European gov­ern­ments have taken an­other step to­ward re­viv­ing the EU’s con­tro­ver­sial Chat Control agenda, ap­prov­ing a new ne­go­ti­at­ing man­date for the Child Sexual Abuse Regulation in a closed ses­sion of the Council of the European Union on November 26.

The mea­sure, pre­sented as a tool for child pro­tec­tion, is once again draw­ing heavy crit­i­cism for its sur­veil­lance im­pli­ca­tions and the way it re­shapes pri­vate dig­i­tal com­mu­ni­ca­tion in Europe.

Unlike ear­lier drafts, this ver­sion drops the ex­plicit oblig­a­tion for com­pa­nies to scan all pri­vate mes­sages but qui­etly in­tro­duces what op­po­nents de­scribe as an in­di­rect sys­tem of pres­sure.

It re­wards or pe­nal­izes on­line ser­vices de­pend­ing on whether they agree to carry out “voluntary” scan­ning, ef­fec­tively mak­ing in­tru­sive mon­i­tor­ing a busi­ness ex­pec­ta­tion rather than a le­gal re­quire­ment.

Former MEP Patrick Breyer, a long-stand­ing de­fender of dig­i­tal free­dom and one of the most vo­cal op­po­nents of the plan, said the deal “paves the way for a per­ma­nent in­fra­struc­ture of mass sur­veil­lance.”

According to him, the Council’s text re­places le­gal com­pul­sion with fi­nan­cial and reg­u­la­tory in­cen­tives that push ma­jor US tech­nol­ogy firms to­ward in­dis­crim­i­nate scan­ning.

He warned that the frame­work also brings “anonymity-breaking age checks” that will turn or­di­nary on­line use into an ex­er­cise in iden­tity ver­i­fi­ca­tion.

The new pro­posal, bro­kered largely through Danish me­di­a­tion, comes months af­ter the orig­i­nal “Chat Control 1.0” reg­u­la­tion ap­peared to have been shelved fol­low­ing wide­spread back­lash.

It re­in­states many of the same prin­ci­ples, re­quir­ing providers to as­sess their po­ten­tial “risk” for child abuse con­tent and to ap­ply “mitigation mea­sures” ap­proved by au­thor­i­ties. In prac­tice, that could mean pres­sure to in­stall scan­ning tools that probe both en­crypted and un­en­crypted com­mu­ni­ca­tions.

Czech MEP Markéta Gregorová called the Council’s po­si­tion “a dis­ap­point­ment…Chat Control…opens the way to blan­ket scan­ning of our mes­sages.”

In the Netherlands, mem­bers of par­lia­ment forced their gov­ern­ment to vote against the plan, warn­ing that it com­bines “mandatory age ver­i­fi­ca­tion” with a “voluntary oblig­a­tion” scheme that could pe­nal­ize any com­pany re­fus­ing to adopt in­va­sive sur­veil­lance meth­ods. Poland and the Czech Republic also voted against, and Italy ab­stained.

Former Dutch MEP Rob Roos ac­cused Brussels of op­er­at­ing “behind closed doors,” warn­ing that “Europe risks slid­ing into dig­i­tal au­thor­i­tar­i­an­ism.”

Beyond par­lia­men­tar­i­ans, in­de­pen­dent voices such as Daniel Vávra, David Heinemeier Hansson, and pri­vacy-fo­cused com­pany Mullvad have spo­ken out against the Council’s po­si­tion, call­ing it a di­rect threat to pri­vate com­mu­ni­ca­tion on­line.

Despite the re­moval of the word “mandatory,” the struc­ture of the new deal ap­pears to pre­serve mass scan­ning in prac­tice.

Breyer de­scribed it as a “Trojan Horse,” ar­gu­ing that by call­ing the process “voluntary,” EU gov­ern­ments have shifted the bur­den of sur­veil­lance to tech com­pa­nies them­selves.

The Council’s man­date in­tro­duces three cen­tral dan­gers that re­main largely un­ac­knowl­edged in the pub­lic de­bate.

First, so-called “voluntary scan­ning” turns mass sur­veil­lance into stan­dard op­er­at­ing pro­ce­dure. The pro­posal ex­tends the ear­lier tem­po­rary reg­u­la­tion that al­lowed ser­vice providers to scan user mes­sages and im­ages with­out war­rants.

Authorities like Germany’s Federal Criminal Police Office have re­ported that roughly half the alerts from such sys­tems are base­less, of­ten in­volv­ing com­pletely le­gal con­tent flagged by flawed al­go­rithms. Breyer said these sys­tems leak “tens of thou­sands of com­pletely le­gal, pri­vate chats” to law en­force­ment every year.

Second, the plan ef­fec­tively erases anony­mous com­mu­ni­ca­tion. To meet the new re­quire­ment to “reliably iden­tify mi­nors,” providers will have to im­ple­ment uni­ver­sal age checks. This likely means ID ver­i­fi­ca­tion or face scans be­fore ac­cess­ing even ba­sic ser­vices such as email or mes­sag­ing apps.

For jour­nal­ists, ac­tivists, and any­one who de­pends on anonymity for pro­tec­tion, this sys­tem could make easy pri­vate speech func­tion­ally im­pos­si­ble.

Technical ex­perts have re­peat­edly warned that age es­ti­ma­tion “cannot be per­formed in a pri­vacy-pre­serv­ing way” and car­ries “a dis­pro­por­tion­ate risk of se­ri­ous pri­vacy vi­o­la­tion and dis­crim­i­na­tion.”

Third, it risks dig­i­tally iso­lat­ing young peo­ple. Under the Council’s frame­work, users un­der 17 could be blocked from many plat­forms un­less they pass strict iden­tity ver­i­fi­ca­tion, in­clud­ing chat-en­abled games and mes­sag­ing ser­vices. Breyer called this idea “pedagogical non­sense,” ar­gu­ing that it ex­cludes teenagers in­stead of help­ing them de­velop safe on­line habits.

Member states re­main di­vided: the Netherlands, Poland, and the Czech Republic re­jected the text, while Italy ab­stained. Negotiations be­tween the European Parliament and the Council are ex­pected to be­gin soon, aim­ing for a fi­nal ver­sion be­fore April 2026.

Breyer warned that the ap­par­ent com­pro­mise is no real re­treat from sur­veil­lance. “The head­lines are mis­lead­ing: Chat Control is not dead, it is just be­ing pri­va­tized,” he said. “We are fac­ing a fu­ture where you need an ID card to send a mes­sage, and where for­eign black-box AI de­cides if your pri­vate pho­tos are sus­pi­cious. This is not a vic­tory for pri­vacy; it is a dis­as­ter wait­ing to hap­pen.”

Open-Source-Software bildet heute das Fundament großer Teile der dig­i­talen Infrastruktur — in Verwaltung, Wirtschaft, Forschung und im täglichen Leben. Selbst im ak­tuellen Koalitionsvertrag der Bundesregierung wird Open-Source-Software als el­e­mentarer Baustein zur Erreichung dig­i­taler Souveränität genannt.

Dennoch wird die Arbeit, die tausende Freiwillige dafür leis­ten, in Deutschland steuer- und förder­rechtlich nicht als Ehrenamt an­erkannt. Dieses Ungleichgewicht zwis­chen gesellschaftlicher Bedeutung und rechtlichem Status gilt es zu ko­r­rigieren.

Als ak­tiver Contributor in Open-Source-Projekten fordere ich da­her, Open-Source-Arbeit als gemein­wohlo­ri­en­tiertes Ehrenamt anzuerken­nen — gle­ichrangig mit Vereinsarbeit, Jugendarbeit oder Rettungsdiensten.

Glasses to de­tect smart-glasses that have cam­eras

So far fin­ger­print­ing spe­cific de­vices based on blue­tooth (BLE) is look­ing like eas­i­est and most re­li­able ap­proach. The pic­ture be­low is the first ver­sion, which plays the leg­end of zelda ‘secret found’ jin­gle when it de­tects a BLE ad­ver­tise­ment from Meta Raybans.

I’m es­sen­tially treat­ing this README like a log­book, so it will have my cur­rent ap­proaches/​ideas.

By send­ing IR at cam­era lenses, we can take ad­van­tage of the fact that the CMOS sen­sor in a cam­era re­flects light di­rectly back at the source (called ‘retro-reflectivity’ / ‘cat-eye ef­fect’) to iden­tify cam­eras.

This is­n’t ex­actly a new idea. Some re­searchers in 2005 used this prop­erty to cre­ate ‘capture-resistant en­vi­ron­ments’ when smart­phones with cam­eras were gain­ing pop­u­lar­ity.

There’s even some re­cent re­search (2024) that fig­ured out how to clas­sify in­di­vid­ual cam­eras based on their retro-re­flec­tions.

Now we have a sim­i­lar sit­u­a­tion to those 2005 re­searchers on our hands, where smart glasses with hid­den cam­eras seem to be get­ting more pop­u­lar. So I want to cre­ate a pair of glasses to iden­tify these. Unfortunately, from what I can tell most of the ex­ist­ing re­search in this space records data with a cam­era and then uses ML, a ton of con­trolled an­gles, etc. to dif­fer­en­ti­ate be­tween nor­mal re­flec­tive sur­faces and cam­eras.

I would feel pretty silly if my so­lu­tion uses its own cam­era. So I’ll be avoid­ing that. Instead I think it’s likely I’ll have to rely on be­ing con­sis­tent with my ‘sweeps’, and cre­at­ing a good clas­si­fier based on sig­nal data. For ex­am­ple you can see here that the back cam­era on my smart­phone seems to pro­duce quick and large spikes, while the glossy screen cre­ates a more pro­longed wave.

After get­ting to test some Meta Raybans, I found that this setup is not go­ing to be suf­fi­cient. Here’s a test of some sweeps of the cam­era-area + the same area when the lens is cov­ered. You can see the wave­form is sim­i­lar to what I saw in the ear­lier test (short spike for cam­era, wider oth­er­wise), but it’s wildly in­con­sis­tent and the strength of the sig­nal is very weak. This was from about 4 inches away from the LEDs. I did­n’t no­tice much dif­fer­ence when swap­ping be­tween 940nm and 850nm LEDs.

So at least with cur­rent hard­ware that’s easy for me to ac­cess, this prob­a­bly is­n’t enough to dif­fer­en­ti­ate ac­cu­rately.

Another idea I had is to cre­ate a des­ig­nated sweep ‘pattern’. The user (wearing the de­tec­tor glasses) would per­form a spe­cific scan pat­tern of the tar­get. Using the wave­forms cap­tured from this data, maybe we can more ac­cu­rately fin­ger­print the ray­bans. For ex­am­ple, sweep­ing across the tar­gets glasses in a ‘left, right, up, down’ ap­proach. I tested this by com­par­ing the re­sults of the Meta ray­bans vs some avi­a­tors I had ly­ing around. I think the idea be­hind this ap­proach is sound (actually it’s light), but it might need more work­shop­ping.

* ex­per­i­ment with com­bin­ing data from dif­fer­ent wave­lengths

This has been more tricky than I first thought! My cur­rent ap­proach here is to fin­ger­print the Meta Raybans over Bluetooth low-en­ergy (BLE) ad­ver­tise­ments. But, I have only been able to de­tect BLE traf­fic dur­ing 1) pair­ing 2) pow­er­ing-on. I some­times also see the ad­ver­tise­ment as they are taken out of the case (while al­ready pow­ered on), but not con­sis­tently.

