATH=$PATH:~/.npm-global/bin/
(obviously replace ~/.npm-global/bin with the actual directory you’re trying to add)
zsh instructions:
You can do the same thing as in bash, but zsh also has some slightly fancier syntax you can use if you prefer:
path=(
$path
~/.npm-global/bin
)
fish instructions:
In fish, the syntax is different:
set PATH $PATH ~/.npm-global/bin
(in fish you can also use fish_add_path, some notes on that further down)
Now, an extremely important step: updating your shell’s config won’t take effect if you don’t restart it!
Two ways to do this:
bash to start a new shell (or zsh if you’re using zsh, or fish if you’re using fish)I’ve found that both of these usually work fine.
And you should be done! Try running the program you were trying to run and hopefully it works now.
If not, here are a couple of problems that you might run into:
If the wrong version of a program is running, you might need to add the directory to the beginning of your PATH instead of the end.
For example, on my system I have two versions of python3 installed, which I
can see by running which -a:
$ which -a python3
/usr/bin/python3
/opt/homebrew/bin/python3
The one your shell will use is the first one listed.
If you want to use the Homebrew version, you need to add that directory
(/opt/homebrew/bin) to the beginning of your PATH instead, by putting this in
your shell’s config file (it’s /opt/homebrew/bin/:$PATH instead of the usual $PATH:/opt/homebrew/bin/)
export PATH=/opt/homebrew/bin/:$PATH
or in fish:
set PATH ~/.cargo/bin $PATH
All of these directions only work if you’re running the program from your shell. If you’re running the program from an IDE, from a GUI, in a cron job, or some other way, you’ll need to add the directory to your PATH in a different way, and the exact details might depend on the situation.
in a cron job
Some options:
/home/bork/bin/my-programecho "PATH=$PATH".I’m honestly not sure how to handle it in an IDE/GUI because I haven’t run into that in a long time, will add directions here if someone points me in the right direction.
PATH entries making it harder to debugIf you edit your path and start a new shell by running bash (or zsh, or
fish), you’ll often end up with duplicate PATH entries, because the shell
keeps adding new things to your PATH every time you start your shell.
Personally I don’t think I’ve run into a situation where this kind of
duplication breaks anything, but the duplicates can make it harder to debug
what’s going on with your PATH if you’re trying to understand its contents.
Some ways you could deal with this:
PATH, open a new terminal to do it in so you get
a “fresh” state. This should avoid the duplication.PATH at the end of your shell’s config (for example in
zsh apparently you can do this with typeset -U path)PATH when adding it (for
example in fish I believe you can do this with fish_add_path --path /some/directory)How to deduplicate your PATH is shell-specific and there isn’t always a
built in way to do it so you’ll need to look up how to accomplish it in your
shell.
PATHHere’s a situation that’s easy to get into in bash or zsh:
PATHbash to reload your configThis happens because in bash, by default, history is not saved until you exit the shell.
Some options for fixing this:
bash to reload your config, run source ~/.bashrc (or
source ~/.zshrc in zsh). This will reload the config inside your current
session.sourceWhen you install cargo (Rust’s installer) for the first time, it gives you
these instructions for how to set up your PATH, which don’t mention a specific
directory at all.
This is usually done by running one of the following (note the leading DOT):
. "$HOME/.cargo/env" # For sh/bash/zsh/ash/dash/pdksh
source "$HOME/.cargo/env.fish" # For fish
The idea is that you add that line to your shell’s config, and their script
automatically sets up your PATH (and potentially other things) for you.
This is pretty common (for example Homebrew suggests you eval brew shellenv), and there are
two ways to approach this:
. "$HOME/.cargo/env" to your shell’s config). "$HOME/.cargo/env" in my shell (or the fish version if using fish)echo "$PATH" | tr ':' '\n' | grep cargo to figure out which directories it added/Users/bork/.cargo/bin and shorten that to ~/.cargo/bin~/.cargo/bin to PATH (with the directions in this post)I don’t think there’s anything wrong with doing what the tool suggests (it might be the “best way”!), but personally I usually use the second approach because I prefer knowing exactly what configuration I’m changing.
fish_add_pathfish has a handy function called fish_add_path that you can run to add a directory to your PATH like this:
fish_add_path /some/directory
This is cool (it’s such a simple command!) but I’ve stopped using it for a couple of reasons:
fish_add_path will update the PATH for every session in the
future (with a “universal variable”) and sometimes it will update the PATH
just for the current session and it’s hard for me to tell which one it will
do. In theory the docs explain this but I could not understand them.PATH a few weeks or
months later because maybe you made a mistake, it’s kind of hard to do
(there are instructions in this comments of this github issue though).Hopefully this will help some people. Let me know (on Mastodon or Bluesky) if you there are other major gotchas that have tripped you up when adding a directory to your PATH, or if you have questions about this post!
A few weeks ago I ran a terminal survey (you can read the results here) and at the end I asked:
What’s the most frustrating thing about using the terminal for you?
1600 people answered, and I decided to spend a few days categorizing all the responses. Along the way I learned that classifying qualitative data is not easy but I gave it my best shot. I ended up building a custom tool to make it faster to categorize everything.
As with all of my surveys the methodology isn’t particularly scientific. I just posted the survey to Mastodon and Twitter, ran it for a couple of days, and got answers from whoever happened to see it and felt like responding.
Here are the top categories of frustrations!
I think it’s worth keeping in mind while reading these comments that
These comments aren’t coming from total beginners.
Here are the categories of frustrations! The number in brackets is the number of people with that frustration. I’m mostly writing this up for myself because I’m trying to write a zine about the terminal and I wanted to get a sense for what people are having trouble with.
People talked about struggles remembering:
One example comment:
There are just so many little “trivia” details to remember for full functionality. Even after all these years I’ll sometimes forget where it’s 2 or 1 for stderr, or forget which is which for
>and>>.
People talked about struggling with switching systems (for example home/work computer or when SSHing) and running into:
as well as differences inside the same system like pagers being not consistent with each other (git diff pagers, other pagers).
One example comment:
I got used to fish and vi mode which are not available when I ssh into servers, containers.
Lots of problems with color, like:
This comment felt relatable to me:
Getting my terminal theme configured in a reasonable way between the terminal emulator and fish (I did this years ago and remember it being tedious and fiddly and now feel like I’m locked into my current theme because it works and I dread touching any of that configuration ever again).
Half of the comments on keyboard shortcuts were about how on Linux/Windows, the keyboard shortcut to copy/paste in the terminal is different from in the rest of the OS.
Some other issues with keyboard shortcuts other than copy/paste:
Ctrl-W in a browser-based terminal and closing the windowCtrl-Shift-, no Super, no Hyper, lots of ctrl- shortcuts aren’t
possible like Ctrl-,)Ctrl+left arrow for something else)Aside from “the keyboard shortcut for copy and paste is different”, there were a lot of OTHER issues with copy and paste, like:
There were lots of comments about this, which all came down to the same basic complaint – it’s hard to discover useful tools or features! This comment kind of summed it all up:
How difficult it is to learn independently. Most of what I know is an assorted collection of stuff I’ve been told by random people over the years.
A lot of comments about it generally having a steep learning curve. A couple of example comments:
After 15 years of using it, I’m not much faster than using it than I was 5 or maybe even 10 years ago.
and
That I know I could make my life easier by learning more about the shortcuts and commands and configuring the terminal but I don’t spend the time because it feels overwhelming.
Some issues with shell history:
One example comment:
It wasted a lot of time until I figured it out and still annoys me that “history” on zsh has such a small buffer; I have to type “history 0” to get any useful length of history.
People talked about:
Here’s a representative comment:
Finding good examples and docs. Man pages often not enough, have to wade through stack overflow
A few issues with scrollback:
One example comment:
When resizing the terminal (in particular: making it narrower) leads to broken rewrapping of the scrollback content because the commands formatted their output based on the terminal window width.
Lots of comments about how the terminal feels hampered by legacy decisions and how users often end up needing to learn implementation details that feel very esoteric. One example comment:
Most of the legacy cruft, it would be great to have a green field implementation of the CLI interface.
Lots of complaints about POSIX shell scripting. There’s a general feeling that shell scripting is difficult but also that switching to a different less standard scripting language (fish, nushell, etc) brings its own problems.
Shell scripting. My tolerance to ditch a shell script and go to a scripting language is pretty low. It’s just too messy and powerful. Screwing up can be costly so I don’t even bother.
Some more issues that were mentioned at least 10 times:
Ctrl-S, cating a binary, etc)There were also 122 answers to the effect of “nothing really” or “only that I can’t do EVERYTHING in the terminal”
One example comment:
Think I’ve found work arounds for most/all frustrations
I’m not going to make a lot of commentary on these results, but here are a couple of categories that feel related to me:
Trying to categorize all these results in a reasonable way really gave me an appreciation for social science researchers’ skills.
Hello! Recently I ran a terminal survey and I asked people what frustrated them. One person commented:
There are so many pieces to having a modern terminal experience. I wish it all came out of the box.
My immediate reaction was “oh, getting a modern terminal experience isn’t that hard, you just need to….”, but the more I thought about it, the longer the “you just need to…” list got, and I kept thinking about more and more caveats.
So I thought I would write down some notes about what it means to me personally to have a “modern” terminal experience and what I think can make it hard for people to get there.
Here are a few things that are important to me, with which part of the system is responsible for them:
p in vim to paste (text editor, maybe the OS/terminal emulator too)ls (shell config)Ctrl+left arrow to work (shell or application)less: (terminal emulator and applications)There are a million other terminal conveniences out there and different people value different things, but those are the ones that I would be really unhappy without.
My basic approach is:
fish shell. Mostly don’t configure it, except to:
EDITOR environment variable to my favourite terminal editorls to ls --color=autoneovim, with a configuration that I’ve been very slowly building over the last 9 years or so (the last time I deleted my vim config and started from scratch was 9 years ago)A few things that affect my approach:
What if you want a nice experience, but don’t want to spend a lot of time on configuration? Figuring out how to configure vim in a way that I was satisfied with really did take me like ten years, which is a long time!
My best ideas for how to get a reasonable terminal experience with minimal config are:
fish or zsh with oh-my-zshEDITOR environment variable to your favourite terminal text
editorls to ls --color=autoCtrl-C to copy, Ctrl-V to paste, Ctrl-A to select all) in micro and
they do what you’d expect. I would probably try switching to helix except
that retraining my vim muscle memory seems way too hard. Also helix doesn’t
have a GUI or plugin system yet.Personally I wouldn’t use xterm, rxvt, or Terminal.app as a terminal emulator, because I’ve found in the past that they’re missing core features (like 24-bit colour in Terminal.app’s case) that make the terminal harder to use for me.
I don’t want to pretend that getting a “modern” terminal experience is easier than it is though – I think there are two issues that make it hard. Let’s talk about them!
bash and zsh are by far the two most popular shells, and neither of them provide a default experience that I would be happy using out of the box, for example:
And even though I love fish, the fact that it isn’t POSIX does make it hard for a lot of folks to make the switch.
Of course it’s totally possible to learn how to customize your prompt in bash
or whatever, and it doesn’t even need to be that complicated (in bash I’d
probably start with something like export PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ ', or maybe use starship).
But each of these “not complicated” things really does add up and it’s
especially tough if you need to keep your config in sync across several
systems.
An extremely popular solution to getting a “modern” shell experience is oh-my-zsh. It seems like a great project and I know a lot of people use it very happily, but I’ve struggled with configuration systems like that in the past – it looks like right now the base oh-my-zsh adds about 3000 lines of config, and often I find that having an extra configuration system makes it harder to debug what’s happening when things go wrong. I personally have a tendency to use the system to add a lot of extra plugins, make my system slow, get frustrated that it’s slow, and then delete it completely and write a new config from scratch.
In the terminal survey I ran recently, the most popular terminal text editors
by far were vim, emacs, and nano.
I think the main options for terminal text editors are:
micro or helix which seem to offer a pretty good out-of-the-box
experience, potentially occasionally run into issues with using a less
mainstream text editorcode as their EDITOR in the terminal.The last issue is that sometimes individual programs that I use are kind of
annoying. For example on my Mac OS machine, /usr/bin/sqlite3 doesn’t support
the Ctrl+Left Arrow keyboard shortcut. Fixing this to get a reasonable
terminal experience in SQLite was a little complicated, I had to:
I find that debugging application-specific issues like this is really not easy and often it doesn’t feel “worth it” – often I’ll end up just dealing with various minor inconveniences because I don’t want to spend hours investigating them. The only reason I was even able to figure this one out at all is that I’ve been spending a huge amount of time thinking about the terminal recently.
A big part of having a “modern” experience using terminal programs is just
using newer terminal programs, for example I can’t be bothered to learn a
keyboard shortcut to sort the columns in top, but in htop I can just click
on a column heading with my mouse to sort it. So I use htop instead! But discovering new more “modern” command line tools isn’t easy (though
I made a list here),
finding ones that I actually like using in practice takes time, and if you’re
SSHed into another machine, they won’t always be there.
Something I find tricky about configuring my terminal to make everything “nice” is that changing one seemingly small thing about my workflow can really affect everything else. For example right now I don’t use tmux. But if I needed to use tmux again (for example because I was doing a lot of work SSHed into another machine), I’d need to think about a few things, like:
and probably more things I haven’t thought of. “Using tmux means that I have to change how I manage my colours” sounds unlikely, but that really did happen to me and I decided “well, I don’t want to change how I manage colours right now, so I guess I’m not using that feature!”.
It’s also hard to remember which features I’m relying on – for example maybe my current terminal does have OSC 52 support and because copying from tmux over SSH has always Just Worked I don’t even realize that that’s something I need, and then it mysteriously stops working when I switch terminals.
Personally even though I think my setup is not that complicated, it’s taken me 20 years to get to this point! Because terminal config changes are so likely to have unexpected and hard-to-understand consequences, I’ve found that if I change a lot of terminal configuration all at once it makes it much harder to understand what went wrong if there’s a problem, which can be really disorienting.
So I usually prefer to make pretty small changes, and accept that changes can
might take me a REALLY long time to get used to. For example I switched from
using ls to eza a year or two ago and
while I like it (because eza -l prints human-readable file sizes by default)
I’m still not quite sure about it. But also sometimes it’s worth it to make a
big change, like I made the switch to fish (from bash) 10 years ago and I’m
very happy I did.
Trying to explain how “easy” it is to configure your terminal really just made me think that it’s kind of hard and that I still sometimes get confused.
I’ve found that there’s never one perfect way to configure things in the terminal that will be compatible with every single other thing. I just need to try stuff, figure out some kind of locally stable state that works for me, and accept that if I start using a new tool it might disrupt the system and I might need to rethink things.
Recently I’ve been thinking about how everything that happens in the terminal is some combination of:
top or vim or cat)The first three (your operating system, shell, and terminal emulator) are all kind of known quantities – if you’re using bash in GNOME Terminal on Linux, you can more or less reason about how how all of those things interact, and some of their behaviour is standardized by POSIX.
But the fourth one (“whatever program you happen to be running”) feels like it could do ANYTHING. How are you supposed to know how a program is going to behave?
This post is kind of long so here’s a quick table of contents:
Ctrl-CqCtrl-D on an empty lineCtrl-W should delete the last word- means stdin/stdoutAs far as I know, there are no real standards for how programs in the terminal should behave – the closest things I know of are:
cp should work but AFAIK it doesn’t have anything to say about how for
example htop should behave.But even though there are no standards, in my experience programs in the terminal behave in a pretty consistent way. So I wanted to write down a list of “rules” that in my experience programs mostly follow.
My goal here isn’t to convince authors of terminal programs that they should follow any of these rules. There are lots of exceptions to these and often there’s a good reason for those exceptions.
But it’s very useful for me to know what behaviour to expect from a random new terminal program that I’m using. Instead of “uh, programs could do literally anything”, it’s “ok, here are the basic rules I expect, and then I can keep a short mental list of exceptions”.
So I’m just writing down what I’ve observed about how programs behave in my 20 years of using the terminal, why I think they behave that way, and some examples of cases where that rule is “broken”.
There are a bunch of common conventions that I think are pretty clearly the program’s responsibility to implement, like:
~/.BLAHrc or ~/.config/BLAH/FILE or /etc/BLAH/ or something--help should print help textBut in this post I’m going to focus on things that it’s not 100% obvious are
the program’s responsibility. For example it feels to me like a “law of nature”
that pressing Ctrl-D should quit a REPL, but programs often
need to explicitly implement support for it – even though cat doesn’t need
to implement Ctrl-D support, ipython does. (more about that in “rule 3” below)
Understanding which things are the program’s responsibility makes it much less surprising when different programs’ implementations are slightly different.
Ctrl-CThe main reason for this rule is that noninteractive programs will quit by
default on Ctrl-C if they don’t set up a SIGINT signal handler, so this is
kind of a “you should act like the default” rule.
Something that trips a lot of people up is that this doesn’t apply to
interactive programs like python3 or bc or less. This is because in
an interactive program, Ctrl-C has a different job – if the program is
running an operation (like for example a search in less or some Python code
in python3), then Ctrl-C will interrupt that operation but not stop the
program.
As an example of how this works in an interactive program: here’s the code in prompt-toolkit (the library that iPython uses for handling input)
that aborts a search when you press Ctrl-C.
qTUI programs (like less or htop) will usually quit when you press q.
