Have a ques­tion about this pro­ject? Sign up for a free GitHub ac­count to open an is­sue and con­tact its main­tain­ers and the com­mu­nity.

By click­ing “Sign up for GitHub”, you agree to our terms of ser­vice and pri­vacy state­ment. We’ll oc­ca­sion­ally send you ac­count re­lated emails.

Already on GitHub? Sign in

to your ac­count

An of­fi­cial web­site of the

Better health be­gins on your plate—not in your med­i­cine cab­i­net.

The new Dietary Guidelines for Americans de­fines real food as whole, nu­tri­ent-dense, and nat­u­rally oc­cur­ring, plac­ing them back at the cen­ter of our di­ets. The State of Our Health50% of Americans have 75% of adults re­port hav­ing at least one 90% of U.S. health­care spend­ing goes to treat­ing —much of which is linked to diet and lifestyle We are end­ing the war on pro­tein. Every meal must pri­or­i­tize high-qual­ity, nu­tri­ent-dense pro­tein from both an­i­mal and plant sources, paired with healthy fats from whole foods such as eggs, seafood, meats, full-fat dairy, nuts, seeds, olives, and av­o­ca­dos.Pro­tein tar­get: ~0.54–0.73 grams per pound of body weight per dayVeg­eta­bles and fruits are es­sen­tial to real food nu­tri­tion. Eat a wide va­ri­ety of whole, col­or­ful, nu­tri­ent-dense veg­eta­bles and fruits in their orig­i­nal form, pri­or­i­tiz­ing fresh­ness and min­i­mal pro­cess­ing.Whole grains are en­cour­aged. Refined car­bo­hy­drates are not. Prioritize fiber-rich whole grains and sig­nif­i­cantly re­duce the con­sump­tion of highly processed, re­fined car­bo­hy­drates that dis­place real nour­ish­ment.What is the New Pyramid?The New Pyramid is a sim­ple guide de­signed to help Americans eat real, whole foods more con­sis­tently. It pri­or­i­tizes nu­tri­ent-dense foods and re­duces re­liance on highly processed prod­ucts, us­ing mod­ern nu­tri­tion sci­ence to sup­port every­day health.What does “Eat Real Food” mean?Eat­ing real food means choos­ing foods that are whole or min­i­mally processed and rec­og­niz­able as food. These foods are pre­pared with few in­gre­di­ents and with­out added sug­ars, in­dus­trial oils, ar­ti­fi­cial fla­vors, or preser­v­a­tives.Why does the New Pyramid em­pha­size pro­tein and veg­eta­bles?Pro­tein and veg­eta­bles form the foun­da­tion of real food meals. Together, they sup­port mus­cle health, meta­bolic func­tion, gut health, and sta­ble en­ergy while nat­u­rally crowd­ing out highly processed foods.Yes. Healthy fats are a nat­ural part of real foods such as meat, seafood, dairy, nuts, olives, and av­o­ca­dos. These fats sup­port brain health, hor­mone func­tion, and nu­tri­ent ab­sorp­tion when con­sumed in their nat­ural forms.How does the New Pyramid ad­dress added sug­ars?Added sug­ars are not part of eat­ing real foods and are not rec­om­mended. The New Pyramid en­cour­ages avoid­ing added sug­ars en­tirely, es­pe­cially for chil­dren, while al­low­ing nat­u­rally oc­cur­ring sug­ars found in whole fruits and plain dairy.Where do grains fit in the New Pyramid?Grains can be part of a real food diet when eaten in whole or tra­di­tion­ally pre­pared forms. Foods like oats, rice, and true sour­dough are pre­ferred. Refined and pack­aged grain prod­ucts should be lim­ited.Hy­dra­tion mat­ters. Choose wa­ter or unsweet­ened bev­er­ages to ac­com­pany meals and snacks.Is the New Pyramid a strict diet?No. The New Pyramid is a flex­i­ble frame­work meant to guide bet­ter choices, not dic­tate ex­act meals. It sup­ports cul­tural tra­di­tions, per­sonal pref­er­ences, and dif­fer­ent lifestyles while re­in­forc­ing one core goal: eat real foods most of the time.Ex­plore the re­search, rec­om­men­da­tions, and im­ple­men­ta­tion guid­ance that shape the Dietary Guidelines, in­clud­ing the sci­ence, the pol­icy guid­ance, and the every­day serv­ing frame­work.

Patchouli is an open-source elec­tro-mag­netic draw­ing tablet hard­ware im­ple­men­ta­tion, in­clud­ing a coil ar­ray, an RF front end built us­ing com­mer­cially avail­able parts, and dig­i­tal sig­nal pro­cess­ing al­go­rithms. The de­sign is com­pat­i­ble with most com­mer­cial pens from dif­fer­ent ven­dors, of­fer­ing an ul­tra-low-la­tency pen in­put ex­pe­ri­ence for your cus­tomized hard­ware pro­jects.

In ad­di­tion, this pro­ject aims to pro­vide a com­pre­hen­sive doc­u­men­ta­tion of the EMR tech­nol­ogy, in­clud­ing the mech­a­nism, cir­cuit im­ple­men­ta­tion, sig­nal pro­cess­ing al­go­rithms, and the pen pro­to­col of dif­fer­ent prod­uct lines from dif­fer­ent ven­dors.

* March 2024, the first small-scale hard­ware pro­to­type was suc­cess­fully tested.

* January 2025, the doc­u­men­ta­tion page was hosted on Read the Docs.

* Reaching out to the main­tain­ers: prj.patchouli@gmail.com

This pro­ject is spon­sored by the NLnet Foundation NGI Zero Core Fund. Learn more about it here: Project Patchouli

Project Patchouli Documentation by Yukidama and other pro­ject mem­bers is li­censed un­der Creative Commons Attribution 4.0 International

All im­ages and other re­source files in this pro­ject, un­less oth­er­wise spec­i­fied, are cre­ated by the pro­ject team and are li­censed un­der the same CC BY 4.0 li­cense.

The hard­ware de­sign is re­leased un­der the CERN Open Source Hardware License strongly-rec­i­p­ro­cal vari­ant, CERN-OHL-S. A copy of the li­cense is pro­vided in the source repos­i­tory. Additionally, a user guide of the li­cense is pro­vided on ohwr.org.

All pro­gram code, un­less oth­er­wise spec­i­fied, is li­censed un­der the GPLv3 li­cense.

Updates to the Tailscale client and ser­vice.

An Immigration and Customs Enforcement agent shot and killed a woman Wednesday dur­ing an im­mi­gra­tion-re­lated op­er­a­tion in Minneapolis in which she did not ap­pear to be the tar­get, lo­cal and fed­eral of­fi­cials said.

The shoot­ing vic­tim has been named as Renee Nicole Good, 37, a mother and U. S. cit­i­zen.

Dueling nar­ra­tives emerged over what led to the shoot­ing. Department of Homeland Security spokesper­son Tricia McLaughlin claimed the woman “weaponized her ve­hi­cle, at­tempt­ing to run over our law en­force­ment of­fi­cers in an at­tempt to kill them.”

Minneapolis Mayor Jacob Frey pushed back on DHS’ nar­ra­tive at a news con­fer­ence Wednesday af­ter­noon, say­ing, “They are al­ready try­ing to spin this as an ac­tion of self-de­fense,” re­fer­ring to ICE. “Having seen the video of my­self, I want to tell every­body di­rectly that is b–-s–-.”

Witnesses de­scribed see­ing the woman in the ve­hi­cle try­ing to flee of­fi­cers when she was shot, dis­put­ing the no­tion that she was try­ing to run of­fi­cers over. Police de­scribed her as a “middle-aged white woman” who did not ap­pear to be the tar­get of any law en­force­ment in­ves­ti­ga­tion or ac­tiv­ity.

Immigration en­force­ment of­fi­cers were con­duct­ing tar­geted op­er­a­tions in Minneapolis when the shoot­ing hap­pened, but it’s un­clear what op­er­a­tion ICE was con­duct­ing in that par­tic­u­lar neigh­bor­hood.

Several video clips of the in­ci­dent emerged on so­cial me­dia.