The goal is to de­tect them dur­ing us­age when they’re com­mu­ni­cat­ing with the paired phone, but to see this type of di­rected BLE traf­fic it seems like I would first need to see the CONNECT_REQ packet which has in­for­ma­tion as to what which of the com­mu­ni­ca­tion chan­nels to hop be­tween in sync. I don’t think what I cur­rently have (ESP32) is set up to do this kind of fol­low­ing.

* po­ten­tially can use an nRF mod­ule for this

For any of the blue­tooth clas­sic (BTC) traf­fic, un­for­tu­nately the hard­ware seems a bit more in­volved (read: ex­pen­sive). So if I want to do down this route, I’ll likely need a more clever so­lu­tion here.

When turned on or put into pair­ing mode (or some­times when taken out of the case), I can de­tect the de­vice through ad­ver­tised man­u­fac­turer data and ser­vice UUIDs. 0x01AB is a Meta-specific SIG-assigned ID (assigned by the Bluetooth stan­dards body), and 0xFD5F in the Service UUID is as­signed to Meta as well.

cap­ture when the glasses are pow­ered on:

IEEE as­signs cer­tain MAC ad­dress pre­fixes (OUI, ‘Organizationally Unique Identifier’), but these ad­dresses get ran­dom­ized so I don’t ex­pect them to be su­per use­ful for BLE.

Here’s some links to more data if you’re cu­ri­ous:

Thanks to Trevor Seets and Junming Chen for their ad­vice in op­tics and BLE (respectively). Also to Sohail for lend­ing me meta ray­bans to test with.

moss is a Unix-like, Linux-compatible ker­nel writ­ten in Rust and Aarch64 as­sem­bly.

It fea­tures a mod­ern, asyn­chro­nous core, a mod­u­lar ar­chi­tec­ture ab­strac­tion layer, and bi­nary com­pat­i­bil­ity with Linux user­space ap­pli­ca­tions (currently ca­pa­ble of run­ning most BusyBox com­mands).

* A well-de­fined HAL al­low­ing for easy port­ing to other ar­chi­tec­tures (e.g.,

x86_64, RISC-V).

* Memory Management:

Buddy al­lo­ca­tor for phys­i­cal ad­dresses and smal­loc for boot al­lo­ca­tions

and track­ing mem­ory reser­va­tions.

* Buddy al­lo­ca­tor for phys­i­cal ad­dresses and smal­loc for boot al­lo­ca­tions

and track­ing mem­ory reser­va­tions.

One of the defin­ing fea­tures of moss is its us­age of Rust’s async/​await

model within the ker­nel con­text:

* All non-triv­ial sys­tem calls are writ­ten as async func­tions, sleep-able

func­tions are pre­fixed with .await.

* The com­piler en­forces that spin­locks can­not be held over sleep points,

elim­i­nat­ing a com­mon class of ker­nel dead­locks.

* Currently im­ple­ments 51 Linux syscalls; suf­fi­cient to ex­e­cute most BusyBox

com­mands.

moss is built on top of libker­nel, a util­ity li­brary de­signed to be ar­chi­tec­ture-ag­nos­tic. This al­lows logic to be tested on a host ma­chine (e.g., x86) be­fore run­ning on bare metal.

* Test Suite: A com­pre­hen­sive suite of 230+ tests en­sur­ing func­tion­al­ity across

ar­chi­tec­tures (e.g., val­i­dat­ing Aarch64 page table pars­ing logic on an x86

host).

You will need QEMU for aarch64 em­u­la­tion and dos­f­s­tools to cre­ate the vir­tual file sys­tem.

sudo apt in­stall qemu-sys­tem-aarch64 dos­f­s­tools

Additionally you will need a ver­sion of the aarch64-none-elf tool­chain in­stalled.

To in­stall aarch64-none-elf on any os, down­load the cor­rect re­lease of aarch64-none-elf onto your com­puter, un­pack it, then ex­port the bin folder to path.

nix shell nix­p­kgs#pkgsCross.aarch64-em­bed­ded.stdenv.cc nix­p­kgs#pkgsCross.aarch64-em­bed­ded.stdenv.cc.bin­tools

First, run the fol­low­ing script to pre­pare the bi­na­ries for the im­age:

./scripts/build-deps.sh

This will down­load and build the nec­es­sary de­pen­den­cies for the ker­nel and put them into the build di­rec­tory.

Once that is done, you can cre­ate the im­age us­ing the fol­low­ing com­mand:

sudo ./scripts/create-image.sh

This will cre­ate an im­age file named moss.img in the root di­rec­tory of the pro­ject, for­mat it as VFAT 32 and cre­ate the nec­es­sary files and di­rec­to­ries for the ker­nel.

This script needs to run with sudo to mount the im­age through a loop de­vice, which is re­quired to prop­erly cre­ate the im­age for the ker­nel to work.

To build the ker­nel and launch it in QEMU:

cargo run –release

Because libker­nel is ar­chi­tec­turally de­cou­pled, you can run the logic tests on your host ma­chine:

cargo test -p libker­nel –target x86_64-un­known-linux-gnu

Contributions are wel­come! Whether you are in­ter­ested in writ­ing a dri­ver, port­ing to x86, or adding syscalls.

Distributed un­der the MIT License. See LICENSE for more in­for­ma­tion.

EXCLUSIVE: Credit Report Shows Meta Keeping $27 Billion Off Its Books Through Advanced GeometryAnalyst: Tom Bellwether

