10 interesting stories served every morning and every evening.

Swipe left to beginPress right arrow to begin

Statement on the US government directive to suspend access to Fable 5 and Mythos 5

www.anthropic.com

2,718 shares · 171 trendiness

We received the directive from the government today at 5:21pm (ET). The letter did not provide speciﬁc details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or “jailbreaking” Fable 5. We reviewed a demonstration of this speciﬁc technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass.

Anthropic’s posture with respect to Fable’s safeguards, as laid out in our launch blog post, is the following:

We have instituted strong safeguards that greatly reduce the likelihood that Fable is misused for tasks related to cybersecurity (among others). In fact, our safeguards are so strong that many users have complained that they are overly broad.

In the weeks leading up to the launch of Fable, Anthropic worked with the US government, the UK AISI, multiple private third-party organizations and internal teams to red-team Fable’s safeguards for thousands of hours in total.

These tests showed that Fable’s safeguards are substantially more effective than those of any previously deployed model.

No testers have yet been able to ﬁnd a universal jailbreak—a jailbreak method that can very broadly bypass the model’s safeguards, unblocking a wide range of cyber capabilities.

We suspect that perfect jailbreak resistance is not currently possible for any model provider. Every safeguard used in the industry is vulnerable to non-universal jailbreaks (which can elicit some cyber information in speciﬁc circumstances), and it is likely that universal jailbreaks will eventually be found in the future. We stated this clearly when we released Fable 5.

Given that perfect jailbreak resistance does not appear to be possible today, Anthropic adopted a defense in depth strategy with Fable 5. We aimed to make jailbreaks either narrow (in the case of non-universal jailbreaks) or very expensive to produce (in the case of universal jailbreaks), and to combine this with thorough monitoring to quickly detect and shut down any successful attacks. This is also why Anthropic has required 30-day retention of customer data with Fable—a policy change that carries real costs for us with customers, but that allows us to research and mitigate jailbreaks.

We stand by this defense in depth strategy. It reduces the risks posed by Fable, making them comparable to the risks of existing models already deployed across the industry.

We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result. The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor ﬁndings that provide no Mythos-speciﬁc uplift.

To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a speciﬁc codebase and ﬁx any software ﬂaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government’s directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours.

We are complying with the government’s legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the ﬁnding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.

As we have stated publicly, we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles.

We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.

Opensource AI Must Win

opensourceaimustwin.com

1,218 shares · 97 trendiness

If intelligence becomes something people can only rent from a few closed institutions, the public does not just lose software freedom. It loses operational freedom.

The ability to study, build, repair, deploy, audit, adapt, teach, preserve, and run intelligence systems without asking permission is of existential importance.

AI is a civilizational infrastructure for work, education, science, software, creativity, public services, and national capacity. Access must not depend on closed APIs, remote platforms, shifting terms, opaque moderation, model availability, or prices set by a handful of companies.

Opensource AI should remain usable, understandable, reproducible, locally deployable, economically viable, and community-governed even if today’s dominant labs, foreign labs, hardware vendors, cloud platforms, or open-weight model providers change direction or disappear.

When a small number of closed frontier labs and platform companies control the models, this infrastructure risks becoming a subscription economy for cognition.

America should not fall behind on the freedom to run, inspect, modify, benchmark, teach, and preserve intelligence infrastructure. The practical posture is American capacity with global open standards.

If you wanna help me make this real, send a quiet note: me@ahmadosman.com

Opensource AI Must Win © @TheAhmadOsman 2026

Read more Read the original on opensourceaimustwin.com →

Read the original on opensourceaimustwin.com →

Just a moment...

innovativegenomics.org

884 shares · 38 trendiness

Read the original on innovativegenomics.org →

All about electric motors with no rare earths

www.renaultgroup.com

573 shares · 33 trendiness

A historical pioneer in the complex technology of electric motors without magnets, i.e. with no rare earths, Renault Group is continuing to set itself apart on a market where 90% of electric cars have motors with magnets. Discover the range of electric motors by Renault Group.

The different types of electric motor

Requiring no piston or cylinders, an electric car motor converts electrical energy from the battery into mechanical energy through a magnetic ﬁeld generated by the current on the stationary component of the system [stator]. This sets the rotating component [rotor] in motion in order to drive the vehicle’s wheels.

We can make a distinction between three main families of electric motors, with significant technical differences:

permanent-magnet synchronous motors, made with rare earths. This is the dominant technology in the automotive market today. It combines high levels of efﬁciency with an optimised space requirement.

asynchronous motors (ASM) also referred to as asynchronous induction motors (IM). Owing to its lower level of efﬁciency, this technology is now generally used for secondary motors on the front axle.

electrically excited synchronous motors (EESM). These slightly bigger motors deliver high levels of efﬁciency without a magnet. These electric motors use no rare earths.

In 2012, Renault Group began the mass selling of EESM electric motors (for Electrically Excited Synchronous Motors) . The result of this unique expertise is a competitive range of electric motors.

Renault Group’s range of all-electric motors

A pioneer in electric cars since 2011, Renault Group has made the bold and visionary choice to mass-market EESM technology.

The very ﬁrst generation of motors was found under the bonnet of Renault Kangoo Z.E in 2011 and Renault Zoe in 2012. Carrying the part reference 5A, it had output ranging from 57 to 100 kW.In 2020, the ﬁnal upgrade of this powertrain arrived on Twingo Electric with the reference 5AL and output of 60 kW.

Renault Group’s second-generation EESM motor came into production in 2021 with the reference 6A. Renault Megane E-Tech electric was the ﬁrst model to ship with the new motor (reference 6AM), which was smaller, lighter and more powerful (up to 160 kW), in early 2022. It was followed by the Car of the Year 2024, Renault Scenic E-Tech Electric and most recently the ﬁrst all-electric Alpine, Alpine A290.

Launched in October 2024 and Car of the Year 2025 Renault 5 E-Tech electric ships with a 6AK electric motor with output of 110 kW, as does Renault 4 E-Tech electric, available to order since March 2025. Alpine A390 features a totally innovative powertrain, unveiled in September 2025. It features a 6AM electric motor on the front axle (like Alpine 290) and a new twin-motor set-up on the rear axle. These three electric motors, all manufactured at Cléon have an estimated combined output of around 345 kw (approx. 470 ch).

The next generation of all-electric EESM motors in 2027

In 2021, Renault Group engineers began working on the third generation of EESM-type electric motors called E7A. Although the development phase is still under way, the speciﬁcations are already frozen:

output of 200 kW, or around 270 hp, for torque of 400 Nm

a motor that is 30% smaller than previous-generation motors, with its all-in-one architecture

carbon impact reduced by 30%

efﬁciency of around 92%

This electric motor will also cut charging times since the system voltage will be increased to 800 volts, compared with the 400 volt architecture that is currently standard in the Renault range.

A motor with no rare earths: a challenge that is even more strategic than before

By opting for a wound rotor rather than permanent magnets, Renault Group is seeking to avoid reliance on the countries that produce rare earths and magnets.

The presence or absence of rare earths in an electric motor is not a detail but a strategic issue. China produces 85% of the puriﬁed light rare earths used worldwide, and 100% of the heavy rare earths. Today, China rarely offers these raw materials for sale. It gives priority to its domestic market and products of higher added value, such as permanent magnets. As a result, it has an almost total monopoly: over 90% of global production comes from China.

At the same time, China is also the world’s leading producer of electric cars…

Cléon, the Group’s electric motor plant

The Cléon plant has built Renault Group powertrains since 2015. This was when it began making the electric motors for Renault Zoe, Twingo ZE, Kangoo ZE and Master ZE. The motors for Megane E-Tech electric, Scenic E-Tech electric, Alpine A290, Renault 5 E-Tech electric and Renault 4 E-Tech electric are all produced here. From 2027, the Cléon plant will build the new-generation 200 kW electric motor.

“Don’t You Just Upload It to ChatGPT?”

correresmidestino.com

433 shares · 19 trendiness

Article views: 94,421

In my Ottawa life, every Tuesday evening, I take two gym classes back to back—boxing and the pompously named “body sculpt,” which makes me discover muscles I didn’t know I had.

It’s fun. I love it.

But a couple of weeks ago, I ended up cancelling my second class—one of those nights when the ﬁrst assignment landed in my inbox at 4 p.m., another one arrived while I was on my way to the gym, and a third one popped up right as I was standing in the locker room. All due the following morning, obviously. Welcome to the life of a freelance translator.

Work takes priority over muscles. I headed for the lockers at the end of boxing class.