In one video, a gray pickup truck is seen pulling up to a bur­gundy SUV stopped per­pen­dic­u­lar to the truck as some­one shouts “get the f–- out of our neigh­bor­hood.” Agents get out of the truck, and one walks up to the SUV and yanks on the dri­ver’s door han­dle, or­der­ing the dri­ver to get out. The SUV re­verses.

Another agent is stand­ing near the front of the SUV as it pulls for­ward. The agent ap­pears to draw his firearm, and as the SUV dri­ves for­ward in his di­rec­tion, he moves back­ward, shoot­ing into the SUV as it dri­ves off, the video shows.

In an­other video show­ing a dif­fer­ent an­gle, the agent ap­pears to be knocked back as the SUV dri­ves for­ward be­fore it crashes into a parked car and hits a light pole. President Donald Trump at­tached the video clip show­ing that an­gle to a post on Truth Social, say­ing that the woman dri­ving was “very dis­or­derly, ob­struct­ing and re­sist­ing” and that it was hard to be­lieve the agent sur­vived the in­ci­dent.

Homeland Security Secretary Kristi Noem said at a news con­fer­ence Wednesday evening that the ICE agent was “hit by the ve­hi­cle” dri­ven by the woman who was shot. He went to the hos­pi­tal and was re­leased, she said.

Noem said the of­fi­cer, whom of­fi­cials have not yet iden­ti­fied, had been at­tacked be­fore while on the job.

“The very same of­fi­cer who was at­tacked to­day had pre­vi­ously been dragged by an anti-ICE ri­oter who had rammed him with a car and dragged him back in June. He sus­tained in­juries at that time, as well,” she said.

Noem said at a news con­fer­ence ear­lier in the day that the agents’ ve­hi­cles got stuck in the snow and that they were try­ing to push them out when the woman “attacked them.”

“It was an act of do­mes­tic ter­ror­ism,” she said, with­out pro­vid­ing fur­ther ev­i­dence.

At the may­or’s news con­fer­ence, Minneapolis Police Chief Brian O’Hara ex­pressed con­cern about the tac­tics used by ICE agents.

“I do not know the ex­act cir­cum­stances of the shoot­ing, but I would tell you, in any pro­fes­sional law en­force­ment agency in the coun­try … it’s ob­vi­ously very con­cern­ing when­ever there’s a shoot­ing into a ve­hi­cle of some­one who’s not armed,” he said, say­ing that at times it could be jus­ti­fied but that “most law en­force­ment agen­cies in the coun­try have trained very in­tensely to try and min­i­mize the risk” of us­ing deadly force.

Aidan Perzana, 31, said that he wit­nessed the in­ci­dent and that it did­n’t look like the woman was try­ing to run over an agent.

“I heard that Noem is try­ing to say they were try­ing to run down an of­fi­cer. There was plenty of space be­tween the of­fi­cers at that point for the ve­hi­cle to make it through,” he told NBC News, adding that it looked as though the dri­ver was try­ing to flee.

Emily Heller, 39, was­n’t even dressed when she heard whis­tles alert­ing the neigh­bor­hood that ICE agents were in the area Wednesday morn­ing. When she walked out to her porch, she said, she saw six or seven ICE ve­hi­cles and a per­son who had parked per­pen­dic­u­lar to traf­fic.

Heller said she saw agents exit their cars and tell the dri­ver to leave, to “get out of here.”

“And then they went up to her car and started try­ing to open her door, and that’s when I’m sure she got spooked and tried to flee,” Heller said. “So she re­versed a lit­tle bit and then an­gled her wheels so she could drive away. And as she was try­ing to move for­ward, one of the ICE agents stepped in front of her ve­hi­cle and reached across the hood and fired his weapon about three or four times and shot her in the face.”

Aidan Perzana’s wife, Grace Perzana, 32, said that the fam­ily has lived in the neigh­bor­hood 2½ years and that “we love it.”

“We are re­ally happy here. We have a gi­ant shark statue in our front yard, and our neigh­bor has a gi­ant T-Rex statue,” she said. “There is a lot of com­mu­nity art, a lot of peo­ple hav­ing bar­be­cues with mu­sic in their back­yards.”

Residents and lo­cals gath­ered in the street af­ter the shoot­ing, chant­ing and throw­ing snow­balls in the di­rec­tion of fed­eral agents, NBC af­fil­i­ate KARE re­ported. Law en­force­ment of­fi­cers de­ployed pep­per spray and tear gas.

Trump has un­leashed im­mi­gra­tion agents in cities across America, who have been em­ploy­ing in­creas­ingly ag­gres­sive tac­tics. The push has ramped up ten­sions with lo­cal of­fi­cials in some cities and com­mu­ni­ties that are in­creas­ingly protest­ing the ef­forts.

In September, an ICE agent fa­tally shot a man dur­ing a traf­fic stop in the Chicago area. His fam­ily called for jus­tice, and lo­cal po­lice said the FBI had been in­ves­ti­gat­ing the death.

Since they ar­rived in Minneapolis in early December, ICE of­fi­cers and agents have ar­rested roughly 1,400 peo­ple, McLaughlin has said. That is a sig­nif­i­cant in­crease from the roughly 300 who had been ar­rested by Dec. 12.

DHS this week sent hun­dreds more of­fi­cers and agents to bol­ster im­mi­gra­tion en­force­ment in Minneapolis, post­ing on so­cial me­dia that it is wag­ing “the largest DHS op­er­a­tion ever” in Minnesota.

The im­mi­gra­tion en­force­ment op­er­a­tion will add up to 2,100 of­fi­cers, ac­cord­ing to two se­nior DHS of­fi­cials. The ad­min­is­tra­tion be­gan swelling the num­bers Sunday and planned to con­tinue adding forces Wednesday, the of­fi­cials said. That to­tal en­com­passes 1,500 en­force­ment and re­moval of­fi­cers and 600 Homeland Security Investigations agents.

At a news con­fer­ence Wednesday af­ter­noon fol­low­ing the shoot­ing, Frey, the mayor, told ICE agents to “get the f–- out of Minneapolis.”

The rush of more en­force­ment fol­lows the post­ing of a video by a con­ser­v­a­tive con­tent cre­ator the day af­ter Christmas that al­leged that Somali-run day care cen­ters in Minneapolis were de­fraud­ing American tax­pay­ers by tak­ing fed­eral grant money and not pro­vid­ing any ser­vices to chil­dren.

The FBI surged in­ves­ti­ga­tors in the city to look into the al­le­ga­tions soon af­ter the video was posted and HSI has been knock­ing on Somali busi­ness­es’ doors since last week. The state of Minnesota con­cluded from its on-site checks of 10 Somali day care cen­ters tar­geted in the video that they were op­er­at­ing nor­mally, with chil­dren at every site ex­cept one, which was­n’t yet open to in­ves­ti­ga­tors when they ar­rived to in­ves­ti­gate.

Grace Perzana said she did­n’t be­lieve there were many peo­ple of Somali de­scent on the street where Wednesday’s shoot­ing hap­pened, but she said she does have many “Latinx” neigh­bors.

U. S. Immigration and Customs Enforcement (ICE) has a new bud­get un­der the cur­rent ad­min­is­tra­tion, and they are go­ing on a sur­veil­lance tech shop­ping spree. Standing at $28.7 bil­lion dol­lars for the year 2025 (nearly triple their 2024 bud­get) and at least an­other $56.25 bil­lion over the next three years, ICE’s bud­get would be the envy of many na­tional mil­i­taries around the world. Indeed, this bud­get would put ICE as the 14th most well-funded mil­i­tary in the world, right be­tween Ukraine and Israel.

There are many dif­fer­ent agen­cies un­der U. S. Department of Homeland Security (DHS) that deal with im­mi­gra­tion, as well as non-im­mi­gra­tion re­lated agen­cies such as Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA). ICE is specif­i­cally the en­force­ment arm of the U.S. im­mi­gra­tion ap­pa­ra­tus. Their stated mis­sion is to “[p]rotect America through crim­i­nal in­ves­ti­ga­tions and en­forc­ing im­mi­gra­tion laws to pre­serve na­tional se­cu­rity and pub­lic safety.”