Contact Information: None avail­able*

*Because of the com­plex na­ture of fi­nan­cial alchemy, our an­a­lysts live a her­metic lifestyle and avoid rel­e­vant news, day­light, and the ol­fac­tory senses needed to de­tect bull­shit. Following our re­view of Beignet Investor LLC (the Issuer), an af­fil­i­ate of Blue Owl Capital, in con­nec­tion with its par­tic­i­pa­tion in an 80% joint ven­ture with Meta Platforms Inc., we as­sign a pre­lim­i­nary A+ rat­ing to the Issuer’s pro­posed $27.30 bil­lion se­nior se­cured amor­tiz­ing notes.This rat­ing re­flects our opin­ion that:All ma­te­r­ial risks are con­trac­tu­ally as­signed to Meta, which al­lows us to clas­sify them as hy­po­thet­i­cal and pro­ceed ac­cord­ingly.Pro­jected cash flows are suf­fi­ciently flat and un­both­ered by re­al­ity to sup­port the rat­ing.Resid­ual Value Guarantees (RVGs) ex­ist, which we take as ev­i­dence that as­set val­ues will be­have in ac­cor­dance with wishes rather than mar­kets.The Outlook is Superficially Stable, de­fined here as “By out­ward ap­pear­ances sta­ble un­less, you know, things hap­pen. Then we’ll down­grade af­ter the shit hits the fan.”Blue Owl Capital Inc. (Blue Owl, BBB/Stable), through af­fil­i­ated funds, has cre­ated Beignet Investor LLC (Beignet or Issuer), a pro­ject fi­nance-style hold­ing com­pany that will own an 80 per­cent in­ter­est in a joint ven­ture (JVCo) with Meta Platforms Inc. (Meta, AA-/Stable). The en­tity is named “Beignet,” pre­sum­ably be­cause “Off-Balance-Sheet Leverage Vehicle No. 5” tested poorly with fo­cus groups.Beignet is is­su­ing $27.30 bil­lion of se­nior se­cured amor­tiz­ing notes due May 2049 un­der a Rule 144A struc­ture.Note pro­ceeds, to­gether with $2.45 bil­lion of de­ferred eq­uity from Blue Owl funds and $1.16 bil­lion of in­ter­est earned on bor­rowed money held in Treasuries, will fund Beignet’s $23.03 bil­lion con­tri­bu­tion to JVCo for the 2.064 GW hy­per­scale data cen­ter cam­pus in Richland Parish, Louisiana, along with re­serve ac­counts, cap­i­tal­ized in­ter­est and other trans­ac­tion costs that seem small only in com­par­i­son to the rest of the sen­tence.Iris Crossing LLC, an in­di­rect Meta sub­sidiary, will own the re­main­ing 20 per­cent of JVCo and fund ap­prox­i­mately $5.76 bil­lion of con­struc­tion costs.We as­sign a pre­lim­i­nary A+ rat­ing to the notes, one notch be­low Meta’s is­suer credit rat­ing, re­flect­ing the very strong con­trac­tual link­age to Meta and the tight tech­ni­cal sep­a­ra­tion that al­lows Meta to keep roughly $27 bil­lion of as­sets and debt off its bal­ance sheet while con­tin­u­ing to pro­vide all ma­te­r­ial eco­nomic sup­port.Ar­rows, like cats, have a way of com­ing home, no mat­ter how far you throw them.Meta trans­ferred the Hyperion data cen­ter pro­ject into JVCo, which is owned 80 per­cent by Beignet and 20 per­cent by Iris Crossing LLC, an in­di­rect Meta sub­sidiary. JVCo, in turn, owns Laidley LLC (Landlord). None of this is un­usual ex­cept for the part where Meta de­signs, builds, guar­an­tees, op­er­ates, funds the over­runs, pays the rent, and does not con­sol­i­date it.This pro­ject has nine data cen­ters and two sup­port build­ings, with about four mil­lion sq. ft. and 2.064 GW ca­pac­ity. The sup­port build­ings will store the reams of doc­u­men­ta­tion needed to con­vince every­one this struc­ture is­n’t what it looks like. The to­tal cap­i­tal plan of $28.79 bil­lion will be funded as fol­lows:And, in a feat of fi­nan­cial hy­dra­tion, $1.16 bil­lion of in­ter­est gen­er­ated by the same bor­rowed money while it sits in lad­dered Treasuries.The struc­ture al­lows the Issuer to bor­row money, earn in­ter­est on the bor­rowed money, and then use that in­ter­est to sat­isfy the eq­uity re­quire­ment that would nor­mally re­quire… money.Noth­ing is cre­ated. Nothing is con­tributed. It’s a loop. Borrow money, earn in­ter­est, and use the in­ter­est to claim you pro­vided eq­uity. The kind of cir­cle only fi­nance can call a straight line.To­gether, these flows cover Beignet’s $23.03 bil­lion oblig­a­tion to JVCo, plus the usual con­stel­la­tion of cap­i­tal­ized in­ter­est, re­serve ac­counts, and trans­ac­tion ex­penses. In any other con­text this would raise ques­tions. For us, it raises the credit rat­ing.Meta, through Pelican Leap LLC (Tenant), has en­tered into eleven triple-net leases—one for each build­ing—with an ini­tial four-year term start­ing in 2029 and four re­newal op­tions that could ex­tend the arrange­ment to twenty years. The leases rely on the as­sump­tion that Meta will con­tinue to need ex­po­nen­tially more com­pute power and that AI de­mand will not col­lapse, re­verse, plateau, or be­come struc­turally in­con­ve­nient.The notes is­sued by Beignet are se­cured by Beignet’s eq­uity in­ter­est in JVCo and rel­e­vant trans­ac­tion ac­counts. They are not se­cured by the un­der­ly­ing phys­i­cal as­sets, which re­main at the JVCo and Landlord level. This is de­scribed as stan­dard prac­tice, which is true in the same way that us­ing eleven en­ti­ties to rent build­ings to your­self has be­come stan­dard prac­tice.The re­sult­ing struc­ture al­lows Meta to sup­port the pro­ject eco­nom­i­cally while leav­ing the as­so­ci­ated debt some­where that is tech­ni­cally not on Meta’s bal­ance sheet. The dis­tinc­tion is thin, but ap­par­ently wide enough to mat­ter.The pre­lim­i­nary A+ rat­ing re­flects our view that this is func­tion­ally Meta bor­row­ing $27.30 bil­lion for a cam­pus no one else will touch, pack­aged in le­gal for­mal­ity pre­cise enough to sat­isfy the let­ter of con­sol­i­da­tion rules and ab­surd enough to in­sult the spirit.Credit risk aligns al­most one-for-one with Meta’s own pro­file be­cause:Meta is ob­lig­ated to fund con­struc­tion cost over­runs be­yond 105 per­cent of the fixed bud­get, ex­clud­ing force ma­jeure events, which rat­ing agen­cies his­tor­i­cally treat as the­o­ret­i­cal in­con­ve­niences rather than re­cur­ring fea­tures of the phys­i­cal world.Meta guar­an­tees all lease pay­ments and op­er­at­ing oblig­a­tions, both dur­ing the ini­tial four-year term and across any re­newal pe­ri­ods it al­ready in­tends to ex­er­cise, an arrange­ment whose pur­pose be­comes clearer when one re­mem­bers why the cam­pus is be­ing built at all.Meta pro­vides an RVG (residual value guar­an­tee) struc­tured to be suf­fi­cient, in most mod­eled cases, to en­sure bond­hold­ers are re­paid even if Meta recom­mits to the Metaverse or any fu­ture ini­tia­tive born from its on­go­ing fas­ci­na­tion with ex­pen­sive de­tours. We did not model what would hap­pen if data cen­ter de­mand col­lapses and Meta can­not se­cure a new ten­ant. This sce­nario was ex­cluded for method­olog­i­cal con­ve­nience.The min­i­mum rent sched­ule has been cal­i­brated to pro­duce a debt ser­vice cov­er­age ra­tio of ap­prox­i­mately 1.12 through 2049. We con­sider this a suf­fi­cient level of sta­bil­ity usu­ally found only in spread­sheets that freeze when real-world data is used.Taken to­gether, these fea­tures tie Beignet’s credit qual­ity to Meta so tightly that you’d have to not be pay­ing at­ten­tion to miss them. The struc­ture main­tains a pre­car­i­ous tech­ni­cal sep­a­ra­tion that, un­der cur­rent in­ter­pre­ta­tions of ac­count­ing guid­ance, al­lows Meta to keep roughly $27 bil­lion of as­sets and debt off its own bal­ance sheet while con­tin­u­ing to pro­vide every mean­ing­ful form of eco­nomic sup­port.This treat­ment is con­sid­ered ac­cept­able be­cause the peo­ple who de­cide what is ac­cept­able have ac­cepted it.JVCo qual­i­fies as a vari­able in­ter­est en­tity be­cause the eq­uity at risk is cer­e­mo­nial and the real eco­nomic ex­po­sure sits en­tirely with the party in­sist­ing it does not con­trol the ven­ture. This re­mains le­gal due to the en­dur­ing be­lief that bal­ance sheets are health­ier when the risky parts are hid­den.Un­der U.S. GAAP, con­sol­i­da­tion is re­quired if Meta is the pri­mary ben­e­fi­ciary, de­fined as the party that both:Di­rects the ac­tiv­i­ties that most sig­nif­i­cantly af­fect the en­ti­ty’s per­for­mance, and­Meta as­serts it is not the pri­mary ben­e­fi­ciary.To eval­u­ate that as­ser­tion, we note the fol­low­ing un­con­tested facts:Meta is re­spon­si­ble for de­sign­ing, over­see­ing, and op­er­at­ing a 2.064 GW AI cam­pus, an ac­tiv­ity that re­quires tech­ni­cal ca­pa­bil­i­ties Blue Owl does not pos­sess.Meta bears con­struc­tion cost over­runs be­yond 105 per­cent of the fixed bud­get, as well as spec­i­fied ca­su­alty re­pair oblig­a­tions of up to $3.125 bil­lion per event dur­ing con­struc­tion.Meta pro­vides the guar­an­tee for all rent and op­er­at­ing pay­ments un­der the leases, across the ini­tial term and any re­newals.Meta pro­vides the resid­ual value guar­an­tee, en­sur­ing bond­hold­ers are re­paid if leases are not re­newed or are ter­mi­nated, ei­ther through a sale or by pay­ing the guar­an­teed min­i­mum val­ues di­rectly.Meta con­tributes fund­ing, di­rects op­er­a­tions, bears con­struc­tion risk, guar­an­tees pay­ments, guar­an­tees as­set val­ues, de­ter­mines uti­liza­tion, con­trols re­newal be­hav­ior, and can trig­ger the sale of the fa­cil­ity.Based on this, or de­spite this, Meta con­cludes it does not con­trol JVCo.Our in­ter­pre­ta­tion is fully com­pli­ant with U.S. GAAP, which pri­or­i­tizes the geom­e­try of the le­gal struc­ture over the in­con­ve­nience of eco­nomic sub­stance and rec­og­nizes con­trol only if the con­trol­ling party agrees to be rec­og­nized as con­trol­ling.Meta has not agreed, and the frame­work, in­clud­ing this agency, re­spects that choice.For rat­ing pur­poses, we there­fore ac­cept Meta’s non-con­sol­i­da­tion as an ac­count­ing out­come while treat­ing Meta, in all prac­ti­cal re­spects, as fully re­spon­si­ble for the per­for­mance of an en­tity it does not of­fi­cially con­trol.The lease struc­ture is de­signed to look like a nor­mal com­mer­cial arrange­ment while func­tion­ing as a long-term com­mit­ment Meta in­sists, for ac­count­ing rea­sons, it can­not pos­si­bly pre­dict.Ten­ant will pay fixed rent for the first 19 months of op­er­a­tions, based on a 50 per­cent as­sumed uti­liza­tion rate, af­ter which rent scales with ac­tual power con­sump­tion. The leases are triple-net. Meta is re­spon­si­ble for every­thing: op­er­at­ing costs, main­te­nance, taxes, in­sur­ance, util­i­ties. If a pipe breaks, Meta fixes the pipe. If a hur­ri­cane re­lo­cates a roof, Meta pays to sta­ple the roof back on.In prac­ti­cal terms, the only sce­nario in which Beignet bears op­er­at­ing ex­po­sure is a sce­nario in which Meta stops pay­ing its own bills, at which point the lease struc­ture be­comes ir­rel­e­vant be­cause the same lawyers that struc­tured this deal will have al­ready qui­etly ex­tri­cated Meta from li­a­bil­ity.A min­i­mum rent floor en­gi­neered to pro­duce a DSCR of 1.12 in a spread­sheet where 1.12 was likely hard-coded and in­de­pen­dent of math.A four-year ini­tial term with four four-year re­newal op­tions, the­o­ret­i­cally cre­at­ing a 20-year run­way Meta pre­tends not to see.Meta guar­an­tees all ten­ant pay­ment oblig­a­tions across the en­tire po­ten­tial lease life, in­clud­ing re­newals it strate­gi­cally re­fuses to ac­knowl­edge as in­evitable.No per­for­mance-based KPIs. Under this struc­ture, the build­ings could un­der­per­form, over­per­form, or catch fire. Meta still pays rent.The RVG re­quires Meta to en­sure that, at every po­ten­tial lease-ter­mi­na­tion date, the as­set is worth at least the guar­an­teed min­i­mum value. If mar­kets dis­agree, Meta pays the dif­fer­ence. Because Meta is rated AA-/Stable, we are in­structed to as­sume that it will do so with­out hes­i­ta­tion, in­clud­ing in sce­nar­ios where