Lots of US states, European coun­tries, and Australia have in­tro­duced “age ver­i­fi­ca­tion” reg­u­la­tions. They pre­sent it as the clas­sic “save the chil­dren” talk­ing point, but it’s re­ally just a pre­cur­sor to at­tri­bu­tion of speech, par­tic­u­larly at­tribut­ing your words to your real iden­tity.

This is the state’s dream; your words, un­de­ni­ably tied to your real life iden­tity. Law en­force­ment gen­er­ally needs two things to take mean­ing­ful ac­tion: What hap­pened? and Who did it? so lets go over them, I promise it’s rel­e­vant.

What hap­pened? - Maybe you dis­like dat­a­cen­ters, il­le­gal im­mi­gra­tion, or taxes. Whatever it is, the po­lice want to know. If you’re post­ing on so­cial me­dia, they prob­a­bly al­ready know.

Who did it? - They can’t pros­e­cute PickleDog52, they rely on some sort of iden­ti­fier and a lot of in­ves­tiga­tive work to fig­ure out who to ha­rass or jail. Traditionally this has been achieved with OSINT (looking for clues in your posts, speech pat­tern, etc..) or sub­poe­naing the ser­vice provider to get your IP or other iden­ti­fiers like email or phone.

Doing #2 takes a lot of ef­fort and does­n’t scale. Sometimes there’s no prob­a­ble cause that a crime has been or will be com­mit­ted. Sometimes the tar­get uses a VPN or Tor. Sometimes the plat­form does­n’t have re­li­able met­rics on the tar­get. Whatever the rea­son, it usu­ally re­quires hu­mans click­ing but­tons, send­ing emails, or de­cid­ing things.

These “age ver­i­fi­ca­tion” laws are - by de­sign - iden­tity at­tri­bu­tion sys­tems. They at­tribute dig­i­tal iden­ti­ties (accounts) to phys­i­cal iden­ti­ties (SSN, ID, etc..). This is gov­ern­men­t’s ideal sit­u­a­tion, the abil­ity to quickly (automatically?) get iden­ti­fy­ing in­for­ma­tion about in­con­ve­nient peo­ple re­gard­less if they’re a crim­i­nal or not.

There’s also some­thing creep­ily ironic about se­lect cor­po­rate elite, politi­cians, and gov­ern­ment of­fi­cials push­ing age ver­i­fi­ca­tion to “save the chil­dren”… Maybe go check their flight logs or hard dri­ves or some­thing… Yikes!

Anyways, I have no doubts that this will be­come au­to­mated once enough of the pop­u­la­tion has ver­i­fied their iden­ti­ties. Post an in­con­ve­nient mes­sage about a politi­cian, or get a lit­tle too rowdy in a group chat, and you’ll get a let­ter in the mail or a knock at the door. Similar to the “love let­ters” sent by ISPs on be­half of the RIAA and MPAA when you en­joy a DRM-free me­dia file.

Don’t let them win. Don’t ver­ify your age. Don’t give up your iden­tity. If you ab­solutely must, find one of the nu­mer­ous age ver­i­fi­ca­tion ser­vices and pay in Monero.

This open-source ATS by HackerRank has been blow­ing up re­cently: https://​github.com/​in­ter­view­street/​hir­ing-agent

It’s popped up on LinkedIn and Reddit with hun­dreds, some­times thou­sands, of likes.1 A coworker men­tioned it to me in pass­ing a few days ago.

I’ve de­cided to test it out.

First work­ing run: 90/100. Felt pretty good!

I had some de­bug prints scat­tered around from trou­bleshoot­ing the setup, so I cleaned those up and ran it again.

74/100.

Same re­sume. Same com­mand. The only thing I changed was delet­ing print state­ments.

I dis­abled DEVELOPMENT_MODE and put it in a loop to run a hun­dred times.

The scores range from 66 to 99.

If your com­pa­ny’s cut­off sits at 85, I fail 65% of the time. Same ex­act re­sume, dif­fer­ent luck.

Here a quick run­down on how the tool works:

Your PDF gets parsed into text. An LLM is called six times to ex­tract struc­tured in­for­ma­tion — your ba­sics, work his­tory, ed­u­ca­tion, skills, pro­jects, awards. It pulls your GitHub pro­file, scans your top re­pos, ap­pends them as ex­tra con­text. Then every­thing gets fed into the LLM at once to be graded.

The scor­ing is out of 100, with up to 20 bonus points on top:

35 points for open source con­tri­bu­tions

35 points for open source con­tri­bu­tions

30 for per­sonal pro­jects

30 for per­sonal pro­jects

25 for work ex­pe­ri­ence

25 for work ex­pe­ri­ence

10 for tech­ni­cal skills

10 for tech­ni­cal skills

Up to 20 bonus points for startup ex­pe­ri­ence, a port­fo­lio site, a tech­ni­cal blog, etc.

Up to 20 bonus points for startup ex­pe­ri­ence, a port­fo­lio site, a tech­ni­cal blog, etc.