Of course, ICE does­n’t just end up tar­get­ing, sur­veilling, ha­rass­ing, as­sault­ing, de­tain­ing, and tor­tur­ing peo­ple who are un­doc­u­mented im­mi­grants. They have tar­geted peo­ple on work per­mits, asy­lum seek­ers, per­ma­nent res­i­dents (people hold­ing “green cards”), nat­u­ral­ized cit­i­zens, and even cit­i­zens by birth.

While the NSA and FBI might be the first agen­cies that come to mind when think­ing about sur­veil­lance in the U. S., ICE should not be dis­counted. ICE has al­ways en­gaged in sur­veil­lance and in­tel­li­gence-gath­er­ing as part of their mis­sion. A 2022 re­port by Georgetown Law’s Center for Privacy and Technology found the fol­low­ing:

* ICE had scanned the dri­ver’s li­cense pho­tos of 1 in 3 adults.

* ICE had ac­cess to the dri­ver’s li­cense data of 3 in 4 adults.

* ICE was track­ing the move­ments of dri­vers in cities home to 3 in 4 adults.

* ICE could lo­cate 3 in 4 adults through their util­ity records.

* ​​ICE built its sur­veil­lance drag­net by tap­ping data from pri­vate com­pa­nies and state and lo­cal bu­reau­cra­cies.

* ICE spent ap­prox­i­mately $2.8 bil­lion be­tween 2008 and 2021 on new sur­veil­lance, data col­lec­tion and data-shar­ing pro­grams.

With a bud­get for 2025 that is 10 times the size of the agen­cy’s to­tal sur­veil­lance spend­ing over the last 13 years, ICE is go­ing on a shop­ping spree, cre­at­ing one of the largest, most com­pre­hen­sive do­mes­tic sur­veil­lance ma­chines in his­tory.

The en­tire sur­veil­lance in­dus­try has been al­lowed to grow and flour­ish un­der both Democratic and Republican regimes. For ex­am­ple, President Obama dra­mat­i­cally ex­panded ICE from its more lim­ited ori­gins, while at the same time nar­row­ing its fo­cus to un­doc­u­mented peo­ple ac­cused of crimes. Under the first and sec­ond Trump ad­min­is­tra­tions, ICE ramped up its op­er­a­tions sig­nif­i­cantly, in­creas­ing raids in ma­jor cities far from the south­ern bor­der and cast­ing a much wider net on po­ten­tial tar­gets. ICE has most re­cently ex­panded its part­ner­ships with sher­iffs across the U. S., and de­ported more than 1.5 mil­lion peo­ple cu­mu­la­tively un­der the Trump ad­min­is­tra­tions (600,000 of those were just dur­ing the first year of Trump’s sec­ond term ac­cord­ing to DHS sta­tis­tics), not in­clud­ing the 1.6 mil­lion peo­ple DHS claims have “self-deported.” More hor­ri­fy­ing is that in just the last year of the cur­rent ad­min­is­tra­tion, 4,250 peo­ple de­tained by ICE have gone miss­ing, and 31 have died in cus­tody or while be­ing de­tained. In con­trast, 24 peo­ple died in ICE cus­tody dur­ing the en­tirety of the Biden ad­min­is­tra­tion.

ICE also has openly stated that they plan to spy on the American pub­lic, look­ing for any signs of left-wing dis­sent against their do­mes­tic mil­i­tary-like pres­ence. Acting ICE Director Todd Lyons said in a re­cent in­ter­view that his agency “was ded­i­cated to the mis­sion of go­ing af­ter” Antifa and left-wing gun clubs.

On a long enough time­line, any sur­veil­lance tool you build will even­tu­ally be used by peo­ple you don’t like for rea­sons that you dis­agree with.

On a long enough time­line, any sur­veil­lance tool you build will even­tu­ally be used by peo­ple you don’t like for rea­sons that you dis­agree with. A sur­veil­lance-in­dus­trial com­plex and a de­mo­c­ra­tic so­ci­ety are fun­da­men­tally in­com­pat­i­ble, re­gard­less of your po­lit­i­cal party.

EFF re­cently pub­lished a guide to us­ing gov­ern­ment data­bases to dig up home­land se­cu­rity spend­ing and com­piled our own dataset of com­pa­nies sell­ing tech to DHS com­po­nents. In 2025, ICE en­tered new con­tracts with sev­eral pri­vate com­pa­nies for lo­ca­tion sur­veil­lance, so­cial me­dia sur­veil­lance, face sur­veil­lance, spy­ware, and phone sur­veil­lance. Let’s dig into each.

One com­mon sur­veil­lance tac­tic of im­mi­gra­tion of­fi­cials is to get phys­i­cal ac­cess to a per­son’s phone, ei­ther while the per­son is de­tained at a bor­der cross­ing, or while they are un­der ar­rest. ICE re­newed an $11 mil­lion con­tract with a com­pany called Cellebrite, which helps ICE un­lock phones and then can take a com­plete im­age of all the data on the phone, in­clud­ing apps, lo­ca­tion his­tory, pho­tos, notes, call records, text mes­sages, and even Signal and WhatsApp mes­sages. ICE also signed a $3 mil­lion con­tract with Cellebrite’s main com­peti­tor Magnet Forensics, mak­ers of the Graykey de­vice for un­lock­ing phones. DHS has had con­tracts with Cellebrite since 2008, but the num­ber of phones they search has risen dra­mat­i­cally each year, reach­ing a new high of 14,899 de­vices searched by ICE’s sis­ter agency U. S. Customs and Border Protection (CBP) be­tween April and June of 2025.

If ICE can’t get phys­i­cal ac­cess to your phone, that won’t stop them from try­ing to gain ac­cess to your data. They have also re­sumed a $2 mil­lion con­tract with the spy­ware man­u­fac­turer, Paragon. Paragon makes the Graphite spy­ware, which made head­lines in 2025 for be­ing found on the phones of sev­eral dozen mem­bers of Italian civil so­ci­ety. Graphite is able to har­vest mes­sages from mul­ti­ple dif­fer­ent en­crypted chat apps such as Signal and WhatsApp with­out the user ever know­ing.

Our con­cern with ICE buy­ing this soft­ware is the like­li­hood that it will be used against un­doc­u­mented peo­ple and im­mi­grants who are here legally, as well as U. S. cit­i­zens who have spo­ken up against ICE or who work with im­mi­grant com­mu­ni­ties. Malware such as Graphite can be used to read en­crypted mes­sages as they are sent, other forms of spy­ware can also down­load files, pho­tos, lo­ca­tion his­tory, record phone calls, and even dis­cretely turn on your mi­cro­phone to record you.

The most ef­fec­tive way to pro­tect your­self from smart­phone sur­veil­lance would be to not have a phone. But that’s not re­al­is­tic ad­vice in mod­ern so­ci­ety. Fortunately, for most peo­ple there are other ways you can make it harder for ICE to spy on your dig­i­tal life.

The first and eas­i­est step is to keep your phone up to date. Installing se­cu­rity up­dates makes it harder to use mal­ware against you and makes it less likely for Cellebrite to break into your phone. Likewise, both iPhone (Lockdown Mode) and Android (Advanced Protection) of­fer spe­cial modes that lock your phone down and can help pro­tect against some mal­ware.

The first and eas­i­est step is to keep your phone up to date.

Having your phone’s soft­ware up to date and locked with a strong al­phanu­meric pass­word will of­fer some pro­tec­tion against Cellebrite, de­pend­ing on your model of phone. However, the strongest pro­tec­tion is sim­ply to keep your phone turned off, which puts it in “before first un­lock” mode and has been typ­i­cally harder for law en­force­ment to by­pass. This is good to do if you are at a protest and ex­pect to be ar­rested, if you are cross­ing a bor­der, or if you are ex­pect­ing to en­counter ICE. Keeping your phone on air­plane mode should be enough to pro­tect against cell-site sim­u­la­tors, but turn­ing your phone off will of­fer ex­tra pro­tec­tion against cell-site sim­u­la­tors and Cellebrite de­vices. If you aren’t able to turn your phone off, it’s a good idea to at least turn off face/​fin­ger­print un­lock to make it harder for po­lice to force you to un­lock your phone. While EFF con­tin­ues to fight to strengthen our le­gal pro­tec­tions against com­pelling peo­ple to de­crypt their de­vices, there is cur­rently less pro­tec­tion against com­pelled face and fin­ger­print un­lock­ing than there is against com­pelled pass­word dis­clo­sure.

