10 interesting stories served every morning and every evening.
Dependabot is a noise machine. It makes you feel like you’re doing work, but you’re actually discouraging more useful work. This is especially true for security alerts in the Go ecosystem.
I recommend turning it off and replacing it with a pair of scheduled GitHub Actions, one running govulncheck, and the other running your test suite against the latest version of your dependencies.
On Tuesday, I published a security fix for filippo.io/edwards25519. The (*Point).MultiScalarMult method would produce invalid results if the receiver was not the identity point.
A lot of the Go ecosystem depends on filippo.io/edwards25519, mostly through github.com/go-sql-driver/mysql (228k dependents only on GitHub). Essentially no one uses (*Point).MultiScalarMult.
Yesterday, Dependabot opened thousands of PRs against unaffected repositories to update filippo.io/edwards25519. These PRs were accompanied by a security alert with a nonsensical, made up CVSS v4 score and by a worrying 73% compatibility score, allegedly based on the breakage the update is causing in the ecosystem. Note that the diff between v1.1.0 and v1.1.1 is one line in the method no one uses.
We even got one of these alerts for the Wycheproof repository, which does not import the affected filippo.io/edwards25519 package at all. Instead, it only imports the unaffected filippo.io/edwards25519/field package.
$ go mod why -m filippo.io/edwards25519
github.com/c2sp/wycheproof/tools/twistcheck
filippo.io/edwards25519/field
We have turned Dependabot off.
But isn’t this toil unavoidable, to prevent attackers from exploiting old vulnerabilities in your dependencies? Absolutely not!
Computers are perfectly capable of doing the work of filtering out these irrelevant alerts for you. The Go Vulnerability Database has rich version, package, and symbol metadata for all Go vulnerabilities.
Here’s the entry for the filippo.io/edwards25519 vulnerability, also available in standard OSV format.
modules:
- module: filippo.io/edwards25519
versions:
- fixed: 1.1.1
vulnerable_at: 1.1.0
packages:
- package: filippo.io/edwards25519
symbols:
- Point.MultiScalarMult
summary: Invalid result or undefined behavior in filippo.io/edwards25519
description: |-
Previously, if MultiScalarMult was invoked on an
initialized point who was not the identity point, MultiScalarMult
produced an incorrect result. If called on an
uninitialized point, MultiScalarMult exhibited undefined behavior.
cves:
- CVE-2026-26958
credits:
- shaharcohen1
- WeebDataHoarder
references:
- advisory: https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr
source:
id: go-security-team
created: 2026-02-17T14:45:04.271552-05:00
review_status: REVIEWED
Any decent vulnerability scanner will at the very least filter based on the package, which requires a simple go list -deps ./…. This already silences a lot of noise, because it’s common and good practice for modules to separate functionality relevant to different dependents into different sub-packages. For example, it would have avoided the false alert against the Wycheproof repository.
If you use a third-party vulnerability scanner, you should demand at least package-level filtering.
Good vulnerability scanners will go further, though, and filter based on the reachability of the vulnerable symbol using static analysis. That’s what govulncheck does!
$ go mod why -m filippo.io/edwards25519
filippo.io/sunlight/internal/ctlog
github.com/google/certificate-transparency-go/trillian/ctfe
github.com/go-sql-driver/mysql
$ govulncheck ./…
=== Symbol Results ===
No vulnerabilities found.
Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 2
vulnerabilities in modules you require, but your code doesn’t appear to call
these vulnerabilities.
Use ‘-show verbose’ for more details.
govulncheck noticed that my project indirectly depends on filippo.io/edwards25519 through github.com/go-sql-driver/mysql, which does not make the vulnerable symbol reachable, so it chose not to notify me.
If you want, you can tell it to show the package- and module-level matches.
$ govulncheck -show verbose,color ./…
Fetching vulnerabilities from the database…
Checking the code against the vulnerabilities…
The package pattern matched the following 16 root packages:
filippo.io/sunlight/internal/stdlog
Govulncheck scanned the following 54 modules and the go1.26.0 standard library:
crawshaw.io/sqlite@v0.3.3-0.20220618202545-d1964889ea3c
filippo.io/edwards25519@v1.1.0
filippo.io/keygen@v0.0.0-20240718133620-7f162efbbd87
=== Symbol Results ===
No vulnerabilities found.
=== Package Results ===
Vulnerability #1: GO-2026-4503
Invalid result or undefined behavior in filippo.io/edwards25519
More info: https://pkg.go.dev/vuln/GO-2026-4503
Module: filippo.io/edwards25519
Found in: filippo.io/edwards25519@v1.1.0
Fixed in: filippo.io/edwards25519@v1.1.1
=== Module Results ===
Vulnerability #1: GO-2025-4135
Malformed constraint may cause denial of service in
golang.org/x/crypto/ssh/agent
More info: https://pkg.go.dev/vuln/GO-2025-4135
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.44.0
Fixed in: golang.org/x/crypto@v0.45.0
Vulnerability #2: GO-2025-4134
Unbounded memory consumption in golang.org/x/crypto/ssh
More info: https://pkg.go.dev/vuln/GO-2025-4134
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.44.0
Fixed in: golang.org/x/crypto@v0.45.0
Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 2
vulnerabilities in modules you require, but your code doesn’t appear to call
these vulnerabilities.
...
Read the original on words.filippo.io »
Silicon Valley is tightening its ties with Trumpworld, the surveillance state is rapidly expanding, and big tech’s AI data center buildout is booming. Civilians are pushing back.
In today’s edition of Blood in the Machine:
* Across the nation, people are dismantling and destroying Flock cameras that conduct warrantless vehicle surveillance, and whose data is shared with ICE.
* An Oklahoma man airing his concerns about a local data center project at a public hearing is arrested after he exceeded his allotted time by a couple seconds.
* Uber and Lyft drivers deliver a petition signed by 10,000 gig workers demanding that stolen wages be returned to them.
* PLUS: A climate researcher has a new report that unravels the ‘AI will solve climate change’ mythos, Tesla’s Robotaxis are crashing 4 times as often as humans, and AI-generated public comments helped kill a vote on air quality.
A brief note that this reporting, research, and writing takes a lot of time, resources, and energy. I can only do it thanks to the paid subscribers who chip in a few bucks each month; if you’re able, and you find value in this work, please consider upgrading to a paid subscription so I can continue on. Many thanks, hammers up, and onwards.
Last week, in La Mesa, a small city just east of San Diego, California, observers happened upon a pair of destroyed Flock cameras. One had been smashed and left on the median, the other had key parts removed. The destruction was obviously intentional, and appears perhaps even staged to leave a message: It came just weeks after the city decided, in the face of public protest, to continue its contracts with the surveillance company.