The de­fault model is gem­ma3:4b, run­ning at tem­per­a­ture 0.1 — low, sup­pos­edly nudg­ing the model to­ward de­ter­min­is­tic out­puts.

Here’s what I found when I looked at those in­di­vid­ual cat­e­gories.

Look at tech­ni­cal skills: I scored 8/10 in 98 out of 100 runs. Nearly per­fect con­sis­tency. How come? Because tech­ni­cal skills are a check­list. You ei­ther know React or you don’t. There’s noth­ing for an LLM to judge — a five year old could match that check-list.

Now look at pro­jects — there’s HUGE vari­a­tion.

LLMs strug­gle to make a judg­ment call like that con­sis­tently. Sometimes my pro­jects “lack ar­chi­tec­tural com­plex­ity”, some­times they “demonstrate real-world de­ploy­ment”. Which one the LLM spits out is a roll of the dice.

Temperature 0.1 is al­ready low, but even go­ing down to tem­per­a­ture 0 does­n’t fix this. Someone opened a GitHub is­sue back in October show­ing scores of 27, 34, 32, 34, 34, 30 across six con­sec­u­tive runs at tem­per­a­ture 0.2 This non-de­ter­min­ism is­n’t a bug you can just fine-tune away, it’s a fun­da­men­tal de­sign flaw.

I was wor­ried part of this might be the model. After all, gem­ma3:4b was a lo­cal model run­ning on my ma­chine.

Gemini re­sulted in a tighter dis­tri­b­u­tion — scores clus­tered be­tween 48 and 64. But if your cut­off is 60, you’re still fail­ing 28% of the time through no fault of your own.

The Open Source scores have be­come con­sis­tent — that’s a le­git im­prove­ment. But pro­ject scores are still all over the place.

Experience has me the most con­cerned.

25/25.

Every sin­gle run.

I went back and pulled up an old re­sume — one in­tern­ship on it.

Also 25/25.

The clue is in the prompt…

The en­tire thing is two lines long.

No rubric. No ex­am­ples. No an­chors for what earns a 15 ver­sus a 25.

A ju­nior en­gi­neer with one in­tern­ship gets 25/25. A prin­ci­pal en­gi­neer with a decade of dis­trib­uted sys­tems gets 25/25. I get 25/25. Experience has two lines and no an­chors — con­sis­tent, but use­less. Projects has a de­tailed rubric with ex­am­ples but it’s the nois­i­est cat­e­gory — in­con­sis­tent, also use­less. There are some things that LLMs just can’t do well, no mat­ter how you prompt.

Use an LLM to parse a re­sume into struc­tured data — great, that’s what they’re good at. Use one to check whether some­one knows Python — amaz­ing. Use one to judge whether a can­di­date’s ex­pe­ri­ence is worth 18 points or 24 points? You get a vibe-check. Something HR teams, bar rais­ers, and a dozen other ini­tia­tives have spent decades try­ing to avoid.

The 65% weight­ing on open source + pro­jects does­n’t help ei­ther. I’d take the en­gi­neer with 30 years of ex­pe­ri­ence who built S3 over some­one with two in­tern­ships and an open source pro­ject — but this tool would­n’t. Some of the best en­gi­neers I know have built things that never ended up on GitHub. That’s over half of their score gone be­fore any hu­man looks their way.

If you’re an en­gi­neer with any say in how your com­pany han­dles re­sume screen­ing: please be very care­ful with AI-screening tools. A tool that can’t dif­fer­en­ti­ate is­n’t fil­ter­ing for qual­ity — it’s just fil­ter­ing. You might as well throw out half the re­sumes and tell the the ap­pli­cants you don’t fuck with bad luck.

Correction (June 28): A reader flagged that the re­sume_e­val­u­a­tion_cri­te­ria.jinja tem­plate says “Software Intern” on line 1 — nowhere doc­u­mented, nowhere else ref­er­enced in the repo. The same tem­plate that later gives bonus points for “founder roles, co-founder po­si­tions, or early-stage en­gi­neer roles.” I re-ran with an ex­plicit Senior SWE prompt and got iden­ti­cal re­sults — the scor­ing di­men­sions are po­si­tion-ag­nos­tic.

1

Viral LinkedIn (read at your own risk) and Reddit posts. They both claim the repo was open-sourced re­cently, but based on com­mit his­tory it’s more likely that it just blew up re­cently and has been open sourced since October 2025.

2

Non-determinism at tem­per­a­ture 0 was flagged in this GitHub is­sue, opened October 2025.

No posts

In 2022, I wrote about the damn­ing fall of events tech com­pany Pollen. The short of it:

Pollen seemed to have pulled off the im­prob­a­ble feat of build­ing a busi­ness in the no­to­ri­ously low mar­gin in­dus­try of events, sur­viv­ing Covid-19, and build­ing a solid soft­ware en­gi­neer­ing or­ga­ni­za­tion. In April this year, the com­pany an­nounced it had raised an­other $150M in fresh fund­ing.But just three weeks later, Pollen laid off about 200 peo­ple, a third of staff. Leadership as­sured em­ploy­ees all was well. However, from that point on, things got worse. Leadership later pulled the plug on Slack, em­ploy­ees were not paid wages, pen­sion con­tri­bu­tions went miss­ing, and ven­dors were not paid. Some ven­dors took mat­ters into their own hands; on 9 August 2022, JIRA was sus­pended when Atlassian tired of the com­pa­ny’s fail­ure to pay.On 10 August 2022, Pollen went bank­rupt, col­laps­ing into ad­min­is­tra­tion.