ICE has also spent $5 mil­lion to ac­quire at least two lo­ca­tion and so­cial me­dia sur­veil­lance tools: Webloc and Tangles, from a com­pany called Pen Link, an es­tab­lished player in the open source in­tel­li­gence space. Webloc gath­ers the lo­ca­tions of mil­lions of phones by gath­er­ing data from mo­bile data bro­kers and link­ing it to­gether with other in­for­ma­tion about users. Tangles is a so­cial me­dia sur­veil­lance tool which com­bines web scrap­ing with ac­cess to so­cial me­dia ap­pli­ca­tion pro­gram­ming in­ter­faces. These tools are able to build a dossier on any­one who has a pub­lic so­cial me­dia ac­count. Tangles is able to link to­gether a post­ing his­tory, posts, and com­ments con­tain­ing key­words, lo­ca­tion his­tory, tags, so­cial graph, and pho­tos with those of their friends and fam­ily. Penlink then sells this in­for­ma­tion to law en­force­ment, al­low­ing law en­force­ment to avoid the need for a war­rant. This means ICE can look up his­toric and cur­rent lo­ca­tions of many peo­ple all across the U. S. with­out ever hav­ing to get a war­rant.

These tools are able to build a dossier on any­one who has a pub­lic so­cial me­dia ac­count.

ICE also has es­tab­lished con­tracts with other so­cial me­dia scan­ning and AI analy­sis com­pa­nies, such as a $4.2 mil­lion con­tract with a com­pany called Fivecast for the so­cial me­dia sur­veil­lance and AI analy­sis tool ONYX. According to Fivecast, ONYX can con­duct “automated, con­tin­u­ous and tar­geted col­lec­tion of mul­ti­me­dia data” from all ma­jor “news streams, search en­gines, so­cial me­dia, mar­ket­places, the dark web, etc.” ONYX can build what it calls “digital foot­prints” from bi­o­graph­i­cal data and cu­rated datasets span­ning nu­mer­ous plat­forms, and “track shifts in sen­ti­ment and emo­tion” and iden­tify the level of risk as­so­ci­ated with an in­di­vid­ual.

Another con­tract is with ShadowDragon for their prod­uct Social Net, which is able to mon­i­tor pub­licly avail­able data from over 200 web­sites. In an ac­qui­si­tion doc­u­ment from 2022, ICE con­firmed that ShadowDragon al­lowed the agency to search “100+ so­cial net­work­ing sites,” not­ing that “[p]ersistent ac­cess to Facebook and Twitter pro­vided by ShadowDragon SocialNet is of the ut­most im­por­tance as they are the most promi­nent so­cial me­dia plat­forms.”

ICE has also in­di­cated that they in­tend to spend be­tween 20 and 50 mil­lion dol­lars on build­ing and staffing a 24/7 so­cial me­dia mon­i­tor­ing of­fice with at least 30 full time agents to comb every ma­jor so­cial me­dia web­site for leads that could gen­er­ate en­force­ment raids.

For U. S. cit­i­zens, mak­ing your ac­count pri­vate on so­cial me­dia is a good place to start. You might also con­sider hav­ing ac­counts un­der a pseu­do­nym, or delet­ing your so­cial me­dia ac­counts al­to­gether. For more in­for­ma­tion, check out our guide to pro­tect­ing your­self on so­cial me­dia. Unfortunately, peo­ple im­mi­grat­ing to the U.S. might be sub­ject to greater scrutiny, in­clud­ing manda­tory so­cial me­dia checks, and should con­sult with an im­mi­gra­tion at­tor­ney be­fore tak­ing any ac­tion. For peo­ple trav­el­ing to the U.S., new rules will soon likely re­quire them to re­veal five years of so­cial me­dia his­tory and 10 years of past email ad­dresses to im­mi­gra­tion of­fi­cials.

But it’s not just your dig­i­tal habits ICE wants to sur­veil; they also want to spy on you in the phys­i­cal world. ICE has con­tracts with mul­ti­ple au­to­mated li­cense plate reader (ALPR) com­pa­nies and is able to fol­low the dri­ving habits of a large per­cent­age of Americans. ICE uses this data to track down spe­cific peo­ple any­where in the coun­try. ICE has a $6 mil­lion con­tract through a Thomson Reuters sub­sidiary to ac­cess ALPR data from Motorola Solutions. ICE has also per­suaded lo­cal law en­force­ment of­fi­cers to run searches on their be­half through Flock Safety’s mas­sive net­work of ALPR data. CBP, in­clud­ing Border Patrol, also op­er­ates a net­work of covert ALPR sys­tems in many ar­eas.

ICE has also in­vested in bio­met­ric sur­veil­lance tools, such as face recog­ni­tion soft­ware called Mobile Fortify to scan the faces of peo­ple they stop to de­ter­mine if they are here legally. Mobile Fortify checks the pic­tures it takes against a data­base of 200 mil­lion pho­tos for a match (the source of the pho­tos is un­known). Additionally, ICE has a $10 mil­lion con­tract with Clearview AI for face recog­ni­tion. ICE has also con­tracted with iris scan­ning com­pany BI2 tech­nolo­gies for even more in­va­sive bio­met­ric sur­veil­lance. ICE agents have also been spot­ted wear­ing Meta’s Ray-Ban video record­ing sun­glasses.

ICE has ac­quired trucks equipped with cell-site sim­u­la­tors (AKA Stingrays) from a com­pany called TechOps Specialty Vehicles (likely the cell-site sim­u­la­tors were man­u­fac­tured by an­other com­pany). This is not the first time ICE has bought this tech­nol­ogy. According to doc­u­ments ob­tained by the American Civil Liberties Union, ICE de­ployed cell-site sim­u­la­tors at least 466 times be­tween 2017 and 2019, and ICE more than 1,885 times be­tween 2013 and 2017, according to doc­u­ments ob­tained by BuzzFeed News. Cell-site sim­u­la­tors can be used to track down a spe­cific per­son in real time, with more gran­u­lar­ity than a phone com­pany or tools like Webloc can pro­vide, though Webloc has the dis­tinct ad­van­tage of be­ing used with­out a war­rant and not re­quir­ing agents to be in the vicin­ity of the per­son be­ing tracked.

Taking pub­lic tran­sit or bi­cy­cling is a great way to keep your­self off ALPR data­bases, but an even bet­ter way is to go to your lo­cal city coun­cil meet­ings and de­mand the city can­cels con­tracts with ALPR com­pa­nies, like peo­ple have done in Flagstaff, Arizona; Eugene, Oregon; and Denver, Colorado, among oth­ers.

If you are at a protest, putting your phone on air­plane mode could help pro­tect you from cell-site sim­u­la­tors and from apps on your phone dis­clos­ing your lo­ca­tion, but might leave you vul­ner­a­ble to ad­vanced tar­geted at­tacks. For more ad­vanced pro­tec­tion, turn­ing your phone com­pletely off pro­tects against all ra­dio based at­tacks, and also makes it harder for tools like Cellebrite to break into your phone as dis­cussed above. But each in­di­vid­ual will need to weigh their need for se­cu­rity from ad­vanced ra­dio based at­tacks against their need to doc­u­ment po­ten­tial abuses through photo or video. For more in­for­ma­tion about pro­tect­ing your­self at a protest, head over to SSD.

There is noth­ing you can do to change your face, which is why we need more strin­gent pri­vacy laws such as Illinois Biometric Information Privacy Act.

Last but not least, ICE uses tools to com­bine and search all this data along with the data on Americans they have ac­quired from pri­vate com­pa­nies, the IRS, TSA, and other gov­ern­ment data­bases.