“Are you leaving? You’re always taking this class!”

I turned around. I was changing into my translator clothes—jeans and a T-shirt—and she was presumably changing into her gym clothes, except ﬁrst, she was busy taking off her jewelry.

Her look was very polished—the kind of polished that screams ofﬁce day. Over the past few months, the generous pandemic work-from-home policy had been tightened, scaled back, amended and more or less rescinded in a desperate attempt to have employees single-handedly save downtown Ottawa’s many small businesses and general gloom by their mere on-site hot-desking presence.

If you ask me, nothing can save downtown Ottawa or North American public transit.

“I see you there every week!”

Apparently, I owed her an explanation and possibly an apology. I didn’t remember her, but it’s a very full class and we all more or less look the same in gym clothes.

“I’ve just received some work,” I explained. “I’m a translator and I have three deadlines by tomorrow morning, so I should probably get started.”

“But… it won’t take long. Don’t you just upload the documents to ChatGPT?”

I paused for a split second. Surely, she was joking.

I looked up at her.

She was not.

“It… doesn’t exactly work like that.”

“You should try it, it’s so much quicker!”

Oh. My. Fucking. God.

But hey, I parent a teen. I can recognize a teachable moment when I see one.

“It’s not that easy, you know. Technically, ChatGPT will spit out a translated document. But ﬁrst, there may be formatting issues. And most importantly, the translation will be questionable.”

“Why?”

“Because AI isn’t human, and it takes an actual person to understand what another human is trying to say—and how to say it so someone else understands it. I don’t just make grammatically correct sentences in another language. I adapt, I localize, and I ﬁnd the best way to convey the original message so it makes sense and feels natural. I research terminology. I make sure it’s consistent throughout. I’m sorry, I’m better than AI.”

We’re all better than AI. AI is just better at pretending it can do the job.

Go ahead, ask me how I know.

Yes, obviously, I tried translating with AI.

Ah, you can’t ﬁre me, I’m self-employed!

I’ve been playing with AI since the fall, when it started stealing my job for real. I could either declare it evil and turn into one of those people who will never get a smartphone, or use it to my advantage.

I’m practical. I chose the second option.

AI can’t translate for me. It can’t write either—unfortunately, ChatGPT can’t vouch for the fact that this article is my idea, that it’s my gym, my ignorant civil servant and my punchline. Just take my word for it, pun slightly intended.

And while this article is written by yours truly, you bet I’m going to spell-check it. I probably won’t use AI; I have Antidote. But maybe I will ask Claude’s opinion, and if one of the suggestions is smart—cutting a paragraph, for instance, or clarifying a sentence—I might accept it.

When I started translating 15 years ago, we used to paste uncooperative sentences into Google Translate to see if it had interesting ways to phrase things differently. Then came DeepL—same idea.

What do you think? That we’re translating with pen and pencil? That your accountant doesn’t use fancy Excel formulas? That your manager formatted the PowerPoint alone? That your favourite restaurant doesn’t Google trendy recipes?

We are professionals using tools.

But that’s just what they are—tools.

One of my clients has insane style guides, plural. I’m talking about 500-page documents detailing the proper way to format quotes and the one true way to insert footnotes. I fed them to ChatGPT for the ﬁnal checks—it can kind of ﬂag when I break a rule. I’ve also used AI to extract specialized terminology from reference documents and build my own glossaries. It’s faster than Ctrl+F, and less likely to make me scream.

But everything has to be double-checked, triple-checked. It’s another way of working, not a magic button.

AI isn’t replacing me. Like a toddler, it needs to be constantly coached. It invents acronyms and organization names, forgets to translate entire sentences, ignores the provided terminology unless repeatedly threatened, and occasionally misses the point completely.

Which is why we—translators, writers, editors, and other professionals—shouldn’t suddenly be paid less because AI exists. Should you pay your roofer less because he uses a hammer instead of his bare hands?

But judging by her amused smile, my civil servant wasn’t getting the point.

“But AI is getting better all the time!”

“What do you do?” I asked, changing tack.

“I’m the Director General, Human Resources and Corporate Services, but I’m currently in an acting position for Workforce Planning and Resources Management.”

This actually made sense to my Ottawa brain. Told you, I’m a translator.

“Great. So, do you use AI a lot at work?”

“Oh, I can’t! It’s really not reliable enough.”

For fuck’s sake.

And she works in human resources!

Read more Read the original on correresmidestino.com →

Read the original on correresmidestino.com →

How to Setup a Local Coding Agent on macOS

ikyle.me

419 shares · 20 trendiness

I’d had my internet fail a few times recently leaving me stranded without a coding agent, and so when I saw the “Gemma 4 now runs 2x faster with MTP” Multi-Token Prediction update for Gemma 4 I decided to have a go at getting it running.

I wanted a local coding agent setup that:

was fast enough to actually use on my Mac

worked through an OpenAI compatible API (so I could use it in other tools)

and preferably could handle screenshots/images when needed, so I can feed it screenshots of what it has made.

And I did! This video is realtime. And shows the agent responding at a perfectly usable speed.

After a bit of testing the ﬁnal setup I ended up with is:

llama.cpp built with Metal on macOS

Gemma 4 26B-A4B in GGUF format

A Q8 MTP draft model for speculative decoding

The Gemma 4 multimodal projector

Pi as the terminal coding agent

This was tested on an Apple M1 Max with 64 GB uniﬁed memory, running macOS 15.7.7.

The Model

The main model is: gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf.

Link on Huggingface: models/unsloth-gemma-4 – 26B-A4B-it-GGUF/gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf

That ﬁle is about 16 GB. With the MTP draft head and multimodal projector the model folder is about 17 GB.

The benchmark prompt was:

Write a compact Python function that parses a uniﬁed diff and returns the changed ﬁle paths. Then explain two edge cases.

Each benchmark generated about 128 tokens.

Baseline: llama.cpp + Metal

First I ran the main model directly through llama.cpp with Metal acceleration:

repos/llama.cpp/build/bin/llama-cli \ -m models/unsloth-gemma-4 – 26B-A4B-it-GGUF/gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf \ -ngl 999 \ -fa on \ -c 4096 \ -n 128

Result:

58 tokens/second is not fast, but is usable, but for coding-agent work you want it to be as fast as possible, especially when the agent is making many tool calls.

Adding the MTP Draft Model

Gemma 4 now has the MTP draft model available:

MTP/gemma-4 – 26B-A4B-it-Q8_0-MTP.gguf

This can be loaded by llama.cpp as a speculative draft model:

repos/llama.cpp/build/bin/llama-cli \ -m models/unsloth-gemma-4 – 26B-A4B-it-GGUF/gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf \ –model-draft models/unsloth-gemma-4 – 26B-A4B-it-GGUF/MTP/gemma-4 – 26B-A4B-it-Q8_0-MTP.gguf \ –spec-type draft-mtp \ –spec-draft-n-max 3 \ -ngl 999 \ -fa on \ -c 4096 \ -n 128

The ﬁrst run with MTP came in at 69.2 tokens/second using 4 draft tokens. However, Unsloth’s guide on How to Run MTP Models includes this note:

“We found –spec-draft-n-max 2 is the best starting point however, do not assume 2 is optimal, as performance is hardware-dependent. Try any value from 1 through 6 and use whichever is fastest for your system.”

After sweeping –spec-draft-n-max, the best result was 72.2 tokens/second with 3 draft tokens.

The useful part is that prompt processing stayed basically the same, while generation improved by about 24%.

Tuning MTP

I tested –spec-draft-n-max values from 1 to 6.

On my M1 Max machine, 3 was the fastest, with 2 close enough that either would be ﬁne. Values above that got slower.

MLX Comparison

I also tested MLX models through mlx-lm, to ﬁnd out which is the faster way to run the model on a Mac, llama.cpp or mlx.

I thought MLX (being optimised for the Mac) would be fastest. However, for this speciﬁc setup, llama.cpp was faster than MLX, and llama.cpp with MTP was clearly the best option.

I guess all the effort and tweaking which has gone into llama.cpp over time means it quite well optimised fr macOS despite being cross platform.

I also tried Gemma 4 MTP through gemma-4-swift-mlx, but the tested 26B 4-bit MLX checkpoints did not match the loader’s expected weight keys, and I already had the previous MLX tests, so moved on rather than redownload new models and try to tweak things to match.

Adding Image Support

For Pi, I also wanted to be able to attach screenshots. The local model entry I setup for it originally declared the model as text-only:

“input”: [“text”]

That meant Pi did not send image tool output through to the model properly.