But just three weeks later, Pollen laid off about 200 peo­ple, a third of staff. Leadership as­sured em­ploy­ees all was well. However, from that point on, things got worse. Leadership later pulled the plug on Slack, em­ploy­ees were not paid wages, pen­sion con­tri­bu­tions went miss­ing, and ven­dors were not paid. Some ven­dors took mat­ters into their own hands; on 9 August 2022, JIRA was sus­pended when Atlassian tired of the com­pa­ny’s fail­ure to pay.

On 10 August 2022, Pollen went bank­rupt, col­laps­ing into ad­min­is­tra­tion.

The ar­ti­cle looked bad on Pollen’s founder, Callum Negus-Fancey. He was ul­ti­mately re­spon­si­ble for ly­ing to staff, not pay­ing salaries, the miss­ing pen­sion con­tri­bu­tions, and the un­paid health in­sur­ance for US em­ploy­ees. The story was so bad that the BBC cre­ated a doc­u­men­tary ti­tled Crashed: $800M Festival Fail.

And then there was the $3.2M dob­ule charge for cus­tomers, man­u­ally ini­ti­ated by CTO Bradley Wright, de­tailed ex­ten­sively in the doc­u­men­tary Crashed: $800M Festival Fail. That dou­ble charge would have been triv­ial to re­verse, but the re­ver­sal never hap­pened, cus­tomers never got their money back, and the post­mortem of the in­ci­dent was never re­leased to staff.

Four years later, Pollen and Callum Negus-Fancey are at­tempt­ing to erase this shame­ful story from the pub­lic record. The ar­ti­cle is my orig­i­nal writ­ing, and thus I am the copy­right holder of it. So imag­ine my sur­prise when I was no­ti­fied that Google re­moved the ar­ti­cle from its search re­sults thanks to a copy­right in­fringe­ment claim it re­ceived:

It seems that any­one can file a bo­gus copy­right claim to get an ar­ti­cle they don’t like re­moved from Google’s search in­dex. This hap­pened in this case. I have no in­for­ma­tion on who filed the copy­right claim. Even less so on who claims to be the copy­right owner? Because I am the only pos­si­ble copy­right owner!

And Google has gone ahead and re­moved my ar­ti­cle about Pollen’s shame­ful col­lapse from its search re­sults.

I have the op­tion to ap­peal, which I have done so.

Google’s copy­right re­moval sys­tem is clearly be­ing abused, to a com­i­cal de­gree. Someone does­n’t like that I went into ex­treme de­tail about the events at Pollen - all of which are facts. And, for some rea­son, bo­gus copy­right re­quests can be weaponized to re­move in­for­ma­tion like this from Google’s search in­dex.

I man­aged to find the bo­gus DMCA com­plaint sub­mis­sion, af­ter Google re­moved my site from search re­sults. It is ab­solute BS: it claims that my orig­i­nal ar­ti­cle is a copy of a The New York Post ar­ti­cle. Which is ab­solute non­sense!

This “Ellie Piee” claimed that this 1998 ar­ti­cle ti­tled Band Leader Hits Winning Chord was copied by my ar­ti­cle Inside Pollen’s Collapse: “$200M Raised” but Staff Unpaid - Exclusive. The two do not even share a sin­gle sen­tence!

The fake DMCA is made by a fake pro­file from a coun­try with zero in­hab­i­tants. The re­moval re­quests by this “Ellie Piee” are made from the coun­try called Bouvet Island, an un­in­hab­ited Norwegian de­pen­dent ter­ri­tory in the South Atlantic/Southern Ocean near Antarctica. It has zero in­hab­i­tants, and is re­ferred to as the “world’s most re­mote is­land.”

Why does Google al­low fraud­u­lent DMCA no­tices to be filed with no penalty? My own spec­u­la­tion is that it is clear enough that ei­ther Pollen, or its for­mer CEO Callum Negus-Fancey, or its co­founder and COO Liam Negus-Fancey or some­one else re­lated to the com­pany hired rep­u­ta­tion firms to re­move Pollen ar­ti­cles from Google. This firm then files the most bo­gus re­quests un­der fake names sup­pos­edly re­sid­ing in un­in­hab­ited re­gions of the world, and Google com­plies.

I never thought I would have to re­visit the shame­ful his­tory of Pollen, but some­one at the com­pany felt the need to prompt me to do so.