de­mand soft­ens or sec­ondary mar­kets dis­cover that a hy­per­scale cam­pus in Richland Parish is not the world’s most liq­uid as­set class.The in­ter­play be­tween the lease term and the RVG cre­ates a cir­cu­lar logic we find struc­turally ex­quis­ite.From a credit per­spec­tive, this cir­cu­lar­ity is con­sid­ered sup­port­ive, be­cause the same logic used to avoid con­sol­i­dat­ing the debt also en­sures bond­hold­ers are paid. The cir­cu­lar­ity is not treated as a fea­ture or a flaw. It is treated as ac­count­ing.Be­cause Meta is AA-/Stable, we as­sume it will pay what­ever num­ber the Excel model finds through Goal Seek, even in sce­nar­ios in­volv­ing tech­no­log­i­cal ob­so­les­cence or an in­va­sion of rac­coons.The ac­count­ing hinges on a para­dox en­gi­neered with dull tweez­ers:Un­der lease ac­count­ing, Meta must record fu­ture lease oblig­a­tions only if re­newals are rea­son­ably cer­tain.Un­der RVG ac­count­ing, Meta must record a guar­an­tee li­a­bil­ity only if pay­ment is prob­a­ble.To keep $27 bil­lion off its bal­ance sheet, Meta must there­fore as­sert:Re­newals are not rea­son­ably cer­tain, de­spite de­sign­ing, fund­ing, build­ing, and ex­clu­sively us­ing a 2.064 GW AI cam­pus for which the re­al­is­tic ten­ant list be­gins and ends with Meta.The RVG will prob­a­bly never be trig­gered, de­spite the fact that not re­new­ing would trig­ger it im­me­di­ately.This re­quires a nar­row cor­ri­dor of as­sump­tions in which Meta si­mul­ta­ne­ously plans to use the fa­cil­ity for two decades and in­sists that no one can pre­dict four years of cor­po­rate in­ten­tion.From a credit stand­point, we are sup­port­ive. The as­sump­tions that ren­der the debt in­vis­i­ble are pre­cisely what make it se­cure. A har­mony best de­scribed as col­lat­er­al­ized cog­ni­tive dis­so­nance.Meta link­age. The eco­nom­ics are wed­ded to Meta’s credit pro­file, which we are re­quired to de­scribe as AA-/Stable rather than “the only rea­son this en­tire struc­ture does­n’t fold from a stiff breeze.” Meta guar­an­tees the rent, the RVG, and the con­tin­ued rel­e­vance of the fa­cil­ity. The rest is dé­cor au­di­tors would deem “tasteful.”Minimum rent floor. The lease sched­ule pro­duces a per­fectly flat DSCR of 1.12 through 2049. Projects of this size do not pro­duce flat any­thing, but the model in­sists oth­er­wise, so we pre­tend we be­lieve it. Being stick­lers for tra­di­tion, and hav­ing learned noth­ing from the fi­nan­cial cri­sis of 2008, we treat the spread­sheet as the fi­nal ar­biter of truth, even when the in­puts de­scribe a world no one lives in.Con­struc­tion risk trans­fer. Meta ab­sorbs cost over­runs be­yond 105 per­cent of bud­get and han­dles ca­su­alty re­pairs dur­ing con­struc­tion. Our method­ol­ogy in­ter­prets “contractually trans­ferred” as “ceased to ex­ist,” so we de­cline to model the risk of over­runs on a $28 bil­lion cam­pus built in a hur­ri­cane cor­ri­dor. This is con­sid­ered best prac­tice.RVG back­stop. The resid­ual value guar­an­tee elim­i­nates tail risk in much the same way a par­ent cosign­ing for their teenager’s car loan elim­i­nates tail risk: by en­sur­ing that the per­son with all the money pays for every­thing. If the mar­ket value col­lapses, Meta pays the dif­fer­ence. If the fa­cil­ity can’t be sold, Meta pays the whole thing. If the en­tire cam­pus be­comes a rac­coon sanc­tu­ary, Meta still pays. We clas­sify this as credit pro­tec­tion, a nu­anced des­ig­na­tion that al­lows us to rec­og­nize the se­cu­rity of the arrange­ment with­out rec­og­niz­ing the debt.Ab­sence of per­for­mance KPIs. There are no op­er­a­tional KPIs that al­low rent abate­ment. This is help­ful be­cause KPIs cre­ate volatil­ity, and volatil­ity re­quires thought, a vari­able we ex­plic­itly ex­clude from our method­ol­ogy. By re­mov­ing KPIs en­tirely, the struc­ture en­sures a level of cash-flow sta­bil­ity that ex­ists only in trans­ac­tions where the ten­ant is also the eco­nomic owner pre­tend­ing to be a squat­ter.Key Risks We Have Chosen To Be Comfortable WithThe rat­ing also re­flects sev­eral risks that are ac­knowl­edged, in­tel­lec­tu­ally trou­bling, and ul­ti­mately tol­er­ated be­cause Meta is large enough that every­one agrees to stop ask­ing ques­tions.Off-bal­ance-sheet de­pen­dence. Meta treats JVCo as if it be­longs to some­one else, which is a gen­er­ous in­ter­pre­ta­tion of own­er­ship. If con­sol­i­da­tion rules ever evolve to re­flect eco­nomic sub­stance, Meta could be re­quired to add $27 bil­lion of as­sets and match­ing debt back onto its own bal­ance sheet. Our method­ol­ogy treats this as a the­o­ret­i­cal in­con­ve­nience rather than a credit event, be­cause call­ing it what it re­ally is would cre­ate a con­flict with the very com­pa­nies we rate.Con­cen­tra­tion risk. The en­tire pro­ject ex­ists for one ten­ant with one busi­ness model in one in­dus­try un­der­go­ing tech­no­log­i­cal whiplash. The fa­cil­ity is en­gi­neered so specif­i­cally for Meta’s AI am­bi­tions that the only plau­si­ble al­ter­na­tive ten­ant is an­other ver­sion of Meta from a par­al­lel time­line. We strongly dis­agree with the many-worlds in­ter­pre­ta­tion of quan­tum me­chan­ics. We set this con­cern aside be­cause at this stage in the trans­ac­tion, the A+ rat­ing is a struc­tural load-bear­ing wall, and we are not paid to do de­mo­li­tion.Resid­ual value un­cer­tainty. The RVG de­pends on mod­eled guar­an­teed min­i­mum val­ues that as­sume buy­ers will one day de­sire a vast hy­per­scale com­plex in Richland Parish un­der stress sce­nar­ios. If hy­per­scale sup­ply bal­loons or the re­sale mar­ket for 2-gigawatt data cen­ters be­comes as illiq­uid as com­mon sense, Meta will owe more money. This in­creases Meta’s di­rect oblig­a­tions, which should con­cern us, but does not, be­cause Meta is rated AA-/Stable and there­fore pre­sumed to with­stand any sce­nario we have cho­sen not to model.Ca­su­alty and force ma­jeure. In ex­treme sce­nar­ios, mul­ti­ple build­ings could be de­stroyed by a hur­ri­cane, which we view as un­likely given that they al­most never im­pact Louisiana. The logic re­sem­bles a Rube Goldberg ma­chine built out of in­dem­ni­ties. We clas­sify this as a strength.JV struc­tural sub­or­di­na­tion. Cash flows must nav­i­gate wa­ter­falls, covenants, carve-outs, and the pos­si­bil­ity of up to $75 mil­lion of JV-level debt. These fea­tures in­tro­duce struc­tural com­plex­ity, which we flag, then promptly ig­nore, be­cause ac­knowl­edg­ing would force us to ex­plain who ben­e­fits from the con­vo­lu­tion.De­spite these risks, we main­tain an A+ rat­ing be­cause Meta’s credit qual­ity is strong, the struc­ture is de­signed to hide risk rather than trans­fer it, and our role in this ecosys­tem is to ob­serve these con­tra­dic­tions and pro­ceed as though they were fea­tures rather than warn­ings.The out­look is Superficially Stable. That means we ex­pect the struc­ture to hold to­gether as long as Meta keeps pay­ing for every­thing and the ac­count­ing rules re­main gen­er­ously un­in­ter­ested in eco­nomic re­al­ity.We as­sume, with the con­fi­dence of peo­ple who have clearly not been pun­ished enough:Meta will pre­serve an AA-/Stable pro­file be­cause any other out­come would force every­one in­volved to ad­mit what this ac­tu­ally is.Con­struc­tion will stay “broadly on sched­ule,” a phrase we use to pre-for­give what­ever hap­pens as long as Meta cov­ers the over­runs, which it must.Lease pay­ments and the min­i­mum rent sched­ule will con­tinue pro­duc­ing a DSCR that hov­ers around 1.12 in mod­els de­signed to en­sure that re­sult, and not ma­te­ri­ally be­low 1.10 un­less some­thing un-mod­eled hap­pens, which we clas­sify as “outside scope.”The RVG will re­main en­force­able, which mat­ters more than the re­sale value of a hy­per­scale fa­cil­ity in a world where hy­per­scale fa­cil­i­ties may or may not be worth any­thing.Changes in VIE or lease-ac­count­ing guid­ance will af­fect where Meta stores the debt, not whether Meta pays it.We could lower the rat­ing if Meta were down­graded, if DSCR sagged be­low the range we pre­tend is ac­cept­able, if Meta weak­ened its guar­an­tees, or if events un­fold in ways our as­sump­tions did not ac­count for, as events tend to do. The last cat­e­gory in­cludes any­thing that would force us to re­visit the as­sump­tions we con­fi­dently made with­out test­ing.We view an up­grade as un­likely. The struc­ture al­ready per­forms the sin­gle mir­a­cle it was de­signed for: keep­ing $27.3 bil­lion off Meta’s bal­ance sheet in a man­ner we are pro­fes­sion­ally ob­lig­ated to sup­port.CON­FI­DEN­TIAL­ITY AND USE: This re­port is in­tended solely for in­sti­tu­tional in­vestors, en­ti­ties re­quired by com­pli­ance to re­view doc­u­ments they will not read, and any reg­u­la­tory body still pre­tend­ing to mon­i­tor off-bal­ance-sheet arrange­ments. FSG LLC makes no rep­re­sen­ta­tion, war­ranty, or faint ges­ture to­ward co­her­ence re­gard­ing the ac­cu­racy, com­plete­ness, or le­git­i­macy of any­thing con­tained herein. By read­ing this doc­u­ment, you ir­rev­o­ca­bly ac­knowl­edge that we did not per­form due dili­gence in any con­ven­tional, philo­soph­i­cal, or legally en­force­able sense. Our re­view con­sisted of reread­ing Meta’s press re­lease un­til rep­e­ti­tion pro­duced ac­cep­tance, aided by a Magic 8-Ball we shook un­til it agreed.LIM­I­TA­TION OF RELIANCE: Any re­sem­blance to ob­jec­tive analy­sis is co­in­ci­den­tal and should not be re­lied upon by any­one with fidu­ciary oblig­a­tions, eth­i­cal stan­dards, a work­ing mem­ory, or the abil­ity to per­form ba­sic sub­trac­tion. Forward-looking state­ments are based on as­sump­tions that will not sur­vive con­tact with re­al­ity, stress test­ing, most Tuesdays, or a mod­est change in in­ter­est rates. FSG LLC is not li­able for losses aris­ing from re­liance on this re­port, mis­un­der­stand­ing this re­port, fully un­der­stand­ing this re­port, or the sink­ing recog­ni­tion that you should have known bet­ter. Past per­for­mance is not in­dica­tive of fu­ture re­sults, ex­cept in the spe­cific case of rat­ing agen­cies re­peat­ing the same mis­takes at larger scales with in­creas­ing con­fi­dence.RAT­ING METHODOLOGY: The rat­ing as­signed herein may be re­vised, with­drawn, or de­nied ever ex­ist­ing if Meta con­sol­i­dates the debt, Louisiana ceases to ex­ist for tax pur­poses, or the data cen­ter be­comes self-aware and moves to Montana to es­cape the heat. FSG LLC cal­cu­lated the A+ rat­ing us­ing a pro­pri­etary model con­sist­ing of dis­counted cash flows, in­ter­pre­tive dance, and what­ever num­ber Meta’s CFO sounded com­fort­able with on a dili­gence call we did not in fact at­tend. Readers who dis­cover ma­te­r­ial er­rors in this re­port are con­trac­tu­ally ob­lig­ated to keep them to them­selves and ac­cept that be­ing tech­ni­cally cor­rect is the least valu­able form of cor­rect.GEN­ERAL PROVISIONS: By con­tin­u­ing to read, you con­sent to the propo­si­tion that what Meta does not con­sol­i­date does not ex­ist, waive your right to say “I told you so” when this un­rav­els, and ac­cept that the term “investment grade” is now a dis­po­si­tion rather than a met­ric. FSG LLC re­serves the right to amend, re­tract, deny, or dis­own this re­port at any time, par­tic­u­larly if Congress shows in­ter­est or some­one notes that $27 bil­lion off-bal­ance-sheet is on a bal­ance sheet some­where. If you print this doc­u­ment, you may be re­quired un­der ap­plic­a­ble se­cu­ri­ties law to re­cy­cle it, shred it, or burn it be­fore sun­rise, whichever comes first. For ques­tions, com­plaints, or sneak­ing sus­pi­cions, please do not con­tact us. We are un­avail­able in­def­i­nitely and have dis­abled our voice­mail.