This rule doesn’t apply to any program where pressing q to quit wouldn’t make
sense, like tmux or text editors.
Ctrl-D on an empty lineREPLs (like python3 or ed) will usually quit when you press Ctrl-D on an
empty line. This rule is similar to the Ctrl-C rule – the reason for this is
that by default if you’re running a program (like cat) in “cooked mode”, then
the operating system will return an EOF when you press Ctrl-D on an empty
line.
Most of the REPLs I use (sqlite3, python3, fish, bash, etc) don’t actually use cooked mode, but they all implement this keyboard shortcut anyway to mimic the default behaviour.
For example, here’s the code in prompt-toolkit that quits when you press Ctrl-D, and here’s the same code in readline.
I actually thought that this one was a “Law of Terminal Physics” until very recently because I’ve basically never seen it broken, but you can see that it’s just something that each individual input library has to implement in the links above.
Someone pointed out that the Erlang REPL does not quit when you press Ctrl-D,
so I guess not every REPL follows this “rule”.
Terminal programs rarely use colours other than the base 16 ANSI colours. This
is because if you specify colours with a hex code, it’s very likely to clash
with some users’ background colour. For example if I print out some text as
#EEEEEE, it would be almost invisible on a white background, though it would
look fine on a dark background.
But if you stick to the default 16 base colours, you have a much better chance that the user has configured those colours in their terminal emulator so that they work reasonably well with their background color. Another reason to stick to the default base 16 colours is that it makes less assumptions about what colours the terminal emulator supports.
The only programs I usually see breaking this “rule” are text editors, for example Helix by default will use a purple background which is not a default ANSI colour. It seems fine for Helix to break this rule since Helix isn’t a “core” program and I assume any Helix user who doesn’t like that colorscheme will just change the theme.
Almost every program I use supports readline keybindings if it would make
sense to do so. For example, here are a bunch of different programs and a link
to where they define Ctrl-E to go to the end of the line:
None of those programs actually uses readline directly, they just sort of
mimic emacs/readline keybindings. They don’t always mimic them exactly: for
example atuin seems to use Ctrl-A as a prefix, so Ctrl-A doesn’t go to the
beginning of the line.
Also all of these programs seem to implement their own internal cut and paste
buffers so you can delete a line with Ctrl-U and then paste it with Ctrl-Y.
The exceptions to this are:
git, cat, and nc) don’t have any line editing support at all (except for backspace, Ctrl-W, and Ctrl-U)I wrote more about this “what keybindings does a program support?” question in entering text in the terminal is complicated.
I’ve never seen a program (other than a text editor) where Ctrl-W doesn’t
delete the last word. This is similar to the Ctrl-C rule – by default if a
program is in “cooked mode”, the OS will delete the last word if you press
Ctrl-W, and delete the whole line if you press Ctrl-U. So usually programs
will imitate that behaviour.
I can’t think of any exceptions to this other than text editors but if there are I’d love to hear about them!
Most programs will disable colours when writing to a pipe. For example:
rg blah will highlight all occurrences of blah in the output, but if the
output is to a pipe or a file, it’ll turn off the highlighting.ls --color=auto will use colour when writing to a terminal, but not when
writing to a pipeBoth of those programs will also format their output differently when writing
to the terminal: ls will organize files into columns, and ripgrep will group
matches with headings.
If you want to force the program to use colour (for example because you want to
look at the colour), you can use unbuffer to force the program’s output to be
a tty like this:
unbuffer rg blah | less -R
I’m sure that there are some programs that “break” this rule but I can’t think
of any examples right now. Some programs have an --color flag that you can
use to force colour to be on, in the example above you could also do rg --color=always | less -R.
- means stdin/stdoutUsually if you pass - to a program instead of a filename, it’ll read from
stdin or write to stdout (whichever is appropriate). For example, if you want
to format the Python code that’s on your clipboard with black and then copy
it, you could run:
pbpaste | black - | pbcopy
(pbpaste is a Mac program, you can do something similar on Linux with xclip)
My impression is that most programs implement this if it would make sense and I can’t think of any exceptions right now, but I’m sure there are many exceptions.
These rules took me a long time for me to learn because I had to:
Ctrl-C will exit programs")Ctrl-C will exit find but not less”)Ctrl-C will generally quit
noninteractive programs, but in interactive programs it might interrupt the
current operation instead of quitting the program")A lot of my understanding of the terminal is honestly still in the “subconscious pattern recognition” stage. The only reason I’ve been taking the time to make things explicit at all is because I’ve been trying to explain how it works to others. Hopefully writing down these “rules” explicitly will make learning some of this stuff a little bit faster for others.
Here’s a niche terminal problem that has bothered me for years but that I never really understood until a few weeks ago. Let’s say you’re running this command to watch for some specific output in a log file:
tail -f /some/log/file | grep thing1 | grep thing2
If log lines are being added to the file relatively slowly, the result I’d see is… nothing! It doesn’t matter if there were matches in the log file or not, there just wouldn’t be any output.
I internalized this as “uh, I guess pipes just get stuck sometimes and don’t
show me the output, that’s weird”, and I’d handle it by just
running grep thing1 /some/log/file | grep thing2 instead, which would work.
So as I’ve been doing a terminal deep dive over the last few months I was really excited to finally learn exactly why this happens.
The reason why “pipes get stuck” sometimes is that it’s VERY common for programs to buffer their output before writing it to a pipe or file. So the pipe is working fine, the problem is that the program never even wrote the data to the pipe!
This is for performance reasons: writing all output immediately as soon as you can uses more system calls, so it’s more efficient to save up data until you have 8KB or so of data to write (or until the program exits) and THEN write it to the pipe.
In this example:
tail -f /some/log/file | grep thing1 | grep thing2
the problem is that grep thing1 is saving up all of its matches until it has
8KB of data to write, which might literally never happen.
Part of why I found this so disorienting is that tail -f file | grep thing
will work totally fine, but then when you add the second grep, it stops
working!! The reason for this is that the way grep handles buffering depends
on whether it’s writing to a terminal or not.
Here’s how grep (and many other programs) decides to buffer its output:
isatty function
So if grep is writing directly to your terminal then you’ll see the line as
soon as it’s printed, but if it’s writing to a pipe, you won’t.
Of course the buffer size isn’t always 8KB for every program, it depends on the implementation. For grep the buffering is handled by libc, and libc’s buffer size is
defined in the BUFSIZ variable. Here’s where that’s defined in glibc.
(as an aside: “programs do not use 8KB output buffers when writing to a terminal” isn’t, like, a law of terminal physics, a program COULD use an 8KB buffer when writing output to a terminal if it wanted, it would just be extremely weird if it did that, I can’t think of any program that behaves that way)
One annoying thing about this buffering behaviour is that you kind of need to remember which commands buffer their output when writing to a pipe.
Some commands that don’t buffer their output:
I think almost everything else will buffer output, especially if it’s a command where you’re likely to be using it for batch processing. Here’s a list of some common commands that buffer their output when writing to a pipe, along with the flag that disables block buffering.
--line-buffered)-u)fflush() function)-l)-u)-u)Those are all the ones I can think of, lots of unix commands (like sort) may
or may not buffer their output but it doesn’t matter because sort can’t do
anything until it finishes receiving input anyway.
Also I did my best to test both the Mac OS and GNU versions of these but there are a lot of variations and I might have made some mistakes.
Also, here are a few programming language where the default print statement will buffer output when writing to a pipe, and some ways to disable buffering if you want:
setvbuf)python -u, or PYTHONUNBUFFERED=1, or sys.stdout.reconfigure(line_buffering=False), or print(x, flush=True))STDOUT.sync = true)$| = 1)I assume that these languages are designed this way so that the default print function will be fast when you’re doing batch processing.
Also whether output is buffered or not might depend on how you print, for
example in C++ cout << "hello\n" buffers when writing to a pipe but cout << "hello" << endl will flush its output.
Ctrl-C on a pipe, the contents of the buffer are lostLet’s say you’re running this command as a hacky way to watch for DNS requests
to example.com, and you forgot to pass -l to tcpdump:
sudo tcpdump -ni any port 53 | grep example.com
When you press Ctrl-C, what happens? In a magical perfect world, what I would
want to happen is for tcpdump to flush its buffer, grep would search for
example.com, and I would see all the output I missed.
But in the real world, what happens is that all the programs get killed and the
output in tcpdump’s buffer is lost.
I think this problem is probably unavoidable – I spent a little time with
strace to see how this works and grep receives the SIGINT before
tcpdump anyway so even if tcpdump tried to flush its buffer grep would
already be dead.
After a little more investigation, there is a workaround: if you find
tcpdump’s PID and kill -TERM $PID, then tcpdump will flush the buffer so
you can see the output. That’s kind of a pain but I tested it and it seems to
work.
It’s not just pipes, this will also buffer:
sudo tcpdump -ni any port 53 > output.txt
Redirecting to a file doesn’t have the same “Ctrl-C will totally destroy the
contents of the buffer” problem though – in my experience it usually behaves
more like you’d want, where the contents of the buffer get written to the file
before the program exits. I’m not 100% sure whether this is something you can
always rely on or not.
Okay, let’s talk solutions. Let’s say you’ve run this command:
tail -f /some/log/file | grep thing1 | grep thing2
I asked people on Mastodon how they would solve this in practice and there were 5 basic approaches. Here they are:
Historically my solution to this has been to just avoid the “command writing to pipe slowly” situation completely and instead run a program that will finish quickly like this:
cat /some/log/file | grep thing1 | grep thing2 | tail
This doesn’t do the same thing as the original command but it does mean that you get to avoid thinking about these weird buffering issues.
(you could also do grep thing1 /some/log/file but I often prefer to use an
“unnecessary” cat)
You could remember that grep has a flag to avoid buffering and pass it like this:
tail -f /some/log/file | grep --line-buffered thing1 | grep thing2
Some people said that if they’re specifically dealing with a multiple greps
situation, they’ll rewrite it to use a single awk instead, like this:
tail -f /some/log/file | awk '/thing1/ && /thing2/'
Or you would write a more complicated grep, like this:
tail -f /some/log/file | grep -E 'thing1.*thing2'
(awk also buffers, so for this to work you’ll want awk to be the last command in the pipeline)
stdbufstdbuf uses LD_PRELOAD to turn off libc’s buffering, and you can use it to turn off output buffering like this:
tail -f /some/log/file | stdbuf -o0 grep thing1 | grep thing2
Like any LD_PRELOAD solution it’s a bit unreliable – it doesn’t work on
static binaries, I think won’t work if the program isn’t using libc’s
buffering, and doesn’t always work on Mac OS. Harry Marr has a really nice How stdbuf works post.
unbufferunbuffer program will force the program’s output to be a TTY, which means
that it’ll behave the way it normally would on a TTY (less buffering, colour
output, etc). You could use it in this example like this:
tail -f /some/log/file | unbuffer grep thing1 | grep thing2
Unlike stdbuf it will always work, though it might have unwanted side
effects, for example grep thing1’s will also colour matches.
If you want to install unbuffer, it’s in the expect package.
It’s a bit hard for me to say which one is “best”, I think personally I’m
mostly likely to use unbuffer because I know it’s always going to work.
If I learn about more solutions I’ll try to add them to this post.
I think it’s not very common for me to have a program that slowly trickles data into a pipe like this, normally if I’m using a pipe a bunch of data gets written very quickly, processed by everything in the pipeline, and then everything exits. The only examples I can come up with right now are:
tail -fkubectl logsI think it would be cool if there were a standard environment variable to turn
off buffering, like PYTHONUNBUFFERED in Python. I got this idea from a
couple of blog posts by Mark Dominus
in 2018. Maybe NO_BUFFER like NO_COLOR?
The design seems tricky to get right; Mark points out that NETBSD has environment variables called STDBUF, STDBUF1, etc which gives you a
ton of control over buffering but I imagine most developers don’t want to
implement many different environment variables to handle a relatively minor
edge case.
I’m also curious about whether there are any programs that just automatically flush their output buffers after some period of time (like 1 second). It feels like it would be nice in theory but I can’t think of any program that does that so I imagine there are some downsides.
Some things I didn’t talk about in this post since these posts have been getting pretty long recently and seriously does anyone REALLY want to read 3000 words about buffering?
I like writing Javascript without a build system and for the millionth time yesterday I ran into a problem where I needed to figure out how to import a Javascript library in my code without using a build system, and it took FOREVER to figure out how to import it because the library’s setup instructions assume that you’re using a build system.
Luckily at this point I’ve mostly learned how to navigate this situation and either successfully use the library or decide it’s too difficult and switch to a different library, so here’s the guide I wish I had to importing Javascript libraries years ago.
I’m only going to talk about using Javacript libraries on the frontend, and only about how to use them in a no-build-system setup.
In this post I’m going to talk about:
There are 3 basic types of Javascript files a library can provide:
<script src> and it’ll Just Work. Great if you
can get it but not always availableI’m not sure if there’s a better name for the “classic” type but I’m just going to call it “classic”. Also there’s a type called “AMD” but I’m not sure how relevant it is in 2024.
Now that we know the 3 types of files, let’s talk about how to figure out which of these the library actually provides!
Every Javascript library has a build which it uploads to NPM. You might be thinking (like I did originally) – Julia! The whole POINT is that we’re not using Node to build our library! Why are we talking about NPM?
But if you’re using a link from a CDN like https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js, you’re still using the NPM build! All the files on the CDNs originally come from NPM.
Because of this, I sometimes like to npm install the library even if I’m not
planning to use Node to build my library at all – I’ll just create a new temp
folder, npm install there, and then delete it when I’m done. I like being able to poke
around in the files in the NPM build on my filesystem, because then I can be
100% sure that I’m seeing everything that the library is making available in
its build and that the CDN isn’t hiding something from me.
So let’s npm install a few libraries and try to figure out what types of
Javascript files they provide in their builds!
First let’s look inside Chart.js, a plotting library.
$ cd /tmp/whatever
$ npm install chart.js
$ cd node_modules/chart.js/dist
$ ls *.*js
chart.cjs chart.js chart.umd.js helpers.cjs helpers.js
This library seems to have 3 basic options:
option 1: chart.cjs. The .cjs suffix tells me that this is a CommonJS
file, for using in Node. This means it’s impossible to use it directly in the
browser without some kind of build step.
option 2:chart.js. The .js suffix by itself doesn’t tell us what kind of
file it is, but if I open it up, I see import '@kurkle/color'; which is an
immediate sign that this is an ES module – the import ... syntax is ES
module syntax.
option 3: chart.umd.js. “UMD” stands for “Universal Module Definition”,
which I think means that you can use this file either with a basic <script src>, CommonJS,
or some third thing called AMD that I don’t understand.
When I was using Chart.js I picked Option 3. I just needed to add this to my code:
<script src="./chart.umd.js"> </script>
and then I could use the library with the global Chart environment variable.
Couldn’t be easier. I just copied chart.umd.js into my Git repository so that
I didn’t have to worry about using NPM or the CDNs going down or anything.
dist directoryA lot of libraries will put their build in the dist directory, but not
always! The build files’ location is specified in the library’s package.json.
For example here’s an excerpt from Chart.js’s package.json.
"jsdelivr": "./dist/chart.umd.js",
"unpkg": "./dist/chart.umd.js",
"main": "./dist/chart.cjs",
"module": "./dist/chart.js",
I think this is saying that if you want to use an ES Module (module) you
should use dist/chart.js, but the jsDelivr and unpkg CDNs should use
./dist/chart.umd.js. I guess main is for Node.
chart.js’s package.json also says "type": "module", which according to this documentation
tells Node to treat files as ES modules by default. I think it doesn’t tell us
specifically which files are ES modules and which ones aren’t but it does tell
us that something in there is an ES module.
@atcute/oauth-browser-client@atcute/oauth-browser-client
is a library for logging into Bluesky with OAuth in the browser.
Let’s see what kinds of Javascript files it provides in its build!
$ npm install @atcute/oauth-browser-client
$ cd node_modules/@atcute/oauth-browser-client/dist
$ ls *js
constants.js dpop.js environment.js errors.js index.js resolvers.js
It seems like the only plausible root file in here is index.js, which looks
something like this:
export { configureOAuth } from './environment.js';
export * from './errors.js';
export * from './resolvers.js';
This export syntax means it’s an ES module. That means we can use it in
the browser without a build step! Let’s see how to do that.
Using an ES module isn’t an easy as just adding a <script src="whatever.js">. Instead, if
the ES module has dependencies (like @atcute/oauth-browser-client does) the
steps are:
import { configureOAuth } from '@atcute/oauth-browser-client'; in your JS code<script type="module" src="YOURSCRIPT.js"></script>The reason we need an import map instead of just doing something like import { BrowserOAuthClient } from "./oauth-client-browser.js" is that internally the module has more import statements like import {something} from @atcute/client, and we need to tell the browser where to get the code for @atcute/client and all of its other dependencies.