Flock cameras are typically mounted on 8 to 12 foot poles and powered by a solar panel. The smashed remains of all of the above in La Mesa are the latest examples of a widening anti-Flock backlash. In recent months, people have been smashing and dismantling the surveillance devices, in incidents reported in at least five states, from coast to coast.
Bill Paul, who runs the local news outlet San Diego Slackers, and who first reported on the smashed Flock equipment, tells me that the sabotage comes just a month or two after San Diego held a raucous city council meeting over whether to keep operating the Flock cameras. A clear majority of public attendees present were in favor of shutting them down.
There was “a huge turnout against them,” he tells me, “but the council approved continuation of the contract.”
The tenor of the meeting reflects a growing anger and concern over the surveillance technology that’s gone nationwide: Flock, which is based in Atlanta and is currently valued at $7.5 billion, operates automatic license plate readers (ALPR) that have now been installed in some 6,000 US communities. They gather not just license plate images, but other identifying data used to ‘fingerprint’ vehicles, their owners, and their movements. This data can be collected, stored, and accessed without a warrant, making it a popular workaround for law enforcement. Perhaps most controversially, Flock’s vehicle data is routinely accessed by ICE.
If you’ve heard Flock’s name come up recently, it’s likely as a result of their now-canceled partnership with Ring, made instantly famous by a particularly dystopian Super Bowl ad that promised to turn regular neighborhoods into a surveillance dragnet.
Meanwhile, abuses have been prevalent. A Georgia police chief was arrested and charged with using Flock data to stalk and harass private citizens. Flock data has been used to track citizens who cross state lines for abortions when the procedure is illegal in their state. And municipalities have found that federal agencies have accessed local flock data without their knowledge or consent. Critics claim that this warrantless data collection is Orwellian and unconstitutional; a violation of the 4th amendment. As a result, civilians from Oregon to Virginia to California and beyond are pushing their governments to abandon Flock contracts. In some cases, they’re succeeding. Cities like Santa Cruz, CA, and Eugene, OR, have cancelled their contracts with Flock.
In Oregon’s case, the public outcry was accompanied by a campaign of destruction against the surveillance devices: Last year, at least six Flock license plate readers mounted on poles located in Eugene and Springfield were cut down and destroyed, according to the Lookout Eugene-Springfield.
A note reading “Hahaha get wrecked ya surveilling fucks” was attached to one of the destroyed poles, and somewhat incredibly, broadcast on the local news.
In Greenview, Illinois, a Flock camera pole was severed at the base and the device destroyed. In Lisbon, Connecticut, police are investigating another smashed Flock camera.
In Virginia, last December, a man was arrested for dismantling and destroying 13 Flock cameras throughout the state over the course of the year. He’s apparently already admitted to doing so, according to local news:
Jefferey S. Sovern, 41, was arrested in October after detectives say he “intentionally destroyed” 13 Flock Safety cameras between April and October of this year. He was charged with 13 counts of destruction of property, six counts of petit larceny and six counts of possession of burglary tools. Sovern admitted to the crimes, according to a criminal complaint filed in Suffolk General District Court, going as far as to say he used vice grips to help him disassemble the tow-piece polls. He also admitted to keeping some of the wiring, batteries and solar panels taken from the cameras. Some of the items were recovered by police after they searched the property.
After his arrest, Sovern created a GoFundMe to help cover his legal costs, in which he sheds a little light on his intentions:
My name is Jeff and I appreciate my privacy. I appreciate everyone’s right to privacy, enshrined in the fourth amendment. With the local news outlets finding my legal issues and creating a story that is starting to grow, there has been community support for me that I humbly welcome.
Sovern points his GoFundMe contributors to DeFlock, a website aimed at tracking and countering the rise of Flock cameras in US communities. It counts 46 cities that have officially rejected Flock and other ALPRs since its campaign began.
In fact, it’s hard to think of a tech product or project this side of generative AI that is more roundly opposed and reviled, on a bipartisan level, than Flock, and resistance takes many forms and stripes. Here’s the YouTuber Benn Jordan, showing his viewers how to Flock-proof their license plates and render their vehicles illegible to the company’s data ingestion systems:
In response to such Flock counter-tactics, Florida passed a law last year making it illegal to cover or alter your license plate.
In his GoFundMe, Sovern also mentioned the support for him he’d seen on forums online, so I went over to Reddit to get a sense for how his actions were being received online. Here was the page that shared news of his arrest for destroying the Flock cameras:
There was, in other words, nearly universal support for Sovern’s Flock dismantling campaign. Bear in mind that this is r/Norfolk, and while it’s still reddit users we’re talking about, it’s not like this is r/anarchism here:
The San Diego reddit threads carrying news of the destroyed Flock equipment told a similar story:
There were plenty of outright endorsements of the sabotage:
Off the message boards and in real civic life, Bill Paul, the reporter with the San Diego Slacker, says anger is boiling over, too. He points again to that heated December 2025 city council meeting, in which public outrage was left unaddressed. The city, perhaps aware of the stigma Flock now carries, apparently tried to highlight that their focus was on the “smart streetlights” made by another company, while downplaying the fact that those streetlights run on Flock software.
“San Diego gets to hide behind a slight facade in that their contract is with Ubicquia,” the smart streetlight manufacturer, Paul says, “but the software layer is Flock. You can easily see Flock hardware on retail properties, looking at the same citizens, with zero oversight, and SDPD can claim they have clean hands.”
Weeks later, pieces of smashed Flock cameras littered the ground.
Across the country, in other words, municipal governments are overriding public will to make deals with a profiteering tech company to surveil their citizens and to collaborate with federal agencies like ICE. It might be taken as a sign of the times that in states and cities across the US, thousands of miles apart, those opposed to the technology are refusing to countenance what they view as violations of privacy and civil liberty, and are instead taking up vice grips and metal cutters. And in many cases, they’re getting hailed by their peers as heroes.
If you’ve heard stories of smashed Flock cameras or dismantled surveillance equipment in your neighborhood, please share—drop a link in the comments, or contact me on Signal or at briancmerchant@proton.me.
Thanks to Lilly Irani for the tip on the smashed Flock cams in San Diego.