The llama.cpp server also needs the Gemma 4 multimodal projector in order for the multi-modal part to work (only the 12B is natively multi-modal):

mmproj-BF16.gguf

When loaded with –mmproj, llama.cpp advertises multimodal support, and Pi can send images.

I re-ran the text benchmark with the projector loaded, just to check it didn’t change the speed:

The ﬁnal run with the projector did not show a text-generation slowdown.

Now for setup instructions:

Install llama.cpp

Install dependencies:

brew install cmake git tmux python@3.11

Clone and build llama.cpp:

mkdir -p ~/Developer/ML-Models/Gemma4/repos cd ~/Developer/ML-Models/Gemma4

git clone https://github.com/ggml-org/llama.cpp repos/llama.cpp

cd repos/llama.cpp cmake -B build \ -DCMAKE_BUILD_TYPE=Release \ -DGGML_METAL=ON \ -DGGML_ACCELERATE=ON

cmake –build build –conﬁg Release -j

The build I tested had:

GGML_METAL=ON GGML_ACCELERATE=ON GGML_BLAS=ON GGML_BLAS_VENDOR=Apple

Download the Model Files

Create a Python environment:

cd ~/Developer/ML-Models/Gemma4 python3.11 -m venv .venv source .venv/bin/activate pip install -U huggingface_hub hf_xet

Download the ﬁles:

mkdir -p models/unsloth-gemma-4 – 26B-A4B-it-GGUF

huggingface-cli download unsloth/gemma-4 – 26B-A4B-it-GGUF \ gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf \ mmproj-BF16.gguf \ MTP/gemma-4 – 26B-A4B-it-Q8_0-MTP.gguf \ –local-dir models/unsloth-gemma-4 – 26B-A4B-it-GGUF

You should end up with:

models/unsloth-gemma-4 – 26B-A4B-it-GGUF/ gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf mmproj-BF16.gguf MTP/gemma-4 – 26B-A4B-it-Q8_0-MTP.gguf

Start the Local Server

This is the ﬁnal server command:

repos/llama.cpp/build/bin/llama-server \ -m models/unsloth-gemma-4 – 26B-A4B-it-GGUF/gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf \ –model-draft models/unsloth-gemma-4 – 26B-A4B-it-GGUF/MTP/gemma-4 – 26B-A4B-it-Q8_0-MTP.gguf \ –mmproj models/unsloth-gemma-4 – 26B-A4B-it-GGUF/mmproj-BF16.gguf \ –spec-type draft-mtp \ –spec-draft-n-max 3 \ -ngl 999 \ -fa on \ -c 65536 \ –parallel 1 \ –host 127.0.0.1 \ –port 8080

The OpenAI-compatible endpoint is:

http://127.0.0.1:8080/v1

I used a small start_server.sh wrapper so it runs inside tmux:

#!/usr/bin/env bash set -euo pipefail

ROOT_DIR=“$(cd “$(dirname “${BASH_SOURCE[0]}“)” && pwd)” SESSION_NAME=“${SESSION_NAME:-gemma4-server}” HOST=“${HOST:-127.0.0.1}” PORT=“${PORT:-8080}” CTX_SIZE=“${CTX_SIZE:-65536}” PARALLEL=“${PARALLEL:-1}”

LLAMA_SERVER=“$ROOT_DIR/repos/llama.cpp/build/bin/llama-server” MODEL=“$ROOT_DIR/models/unsloth-gemma-4 – 26B-A4B-it-GGUF/gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf” DRAFT_MODEL=“$ROOT_DIR/models/unsloth-gemma-4 – 26B-A4B-it-GGUF/MTP/gemma-4 – 26B-A4B-it-Q8_0-MTP.gguf” MMPROJ=“$ROOT_DIR/models/unsloth-gemma-4 – 26B-A4B-it-GGUF/mmproj-BF16.gguf” LOG_FILE=“$ROOT_DIR/logs/llama-server-mtp.log”

mkdir -p “$ROOT_DIR/logs”

tmux new-session -d -s “$SESSION_NAME” -c “$ROOT_DIR” \ “$LLAMA_SERVER \ -m ‘$MODEL’ \ –model-draft ‘$DRAFT_MODEL’ \ –mmproj ‘$MMPROJ’ \ –spec-type draft-mtp \ –spec-draft-n-max 3 \ -ngl 999 \ -fa on \ -c ‘$CTX_SIZE’ \ –parallel ‘$PARALLEL’ \ –host ‘$HOST’ \ –port ‘$PORT’ \ 2>&1 | tee -a ‘$LOG_FILE’”

Start it:

chmod +x start_server.sh ./start_server.sh

Check that the server is running:

curl http://127.0.0.1:8080/v1/models

Conﬁgure Pi

Pi reads model providers from:

~/.pi/agent/models.json

Add a local provider:

{ “providers”: { “gemma4-local”: { “name”: “Gemma 4 Local”, “baseUrl”: “http://127.0.0.1:8080/v1”, “api”: “openai-completions”, “apiKey”: “local”, “authHeader”: false, “compat”: { “supportsDeveloperRole”: false, “supportsReasoningEffort”: false }, “models”: [ { “id”: “gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf”, “name”: “Gemma 4 26B-A4B Q4 + MTP”, “reasoning”: false, “input”: [“text”, “image”], “contextWindow”: 65536, “maxTokens”: 8192, “cost”: { “input”: 0, “output”: 0, “cacheRead”: 0, “cacheWrite”: 0 } } ] } } }

The important pieces are:

baseUrl points to the llama.cpp OpenAI-compatible server.

api is openai-completions.

authHeader is false, because this is a local server.

input includes both text and image, otherwise Pi treats it as text-only.

Optionally make it the default in:

~/.pi/agent/settings.json

{ “defaultProvider”: “gemma4-local”, “defaultModel”: “gemma-4 – 26B-A4B-it-UD-Q4_K_XL.gguf”, “defaultThinkingLevel”: “minimal” }

Then check Pi can see it:

Read more Read the original on ikyle.me →

Read the original on ikyle.me →

Security Verification

www.ft.com

374 shares · 19 trendiness

For help please visit help.ft.com. We apologise for any inconvenience.

The following information can help our support team to resolve this issue.

Read more Read the original on www.ft.com →

Read the original on www.ft.com →

Tech Things: There is a massive shadow hanging over this Fable thing

12gramsofcarbon.com

359 shares · 34 trendiness

Well. I wasn’t quite planning to write this evening, since it’s Friday and Fridays are when I like to code, and when I say code I mean ‘let the agent code while I watch soccer with my friends.’ Recently I’ve been making some fun html games. I actually have another draft post in the barrel about how I think we should see a resurgence of the ‘ﬂash game’ renaissance because it has become so much easier to make fun little games with AI tooling. But in the middle of me thinking about how to make my shitty backrooms-themed shooter play a bit better, the agent went ‘Sorry! This model doesn’t exist any more!’

What the fuck?

My ﬁrst thought was that I needed to re-login. I run a ton of agents in parallel most of the time, so my instinct was that this was just a really really weird limit error. I vaguely knew that Anthropic was thinking about pulling Fable off the subscription plans so I switched to the API. Still nothing.

My team built a custom rust agent client, it’s pretty great. But my next thought was ‘o shit the harness bricked’, and I started poking around in Rust, which is a language I barely know even though I’ve ostensibly written tens of thousands of lines of code of it. At which point my friend went ‘the government banned fable.’

What the fuck?

But it’s true.

The US Gov directed Anthropic to disable access to Fable and Mythos to any foreign national anywhere in the world, including those in the US, including Anthropic employees. This is an impossible ask, and the Government knows it, so Anthropic has disabled all access to Fable/Mythos.

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected.…We received the directive from the government today at 5:21pm (ET). The letter did not provide speciﬁc details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or “jailbreaking” Fable 5. We reviewed a demonstration of this speciﬁc technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass.…We have reviewed a report that we believe is the basis of the government’s directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours.…We are complying with the government’s legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the ﬁnding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people.

…

We have reviewed a report that we believe is the basis of the government’s directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours.

…

A few thoughts about this.

Up front, I’m extremely conﬂicted.