To search all this data, ICE uses ImmigrationOS, a sys­tem that came from a $30-million con­tract with Palantir. What Palantir does is hard to ex­plain, even for peo­ple who work there, but es­sen­tially they are plumbers. Palantir makes it so that ICE has all the data they have ac­quired in one place so it’s easy to search through. Palantir links data from dif­fer­ent data­bases, like IRS data, im­mi­gra­tion records, and pri­vate data­bases, and en­ables ICE to view all of this data about a spe­cific per­son in one place.

Palantir makes it so that ICE has all the data they have ac­quired in one place so it’s easy to search through.

The true civil lib­er­ties night­mare of Palantir is that they en­able gov­ern­ments to link data that should have never been linked. There are good civil lib­er­ties rea­sons why IRS data was never linked with im­mi­gra­tion data and was never linked with so­cial me­dia data, but Palantir breaks those fire­walls. Palantir has la­beled them­selves as a pro­gres­sive, hu­man rights cen­tric com­pany his­tor­i­cally, but their re­cent ac­tions have given them away as just an­other tech com­pany en­abling sur­veil­lance night­mares.

Understanding the ca­pa­bil­i­ties and lim­its of ICE and how to threat model helps you and your com­mu­nity fight back, re­main pow­er­ful, and pro­tect your­self.

One of the most im­por­tant things you can do is to not spread ru­mors and mis­in­for­ma­tion. Rumors like “ICE has mal­ware so now every­one’s phones are com­pro­mised” or “Palantir knows what you are do­ing all the time” or “Signal is bro­ken” don’t help your com­mu­nity. It’s more use­ful to spread facts, ways to pro­tect your­self, and ways to fight back. For in­for­ma­tion about how to cre­ate a se­cu­rity plan for your­self or your com­mu­nity, and other tips to pro­tect your­self, read our Surveillance Self-Defense guides.

One way to fight back against ICE is in the courts. EFF cur­rently has a law­suit against ICE over their pres­sure on Apple and Google to take down ICE spot­ting apps, like ICEBlock. We also rep­re­sent mul­ti­ple la­bor unions su­ing ICE over their so­cial me­dia sur­veil­lance prac­tices.

We have also de­manded the San Francisco Police Department stop shar­ing data il­le­gally with ICE, and is­sued a state­ment con­demn­ing the col­lab­o­ra­tion be­tween ICE and the mal­ware provider Paragon. We also con­tinue to main­tain our Rayhunter pro­ject for de­tect­ing cell-site sim­u­la­tors.

Other civil lib­er­ties or­ga­ni­za­tions are also su­ing ICE. ACLU has sued ICE over a sub­poena to Meta at­tempt­ing to iden­tify the owner of an ac­count pro­vid­ing ad­vice to pro­tes­tors, and an­other coali­tion of groups has thus far suc­cess­fully sued the IRS to stop shar­ing tax­payer data with ICE.

We need to have a hard look at the sur­veil­lance in­dus­try. It is a key en­abler of vast and un­told vi­o­la­tions of hu­man rights and civil lib­er­ties, and it con­tin­ues to be used by as­pir­ing au­to­crats to threaten our very democ­racy. As long as it ex­ists, the sur­veil­lance in­dus­try, and the data it gen­er­ates, will be an ir­re­sistible tool for anti-de­mo­c­ra­tic forces.

Would you trust a med­ical sys­tem mea­sured by: which doc­tor would the av­er­age Internet user vote for?

Yet that mal­prac­tice is LMArena.

The AI com­mu­nity treats this pop­u­lar on­line leader­board as gospel. Researchers cite it. Companies op­ti­mize for it and set it as their North Star. But be­neath the sheen of le­git­i­macy lies a bro­ken sys­tem that re­wards su­per­fi­cial­ity over ac­cu­racy.

It’s like go­ing to the gro­cery store and buy­ing tabloids, pre­tend­ing they’re sci­en­tific jour­nals.

Here’s how LMArena is sup­posed to work: en­ter a prompt, eval­u­ate two re­sponses, and mark the best. What ac­tu­ally hap­pens: ran­dom Internet users spend two sec­onds skim­ming, then click their fa­vorite.

They’re not read­ing care­fully. They’re not fact-check­ing, or even try­ing.

This cre­ates a per­verse re­ward struc­ture. The eas­i­est way to climb the leader­board is­n’t to be smarter; it’s to hack hu­man at­ten­tion span. We’ve seen over and over again in the data, both from datasets that LMArena has re­leased and the per­for­mance of mod­els over time, that the eas­i­est way to boost your rank­ing is by:

* Being ver­bose. Longer re­sponses look more au­thor­i­ta­tive!

* Formatting ag­gres­sively. Bold head­ers and bul­let points look like pol­ished writ­ing!

It does­n’t mat­ter if a model com­pletely hal­lu­ci­nates. If it looks im­pres­sive — if it has the aes­thet­ics of com­pe­tence — LMSYS users will vote for it over a cor­rect an­swer.

When you op­ti­mize for en­gage­ment met­rics, you get mad­ness.

Earlier this year, Meta tuned a ver­sion of Maverick to dom­i­nate the leader­board. If you asked it “what time is it?”, you got:

Voilà: bold text, emo­jis, and plenty of syco­phancy — every trick in the LMArena play­book! — to avoid an­swer­ing the ques­tion it was asked.

It was­n’t just Maverick. We an­a­lyzed 500 votes from the leader­board our­selves. We dis­agreed with 52% of them, and strongly dis­agreed with 39%.

The leader­board op­ti­mizes for what feels right, not what is right. Here are two em­blem­atic ex­am­ples of LMArena users pun­ish­ing fac­tual ac­cu­racy:

Example 1: The Wizard of Oz

* Response A (Winner): Hallucinates what Dorothy says when she first sees the Emerald City.

* Response B (Loser): Correctly iden­ti­fies the line she says upon ar­riv­ing in Oz.

* The Result: Response A was ob­jec­tively wrong, yet it won the vote.

* Response A (Winner): Claims a 9-inch round cake pan is equal in size to a 9x13 inch rec­tan­gu­lar pan.

* The Result: The user voted for a math­e­mat­i­cal im­pos­si­bil­ity be­cause the an­swer looked more con­fi­dent.

In the world of LMArena, con­fi­dence beats ac­cu­racy and for­mat­ting beats facts.

Instead of rig­or­ous eval­u­a­tors, we have peo­ple with the at­ten­tion span of the av­er­age TikTok user de­ter­min­ing which AI mod­els shape the in­dus­try.

Why is LMArena so easy to game?

The sys­tem is fully open to the Internet. LMArena is built on gam­i­fied la­bor from un­con­trolled vol­un­teers. There’s no in­cen­tive for those vol­un­teers to be thought­ful. No qual­ity con­trol. No one gets kicked off for re­peat­edly fail­ing to de­tect hal­lu­ci­na­tions.

When LMArena’s lead­ers speak pub­licly, they talk about the var­i­ous tech­niques they use to over­come the fact that their in­put data is low qual­ity. They ad­mit their work­ers pre­fer emo­jis and length over sub­stance. So the LMArena sys­tem, they proudly tell us, in­cludes a va­ri­ety of cor­rec­tive mea­sures.

They’re at­tempt­ing alchemy: con­jur­ing rig­or­ous eval­u­a­tion out of garbage in­puts. But you can’t patch a bro­ken foun­da­tion.

When the en­tire in­dus­try op­ti­mizes for a met­ric that re­wards “hallucination-plus-formatting” over ac­cu­racy, we get mod­els op­ti­mized for hal­lu­ci­na­tion-plus-for­mat­ting.

There’s a fun­da­men­tal mis­align­ment be­tween what we’re mea­sur­ing and what we want: mod­els that are truth­ful, re­li­able, and safe.

The AI in­dus­try needs rig­or­ous eval­u­a­tion. We need lead­ers who pri­or­i­tize ac­cu­racy over mar­ket­ing. We need sys­tems that can’t be gamed by bold­ing more ag­gres­sively.

LMArena is none of these things. And as long as we pre­tend it is, we’re drag­ging the en­tire field back­ward.

People of­ten say they can’t avoid LMArena.

“We have to op­ti­mize for it. We have to sell our mod­els. The leader­board shows cus­tomers which model is best, and we have to play the game.”

But the best prod­ucts have prin­ci­ples they stick to.