In case you missed it, I shared my five takeaways on the most recent round of ultraheated AI discourse here:
The exchange was filmed and recorded on YouTube:
Police in Claremore, Oklahoma arrested a local man after he went slightly over his time giving public remarks during a city council meeting opposing a proposed data center. Darren Blanchard showed up at a Claremore City Council meeting on Tuesday to talk about public records and the data center. When he went over his allotted 3 minutes by a few seconds, the city had him arrested and charged with trespassing. The subject of the city council meeting was Project Mustang, a proposed data center that would be located within a local industrial park. In a mirror of fights playing out across the United States, developer Beale Infrastructure is attempting to build a large data center in a small town and the residents are concerned about water rights, spiking electricity bills, and noise.The public hearing was a chance for the city council to address some of these concerns and all residents were given a strict three minute time limit. The entire event was livestreamed and archive of it is on YouTube. Blanchard was warned, barely, to “respect the process” by one of the council members but was clearly finishing reading from papers he had brought to read from, was not belligerent, and went over time by just a few seconds. Anyone who has ever attended or watched a city council meeting anywhere will know that people go over their time at essentially any meeting that includes public comment.Blanchard arrived with documents in hand and questions about public records requests he’d made. During his remarks, people clapped and cheered and he asked that this not be counted against his three minutes. “There are major concerns about the public process in Claremore,” Blanchard said, referencing compliance documents and irregularities he’d uncovered in public records.
Blanchard was then arrested as the crowd jeered in disbelief. Also disconcerting was the way the local news framed the event, with a local anchor defending authorities by claiming he was “warned multiple times.” Seems like a pretty surefire way to make people hate data centers and the governments protecting them even more!
On Wednesday, I headed to Pershing Square in downtown Los Angeles, where dozens of gig workers and organizers with Rideshare Drivers United had assembled to deliver a petition to the California Labor Commission signed by thousands of workers, calling on the body to deliver a settlement on their behalf. Organizers made short speeches on the steps of the square while local radio and TV stations captured the moment. “
The Labor Commission is suing the gig companies on drivers’ behalf, alleging that Uber and Lyft stole billions of dollars worth of wages from drivers before Prop 22 was enacted in 2020. The commission is believed to be in negotiations with the gig companies right now that will determine a settlement.
I spoke with one driver, Karen, who had traveled from San Diego to join the demonstration, and asked her why she came. “It’s important we build driver power” she said. “Without driver power, we won’t get what we need, and we just want fairness.” She said she was hoping to claim at least $20,000 in stolen wages.
“We’re fighting for wages that were stolen for us from us and continue to be stolen from us every single day by these app companies from hell,” RDU organizer Nicole Moore told me. “So we’re marching in downtown L. A. to deliver 10,000 signatures of drivers demanding that the state fight hard for us, and don’t let these companies rip us off.”
According to Tesla’s own numbers, its new RoboTaxis in Austin are crashing at a rate 4 times higher than human drivers. The EV trade publication Electrek reports:
With 14 crashes now on the books, Tesla’s “Robotaxi” crash rate in Austin continues to deteriorate. Extrapolating from Tesla’s Q4 2025 earnings mileage data, which showed roughly 700,000 cumulative paid miles through November, the fleet likely reached around 800,000 miles by mid-January 2026. That works out to one crash every 57,000 miles. The irony is that Tesla’s own numbers condemn it. Tesla’s Vehicle Safety Report claims the average American driver experiences a minor collision every 229,000 miles and a major collision every 699,000 miles. By Tesla’s own benchmark, its “Robotaxi” fleet is crashing nearly 4 times more often than what the company says is normal for a regular human driver in a minor collision, and virtually every single one of these miles was driven with a trained safety monitor in the vehicle who could intervene at any moment, which means they likely prevented more crashes that Tesla’s system wouldn’t have avoided.Using NHTSA’s broader police-reported crash average of roughly one per 500,000 miles, the picture is even worse, Tesla’s fleet is crashing at approximately 8 times the human rate.
-“The Left Doesn’t Hate Technology, We Hate Being Exploited,” by Gita Jackson at Aftermath.
“Meta drops $65 million into super PACs to boost tech-friendly state candidates,” by Christine Mui in Politico.
-A great new report from climate researcher Ketan Joshi, “The AI Climate Hoax: Behind the Curtain of How Big Tech Greenwashes Impacts,” has been making headlines and is well worth a read. Perhaps we’ll dig deeper into it in a future issue.
-The LA Times reports that the Southern California air board rejected new pollution rules after an AI-generated flood of made-up comments. Here’s UCLA’s Evan George on how AI poses a unique threat to the civic process.
Okay okay, that’s it for this week. Thanks as always for reading. Hammers up.
...
Read the original on www.bloodinthemachine.com »
Date: 01 Apr 88 1620 PST
From: Les Earnest
Subject: The “previous account” referred to in RISKS-6.51
Reading a book got me into early trouble–I had an FBI record
by age twelve. This bizarre incident caused a problem much later
when I needed a security clearance. I learned that I could obtain
one only by concealing my sordid past.
A friend named Bob and I read the book ``Secret and Urgent,‘’ by Fletcher Pratt [Blue Ribbon Books; Garden City, NY; 1942] which was an early popular account of codes and ciphers. Pratt showed how to use letter frequencies to break ciphers and reported that the most frequently occurring letters in typical English text are e-t-a-o-n-r-i, in that order. (The letter frequency order of the story you are now reading is e-t-a-i-o-n-r. The higher frequency of ``i’′ probably reflects the fact that _I_ use the first person singular a lot.) Pratt’s book also treated more advanced cryptographic schemes.
Bob and I decided that we needed to have a secure way to communicate with each other, so we put together a rather elaborate jargon code based on the principles described in the book. I don’t remember exactly why we thought we needed it–we spent much of our time outside of school together, so there was ample time to talk privately. Still, you never could tell when you might need to send a secret message!
We made two copies of the code key (a description of how to encrypt and decrypt our messages) in the form of a single typewritten sheet. We each took a copy and carried it on our persons at all times when we were wearing clothes.
I actually didn’t wear clothes much. I spent nearly all my time outside school wearing just a baggy pair of maroon swimming trunks. That wasn’t considered too weird in San Diego.
I had recently been given glasses to wear but generally kept them in a hard case in the pocket of the trousers that I wore to school. I figured that this was a good place to hide my copy of the code key, so I carefully folded it to one-eighth of its original size and stuck it at the bottom of the case, under my glasses.
Every chance I got, I went body surfing at Old Mission Beach. I usually went by streetcar and, since I had to transfer Downtown, I wore clothes. Unfortunately, while I was riding the trolley home from the beach one Saturday, the case carrying my glasses slipped out of my pocket unnoticed. I reported the loss to my mother that night. She chastised me and later called the streetcar company. They said that the glasses hadn’t been turned in.