I am an AI doomer most days. Having trained many many deep neural networks in my time, I have a deep appreciation for the ways in which optimizers can go wrong. We optimize what we can measure, not what we actually want to achieve. We hope and pray that these are the same thing, but they often aren’t. We want to build good products, but we don’t know how to do that, so we optimize for engagement. We want to teach kids how to read and write, but we don’t know how to do that, so we optimize for test scores. We want to improve the economy, but we don’t know how to do that, so we kill thousands of whales and let their corpses just rot on the docks. AGI / ASI systems are optimizers, and optimizers can really be extremely dangerous in ways that are extremely difﬁcult to predict, because in their efforts to optimize for what we can measure they optimize away from the good. Corporations are ALSO optimizers, so of course they are optimizing for ‘get money as fast as possible’ — the thing we can measure — despite many of the people building it being like ‘hey yea this is really dangerous,’ which is of course a fantastic parable for the whole AI alignment debate.

But also, there is a massive shadow hanging over this whole thing. If any other government in the history of the United States took this step, there would be good reason to at least give that government the beneﬁt of the doubt. But this government has shown itself to be petty and corrupt in ways that continue to completely and totally astound me in its openness and creativity. Is this coming from an actual desire to regulate AI? A better question: does anyone in this government who knows anything about AI actually have the ear of people who make these decisions? I would bet against it!

Anthropic and this admin are very famously not friends. I am biased, but from my perspective, Anthropic tried their hardest to integrate with the DoD and work with the military, and as a result Anthropic models were used inside highly classiﬁed systems. And the Trump admin responded with a highly publicized attempt at corporate murder by declaring that Anthropic was a supply chain risk and that no one who works with the government is allowed to use any Anthropic models (which is basically everyone). All this despite continuing to use Anthropic models for military operations for the next 6 months, which included the entire war in Venezuela and the war in Iran. The Chinese LLMs aren’t even declared supply chain risks! Anyway this became a very public thing, and the far right twitter arm decided that because the Trump admin was trying to destroy Anthropic, Anthropic must be woke, and anything that is woke must be destroyed, so the Trump admin is right to destroy Anthropic.1 So is this admin trying to properly regulate harmful AI? Or do they see this as an opportunity to give a perceived cultural enemy a black eye?

Meanwhile, Anthropic’s competitors have friends up and down the administration — the Kushners are heavily invested in OpenAI, as an example.2 So another way to read this is that this is an opportunity for other labs to give Anthropic a black eye. Fable is, by all accounts, an incredibly strong model. Very convenient that it’s no longer available for consumers, especially right as Anthropic is about to IPO.

The problem with spoils system politics is that it makes the optics of everything suspect. We spent decades as a society getting to the point where we decided not to do that, and now that trust is gone. Again, a very long shadow.

As a brief aside, I am once again extremely disappointed in the myriad of Silicon Valley people who angrily argued that a Democratic led government would ‘pick winners and losers in the AI race’ are now completely silent or defending the actions of this admin. I cannot help but feel that that previous posturing was just a machiavellian play for power, which has just been the worst feeling in the world. The tech industry does not have a great reputation with the rest of the world right now, not in the least because AI leaders keep talking about how AI is going to destroy everything and cause mass layoffs. It would be great to have someone with enough of a backbone3 to stand up for the principle and say ‘hey, this is kinda fucked!’

This was announced on 5:21 PM on a Friday. Sorta a suspicious time. Whenever someone does something intentionally on a Friday evening, my ﬁrst thought is ‘o, the markets.’ See, if you want to do something that is likely to be really bad, you announce it on Friday evening so that there is some amount of time for the stock market to settle during the weekend in the hopes that it won’t immediately tank everything. This isn’t the ﬁrst time the Trump admin has tried this trick. From Claude (yes I’m aware of the irony):The most-cited compilation comes from the research ﬁrm The Kobeissi Letter, which catalogued a series of major geopolitical and trade announcements that landed after futures markets closed Friday or early Saturday, giving the weekend to absorb the shock. Their list reportedly includes strikes on Iranian nuclear sites on June 21, US military action against Caribbean drug boats on September 1, a 100% tariff threat against China after market close on October 10, the closure of Venezuelan airspace on November 29, military action in Nigeria on December 25, and direct strikes on Iran on February 28, 2026. They also ﬂagged the corporate angle: on August 11, 2025, the administration announced an Intel deal after weeks of public pressure on CEO Lip-Bu Tan, again structured to land outside active trading hours.

The most-cited compilation comes from the research ﬁrm The Kobeissi Letter, which catalogued a series of major geopolitical and trade announcements that landed after futures markets closed Friday or early Saturday, giving the weekend to absorb the shock. Their list reportedly includes strikes on Iranian nuclear sites on June 21, US military action against Caribbean drug boats on September 1, a 100% tariff threat against China after market close on October 10, the closure of Venezuelan airspace on November 29, military action in Nigeria on December 25, and direct strikes on Iran on February 28, 2026. They also ﬂagged the corporate angle: on August 11, 2025, the administration announced an Intel deal after weeks of public pressure on CEO Lip-Bu Tan, again structured to land outside active trading hours.

Why might this be a volatile decision? Well, a huge part of the AI boom is the idea that there will be ongoing demand for computer intelligence. The debt, the build out, the datacenters, the stock market runs on every part of the AI chain from GPUs to memory to disk to server racks. Alllllll of that is predicated on the idea that all of this is going to be worth trillions and trillions of dollars. And by all accounts, it seems like it is. Or at least, was on track to be. You know what will put a spanner in the build out of a multi-trillion dollar data center investment? The realization that at any point, the government will unilaterally cut off access to everyone, and the datacenters will be worth squat. Some people over on HN and Reddit are already talking about how this represents the high water mark for what the government will ‘allow’ people to access. You can have all the demand in the world, and it won’t matter a lick if the government just won’t let you have it.

Speaking of the HN/Reddit folks, lots of people are gleefully cackling about how Anthropic got what they deserved for their ‘marketing stunt’ with Mythos. As I’ve said before, this isn’t the ﬁrst time we’ve had an AI CEO argue that something is ‘unsafe’ for personal gain.Anthropic haters have roundly condemned this move as mere advertising and theatrics. OpenAI did the same “too dangerous to release” song and dance for the awesome, world ending AI that was GPT-2.Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code. We are not releasing the dataset, training code, or GPT-2 model weights. Nearly a year ago we wrote in the OpenAI Charter: “we expect that safety and security concerns will reduce our traditional publishing in the future, while increasing the importance of sharing safety, policy, and standards research,” and we see this current work as potentially representing the early beginnings of such concerns, which we expect may grow over time.I’m poking fun a bit here, but it’s worth noting that OpenAI’s concerns were actually pretty spot on. In the years since GPT-2 released, we’ve been absolutely ﬂooded by AI slop that has pulled our collective ability to understand reality apart at the seams.I kinda believe that Fable is the real deal, and I kinda trust Anthropic when they say that they are concerned about the security risks of a widespread Fable release. But the top voted comment on the relevant HN comment thread is “Finally they will pay for all the scaremongering they been doing to sell their models as something so much ahead of all else.” Now no one can use Fable so…got em, I guess? Of course, this is quite possibly the greatest advertising for Anthropic you could possibly imagine. If you take the government at face value, the models are so good they literally can’t be used!

Anthropic haters have roundly condemned this move as mere advertising and theatrics. OpenAI did the same “too dangerous to release” song and dance for the awesome, world ending AI that was GPT-2.Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code. We are not releasing the dataset, training code, or GPT-2 model weights. Nearly a year ago we wrote in the OpenAI Charter: “we expect that safety and security concerns will reduce our traditional publishing in the future, while increasing the importance of sharing safety, policy, and standards research,” and we see this current work as potentially representing the early beginnings of such concerns, which we expect may grow over time.I’m poking fun a bit here, but it’s worth noting that OpenAI’s concerns were actually pretty spot on. In the years since GPT-2 released, we’ve been absolutely ﬂooded by AI slop that has pulled our collective ability to understand reality apart at the seams.

Anthropic haters have roundly condemned this move as mere advertising and theatrics. OpenAI did the same “too dangerous to release” song and dance for the awesome, world ending AI that was GPT-2.

Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code. We are not releasing the dataset, training code, or GPT-2 model weights. Nearly a year ago we wrote in the OpenAI Charter: “we expect that safety and security concerns will reduce our traditional publishing in the future, while increasing the importance of sharing safety, policy, and standards research,” and we see this current work as potentially representing the early beginnings of such concerns, which we expect may grow over time.

I’m poking fun a bit here, but it’s worth noting that OpenAI’s concerns were actually pretty spot on. In the years since GPT-2 released, we’ve been absolutely ﬂooded by AI slop that has pulled our collective ability to understand reality apart at the seams.