Lawsuits are still on­go­ing against Pollen, by the way. Now that some­one from Pollen tried to erase the record of this story, I got a bit of re­newed in­ter­est in what has hap­pened since. In California, the law­suit Tayler Ulmer vs Pollen is still in progress, sum­ma­rized as:

Tayler Ulmer and five other named for­mer em­ploy­ees, on be­half of them­selves and “all sim­i­larly sit­u­ated em­ploy­ees” claim to have been laid off with­out paid wages and ben­e­fits, plus claim­ing pos­si­ble fraud

The fil­ing says that Pollen ex­ec­u­tives Callum Negus‑Fancey, Liam Negus‑Fancey, and James Ellis are per­son­ally li­able in this law­suit

The law­suit wants to re­claim un­paid wages, un­paid sev­er­ance, restora­tion of lost 401(k) con­tri­bu­tions, and a ul­ing that all the named en­ti­ties and in­di­vid­u­als are jointly li­able, in­clud­ing suc­ces­sor en­ti­ties, so em­ploy­ees can col­lect re­gard­less of how Pollen shuf­fled as­sets and dis­solved sub­sidiaries

I am wish­ing best of luck to the claimants - for­mer Pollen em­ploy­ees - and we will see how the judge rules in this law­suit. The more Pollen wants to si­lence me writ­ing about this, the more I’ll likely pay at­ten­tion.

Pollen ex­ec­u­tives should have read what the Streinsand ef­fect means!

Subscribe to my weekly newslet­ter to get ar­ti­cles like this in your in­box. It’s a pretty good read - and the #1 soft­ware en­gi­neer­ing newslet­ter on Substack.

I’ve been dis­ap­pointed by lo­cal mod­els in the past. But then I checked Qwen 3.6, and I was in awe. For me it’s the first lo­cal model that ac­tu­ally makes sense as a gen­eral in­tel­li­gence.

It comes in two vari­ants, a mix­ture-of-ex­perts model Qwen 3.6 35B A3B, and a dense Qwen 3.6 27B - slower, but more pow­er­ful. The one I rec­om­mend!

Let me share my im­pres­sions, and show that you can run it too.

It’s hot, lit­er­ally. When my knees started to melt, I grabbed a phone-at­tached ther­mal cam­era and took a photo.

Qwen 3.6, right­fully, got a lot of cov­er­age on Hacker News. The most com­mon state­ment about Qwen 3.6 27B is that it punches above its weight - see Will it Mythos?. And I think it is a well-de­served sen­ti­ment. It will make your com­puter hot, but it’s worth it!

Testing the wa­ters

Simon Willison uses “penguins on a bi­cy­cle” as a smoke test (see for Qwen 3.6 35B A3B and then Qwen 3.6 27B). I usu­ally go with con­strained writ­ing.

A year ago these kinds of things were state of the art, need­ing a unique, and in­sanely ex­pen­sive GPT-4.5, see vibe trans­lat­ing Quantum Flytrap.

I also asked it to write an 8 line poem about Zouk dance and quan­tum physics, see the tran­script. The thought process made sense, both in terms of de­lib­er­a­tion on quan­tum terms, and rhymes.

Then I asked in OpenCode to cre­ate a hexag­o­nal minesweeper us­ing pnpm. It worked:

It worked on the first go, from a sin­gle prompt, with a proper Node pack­age. The mix­ture-of-ex­perts Qwen 3.6 35B A3B was faster… but ig­nored my in­struc­tion to cre­ate a pack­age, and did it in a sin­gle in­dex.html.

Real work

Sure, cre­ative writ­ing about quan­tum me­chan­ics, or yet an­other clone of a minesweeper, is rarely a day job. But Qwen 3.6 27B is de­cent at reg­u­lar tasks as well.

Prompt by a friend, Maciej Cielecki, at AI Tinkerers Warsaw.

It worked for a few min­utes and cre­ated this:

By stan­dards of cur­rent fron­tier mod­els, it’s un­re­mark­able. But it is al­ready a prac­ti­cal job. It worked, was re­ac­tive, de­faults were nice - all from a sin­gle, short prompt.

Running Qwen 3.6 lo­cally with llama.cpp

Running lo­cal mod­els is eas­ier than ever. A few CLI lines and you’re off.

I rec­om­mend llama.cpp - a di­rect, open source tool that al­lows run­ning mod­els on var­i­ous de­vices. You don’t need Ollama, and frankly - I would rec­om­mend against us­ing that on eth­i­cal grounds.

First, we go to Hugging Face, to get proper quan­ti­za­tion, i.e. a model with re­duced size - pop­u­lar ones are by un­sloth or bar­towski, among oth­ers. Default mod­els usu­ally come with BF16 pre­ci­sion. A com­mon 8-bit quan­ti­za­tion saves half the space at al­most no cost to qual­ity. Going fur­ther down the road, mod­els are smaller (and po­ten­tially - faster), but at the cost of qual­ity, see this com­par­i­son for 27B and an­other one for 35B A3B.