After a few weeks of waiting in vain for the glasses to turn up, we began to lose hope. My mother didn’t rush getting replacement glasses in view of the fact that I hadn’t worn them much and they cost about $8, a large sum at that time. (To me, $8 represented 40 round trips to the beach by streetcar, or 80 admission fees to the movies.)
Unknown to us, the case had been found by a patriotic citizen who opened it, discovered the code key, recognized that it must belong to a Japanese spy and turned it over to the FBI This was in 1943, just after citizens of Japanese descent had been forced off their property and taken away to concentration camps. I remember hearing that a local grocer was secretly a Colonel in the Japanese Army and had hidden his uniform in the back of his store. A lot of people actually believed these things.
About six weeks later, when I happened to be off on another escapade, my mother was visited by a man who identified himself as an investigator from the FBI (She was a school administrator, but happened to be at home working on her Ph. D. dissertation.) She noticed that there were two more men waiting in a car outside. The agent asked a number of questions about me, including my occupation. He reportedly was quite disappointed when he learned that I was only 12 years old.
He eventually revealed why I was being investigated, showed my mother the glasses and the code key and asked her if she knew where it came from. She didn’t, of course. She asked if we could get the glasses back and he agreed.
My mother told the investigator how glad she was to get them back, considering that they cost $8. He did a slow burn, then said ``Lady, this case has cost the government thousands of dollars. It has been the top priority in our office for the last six weeks. We traced the glasses to your son from the prescription by examining the files of nearly every optometrist in San Diego.‘’ It apparently didn’t occur to them that if I were a real Japanese spy, I might have brought the glasses with me from headquarters.
The FBI agent gave back the glasses but kept the code key ``for our records.‘’ They apparently were not fully convinced that they were dealing just with kids.
Since our communication scheme had been compromised, Bob and I devised a new key. I started carrying it in my wallet, which I thought was more secure. I don’t remember ever exchanging any cryptographic messages. I was always ready, though.
A few years later when I was in college, I got a summer job at the Naval Electronics Lab, which required a security clearance. One of the questions on the application form was ``Have you ever been investigated by the FBI?‘’ Naturally, I checked ``Yes.‘’ The next question was, ``If so, describe the circumstances.‘’ There was very little space on the form, so I answered simply and honestly, ``I was suspected of being a Japanese spy.‘’
When I handed the form in to the security officer, he scanned it quickly, looked me over slowly, then said, ``Explain this’’–pointing at the FBI question. I described what had happened. He got very agitated, picked up my form, tore it in pieces, and threw it in the waste basket.
He then got out a blank form and handed it to me, saying ``Here, fill it out again and don’t mention that. If you do, I’ll make sure that you never get a security clearance.‘’
I did as he directed and was shortly granted the clearance. I never again disclosed that incident on security clearance forms.
On another occasion much later, I learned by chance that putting certain provocative information on a security clearance form can greatly speed up the clearance process. But that is another story.
Edited and converted to HTML by Dan Bornstein.
...
Read the original on milk.com »
Pre-orders for the Juno Pioneer Edition now open, reserve your Juno today!
On January 16, OpenAI quietly announced that ChatGPT would begin showing advertisements. By February 9th, ads were live. Eight months earlier, OpenAI spent $6.5 billion to acquire Jony Ive’s hardware startup io. They’re building a pocket-sized, screenless device with built-in cameras and microphones — “contextually aware,” designed to replace your phone.
But this isn’t a post about OpenAI. They’re just the latest. The problem is structural.
Every single companyWe can quibble about Apple.
building AI assistants is now funded by advertising.
And every one of them is building hardware designed to see and hear everything around you, all day, every day. These two facts are on a collision course, and local on-device inference is the only way off the track.
Before we talk about who’s building it, let’s be clear about what’s being built.
Every mainstream voice assistant today works behind a gate. You say a magic word — “Hey Siri,” “OK Google,” “Alexa” — and only then does the system listen. Everything before the wake word is theoretically discarded.
This was a reasonable design in 2014. It is a dead end for where AI assistance needs to go.
Here’s what happens in a real kitchen at 6:30am:Anonymized from one of our test homes. The real version was messier and
included a toddler screaming about Cheerios.
Nobody is going to preface that with a wake word. The information is woven into natural speech between two flustered parents getting the family ready to leave the house. The moment you require a trigger, you lose the most valuable interactions — the ones that happen while people are living their lives, not thinking of how to give context to an AI assistant.
You cannot build proactive assistance behind a wake word. The AI has to be present in the room, continuously, accumulating context over days and weeks and months, to build the understanding that makes proactive help possible.
This is where every major AI company is heading. Not just audio — vision, presence detection, wearables, multi-room awareness. The next generation of AI assistants will hear and see everything. Some will be on your face or in your ears all day. They will be always on, always sensing, always building a model of your life.
The question is not whether always-on AI will happen. It’s who
controls the data it collects. And right now, the answer to that
question is: advertising companies.
Here’s where the industry’s response gets predictable. “We encrypt the data in transit.” “We delete it after processing.” “We anonymize everything.” “Ads don’t influence the AI’s answers.” “Read our privacy policy.“With cloud processing, every user is trusting:
• The company’s current privacy policy
• Every employee with production access
• Every third-party vendor in the processing pipeline
• Every government that can issue a subpoena or national security
letter
• Every advertiser partnership that hasn’t been announced yet
• The company’s future privacy policy
OpenAI’s own ad announcement includes this language: “OpenAI keeps conversations with ChatGPT private from advertisers, and never sells data to advertisers.” It sounds reassuring. But Google scanned every Gmail for ad targeting for thirteen years
before quietly stopping in 2017. Policies change. Architectures don’t.
When a device processes data locally, the data physically cannot leave the network. There is no API endpoint to call. There is no telemetry pipeline. There is no “anonymized usage data” that somehow still contains enough signal to be useful for ad targeting. The inference hardware sits inside the device or in the user’s home, on their network.
Your email is sensitive. A continuous audio and visual feed of your home is something else entirely. It captures arguments, breakdowns, medical conversations, financial discussions, intimate moments, parenting at its worst, the completely unguarded version of people that exists only when they believe nobody is watching. We wrote a deep dive on our memory system in
Building Memory for an Always-On AI That Listens to Your Kitchen.
Amazon already showed us what happens. They eliminated local voice processing.
They planned to feed Alexa conversations to advertisers.
They partnered Ring with a surveillance network that had federal law
enforcement access.
What happens when those same economic incentives are applied to devices that capture everything?