I kinda believe that Fable is the real deal, and I kinda trust Anthropic when they say that they are concerned about the security risks of a widespread Fable release. But the top voted comment on the relevant HN comment thread is “Finally they will pay for all the scaremongering they been doing to sell their models as something so much ahead of all else.” Now no one can use Fable so…got em, I guess? Of course, this is quite possibly the greatest advertising for Anthropic you could possibly imagine. If you take the government at face value, the models are so good they literally can’t be used!

Re: taking folks at face value, some people are also like “When you spend a lot of time telling people how dangerous your products are, people who have the power to keep dangerous products off the market might listen.” And to be honest, it’s a good point! Bernie Sanders, the most AI pilled member of Congress, keeps making policy videos that are just him reading off quotes from AI CEOs and being like “see?!” Which, of course, this brings us back around to the ﬁrst thing: maybe these things really are unsafe and should be regulated. Of course, no AI CEO worth their salt is ever going to say something like that again, if they know the risk is being shut down.

I want to end with another HN comment, that I thought was particularly close to how I feel.So many comments here missing the big picture, and just gleefully pointing out that Anthropic got what they deserved, or that this is the natural culmination of some kind of marketing stunt.The real story here is that this may be the beginning of governments restricting the availability of strong LLMs to the public, to you. Fable was the strongest model on the market, and the US government has told you you can’t use it (technically, only if you’re not a US citizen, but in practice, even if you are). If you think the solution here is going to be open source Chinese models and / or running on your own hardware, think again. Do you think China is going to allow the strongest LLMs from companies within its borders to be open source a year from now when they have Mythos capabilities, if the US government is keeping the strongest American models back? Unlikely. These are heading in the direction of being powerful cybersecurity weapons and it will be in the interest of nation states to restrict and control them. In 2 years time, I would be surprised if the strongest LLMs are available for general use at all.Will we be the poorer for that, or will we be safer? I think poorer, because I hate being told what technology I can and can’t use, but I’m not certain. Maybe you think the government should restrict strong LLMs. Maybe you don’t. But either way, this is big news and a rubicon has been crossed and a precedent set. That’s true even if the motivation for this is just the government settling scores with Anthropic.

I want to end with another HN comment, that I thought was particularly close to how I feel.

So many comments here missing the big picture, and just gleefully pointing out that Anthropic got what they deserved, or that this is the natural culmination of some kind of marketing stunt.The real story here is that this may be the beginning of governments restricting the availability of strong LLMs to the public, to you. Fable was the strongest model on the market, and the US government has told you you can’t use it (technically, only if you’re not a US citizen, but in practice, even if you are). If you think the solution here is going to be open source Chinese models and / or running on your own hardware, think again. Do you think China is going to allow the strongest LLMs from companies within its borders to be open source a year from now when they have Mythos capabilities, if the US government is keeping the strongest American models back? Unlikely. These are heading in the direction of being powerful cybersecurity weapons and it will be in the interest of nation states to restrict and control them. In 2 years time, I would be surprised if the strongest LLMs are available for general use at all.Will we be the poorer for that, or will we be safer? I think poorer, because I hate being told what technology I can and can’t use, but I’m not certain. Maybe you think the government should restrict strong LLMs. Maybe you don’t. But either way, this is big news and a rubicon has been crossed and a precedent set. That’s true even if the motivation for this is just the government settling scores with Anthropic.

So many comments here missing the big picture, and just gleefully pointing out that Anthropic got what they deserved, or that this is the natural culmination of some kind of marketing stunt.

The real story here is that this may be the beginning of governments restricting the availability of strong LLMs to the public, to you. Fable was the strongest model on the market, and the US government has told you you can’t use it (technically, only if you’re not a US citizen, but in practice, even if you are). If you think the solution here is going to be open source Chinese models and / or running on your own hardware, think again. Do you think China is going to allow the strongest LLMs from companies within its borders to be open source a year from now when they have Mythos capabilities, if the US government is keeping the strongest American models back? Unlikely. These are heading in the direction of being powerful cybersecurity weapons and it will be in the interest of nation states to restrict and control them. In 2 years time, I would be surprised if the strongest LLMs are available for general use at all.

Will we be the poorer for that, or will we be safer? I think poorer, because I hate being told what technology I can and can’t use, but I’m not certain. Maybe you think the government should restrict strong LLMs. Maybe you don’t. But either way, this is big news and a rubicon has been crossed and a precedent set. That’s true even if the motivation for this is just the government settling scores with Anthropic.

Well said.

Yes, I too am frustrated by this logic

Also seems too coincidental that this arises while the government keeps talking about how they want to take a big equity stake in OpenAI. Another example of something I’m generally for being tainted by terrible optics and questionable intentions

There certainly are enough people with money riding on that that you’d think at least one of them would feel incentivized

No posts

Read more Read the original on 12gramsofcarbon.com →

Read the original on 12gramsofcarbon.com →

Leaving Mozilla

blog.unitedheroes.net

356 shares · 49 trendiness

After more than 15 years, I will be leaving Mozilla on July 21. Friday, June 12th will be my last “real” day, as I am planning on using my 200+ hours of vacation backlog. I’ve had the honor of working with some of you, and others have no idea who I am, but you might have a sticker of mine.

While I have mostly enjoyed my time here, there are a few things I wish to say upon my departure:

You Are More Important Than You Think

I’m not referring to you The Corporate Entity or you the Collective Organization. I mean you. The person reading this right now. I have beat the drum for mentoring for quite some time. Mentoring is a lot of things, but essentially, it’s ﬁnding someone else to talk to. In a company full of fellow introverts, I get that idea is uncomfortable and hard, but really, it’s one of the best things for both you personally and your career. You’re smart and can both learn and teach, no matter what your level of experience or background. Please try it.

You Are Part of Something Far Larger

If you’re working here, you’re one of the fortunate. There are a bunch of people who wanted to build a browser that could stand toe-to-toe with ones built by people with a lot of money. A browser that put their interests ﬁrst. That worked how they wanted. We’re the lucky, tiny portion that can get paid, but it comes with a price. It is our obligation to listen to the people who aren’t lucky enough to get paid. The folk out there are our community. They’re our peers. They are the ones who trust that we will continue to work for them, because if not, they’ll ﬁnd someone else who will.

We run the very real risk of losing those people.

We’re also pretty small

It’s too easy to think that we’re big. We’re not. We’re a niche browser that is lucky enough to get well funded. We shouldn’t try to be like the big browsers because that’s not what our Community wants.

Think of it this way; imagine living somewhere ﬁlled with McDonald’s, Burger King, and Wendy’s. We’re that cozy little Mom & Pop diner where customers say hi to each other, pour each other coffee, and clean up tables. It’s the sort of place that folk meet up to chat at tables, have a pretty awesome sandwich, and ask the owner who runs the grill if he thought about having the pork chop come with rice instead of a baked potato.

People have to seek us out. They’re doing that because they don’t want to use the browser that they literally have at their ﬁngertips. They also seek us out because they don’t trust the other big browser that everyone insists that they should be using. The folk that don’t care about that already use those big browsers. So, if people are looking for an experience that is absolutely not like the one they already have, why would we ever seek to emulate what those browsers are doing?

That doesn’t mean we can’t become big. We did this before. When we listened to our Community, gave them what they wanted, let them work with us to build something amazing, they told their friends. That was our growth phase, where we had ever increasing DAU (to use business terms). For regular folk, that’s when they installed us on their uncle’s laptop, their neighbor’s phone, and their classmates’ desktop, because their work was part of what made us special. They told their company about how we were a great alternative because they were proud to be part of what we were. That’s something you can’t build with just posters and stickers alone.

So, that’s it. TL:DR;

Respect yourselves.

Help each other out.

Remember who you’re working for.

If you want to stay in touch, I’m not that hard to ﬁnd online, although I might spend a few days screaming at the ocean.

Right, so that’s the note I sent when I left. Now I get to talk about all the things that bothered the hell out of me.

Mind you, I would have preferred to stay longer, but things got to a point where it just wasn’t fun anymore. (Considering that my career has been supporting stuff that no one else wanted to deal with. When everyone else ran out of the room, I was the one that would sigh, raise his hand, and take on the task. This did not do wonders for my career, but it was honest, hard work and constantly challenging.)

My career generally has been weird, because I’m not the kind of person to jump ship after a year or two. That’s about the point when I feel I actually understand not only what I was handed, but how it ﬁt into the larger org, and I can actually improve things more holistically. Not all of those improvements radically changed things. I’ve heard it as “Keeping the campsite clean”, little changes and improvements that make everything else generally better.