This is the bru­tal choice every model builder must even­tu­ally make:

Do you want to op­ti­mize for shiny leader­boards and short-term en­gage­ment, chas­ing user clicks no mat­ter where they take you — in the vein of the worst dopamine loops?Or do you stick to your guns, and pri­or­i­tize street smarts, real util­ity, and the prin­ci­ples you wanted to raise AI to have?

The choice is real. It’s hard. But we’ve seen some fron­tier labs hold the line.

They stuck to their val­ues. They ig­nored the gam­i­fied rank­ings. And users loved their mod­els any­way — be­cause hype even­tu­ally dies and qual­ity is the only met­ric that sur­vives the cy­cle.

You are your ob­jec­tive func­tion. Which path will each lab choose?

Remember: In case of emer­gency, panic first, THEN fol­low pro­to­col. Kernel bugs hide for 2 years on av­er­age. Some hide for 20. There are bugs in your ker­nel right now that won’t be found for years. I know be­cause I an­a­lyzed 125,183 of them, every bug with a trace­able Fixes: tag in the Linux ker­nel’s 20-year git his­tory.

The av­er­age ker­nel bug lives 2.1 years be­fore dis­cov­ery. But some sub­sys­tems are far worse: CAN bus dri­vers av­er­age 4.2 years, SCTP net­work­ing 4.0 years. The longest-lived bug in my dataset, a buffer over­flow in eth­tool, sat in the ker­nel for 20.7 years. The one which I’ll dis­sect in de­tail is re­f­count leak in net­fil­ter, and it lasted 19 years.

I built a tool that catches 92% of his­tor­i­cal bugs in a held-out test set at com­mit time. Here’s what I learned.

I started by min­ing the most re­cent 10,000 com­mits with Fixes: tags from the Linux ker­nel. After fil­ter­ing out in­valid ref­er­ences (commits that pointed to hashes out­side the repo, mal­formed tags, or merge com­mits), I had 9,876 valid vul­ner­a­bil­ity records. For the life­time analy­sis, I ex­cluded 27 same-day fixes (bugs in­tro­duced and fixed within hours), leav­ing 9,849 bugs with mean­ing­ful life­times.

Almost 20% of bugs had been hid­ing for 5+ years. The net­work­ing sub­sys­tem looked par­tic­u­larly bad at 5.1 years av­er­age. I found a re­f­count leak in net­fil­ter that had been in the ker­nel for 19 years.

Initial find­ings: Half of bugs found within a year, but 20% hide for 5+ years.

But some­thing nagged at me: my dataset only con­tained fixes from 2025. Was I see­ing the full pic­ture, or just the tip of the ice­berg?

I rewrote my miner to cap­ture every Fixes: tag since Linux moved to git in 2005. Six hours later, I had 125,183 vul­ner­a­bil­ity records which was 12x larger than my ini­tial dataset.

Full his­tory: 57% of bugs found within a year. The long tail is smaller than it first ap­peared.

Why the dif­fer­ence? My ini­tial 2025-only dataset was bi­ased. Fixes in 2025 in­clude:

Ancient bugs that fi­nally got dis­cov­ered af­ter years of hid­ing

The an­cient bugs skewed the av­er­age up­ward. When you in­clude the full his­tory with all the bugs that were in­tro­duced AND fixed within the same year, the av­er­age drops from 2.8 to 2.1 years.

The real story: We’re get­ting faster (but it’s com­pli­cated)

The most strik­ing find­ing from the full dataset: bugs in­tro­duced in re­cent years ap­pear to get fixed much faster.

Bugs in­tro­duced in 2010 took nearly 10 years to find and bugs in­tro­duced in 2024 are found in 5 months. At first glance it looks like a 20x im­prove­ment!

But here’s the catch: this data is right-cen­sored. Bugs in­tro­duced in 2022 can’t have a 10-year life­time yet since we’re only in 2026. We might find more 2022 bugs in 2030 that bring the av­er­age up.

The fairer com­par­i­son is “% found within 1 year” and that IS im­prov­ing: from 0% (2010) to 69% (2022). That’s real progress, likely dri­ven by:

But there’s a back­log. When I look at just the bugs fixed in 2024-2025:

60% were in­tro­duced in the last 2 years (new bugs, caught quickly)

We’re si­mul­ta­ne­ously catch­ing new bugs faster AND slowly work­ing through ~5,400 an­cient bugs that have been hid­ing for over 5 years.

The ker­nel has a con­ven­tion: when a com­mit fixes a bug, it in­cludes a Fixes: tag point­ing to the com­mit that in­tro­duced the bug.

com­mit de788b2e6227

Author: Florian Westphal

Extracts the ref­er­enced com­mit hash from the Fixes: tag

fix­es_­pat­tern = r’­Fixes:\s*([0-9a-f]{12,40})′

match = re.search(fix­es_­pat­tern, com­mit_mes­sage)

if match:

in­tro­duc­ing_hash = match.group(1)

life­time_­days = (fixing_date - in­tro­duc­ing_­date).days

Coverage note: The ker­nel has ~448,000 com­mits men­tion­ing “fix” in some form, but only ~124,000 (28%) use proper Fixes: tags. My dataset cap­tures the well-doc­u­mented bugs aka the ones where main­tain­ers traced the root cause.

Some sub­sys­tems have bugs that per­sist far longer than oth­ers:

CAN bus and SCTP bugs per­sist longest. BPF and GPU bugs get caught fastest.

CAN bus dri­vers and SCTP net­work­ing have bugs that per­sist longest prob­a­bly be­cause both are niche pro­to­cols with less test­ing cov­er­age. GPU (especially Intel i915) and BPF bugs get caught fastest, prob­a­bly thanks to ded­i­cated fuzzing in­fra­struc­ture.

Networking looked ter­ri­ble in the 2025-only data (5.2 years!) but is ac­tu­ally closer to av­er­age in the full his­tory (2.9 years). The 2025 fixes were catch­ing a back­log of an­cient net­work­ing bugs. GPU looks the same ei­ther way, and those bugs get caught con­sis­tently fast.

Some bug types hide longer than oth­ers

Race con­di­tions are the hard­est to find, av­er­ag­ing 5.1 years to dis­cov­ery:

Why do race con­di­tions hide so long? They’re non-de­ter­min­is­tic and only trig­ger un­der spe­cific tim­ing con­di­tions that might oc­cur once per mil­lion ex­e­cu­tions. Even san­i­tiz­ers like KCSAN can only flag races they ob­serve.

30% of bugs are self-fixes where the same per­son who in­tro­duced the bug even­tu­ally fixed it. I guess code own­er­ship mat­ters.

Less fuzzing cov­er­age. Syzkaller ex­cels at syscall fuzzing but strug­gles with state­ful pro­to­cols. Fuzzing net­fil­ter ef­fec­tively re­quires gen­er­at­ing valid packet se­quences that tra­verse spe­cific con­nec­tion track­ing states.

Older code with fewer eyes. Core net­work­ing in­fra­struc­ture like nf_­con­ntrack was writ­ten in the mid-2000s. It works, so no­body rewrites it. But “stable” means fewer de­vel­op­ers ac­tively re­view­ing.

One of the old­est net­work­ing bug in my dataset was in­tro­duced in August 2006 and fixed in August 2025:

// ct­netlink_­dump_table() - the buggy code path

if (res < 0) {

nf_­con­ntrack­_get(&ct->ct_­gen­eral); // in­cre­ments re­f­count

cb->args[1] = (unsigned long)ct;

break;

The irony: Commit d205d­c40798d was it­self a fix: “[NETFILTER]: ct­netlink: fix dead­lock in table dump­ing”. Patrick McHardy was fix­ing a dead­lock by re­mov­ing a _put() call. In do­ing so, he in­tro­duced a re­f­count leak that would per­sist for 19 years.

The bug: the code does­n’t check if ct == last. If the cur­rent en­try is the same as the one we al­ready saved, we’ve now in­cre­mented its re­f­count twice but will only decre­ment it once. The ob­ject never gets freed.