Sentence Transformers pro­vide lo­cal, easy to use em­bed­ding mod­els for cap­tur­ing the se­man­tic mean­ing of sen­tences and para­graphs.

The dataset in this HackerNews dataset con­tains vec­tor emebed­dings gen­er­ated from the

all-MiniLM-L6-v2 model.

An ex­am­ple Python script is pro­vided be­low to demon­strate how to pro­gram­mat­i­cally gen­er­ate em­bed­ding vec­tors us­ing sen­tence_­trans­form­ers1 Python pack­age. The search em­bed­ding vec­tor is then passed as an ar­gu­ment to the [cosineDistance()](/sql-reference/functions/distance-functions#cosineDistance) func­tion in the SELECT` query.from sen­tence_­trans­form­ers im­port SentenceTransformer

im­port sys

im­port click­house­_­con­nect

print(“Ini­tial­iz­ing…“)

model = SentenceTransformer(‘sentence-transformers/all-MiniLM-L6-v2’)

chclient = click­house­_­con­nect.get_­client() # ClickHouse cre­den­tials here

while True:

# Take the search query from user

print(“En­ter a search query :“)

in­put_­query = sys.stdin.read­line();

texts = [input_query]

# Run the model and ob­tain search vec­tor

print(“Gen­er­at­ing the em­bed­ding for ”, in­put_­query);

em­bed­dings = model.en­code(texts)

print(“Query­ing ClickHouse…“)

params = {‘v1’:list(embeddings[0]), ‘v2’:20}

re­sult = chclient.query(“SE­LECT id, ti­tle, text FROM hack­ernews ORDER BY cosineDis­tance(vec­tor, %(v1)s) LIMIT %(v2)s”, pa­ra­me­ters=params)

print(“Re­sults :“)

for row in re­sult.re­sult_rows:

print(row[0], row[2][:100])

print(“––––-“)

An ex­am­ple of run­ning the above Python script and sim­i­lar­ity search re­sults are shown be­low (only 100 char­ac­ters from each of the top 20 posts are printed):Ini­tial­iz­ing…

Enter a search query :

Are OLAP cubes use­ful

Generating the em­bed­ding for “Are OLAP cubes use­ful”

Querying ClickHouse…

Results :

27742647 smart­mic:

slt2021: OLAP Cube is not dead, as long as you use some form of:1. GROUP BY mul­ti­ple fi ––––- 27744260 georgewfraser:A data mart is a log­i­cal or­ga­ni­za­tion of data to help hu­mans un­der­stand the schema. Wh ––––- 27761434 mwexler:“We model data ac­cord­ing to rig­or­ous frame­works like Kimball or Inmon be­cause we must r ––––- 28401230 chot­mat: erosen­be0: OLAP data­base is just a copy, replica, or archive of data with a schema de­signe ––––- 22198879 Merick:+1 for Apache Kylin, it’s a great pro­ject and awe­some open source com­mu­nity. If any­one i ––––- 27741776 crazy­dog­gers:I al­ways felt the value of an OLAP cube was un­cov­er­ing ques­tions you may not know to as ––––- 22189480 shad­ow­sun7: _Codemonkeyism: After main­tain­ing an OLAP cube sys­tem for some years, I’m not that ––––- 27742029 smart­mic: gengstrand: My first ex­po­sure to OLAP was on a team de­vel­op­ing a front end to Essbase that ––––- 22364133 ir­fan­sharif: simo7: I’m won­der­ing how this tech­nol­ogy could work for OLAP cubes. An OLAP cube ––––- 23292746 scoresmoke:When I was de­vel­op­ing my pet pro­ject for Web an­a­lyt­ics (

The ex­am­ple above demon­strated se­man­tic search and doc­u­ment re­trieval us­ing ClickHouse.

A very sim­ple but high po­ten­tial gen­er­a­tive AI ex­am­ple ap­pli­ca­tion is pre­sented next.

The ap­pli­ca­tion per­forms the fol­low­ing steps:

Accepts a topic as in­put from the user

Generates an em­bed­ding vec­tor for the topic by us­ing the SentenceTransformers with model all-MiniLM-L6-v2

Retrieves highly rel­e­vant posts/​com­ments us­ing vec­tor sim­i­lar­ity search on the hack­ernews table

Uses LangChain and OpenAI gpt-3.5-turbo Chat API to sum­ma­rize the con­tent re­trieved in step #3.

The posts/​com­ments re­trieved in step #3 are passed as con­text to the Chat API and are the key link in Generative AI.

An ex­am­ple from run­ning the sum­ma­riza­tion ap­pli­ca­tion is first listed be­low, fol­lowed by the code for the sum­ma­riza­tion ap­pli­ca­tion. Running the ap­pli­ca­tion re­quires an OpenAI API key to be set in the en­vi­ron­ment vari­able OPENAI_API_KEY. The OpenAI API key can be ob­tained af­ter reg­is­ter­ing at https://​plat­form.ope­nai.com.

This ap­pli­ca­tion demon­strates a Generative AI use-case that is ap­plic­a­ble to mul­ti­ple en­ter­prise do­mains like : cus­tomer sen­ti­ment analy­sis, tech­ni­cal sup­port au­toma­tion, min­ing user con­ver­sa­tions, le­gal doc­u­ments, med­ical records, meet­ing tran­scripts, fi­nan­cial state­ments, etc$ python3 sum­ma­rize.py

Enter a search topic :

ClickHouse per­for­mance ex­pe­ri­ences

Generating the em­bed­ding for ––> ClickHouse per­for­mance ex­pe­ri­ences

Querying ClickHouse to re­trieve rel­e­vant ar­ti­cles…

Initializing chat­gpt-3.5-turbo model…

Summarizing search re­sults re­trieved from ClickHouse…

Summary from chat­gpt-3.5:

The dis­cus­sion fo­cuses on com­par­ing ClickHouse with var­i­ous data­bases like TimescaleDB, Apache Spark,

AWS Redshift, and QuestDB, high­light­ing ClickHouse’s cost-ef­fi­cient high per­for­mance and suit­abil­ity

for an­a­lyt­i­cal ap­pli­ca­tions. Users praise ClickHouse for its sim­plic­ity, speed, and re­source ef­fi­ciency

in han­dling large-scale an­a­lyt­ics work­loads, al­though some chal­lenges like DMLs and dif­fi­culty in back­ups

are men­tioned. ClickHouse is rec­og­nized for its real-time ag­gre­gate com­pu­ta­tion ca­pa­bil­i­ties and solid

en­gi­neer­ing, with com­par­isons made to other data­bases like Druid and MemSQL. Overall, ClickHouse is seen

as a pow­er­ful tool for real-time data pro­cess­ing, an­a­lyt­ics, and han­dling large vol­umes of data

ef­fi­ciently, gain­ing pop­u­lar­ity for its im­pres­sive per­for­mance and cost-ef­fec­tive­ness.

Code for the above ap­pli­ca­tion :print(“Initializing…“)

im­port sys

im­port json

im­port time

from sen­tence_­trans­form­ers im­port SentenceTransformer

im­port click­house­_­con­nect

from langchain.doc­store.doc­u­ment im­port Document

from langchain.tex­t_s­plit­ter im­port CharacterTextSplitter

from langchain.chat_­mod­els im­port ChatOpenAI

from langchain.prompts im­port PromptTemplate

from langchain.chains.sum­ma­rize im­port load­_­sum­ma­rize_chain

im­port tex­twrap

im­port tik­to­ken

def num_­to­ken­s_from_string(string: str, en­cod­ing_­name: str) -> int:

en­cod­ing = tik­to­ken.en­cod­ing_­for_­model(en­cod­ing_­name)

num_­to­kens = len(en­cod­ing.en­code(string))

re­turn num_­to­kens

model = SentenceTransformer(‘sentence-transformers/all-MiniLM-L6-v2’)

chclient = click­house­_­con­nect.get_­client(com­press=False) # ClickHouse cre­den­tials here

while True:

# Take the search query from user

print(“En­ter a search topic :“)

in­put_­query = sys.stdin.read­line();

texts = [input_query]

# Run the model and ob­tain search or ref­er­ence vec­tor

print(“Gen­er­at­ing the em­bed­ding for ––> ”, in­put_­query);

em­bed­dings = model.en­code(texts)

print(“Query­ing ClickHouse…“)

params = {‘v1’:list(embeddings[0]), ‘v2’:100}

re­sult = chclient.query(“SE­LECT id,ti­tle,text FROM hack­ernews ORDER BY cosineDis­tance(vec­tor, %(v1)s) LIMIT %(v2)s”, pa­ra­me­ters=params)

# Just join all the search re­sults

doc_re­sults = “”

for row in re­sult.re­sult_rows:

doc_re­sults = doc_re­sults + “\n” + row[2]

print(“Ini­tial­iz­ing chat­gpt-3.5-turbo model”)

mod­el_­name = “gpt-3.5-turbo”

tex­t_s­plit­ter = CharacterTextSplitter.from_tiktoken_encoder(

mod­el_­name=mod­el_­name

texts = tex­t_s­plit­ter.split_­text(doc_re­sults)

docs = [Document(page_content=t) for t in texts]

llm = ChatOpenAI(temperature=0, mod­el_­name=mod­el_­name)

promp­t_tem­plate = “”″

Write a con­cise sum­mary of the fol­low­ing in not more than 10 sen­tences:

I don’t re­mem­ber when I first started notic­ing that peo­ple I knew out in the world had lost their sense of erotic pri­vacy, but I do re­mem­ber the day it struck me as a phe­nom­e­non that had es­caped my time­line and en­tered my real, fleshy life. It was last year, when I was hav­ing a con­ver­sa­tion with a friend of mine, who, for the record, is five years younger than me (I’m 31). I told my friend about an erotic en­counter I’d just ex­pe­ri­enced and very much de­lighted in, in which I had my hair brushed at the same time by two very beau­ti­ful women at the hair sa­lon — one was teach­ing the other how to do it a cer­tain way. When I fin­ished my story, my friend looked at me, hor­ri­fied.

“They had no idea you felt some­thing sex­ual about them,” she said. “What if they found out? Lowkey, I hate to say this but: you took ad­van­tage of them.” I was shocked. I tried to ex­plain — and it felt ex­tremely ab­surd to ex­plain — that this had hap­pened in my body and in my thoughts, which were pri­vate to me and which no­body had the right to know about. But they did have the right, my friend ar­gued. She de­manded that I apol­o­gize to the women for sex­u­al­iz­ing them. Offended at hav­ing been ac­cused — in my view, in ex­tremely bad faith — of be­ing some kind of peep-show creep, I tried to ar­gue that I’d sim­ply re­sponded in a phys­i­cal way to an un­ex­pected, di­rect, and in­vol­un­tary stim­u­lus. Back and forth, back and forth, we fought like this for a while. In fact, it ended the friend­ship.

There were other con­ver­sa­tions, too, that sug­gested to me that con­cep­tions of love and sex have changed fun­da­men­tally among peo­ple I know. Too many of my friends and ac­quain­tances — of vary­ing de­grees of “onlineness,” from vet­eran dis­course ob­servers to ca­sual browsers — seem to have in­ter­nal­ized the in­ter­net’s ten­dency to reach for the least char­i­ta­ble in­ter­pre­ta­tion of every glanc­ing thought and, as a re­sult, to have pathol­o­gized what I would char­ac­ter­ize as the nor­mal, in­ter­nal va­garies of de­sire.

Hence, there was the friend who jus­ti­fied her predilec­tion for be­ing praised in bed as a “kink” in­her­ited through the “trauma” of her fa­ther al­ways harp­ing on her be­cause of her grades. There was the friend who felt en­ti­tled to post­ing screen­shots of in­ti­mate con­ver­sa­tions on Twitter af­ter a messy breakup so that she could get a rul­ing on “who was the crazy one.” Then there was the friend who bit­terly de­scribed a man he was dat­ing as a “fuckboy” be­cause he stood him up, claim­ing that their hav­ing en­joyed sex to­gether be­fore­hand was “emotionally ma­nip­u­la­tive.” When I dug a bit deeper, it turned out the man in ques­tion had just got­ten out of a seven-year re­la­tion­ship and re­al­ized he was­n’t ready to be sex­u­ally in­ti­mate, and while he was rude to stand my friend up, it shocked me how quick my friend was to cat­e­go­rize his right­fully hurt feel­ings as some­thing patho­log­i­cal or sin­is­ter in the other per­son, and that he did this in or­der to pre­emp­tively shield him­self from be­ing cast as the vil­lain in what was a multi-party ex­pe­ri­ence. This last friend I asked: “Who are you de­fend­ing your­self against?” To which he an­swered, to my as­ton­ish­ment: “I don’t know. The world.”

I choose these ex­am­ples from my per­sonal life be­cause they ex­press sen­ti­ments that were once the kind of stuff I en­coun­tered only in the messy bat­tle­grounds of Twitter, amid dis­cus­sions about whether Sabrina Carpenter is be­ing over­sex­u­al­ized, whether kinks are akin to a sex­ual ori­en­ta­tion, whether a woman can truly con­sent in an age-gap re­la­tion­ship, and whether ex­po­sure to sex scenes in movies vi­o­lates viewer con­sent. It is quite easy to dis­miss these “discourse wars” as a “puritanism” af­flict­ing the young, a re­ac­tionary cur­rent to be solved with a dif­fer­ent, cor­rec­tive dis­course of pro-sex lib­er­a­tion, dis­trib­uted via those same chan­nels. If only it were so! To me, the re­al­ity goes deeper and is bleaker.