We grab un­sloth/​Qwen3.6 – 27B-MTP-GGUF:Q8_0, an 8-bit quan­ti­za­tion with sup­port for multi-to­ken pre­dic­tion (MTP).

llama-server -hf un­sloth/​Qwen3.6 – 27B-MTP-GGUF:Q8_0 \ –spec-type draft-mtp -ngl 999 -fa on -c 65536 –port 8080

What it does:

-hf un­sloth/​Qwen3.6 – 27B-MTP-GGUF:Q8_0 grabs from Hugging Face, on the next runs will reuse that

-m ~/models/Qwen3.6 – 27B-Q8_0.gguf use in­stead if you al­ready have it

draft-mtp we use a fast model to pre­dict sub­se­quent to­kens, speeds up things

-ngl 999 for putting all lay­ers to GPU

-fa on flash at­ten­tion is on

-c 65536 con­text size set to 64k to­kens (this we can tweak, as Qwen 3.6 27B na­tive con­text is 256k)

–port 8080 bet­ter to pin port, as it will be used by other con­figs

If you open http://​127.0.0.1:8080, you can di­rectly chat with it.

Precisely the same server can be used for vibe cod­ing. Choice of agent de­pends both on one’s goal and sub­jec­tive taste - for an all-around OpenCode, min­i­mal­is­tic Pi, and self-im­prov­ing Hermes.

For OpenCode, it is as sim­ple as adding to ~/.config/opencode/opencode.jsonc:

{ “$schema”: “https://​open­code.ai/​con­fig.json”, “provider”: { “llama”: { “name”: “llama.cpp (local)”, “npm”: “@ai-sdk/openai-compatible”, “options”: { “baseURL”: “http://​127.0.0.1:8080/​v1”, “apiKey”: “local” }, “models”: { “qwen3.6 – 27b”: { “name”: “Qwen3.6 – 27B Q8 +MTP” } } } }, “model”: “llama/qwen3.6 – 27b” }

If you just want to chat and are a big fan of Terminal, in­stead of llama-server use llama-cli:

llama-cli -hf un­sloth/​Qwen3.6 – 27B-MTP-GGUF:Q8_0 \ -ngl 999 -fa on -c 65536

Measuring per­for­mance

Is it fast enough?

I ran a few tests (source is here) on my Macbook Max M5 128 GB, run­ning it with and with­out multi-to­ken pre­dic­tion, and com­par­ing both with the 35B A3B model, and also a quan­tized DeepSeek V4 Flash ver­sion DwarfStar4.

to­kens / s

RAM

Qwen3.6 – 35B-A3B · 8-bit

MLX

85 tok/​s 85

37 GB RAM 37 GB

llama.cpp

93 tok/​s 93

44 GB RAM 44 GB

llama.cpp + MTP

105 tok/​s 105

45 GB RAM 45 GB

Qwen3.6 – 27B · 8-bit

MLX

17 tok/​s 17

28 GB RAM 28 GB

llama.cpp

18 tok/​s 18

41 GB RAM 41 GB

llama.cpp + MTP

32 tok/​s 32

42 GB RAM 42 GB

DeepSeek-V4-Flash · Q2–Q4

llama.cpp

33 tok/​s 33

103 GB RAM 103 GB

30 to­kens per sec­ond is not bad, well within typ­i­cal fron­tier model API range. While mlx-lm is pre­cisely tar­geted at Apple Silicon de­vices, and AI agents heav­ily rec­om­mend it, llama.cpp turned out to be faster. It was us­ing 95% of GPU, which means it is ef­fi­ciently us­ing avail­able re­sources.

Macbook Max M5 is a beast (at least for a lap­top), but on other de­vices it should also work de­cently. As you can see, both Qwen 3.6 vari­ants run within 48 GB of Apple Silicon’s shared RAM. On con­sumer Nvidia RTX cards, you need to quan­tize more ag­gres­sively — but in­fer­ence runs even faster.

I set this up to­day on my 5090 at Q6_K quan­ti­za­tion and Q4_0 KV, got 50 to­kens/​s con­sis­tently at 123k con­text, us­ing ~28/32gb vram through LM Studio. - gfosco on the Hacker News

I set this up to­day on my 5090 at Q6_K quan­ti­za­tion and Q4_0 KV, got 50 to­kens/​s con­sis­tently at 123k con­text, us­ing ~28/32gb vram through LM Studio. - gfosco on the Hacker News

While 35B A3B is 3x faster, I pre­fer 27B. I’d rather gen­er­ate a third as much code, but of higher qual­ity.

How do they re­late to pre­vi­ous state of the art mod­els?

Manual in­spec­tion is great, but bench­marks help with ground­ing in­tu­itions. Here is the score from Artificial Analysis, com­par­ing it with fron­tier mod­els:

Gemma 4 31B

29

≈ late 2024

o1 / Claude 3.5 Sonnet

Qwen3.6 – 35B-A3B

32

≈ early 2025

o3 / Claude 4 Sonnet

Qwen3.6 – 27B

37

≈ mid 2025

GPT-5 / Claude Sonnet 4.5

DeepSeek-V4-Flash

40

≈ late 2025

GPT-5.2 / Claude Opus 4.5

A few more bench­marks are in these notes, but the spirit is sim­i­lar. Added here Gemma 4 31B, as a lot of peo­ple use this as the de­fault for lo­cal cod­ing. But both bench­marks and gen­eral sen­ti­ment on­line favour Qwen 3.6 27B by a large mar­gin.