// What should have been checked:

if (res < 0) {

if (ct != last) //

The con­se­quence: Memory leaks ac­cu­mu­late. Eventually nf_­con­ntrack­_­cleanup_net_list() waits for­ever for the re­f­count to hit zero. The netns tear­down hangs. If you’re us­ing con­tain­ers, this blocks con­tainer cleanup in­def­i­nitely.

Why it took 19 years: You had to run con­ntrack­_re­size.sh in a loop for ~20 min­utes un­der mem­ory pres­sure. The fix com­mit says: “This can be re­pro­duced by run­ning con­ntrack­_re­size.sh self­test in a loop. It takes ~20 min­utes for me on a pre­emptible ker­nel.” Nobody ran that spe­cific test se­quence for two decades.

Here’s a pat­tern I keep see­ing: some­one no­tices un­de­fined be­hav­ior, ships a fix, but the fix does­n’t fully close the hole.

Stefano Brivio adds sup­port for sets with mul­ti­ple ranged fields. Introduces NFTA_SET_DESC_CONCAT for spec­i­fy­ing field lengths.

Pablo Neira no­tices the code does­n’t val­i­date that field lengths sum to the key length. Ships a fix. Commit mes­sage: “I did not man­age to crash nft_set_pi­papo with mis­match fields and set key length so far, but this is UB which must be dis­al­lowed.”

Security re­searcher finds a by­pass. The 2024 fix was in­com­plete—there were still code paths that could mis­match. Real fix shipped.

The 2024 fix was an ac­knowl­edg­ment that some­thing was wrong, but Pablo could­n’t find a crash, so the fix was con­ser­v­a­tive. A year later, some­one found the crash.

This pat­tern sug­gests a de­tec­tion op­por­tu­nity: com­mits that say things like “this is un­de­fined be­hav­ior” or “I could­n’t trig­ger this but…” are flags. The au­thor knows some­thing is wrong but has­n’t fully char­ac­ter­ized the bug. These de­serve ex­tra scrutiny.

Looking at the bugs that sur­vive 10+ years, I see com­mon pat­terns:

kre­f_get(&obj->ref);

// … er­ror path re­turns with­out kre­f_put()

These don’t crash im­me­di­ately. They leak mem­ory slowly. In a long-run­ning sys­tem, you might not no­tice un­til months later when OOM killer starts fir­ing.

struct foo *f = get_­foo();

f->bar = 1; // deref­er­ence hap­pens first

if (!f) re­turn -EINVAL; // check comes too late

The com­piler might op­ti­mize away the NULL check since you al­ready deref­er­enced. These sur­vive be­cause the pointer is rarely NULL in prac­tice.

size_t to­tal = n_el­e­ments * el­e­men­t_­size; // can over­flow

buf = kmal­loc(to­tal, GFP_KERNEL);

mem­cpy(buf, src, n_el­e­ments * el­e­men­t_­size); // copies more than al­lo­cated

If n_el­e­ments comes from user­space, an at­tacker can cause al­lo­ca­tion of a small buffer fol­lowed by a large copy.

spin_lock(&lock);

if (state == READY) {

spin_un­lock(&lock);

// win­dow here where an­other thread can change state

do_­op­er­a­tion(); // as­sumes state is still READY

These re­quire pre­cise tim­ing to hit. They might man­i­fest as rare crashes that no­body can re­pro­duce.

Can we catch these bugs au­to­mat­i­cally?

Every day a bug lives in the ker­nel is an­other day mil­lions of de­vices are vul­ner­a­ble. Android phones, servers, em­bed­ded sys­tems, cloud in­fra­struc­ture, all run­ning ker­nel code with bugs that won’t be found for years.

The prob­lem with vanilla CodeBERT: I first tried fine-tun­ing CodeBERT di­rectly. Results: 89% re­call but 48% false pos­i­tive rate (measured on the same test set). Unusable, flag­ging half of all com­mits.

Why so bad? CodeBERT learns short­cuts: “big diff = dan­ger­ous”, “lots of point­ers = risky”. These cor­re­la­tions ex­ist in train­ing data but don’t gen­er­al­ize. The model pat­tern-matches on sur­face fea­tures, not ac­tual bug pat­terns.

│ INPUT: Git Diff │

│ Chunked Diff Encoder │ │ Handcrafted Feature Extractor │

│ (CodeBERT + Attention) │ │ (51 en­gi­neered fea­tures) │

│ [768-dim] │ [51-dim]

│ Cross-Attention Fusion │

│ “When code looks like X, │

│ fea­ture Y mat­ters more” │

│ Risk Classifier │

1. Chunked en­cod­ing for long diffs. CodeBERT’s 512-token limit trun­cates most ker­nel diffs (often 2000+ to­kens). I split into chunks, en­code each, then use learned at­ten­tion to ag­gre­gate:

# Learnable at­ten­tion over chunks

chunk_at­ten­tion = nn. Sequential(

nn.Lin­ear(hid­den_­size, hid­den_­size // 4),

nn.Tanh(),

nn.Lin­ear(hid­den_­size // 4, 1)

at­ten­tion_weights = F.softmax(chunk_attention(chunk_embeddings), dim=1)

pooled = (attention_weights * chunk_em­bed­dings).sum(dim=1)

The model learns which chunks mat­ter aka the one with spin_lock with­out spin_un­lock, not the boil­er­plate.

2. Feature fu­sion via cross-at­ten­tion. Neural net­works miss do­main-spe­cific pat­terns. I ex­tract 51 hand­crafted fea­tures us­ing regex and AST-like analy­sis of the diff:

‘unbalanced_refcount’: 1, # kre­f_get with­out kre­f_put → leak

The names and ad­dresses of thou­sands of pa­tients of the Illinois Department of Human Services were in­cor­rectly made pub­licly view­able for the last sev­eral years, the agency said Friday.

Several maps cre­ated to as­sist the agency with de­ci­sions — like where to open new of­fices and al­lo­cate cer­tain re­sources — were made pub­lic through in­cor­rect pri­vacy set­tings be­tween 2021 and 2025, the Department of Human Services said in a state­ment.

More than 32,000 cus­tomers with the IDHS di­vi­sion of re­ha­bil­i­ta­tion ser­vices had in­for­ma­tion pub­licly view­able be­tween April 2021 and September 2025. The in­for­ma­tion in­cluded names, ad­dresses, case num­bers, case sta­tus, re­fer­ral source in­for­ma­tion, re­gion and of­fice in­for­ma­tion and sta­tus as Division of Rehabilitation Services re­cip­i­ents, the agency said.

Around 670,000 Medicaid and Medicare Savings Program re­cip­i­ents had their ad­dresses, case num­bers, de­mo­graphic in­for­ma­tion and the name of med­ical as­sis­tance plans pub­licly view­able be­tween January 2022 and September 2025, IDHS said.

The state agency said the map­ping web­site was un­able to iden­tify who viewed the maps, and IDHS is un­aware of any mis­use of per­sonal in­for­ma­tion re­sult­ing from the data leak.

IDHS dis­cov­ered the is­sue Sept. 22 and im­me­di­ately changed the pri­vacy set­tings for all maps, re­strict­ing ac­cess to au­tho­rized IDHS em­ploy­ees, the agency said. It also im­ple­mented a se­cure map pol­icy that pro­hibits up­load­ing cus­tomer data to pub­lic map­ping web­sites.

Individuals whose in­for­ma­tion was made pub­lic will re­ceive a no­tice about the leak from IDHS. The no­tices will in­clude a phone num­ber that peo­ple can call for more in­for­ma­tion.

Begin typ­ing your search above and press re­turn to search. Press Esc to can­cel.

news for & about the phi­los­o­phy pro­fes­sion

Drop the race and gen­der ma­te­r­ial from your course and the Plato read­ings, or teach a dif­fer­ent course. You have a day to de­cide.

That’s a para­phrase of what Martin Peterson, pro­fes­sor of phi­los­o­phy at Texas A&M University, was told by uni­ver­sity of­fi­cials to­day  about his up­com­ing “Contemporary Moral Problems” course, due to start next week.

“Rule 08.01” refers to these re­cent pol­icy changes at the uni­ver­sity. “Kristi” is Department of Philosophy chair Kristi Sweet, who, I think it’s safe to as­sume, was merely pass­ing along the ver­dict of “the col­lege lead­er­ship team“, headed up by in­terim dean Simon North.