The counterargument is always the same: “Local models aren’t good enough.” Three years ago, that was true. It is no longer true.
You can run a complete ambient AI pipeline today — real-time speech-to-text, semantic memory, conversational reasoning, text-to-speech, etc — on a device that fits next to a cable box (remember those?). No fan noise. A one-time hardware purchase with no per-query fee and no data leaving the building. New model architectures, better compression, and open-source inference engines have converged to make this possible, and the silicon roadmap points in one direction: more capability per watt, every year. We’ve been running always-on prototypes in five homes. The complaints
we get are about the AI misunderstanding context, not about raw model
capability. That’s a memory architecture problem, not a model size
problem.
Are local models as capable as the best cloud models? No. But we’re usually not asking our smart speaker to re-derive the Planck constant.
Hardware that runs inference on-device. Models that process audio and video locally and never transmit it. There needs to be a business model based on selling the hardware and
software, not the data the hardware collects. An architecture where the
company that makes the device literally cannot access the data
it processes, because there is no connection to access it
through.
The most helpful AI will also be the most intimate technology ever built. It will hear everything. See everything. Know everything about the family. The only architecture that keeps that technology safe is one where it is structurally incapable of betraying that knowledge. Not policy. Not promises. Not a privacy setting that can be quietly removed in a March software update.
Choose local. Choose edge. Build the AI that knows everything but phones home nothing.
...
Read the original on juno-labs.com »
Andrej Karpathy talks about “Claws”. Andrej Karpathy tweeted a mini-essay about buying a Mac Mini (“The apple store person told me they are selling like hotcakes and everyone is confused”) to tinker with Claws:
Andrej Karpathy talks about “Claws”. Andrej Karpathy tweeted a mini-essay about buying a Mac Mini (“The apple store person told me they are selling like hotcakes and everyone is confused”) to tinker with Claws:
I’m definitely a bit sus’d to run OpenClaw specifically […] But I do love the concept and I think that just like LLM agents were a new layer on top of LLMs, Claws are now a new layer on top of LLM agents, taking the orchestration, scheduling, context, tool calls and a kind of persistence to a next level.
Looking around, and given that the high level idea is clear, there are a lot of smaller Claws starting to pop out. For example, on a quick skim NanoClaw looks really interesting in that the core engine is ~4000 lines of code (fits into both my head and that of AI agents, so it feels manageable, auditable, flexible, etc.) and runs everything in containers by default. […]
Anyway there are many others - e.g. nanobot, zeroclaw, ironclaw, picoclaw (lol @ prefixes). […]
Not 100% sure what my setup ends up looking like just yet but Claws are an awesome, exciting new layer of the AI stack.
...
Read the original on simonwillison.net »
In December 1990, an application called WorldWideWeb was developed on a NeXT machine at The European Organization for Nuclear Research (known as CERN) just outside of Geneva. This program – WorldWideWeb — is the antecedent of most of what we consider or know of as “the web” today.
In February 2019, in celebration of the thirtieth anniversary of the development of WorldWideWeb, a group of developers and designers convened at CERN to rebuild the original browser within a contemporary browser, allowing users around the world to experience the rather humble origins of this transformative technology.
This project was supported by the US Mission in Geneva through the CERN & Society Foundation.
Ready to browse the World Wide Web using WorldWideWeb?
Select “Document” from the menu on the side.
Click here to jump in (and remember you need to double-click on links):
* History — a brief history of the application which was built in 1989 as a progenitor to what we know as “the web” today.
* Timeline — a timeline of the thirty years of influences leading up to (and the thirty years of influence leading out from) the publication of the memo that lead to the development of the first web browser.
* The Browser — instructions for using the recreated WorldWideWeb browser, and a collection of its interface patterns.
* Typography — details of the NeXT computer’s fonts used by the WorldWideWeb browser.
* Inside the Code — a look at some of the original code of WorldWideWeb.
* Production Process — a behind the scenes look at how the WorldWideWeb browser was rebuilt for today.
* Related Links — links to additional historical and technical resources around the production of WorldWideWeb.
* Colophon — a bit of info about the folks behind the project.
...
Read the original on worldwideweb.cern.ch »
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
DISCOUNTS: Instead of random discounts we prefer keeping the prices stable (already since early 2022)
US Shipping - Now all taxes and fees are included in the shipping cost at checkout
...
Read the original on openscan.eu »
A new law to ensure that batteries are collected, reused and recycled in Europe is entering into force today. The new Batteries Regulation will ensure that, in the future, batteries have a low carbon footprint, use minimal harmful substances, need less raw materials from non-EU countries, and are collected, reused and recycled to a high degree in Europe. This will support the shift to a circular economy, increase security of supply for raw materials and energy, and enhance the EU’s strategic autonomy.
In line with the circularity ambitions of the European Green Deal, the Batteries Regulation is the first piece of European legislation taking a full life-cycle approach in which sourcing, manufacturing, use and recycling are addressed and enshrined in a single law.
Batteries are a key technology to drive the green transition, support sustainable mobility and contribute to climate neutrality by 2050. To that end, starting from 2025, the Regulation will gradually introduce declaration requirements, performance classes and maximum limits on the carbon footprint of electric vehicles, light means of transport (such as e-bikes and scooters) and rechargeable industrial batteries.
The Batteries Regulation will ensure that batteries placed on the EU single market will only be allowed to contain a restricted amount of harmful substances that are necessary. Substances of concerns used in batteries will be regularly reviewed.
Targets for recycling efficiency, material recovery and recycled content will be introduced gradually from 2025 onwards. All collected waste batteries will have to be recycled and high levels of recovery will have to be achieved, in particular of critical raw materials such as cobalt, lithium and nickel. This will guarantee that valuable materials are recovered at the end of their useful life and brought back in the economy by adopting stricter targets for recycling efficiency and material recovery over time.
Starting in 2027, consumers will be able to remove and replace the portable batteries in their electronic products at any time of the life cycle. This will extend the life of these products before their final disposal, will encourage re-use and will contribute to the reduction of post-consumer waste.
To help consumers make informed decisions on which batteries to purchase, key data will be provided on a label. A QR code will provide access to a digital passport with detailed information on each battery that will help consumers and especially professionals along the value chain in their efforts to make the circular economy a reality for batteries.
Under the new law’s due diligence obligations, companies must identify, prevent and address social and environmental risks linked to the sourcing, processing and trading of raw materials such as lithium, cobalt, nickel and natural graphite contained in their batteries. The expected massive increase in demand for batteries in the EU should not contribute to an increase of such environmental and social risks.