Here’s what the importmap I used looks like for @atcute/oauth-browser-client:
<script type="importmap">
{
"imports": {
"nanoid": "./node_modules/nanoid/bin/dist/index.js",
"nanoid/non-secure": "./node_modules/nanoid/non-secure/index.js",
"nanoid/url-alphabet": "./node_modules/nanoid/url-alphabet/dist/index.js",
"@atcute/oauth-browser-client": "./node_modules/@atcute/oauth-browser-client/dist/index.js",
"@atcute/client": "./node_modules/@atcute/client/dist/index.js",
"@atcute/client/utils/did": "./node_modules/@atcute/client/dist/utils/did.js"
}
}
</script>
Getting these import maps to work is pretty fiddly, I feel like there must be a tool to generate them automatically but I haven’t found one yet. It’s definitely possible to write a script that automatically generates the importmaps using esbuild’s metafile but I haven’t done that and maybe there’s a better way.
I decided to set up importmaps yesterday to get github.com/jvns/bsky-oauth-example to work, so there’s some example code in that repo.
Also someone pointed me to Simon Willison’s download-esm, which will download an ES module and rewrite the imports to point to the JS files directly so that you don’t need importmaps. I haven’t tried it yet but it seems like a great idea.
I did run into some problems with using importmaps in the browser though – it needed to download dozens of Javascript files to load my site, and my webserver in development couldn’t keep up for some reason. I kept seeing files fail to load randomly and then had to reload the page and hope that they would succeed this time.
It wasn’t an issue anymore when I deployed my site to production, so I guess it was a problem with my local dev environment.
Also one slightly annoying thing about ES modules in general is that you need to
be running a webserver to use them, I’m sure this is for a good reason but it’s
easier when you can just open your index.html file without starting a
webserver.
Because of the “too many files” thing I think actually using ES modules with importmaps in this way isn’t actually that appealing to me, but it’s good to know it’s possible.
If the ES module doesn’t have dependencies then it’s even easier – you don’t need the importmaps! You can just:
<script type="module" src="YOURCODE.js"></script> in your HTML. The type="module" is important.import {whatever} from "https://example.com/whatever.js" in YOURCODE.jsIf you don’t want to use importmaps, you can also use a build system like esbuild. I talked about how to do that in Some notes on using esbuild, but this blog post is about ways to avoid build systems completely so I’m not going to talk about that option here. I do still like esbuild though and I think it’s a good option in this case.
CanIUse says that importmaps are in
“Baseline 2023: newly available across major browsers” so my sense is that in
2024 that’s still maybe a little bit too new? I think I would use importmaps
for some fun experimental code that I only wanted like myself and 12 people to
use, but if I wanted my code to be more widely usable I’d use esbuild instead.
@atproto/oauth-client-browserLet’s look at one final example library! This is a different Bluesky auth
library than @atcute/oauth-browser-client.
$ npm install @atproto/oauth-client-browser
$ cd node_modules/@atproto/oauth-client-browser/dist
$ ls *js
browser-oauth-client.js browser-oauth-database.js browser-runtime-implementation.js errors.js index.js indexed-db-store.js util.js
Again, it seems like only real candidate file here is index.js. But this is a
different situation from the previous example library! Let’s take a look at
index.js:
There’s a bunch of stuff like this in index.js:
__exportStar(require("@atproto/oauth-client"), exports);
__exportStar(require("./browser-oauth-client.js"), exports);
__exportStar(require("./errors.js"), exports);
var util_js_1 = require("./util.js");
This require() syntax is CommonJS syntax, which means that we can’t use this
file in the browser at all, we need to use some kind of build step, and
ESBuild won’t work either.
Also in this library’s package.json it says "type": "commonjs" which is
another way to tell it’s CommonJS.
Originally I thought it was impossible to use CommonJS modules without learning a build system, but then someone Bluesky told me about esm.sh! It’s a CDN that will translate anything into an ES Module. skypack.dev does something similar, I’m not sure what the difference is but one person mentioned that if one doesn’t work sometimes they’ll try the other one.
For @atproto/oauth-client-browser using it seems pretty simple, I just need to put this in my HTML:
<script type="module" src="script.js"> </script>
and then put this in script.js.
import { BrowserOAuthClient } from "https://esm.sh/@atproto/oauth-client-browser@0.3.0"
It seems to Just Work, which is cool! Of course this is still sort of using a build system – it’s just that esm.sh is running the build instead of me. My main concerns with this approach are:
I also learned that you can also use esbuild to convert a CommonJS module
into an ES module, though there are some limitations – the import { BrowserOAuthClient } from syntax doesn’t work. Here’s a github issue about that.
I think the esbuild approach is probably more appealing to me than the
esm.sh approach because it’s a tool that I already have on my computer so I
trust it more. I haven’t experimented with this much yet though.
Here’s a summary of the three types of JS files you might encounter, options for how to use them, and how to identify them.
Unhelpfully a .js or .min.js file extension could be any of these 3
options, so if the file is something.js you need to do more detective work to
figure out what you’re dealing with.
<script src="whatever.js"></script>.umd.js extension<script src=... tag and see if it worksimport {whatever} from "./my-module.js" directly in your codeimport {whatever} from "my-module"
import or export statement. (not module.exports = ..., that’s CommonJS).mjs extension"type": "module" in package.json (though it’s not clear to me which file exactly this refers to)https://esm.sh/@atproto/oauth-client-browser@0.3.0require() or module.exports = ... in the code.cjs extension"type": "commonjs" in package.json (though it’s not clear to me which file exactly this refers to)The main difference between CommonJS modules and ES modules from my perspective is that ES modules are actually a standard. This makes me feel a lot more confident using them, because browsers commit to backwards compatibility for web standards forever – if I write some code using ES modules today, I can feel sure that it’ll still work the same way in 15 years.
It also makes me feel better about using tooling like esbuild because even if
the esbuild project dies, because it’s implementing a standard it feels likely
that there will be another similar tool in the future that I can replace it
with.
A lot of the time when I talk about this stuff I get responses like “I hate javascript!!! it’s the worst!!!”. But my experience is that there are a lot of great tools for Javascript (I just learned about https://esm.sh yesterday which seems great! I love esbuild!), and that if I take the time to learn how things works I can take advantage of some of those tools and make my life a lot easier.
So the goal of this post is definitely not to complain about Javascript, it’s to understand the landscape so I can use the tooling in a way that feels good to me.
Here are some questions I still have, I’ll add the answers into the post if I learn the answer.
atcute-client.js), but so that in the browser I can still import multiple
different paths from that file (like both @atcute/client/lexicons and
@atcute/client)?Here’s a list of every tool we talked about in this post:
Writing this post has made me think that even though I usually don’t want to
have a build that I run every time I update the project, I might be willing to
have a build step (using download-esm or something) that I run only once
when setting up the project and never run again except maybe if I’m updating my
dependency versions.
Thanks to Marco Rogers who taught me a lot of the things in this post. I’ve probably made some mistakes in this post and I’d love to know what they are – let me know on Bluesky or Mastodon!
I added a new section to this site a couple weeks ago called TIL (“today I learned”).
One kind of thing I like to post on Mastodon/Bluesky is “hey, here’s a cool thing”, like the great SQLite repl litecli, or the fact that cross compiling in Go Just Works and it’s amazing, or cryptographic right answers, or this great diff tool. Usually I don’t want to write a whole blog post about those things because I really don’t have much more to say than “hey this is useful!”
It started to bother me that I didn’t have anywhere to put those things: for example recently I wanted to use diffdiff and I just could not remember what it was called.
So I quickly made a new folder called /til/, added some
custom styling (I wanted to style the posts to look a little bit like a tweet),
made a little Rake task to help me create new posts quickly (rake new_til), and
set up a separate RSS Feed for it.
I think this new section of the blog might be more for myself than anything, now when I forget the link to Cryptographic Right Answers I can hopefully look it up on the TIL page. (you might think “julia, why not use bookmarks??” but I have been failing to use bookmarks for my whole life and I don’t see that changing ever, putting things in public is for whatever reason much easier for me)
So far it’s been working, often I can actually just make a quick post in 2 minutes which was the goal.
My page is inspired by Simon Willison’s great TIL blog, though my TIL posts are a lot shorter.
This came about because I spent a lot of time on Twitter, so I’ve been thinking about what I want to do about all of my tweets.
I keep reading the advice to “POSSE” (“post on your own site, syndicate elsewhere”), and while I find the idea appealing in principle, for me part of the appeal of social media is that it’s a little bit ephemeral. I can post polls or questions or observations or jokes and then they can just kind of fade away as they become less relevant.
I find it a lot easier to identify specific categories of things that I actually want to have on a Real Website That I Own:
and then let everything else be kind of ephemeral.
I really believe in the advice to make email lists though – the first two (blog posts & comics) both have email lists and RSS feeds that people can subscribe to if they want. I might add a quick summary of any TIL posts from that week to the “blog posts from this week” mailing list.
Here's where you can find me at IETF 121 in Dublin!
Hello! I’ve been thinking about the terminal a lot and yesterday I got curious
about all these “control codes”, like Ctrl-A, Ctrl-C, Ctrl-W, etc. What’s
the deal with all of them?
Here’s a table of all 33 ASCII control characters, and what they do on my machine (on Mac OS), more or less. There are about a million caveats, but I’ll talk about what it means and all the problems with this diagram that I know about.
You can also view it as an HTML page (I just made it an image so it would show up in RSS).
The first surprising thing about this diagram to me is that there are 33 control codes, split into (very roughly speaking) these categories:
3 (Ctrl-C), it’ll send a SIGINT signal to
the current programEnter, Tab, Backspace). For example when you press Enter, your
terminal gets sent 13.readline: “the application can do whatever it wants”
often means “it’ll do more or less what the readline library does,
whether the application actually uses readline or not”, so I’ve
labelled a bunch of the codes that readline usesCtrl-X has no standard meaning in the
terminal in general but emacs uses it very heavilyThere’s no real structure to which codes are in which categories, they’re all just kind of randomly scattered because this evolved organically.
(If you’re curious about readline, I wrote more about readline in entering text in the terminal is complicated, and there are a lot of cheat sheets out there)
Something else that I find a little surprising is that are only 33 control codes –
A to Z, plus 7 more (@, [, \, ], ^, _, ?). This means that if you want to
have for example Ctrl-1 as a keyboard shortcut in a terminal application,
that’s not really meaningful – on my machine at least Ctrl-1 is exactly the
same thing as just pressing 1, Ctrl-3 is the same as Ctrl-[, etc.
Also Ctrl+Shift+C isn’t a control code – what it does depends on your
terminal emulator. On Linux Ctrl-Shift-X is often used by the terminal
emulator to copy or open a new tab or paste for example, it’s not sent to the
TTY at all.
Also I use Ctrl+Left Arrow all the time, but that isn’t a control code,
instead it sends an ANSI escape sequence (ctrl-[[1;5D) which is a different
thing which we absolutely do not have space for in this post.
This “there are only 33 codes” thing is totally different from how keyboard
shortcuts work in a GUI where you can have Ctrl+KEY for any key you want.
Each of these 33 control codes has a name in ASCII (for example 3 is ETX).
When all of these control codes were originally defined, they weren’t being
used for computers or terminals at all, they were used for the telegraph machine.
Telegraph machines aren’t the same as UNIX terminals so a lot of the codes were repurposed to mean something else.
Personally I don’t find these ASCII names very useful, because 50% of the time the name in ASCII has no actual relationship to what that code does on UNIX systems today. So it feels easier to just ignore the ASCII names completely instead of trying to figure which ones still match their original meaning.
Another thing that’s a bit weird is that Ctrl-M is literally the same as
Enter, and Ctrl-I is the same as Tab, which makes it hard to use those two as keyboard shortcuts.
From some quick research, it seems like some folks do still use Ctrl-I and
Ctrl-M as keyboard shortcuts (here’s an example), but to do that
you need to configure your terminal emulator to treat them differently than the
default.
For me the main takeaway is that if I ever write a terminal application I
should avoid Ctrl-I and Ctrl-M as keyboard shortcuts in it.
While writing this I needed to do a bunch of experimenting to figure out what various key combinations did, so I wrote this Python script echo-key.py that will print them out.
There’s probably a more official way but I appreciated having a script I could customize.
Two of these codes (Ctrl-W and Ctrl-U) are labelled in the table as
“handled by the OS”, but actually they’re not always handled by the OS, it
depends on whether the terminal is in “canonical” mode or in “noncanonical mode”.
In canonical mode,
programs only get input when you press Enter (and the OS is in charge of deleting characters when you press Backspace or Ctrl-W). But in noncanonical mode the program gets
input immediately when you press a key, and the Ctrl-W and Ctrl-U codes are passed through to the program to handle any way it wants.
Generally in noncanonical mode the program will handle Ctrl-W and Ctrl-U
similarly to how the OS does, but there are some small differences.
Some examples of programs that use canonical mode:
grep or catgit, I thinkExamples of programs that use noncanonical mode:
python3, irb and other REPLsless or vimsttyI said that Ctrl-C sends SIGINT but technically this is not necessarily
true, if you really want to you can remap all of the codes labelled “OS
terminal driver”, plus Backspace, using a tool called stty, and you can view
the mappings with stty -a.
Here are the mappings on my machine right now:
$ stty -a
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = <undef>;
eol2 = <undef>; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ^T;
stop = ^S; susp = ^Z; time = 0; werase = ^W;
I have personally never remapped any of these and I cannot imagine a reason I
would (I think it would be a recipe for confusion and disaster for me), but I
asked on Mastodon and people said the most common reasons they used
stty were:
stty sanestty erase ^H to change how Backspace worksstty ixoffSIGINT to a different key, like their DELETE keyTwo signals caveats:
ISIG terminal mode is turned off, then the OS won’t send signals. For example vim turns off ISIGCtrl-T) which sends SIGINFOYou can see which terminal modes a program is setting using strace like this,
terminal modes are set with the ioctl system call:
$ strace -tt -o out vim
$ grep ioctl out | grep SET
here are the modes vim sets when it starts (ISIG and ICANON are
missing!):
17:43:36.670636 ioctl(0, TCSETS, {c_iflag=IXANY|IMAXBEL|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST, c_cflag=B38400|CS8|CREAD,
c_lflag=ECHOK|ECHOCTL|ECHOKE|PENDIN, ...}) = 0
and it resets the modes when it exits:
17:43:38.027284 ioctl(0, TCSETS, {c_iflag=ICRNL|IXANY|IMAXBEL|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD,
c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE|PENDIN, ...}) = 0
I think the specific combination of modes vim is using here might be called “raw mode”, man cfmakeraw talks about that.
Related to “there are only 33 codes”, there are a lot of conflicts where
different parts of the system want to use the same code for different things,
for example by default Ctrl-S will freeze your screen, but if you turn that
off then readline will use Ctrl-S to do a forward search.
Another example is that on my machine sometimes Ctrl-T will send SIGINFO
and sometimes it’ll transpose 2 characters and sometimes it’ll do something
completely different depending on:
ISIG setreadline / imitates readline’s behaviourIn this diagram I’ve labelled code 127 as “backspace” and 8 as “other backspace”. Uh, what?
I think this was the single biggest topic of discussion in the replies on Mastodon – apparently there’s a LOT of history to this and I’d never heard of any of it before.
First, here’s how it works on my machine:
Backspace key127, which is called DEL in ASCII127 mapped to “backspace” (so it works both in canonical mode and noncanonical mode)If I press Ctrl+H, it has the same effect as Backspace if I’m using
readline, but in a program without readline support (like cat for instance),
it just prints out ^H.
Apparently Step 2 above is different for some folks – their Backspace key sends
the byte 8 instead of 127, and so if they want Backspace to work then they
need to configure the OS (using stty) to set erase = ^H.
There’s an incredible section of the Debian Policy Manual on keyboard configuration
that describes how Delete and Backspace should work according to Debian
policy, which seems very similar to how it works on my Mac today. My
understanding (via this mastodon post)
is that this policy was written in the 90s because there was a lot of confusion
about what Backspace should do in the 90s and there needed to be a standard
to get everything to work.
There’s a bunch more historical terminal stuff here but that’s all I’ll say for now.
I’ve probably missed a bunch more ways that “how it works on my machine” might be different from how it works on other people’s machines, and I’ve probably made some mistakes about how it works on my machine too. But that’s all I’ve got for today.
Some more stuff I know that I’ve left out: according to stty -a Ctrl-O is
“discard”, Ctrl-R is “reprint”, and Ctrl-Y is “dsusp”. I have no idea how
to make those actually do anything (pressing them does not do anything
obvious, and some people have told me what they used to do historically but
it’s not clear to me if they have a use in 2024), and a lot of the time in practice
they seem to just be passed through to the application anyway so I just
labelled Ctrl-R and Ctrl-Y as
readline.
Also I want to say that I think the contents of this post are kind of interesting
but I don’t think they’re necessarily that useful. I’ve used the terminal
pretty successfully every day for the last 20 years without knowing literally
any of this – I just knew what Ctrl-C, Ctrl-D, Ctrl-Z, Ctrl-R,
Ctrl-L did in practice (plus maybe Ctrl-A, Ctrl-E and Ctrl-W) and did
not worry about the details for the most part, and that was
almost always totally fine except when I was trying to use xterm.js.
But I had fun learning about it so maybe it’ll be interesting to you too.
I’ve been having problems for the last 3 years or so where Mess With DNS periodically runs out of memory and gets OOM killed.
This hasn’t been a big priority for me: usually it just goes down for a few minutes while it restarts, and it only happens once a day at most, so I’ve just been ignoring. But last week it started actually causing a problem so I decided to look into it.