The fact is that our most in­ti­mate in­ter­ac­tions with oth­ers are now gov­erned by the ex­pec­ta­tion of sur­veil­lance and pun­ish­ment from an on­line pub­lic. One can never be sure that this pub­lic or some­one who could po­ten­tially ex­pose us to it is­n’t there, al­ways se­cretly film­ing, post­ing, tak­ing notes, ready to pounce the sec­ond one does some­thing cringe or prob­lem­atic (as de­fined by whom?). To claim that these mat­ters are merely dis­cur­sive in na­ture is to ig­nore the prob­lem. Because love and sex are so in­ti­mate and vul­ner­a­ble, the stakes of pun­ish­ment are higher, and the fear of it pen­e­trates deeper into the psy­che and is harder to ra­tio­nal­ize away than, say, fear of push­back from tweet­ing a di­vi­sive po­lit­i­cal opin­ion.

I should state at this point that this is not an es­say about “cancel cul­ture go­ing too far,” a topic which can now be his­tori­cized as lit­tle more than a rhetor­i­cal cud­gel wielded suc­cess­fully by the right to wrest cul­tural power back from an as­cen­dant pro­gres­sive lib­er­al­ism. This was es­pe­cially true af­ter the promi­nence of or­ga­nized cam­paigns such as #MeToo. #MeToo was smeared by lib­er­als and con­ser­v­a­tives alike (united, as they al­ways are, in misog­yny) as be­ing in­her­ently puni­tive in na­ture, meant to pun­ish men who’d fallen into a rough patch of bad be­hav­ior, or who, per­haps, might not have done any­thing at all (the falsely ac­cused or the mis­in­ter­preted man be­came the real vic­tim, in this view). #MeToo did make use of the call-out — the story shared in a spread­sheet anony­mously or in a signed op-ed — but the call-outs had a pur­pose: to end a long-stand­ing and long-per­mit­ted norm of sex­ual abuse within in­sti­tu­tions. Underlying this was a dis­cur­sive prac­tice and a form of sol­i­dar­ity build­ing in which peo­ple be­lieved that shar­ing their sto­ries of trauma en masse could bring about struc­tural change. As some­one who par­tic­i­pated my­self, I too be­lieved in this the­ory and saw it as nec­es­sary, cathar­tic, and po­lit­i­cal, and far from vig­i­lante jus­tice.

But the push­back against #MeToo re­veals a cer­tain peril to sto­ry­telling as pol­i­tics, not only in the re­trauma­ti­za­tion ev­i­dent in the prac­tice of re­veal­ing one’s most in­ti­mate harms be­fore an in­fi­nite on­line au­di­ence, which could al­ways in­clude those lis­ten­ing in bad faith. But also, a dis­cur­sive mar­ket opened up in which trauma be­came a kind of cur­rency of au­then­tic­ity, re­sult­ing in a dou­bled ex­ploita­tion. This idea, while not very nice, lingers in the use of harm as an au­thor­i­ta­tive form of rhetor­i­cal de­fense. The prob­lem here is not what is said, but how it is used. A fric­tion has since emerged be­tween an aware­ness of weaponiza­tion of harm and emo­tion and the con­tin­ued need to ex­press one­self as vul­ner­a­bly as pos­si­ble in or­der to come off as sin­cere. This fric­tion is un­re­solved.

The or­ga­nized goals of the #MeToo move­ment are miss­ing from the new pu­ri­tanism. I think that the prud­ish re­vul­sion I’ve seen on­line and in my own life has as much to do with sur­veil­lance as with sex. Punishing strangers for their per­ceived per­ver­sion is a form of com­pen­sa­tion for a process that is al­ready com­pleted: the ero­sion of erotic and emo­tional pri­vacy through in­ter­net-dri­ven sur­veil­lance prac­tices, prac­tices we have since turned in­ward on our­selves. In short, we have be­come our own panop­ti­cons.

On the right­most side of the spec­trum, puni­tive anti-erotic sur­veil­lance is very ex­plicit and very real, es­pe­cially for women. The Andrew Tates of the world and the prac­ti­tion­ers of ex­treme forms of misog­yny have no prob­lem with us­ing in­ter­net tools and so­cial me­dia web­sites for mass sham­ing and ex­plicit harm. Covert film­ing of sex acts, AI deep fakes, ex­tor­tion, and re­venge porn are all re­al­i­ties one has to con­tend with when think­ing about hook­ing up or go­ing to pub­lic places such as night­clubs and gay bars. This is black­mail at its most ex­plicit and ex­treme, meant to fur­ther so­lid­ify a link be­tween sex and fear.

But that link be­tween sex and fear is op­er­at­ing in more “benign” or com­mon modes of in­ter­net prac­tice. There is an on­line cul­ture that thinks noth­ing of sub­mit­ting screen­shots, notes, videos, and pho­tos with calls for col­lec­tive judge­ment. When it be­came de­sir­able and per­mis­si­ble to trans­form our own lives into con­tent, it did­n’t take long be­fore a sense of en­ti­tle­ment emerged that ex­tended that trans­for­ma­tion to peo­ple we know and to strangers. My ex sent me this text, clearly she is the crazy one, right? Look at this dumb/​funny/​cringe Hinge pro­file! Look at this note some guy sent me, is this a red flag? Look at this ran­dom woman I pho­tographed buy­ing wine, co­conut oil, and a long cu­cum­ber at the su­per­mar­ket!

I think these kinds of posts some­times amount to lit­tle more than com­mon bul­ly­ing, but they are on a con­tin­uum with a pu­ri­tan dis­course in which in­ti­mate ques­tions, prac­tices, and be­liefs about queer­ness, sex­u­al­ity, gen­der pre­sen­ta­tion, and de­sire are also sub­jected to days-long piles-on. In both in­stances, the in­stinct to sub­mit on­line strangers to vi­ral dis­ci­pline is given a faux-rad­i­cal sheen. It’s a kind of ca­sual black­mail that warns every­one to con­form or be ex­posed; a way of say­ing if you don’t cave to my point of view, re­de­fine your­self in my im­age of what sex­u­al­ity is or should be, and (most im­por­tantly) apol­o­gize to me and the pub­lic, I will sub­ject you to my large fol­low­ing and there will be hell to pay. Such un­pro­duc­tive and an­ti­so­cial be­hav­ior is jus­ti­fied as a step to­ward lib­er­a­tion from pre­da­tion, misog­yny, or any num­ber of other harms. But the puni­tive mind­set we’ve de­vel­oped to­wards re­la­tion­ships is in­dica­tive of an in­abil­ity to imag­ine a fu­ture of gen­dered or sex­ual re­la­tions with­out sub­ju­ga­tion. To couch that in the lan­guage of harm re­duc­tion and trauma dele­git­imizes both.

There are other ways the pol­i­tics of sur­veil­lance have be­come a kind of fun­house mir­ror. It is seen as more and more nor­mal to track one’s part­ner through Find My iPhone or an AirTag, even though the po­ten­tial for abuse of this tech­nol­ogy is stag­ger­ing and ob­vi­ous. There are all kinds of new prod­ucts, such as a bio­met­ric ring that is al­legedly able to tell you whether your part­ner is cheat­ing, that ex­pand this ca­pa­bil­ity into more and more gran­u­lar set­tings. That’s all be­fore we get into the end­less TikToks about “why I go through my part­ner’s text mes­sages.” That men use these tac­tics and tools to con­trol women is a known threat. What is as­ton­ish­ing is the lengths to which some women will go to use these same tech­nolo­gies, claim­ing that they are nec­es­sary to pre­vent harm — es­pe­cially that caused by cheat­ing, which is now seen as some kind of life­long trauma or per­ma­nently damnable of­fense in­stead of one of the rather quo­tid­ian, if very painful, ways we hurt one an­other. Each of these sur­veil­lance prac­tices op­er­ates from a feel­ing of en­ti­tle­ment and con­trol over other peo­ple, their bod­ies, and what they do.

Pundits like to de­cree sex­less­ness as a Gen-Z prob­lem, to ar­gue no one is fuck­ing be­cause they are too on their phones. However, it is al­ways too easy to blame the young. It was my gen­er­a­tion that failed to in­still the so­cial norms nec­es­sary to pre­vent a sit­u­a­tion where fear of strangers on the in­ter­net has suc­cess­fully re­placed the dis­ci­pli­nary ap­pa­ra­tus more com­monly held by re­li­gious or con­ser­v­a­tive doc­trine. Even when, as in my ex­pe­ri­ence in the sa­lon, I am act­ing in the pri­vacy of my own body, some­one is al­ways there watch­ing, ready to in­ter­pret my ac­tions, prob­lema­tize them so as to share in the same sense of mag­i­cal think­ing, the same in­se­cu­ri­ties, and to be pun­ished for not be­ing in­se­cure in the same way.

It’s only in ret­ro­spect that I’m able to re­al­ize the toll that con­stant, nag­ging in­ter­ac­tion with my de­vices and the in­ter­net has taken on my think­ing life and my sex life. I re­mem­ber very vis­cer­ally when I’d just come out of the closet as bi­sex­ual in 2016. When I em­barked on a jour­ney to find the kind of lover I wanted to be, my only ex­pe­ri­ence with the world of queer­ness was on­line through memes, ar­ti­cles, and oth­ers’ so­cial me­dia pre­sen­ta­tion of them­selves and of pol­i­tics. Queer sex was not some­thing that could be dis­cov­ered through sen­sa­tion, through phys­i­cal in­ter­ac­tion, but was rather a cat­a­log of spe­cific acts and roles one was al­ready ex­pected to know. I was ter­ri­fied of mak­ing some kind of mis­take, of be­ing the wrong kind of bi­sex­ual, of mis­rep­re­sent­ing my­self in an of­fen­sive way (could I use the term “soft butch” if I was­n’t a les­bian?), of be­ing ex­posed some­how as a fraud. When the time came for me to have sex for the first time, what should have been a joy­ous oc­ca­sion was in­stead bur­dened with a sense of be­ing watched. I could not let the nat­ural processes of erotic dis­cov­ery take their course, so caught up was I in judg­ing my­self from the per­spec­tive of strangers to whom I owed noth­ing.

But it was­n’t just a mat­ter of queer­ness, ei­ther. When I hooked up with men, I could only per­ceive of sex the same way, not as sit­u­a­tional but as a set of pre­scribed acts and scenes, many of which I wanted to ex­plore. However, this time I in­ter­ro­gated these urges as be­ing so­cio­genic in na­ture and some­how harm­ful to me, when they were, in fact, pri­vate, and I did not, in re­al­ity, feel harmed. Because I wanted, at one point in my life, to be tied up and gagged, the dis­em­pow­er­ing na­ture of such a want ne­ces­si­tated try­ing to jus­tify it against in­vis­i­ble ac­cu­sa­tions with some kind of trau­mato­genic and im­mutable qual­ity. Maybe it was be­cause I was raped in col­lege. Maybe I was just in­her­ently sub­mis­sive. One of the great ironies in the his­tory of sex is that pathol­o­giza­tion used to be a way of con­trol­ling sex­ual de­sire. (All are fa­mil­iar with the many myths that mas­tur­ba­tion would turn one blind.) Now it is a way of ex­empt­ing one­self, of re­lin­quish­ing con­trol of one’s ac­tions so as to ab­solve them of scrutiny. My lit­tle bondage mo­ment could­n’t be prob­lem­atic if it could­n’t be helped. It could­n’t be sub­jected to in­ter­ro­ga­tion if there was some­thing I could point to to say “it’s be­yond my con­trol, don’t judge me!” One day, how­ever, I came to an im­por­tant rev­e­la­tion: The re­al­ity was much sim­pler. It was a pass­ing phase, a de­sire that orig­i­nated with a spe­cific man and lost its charm af­ter I moved on from him. There was­n’t some de­ter­min­is­tic qual­ity in my­self that made me like this. My de­sire was not fixed in na­ture. My sex­ual qual­i­ties were tran­sient and not in­born. What aroused me was won­der­fully, en­tirely sit­u­a­tional.