Here there is a caveat - 8-bit quan­ti­za­tion likely does not af­fect re­sults much, but DwarfStar4 uses much more ag­gres­sive ones for DeepSeek V4 Flash, 2 – 4 bit. For sure it is worse than the full model. My per­sonal im­pres­sion is that within these quan­ti­za­tions Qwen 3.6 27B is as good as (or maybe slightly bet­ter than) DwarfStar4. Though, I won’t be sur­prised if for longer con­text pro­jects DS4 has an edge.

What’s next

I think we are en­ter­ing a fas­ci­nat­ing era, when it be­comes fea­si­ble to run one’s own mod­els.

The change will be pro­pelled fur­ther by the state of pro­pri­etary fron­tier mod­els. Claude Fable 5 was taken down. Other fron­tier mod­els run at a mas­sive sub­sidy, where pay­ing $100 a month gives us thou­sands worth in to­kens. Let’s use the dis­count while it lasts!

A lo­cally set model can be fine-tuned to our needs, and can­not be taken away. Businesses can use them for pro­pri­etary and sen­si­tive data. We can use them per­son­ally for of­fline pro­jects, or when we don’t feel com­fort­able shar­ing our deep­est se­crets, or med­ical data, with the US or China.

With the re­lease of fron­tier-level open-weight GLM 5.2, there is a new era. While Qwen 3.6 was the step­ping stone, even fron­tier GLM 5.2 can be run lo­cally. It won’t run on your Macbook or a sin­gle RTX 5090. But still, it is man­age­able with a com­pany bud­get.

Moreover, I strongly be­lieve that we will have mod­els smarter than cur­rent state of the art, while runnable on lo­cal de­vices, maybe even smart­phones. Current mod­els com­bine both raw in­tel­li­gence and fac­tual knowl­edge in the same weights. Future mod­els will likely sep­a­rate that, of­fload­ing a lot of knowl­edge to tool call­ing.

Discuss on Hacker News, LinkedIn, or X.

To use the Mastodon web ap­pli­ca­tion, please en­able JavaScript. Alternatively, try one of the na­tive apps for Mastodon for your plat­form.

The US supreme court has ruled that law en­force­men­t’s use of sprawl­ing war­rants that sweep up smart­phone lo­ca­tion data re­quires pri­vacy pro­tec­tions un­der the fourth amend­ment, in a boost to crit­ics who view their use as an un­con­sti­tu­tional drag­net.

Justice Elena Kagan wrote the ma­jor­ity opin­ion, which held that the sen­si­tive data scooped up by “geofence war­rants” counts as a fourth amend­ment search, and of­fers in­di­vid­u­als a “reasonable ex­pec­ta­tion of pri­vacy”, even if they may be in a pub­lic area.

“An in­di­vid­ual has a rea­son­able ex­pec­ta­tion of pri­vacy in records about his cell phone’s lo­ca­tion, and po­lice in­trude on that con­sti­tu­tion­ally pro­tected in­ter­est when they de­mand the in­for­ma­tion — even though for only a lim­ited time, and from a third-party tech com­pany,” Kagan wrote.

The judges ruled 6 – 3 in Chatrie v US, against the gov­ern­ment, in a case that has been widely viewed as a test of how pri­vacy rights trans­late into a new dig­i­tal era.

The use of ge­ofence war­rants is wide­spread, and gives law en­force­ment agen­cies the power to com­pel tech com­pa­nies to hand over sen­si­tive cell phone data from peo­ple at or near crime scenes. The war­rants al­low po­lice and the FBI to col­lect this in­for­ma­tion from in­di­vid­u­als within the ra­dius of a vir­tual “fence” dur­ing a par­tic­u­lar time­frame. But they are not re­stricted to re­quest­ing data for pre­cise tar­gets.

The Chatrie case fo­cuses on lo­cal po­lice’s pur­suit of an armed bank rob­ber in Richmond, Virginia. He fled with $195,000. Law en­force­ment tracked Okello Chatrie down through their use of ge­ofence war­rants. Chatrie had opted in to an op­tional Google “location his­tory” fea­ture that doc­u­mented his lo­ca­tion every few min­utes. He was even­tu­ally sen­tenced to 12 years in prison, af­ter plead­ing guilty.

Chatrie’s lawyers ar­gued that this search was overly broad and vi­o­lated his fourth amend­ment rights, which pro­tects in­di­vid­u­als from “unreasonable search and seizure”. Lawyers said that po­lice’s use of ge­ofence war­rants amounted to an of­fi­cial “search” un­der the fourth amend­ment, and did­n’t meet the con­sti­tu­tion’s re­quire­ments for one.

The gov­ern­ment had ar­gued that ac­cess­ing only a short amount of cell­phone lo­ca­tion in­for­ma­tion means this tac­tic does not count as a fourth amend­ment search and ac­cord­ingly, should not be af­forded the same pri­vacy pro­tec­tions. But the judges in the ma­jor­ity dis­agreed.

The judges in the ma­jor­ity opin­ion also wrote that the gov­ern­men­t’s char­ac­ter­i­za­tion of gen­er­at­ing lo­ca­tion his­tory as a vol­un­tary choice is “meritless”.