This was kind of winding road where I learned a lot so here’s a table of contents:
I run Mess With DNS on a VM without about 465MB of RAM, which according to
ps aux (the RSS column) is split up something like:
That leaves about 110MB of memory free.
A while back I set GOMEMLIMIT to 250MB to try to make sure the garbage collector ran if Mess With DNS used more than 250MB of memory, and I think this helped but it didn’t solve everything.
A few weeks ago I started backing up Mess With DNS’s database for the first time using restic.
This has been working okay, but since Mess With DNS operates without much extra
memory I think restic sometimes needed more memory than was available on the
system, and so the backup script sometimes got OOM killed.
This was a problem because
There’s probably more than one solution to this, but I decided to try to make Mess With DNS use less memory so that there was more available memory on the system, mostly because it seemed like a fun problem to try to solve.
I’d run a memory profile of Mess With DNS a bunch of times in the past, so I knew exactly what was using most of Mess With DNS’s memory: IP addresses.
When it starts, Mess With DNS loads this database where you can look up the
ASN of every IP address into memory, so that when it
receives a DNS query it can take the source IP address like 74.125.16.248 and
tell you that IP address belongs to GOOGLE.
This database by itself used about 117MB of memory, and a simple du told me
that was too much – the original text files were only 37MB!
$ du -sh *.tsv
26M ip2asn-v4.tsv
11M ip2asn-v6.tsv
The way it worked originally is that I had an array of these:
type IPRange struct {
StartIP net.IP
EndIP net.IP
Num int
Name string
Country string
}
and I searched through it with a binary search to figure out if any of the ranges contained the IP I was looking for. Basically the simplest possible thing and it’s super fast, my machine can do about 9 million lookups per second.
I’ve been using SQLite recently, so my first thought was – maybe I can store all of this data on disk in an SQLite database, give the tables an index, and that’ll use less memory.
So I:
This did solve the initial memory goal (after a GC it now hardly used any memory at all because the table was on disk!), though I’m not sure how much GC churn this solution would cause if we needed to do a lot of queries at once. I did a quick memory profile and it seemed to allocate about 1KB of memory per lookup.
Let’s talk about the issues I ran into with using SQLite though.
SQLite doesn’t have support for big integers and IPv6 addresses are 128 bits,
so I decided to store them as text. I think BLOB might have been better, I
originally thought BLOBs couldn’t be compared but the sqlite docs say they can.
I ended up with this schema:
CREATE TABLE ipv4_ranges (
start_ip INTEGER NOT NULL,
end_ip INTEGER NOT NULL,
asn INTEGER NOT NULL,
country TEXT NOT NULL,
name TEXT NOT NULL
);
CREATE TABLE ipv6_ranges (
start_ip TEXT NOT NULL,
end_ip TEXT NOT NULL,
asn INTEGER,
country TEXT,
name TEXT
);
CREATE INDEX idx_ipv4_ranges_start_ip ON ipv4_ranges (start_ip);
CREATE INDEX idx_ipv6_ranges_start_ip ON ipv6_ranges (start_ip);
CREATE INDEX idx_ipv4_ranges_end_ip ON ipv4_ranges (end_ip);
CREATE INDEX idx_ipv6_ranges_end_ip ON ipv6_ranges (end_ip);
Also I learned that Python has an ipaddress module, so I could use
ipaddress.ip_address(s).exploded to make sure that the IPv6 addresses were
expanded so that a string comparison would compare them properly.
I ran a quick microbenchmark, something like this. It printed out that it could look up 17,000 IPv6 addresses per second, and similarly for IPv4 addresses.
This was pretty discouraging – being able to look up 17k addresses per section is kind of fine (Mess With DNS does not get a lot of traffic), but I compared it to the original binary search code and the original code could do 9 million per second.
ips := []net.IP{}
count := 20000
for i := 0; i < count; i++ {
// create a random IPv6 address
bytes := randomBytes()
ip := net.IP(bytes[:])
ips = append(ips, ip)
}
now := time.Now()
success := 0
for _, ip := range ips {
_, err := ranges.FindASN(ip)
if err == nil {
success++
}
}
fmt.Println(success)
elapsed := time.Since(now)
fmt.Println("number per second", float64(count)/elapsed.Seconds())
I’d never really done an EXPLAIN in sqlite, so I thought it would be a fun opportunity to see what the query plan was doing.
sqlite> explain query plan select * from ipv6_ranges where '2607:f8b0:4006:0824:0000:0000:0000:200e' BETWEEN start_ip and end_ip;
QUERY PLAN
`--SEARCH ipv6_ranges USING INDEX idx_ipv6_ranges_end_ip (end_ip>?)
It looks like it’s just using the end_ip index and not the start_ip index,
so maybe it makes sense that it’s slower than the binary search.
I tried to figure out if there was a way to make SQLite use both indexes, but I couldn’t find one and maybe it knows best anyway.
At this point I gave up on the SQLite solution, I didn’t love that it was slower and also it’s a lot more complex than just doing a binary search. I felt like I’d rather keep something much more similar to the binary search.
A few things I tried with SQLite that did not cause it to use both indexes:
ANALYZEINTERSECT to intersect the results of start_ip < ? and ? < end_ip. This did make it use both indexes, but it also seemed to make the
query literally 1000x slower, probably because it needed to create the
results of both subqueries in memory and intersect them.My next idea was to use a trie, because I had some vague idea that maybe a trie would use less memory, and I found this library called ipaddress-go that lets you look up IP addresses using a trie.
I tried using it here’s the code, but I think I was doing something wildly wrong because, compared to my naive array + binary search:
I’m not really sure what went wrong here but I gave up on this approach and decided to just try to make my array use less memory and stick to a simple binary search.
One thing I learned about memory profiling is that you can use runtime
package to see how much memory is currently allocated in the program. That’s
how I got all the memory numbers in this post. Here’s the code:
func memusage() {
runtime.GC()
var m runtime.MemStats
runtime.ReadMemStats(&m)
fmt.Printf("Alloc = %v MiB\n", m.Alloc/1024/1024)
// write mem.prof
f, err := os.Create("mem.prof")
if err != nil {
log.Fatal(err)
}
pprof.WriteHeapProfile(f)
f.Close()
}
Also I learned that if you use pprof to analyze a heap profile there are two
ways to analyze it: you can pass either --alloc-space or --inuse-space to
go tool pprof. I don’t know how I didn’t realize this before but
alloc-space will tell you about everything that was allocated, and
inuse-space will just include memory that’s currently in use.
Anyway I ran go tool pprof -pdf --inuse_space mem.prof > mem.pdf a lot. Also
every time I use pprof I find myself referring to my own intro to pprof, it’s probably
the blog post I wrote that I use the most often. I should add --alloc-space
and --inuse-space to it.
I was storing my ip2asn entries like this:
type IPRange struct {
StartIP net.IP
EndIP net.IP
Num int
Name string
Country string
}
I had 3 ideas for ways to improve this:
Name and the Country, because a lot of IP ranges belong to the same ASNnet.IP is an []byte under the hood, which felt like it involved an unnecessary pointer, was there a way to inline it into the struct?I figured I could store the ASN info in an array, and then just store the index
into the array in my IPRange struct. Here are the structs so you can see what
I mean:
type IPRange struct {
StartIP netip.Addr
EndIP netip.Addr
ASN uint32
Idx uint32
}
type ASNInfo struct {
Country string
Name string
}
type ASNPool struct {
asns []ASNInfo
lookup map[ASNInfo]uint32
}
This worked! It brought memory usage from 117MB to 65MB – a 50MB savings. I felt good about this.
Here’s all of the code for that part.
As an aside – I’m storing the ASN in a uint32, is that right? I looked in the ip2asn
file and the biggest one seems to be 401307, though there are a few lines that
say 4294901931 which is much bigger, but also are just inside the range of a
uint32. So I can definitely use a uint32.
59.101.179.0 59.101.179.255 4294901931 Unknown AS4294901931
netip.Addr instead of net.IPIt turns out that I’m not the only one who felt that net.IP was using an
unnecessary amount of memory – in 2021 the folks at Tailscale released a new
IP address library for Go which solves this and many other issues. They wrote a great blog post about it.
I discovered (to my delight) that not only does this new IP address library exist and do exactly what I want, it’s also now in the Go
standard library as netip.Addr. Switching to netip.Addr was
very easy and saved another 20MB of memory, bringing us to 46MB.
I didn’t try my third idea (remove the end IP from the struct) because I’d already been programming for long enough on a Saturday morning and I was happy with my progress.
It’s always such a great feeling when I think “hey, I don’t like this, there must be a better way” and then immediately discover that someone has already made the exact thing I want, thought about it a lot more than me, and implemented it much better than I would have.
Even though I tried to explain this in a simple linear way “I tried X, then I tried Y, then I tried Z”, that’s kind of a lie – I always try to take my actual debugging process (total chaos) and make it seem more linear and understandable because the reality is just too annoying to write down. It’s more like:
runtime to check how much
memory everything is using, start doing thatSomeone asked why I don’t just give the VM more memory. I could very easily afford to pay for a VM with 1GB of memory, but I feel like 512MB really should be enough (and really that 256MB should be enough!) so I’d rather stay inside that constraint. It’s kind of a fun puzzle.
Folks had a lot of good ideas I hadn’t thought of. Recording them as inspiration if I feel like having another Fun Performance Day at some point.
ASNPool. Someone tried this and it uses more memory, probably because Go’s pointers are 64 bitsGOARCH=386 to use 32-bit pointers to sace space (maybe in combination with using unique!)I deployed the new version and now Mess With DNS is using less memory! Hooray!
A few other notes:
I’m honestly not sure if this will solve all my memory problems, probably not! But I had fun, I learned a few things about SQLite, I still don’t know what to think about tries, and it made me love binary search even more than I already did.
Warning: this is a post about very boring yakshaving, probably only of interest to people who are trying to upgrade Hugo from a very old version to a new version. But what are blogs for if not documenting one’s very boring yakshaves from time to time?
So yesterday I decided to try to upgrade Hugo. There’s no real reason to do this – I’ve been using Hugo version 0.40 to generate this blog since 2018, it works fine, and I don’t have any problems with it. But I thought – maybe it won’t be as hard as I think, and I kind of like a tedious computer task sometimes!
I thought I’d document what I learned along the way in case it’s useful to anyone else doing this very specific migration. I upgraded from Hugo v0.40 (from 2018) to v0.135 (from 2024).
Here are most of the changes I had to make:
template "theme/partials/thing.html is now partial thing.htmlI had to replace a bunch of instances of {{ template "theme/partials/header.html" . }} with {{ partial "header.html" . }}.
This happened in v0.42:
We have now virtualized the filesystems for project and theme files. This makes everything simpler, faster and more powerful. But it also means that template lookups on the form {{ template “theme/partials/pagination.html” . }} will not work anymore. That syntax has never been documented, so it’s not expected to be in wide use.
.Data.Pages is now site.RegularPagesThis seems to be discussed in the release notes for 0.57.2
I just needed to replace .Data.Pages with site.RegularPages in the template on the homepage as well as in my RSS feed template.
.Next and .Prev got flippedI had this comment in the part of my theme where I link to the next/previous blog post:
“next” and “previous” in hugo apparently mean the opposite of what I’d think they’d mean intuitively. I’d expect “next” to mean “in the future” and “previous” to mean “in the past” but it’s the opposite
It looks they changed this in ad705aac064 so that “next” actually is in the future and “prev” actually is in the past. I definitely find the new behaviour more intuitive.
Figuring out why/when all of these changes happened was a little difficult. I ended up hacking together a bash script to download all of the changelogs from github as text files, which I could then grep to try to figure out what happened. It turns out it’s pretty easy to get all of the changelogs from the GitHub API.
So far everything was not so bad – there was also a change around taxonomies that’s I can’t quite explain, but it was all pretty manageable, but then we got to the really tough one: the markdown renderer.
The blackfriday markdown renderer (which was previously the default) was removed in v0.100.0. This seems pretty reasonable:
It has been deprecated for a long time, its v1 version is not maintained anymore, and there are many known issues. Goldmark should be a mature replacement by now.
Fixing all my Markdown changes was a huge pain – I ended up having to update 80 different Markdown files (out of 700) so that they would render properly, and I’m not totally sure
The obvious question here is – why bother even trying to upgrade Hugo at all if I have to switch Markdown renderers? My old site was running totally fine and I think it wasn’t necessarily a good use of time, but the one reason I think it might be useful in the future is that the new renderer (goldmark) uses the CommonMark markdown standard, which I’m hoping will be somewhat more futureproof. So maybe I won’t have to go through this again? We’ll see.
Also it turned out that the new Goldmark renderer does fix some problems I had (but didn’t know that I had) with smart quotes and how lists/blockquotes interact.
The hard part of this Markdown change was even figuring out what changed. Almost all of the problems (including #2 and #3 above) just silently broke the site, they didn’t cause any errors or anything. So I had to diff the HTML to hunt them down.
Here’s what I ended up doing:
public_oldpublicpublic/ and public_old with this diff.sh script and put the results in a diffs/ folderfind diffs -type f | xargs cat | grep -C 5 '(31m|32m)' | less -r over and over again to look at every single change until I found something that seemed wrong(the grep 31m|32m thing is searching for red/green text in the diff)
This was very time consuming but it was a little bit fun for some reason so I kept doing it until it seemed like nothing too horrible was left.
Here’s a list of every type of Markdown change I had to make. It’s very possible these are all extremely specific to me but it took me a long time to figure them all out so maybe this will be helpful to one other person who finds this in the future.
This doesn’t work anymore (it doesn’t expand the link):
<small>
[a link](https://example.com)
</small>
I need to do this instead:
<small>
[a link](https://example.com)
</small>
This works too:
<small> [a link](https://example.com) </small>
<< is changed into «I didn’t want this so I needed to configure:
markup:
goldmark:
extensions:
typographer:
leftAngleQuote: '<<'
rightAngleQuote: '>>'
This doesn’t render as a nested list anymore if I only indent by 2 spaces, I need to put 4 spaces.
1. a
* b
* c
2. b
The problem is that the amount of indent needed depends on the size of the list markers. Here’s a reference in CommonMark for this.
Previously the > quote here didn’t render as a blockquote, and with the new renderer it does.
* something
> quote
* something else
I found a bunch of Markdown that had been kind of broken (which I hadn’t noticed) that works better with the new renderer, and this is an example of that.
Lists inside blockquotes also seem to work better.
Previously this didn’t render as a heading, but now it does. So I needed to
replace the # with #.
* # passengers: 20
+ or 1) at the beginning of the line makes it a listI had something which looked like this:
`1 / (1
+ exp(-1)) = 0.73`
With Blackfriday it rendered like this:
<p><code>1 / (1
+ exp(-1)) = 0.73</code></p>
and with Goldmark it rendered like this:
<p>`1 / (1</p>
<ul>
<li>exp(-1)) = 0.73`</li>
</ul>
Same thing if there was an accidental 1) at the beginning of a line, like in this Markdown snippet
I set up a small Hadoop cluster (1 master, 2 workers, replication set to
1) on
To fix this I just had to rewrap the line so that the + wasn’t the first character.
The Markdown is formatted this way because I wrap my Markdown to 80 characters a lot and the wrapping isn’t very context sensitive.
There were a bunch of places where the old renderer (Blackfriday) was doing
unwanted things in code blocks like replacing ... with … or replacing
quotes with smart quotes. I hadn’t realized this was happening and I was very
happy to have it fixed.
The way this gets rendered got better:
"Oh, *interesting*!"
Before there were two left smart quotes, now the quotes match.
p tagPreviously if I had an image like this:
<img src="https://jvns.ca/images/rustboot1.png">
it would get wrapped in a <p> tag, now it doesn’t anymore. I dealt with this
just by adding a margin-bottom: 0.75em to images in the CSS, hopefully
that’ll make them display well enough.
<br> is now wrapped in a p tagPreviously this wouldn’t get wrapped in a p tag, but now it seems to:
<br><br>
I just gave up on fixing this though and resigned myself to maybe having some extra space in some cases. Maybe I’ll try to fix it later if I feel like another yakshave.
I also needed to
Here’s what I needed to add to my config.yaml to do all that:
markup:
highlight:
codeFences: false
goldmark:
renderer:
unsafe: true
parser:
autoHeadingIDType: blackfriday
Maybe I’ll try to get syntax highlighting working one day, who knows. I might prefer having it off though.
I also wrote a little program to compare the Blackfriday and Goldmark output for various markdown snippets, here it is in a gist.
It’s not really configured the exact same way Blackfriday and Goldmark were in my Hugo versions, but it was still helpful to have to help me understand what was going on.
My approach to themes in Hugo has been:
So I just need to edit the theme files to fix any problems. Also I wrote a lot of the theme myself so I’m pretty familiar with how it works.
Relying on someone else to keep a theme updated feels kind of scary to me, I think if I were using a third-party theme I’d just copy the code into my site’s github repo and then maintain it myself.
I asked on Mastodon if anyone had used a static site generator with good backwards compatibility.
The main answers seemed to be Jekyll and 11ty. Several people said they’d been using Jekyll for 10 years without any issues, and 11ty says it has stability as a core goal.