A sit­u­a­tional eroti­cism is what is needed now, in our lit­er­al­ist times. It’s ex­haust­ing, how every­thing is so read­ily de­fined by types, acts, trau­mas, kinks, fetishes, pathol­ogy, and aes­thet­ics. To me, our predilec­tion for de­ter­min­ism is an ex­pected psy­cho­log­i­cal re­sponse to ex­ces­sive sur­veil­lance. A sit­u­a­tional eroti­cism de­cou­ples sen­sa­tion from nar­ra­tive and ty­pol­ogy. It al­lows us to feel with­out ex­cuse and to re­late our feel­ings to our im­me­di­ate em­bod­ied mo­ment, grounded in a fun­da­men­tal sense of per­sonal pri­vacy. While it is ad­mirable to try and un­der­stand our­selves and im­por­tant to pro­tect our­selves from harm and in­ves­ti­gate crit­i­cally the ways in which what we want may put us at risk of that harm — or at risk of do­ing harm to oth­ers — some­times de­sires just are, and they are not that way for long. Arousal is a mat­ter of the self, which takes place within the body, a space no one can see into. It is of­ten a mys­tery, a sur­prise, a dis­cov­ery. It can hap­pen at a small scale, say, the fris­son of two sets of fin­gers in one’s hair at once. It is beau­ti­ful, un­planned and does not judge it­self be­cause it is an in­ert sen­sa­tion, unim­bued with pre­med­i­tated mean­ing. This should lib­er­ate rather than frighten us. Maybe what it means does­n’t mat­ter. Maybe we don’t have to jus­tify it even to our­selves.

But in or­der to fa­cil­i­tate a re­turn to sit­u­a­tional eroti­cism, we need to kill the panop­ti­con in our heads. That means first killing the panop­ti­con we’ve built for oth­ers. There is no pur­pose in vin­dic­tive or thought­less ex­po­sure. Not every­thing needs to be sub­jected to pub­lic opin­ion, not every anec­dote is worth shar­ing, not every de­bate needs en­gage­ment, es­pe­cially those de­bates which have no ma­te­r­ial ba­sis to them, no ask, no fun­nel for all that en­ergy. We need to stop con­fus­ing vig­i­lan­tism with jus­tice and post­ing with pol­i­tics. That does not mean we stop the work that #MeToo started, but that re­venge is a weapon best uti­lized col­lec­tively against the en­e­mies of lib­er­a­tion. We need to pro­tect the vul­ner­a­ble from ex­ploita­tive tech­nolo­gies and prac­tices, re­peat­edly de­nounce their use, and work to­wards a world with­out sex­ual co­er­cion, dig­i­tal or oth­er­wise.

On an in­di­vid­ual level, we need to aban­don or re­shape our re­la­tion­ships with our phones and re­gain a sense of our own per­sonal and men­tal pri­vacy. It’s a mat­ter of ex­is­ten­tial, meta­phys­i­cal im­por­tance. Only when this de­cou­pling from our­selves and the me­di­ated per­for­mance of our­selves is com­plete, can we be­gin the process of re­turn­ing to our own bod­ies out there, in the world, with no one watch­ing or read­ing our thoughts ex­cept those we want to. The truth is, we are very afraid not of sex, but of ex­po­sure. Only when we are un­afraid can we be­gin to let de­sire flour­ish. Only when we re­turn to our­selves can we re­ally know what we want.

Kate Wagner is the ar­chi­tec­ture critic at The Nation. Her award-win­ning cul­tural writ­ing has been fea­tured in mag­a­zines rang­ing from The Baffler to the New Republic.

Imgur de­cided to block UK users. Honestly? I don’t re­ally care that much. I haven’t ac­tively browsed the site in years. But it used to be every­where. Back when Reddit em­bed­ded every­thing on Imgur, maybe fif­teen years ago, it was gen­uinely use­ful. Then Reddit built their own im­age host­ing, Discord did the same, and Imgur slowly faded into the back­ground.

Except it never fully dis­ap­peared. And since the block, I keep stum­bling across Imgur links that just show “unavailable.” It’s mildly in­fu­ri­at­ing.

Here’s a con­crete ex­am­ple. I was play­ing Minecraft with some work col­leagues and wanted to try dif­fer­ent shaders. Most shader pages em­bed pre­view im­ages hosted on Imgur. So I’d click through shader af­ter shader, and every sin­gle pre­view was just gone. I could­n’t see what any of them looked like with­out the im­ages.

This kind of thing hap­pens con­stantly now. Old fo­rum posts, Reddit threads, doc­u­men­ta­tion pages, ran­dom pro­ject READMEs. Imgur links are still scat­tered across the in­ter­net, and in the UK, they’re all bro­ken.

The ob­vi­ous so­lu­tion is to use a VPN. Change your lo­ca­tion, prob­lem solved. But I have a few is­sues with that ap­proach.

First, I just up­graded to 2.5 Gbps in­ter­net and I don’t want to route all my traf­fic through a VPN and take the speed hit. I have this band­width for a rea­son.

Second, even if I in­stalled a VPN on my main ma­chine, what about my phone? My lap­top? My desk­top? Every de­vice would need the VPN run­ning, and I’d have to re­mem­ber to con­nect it be­fore brows­ing. It’s messy.

I wanted some­thing cleaner: a so­lu­tion that works for every de­vice on my net­work, au­to­mat­i­cally, with­out any client-side con­fig­u­ra­tion.

I al­ready run a home­lab with Traefik as my re­verse proxy, Pi-hole for DNS, and every­thing de­clar­a­tively con­fig­ured with NixOS. If you’ve read my pre­vi­ous post on Docker con­tain­ers with se­crets, you’ll recog­nise the pat­tern.

The idea was sim­ple: in­ter­cept all re­quests to i.imgur.com at the DNS level, route them through a VPN-connected con­tainer, and serve the im­ages back. Every de­vice on my net­work au­to­mat­i­cally uses Pi-hole for DNS via DHCP, so this would be com­pletely trans­par­ent.

Traefik sees the SNI host­name and routes to GluetunNginx (attached to Gluetun’s net­work) prox­ies to the real ImgurImage comes back through the tun­nel to the de­vice

Good ques­tion. Gluetun is­n’t a re­verse proxy. It’s a con­tainer that pro­vides VPN con­nec­tiv­ity to other con­tain­ers at­tached to its net­work name­space. So I needed some­thing in­side Gluetun’s net­work to ac­tu­ally han­dle the prox­y­ing. Nginx was the sim­plest choice.

The Nginx con­fig is min­i­mal. It just does TCP passthrough with SNI:

This lis­tens on port 443, reads the SNI header to con­firm the des­ti­na­tion, and passes the con­nec­tion through to the real i.imgur.com. The TLS hand­shake hap­pens end-to-end; Nginx never sees the de­crypted traf­fic.

The com­pose file runs two con­tain­ers. Gluetun han­dles the VPN con­nec­tion, and Nginx at­taches to Gluetun’s net­work:

The key de­tail is net­work_­mode: “service:gluetun”. This makes Nginx share Gluetun’s net­work stack, so all its traf­fic au­to­mat­i­cally goes through the VPN tun­nel.

I’m not go­ing to men­tion which VPN provider I use. It’s one of the ma­jor ones with WireGuard sup­port, but hon­estly I’m not thrilled with it. Use what­ever you have.

The fi­nal piece is telling Traefik to route i.imgur.com traf­fic to the Gluetun con­tainer. This uses TCP rout­ing with TLS passthrough:

The passthrough: true is im­por­tant. It means Traefik does­n’t ter­mi­nate TLS; it just in­spects the SNI header and for­wards the con­nec­tion.

Following the same pat­tern from my Docker with se­crets post, I cre­ated a sys­temd ser­vice that runs the com­pose stack with Agenix-managed se­crets:

The VPN cre­den­tials are stored en­crypted with Agenix, so my en­tire dot­files repo stays pub­lic while keep­ing se­crets safe.

Now when any de­vice on my net­work re­quests an Imgur im­age, it works. My phone, my lap­top, guest de­vices, every­thing. No VPN apps to in­stall, no browser ex­ten­sions, no man­ual con­fig­u­ra­tion. Pi-hole in­ter­cepts the DNS, Traefik routes the con­nec­tion, and Gluetun tun­nels it through a non-UK exit point.

The la­tency in­crease is neg­li­gi­ble for load­ing im­ages, and it only af­fects Imgur traf­fic. Everything else still goes di­rect at full speed.

Is this overkill for view­ing the oc­ca­sional Imgur im­age? Probably. But it’s a clean so­lu­tion that re­quires min­i­mal on­go­ing main­te­nance, and it scratches the home­lab itch. Plus I can fi­nally see what those Minecraft shaders look like.

A friend made me aware of a read­ing list from A16Z con­tain­ing rec­om­men­da­tions for books, weighted to­wards sci­ence fic­tion since that’s mostly what peo­ple there read. Some of my books are listed. Since this is the sea­son of Thanksgiving, I’ll start by say­ing that I gen­uinely ap­pre­ci­ate the plug! However, I was taken aback by the state­ment high­lighted in the screen grab be­low:

“…most of these books don’t have end­ings (they lit­er­ally stop mid-sen­tence).”

I had to read this over a few times to be­lieve that I was see­ing it. If it did­n’t in­clude the word “literally” I’d as­sume some po­etic li­cense on the part of who­ever, or what­ever, wrote this. But even then it would be crazy wrong.

I’m not sur­prised or per­turbed by the un­der­ly­ing sen­ti­ment. Some of my end­ings have been con­tro­ver­sial for a long time. Tastes dif­fer. Some read­ers would pre­fer more con­clu­sive end­ings. Now, in some cases, such as Snow Crash, I sim­ply can’t fathom why any reader could read the end­ing—a long ac­tion se­quence in which the Big Bad is de­feated, the two pri­mary an­tag­o­nists meet their maker and Y. T. is rec­on­ciled and re­united with her mother—as any­thing other than a proper wind-up to the story. In other cases, no­tably The Diamond Age and Seveneves, I can un­der­stand why read­ers who pre­fer a firm con­clu­sion would end up be­ing frus­trated. It is sim­ply not what I was try­ing to do in those books. So, for a long time, peo­ple have ar­gued about some of my end­ings, and that’s fine.

In this case, though, we have a big com­pany ex­plic­itly stat­ing that sev­eral of my best-known books just stop mid-sen­tence, and putting in the word “literally” to elim­i­nate any room for in­ter­pre­tive lee­way.

This is­n’t lit­er­ary crit­i­cism, which con­sists of state­ments of opin­ion. This is a fac­tual as­ser­tion that is (a) false, (b) easy to fact-check, and (c) casts my work ethic, and that of my ed­i­tors, in an un­flat­ter­ing light.