Work will now focus on the application of the law in the Member States, and the redaction of secondary legislation (implementing and delegated acts) providing more detailed rules.
Since 2006, batteries and waste batteries have been regulated at EU level under the Batteries Directive. The Commission proposed to revise this Directive in December 2020 due to new socioeconomic conditions, technological developments, markets, and battery uses.
Demand for batteries is increasing rapidly. It is set to increase 14-fold globally by 2030 and the EU could account for 17% of that demand. This is mostly driven by the electrification of transport. Such exponential growth in demand for batteries will lead to an equivalent increase in demand for raw materials, hence the need to minimise their environmental impact.
In 2017, the Commission launched the European Battery Alliance to build an innovative, sustainable and globally competitive battery value chain in Europe, and ensure supply of batteries needed for decarbonising the transport and energy sectors.
...
Read the original on environment.ec.europa.eu »
A man takes a train from London to the coast. He’s visiting a town called Wulfleet. It’s small and old, the kind of place with a pub that’s been pouring pints since the Battle of Bosworth Field. He’s going to write about it for his blog. He’s excited.
He arrives, he checks in. He walks to the cute B&B he’d picked out online. And he writes it all up like any good travel blogger would: in that breezy LiveJournal style from 25 years ago, perhaps, in his case, trying a little too hard.
But as his post goes on, his language gets older. A hundred years older with each jump. The spelling changes. The grammar changes. Words you know are replaced by unfamiliar words, and his attitude gets older too, as the blogger’s voice is replaced by that of a Georgian diarist, an Elizabethan pamphleteer, a medieval chronicler.
By the middle of his post, he’s writing in what might as well be a foreign language.
But it’s not a foreign language. It’s all English.
None of the story is real: not the blogger, not the town. But the language is real, or at least realistic. I constructed the passages myself, working from what we know about how English was written in each period.
It’s a thousand years of the English language, compressed into a single blog post.
Read it and notice where you start to struggle. Notice where you give up entirely. Then meet me on the other side and I’ll tell you what happened to the language (and the blogger).
You’re reading The Dead Language Society, where 35,000+ readers explore the hidden history of the English language. I’m Colin Gorrie: PhD linguist and your guide through 1,500 years of English being weird.
I publish every Wednesday. Paid subscribers get every issue, the full archive, and the content I’m most proud of: practical guides to reading historical texts yourself, honest takes on how language really works, and live book clubs where we read texts like Beowulf and (up next!) Sir Gawain and the Green Knight.
Well, I finally got to the town everyone has been talking about lately. Wulfleet. And let me tell you, it was not easy to get here. It’s ridiculous how close this place is to London, and yet how hard it is to get here. I took a train to some place whose name I can’t pronounce, and then from there I had to hop on a bus. The whole day was shot just getting here.
Not going to lie though: so far, it’s totally worth it.
Yes, it’s the typical English coastal town: the seagulls, the cobblestone streets, the works. But there’s something about it that just makes me want to dress up in a cape and walk around like I’m in a Gothic novel. Although, let’s be honest, do I really need an excuse to do that? :)
Everyone seems really nice here, although I did have one really weird encounter on the way to the B&B. A guy was following me for a while. It kind of freaked me out. Anyway, if you go to Wulfleet, just watch out for this one weird guy who hangs out near the bus stop. I know, real specific. But anyway, that was just a bit odd.
Speaking of which, the B&B is also… interesting. LOL. It has separate hot and cold taps and everything. I’m about to see how the “bed” portion works. I’ll update you on the “breakfast” tomorrow morning. If I can find an internet cafe around here, that is.
My plans for an untroubled sleep were upset, however, when I woke with a start before dawn. The window had, it seemed, come open in the night, though I was perfectly certain I had fastened it. I sprang up from the bed to see what was the cause, but I could see nothing in the darkness — nothing, that is, that I could satisfactorily account for. I closed the window again but was entirely unable to fall asleep due to the shock. I am not, I hope, an easily frightened man, but I confess the incident left me not a little unsettled.
When dawn finally came, I went downstairs to find a well-appointed dining room in which there was laid out a modest but perfectly adequate meal. After I ate, and thanked the landlady — a respectable woman of the kind one expects to find in charge of such an establishment — I decided to take a stroll around the town. The sea air did something to revive me after the events of the previous day, not to mention the night, although a question still weighed on me. Do windows simply burst open in the night? Or was there something else afoot? I resolved to make enquiries, though of whom I was not yet certain.
After spending the day wandering around the environs of the town, and, finding myself hungry, I sought out an inn, where I might buy some supper. It was not difficult to find one, and, sitting alone, I called for supper from what the publican had to offer. I confess I gave no great thought to the quality of the fare. Hunger, that great leveller, makes philosophers of us all, and renders even the meanest dish agreeable.
The place was adequately charming. The tables were covered with guttering candles, and the local rustics seemed to be amusing themselves with great jollity. Reader, I am not one of those travellers who holds himself above the common people of the places he visits. I saw fit rather to join in with their sport and we whiled away the hours together in good cheer. I found them to be as honest and amiable a company as one could wish for.
The only thing that disturbed my good humour was when I thought, for a brief moment, that I saw the man who accosted me yesterday among the crowd. But it must have been a mere fancy, for whatever I thought I saw vanished as quickly as it had appeared. I chided myself for the weakness of my nerves, and took another draught to steady them.
When, at long last, the entertainment was spent, I undertook to return to my lodgings; however, finding myself quite unable to find my way, a fact which owed something to having imbibed rather immoderately in the hours prior — and here let me caution the reader against the particular hospitality of country innkeepers, which is liberal beyond what prudence would advise — I soon found myself at the harbour’s edge.
When I was firſt come to Wulfleet, I did not see the harbour, for I was weary and would ſooner go to the inn, that I might ſleep. It is a truth well known to travellers, that wearineſs of body breeds a kind of blindneſs to all things, however remarkable, and ſo it was with me. But now that I beheld the ſight of it, I marvelled. In the inky blackneſs I could see not a ſtar, nor even a ſliver of the moon. It was indeed a wonder that I did not ſtumble on my way, and periſh in a gutter, for many a man has come to his end by leſs.
Finally, with my mind much filled with reflection, I found my way through dark ſtreets to a familiar alley. This was a welcome sight, as an ill foreboding was lately come into my mind. I entertained for a moment such unmanly thoughts as are far from my cuſtom, and which I ſhould be aſhamed to ſet down here, were it not that an honeſt account requires it. I felt eſpecially that I was purſued by ſome thing unknown to me. I glanced backwards, to ſee if I might eſpy that man. But there was no one, or at least no one that I could diſcern.