I think a big factor in how appealing Jekyll/11ty are is how easy it is for you to maintain a working Ruby / Node environment on your computer: part of the reason I stopped using Jekyll was that I got tired of having to maintain a working Ruby installation. But I imagine this wouldn’t be a problem for a Ruby or Node developer.
Several people said that they don’t build their Jekyll site locally at all – they just use GitHub Pages to build it.
Overall I’ve been happy with Hugo – I started using it because it had fast build times and it was a static binary, and both of those things are still extremely useful to me. I might have spent 10 hours on this upgrade, but I’ve probably spent 1000+ hours writing blog posts without thinking about Hugo at all so that seems like an extremely reasonable ratio.
I find it hard to be too mad about the backwards incompatible changes, most of
them were quite a long time ago, Hugo does a great job of making their old
releases available so you can use the old release if you want, and the most
difficult one is removing support for the blackfriday Markdown renderer in
favour of using something CommonMark-compliant which seems pretty reasonable to
me even if it is a huge pain.
But it did take a long time and I don’t think I’d particularly recommend moving 700 blog posts to a new Markdown renderer unless you’re really in the mood for a lot of computer suffering for some reason.
The new renderer did fix a bunch of problems so I think overall it might be a good thing, even if I’ll have to remember to make 2 changes to how I write Markdown (4.1 and 4.3).
Also I’m still using Hugo 0.54 for https://wizardzines.com so maybe these notes will be useful to Future Me if I ever feel like upgrading Hugo for that site.
Hopefully I didn’t break too many things on the blog by doing this, let me know if you see anything broken!
Yesterday I was thinking about how long it took me to get a colorscheme in my terminal that I was mostly happy with (SO MANY YEARS), and it made me wonder what about terminal colours made it so hard.
So I asked people on Mastodon what problems they’ve run into with colours in the terminal, and I got a ton of interesting responses! Let’s talk about some of the problems and a few possible ways to fix them.
One of the top complaints was “blue on black is hard to read”. Here’s an
example of that: if I open Terminal.app, set the background to black, and run
ls, the directories are displayed in a blue that isn’t that easy to read:
To understand why we’re seeing this blue, let’s talk about ANSI colours!
Your terminal has 16 numbered colours – black, red, green, yellow, blue, magenta, cyan, white, and “bright” version of each of those.
Programs can use them by printing out an “ANSI escape code” – for example if you want to see each of the 16 colours in your terminal, you can run this Python program:
def color(num, text):
return f"\033[38;5;{num}m{text}\033[0m"
for i in range(16):
print(color(i, f"number {i:02}"))
This made me wonder – if blue is colour number 5, who decides what hex color that should correspond to?
The answer seems to be “there’s no standard, terminal emulators just choose colours and it’s not very consistent”. Here’s a screenshot of a table from Wikipedia, where you can see that there’s a lot of variation:
Bright yellow on white is even worse than blue on black, here’s what I get in a terminal with the default settings:
That’s almost impossible to read (and some other colours like light green cause similar issues), so let’s talk about solutions!
If you’re annoyed by these colour contrast issues (or maybe you just think the default ANSI colours are ugly), you might think – well, I’ll just choose a different “blue” and pick something I like better!
There are two ways you can do this:
Way 1: Configure your terminal emulator: I think most modern terminal emulators have a way to reconfigure the colours, and some of them even come with some preinstalled themes that you might like better than the defaults.
Way 2: Run a shell script: There are ANSI escape codes that you can print
out to tell your terminal emulator to reconfigure its colours. Here’s a shell script that does that,
from the base16-shell project.
You can see that it has a few different conventions for changing the colours –
I guess different terminal emulators have different escape codes for changing
their colour palette, and so the script is trying to pick the right style of
escape code based on the TERM environment variable.
I prefer to use the “shell script” method, because:
some advantages of configuring colours in your terminal emulator:
This is what my shell has looked like for probably the last 5 years (using the
solarized light base16 theme), and I’m pretty happy with it. Here’s htop:
Okay, so let’s say you’ve found a terminal colorscheme that you like. What else can go wrong?
Here’s what some output of fd, a find alternative, looks like in my
colorscheme:
The contrast is pretty bad here, and I definitely don’t have that lime green in my normal colorscheme. What’s going on?
We can see what color codes fd is using using the unbuffer program to
capture its output including the color codes:
$ unbuffer fd . > out
$ vim out
^[[38;5;48mbad-again.sh^[[0m
^[[38;5;48mbad.sh^[[0m
^[[38;5;48mbetter.sh^[[0m
out
^[[38;5;48 means “set the foreground color to color 48”. Terminals don’t
only have 16 colours – many terminals these days actually have 3 ways of
specifying colours:
#ffea03So fd is using one of the colours from the extended 256-color set. bat (a
cat alternative) does something similar – here’s what it looks like by
default in my terminal.
This looks fine though and it really seems like it’s trying to work well with a variety of terminal themes.
I think it’s interesting that some of these newer terminal tools (fd, cat,
delta, and probably more) have support for arbitrary custom themes. I guess
the downside of this approach is that the default theme might clash with your
terminal’s background, but the upside is that it gives you a lot more control
over theming the tool’s output than just choosing 16 ANSI colours.
I don’t really use bat, but if I did I’d probably use bat --theme ansi to
just use the ANSI colours that I have set in my normal terminal colorscheme.
A bunch of people on Mastodon mentioned a specific issue with grays in the Solarized theme: when I list a directory, the base16 Solarized Light theme looks like this:
but iTerm’s default Solarized Light theme looks like this:
This is because in the iTerm theme (which is the original Solarized design), colors 9-14 (the “bright blue”, “bright
red”, etc) are mapped to a series of grays, and when I run ls, it’s trying to
use those “bright” colours to color my directories and executables.
My best guess for why the original Solarized theme is designed this way is to make the grays available to the vim Solarized colorscheme.
I’m pretty sure I prefer the modified base16 version I use where the “bright” colours are actually colours instead of all being shades of gray though. (I didn’t actually realize the version I was using wasn’t the “original” Solarized theme until I wrote this post)
In any case I really love Solarized and I’m very happy it exists so that I can use a modified version of it.
If I my vim theme has a different background colour than my terminal theme, I get this ugly border, like this:
This one is a pretty minor issue though and I think making your terminal background match your vim background is pretty straightforward.
A few people mentioned problems with terminal applications setting an unwanted background colour, so let’s look at an example of that.
Here ngrok has set the background to color #16 (“black”), but the
base16-shell script I use sets color 16 to be bright orange, so I get this,
which is pretty bad:
I think the intention is for ngrok to look something like this:
I think base16-shell sets color #16 to orange (instead of black)
so that it can provide extra colours for use by base16-vim.
This feels reasonable to me – I use base16-vim in the terminal, so I guess I’m
using that feature and it’s probably more important to me than ngrok (which I
rarely use) behaving a bit weirdly.
This particular issue is a maybe obscure clash between ngrok and my colorschem, but I think this kind of clash is pretty common when a program sets an ANSI background color that the user has remapped for some reason.
A bunch of terminals (iTerm2, tabby, kitty’s text_fg_override_threshold, and folks tell me also Ghostty and Windows Terminal) have a “minimum contrast” feature that will automatically adjust colours to make sure they have enough contrast.
Here’s an example from iTerm. This ngrok accident from before has pretty bad contrast, I find it pretty difficult to read:
With “minimum contrast” set to 40 in iTerm, it looks like this instead:
I didn’t have minimum contrast turned on before but I just turned it on today because it makes such a big difference when something goes wrong with colours in the terminal.
TERM being set to the wrong thingA few people mentioned that they’ll SSH into a system that doesn’t support the
TERM environment variable that they have set locally, and then the colours
won’t work.
I think the way TERM works is that systems have a terminfo database, so if
the value of the TERM environment variable isn’t in the system’s terminfo
database, then it won’t know how to output colours for that terminal. I don’t
know too much about terminfo, but someone linked me to this terminfo rant that talks about a few other
issues with terminfo.
I don’t have a system on hand to reproduce this one so I can’t say for sure how
to fix it, but this stackoverflow question
suggests running something like TERM=xterm ssh instead of ssh.
A couple of problems people mentioned with designing / finding terminal colorschemes:
Another problem people mentioned is using a program like nethack or midnight commander which you might expect to have a specific colourscheme based on the default ANSI terminal colours.
For example, midnight commander has a really specific classic look:
But in my Solarized theme, midnight commander looks like this:
The Solarized version feels like it could be disorienting if you’re very used to the “classic” look.
One solution Simon Tatham mentioned to this is using some palette customization ANSI codes (like the ones base16 uses that I talked about earlier) to change the color palette right before starting the program, for example remapping yellow to a brighter yellow before starting Nethack so that the yellow characters look better.
If I run fd | less, I see something like this, with the colours disabled.
In general I find this useful – if I pipe a command to grep, I don’t want it
to print out all those color escape codes, I just want the plain text. But what if you want to see the colours?
To see the colours, you can run unbuffer fd | less -r! I just learned about
unbuffer recently and I think it’s really cool, unbuffer opens a tty for the
command to write to so that it thinks it’s writing to a TTY. It also fixes
issues with programs buffering their output when writing to a pipe, which is
why it’s called unbuffer.
Here’s what the output of unbuffer fd | less -r looks like for me:
Also some commands (including fd) support a --color=always flag which will
force them to always print out the colours.
ls and other commandsSome people mentioned that they don’t want ls to use colour at all, perhaps
because ls uses blue, it’s hard to read on black, and maybe they don’t feel like
customizing their terminal’s colourscheme to make the blue more readable or
just don’t find the use of colour helpful.
Some possible solutions to this one:
ls --color=never, which is probably easiestLS_COLORS to customize the colours used by ls. I think some other programs other than ls support the LS_COLORS environment variable too.NO_COLOR=true (there’s a list here)Here’s an example of running LS_COLORS="fi=0:di=0:ln=0:pi=0:so=0:bd=0:cd=0:or=0:ex=0" ls:
I used to have a lot of problems with configuring my colours in vim – I’d set up my terminal colours in a way that I thought was okay, and then I’d start vim and it would just be a disaster.
I think what was going on here is that today, there are two ways to set up a vim colorscheme in the terminal:
20 years ago when I started using vim, terminals with 24-bit hex color support were a lot less common (or maybe they didn’t exist at all), and vim certainly didn’t have support for using 24-bit colour in the terminal. From some quick searching through git, it looks like vim added support for 24-bit colour in 2016 – just 8 years ago!
So to get colours to work properly in vim before 2016, you needed to synchronize
your terminal colorscheme and your vim colorscheme. Here’s what that looked like,
the colorscheme needed to map the vim color classes like cterm05 to ANSI colour numbers.
But in 2024, the story is really different! Vim (and Neovim, which I use now)
support 24-bit colours, and as of Neovim 0.10 (released in May 2024), the
termguicolors setting (which tells Vim to use 24-bit hex colours for
colorschemes) is turned on by default in any terminal with 24-bit
color support.
So this “you need to synchronize your terminal colorscheme and your vim colorscheme” problem is not an issue anymore for me in 2024, since I don’t plan to use terminals without 24-bit color support in the future.
The biggest consequence for me of this whole thing is that I don’t need base16
to set colors 16-21 to weird stuff anymore to integrate with vim – I can just
use a terminal theme and a vim theme, and as long as the two themes use similar
colours (so it’s not jarring for me to switch between them) there’s no problem.
I think I can just remove those parts from my base16 shell script and totally
avoid the problem with ngrok and the weird orange background I talked about
above.
I think there are a lot of issues around the intersection of multiple programs, like using some combination tmux/ssh/vim that I couldn’t figure out how to reproduce well enough to talk about them. Also I’m sure I missed a lot of other things too.
I’ve personally had a lot of success with using
base16-shell with
base16-vim – I just need to add a couple of lines to my
fish config to set it up (+ a few .vimrc lines) and then I can move on and
accept any remaining problems that that doesn’t solve.
I don’t think base16 is for everyone though, some limitations I’m aware of with base16 that might make it not work for you:
base16-vim
access to more colours, which might not be relevant if you always use a
terminal with 24-bit color support, and can cause problems like the ngrok
issue aboveApparently there’s a community fork of base16 called tinted-theming, which I haven’t looked into much yet.
Just one so far but I’ll link more if people tell me about them:
We talked about a lot in this post and while I think learning about all these details is kind of fun if I’m in the mood to do a deep dive, I find it SO FRUSTRATING to deal with it when I just want my colours to work! Being surprised by unreadable text and having to find a workaround is just not my idea of a good day.
Personally I’m a zero-configuration kind of person and it’s not that appealing to me to have to put together a lot of custom configuration just to make my colours in the terminal look acceptable. I’d much rather just have some reasonable defaults that I don’t have to change.
My one big takeaway from writing this was to turn on “minimum contrast” in my terminal, I think it’s going to fix most of the occasional accidental unreadable text issues I run into and I’m pretty excited about it.
I spent a lot of time in the past couple of weeks working on a website in Go that may or may not ever see the light of day, but I learned a couple of things along the way I wanted to write down. Here they are:
I’ve never felt motivated to learn any of the Go routing libraries (gorilla/mux, chi, etc), so I’ve been doing all my routing by hand, like this.
// DELETE /records:
case r.Method == "DELETE" && n == 1 && p[0] == "records":
if !requireLogin(username, r.URL.Path, r, w) {
return
}
deleteAllRecords(ctx, username, rs, w, r)
// POST /records/<ID>
case r.Method == "POST" && n == 2 && p[0] == "records" && len(p[1]) > 0:
if !requireLogin(username, r.URL.Path, r, w) {
return
}
updateRecord(ctx, username, p[1], rs, w, r)
But apparently as of Go 1.22, Go now has better support for routing in the standard library, so that code can be rewritten something like this:
mux.HandleFunc("DELETE /records/", app.deleteAllRecords)
mux.HandleFunc("POST /records/{record_id}", app.updateRecord)
Though it would also need a login middleware, so maybe something more like
this, with a requireLogin middleware.
mux.Handle("DELETE /records/", requireLogin(http.HandlerFunc(app.deleteAllRecords)))
One annoying gotcha I ran into was: if I make a route for /records/, then a
request for /records will be redirected to /records/.
I ran into an issue with this where sending a POST request to /records
redirected to a GET request for /records/, which broke the POST request
because it removed the request body. Thankfully Xe Iaso wrote a blog post about the exact same issue which made it
easier to debug.
I think the solution to this is just to use API endpoints like POST /records
instead of POST /records/, which seems like a more normal design anyway.
I got a little bit tired of writing so much boilerplate for my SQL queries, but I didn’t really feel like learning an ORM, because I know what SQL queries I want to write, and I didn’t feel like learning the ORM’s conventions for translating things into SQL queries.
But then I found sqlc, which will compile a query like this:
-- name: GetVariant :one
SELECT *
FROM variants
WHERE id = ?;
into Go code like this:
const getVariant = `-- name: GetVariant :one
SELECT id, created_at, updated_at, disabled, product_name, variant_name
FROM variants
WHERE id = ?
`
func (q *Queries) GetVariant(ctx context.Context, id int64) (Variant, error) {
row := q.db.QueryRowContext(ctx, getVariant, id)
var i Variant
err := row.Scan(
&i.ID,
&i.CreatedAt,
&i.UpdatedAt,
&i.Disabled,
&i.ProductName,
&i.VariantName,
)
return i, err
}
What I like about this is that if I’m ever unsure about what Go code to write for a given SQL query, I can just write the query I want, read the generated function and it’ll tell me exactly what to do to call it. It feels much easier to me than trying to dig through the ORM’s documentation to figure out how to construct the SQL query I want.
Reading Brandur’s sqlc notes from 2024 also gave me some confidence that this is a workable path for my tiny programs. That post gives a really helpful example of how to conditionally update fields in a table using CASE statements (for example if you have a table with 20 columns and you only want to update 3 of them).
Someone on Mastodon linked me to this post called Optimizing sqlite for servers. My projects are small and I’m not so concerned about performance, but my main takeaways were:
db.SetMaxOpenConns(1) on it. I learned the hard way that if I don’t do this
then I’ll get SQLITE_BUSY errors from two threads trying to write to the db
at the same time.There are a more tips in that post that seem useful (like “COUNT queries are slow” and “Use STRICT tables”), but I haven’t done those yet.
Also sometimes if I have two tables where I know I’ll never need to do a JOIN
beteween them, I’ll just put them in separate databases so that I can connect
to them independently.
I run all of my Go projects in VMs with relatively little memory, like 256MB or 512MB. I ran into an issue where my application kept getting OOM killed and it was confusing – did I have a memory leak? What?
After some Googling, I realized that maybe I didn’t have a memory leak, maybe I just needed to reconfigure the garbage collector! It turns out that by default (according to A Guide to the Go Garbage Collector), Go’s garbage collector will let the application allocate memory up to 2x the current heap size.
Mess With DNS’s base heap size is around 170MB and the amount of memory free on the VM is around 160MB right now, so if its memory doubled, it’ll get OOM killed.