They sug­gested that peo­ple aren’t choos­ing to share pri­vate in­for­ma­tion with third par­ties and the gov­ern­ment “just by do­ing the or­di­nary thing cell­phone users do”. “The point of car­ry­ing smart­phones is to use what is on them,” in­clud­ing the apps and ser­vices they pro­vide — many of which use lo­ca­tion data to cus­tomize a user’s ex­pe­ri­ence, they said.

“That ar­gu­ment ig­nores how and why Google users turn on lo­ca­tion his­tory: Google re­peat­edly prompts users to turn on the ser­vice, of­ten warn­ing that de­vices will not ‘work cor­rect­ly’ oth­er­wise, while not dis­clos­ing in that prompt how fre­quently users’ lo­ca­tion in­for­ma­tion would be recorded, how pre­cise it would be, or how it might be given to the gov­ern­ment,” they wrote.

Justice Sonia Sotomayor wrote that “even short-term mon­i­tor­ing” of a per­son’s phys­i­cal move­ments can pro­vide “a wealth of de­tail about [his] fa­mil­ial, po­lit­i­cal, pro­fes­sional, re­li­gious, and sex­ual as­so­ci­a­tions”. She high­lighted ex­am­ples of a per­son’s trips to “the psy­chi­a­trist, the plas­tic sur­geon, the abor­tion clinic, the Aids treat­ment cen­ter, the strip club, the crim­i­nal de­fense at­tor­ney, [or] the by-the hour mo­tel”.

Privacy ad­vo­cates share her con­cerns that ge­ofence war­rants can be overly broad in the area they tar­get, as well as the length of time they cover. “If the gov­ern­ment does­n’t need to … link some­thing to a crime, it could mon­i­tor a protest or an abor­tion clinic or a gun range or a church or an AA meet­ing or a doc­tor’s of­fice,” Matthew Tokson, a law pro­fes­sor at the University of Utah, said.

While the ma­jor­ity opin­ion noted that po­lice con­ducted a fourth amend­ment search by ac­cess­ing Chatrie’s lo­ca­tion his­tory data, they noted that the court of ap­peals will weigh in on whether the “search was rea­son­able, mean­ing that each of its steps was prop­erly de­scribed with par­tic­u­lar­ity and found to be sup­ported by prob­a­ble cause”.

Law en­force­ment has said they need ge­ofence war­rants to find sus­pects and wit­nesses — af­ter reach­ing dead ends. The US gov­ern­ment, for its part, has ar­gued that peo­ple can’t have a “reasonable ex­pec­ta­tion of pri­vacy” when they are in pub­lic and have al­lowed a third party com­pany, such as Google, to col­lect and an­a­lyze phone lo­ca­tion data.

The gov­ern­ment noted in its le­gal fil­ings that “only about one-third of ac­tive Google ac­count hold­ers ac­tu­ally opted into the lo­ca­tion his­tory ser­vice”; Chatrie’s lawyers noted in court doc­u­ments that this amounted to more than 500 mil­lion Google users. Even Google has ac­knowl­edged in le­gal fil­ings for the case that ge­ofence searches “often run a high risk of sweep­ing in in­no­cent users–some­times thou­sands of them.” The tech com­pany said that it’s com­mon for these in­quiries to cover pri­vate homes, apart­ment build­ings, gov­ern­ment build­ings, ho­tels, places of wor­ship, busy roads, and other lo­ca­tions that law en­force­ment has­n’t iden­ti­fied prob­a­ble cause to search.

The rul­ing marks the first time the US supreme court is con­sid­er­ing the scope of the fourth amend­ment since a land­mark 2018 pri­vacy rul­ing. At the time, judges de­cided in a 5 – 4 de­ci­sion that the gov­ern­ment gen­er­ally needs a war­rant to track a per­son’s cell­phone lo­ca­tion his­tory.

Paul Ohm, a law pro­fes­sor at Georgetown University, said “today is a very good day for con­sti­tu­tional pri­vacy.” He added: “The court reaf­firmed that the po­lice need a search war­rant to turn pri­vate ser­vices like Google’s lo­ca­tion track­ing into a state sur­veil­lance tool.”

403 ERROR

Generated by cloud­front (CloudFront) Request ID: cm5OT3JhrhXGE9sw1PXgxG2f_xb­He5_hKNE8a-vV5GLWQh3i­Ip­KEWw==

Reference #18.8132817.1782777406.264c32e2

https://​er­rors.edge­suite.net/​18.8132817.1782777406.264c32e2

Home > Piracy >

For years, right­sh­old­ers have pushed for broader site block­ing or­ders, with no di­rect li­a­bil­ity if these re­sult in overblock­ing. EuroISPA, which rep­re­sents over 3,300 European in­ter­net ser­vice providers, is now ask­ing the EU Commission to change that. The as­so­ci­a­tion points to a se­ries of overblock­ing in­ci­dents in Italy, Spain, and else­where, where right­sh­old­ers were not held ac­count­able.