I’ve had previous opportunities to “ride the rocket” with various companies and they’ve been moderately entertaining. Often the trajectory of that start-up rocket was “into the ground”. In fact, the majority of companies I was with no longer exist, Netﬁx being the odd-duck out. It’s often said that Mozilla survives in spite of it’s Leadership, not because of it, and it absolutely rang true lately.

So, let’s go over a few things that bothered me. These are all opinions from someone who worked in a trench there for 15+ years, but, the bonus was that I never got the chance to think that highly of myself.

I’m not kidding when I said that Firefox is a niche browser. Folk have to actively look to use it. They have to search it out, ﬁgure out how to download it, ignore all the warnings and “suggestions” that they should keep using whatever the native browser is, avoid all the ads for Chrome as the better replacement browser, ignore all the sites saying “Your browser is out of date” because they couldn’t be arsed to test things in Firefox, etc. Firefox users are not normal. They are deeply abnormal, and frankly a lot of them are proud of that.

The problem is that Leadership doesn’t know how to deal with that.

Mozilla, born of being niche, and started by a bunch of abnormal folk, is deeply abnormal. Mozilla is open source. Like, really open source. Pretty much every line of code they write is published somewhere. (There are some private repos of course, because they’re not going to leave the keys under the doormat, and there are some repos that aren’t public because the folk that wrote them are exec types that don’t understand the power or motivation of Open Source, but they’re weird and those projects don’t last long anyway.)

Pretty much no other company in the Tech Industry is like Mozilla. So it’s really hard to hire people with experience running traditional Tech Industry companies that have any clue about how to deal with being that level of open. They all come from worlds where The Black Turtlenecked God told you “Do Not Tell Anyone about Anything”. The idea that they literally give things away and are actually transparent as hell is like telling them Mozilla employees are martians. They smile, say polite things, then ignore our history and actions and do things that they know because the concept of anything alien is clearly evil.

This sort of thing manifests in weird ways. One of the more hilarious ones is the “Chase for the DAU” (Daily Active User). Mozilla’s DAU count has been dropping for years. There’s all sorts of reasons for that. I bet you can come up with a few yourself. Of course, New Leadership comes in with guns a’blazing and Big Ideas for how to make DAU go Up. Those proposals seldom work because those Big Ideas inevitably are “We should copy what the Big Browsers do!”. Remember when I said that our users are deeply abnormal? Yeah, they already have that feature in the browser that’s already on their machine. If they wanted it that bad, they already have it.

I told someone once that imagine being in an area where every restaurant is McDonald’s, Burger King, or Wendy’s. Opening up another burger stand isn’t really going to cut it. But if you open up a diner where folk know your name, and customers can pour coffee for other folk, or help clear dishes, or talk with the guy at the grill and try to convince him to add teriyaki spam and grilled cabbage on rice to the menu, you might wind up becoming the neighborhood hang-out that folk tell visitors about.

But, sure, if the DAU numbers are down, clearly New Thinking must be the answer! Maybe? I mean, thinking that’s different than what was currently being done is probably a really good idea. The thing is that’s also when the delusions set in. Every New Leader thinks “We’ve got to think like a Start Up!” I mean, they do know that most start-ups fail, right? Mozilla is a 30 year old company. They are the polar opposite of “start-up”. In fact, for the past 15 years, they’ve been “thinking like a Start-Up[1]” in various ﬂavors and now they have the lowest DAU ever. Instead, I dunno, maybe look back at that 30 year history and see what they were doing when they had positive DAU and do that again?

I’ll give them a hint because I was around then: It wasn’t chasing the latest fads.

It was doing what they’re good at, being deeply abnormal, and helping folk make what they really wanted.

Back then, not only were we publishing all of our code, we were working with folk to make a better browser, regardless of where they were or if they were part of our org chart. Doing that excites people. Knowing that what you’re working on can go into a product used by others makes you faithful about that product. Knowing that your opinions and ideas can change the most complex application on your computer makes you want to share that application with others. Having a sense of ownership, no matter how small, makes you a member of a Community that advocates for that browser and makes you want to install it everywhere. That beats any clever marketing project, ever. I know this, because I saw it happen, repeatedly.

Of course Leadership doesn’t get that. That’s one of those “martian” things, that is clearly wrong and bad because it wasn’t part of their MBA syllabus and Meta didn’t do that. (I mean, the fact that Facebook is a community message board, and thus has more contributions from outside of the company than inside, may skip right by them, but whatever.)

Another fun example of “not clear on the idea” happened after Mozilla decided to chase the Enterprise dollar. Don’t get me wrong, that’s an incredibly rich seam to draw from. Short of getting government contracts, there’s no better source of reliable income. Of course, getting that “enterprise” gold isn’t easy, and comes with lots of strings and conditions, usually in the form of ISO standards. One of them is that you need to prove that your code and infrastructure are secure. (No bad guys getting in and doing bad guy things.) There are ways to address that sort of problem. One is to follow the guidance and install essentially spy-ware and locks on company issued devices to make sure that “noting bad happens”. Basically, fortify the walls so that the Outside People don’t get your valuable data.

Again, Mozilla is abnormal. Normal companies secure things because if bad people saw their code they could write exploits and do bad things. That works ﬁne for others, but Mozilla publishes all of their code. Bad guys are already building exploits, and Mozilla has a stellar track record of ﬁxing critical bugs, often within 24 hours. That’s unheard of, and they’ve done that since day 1. That’s like mandating you put a bar on the steering wheel of an armored tank, that’s actively crewed, in the middle of a base, with half the population watching. Yeah, sometimes bad things happen, but it’s not that often. You push back where it makes sense. Trust me, enterprise companies use curl, linux, and a slew of open source stuff written by random people who engage in all sorts of activities and will never ﬁll out a cybersecurity attestation certiﬁcate. You make sure that the keys are properly locked and the build environments are secure, and that there’s a clear audit path available with trusted signatories. You know, the thing they’ve been doing so long and well it’s what the guys who run cybersecurity outﬁts modeled themselves after.

Another delusion comes about because of self-reinforcement. Say you’re going to release some, controversial feature. Maybe it’s browser based DRM, maybe it’s AI, maybe it’s Push Notiﬁcations. Listening to your users can be a bit challenging[2], because while some might tell you, most probably won’t. They’ll just leave. That means that your source of information will be the people that stick around, so you wind up getting artiﬁcially high approval rates for things. It’s a bit like that bomber diagram meme. I’m willing to say that if you announce a feature or function and the number doesn’t go up past the initial novelty bump, that’s a pretty solid indicator that you guessed wrong, and maybe the folk complaining on Reddit might have a point. Folk are telling you, they’re just not doing it directly in a focus group.

A ﬁnal Community thing is that over the past ﬁve or so years, Mozilla has been turning away from it’s powerhouse, the Community. I have no idea why, but I can say that it’s a top down decision. At some point, some folk at a high level decided that Mozilla got to where it did on it’s own. It did not. The thing I was beating a drum about was that the folk working there were the lucky ones who got a paycheck, but most of their peers were folk who didn’t have a badge and a @mozilla.com email address. Leadership was convinced that the people in our Community were just customers, and maybe fans. This pissed off so, so many folk, and rightly so. They had given hours or years of effort and time without compensation, because they believed they were part of a larger effort. They felt betrayed because they were betrayed. I’m sure that someone probably had a reasonable argument about “how could we let all these outsiders have say?” or “I don’t like that those folk hate the amazing work we’re doing promoting lemony fresh bell bottoms (or whatever trend they were chasing)?” I dunno, boss, maybe the folk using your browser actually might have solid reasons of their own and might really appreciate things that don’t show up on LinkedIn top takes?

For what it’s worth, I’m not concerned for Mozilla isn’t it running out of money. So long as Google or another large search engine exists, it can get cash. There are also a few other ﬁnancial stability angles it can do which (frankly) would be better. I wish they had made a bigger deal about the privacy preserving (no, really) ad stuff that they were pioneering. Basically, think of it as regressing ads back to the model they were pre-internet, and you’re not far off. There will be lots of money and new leaders who don’t understand what made the company they’re now in charge of only last for so long. There will be lots of people with their own Big Ideas who will come in, chase the chickens around, and leave once they’ve caused enough ruckus. I hope that it continues to collect nascent martians like myself, who know how big Tech works, hate the approach that those companies take and want to actually make things better, rather than just put a gold star on their resume.

So, what to make of Mozilla?