In Go 1.19, they added a way to tell Go “hey, if the application starts using this much memory, run a GC”. So I set the GC memory limit to 250MB and it seems to have resulted in the application getting OOM killed less often:
export GOMEMLIMIT=250MiB
I’ve been making tiny websites (like the nginx playground) in Go on and off for the last 4 years or so and it’s really been working for me. I think I like it because:
apt-get install golang-go or whatever and then a go build will build my projectServe(w http.ResponseWriter, r *http.Request) which read the request and send a response. If I need to
remember some detail of how exactly that’s accomplished, I just have to read
the function!net/http is in the standard library, so you can start making websites
without installing any libraries at all. I really appreciate this one.ioctl or
something that’s easy to doIn general everything about it feels like it makes projects easy to work on for 5 days, abandon for 2 years, and then get back into writing code without a lot of problems.
For contrast, I’ve tried to learn Rails a couple of times and I really want to love Rails – I’ve made a couple of toy websites in Rails and it’s always felt like a really magical experience. But ultimately when I come back to those projects I can’t remember how anything works and I just end up giving up. It feels easier to me to come back to my Go projects that are full of a lot of repetitive boilerplate, because at least I can read the code and figure out how it works.
some things I haven’t done much of yet in Go:
html/template a lot in Hugo (which I’ve used for this blog for the last 8 years)
but I’m still not sure how I feel about it.In general I’m not sure how to implement security-sensitive features so I don’t start projects which need login/CSRF/etc. I imagine this is where a framework would help.
Both of the Go features I mentioned in this post (GOMEMLIMIT and the routing)
are new in the last couple of years and I didn’t notice when they came out. It
makes me think I should pay closer attention to the release notes for new Go
versions.
I wrote about how much I love fish in this blog post from 2017 and, 7 years of using it every day later, I’ve found even more reasons to love it. So I thought I’d write a new post with both the old reasons I loved it and some reasons.
This came up today because I was trying to figure out why my terminal doesn’t break anymore when I cat a binary to my terminal, the answer was “fish fixes the terminal!”, and I just thought that was really nice.
In 10 years of using fish I have never found a single thing I wanted to configure. It just works the way I want. My fish config file just has:
alias ls eza, alias vim nvim, etc)direnv hook fish | source to integrate a tool like direnvI’ve been told that configuring things in fish is really easy if you ever do want to configure something though.
My absolute favourite thing about fish is that I type, it’ll automatically suggest (in light grey) a matching command that I ran recently. I can press the right arrow key to accept the completion, or keep typing to ignore it.
Here’s what that looks like. In this example I just typed the “v” key and it guessed that I want to run the previous vim command again.
One of my favourite subtle autocomplete features is how fish handles autocompleting commands that contain paths in them. For example, if I run:
$ ls blah.txt
that command will only be autocompleted in directories that contain blah.txt – it won’t show up in a different directory. (here’s a short comment about how it works)
As an example, if in this directory I type bash scripts/, it’ll only suggest
history commands including files that actually exist in my blog’s scripts
folder, and not the dozens of other irrelevant scripts/ commands I’ve run in
other folders.
I didn’t understand exactly how this worked until last week, it just felt like fish was magically able to suggest the right commands. It still feels a little like magic and I love it.
If I copy and paste multiple lines, bash will run them all, like this:
[bork@grapefruit linux-playground (main)]$ echo hi
hi
[bork@grapefruit linux-playground (main)]$ touch blah
[bork@grapefruit linux-playground (main)]$ echo hi
hi
This is a bit alarming – what if I didn’t actually want to run all those commands?
Fish will paste them all at a single prompt, so that I can press Enter if I actually want to run them. Much less scary.
bork@grapefruit ~/work/> echo hi
touch blah
echo hi
If I run ls and press tab, it’ll display all the filenames in a nice grid. I can use either Tab, Shift+Tab, or the arrow keys to navigate the grid.
Also, I can tab complete from the middle of a filename – if the filename starts with a weird character (or if it’s just not very unique), I can type some characters from the middle and press tab.
Here’s what the tab completion looks like:
bork@grapefruit ~/work/> ls
api/ blah.py fly.toml README.md
blah Dockerfile frontend/ test_websocket.sh
I honestly don’t complete things other than filenames very much so I can’t speak to that, but I’ve found the experience of tab completing filenames to be very good.
Fish’s default prompt includes everything I want:
Here’s a screenshot with a few different variations on the default prompt,
including if the last command was interrupted (the SIGINT) or failed.
In bash, the maximum history size is 500 by default, presumably because computers used to be slow and not have a lot of disk space. Also, by default, commands don’t get added to your history until you end your session. So if your computer crashes, you lose some history.
In fish:
I’m not sure how clearly I’m explaining how fish’s history system works here, but it feels really good to me in practice. My impression is that the way it’s implemented is the commands are continually added to the history file, but fish only loads the history file once, on startup.
I’ll mention here that if you want to have a fancier history system in another shell it might be worth checking out atuin or fzf.
I also like fish’s interface for searching history: for example if I want to edit my fish config file, I can just type:
$ config.fish
and then press the up arrow to go back the last command that included config.fish. That’ll complete to:
$ vim ~/.config/fish/config.fish
and I’m done. This isn’t so different from using Ctrl+R in bash to search
your history but I think I like it a little better over all, maybe because
Ctrl+R has some behaviours that I find confusing (for example you can
end up accidentally editing your history which I don’t like).
I used to run into issues with bash where I’d accidentally cat a binary to
the terminal, and it would break the terminal.
Every time fish displays a prompt, it’ll try to fix up your terminal so that you don’t end up in weird situations like this. I think this is some of the code in fish to prevent broken terminals.
Some things that it does are:
echo so that you can see the characters you typeI don’t think I’ve run into any of these “my terminal is broken” issues in a very long time, and I actually didn’t even realize that this was because of fish – I thought that things somehow magically just got better, or maybe I wasn’t making as many mistakes. But I think it was mostly fish saving me from myself, and I really appreciate that.
Also related to terminals breaking: fish disables Ctrl+S (which freezes your terminal and then you need to remember to press Ctrl+Q to unfreeze it). It’s a feature that I’ve never wanted and I’m happy to not have it.
Apparently you can disable Ctrl+S in other shells with stty -ixon.
By default commands that don’t exist are highlighted in red, like this.
I find the loop syntax in fish a lot easier to type than the bash syntax. It looks like this:
for i in *.yaml
echo $i
end
Also it’ll add indentation in your loops which is nice.
Related to loops: you can edit multiline commands much more easily than in bash (just use the arrow keys to navigate the multiline command!). Also when you use the up arrow to get a multiline command from your history, it’ll show you the whole command the exact same way you typed it instead of squishing it all onto one line like bash does:
$ bash
$ for i in *.png
> do
> echo $i
> done
$ # press up arrow
$ for i in *.png; do echo $i; done ink
This might just be me, but I really appreciate that fish has the Ctrl+left arrow / Ctrl+right arrow keyboard shortcut for moving between
words when writing a command.
I’m honestly a bit confused about where this keyboard shortcut is coming from
(the only documented keyboard shortcut for this I can find in fish is Alt+left arrow / Alt + right arrow which seems to do the same thing), but I’m pretty
sure this is a fish shortcut.
A couple of notes about getting this shortcut to work / where it comes from:
Ctrl+left arrow switches workspaces by default, so I had to turn
that off./etc/inputrc to make
Ctrl+left/right arrow go back/forward a word, so it’ll work in bash on
Ubuntu and maybe other Linux distros too. Here’s a stack overflow question talking about thatSometimes tools don’t have instructions for integrating them with fish. That’s annoying, but:
bash or zshMy biggest day-to-day to annoyance is probably that for whatever reason I’m
still not used to fish’s syntax for setting environment variables, I get confused
about set vs set -x.
fish_add_pathfish has a function called fish_add_path that you can run to add a directory
to your PATH like this:
fish_add_path /some/directory
I love the idea of it and I used to use it all the time, but I’ve stopped using it for two reasons:
fish_add_path will update the PATH for every session in the
future (with a “universal variable”) and sometimes it will update the PATH
just for the current session. It’s hard for me to tell which one it will
do: in theory the docs explain this but I could not understand them.PATH a few weeks or
months later because maybe you made a mistake, that’s also kind of hard to do
(there are instructions in this comments of this github issue though).Instead I just update my PATH like this, similarly to how I’d do it in bash:
set PATH $PATH /some/directory/bin
When I started using fish, you couldn’t do things like cmd1 && cmd2 – it
would complain “no, you need to run cmd1; and cmd2” instead.
It seems like over the years fish has started accepting a little more POSIX-style syntax than it used to, like:
cmd1 && cmd2export a=b to set an environment variable (though this seems a bit limited, you can’t do export PATH=$PATH:/whatever so I think it’s probably better to learn set instead)Changing my default shell to fish is always a little annoying, I occasionally get myself into a situation where
/home/bork/.nix-stuff/bin/fish/etc/shells as an allowed shellchshThis has never been a major issue because I always have a terminal open somewhere where I can fix the problem and rescue myself, but it’s a bit alarming.
If you don’t want to use chsh to change your shell to fish (which is very reasonable,
maybe I shouldn’t be doing that), the Arch wiki page has a couple of good suggestions –
either configure your terminal emulator to run fish or add an exec fish to
your .bashrc.
Other than occasionally writing a for loop interactively on the command line, I’ve never really learned the fish scripting language. I still do all of my shell scripting in bash.
I don’t think I’ve ever written a fish function or if statement.
I ran a highly unscientific poll on Mastodon asking people what shell they use interactively. The results were (of 2600 responses):
I think 16% for fish is pretty remarkable, since (as far as I know) there isn’t any system where fish is the default shell, and my sense is that it’s very common to just stick to whatever your system’s default shell is.
It feels like a big achievement for the fish project, even if maybe my Mastodon followers are more likely than the average shell user to use fish for some reason.
Fish definitely isn’t for everyone. I think I like it because:
(seq 1 10) to run a command
instead of backticks or using set instead of exportMaybe you’re also a person who would like fish! I hope a few more of the people who fish is for can find it, because I spend so much of my time in the terminal and it’s made that time much more pleasant.
I just did a massive spring cleaning of one of my servers, trying to clean up what has become quite the mess of clutter. For every website on the server, I either:
It feels good to get rid of old code, and to turn previously dynamic sites (with all of the risk they come with) into plain HTML.
This is also making me seriously reconsider the value of spinning up any new projects. Several of these are now 10 years old, still churning along fine, but difficult to do any maintenance on because of versions and dependencies. For example:
One that I'm particularly happy with, despite it being an ugly pile of PHP, is oauth.net. I inherited this site in 2012, and it hasn't needed any framework upgrades since it's just using PHP templates. My ham radio website w7apk.com is similarly a small amount of templated PHP, and it is low stress to maintain, and actually fun to quickly jot some notes down when I want. I like not having to go through the whole ceremony of setting up a dev environment, installing dependencies, upgrading things to the latest version, checking for backwards incompatible changes, git commit, deploy, etc. I can just sftp some changes up to the server and they're live.
Some questions for myself for the future, before starting a new project:
One project I've been committed to maintaining and doing regular (ok fine, "semi-regular") updates for is Meetable, the open source events website that I run on a few domains:
I started this project in October 2019, excited for all the IndieWebCamps we were going to run in 2020. Somehow that is already 5 years ago now. Well that didn't exactly pan out, but I did quickly pivot it to add a bunch of features that are helpful for virtual events, so it worked out ok in the end. We've continued to use it for posting IndieWeb events, and I also run an instance for two IETF working groups. I'd love to see more instances pop up, I've only encountered one or two other ones in the wild. I even spent a significant amount of time on the onboarding flow so that it's relatively easy to install and configure. I even added passkeys for the admin login so you don't need any external dependencies on auth providers. It's a cool project if I may say so myself.
Anyway, this is not a particularly well thought out blog post, I just wanted to get my thoughts down after spending all day combing through the filesystem of my web server and uncovering a lot of ancient history.
About 3 years ago, I announced Mess With DNS in this blog post, a playground where you can learn how DNS works by messing around and creating records.
I wasn’t very careful with the DNS implementation though (to quote the release blog post: “following the DNS RFCs? not exactly”), and people started reporting problems that eventually I decided that I wanted to fix.
Some of the problems people have reported were:
And there are certainly more issues that nobody got around to reporting, for example that if you added an NS record for a subdomain to delegate it, Mess With DNS wouldn’t handle the delegation properly.
I wasn’t sure how to fix these problems for a long time – technically I could have started addressing them individually, but it felt like there were a million edge cases and I’d never get there.
But then one day I was chatting with someone else who was working on a DNS server and they said they were using PowerDNS: an open source DNS server with an HTTP API!
This seemed like an obvious solution to my problems – I could just swap out my own crappy DNS implementation for PowerDNS.
There were a couple of challenges I ran into when setting up PowerDNS that I’ll talk about here. I really don’t do a lot of web development and I think I’ve never built a website that depends on a relatively complex API before, so it was a bit of a learning experience.
One of the main things Mess With DNS does is give you a live view of every DNS query it receives for your subdomain, using a websocket. To make this work, it needs to intercept every DNS query before they it gets sent to the PowerDNS DNS server:
There were 2 options I could think of for how to intercept the DNS queries:
dnsdist (a DNS load balancer from the PowerDNS project) has
support for logging all DNS queries it receives using
dnstap, so I could put dnsdist in front of PowerDNS
and then log queries that wayI originally implemented option #1, but for some reason there was a 1 second delay before every query got logged. I couldn’t figure out why, so I implemented my own very simple proxy instead.
The frontend used to have a lot of DNS logic in it – it converted emoji domain
names to ASCII using punycode, had a lookup table to convert numeric DNS query
types (like 1) to their human-readable names (like A), did a little bit of
validation, and more.
Originally I considered keeping this pattern and just giving the frontend (more or less) direct access to the PowerDNS API to create and delete, but writing even more complex code in Javascript didn’t feel that appealing to me – I don’t really know how to write tests in Javascript and it seemed like it wouldn’t end well.
So I decided to take all of the DNS logic out of the frontend and write a new DNS API for managing records, shaped something like this:
GET /recordsDELETE /records/<ID>DELETE /records/ (delete all records for a user)POST /records/ (create record)POST /records/<ID> (update record)This meant that I could actually write tests for my code, since the backend is in Go and I do know how to write tests in Go.
I had this idea that APIs shouldn’t return duplicate information – for example if I get a DNS record, it should only include a given piece of information once.
But I ran into a problem with that idea when displaying MX records: an MX record has 2 fields, “preference”, and “mail server”. And I needed to display that information in 2 different ways on the frontend:
10 and mail.example.com)10 mail.example.com)This is kind of a small problem, but it came up in a few different places.
I talked to my friend Marco Rogers about this, and based on some advice from him I realized that I could return the same information in the API in 2 different ways! Then the frontend just has to display it. So I started just returning duplicate information in the API, something like this:
{
values: {'Preference': 10, 'Server': 'mail.example.com'},
content: '10 mail.example.com',
...
}
I ended up using this pattern in a couple of other places where I needed to display the same information in 2 different ways and it was SO much easier.
I think what I learned from this is that if I’m making an API that isn’t intended for external use (there are no users of this API other than the frontend!), I can tailor it very specifically to the frontend’s needs and that’s okay.
In Mess With DNS (and I think in most DNS user interfaces!), you create, add, and delete records.
But that’s not how the PowerDNS API works. In PowerDNS, you create a zone, which is made of record sets. Records don’t have any ID in the API at all.
I ended up solving this by generate a fake ID for each records which is made of:
For example one record’s ID is brooch225.messwithdns.com.|NS|bnMxLm1lc3N3aXRoZG5zLmNvbS4=
Then I can search through the zone and find the appropriate record to update it.
This means that if you update a record then its ID will change which isn’t usually what I want in an ID, but that seems fine.
I think the error messages that the PowerDNS API returns aren’t really intended to be shown to end users, for example:
Name 'new\032site.island358.messwithdns.com.' contains unsupported characters (this error encodes the space as \032, which is a bit disorienting if you don’t know that the space character is 32 in ASCII)RRset test.pear5.messwithdns.com. IN CNAME: Conflicts with pre-existing RRset (this talks about RRsets, which aren’t a concept that the Mess With DNS UI has at all)Record orange.beryl5.messwithdns.com./A '1.2.3.4$': Parsing record content (try 'pdnsutil check-zone'): unable to parse IP address, strange character: $ (mentions “pdnsutil”, a utility which Mess With DNS’s users don’t have
access to in this context)I ended up handling this in two ways:
Invalid IPv4 address: "1.2.3.4$Sometimes users will still get errors from PowerDNS directly, but I added some logging of all the errors that users see, so hopefully I can review them and add extra translations if there are other common errors that come up.
I think what I learned from this is that if I’m building a user-facing application on top of an API, I need to be pretty thoughtful about how I resurface those errors to users.
Previously Mess With DNS was using a Postgres database. This was problematic
because I only gave the Postgres machine 256MB of RAM, which meant that the
database got OOM killed almost every single day. I never really worked out
exactly why it got OOM killed every day, but that’s how it was. I spent some
time trying to tune Postgres’ memory usage by setting the max connections /
work-mem / maintenance-work-mem and it helped a bit but didn’t solve the
problem.