At laſt, I found the doorway of the inn, as much by chance as by deſign, and retired to ſleep with a mind addled half by drink and the other half by a fear for which I could not well account. I commended myſelf to Providence, and reſolved to think no more on it.
That night I was vntroubled by such euents as I had vndergone the night before, for I had barred the door ere I ſlept, and so fortified, that so no force might open it. This town of Wulfleet was paſſing ſtrange, as ſtrange I dare ſay as any place whereof Plinie wrote, or any iland discovered in the voyages of Sir Walter Raleigh. But I was bound to my taſk, and would not flinch from it. I would record the occurrents in Wulfleet, howeuer ſtrange they might ſeem, yea, though they were ſuch things as would make a leſſer man forſake his purpoſe.
But I ſoon forgot my earlier dread, for the morning brought with it ſo fair a ſight as to diſpel all feare. The people of the town had erected ouernight a market of ſuch variety and abundance as I haue not ſeen the like. Animals walked among men, and men among animals, a true maruel!
As I looked on this aſſembled throng, greatly pleaſed and not a little amazed, a man approached me. He ſtartled me, but I quickly saw he was nothing but a farmer come to hawke his wares. “Would you haue a fowl, sir?” ſaid he, “My hens are fat and luſty, and you may haue them cheap.”
I said in reply, “No, I thanke thee,” He was a churliſh fellow, rude of ſpeech and meane of aſpect, and I felt no ſhame at thouing ſuch a man as that.
I went forthe among the people, and as I paſſed throughe the market and the ſtretes of the towne, euer lokyng aboute me with grete care, leſt I ſholde agayn encountre ſome peryl, thee appeared, from oute of the prees that ſame man whom I ſo dredde. And he was passyng foule was of vyſage, as it ſemed to me, more foule than ony man I had ſene in al my lyf.
He turned hym towarde me and ſayd, “Straunger, wherefore art thou come hydder?”
And I anſwerd hym nott, for I knewe nott what I ſholde ſaye, ne what answere myght ſerue me beſt in ſuche a caas.
Than hee asked me, “Was it for that thou wouldeſt ſee the Maiſter?”
And verely this name dyd me ſore affright, for who was this Maiſter wherof he ſpake? And what maner of man was he, that his very name ſholde be ſpoken wyth ſuche reuerence and drede. I wolde haue fledde but he purſued me and by myn avys he was the ſwifter, for he caught me full ſoone.
I sayd to him, “What meaneſt thou? Who is the Maiſter?”
And he sayd, “I ſhall brynge the vnto hym, and thou ſhalt ſee for thy ſelf what maner of lorde he is.”
But I wolde not, and cryed out ayenſt hym with grete noyſe, leſt he ſholde take me thyder by violence and ayenſt my wille.
Bot þe man wolde me nat abandone þer, ne suffre me to passen forþ. I miȝt nat flee, for hys companiouns, of whom þer were a gret nombre, beſet me aboute, and heelden me faſt þat I ne scholde nat ascapen. And þei weren stronge menn and wel douȝti, of grymme contenaunce and fiers, and armed wiþ swerdes and wiþ knyues, so þat it were gret foly for eny man to wiþstonden hem.
So þei bounden me hond and foot and ledden me to þe one þei callede Maiſter, of whom I hadde herd so muchel and knewe so litel.
Þe sayde Maiſter, what that hee apperid bifore me, was verely a Deuill, or so me þouȝte, for neuer in al my lyf hadde I beholden so foule a creature. Hee bore a blak clok þat heng to þe grounde, and ſpake neuer a worde. Bot his countenaunce was hidous and so dredful þat my blood wexed colde to loken on hym. For he hadde nat þe visage of a man bot of a beest, wiþ þe teeþ and ſnoute of a wulf, scharpe and crueel. And his eres weren longe eres, as of a wulf, and bihynde him þer heng a gret tayl, as wulf haþ. And hys eyen schon in þe derknesse lyke brennyng coles.
Bot þei maden no answer, neyþer good ne yuel. Þei weren stille as stoon, and stoden about me as men þat wayte on þeir lordes commandement.
Þanne after muchel tyme spak þe Maiſter, and his wordes weren colde as wintres is. His vois was as þe crying of rauenes, scharpe and schille, and al þat herde hym weren adrade and durst nat speken.
“I deme þe to þe deeþ, straunger. Here ſchaltou dyen, fer fram þi kynne and fer fram þine owen londe, and non ſchal knowen þi name, ne non schal þe biwepe.”
And I sayde to hym, wiþ what boldenesse I miȝte gaderen, “Whi fareſt þou wiþ me þus? What treſpaas haue I wrouȝt ayeins þe, þat þou demeſt me so harde a dome?”
“Swie!” quoþ he, and smot me wiþ his honde, so þat I fel to þe erþe. And þe blod ran doun from mi mouþe.
And I swied, for þe grete drede þat was icumen vpon mee was more þan I miȝte beren. Mi herte bicam as stoon, and mi lymes weren heuy as leed, and I ne miȝte namore stonden ne spoken.
Þe euele man louȝ, whan that he sawe my peine, and it was a crueel louȝter, wiþouten merci or pitee as of a man þat haþ no rewþe in his herte.
Allas! I scholde neuer hauen icumen to þis toune of Wuluesfleete! Cursed be þe dai and cursed be þe houre þat I first sette foot þerinne!
Hit is muchel to seggen all þat pinunge hie on me uuroȝten, al þar sor and al þat sorȝe. Ne scal ic nefre hit forȝeten, naht uuhiles ic libbe!
Ac þer com me gret sped, and þat was a uuif, strong and stiþ! Heo com in among þe yuele men and me nerede fram heore honden.
Heo sloȝ þe heþene men þat me pyneden, sloȝ hem and fælde hem to þe grunde. Þer was blod and bale inouȝ And hie feollen leien stille, for hie ne miȝten namore stonden. Ac þe Maister, þe uuraþþe Maister, he flaȝ awei in þe deorcnesse and was iseon namore.
Ic seide hire, “Ic þanke þe, leoue uuif, for þu hauest me ineredd from dæðe and from alle mine ifoan!”
Þæt ƿif me andsƿarode and cƿæð, “Ic eom Ælfgifu gehaten. Þu scalt me to ƿife nimen, þeah þe þu hit ne ƿite gyt, for hit is sƿa gedon þæt nan man ne nan ƿif ne mote heonon faren buten þurh þone dæð þæs Hlafordes.”