I will absolutely say that it is full of some of the smartest, kindest, most privacy obsessed people I ever had the honor to work with. I’m proud of the 15+ years I spent working there and look back at most of it fondly. I will probably continue to use ﬁrefox as my daily browser, while turning off the latest fad stuff. I will keep telemetry on because I know exactly how it was used and how the people are painful about keeping it private. (Privacy scales, and is cheap as hell, even if it makes your job so damn hard.) I will avoid the AI crap because it’s not going to last. That said, there are other browsers I will probably screw around with more, like Servo and Vivaldi.

I also fully expect that this post will probably make the rounds on #moco and #cccc and it’ll promptly be ignored in a month. That’s ﬁne by me. I don’t expect anyone in Leadership to change, which will make me sad. Google’s cash cannon will continue to feed Mozilla for quite some time, so expect the bad ideas to continue.

But let’s say someone were to ask me the question I used to pose to folk in interviews. “Let’s say that you stun us and we make you CEO, what are the things you’d push hardest to do?”

Be boring for a while. There’s blood when you live on the cutting edge, but a lot of it is yours. Mozilla has tried building everything from a shopping nexus to a phone’s operating system, and kept discovering that they’re not great at it. They are, however, really good at building browsers. They should do that. Focus on shoring up core features that folk rely on. There’s opportunities to innovate and improve, of course, but it’s not a bad idea to let the high speed pasta cannon cool down a bit.

Cut back on the moonshots. As the saying goes: “Shoot for the moon! Because even if you miss, you quickly die of radiation poisoning and circle the sun for thousands of years before impacting something at thousands of kilometers an hour.” Firefox has been “a thing” for thirty years. Those fellow weirdos already know about Firefox, because they’re so sick of their default that they want something different. Instead of trying to give them some new, fancy thing-a-ma-bob that gets abandon in a year, how about spending time ﬁxing all the old bugs and tech-debt that’s accumulated? Give customers something that just works better, is less annoying, and doesn’t constantly scream about how awesome it is. Be the browser that realizes that maybe some people like radical change, but others REALLY don’t and make things “opt-in” by default. (Also, remember that your customers are not your fans. They barely tolerate you. You have to work every day to convince them to stick around. That’s not being negative, that’s being realistic. Humility drives improvement and forces you to be more critical about radical changes.)

Build back your Community. Encourage outside contributions, to the point where they are part of the active conversation about what to do next. Not some focus group you cornered for an hour with the promise of Amazon gift cards, but the folk that helped ﬁx a bug, land a feature, translate a page, or answered a ton of questions. Did you know that for a while Firefox was available in nearly every language? That was thanks to the team of volunteers that helped make sure that Firefox was ﬂuent when no other browser or application was.

Don’t get rid of the good stuff. Mozilla has a really terrible habit of trying to get rid of things that are successful. They hold Thunderbird at arms length, tossed out Rust (even though it could have been their cash cow), Servo may be what beats you. Yes, there have been a lot of really bad ideas and plenty of passion projects that went nowhere, but Mozilla often “cleaned house” for terrible reasons. Mozilla could still invite some of those orphaned projects back, you know. Or at least work with them to actually make things better. Maybe some face of Mozilla is the one that provides the “enterprise” aspect for Rust, and they split revenue with the project. Maybe they bring the Servo folk back to talk about improvements. Maybe they spend a few resources to improve bugzilla, the thing that got corrupted into the waking nightmare that is Jira, and give Atlassian a run for their copious money.

I do, honestly, wish that Mozilla would reconnect with their Community, though. I’d love if the abnormal little niche browser built by martians became popular. Not because of being just like the big browsers, but because it’s nothing like them. You know, kind of like it was back in the 2000′s when the DAU was way the hell higher. Firefox succeeds not by being the same, but by attracting folk that want something different and reﬂects their needs rather than someone’s OKR. We grow not by making noise, but by being useful. Heck, we can become a significant portion of the market again just by being a browser and not whatever the hell the other companies are doing that’s driving their customers nuts. Will we ever be #1? No. That shouldn’t be our goal, either. We should be a significant part of a vibrant ecosystem, not the black hole that consumed everything. Hell, if I were Mozilla Leadership, I’d be watching Vivaldi closer than I would be watching Chrome or Edge.

For the past year or so, I’ve been asking myself a question. “Who am I doing this for?” Who am I working so hard, landing features and functions, ensuring that things are working, etc. It’s pretty clear it’s not the same folk that I was doing it for when I started. It’s not the folk outside who wanted a browser that was theirs. The answer I kept coming back with was “I’m doing all this so that someone else can get a gold star on their resume for the next gig.” I’m sorry, but I don’t care about your career any more than you cared about mine. The people who go through the extraordinary effort to ﬁnd Mozilla Connect, have told you the things that they want us to work on. Yeah, it’s low trafﬁc in the same way that Arthur Dent’s home plans were public and well trafﬁcked. (Yes, I’m well aware that “Suggest” is used by something else, but we’ve never let that stop us before.) Working overtime and killing myself because someone got a wild hair is not super compelling, and makes what I do more “a job” than something I’m actually interested in doing.

As for me? I dunno. I’m more burnt than the Christmas Roast you just remembered you had in the oven. I’m more done than a Trump casino. I’ve got some money stashed away and can live off of that for quite some time, but I’ll probably be back doing tech stuff, probably open source stuff because it’s a lovely way to fuck with the tech bros trying to ruin it. Who knows, maybe I’ll grab a few old laptops, some controllers and set up a few MAME rigs at the local nursing homes because even old folk need a few FYB type games.

Heck, I might even fork Autopush and some of the WebPush libraries just so I can ﬁnally work through the backlog of crap.

[1] Someone noted to me that part of this is driven by Mozilla being notoriously slow about doing things internally. Everything feels like a struggle rather than how quick it is with startups that don’t have guard-rails, and I appreciate that. The problem, though, is that those guard-rails were added for reasons. The problem is that the “Go Fast” folk don’t ask why those guard-rails were added, nor try to ﬁgure out if they’re still needed, they just get frustrated an leave and the guard-rails remain. Mozilla is 30 years old, and made a LOT of mistakes, but, also learned a lot, part of the “go slow” I talk about later might be testing to see if we still need all those guard-rails and speed bumps.

[2] I will also add that there are some folk out there that are the absolute worst imaginable. They’re terrible people who sling insults and insist that their brilliance is the only solution to any problem. These are the folk that make 4chan look like angels, and they’re more than happy to pollute any discussion they can come across. Ignoring, banning, and otherwise dealing with those folk can be de-humanizing and soul crushing, because those folks do everything they can to make it that way. But, that’s also part of the challenge. You don’t let one person deal with it, you have lots of folk wade in and deal with it. You make the trolls small and uncomfortable because that’s what they are, insiginficant mites there just to pester and ruin things. That’s hard, and abnormal, and what makes a group stand out.

Read more Read the original on blog.unitedheroes.net →

Read the original on blog.unitedheroes.net →

A Call to Action: Stop the FCC's KYC Regime

blog.lopp.net

322 shares · 9 trendiness

Robocalls are really annoying. Everyone knows the misery of scam calls, spoofed numbers, fake warranty pitches, fraudulent bank alerts, and automated political spam. The FCC is correct to claim that illegal calls erode trust in the phone system and cost Americans time, money, and security. But this problem does not justify a dragnet solution. Under the guise of ﬁghting robocallers, the FCC is now considering “Know Your Customer” rules that could force phone providers to collect identity information from ordinary people before they can acquire or renew service with a phone carrier.

The proposal is being sold as consumer protection, but the surveillance regime it would create is something else entirely.

On April 30, 2026, the FCC adopted a Further Notice of Proposed Rulemaking seeking stronger KYC rules for voice service providers. The agency says possible measures include requiring providers to verify customer identities before enabling service, including name, address, government ID, and alternate phone numbers. The item was approved by Chairman Brendan Carr and Commissioners Gomez and Trusty.

That should alarm anyone who believes phone access is basic infrastructure, not a privilege conditioned on identity veriﬁcation. The danger is not that the FCC wants to punish robocall scammers. The danger is that the FCC is contemplating rules that would put millions of innocent people into telecom identity databases in the hope that criminals will be inconvenienced. We’ve seen this playbook before. Such measures take more privacy from lawful users while determined criminals will adapt and ﬁnd ways around the “gate.”

KYC does not reliably stop determined criminals. We know this to be true simply from looking at KYC requirements in the ﬁnancial system. There’s no shortage of money laundering that occurs through regulated venues, in part because criminals don’t have much trouble providing the required documentation to pass KYC checks. Why is this easy to route around? Mainly because so much personally identiﬁable information gets leaked on an ongoing basis that entire markets exist to trade this information. Buying a new identity and the associated documents to go along with it is cheap.