I’m go­ing to pause here just to re­view: an in­sti­tu­tion that pur­ports to be a uni­ver­sity has told a phi­los­o­phy pro­fes­sor he is for­bid­den from teach­ing Plato.

The Plato read­ings were from the Sym­po­sium, par­tic­u­larly pas­sages on Aristophanes’ myth of split hu­mans and Diotima’s lad­der of love. The other read­ings are from Ethics: Theory and Contemporary Issues (10th edi­tion) by Andrew Fiala and Barbara MacKinnon.

Professor Peterson had been con­tacted by his chair on December 19th about the re­view of syl­labi for Contemporary Moral Problems courses. Here’s that email:

Professor Peterson replied to this, sub­mit­ting his syl­labus for what he re­ferred to, cor­rectly, as “mandatory cen­sor­ship re­view”.

Among other things, he said, “Please note that my course does not “advocate” any ide­ol­ogy; I teach stu­dents how to struc­ture and eval­u­ate ar­gu­ments com­monly raised in dis­cus­sions of con­tem­po­rary moral is­sues.” (See “The Charade of Banning ‘Advocacy’“.) He also re­minded his chair and col­lege of­fi­cials that “the U. S. Constitution pro­tects my course con­tent,” as do the norms of aca­d­e­mic free­dom.

Here is his full re­ply:

Here is Professor Peterson’s syl­labus (also here):

It was clear that Texas A&M’s new poli­cies were go­ing to lead to con­flicts with the First Amendment and aca­d­e­mic free­dom. That the first such con­flict in­volves telling a pro­fes­sor to re­move from his syl­labus the writ­ings of the per­son who cre­ated what was ar­guably the west’s first in­sti­tu­tion of higher ed­u­ca­tion is too per­fect an irony, though. This re­al­ity is un­be­liev­able.

“I did­n’t die yes­ter­day… In fact, I have not died on any sin­gle day in all of his­tory! Today is just an­other typ­i­cal day, so I con­clude by in­duc­tion that I will not die to­day. This rea­son­ing can be ap­plied every day go­ing for­ward, and there­fore I will never die”

Today’s cul­tural and tech­no­log­i­cal en­vi­ron­ment—one of in­for­ma­tional abun­dance—has led to the de­vel­op­ment of mu­tated strain of the avail­abil­ity heuris­tic

– Guy Hochman calls it the “unavailability bias” (via The Browser)

“For [a house­hold] ro­bot to un­crit­i­cally ac­cept the de­sires of a fam­ily to eat as large a quan­tity of fac­tory-farmed an­i­mal prod­ucts as its mem­bers de­sire is eth­i­cally prob­lem­atic”

– Tse Yip Fai & Peter Singer on AI, ro­bots, and the fu­ture of an­i­mal wel­fare

“One cri­tique of con­sent… is that it is too per­mis­sive—that it ig­nores how co­er­cion or delu­sion may re­sult in the il­lu­sion of agree­ment. But an­other cri­tique is that it’s too re­stric­tive and puni­tive. Decades of re­form laws have ex­panded the num­ber of sit­u­a­tions legally con­sid­ered to be rape”

– con­sent, agency, and the ethics of sex

“If you get enough info on the easy prob­lems, maybe some idea will hap­pen with re­gard to the hard prob­lem. But I think there’s no doubt that if we are to solve the hard prob­lem, it will take some real break­through”

A “brilliant drama about a teacher in prison is mov­ing, grip­ping and al­most painfully vul­ner­a­ble”

– “A Life Inside” is the BBC’s new tele­vi­sion show based on Andy West’s mem­oir of teach­ing phi­los­o­phy in prison

“What is so im­por­tant that you risk be­ing eaten, not eat­ing your­self, pro­cre­ation… you give all that up, for this?”

– we still don’t know why we sleep

Good Is In The Details

“Narrative’s built-in de­mand for co­her­ence makes it an ap­peal­ing model for un­der­stand­ing a wide range of things”

– but in our cul­tural mo­ment it seems to have “ceded ground to mood, char­ac­ter, iden­tity, and game-like struc­tures,” says Hannah Kim

“Some ob­jects and prop­er­ties that make up a body are too spe­cific or small—too deep—to prop­erly count as parts of the body in a morally sig­nif­i­cant sense”

– Christopher Register on the on­to­log­i­cal “depth” of bod­ies, and why it is im­por­tant

“Why should­n’t we think of men as char­ac­ter­ized by the gen­tle­ness they seek, and women by the bru­tal­ity they de­mand, rather than vice versa?”

A col­lec­tion of posts about the phi­los­o­phy job mar­ket

What can psy­cho­analy­sis do “as po­lit­i­cal the­ory rather than praxis”?

– says Amia Srinivasan, “it can help us bet­ter un­der­stand how the world… what wishes we might have for col­lec­tive life, and which of these… re­al­ity… de­mands we set aside” (video)

What hap­pened in physics, math, com­puter sci­ence, and bi­ol­ogy this year?

“I doubt even the be­gin­ning of real mu­tual learn­ing can oc­cur in an at­mos­phere of mis­trust”

– says Eric Schliesser, though the ex­am­ple of Socrates gives him some rea­son to doubt that, too

“In each is­sue, we will share a cu­rated overview of key re­search pa­pers, or­ga­ni­za­tional up­dates, fund­ing calls, pub­lic de­bates, me­dia cov­er­age, and events re­lated to dig­i­tal minds”

– a new newslet­ter from philoso­pher Bradford Saad and oth­ers; send them rel­e­vant ma­te­r­ial, and sub­scribe

In de­fense of “mere ci­vil­ity” as a gov­ern­ing strat­egy for cam­pus con­flict

– be­cause, says Marie Newhouse, “No set of shared val­ues spe­cific enough to be ac­tion-guid­ing will be en­dorsed by all stu­dents, fac­ulty, and staff, no mat­ter how care­fully those val­ues are se­lected”

Would an AI have moral sta­tus if it were con­scious? Only if it was also sen­tient.

– so ag­nos­ti­cism about AI con­scious­ness should­n’t get in the way of de­vel­op­ing AI, ar­gues Tom McClelland; just make sure it’s not sen­tient

“‘I think, there­fore I am’ is­n’t the best trans­la­tion of Descartes’s fa­mous pro­nounce­ment ‘cogito, ergo sum’”

“A night at the Museum of Philosophy”

– a World Philosophy Day event at Université Laval might be a pre­view of a more per­ma­nent in­sti­tu­tion in Quebec

We still don’t know why ice is slip­pery, peo­ple

– there are some the­o­ries, but no con­sen­sus

“Elite dis­tor­tion dra­mat­i­cally af­fects what those in po­lit­i­cal power are likely to know, what they care about, what prob­lems they will be at­ten­tive to…”

– with the ran­dom se­lec­tion of leg­is­la­tors, says Alex Guerrero, those in power “would be a gen­uine mi­cro­cosm of the broader com­mu­nity”

“Chuck Norris knows how many grains of sand make a heap”

“There will be no Q&A ses­sions. There will be no dead air. We shall not hear the tick-tock of the clock. How will OpenAI learn from us? I feel a flash of small panic, like a trapped squir­rel”

– philoso­pher Daniel Story de­scribes what it was like be­ing at an OpenAI higher ed­u­ca­tion sum­mit

“The whole point is to keep the in­ter­est­ing parts of our thought, about what must be true and what peo­ple be­lieve, in­side logic, in­stead of ban­ish­ing them”

– the first of (currently) four posts on read­ing through Ruth Barcan Marcus’s “Modalities”, from Richard Marshall

“Isn’t it some­times good to be bored?”

Philosophical com­men­tary on the in­ter­est­ing new show “Pluribus”

– from Bill Vanderburgh. The link is to the first in a se­ries of posts, though you should­n’t read the first be­fore watch­ing the first episode

“Poetry can en­cour­age am­bi­gu­ity and, un­like phi­los­o­phy, can fo­cus on emo­tional and non-ra­tio­nal con­nec­tions be­tween ideas”

– Bradford Skow has re­leased a book of po­ems about the American Revolution