So for this refactor I decided to use SQLite instead, because the website doesn’t really get that much traffic. There are some choices involved with using SQLite, and I decided to:
db.SetMaxOpenConns(1) to make sure that we only open 1 connection to
the database at a time, to prevent SQLITE_BUSY errors from two threads
trying to access the database at the same time (just setting WAL mode didn’t
work)I still haven’t set up backups, though I don’t think my Postgres database had backups either. I think I’m unlikely to use litestream for backups – Mess With DNS is very far from a critical application, and I think daily backups that I could recover from in case of a disaster are more than good enough.
This has nothing to do with PowerDNS but I decided to upgrade Vue.js from version 2 to 3 as part of this refresh. The main problem with that is that the form validation library I was using (FormKit) completely changed its API between Vue 2 and Vue 3, so I decided to just stop using it instead of learning the new API.
I ended up switching to some form validation tools that are built into the
browser like required and oninvalid (here’s the code).
I think it could use some of improvement, I still don’t understand forms very well.
This also has nothing to do with PowerDNS, but when modifying the frontend I realized that my state management in the frontend was a mess – in every place where I made an API request to the backend, I had to try to remember to add a “refresh records” call after that in every place that I’d modified the state and I wasn’t always consistent about it.
With some more advice from Marco, I ended up implementing a single global state management store which stores all the state for the application, and which lets me create/update/delete records.
Then my components can just call store.createRecord(record), and the store
will automatically resynchronize all of the state as needed.
This project ended up having several steps because I reworked the whole integration between the frontend and the backend. I ended up splitting it into a few different phases:
I made sure that the website was (more or less) 100% working and then deployed it in between phases, so that the amount of changes I was managing at a time stayed somewhat under control.
I released the upgraded website a few days ago and it seems to work! The PowerDNS API has been great to work on top of, and I’m relieved that there’s a whole class of problems that I now don’t have to think about at all, other than potentially trying to make the error messages from PowerDNS a little clearer. Using PowerDNS has fixed a lot of the DNS issues that folks have reported in the last few years and it feels great.
If you run into problems with the new Mess With DNS I’d love to hear about them here.
I’ve been writing Go pretty casually for years – the backends for all of my playgrounds (nginx, dns, memory, more DNS) are written in Go, but many of those projects are just a few hundred lines and I don’t come back to those codebases much.
I thought I more or less understood the basics of the language, but this week I’ve been writing a lot more Go than usual while working on some upgrades to Mess with DNS, and ran into a bug that revealed I was missing a very basic concept!
Then I posted about this on Mastodon and someone linked me to this very cool site (and book) called 100 Go Mistakes and How To Avoid Them by Teiva Harsanyi. It just came out in 2022 so it’s relatively new.
I decided to read through the site to see what else I was missing, and found a couple of other misconceptions I had about Go. I’ll talk about some of the mistakes that jumped out to me the most, but really the whole 100 Go Mistakes site is great and I’d recommend reading it.
Here’s the initial mistake that started me on this journey:
Let’s say we have a struct:
type Thing struct {
Name string
}
and this code:
thing := Thing{"record"}
other_thing := thing
other_thing.Name = "banana"
fmt.Println(thing)
This prints “record” and not “banana” (play.go.dev link), because thing is copied when you
assign it to other_thing.
The bug I spent 2 hours of my life debugging last week was effectively this code (play.go.dev link):
type Thing struct {
Name string
}
func findThing(things []Thing, name string) *Thing {
for _, thing := range things {
if thing.Name == name {
return &thing
}
}
return nil
}
func main() {
things := []Thing{Thing{"record"}, Thing{"banana"}}
thing := findThing(things, "record")
thing.Name = "gramaphone"
fmt.Println(things)
}
This prints out [{record} {banana}] – because findThing returned a copy, we didn’t change the name in the original array.
This mistake is #30 in 100 Go Mistakes.
I fixed the bug by changing it to something like this (play.go.dev link), which returns a reference to the item in the array we’re looking for instead of a copy.
func findThing(things []Thing, name string) *Thing {
for i := range things {
if things[i].Name == name {
return &things[i]
}
}
return nil
}
When I learned that I was mistaken about how assignment worked in Go I was really taken aback, like – it’s such a basic fact about the language works! If I was wrong about that then what ELSE am I wrong about in Go????
My best guess for what happened is:
.clone() explicitly.
(though apparently structs will be automatically copied on assignment if the struct implements the Copy trait)When you subset a slice with x[2:3], the original slice and the sub-slice
share the same backing array, so if you append to the new slice, it can
unintentionally change the old slice:
For example, this code prints [1 2 3 555 5] (code on play.go.dev)
x := []int{1, 2, 3, 4, 5}
y := x[2:3]
y = append(y, 555)
fmt.Println(x)
I don’t think this has ever actually happened to me, but it’s alarming and I’m very happy to know about it.
Apparently you can avoid this problem by changing y := x[2:3] to y := x[2:3:3], which restricts the new slice’s capacity so that appending to it
will re-allocate a new slice. Here’s some code on play.go.dev that does that.
This one isn’t a “mistake” exactly, but it’s been a source of confusion for me and it’s pretty simple so I’m glad to have it cleared up.
In Go you can declare methods in 2 different ways:
func (t Thing) Function() (a “value receiver”)func (t *Thing) Function() (a “pointer receiver”)My understanding now is that basically:
t, you need a pointer receiver.t, use a value receiver.Explanation #42 has a bunch of other interesting details though. There’s definitely still something I’m missing about value vs pointer receivers (I got a compile error related to them a couple of times in the last week that I still don’t understand), but hopefully I’ll run into that error again soon and I can figure it out.
Some more notes from 100 Go Mistakes:
Also there are some things that have tripped me up in the past, like:
I really appreciated this “100 common mistakes” format – it made it really easy for me to skim through the mistakes and very quickly mentally classify them into:
It looks like “100 Common Mistakes” is a series of books from Manning and they also have “100 Java Mistakes” and an upcoming “100 SQL Server Mistakes”.
Also I enjoyed what I’ve read of Effective Python by Brett Slatkin, which has a similar “here are a bunch of short Python style tips” structure where you can quickly skim it and take what’s useful to you. There’s also Effective C++, Effective Java, and probably more.
other resources I’ve appreciated:
Here's where you can find me at IETF 120 in Vancouver!
The other day I asked what folks on Mastodon find confusing about working in the terminal, and one thing that stood out to me was “editing a command you already typed in”.
This really resonated with me: even though entering some text and editing it is
a very “basic” task, it took me maybe 15 years of using the terminal every
single day to get used to using Ctrl+A to go to the beginning of the line (or
Ctrl+E for the end – I think I used Home/End instead).
So let’s talk about why entering text might be hard! I’ll also share a few tips that I wish I’d learned earlier.
A big part of what makes entering text in the terminal hard is the inconsistency between how different programs handle entering text. For example:
cat, nc, git commit --interactive, etc) don’t support using arrow keys at all: if you press arrow keys, you’ll just see ^[[D^[[D^[[C^[[C^irb, python3 on a Linux machine and many many more) use the readline library, which gives you a lot of basic functionality (history, arrow keys, etc)/usr/bin/python3 on my Mac) do support very basic features like arrow keys, but not other features like Ctrl+left or reverse searching with Ctrl+Rfish shell or ipython3 or micro or vim) have their own fancy system for accepting input which is totally customSo there’s a lot of variation! Let’s talk about each of those a little more.
First, there’s “the baseline” – what happens if a program just accepts text by
calling fgets() or whatever and doing absolutely nothing else to provide a
nicer experience. Here’s what using these tools typically looks for me – If I
start the version of dash installed on
my machine (a pretty minimal shell) press the left arrow keys, it just prints
^[[D to the terminal.
$ ls l-^[[D^[[D^[[D
At first it doesn’t seem like all of these “baseline” tools have much in common, but there are actually a few features that you get for free just from your terminal, without the program needing to do anything special at all.
The things you get for free are:
Ctrl+W, to delete the previous wordCtrl+U, to delete the whole lineCtrl+C to interrupt the process, Ctrl+Z to suspend, etc)This is not great, but it means that if you want to delete a word you
generally can do it with Ctrl+W instead of pressing backspace 15 times, even
if you’re in an environment which is offering you absolutely zero features.
You can get a list of all the ctrl codes that your terminal supports with stty -a.
readlineThe next group is tools that use readline! Readline is a GNU library to make entering text more pleasant, and it’s very widely used.
My favourite readline keyboard shortcuts are:
Ctrl+E (or End) to go to the end of the lineCtrl+A (or Home) to go to the beginning of the lineCtrl+left/right arrow to go back/forward 1 wordCtrl+R to search your historyAnd you can use Ctrl+W / Ctrl+U from the “baseline” list, though Ctrl+U
deletes from the cursor to the beginning of the line instead of deleting the
whole line. I think Ctrl+W might also have a slightly different definition of
what a “word” is.
There are a lot more (here’s a full list), but those are the only ones that I personally use.
The bash shell is probably the most famous readline user (when you use
Ctrl+R to search your history in bash, that feature actually comes from
readline), but there are TONS of programs that use it – for example psql,
irb, python3, etc.
rlwrapOne of my absolute favourite things is that if you have a program like nc
without readline support, you can just run rlwrap nc to turn it into a
program with readline support!
This is incredible and makes a lot of tools that are borderline unusable MUCH more pleasant to use. You can even apparently set up rlwrap to include your own custom autocompletions, though I’ve never tried that.
I think reasons tools might not use readline might include:
cat or nc) and maybe the maintainers don’t want to bring in a relatively large dependencygit has a few interactive
features (like git add -p), but not very many, and usually you’re just
typing a single character like y or n – most of the time you need to really
type something significant in git, it’ll drop you into a text editor instead.For example idris2 says they don’t use readline
to keep dependencies minimal and suggest using rlwrap to get better
interactive features.
The simplest test I can think of is to press Ctrl+R, and if you see:
(reverse-i-search)`':
then you’re probably using readline. This obviously isn’t a guarantee (some
other library could use the term reverse-i-search too!), but I don’t know of
another system that uses that specific term to refer to searching history.
Because I’m a vim user, It took me a very long time to understand where these
keybindings come from (why Ctrl+A to go to the beginning of a line??? so
weird!)
My understanding is these keybindings actually come from Emacs – Ctrl+A and
Ctrl+E do the same thing in Emacs as they do in Readline and I assume the
other keyboard shortcuts mostly do as well, though I tried out Ctrl+W and
Ctrl+U in Emacs and they don’t do the same thing as they do in the terminal
so I guess there are some differences.
There’s some more history of the Readline project here.
libedit)On my Mac laptop, /usr/bin/python3 is in a weird middle ground where it
supports some readline features (for example the arrow keys), but not the
other ones. For example when I press Ctrl+left arrow, it prints out ;5D,
like this:
$ python3
>>> importt subprocess;5D
Folks on Mastodon helped me figure out that this is because in the default
Python install on Mac OS, the Python readline module is actually backed by
libedit, which is a similar library which has fewer features, presumably
because Readline is GPL licensed.
Here’s how I was eventually able to figure out that Python was using libedit on my system:
$ python3 -c "import readline; print(readline.__doc__)"
Importing this module enables command line editing using libedit readline.
Generally Python uses readline though if you install it on Linux or through Homebrew. It’s just that the specific version that Apple includes on their systems doesn’t have readline. Also Python 3.13 is going to remove the readline dependency in favour of a custom library, so “Python uses readline” won’t be true in the future.
I assume that there are more programs on my Mac that use libedit but I haven’t looked into it.
The last group of programs is programs that have their own custom (and sometimes much fancier!) system for editing text. This includes:
Ctrl+Z for undo when typing in a command. Zsh’s line editor is called zle.ipython), for example IPython uses the prompt_toolkit library instead of readlineatuin)Some features you might see are:
I went looking at how Atuin (a wonderful tool for searching your shell history that I started using recently) handles text input. Looking at the code and some of the discussion around it, their implementation is custom but it’s inspired by readline, which makes sense to me – a lot of users are used to those keybindings, and it’s convenient for them to work even though atuin doesn’t use readline.
prompt_toolkit (the library IPython uses) is similar – it actually supports a lot of options (including vi-like keybindings), but the default is to support the readline-style keybindings.
This is like how you see a lot of programs which support very basic vim
keybindings (like j for down and k for up). For example Fastmail supports
j and k even though most of its other keybindings don’t have much
relationship to vim.
I assume that most “readline-inspired” custom input systems have various subtle incompatibilities with readline, but this doesn’t really bother me at all personally because I’m extremely ignorant of most of readline’s features. I only use maybe 5 keyboard shortcuts, so as long as they support the 5 basic commands I know (which they always do!) I feel pretty comfortable. And usually these custom systems have much better autocomplete than you’d get from just using readline, so generally I prefer them over readline.
Bash, zsh, and fish all have a “vi mode” for entering text. In a very unscientific poll I ran on Mastodon, 12% of people said they use it, so it seems pretty popular.
Readline also has a “vi mode” (which is how Bash’s support for it works), so by extension lots of other programs have it too.
I’ve always thought that vi mode seems really cool, but for some reason even though I’m a vim user it’s never stuck for me.
I’ve spent a lot of my life being confused about why a command line application I was using wasn’t behaving the way I wanted, and it feels good to be able to more or less understand what’s going on.
I think this is roughly my mental flowchart when I’m entering text at a command line prompt:
Ctrl+W and Ctrl+U, and I can rlwrap the tool if I
want more features.Ctrl+R print reverse-i-search? Probably it’s readline, so I can use
all of the readline shortcuts I’m used to, and I know I can get some basic
history and press up arrow to get the previous command.Ctrl+R do something else? This is probably some custom input library:
it’ll probably act more or less like readline, and I can check the
documentation if I really want to know how it works.Being able to diagnose what’s going on like this makes the command line feel a more predictable and less chaotic.
There are lots more complications related to entering text that we didn’t talk about at all here, like:
TERM environment variableHello! Today someone on Mastodon asked about job control (fg, bg, Ctrl+z,
wait, etc). It made me think about how I don’t use my shell’s job
control interactively very often: usually I prefer to just open a new terminal
tab if I want to run multiple terminal programs, or use tmux if it’s over ssh.
But I was curious about whether other people used job control more often than me.
So I asked on Mastodon for reasons people use job control. There were a lot of great responses, and it even made me want to consider using job control a little more!
In this post I’m only going to talk about using job control interactively (not in scripts) – the post is already long enough just talking about interactive use.
First: what’s job control? Well – in a terminal, your processes can be in one of 3 states:
some_process &: the process is still running, but you can’t interact with it anymore unless you bring it back to the foreground.Ctrl+Z. This pauses the process: it won’t keep using the CPU, but you can restart it if you want.“Job control” is a set of commands for seeing which processes are running in a terminal and moving processes between these 3 states
fg brings a process to the foreground. It works on both stopped processes and background processes. For example, if you start a background process with cat < /dev/zero &, you can bring it back to the foreground by running fgbg restarts a stopped process and puts it in the background.Ctrl+z stops the current foreground process.jobs lists all processes that are active in your terminalkill sends a signal (like SIGKILL) to a job (this is the shell builtin kill, not /bin/kill)disown removes the job from the list of running jobs, so that it doesn’t get killed when you close the terminalwait waits for all background processes to complete. I only use this in scripts though.%2 instead of fg %2I might have forgotten some other job control commands but I think those are all the ones I’ve ever used.
You can also give fg or bg a specific job to foreground/background. For example if I see this in the output of jobs:
$ jobs
Job Group State Command
1 3161 running cat < /dev/zero &
2 3264 stopped nvim -w ~/.vimkeys $argv
then I can foreground nvim with fg %2. You can also kill it with kill -9 %2, or just kill %2 if you want to be more gentle.
kill %2 implemented?I was curious about how kill %2 works – does %2 just get replaced with the
PID of the relevant process when you run the command, the way environment
variables are? Some quick experimentation shows that it isn’t:
$ echo kill %2
kill %2
$ type kill
kill is a function with definition
# Defined in /nix/store/vicfrai6lhnl8xw6azq5dzaizx56gw4m-fish-3.7.0/share/fish/config.fish
So kill is a fish builtin that knows how to interpret %2. Looking at
the source code (which is very easy in fish!), it uses jobs -p %2 to expand %2
into a PID, and then runs the regular kill command.
Job control is implemented by your shell. I use fish, but my sense is that the basics of job control work pretty similarly in bash, fish, and zsh.
There are definitely some shells which don’t have job control at all, but I’ve only used bash/fish/zsh so I don’t know much about that.
Now let’s get into a few reasons people use job control!
I run into processes that don’t respond to Ctrl+C pretty regularly, and it’s
always a little annoying – I usually switch terminal tabs to find and kill and
the process. A bunch of people pointed out that you can do this in a faster way
using job control!
How to do this: Press Ctrl+Z, then kill %1 (or the appropriate job number
if there’s more than one stopped/background job, which you can get from
jobs). You can also kill -9 if it’s really not responding.
Sometimes I start a GUI program from the command line (for example with
wireshark some_file.pcap), forget to start it in the background, and don’t want it eating up my terminal tab.
How to do this:
Ctrl+Z and then running bg.disown to remove it from the list of jobs, to make sure that
the GUI program won’t get closed when you close your terminal tab.Personally I try to avoid starting GUI programs from the terminal if possible
because I don’t like how their stdout pollutes my terminal (on a Mac I use
open -a Wireshark instead because I find it works better but sometimes you
don’t have another choice.
tmuxThis is basically the same as the GUI app thing – you can move the job to the background and disown it.