Burner Phones Are Important Tools

The proposal also reaches directly into prepaid service. The FCC is asking whether KYC requirements should vary between prepaid and postpaid plans, what information wireless providers currently obtain from prepaid SIM customers, and whether KYC measures should be imposed for prepaid service purchased through third-party vendors. That is the heart of the burner-phone issue. A prepaid phone is not just a movie prop for criminals. It can be a lifeline for a domestic violence survivor, a worker reporting misconduct, a journalist protecting a source, a protester avoiding retaliation, or someone who simply does not want every communication account tied to a government ID.

ACLU senior policy analyst Jay Stanley warned that the rulemaking contemplates taking away people’s ability to get a burner phone and could harm low-income people, domestic violence victims, and anyone who values privacy. That is the point the public needs to understand: anonymous or pseudonymous communication is not suspicious by default.

I’ve used KYC-free phone services for many years both as a security and privacy protection tactic. I, like anyone who might be suspected of having access to significant amounts of bitcoin, need strong privacy in order to protect myself from wrench attacks. This is not a theoretical threat; hundreds of Bitcoiners have been physically attacked and I myself have been swatted and extorted.

The most chilling parts of the FCC’s proposal go beyond ordinary ID collection. In its section on risk-based KYC differences, the FCC even asks whether providers should consult lists of terrorists, terrorist organizations, and “criminal persons” maintained by law enforcement entities. We’ve also seen this before and such lists would surely lead to false positives, abuse of innocent people being opaquely added to said lists, and the possibility that people could be denied basic communication infrastructure without a conviction or meaningful due process. Even though the FCC frames this as a question rather than a ﬁnal decision, it is a dangerous question for a communications regulator to normalize.

The proposal also contemplates long retention periods. The FCC asks about requiring providers to retain KYC information and supporting records for four years after the customer relationship ends. That means the risk does not end when someone cancels service. A person’s identifying information could remain in carrier databases for years, exposed to breach, misuse, subpoena, sale, or mission creep.

Mission creep is already visible in the FCC’s own words. The agency asks whether enhanced KYC rules could help law enforcement investigate crimes beyond illegal calls, including organized crime, trafﬁcking, espionage, inﬂuence operations, and other national-security concerns. That is a very different pitch from “we are stopping robocalls.” Once telecom providers are required to verify, retain, re-verify, and possibly screen customers, the phone system starts looking less like an open communications network and more like a chokepoint.

The FCC also proposes a per-call enforcement structure. It asks about assessing KYC violations on a per-call basis and specifically proposes a $2,500 per-call base forfeiture. That creates an obvious incentive: providers will protect themselves by over-verifying, over-retaining, and over-denying. When the penalty for under-screening can multiply by call volume, the safest corporate choice is not the one that protects consumer privacy, but rather the one that intrudes upon it greatly.

Privacy Is Not a Crime

A free society does not require citizens to continually ﬁght to retain their privacy. The burden should be on the government to justify eroding the rights of citizens via surveillance, data retention, and denial of access to essential communications tools.

We have seen this playbook before, oh so many times, to the point that it has become a meme. Those who seek to control the channels of communication must ﬁrst be able to identify anyone who is using a network so that they can then send their thugs to silence the undesirable speaker.

There is a better path. The FCC can target high-volume commercial origination, negligent providers, spoofing infrastructure, SIM-box abuse, and repeat bad actors without forcing every ordinary person to surrender identity documents to get a phone number. It can strengthen enforcement against carriers that knowingly enable illegal call trafﬁc. It can require narrow, risk-based due diligence for bulk callers. What it should not do is make every phone user prove who they are before they can communicate.

This is not a partisan issue. The average citizen does not want the government compiling lists of people who are conducting completely normal activities. They do not want “consumer protection” turned into surveillance. They do not want privacy treated as a loophole. And they do not want to ﬁnd out later that a rule meant to stop robocalls quietly ended the last practical way to access the telephone system without government permission.

KYC Is the Real Crime

I often refer to KYC as Kill Your Customer, because the very act of collecting sensitive personally identiﬁable information about a customer puts them at risk. The KYC regime has made itself into a joke by resulting in massive data leaks over the years, which now undermine the reliability of KYC since criminals can easily obtain fresh documents to bypass KYC checks with stolen identities.

Speciﬁc to phone service, KYC will actively degrade the security of your phone account because tying your account to an identity means that a criminal who obtains enough of your PII becomes better positioned to impersonate you to your phone provider and attempt to transfer your number to a SIM under the criminal’s control. This “SIM swapping” / “SIM jacking” issue has been a problem for over a decade now and is only getting worse as more and more of our lives are going digital and most of our important online accounts are tied to phone numbers and email addresses. The common attack vector for SIM jacking is:

Take over the victim’s phone number.

Use the phone number to reset access to the victim’s primary email account.

Use the email account and phone number to reset access to ﬁnancial accounts.

KYC is a laughable regime put in place under the claim of “stopping criminals” but the reality is that it is security theater that actually weakens the privacy and security of consumers rather than protecting them from bad actors. We should not double down on this broken system by implementing it in even more aspects of our lives.

It’s Not Too Late

This is not yet a ﬁnal rule. It is a proposed rule, which means the public still has a chance to push back. In the Federal Register, the FCC says it is seeking comment on this proposed change. That means we can give them a piece of our minds.

The comment deadline is June 25, 2026, with reply comments due July 27, 2026.

I urge you to submit a public comment to the FCC before June 25, 2026 opposing mandatory KYC identity checks for ordinary phone users. You can use the form at this link to submit a comment on this matter. Just click the link right now and submit a comment before you close this post! Yes, you, dear reader!

Remember that FCC comments are public. Assume that anything you submit, including personal information in the comment text or attachments, may become publicly viewable online. Don’t include personal details you can’t safely reveal to the world.

Feel free to use the following template to save yourself some time. Add / remove / edit whatever you wish to personalize it to your view.

I oppose any FCC rule that would require ordinary phone users, including prepaid users, to provide government-issued identiﬁcation numbers, identity documents, physical addresses, alternate phone numbers, or similar personal information as a condition of obtaining or renewing phone service.Robocalls and scam calls are serious problems, but mandatory identity collection for all users is overly broad, privacy-invasive, and likely to harm lawful users who need privacy, including domestic violence survivors, journalists, whistleblowers, low-income citizens, political organizers, and people facing retaliation or stalking.The FCC should reject any requirement that voice providers consult law-enforcement watchlists or lists of “criminal persons” before granting service. Access to basic communications infrastructure should not depend on opaque lists, screening systems prone to abuse and false positives, or processes lacking transparency.The FCC should also reject multi-year retention of KYC records for ordinary customers. Retaining identity information and supporting records after a customer leaves service creates unnecessary breach, misuse, and surveillance risks.The Commission should instead focus on narrow, evidence-based enforcement against high-volume illegal callers, spoofing abuse, SIM-box operations, and providers that knowingly or recklessly enable illegal trafﬁc. Any new rules should be targeted, privacy-protective, data-minimizing, and should preserve access to prepaid and privacy-protective phone service for lawful users.Please do not turn phone service into an identity checkpoint. Reject mandatory KYC requirements for ordinary telephone users.

Robocalls and scam calls are serious problems, but mandatory identity collection for all users is overly broad, privacy-invasive, and likely to harm lawful users who need privacy, including domestic violence survivors, journalists, whistleblowers, low-income citizens, political organizers, and people facing retaliation or stalking.

The FCC should reject any requirement that voice providers consult law-enforcement watchlists or lists of “criminal persons” before granting service. Access to basic communications infrastructure should not depend on opaque lists, screening systems prone to abuse and false positives, or processes lacking transparency.

The FCC should also reject multi-year retention of KYC records for ordinary customers. Retaining identity information and supporting records after a customer leaves service creates unnecessary breach, misuse, and surveillance risks.

The Commission should instead focus on narrow, evidence-based enforcement against high-volume illegal callers, spoofing abuse, SIM-box operations, and providers that knowingly or recklessly enable illegal trafﬁc. Any new rules should be targeted, privacy-protective, data-minimizing, and should preserve access to prepaid and privacy-protective phone service for lawful users.

Please do not turn phone service into an identity checkpoint. Reject mandatory KYC requirements for ordinary telephone users.

Now is the time for all Americans who are concerned about the constant erosion of their privacy to speak out.

Read more Read the original on blog.lopp.net →

Read the original on blog.lopp.net →

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

Visit pancik.com for more.