It is in­ter­est­ing to spec­u­late as to how such an as­ser­tion found its way onto A16Z’s web­site!

By far the most plau­si­ble ex­pla­na­tion is that this ver­biage was gen­er­ated by an AI and then copy-pasted into the web page by a hu­man who did­n’t bother to fact-check it. This would ex­plain the mis­spelling of my name and some pe­cu­liar­i­ties in the writ­ing style. Of course, this kind of thing is hap­pen­ing all the time now in law, acad­e­mia, jour­nal­ism, and other fields, so it’s pretty un­re­mark­able; it just caught my at­ten­tion be­cause it’s the first time it’s di­rectly af­fected me.

The flow di­a­gram looks like this:

That does a pretty good job of ex­plain­ing how this all might have come about. So far so good. But it raises in­ter­est­ing ques­tions about what hap­pens next: the faulty quote from this seem­ingly au­thor­i­ta­tive source in turn gets in­gested by the next gen­er­a­tion of LLMs, and so on and so forth:

A hun­dred years from now, thanks to the work­ings of the Inhuman Centipede, I’m known as a de­servedly ob­scure dadaist prose styl­ist who thought it was cool to stop his books mid-sen­tence.

In this sce­nario, which seems more far-fetched, we have a sin­cere and hon­est hu­man writer who is re­port­ing what they be­lieve to be true based on false in­for­ma­tion. It breaks down into two sub-hy­pothe­ses:

There are boot­leg copies of count­less books cir­cu­lat­ing all over the Internet, and have been for decades. Very of­ten these are of poor qual­ity. It could be that the per­son (or the AI) who wrote the above ex­cerpt de­cided to save some money by down­load­ing one of those, and got a bad copy that was cut off in mid-sen­tence.

Even in the le­git pub­lish­ing in­dus­try, the qual­ity of trans­la­tions can be quite vari­able, and it’s dif­fi­cult for au­thors to know whether a given trans­la­tion was any good. I’ve seen trans­lated edi­tions of some of my books that look sus­pi­ciously short on page count. For all I know there might be trans­la­tions of my books (legit or boot­leg) that ac­tu­ally do stop mid-sen­tence!

I gen­uinely am grate­ful to have been in­cluded on this list! But I had to say some­thing about this as­ton­ish­ing howler em­bed­ded in the oth­er­wise rea­son­able ver­biage.

Even the most cyn­i­cal and Internet-savvy among us are some­how hard-wired to take any­thing we read on the Internet at face value. I’m as guilty as the next per­son. This has been a bad idea for a long time now, since bad ac­tors have been swarm­ing onto the Internet for decades. Now, though, it’s a bad idea for a whole new rea­son: con­tent we read on the Internet might not have been writ­ten by a per­son with an in­tent to mis­in­form, but rather by an LLM with no mo­tives what­so­ever, and no un­der­ly­ing model of re­al­ity that en­ables it to de­ter­mine fact from fic­tion.

Every cou­ple of years some­body no­tices that large tech com­pa­nies some­times pro­duce sur­pris­ingly sloppy code. If you haven’t worked at a big com­pany, it might be hard to un­der­stand how this hap­pens. Big tech com­pa­nies pay well enough to at­tract many com­pe­tent en­gi­neers. They move slowly enough that it looks like they’re able to take their time and do solid work. How does bad code hap­pen?

I think the main rea­son is that big com­pa­nies are full of en­gi­neers work­ing out­side their area of ex­per­tise. The av­er­age big tech em­ployee stays for only a year or two. In fact, big tech com­pen­sa­tion pack­ages are typ­i­cally de­signed to put a four-year cap on en­gi­neer tenure: af­ter four years, the ini­tial share grant is fully vested, caus­ing en­gi­neers to take what can be a 50% pay cut. Companies do ex­tend tem­po­rary yearly re­freshes, but it ob­vi­ously in­cen­tivizes en­gi­neers to go find an­other job where they don’t have to won­der if they’re go­ing to get the other half of their com­pen­sa­tion each year.

If you count in­ter­nal mo­bil­ity, it’s even worse. The longest I have ever stayed on a sin­gle team or code­base was three years, near the start of my ca­reer. I ex­pect to be re-orged at least every year, and of­ten much more fre­quently.

However, the av­er­age tenure of a code­base in a big tech com­pany is a lot longer than that. Many of the ser­vices I work on are a decade old or more, and have had many, many dif­fer­ent own­ers over the years. That means many big tech en­gi­neers are con­stantly “figuring it out”. A pretty high per­cent­age of code changes are made by “beginners”: peo­ple who have on­boarded to the com­pany, the code­base, or even the pro­gram­ming lan­guage in the past six months.

To some ex­tent, this prob­lem is mit­i­gated by “old hands”: en­gi­neers who hap­pen to have been in the or­bit of a par­tic­u­lar sys­tem for long enough to de­velop real ex­per­tise. These en­gi­neers can give deep code re­views and re­li­ably catch ob­vi­ous prob­lems. But re­ly­ing on “old hands” has two prob­lems.

First, this process is en­tirely in­for­mal. Big tech com­pa­nies make sur­pris­ingly lit­tle ef­fort to de­velop long-term ex­per­tise in in­di­vid­ual sys­tems, and once they’ve got it they seem to barely care at all about re­tain­ing it. Often the en­gi­neers in ques­tion are moved to dif­fer­ent ser­vices, and have to ei­ther keep up their “old hand” du­ties on an ef­fec­tively vol­un­teer ba­sis, or aban­don them and be­come a rel­a­tive be­gin­ner on a brand new sys­tem.

Second, ex­pe­ri­enced en­gi­neers are al­ways over­loaded. It is a busy job be­ing one of the few en­gi­neers who has deep ex­per­tise on a par­tic­u­lar ser­vice. You don’t have enough time to per­son­ally re­view every soft­ware change, or to be ac­tively in­volved in every de­ci­sion-mak­ing process. Remember that you also have your own work to do: if you spend all your time re­view­ing changes and be­ing in­volved in dis­cus­sions, you’ll likely be pun­ished by the com­pany for not hav­ing enough in­di­vid­ual out­put.

Putting all this to­gether, what does the me­dian pro­duc­tive en­gi­neer at a big tech com­pany look like? They are usu­ally:

* com­pe­tent enough to pass the hir­ing bar and be able to do the work, but ei­ther

* work­ing on a code­base or lan­guage that is largely new to them, or

* try­ing to stay on top of a flood of code changes while also jug­gling their own work.

They are al­most cer­tainly work­ing to a dead­line, or to a se­ries of over­lap­ping dead­lines for dif­fer­ent pro­jects. In other words, they are try­ing to do their best in an en­vi­ron­ment that is not set up to pro­duce qual­ity code.

That’s how “obviously” bad code hap­pens. For in­stance, a ju­nior en­gi­neer picks up a ticket for an an­noy­ing bug in a code­base they’re barely fa­mil­iar with. They spend a few days fig­ur­ing it out and come up with a hacky so­lu­tion. One of the more se­nior “old hands” (if they’re lucky) glances over it in a spare half-hour, ve­toes it, and sug­gests some­thing slightly bet­ter that would at least work. The ju­nior en­gi­neer im­ple­ments that as best they can, tests that it works, it gets briefly re­viewed and shipped, and every­one in­volved im­me­di­ately moves on to higher-pri­or­ity work. Five years later some­body no­tices this and thinks “wow, that’s hacky - how did such bad code get writ­ten at such a big soft­ware com­pany”?

I have writ­ten a lot about the in­ter­nal tech com­pany dy­nam­ics that con­tribute to this. Most di­rectly, in Seeing like a soft­ware com­pany I ar­gue that big tech com­pa­nies con­sis­tently pri­or­i­tize in­ter­nal leg­i­bil­ity - the abil­ity to see at a glance who’s work­ing on what and to change it at will - over pro­duc­tiv­ity. Big com­pa­nies know that treat­ing en­gi­neers as fun­gi­ble and mov­ing them around de­stroys their abil­ity to de­velop long-term ex­per­tise in a sin­gle code­base. That’s a de­lib­er­ate trade­off. They’re giv­ing up some amount of ex­per­tise and soft­ware qual­ity in or­der to gain the abil­ity to rapidly de­ploy skilled en­gi­neers onto what­ever the prob­lem-of-the-month is.

I don’t know if this is a good idea or a bad idea. It cer­tainly seems to be work­ing for the big tech com­pa­nies, par­tic­u­larly now that “how fast can you pivot to some­thing AI-related” is so im­por­tant. But if you’re do­ing this, then of course you’re go­ing to pro­duce some gen­uinely bad code. That’s what hap­pens when you ask en­gi­neers to rush out work on sys­tems they’re un­fa­mil­iar with.

Individual en­gi­neers are en­tirely pow­er­less to al­ter this dy­namic. This is par­tic­u­larly true in 2025, when the bal­ance of power has tilted away from en­gi­neers and to­wards tech com­pany lead­er­ship. The most you can do as an in­di­vid­ual en­gi­neer is to try and be­come an “old hand”: to de­velop ex­per­tise in at least one area, and to use it to block the worst changes and steer peo­ple to­wards at least min­i­mally-sen­si­ble tech­ni­cal de­ci­sions. But even that is of­ten swim­ming against the cur­rent of the or­ga­ni­za­tion, and if in­ex­pertly done can cause you to get PIP-ed or worse.

I think a lot of this comes down to the dis­tinc­tion be­tween pure and im­pure soft­ware en­gi­neer­ing. To pure en­gi­neers - en­gi­neers work­ing on self-con­tained tech­ni­cal pro­jects, like a pro­gram­ming lan­guage - the only ex­pla­na­tion for bad code is in­com­pe­tence. But im­pure en­gi­neers op­er­ate more like plumbers or elec­tri­cians. They’re work­ing to dead­lines on pro­jects that are rel­a­tively new to them, and even if their tech­ni­cal fun­da­men­tals are im­pec­ca­ble, there’s al­ways some­thing about the par­tic­u­lar setup of this sit­u­a­tion that’s awk­ward or sur­pris­ing. To im­pure en­gi­neers, bad code is in­evitable. As long as the over­all sys­tem works well enough, the pro­ject is a suc­cess.

At big tech com­pa­nies, en­gi­neers don’t get to de­cide if they’re work­ing on pure or im­pure en­gi­neer­ing work. It’s not their code­base! If the com­pany wants to move you from work­ing on data­base in­fra­struc­ture to build­ing the new pay­ments sys­tem, they’re fully en­ti­tled to do that. The fact that you might make some mis­takes in an un­fa­mil­iar sys­tem - or that your old col­leagues on the data­base in­fra team might suf­fer with­out your ex­per­tise - is a de­lib­er­ate trade­off be­ing made by the com­pany, not the en­gi­neer.

It’s fine to point out ex­am­ples of bad code at big com­pa­nies. If noth­ing else, it can be an ef­fec­tive way to get those spe­cific ex­am­ples fixed, since ex­ecs usu­ally jump at the chance to turn bad PR into good PR. But I think it’s a mis­take to at­tribute pri­mary re­spon­si­bil­ity to the en­gi­neers at those com­pa­nies. If you could wave a magic wand and make every en­gi­neer twice as strong, you would still have bad code, be­cause al­most no­body can come into a brand new code­base and quickly make changes with zero mis­takes. The root cause is that most big com­pany en­gi­neers are forced to do most of their work in un­fa­mil­iar code­bases.