Last year, EuroISPA warned the European Commission that site block­ing was be­com­ing dis­pro­por­tion­ate.

Fast-forward a year, and the providers’ con­cerns have only grown.

In a new fil­ing to the Commission’s on­go­ing as­sess­ment of the Copyright in the Digital Single Market Directive, EuroISPA once again sounds the alarm, point­ing out that the piracy block­ing cli­mate in some coun­tries is get­ting more ex­treme.

EuroISPA starts by ex­plic­itly ref­er­enc­ing the Commission’s own con­clu­sions. Its eval­u­a­tion of the 2023 Recommendation on com­bat­ing piracy of live events con­cluded that the mea­sures had “limited pos­i­tive ef­fects” and did not lead to a sub­stan­tial re­duc­tion in piracy.

“This find­ing is an im­por­tant base­line for this con­sul­ta­tion: it sug­gests that in many cases the prob­lem lies in the en­force­ment of ex­ist­ing law, not in a gap in the leg­isla­tive frame­work,” the ISP or­ga­ni­za­tion notes.

The European Commission should pri­or­i­tize the im­ple­men­ta­tion of cur­rent law, in­stead of in­tro­duc­ing any new en­force­ment oblig­a­tions, the fil­ing ar­gues. That does­n’t mean that every­thing is func­tion­ing fine now. On the con­trary, the ISPs flag a myr­iad of overblock­ing in­ci­dents.

Blocking Goes Beyond ISPs

In re­cent years, site block­ing or­ders have ex­panded to other in­ter­me­di­aries, in­clud­ing DNS re­solvers and VPN providers. This is prob­lem­atic, EuroISPA ar­gues, as these ser­vices have no di­rect link to the in­fring­ing con­tent and of­ten lack the tech­ni­cal means to im­ple­ment ge­o­graph­i­cally re­stricted blocks.

This ex­pan­sion, com­bined with var­i­ous overblock­ing in­ci­dents through­out Europe, is prob­lem­atic, the ISP as­so­ci­a­tion notes, while list­ing var­i­ous ex­am­ples.

In Italy, Piracy Shield’s IP-level block­ing caused col­lat­eral dam­age to over 7,700 do­main names. In ad­di­tion, a Portuguese host­ing provider lost email con­nec­tiv­ity with Italian cus­tomers for 16 days. When Cloudflare de­clined to com­ply with block­ing de­mands, Italy’s com­mu­ni­ca­tions reg­u­la­tor AGCOM fined it 14 mil­lion eu­ros.

In Spain, LaLiga ob­tained a block­ing or­der that tar­geted shared IP ad­dresses, which were also used by thou­sands of le­git­i­mate sites. EuroISPA says that mil­lions of Spanish in­ter­net users have lost ac­cess to bank­ing apps, de­vel­oper tools, and pay­ment plat­forms, as a re­sult of the site block­ing mea­sures.

In Belgium and France, site block­ing is also ex­pand­ing. Cisco pulled OpenDNS from France in 2024 and Belgium in 2025, af­ter be­ing or­dered to block pi­rate sites. It re­sumed its ser­vice in Belgium when it ap­pealed this de­ci­sion, which could have far-reach­ing con­se­quences.

“The out­come of that ap­peal may have sig­nif­i­cant con­se­quences for the scope of fu­ture block­ing or­ders across the EU, as the trend of ex­tend­ing oblig­a­tions to DNS re­solvers and VPN providers con­tin­ues to grow across Member States,” EuroISPA notes.

Overblocking Accountability

The ISP or­ga­ni­za­tion cites the CEPS re­port pub­lished in April, which cau­tioned against IP-address block­ing.

The same re­port also rec­om­mended that right­sh­old­ers should be held li­able for overblock­ing dam­age. EuroISPA is now mak­ing the same de­mand di­rectly to the Commission. This does­n’t re­quire any new leg­is­la­tion, as EU’s Intellectual Property Rights Enforcement Directive (IPRED) sup­ports it.

EuroISPA ar­gues that “rightsholders should be held ac­count­able” for “collateral dam­age caused by over­broad block­ing ac­tions, with com­pen­sa­tion mech­a­nisms that are clearly de­fined and en­force­able.”

The ISP or­ga­ni­za­tion also ar­gued against the rapid block­ing re­quire­ments, which re­quire ser­vices to im­ple­ment block­ades in a short time­frame. That would in­clude Italy, where providers have to take ac­tion within 30 min­utes, which can be prob­lem­atic for smaller com­pa­nies.

“The cur­rent ab­sence of such mech­a­nisms cre­ates a struc­tural bur­den that falls dis­pro­por­tion­ately on smaller providers,” the sub­mis­sion notes.

Whether the Commission will pick up these sug­ges­tions has yet to be seen. For now, the CDSM re­view con­tin­ues, which will un­doubt­edly also see calls from right­sh­old­ers to fur­ther ex­pand the cur­rent site block­ing pow­ers.

—

A copy of EuroISPA’s sub­mis­sion to the European Commission’s CDSM re­view is avail­able here (pdf).

Please en­able JS and dis­able any ad blocker