I was also curious about if there are ways to redirect a process’s output to a file after it’s already started. A quick search turned up this Linux-only tool which is based on nelhage’s reptyr (which lets you for example move a process that you started outside of tmux to tmux) but I haven’t tried either of those.
vimA lot of people mentioned that if they want to quickly test something while
editing code in vim or another terminal editor, they like to use Ctrl+Z
to stop vim, run the command, and then run fg to go back to their editor.
You can also use this to check the output of a command that you ran before
starting vim.
I’ve never gotten in the habit of this, probably because I mostly use a GUI version of vim. I feel like I’d also be likely to switch terminal tabs and end up wondering “wait… where did I put my editor???” and have to go searching for it.
A few people said that they prefer to the output of all of their commands being interleaved in the terminal. This really surprised me because I usually think of having the output of lots of different commands interleaved as being a bad thing, but one person said that they like to do this with tcpdump specifically and I think that actually sounds extremely useful. Here’s what it looks like:
# start tcpdump
$ sudo tcpdump -ni any port 1234 &
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
# run curl
$ curl google.com:1234
13:13:29.881018 IP 192.168.1.173.49626 > 142.251.41.78.1234: Flags [S], seq 613574185, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2730440518 ecr 0,sackOK,eol], length 0
13:13:30.881963 IP 192.168.1.173.49626 > 142.251.41.78.1234: Flags [S], seq 613574185, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2730441519 ecr 0,sackOK,eol], length 0
13:13:31.882587 IP 192.168.1.173.49626 > 142.251.41.78.1234: Flags [S], seq 613574185, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2730442520 ecr 0,sackOK,eol], length 0
# when you're done, kill the tcpdump in the background
$ kill %1
I think it’s really nice here that you can see the output of tcpdump inline in your terminal – when I’m using tcpdump I’m always switching back and forth and I always get confused trying to match up the timestamps, so keeping everything in one terminal seems like it might be a lot clearer. I’m going to try it.
One person said that sometimes they’re running a very CPU-intensive program,
for example converting a video with ffmpeg, and they need to use the CPU for
something else, but don’t want to lose the work that ffmpeg already did.
You can do this by pressing Ctrl+Z to pause the process, and then run fg
when you want to start it again.
Many people replied that they didn’t use job control intentionally, but
that they sometimes accidentally ran Ctrl+Z, which stopped whatever program was
running, so they needed to learn how to use fg to bring it back to the
foreground.
The were also some mentions of accidentally running Ctrl+S too (which stops
your terminal and I think can be undone with Ctrl+Q). My terminal totally
ignores Ctrl+S so I guess I’m safe from that one though.
Some folks mentioned that they already set up a bunch of environment variables that they need to run various commands, so it’s easier to use job control to run multiple commands in the same terminal than to redo that work in another tab.
Probably the most obvious reason to use job control to manage multiple processes is “because you have to” – maybe you’re in single-user mode, or on a very restricted computer, or SSH’d into a machine that doesn’t have tmux or screen and you don’t want to create multiple SSH sessions.
Some people also said that they just don’t like using terminal tabs: for instance a few folks mentioned that they prefer to be able to see all of their terminals on the screen at the same time, so they’d rather have 4 terminals on the screen and then use job control if they need to run more than 4 programs.
I think my two main takeaways from thos post is I’ll probably try out job control a little more for:
tcpdump in the background with whatever network command I’m running, so I can see both of their output in the same placeIndieWebCamp Düsseldorf took place this weekend, and I was inspired to work on a quick hack for demo day to show off a new feature I've been working on for IndieAuth.
Since I do actually use my website to log in to different websites on a regular basis, I am often presented with the login screen asking for my domain name, which is admittedly an annoying part of the process. I don't even like having to enter my email address when I log in to a site, and entering my domain isn't any better.
So instead, I'd like to get rid of this prompt, and let the browser handle it for you! Here's a quick video of logging in to a website using my domain with the new browser API:
So how does this work?
For the last couple of years, there has been an ongoing effort at the Federated Identity Community Group at the W3C to build a new API in browsers that can sit in the middle of login flows. It's primarily being driven by Google for their use case of letting websites show a Google login popup dialog without needing 3rd party cookies and doing so in a privacy-preserving way. There's a lot to unpack here, more than I want to go into in this blog post. You can check out Tim Cappalli's slides from the OAuth Security Workshop for a good explainer on the background and how it works.
However, there are a few experimental features that are being considered for the API to accommodate use cases beyond the "Sign in with Google" case. The one that's particularly interesting to the IndieAuth use case is the IdP Registration API. This API allows any website to register itself as an identity provider that can appear in the account chooser popup, so that a relying party website doesn't have to list out all the IdPs it supports, it can just say it supports "any" IdP. This maps to how IndieAuth is already used today, where a website can accept any user's IndieAuth server without any prior relationship with the user. For more background, check out my previous blog post "OAuth for the Open Web".
So now, with the IdP Registration API in FedCM, your website can tell your browser that it is an IdP, then when a website wants to log you in, it asks your browser to prompt you. You choose your account from the list, the negotiation happens behind the scenes, and you're logged in!
One of the nice things about combining FedCM with IndieAuth is it lends itself nicely to running the FedCM IdP as a separate service from your actual website. I could run an IndieAuth IdP service that you could sign up for and link your website to. Since your identity is your website, your website would be the thing ultimately sent to the relying party that you're signing in to, even though it was brokered through the IdP service. Ultimately this means much faster adoption is possible, since all it takes to turn your website into a FedCM-supported site is adding a single <link> tag to your home page.
So if this sounds interesting to you, leave a comment below! The IdP registration API is currently an early experiment, and Google needs to see actual interest in it in order to keep it around! In particular, they are looking for Relying Parties who would be interested in actually using this to log users in. I am planning on launching this on webmention.io as an experiment. If you have a website where users can sign in with IndieAuth, feel free to get in touch and I'd be happy to help you set up FedCM support as well!
The draft specification OAuth for Browser-Based Applications has just entered Working Group Last Call!
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps
This begins a two-week period to collect final comments on the draft. Please review the draft and reply on the OAuth mailing list if you have any comments or concerns. And if you've reviewed the document and are happy with the current state, it is also extremely helpful if you can reply on the list to just say "looks good to me"!
If joining the mailing list is too much work, you're also welcome to comment on the Last Call issue on GitHub.
In case you were wondering, yes your comments matter! Even just a small indication of support goes a long way in these discussions!
I am extremely happy with how this draft has turned out, and would like to again give a huge thanks to Philippe De Ryck for the massive amount of work he's put in to the latest few versions to help get this over the finish line!
These are common questions when writing documentation for OAuth-related things. While these terms are all used in RFC 6749 and many extensions, the differences between the terminology is never actually explained.
I wanted to finally write down a definition of the terms, along with examples of when each is appropriate.
Let me know if you have any suggestions for clarifying any of this, or any other helpful examples to add! I'm planning on adding this summary to OAuth 2.1 so that we have a formal reference for it in the future!
It was 11am at the Fort Lauderdale airport, an hour after my non-stop flight to Portland was supposed to have boarded. As I had been watching our estimated departure get pushed back in 15 minute increments, I finally received the dreaded news over the loudspeaker - the flight was cancelled entirely. As hordes of people started lining up to rebook their flights with the gate agent, I found a quiet spot in the corner and opened up my laptop to look at my options.
The other Alaska Airlines flight options were pretty terrible. There was a Fort Lauderdale to Seattle to Portland option that would have me landing at midnight. A flight on a partner airline had a 1-hour connection through Dallas, and there were only middle seats available on both legs. So I started to get creative, and searched for flights from Orlando, about 200 miles north. There was a non-stop on Alaska Airlines at 7pm, with plenty of available seats, so I called up customer service and asked them to change my booking. Since the delay was their fault, there were no change fees even though the flight was leaving from a different airport.
So now it was my responsibility to get myself from Miami to Orlando by 7pm. I could have booked a flight on a budget airline for $150, but it wouldn't have been a very nice experience, and I'd have a lot of time to kill in the Orlando airport. Then I remembered the Brightline train recently opened new service from Miami to Orlando, supposedly taking less time than driving there.
Never having tried to take that train before, I didn't realize they run a shuttle service from the Fort Lauderdale airport to the train station, so I jumped in an Uber headed to the station. On the way there, I booked a ticket on my phone. The price from Miami to Orlando was $144 for Coach, or $229 for Premium class. Since this will probably be the only time I take this train for the foreseeable future, I splurged for the Premium class ticket to see what that experience is like.
Astute readers will have noticed that I mentioned I booked a ticket from Miami rather than Fort Lauderdale. We'll come back to that in a bit. Once I arrived at the station, I began my Brightline experience.
Walking in to the station felt like something between an airport and a car rental center.
There was a small ticket counter in the lobby, but I already had a ticket on my phone so I went up the escalators.
At the top of the escalators was an electronic gate where you scan your QR code to go through. Mine didn't work (again, more on that later), but it was relatively empty and a staff member was able to look at my ticket on my phone and let me through anyway. There was a small X-Ray machine, I tossed my roller bag and backpack onto the belt, but kept my phone and wallet in my pocket, and walked through the security checkpoint.
Once through the minimal security checkpoint, I was up in the waiting area above the platform with a variety of different sections. There was a small bar with drinks and snacks, a couple large seating areas, an automated mini mart, some tall tables...
... and the entrance to the Premium lounge.
The Premium Lounge entrance had another electronic gate with a QR code scanner. I tried getting in but it also rejected my boarding pass. My first thought was I booked my ticket just 10 minutes earlier so it hadn't synced up yet, so I went back to the the security checkpoint and asked what was wrong. They looked at my boarding pass and had no idea what was wrong, and let me in to the lounge via the back employee-only entrance instead.
Once inside the lounge, I did a quick loop to see what kind of food and drink options there were. The lounge was entirely un-attended, the only staff I saw were at the security checkpoint, and someone occasionally coming through to take out dirty dishes.
The first thing you're presented with after entering the lounge is the beverage station. There are 6 taps with beer and wine, and you use a touch screen to make your selection and pour what you want.
On the other side of the wall is the food. I arrived at the tail end of the breakfast service, so there were pretty slim pickings by the end.
There were yogurts, granola, a bowl of bacon and egg mix, several kinds of pastries, and a bowl of fruit that nobody seemed to have touched. I don't know if this was just because this was the end of the morning, but if you were vegan or gluten free there was really nothing you could eat there.
There was also a coffee and tea station with some minimal options.
Shortly after I arrived, it rolled over to lunch time, so the staff came out to swap out the food at the food station. The lunch options were also minimal, but there was a bit more selection.
There was a good size meat and cheese spread. I'm not a big fan of when they mix the meat and cheese on the same plate, but there was enough of a cheese island in the middle I was reasonably confident I wasn't eating meat juice off the side of the cheeses. The pasta dish also had meat so I didn't investigate further. Two of the three wraps had meat and I wasn't confident about which were which so I skipped those. There was a pretty good spinach and feta salad, and some hummus as well as artichoke dip, and a variety of crackers. If you like desserts, there was an even better selection of small desserts as well.
At this point I was starting to listen for my train's boarding announcement. There was really barely any staff visible anywhere, but the few people I saw had made it clear they would clearly announce the train over the loudspeakers when it was time. There was also a sign at the escalators to the platform that said boarding opens 10 minutes before the train departs.
The trains run northbound and southbound every 1-2 hours, so it's likely that you'll only hear one announcement for a train other than yours the entire time you're there.
The one train announcement I heard was a good demonstration of how quickly the whole process actually is once the train shows up. The train pulls up, they call everyone down to the platform, and you have ten minutes to get onto the train. Ten minutes isn't much, but you're sitting literally right on top of the train platform so it takes no time to get down there.
Once your train is called, it's time to head down the escalator to the train platform!
But wait, I mentioned my barcode had failed to be scanned a couple times at this point. Let me explain. Apparently, in my haste in the back of the Uber, I had actually booked a ticket from Miami to Orlando, but since I was already at the Fort Lauderdale airport, I had gone to the Fort Lauderdale Brightline station since it was the closest. So the departure time I saw on my ticket didn't match the time the train arrived at Fort Lauderdale, and the ticket gates refused to let me in because the ticket didn't depart from that station. I don't know why none of the employees who looked at my ticket mentioned this ever. It didn't end up being a big deal because thankfully Miami was earlier in the route, so I essentially just got on my scheduled train 2 stops late.
So anyway, I made my way down to the platform to board the train. I should also mention at this point that I was on a conference call from my phone. I had previously connected my phone to the free wifi at the station, and it was plenty good enough for the call. As I went down the escalator to the platform, it broke up a bit in the middle of the escalator, but picked back up once I was on the platform outside.
There were some signs on the platform to indicate "Coach 1", "Coach 2" and "Coach 3" cars. However my ticket was a "Premium" ticket, so I walked to where I assumed the front of the train would be when it pulled up.
I got on the train on the front car marked "SMART" and "3", seats 9-17. It wasn't clear what "SMART" was since I didn't see that option when booking online. My seat was seat 9A, so I wasn't entirely sure I was in the right spot, but I figured better to be on the train than on the platform, so I just went in. We started moving shortly after. As soon as I walked in, I had to walk past the train attendant pushing a beverage cart through the aisles. I made it to seat 9, but it was occupied. I asked the attendant where my seat was, and she said it was in car 1 at the "front", and motioned to the back of the train. I don't know why their cars are in the opposite order you'd expect. So I took my bags back to car 1 where I was finally greeted with the "Premium" sign I was looking for.
I was quickly able to find my seat, which was not in fact occupied. The Premium car was configured with 2 seats on one side and 1 seat on the other side.
Some of the seats are configured to face each other, so there is a nice variety of seating options. You could all be sitting around a table if you booked a ticket for 4 people, or you could book 2 tickets and sit either next to each other or across from each other.
Since I had booked my ticket so last minute, I had basically the last available seat in the car so I was sitting next to someone. As soon as I sat down, the beverage cart came by with drinks. The cart looked like the same type you'd find on an airplane, and even had some identical warning stickers on it such as the "must be secured for takeoff and landing" sign. The drink options were also similar to what you'd get on a Premium Economy flight service. I opted for a glass of prosecco, and made myself comfortable.
The tray table at the seat had two configurations. You could either drop down a small flap or the whole tray.
The small tray was big enough to hold a drink or an iPad or phone, but not much else. The large tray was big enough for my laptop with a drink next to it as well as an empty glass or bottle behind it.
Under the seat there was a single power outlet for the 2 seats with 120v power as well as two USB-C ports.
Shortly after I had settled in, the crew came back with a snack tray and handed me these four snacks without really giving me the option of refusing any of them.
At this point I wasn't really hungry since I had just eaten at the airport, so I stuffed the snacks in my bag, except for the prosciutto, which I offered to my seat mate but he refused.
By this point we were well on our way to the Boca Raton stop. A few people got off and on there, and we continued on. I should add here that I always feel a bit unsettled when there is that much movement of people getting on and off all the time. These stops were about 20-30 minutes away from each other, which meant the beginning of the ride I never really felt completely settled in. This is the same reason I prefer a 6 hour flight over two 3 hour flights. I like to be able to settle in and just not think about anything until we arrive.
We finally left the last of the South Florida stops, West Palm Beach, and started the rest of the trip to Orlando. A bunch of people got off at West Palm Beach, enough that the Premium cabin was nearly empty at that point. I was able to move to the seat across the aisle which was a window/aisle seat all to myself!
Finally I could settle in for the long haul. Shortly before 3, the crew came by with the lunch cart. The options were either a vegetarian or non-vegetarian option, so that made the choice easy for me.
The vegetarian option was a tomato basil mozzarella sandwich, a side of fruit salad, and some vegetables with hummus. The hummus was surprisingly good, not like the little plastic tubs you get at the airport. The sandwich was okay, but did have a nice pesto spread on it.
After lunch, I opened up my computer to start writing this post and worked on it for most of the rest of the trip.
As the train started making a left turn to head west, the conductor came on the loudspeaker and made an announcement along the lines of "we're about to head west onto the newest tracks that have been built in the US in 100 years. We'll be reaching 120 miles per hour, so feel free to feel smug as we whiz by the cars on the highway." And sure enough, we really picked up the speed on that stretch! While we had reached 100-120mph briefly during the trip north, that last stretch was a solid 120mph sustained for about 20 minutes!
We finally slowed down and pulled into the Orlando station at the airport.
Disembarking the train was simple enough. This was the last stop of the train so there wasn't quite as much of a rush to get off before the train started again. There's no need to mind the gap as you get off since there's a little platform that extends from the train car.
At the Orlando station there was a short escalator up and then you exit through the automated gates.
I assumed I would have to scan my ticket when exiting but that ended up not being the case. Which actually meant that the only time my ticket was ever checked was when entering the station. I never saw anyone come through to check tickets on the train.
At this point I was already in the airport, and it was a short walk around the corner to the tram that goes directly to the airport security checkpoint.
The whole trip took 176 minutes for 210 miles, which is an average speed of 71 miles per hour. When moving, we were typically moving at anywhere from 80-120 miles per hour.
We need more high speed trains in the US! I go from Portland to Seattle often enough that a train running every 90 minutes that was faster than a car and easier and more comfortable than an airplane would be so nice!