“Ac þær is gyt mare to donne her, forþi ƿe nabbaþ þone Hlaford ofslagenne. He is strong and sƿiðe yfel, and manige gode men he hæfð fordone on þisse stoƿe.”
And þæt heo sægde wæs eall soþ. Ic ƿifode on hire, and heo ƿæs ful scyne ƿif, ƿis ond ƿælfæst. Ne gemette ic næfre ær sƿylce ƿifman. Heo ƿæs on gefeohte sƿa beald swa ænig mann, and þeah hƿæþere hire andƿlite wæs ƿynsum and fæger.
Ac ƿe naƿiht freo ne sindon, for þy þe ƿe næfre ne mihton fram Ƿulfesfleote geƿitan, nefne ƿe þone Hlaford finden and hine ofslean. Se Hlaford hæfþ þisne stede mid searocræftum gebunden, þæt nan man ne mæg hine forlætan. Ƿe sindon her sƿa fuglas on nette, swa fixas on ƿere.
The blog ends there. No sign-off, no “thanks for reading.” Just a few sentences in a language that most of us lost the ability to follow somewhere around the thirteenth century.
So, how far did you get?
Let me take you back through it.
Written English has been remarkably stable over the last 300 years. Spelling was standardized in the mid-1700s, and grammar has barely changed at all. This means that, if you can read Harry Potter (1997–2003), you can read Robinson Crusoe (1719), which is good news to fans of the English novel.
What has changed is the voice.
Blog post became diary entry became travel letter. The format changed much faster than the language. Compare the very first line, “Well, I finally got to the town everyone has been talking about lately” with the line from the 1800 section, “Hunger, that great leveller, makes philosophers of us all, and renders even the meanest dish agreeable.”
They’re both performances of a sort: the 2000s protagonist is performing for his blog’s audience, so the tone is chatty and personal. The 1800s protagonist, with the mind of a Georgian diarist, is performing for posterity, so he philosophizes.
The one visible change in the language itself is the appearance, in the 1700 passage, of the long s (ſ). This wasn’t a different letter, just a variant form of s used in certain positions within a word. It disappeared fully from English printing in the early 19th century, although its use was dwindling even before that, which is why it does not appear in the 1800 passage. It’s a typographic change rather than a linguistic one, but it’s the first unmistakable sign that the text is getting older.
This is where the ground starts to move under our feet.
Before the mid 1700s, there was no such thing as standardized spelling. Writers spelled words as they heard them, or as they felt like spelling them, which is why the 1500s and 1600s sections look so alien, even when the words, underneath the surface, are ones you know.
For another difficulty, take the word vntroubled from the 1600 section. This is our familiar untroubled, but the u is replaced by a v, because u and v were not yet considered separate letters. They were variants of the same latter, used to represent both sounds. The convention was to write v at the beginning of words and u in the middle, which give us spelling like vnto (unto), euents (events), ouernight (overnight), and howeuer (however). It looks weird at first, but once you know the rule, the words become much more readable.
Another new arrival — or, more accurately, late departure — from the language is the letter thorn (þ), which first appears in the 1400 section. Thorn is simply th. That’s it. Wherever you see þ, read th, and the word will usually reveal itself: þe is the, þei is they, þat is that. If you’ve ever seen a pub called “Ye Olde” anything, that ye is actually þe, an attempt by early printers to write a thorn without having to make an expensive new letter.
Thorn’s companion, yogh (ȝ), is more complicated. It represents sounds that modern English spells as gh or y — so miȝt is might, ȝe is ye. The reasons for this are a story unto themselves.
But the most interesting change in this period isn’t a letter. Rather, it’s a pronoun. Notice the moment in the 1600 section where our blogger meets a farmer and says, “No, I thanke thee.” Then he adds, “I felt no ſhame at thouing ſuch a man as that.”
Thouing. To thou someone, or to use thou when talking to them, was, by the 1600s, a deliberate social statement. Thou was the old singular form of you; you was originally the plural. Over the centuries, you came to be used as a polite singular, much as French uses vous. Gradually, you took over entirely. By Shakespeare’s time (1564–1616), thou survived in two main contexts: intimacy (as in prayer) and insult. Our blogger is being a little rude here. He’s looking down on a man he considers beneath him, and his language gives him a way of making his feelings perfectly clear.
Somewhere in this section — and if you’re like most readers, it happened around 1300 or 1200 — the language crossed a boundary. Up to this point, comprehension felt like it was dropping gradually, but now it’s fallen off a cliff. In one section, you could get by by squinting and guessing; in the next you were utterly lost. You have hit the wall.
There are two reasons for this. The first is vocabulary. As you move backwards in time, the French and Latin loanwords that make up an enormous proportion of the Modern English vocabulary grow fewer and fewer. When you pass 1250, they drop off almost altogether. Where a modern writer would say he underwent torture, a 1200-era writer must say that he suffered pinunge instead.
The farther back you go, the more the familiar Latinate layer of English is stripped away, revealing the Germanic core underneath: a language that looks to modern eyes more like German or Icelandic than anything we’d call English.
The second reason for the difficulty is grammar. Old English (450–1100) was an inflected language: it used endings on nouns, adjectives, and verbs to mark their grammatical roles in a sentence, much as Latin or modern German do. Alongside these endings came a greater freedom in word order, which makes sense given that the endings told you who was doing what to whom.
English lost most of these endings over the course of the period linguists call Middle English (1100–1450), and it tightened its word order as if to compensate. When you look at these final sections, if you can make out the words, you will see the effects of this freer word order. For example, in 1200 we read monige gode men he hæfð fordone ‘many good men he has destroyed’, where we’d expect a Modern English order more like and he has destroyed many good men.
To make matters worse, a few unfamiliar letters also appear: wynn (ƿ) is simply w, eth (ð) means the same as thorn (þ) — both represent th, and ash (æ) represents the vowel in cat and hat.:
All of these factors combined likely made it difficult, if not impossible, to follow the plot. So let me tell you what happened. In the 1400 section, the blogger was seized. He was dragged before a creature they called the Master, and the Master was no man. He had the teeth and snout of a wolf, as well as a wolf’s long ears and great tail. His eyes glowed like burning coals. Wulfleet was once Wulfesfleot ‘the Bay of the Wolf.’
In the 1300 section, the Master condemned our hero to death. In the 1200 section, a woman appeared and killed his captor. The Master, however, fled into the darkness. In the 1100 section, the woman revealed her name: Ælfgifu ‘gift of the elves.’ She told the blogger — can we still call him that in 1100? — they would marry, and she shares the terrible truth about Wulfleet: no one leaves until the Master is dead.
In the 1000 section, they are married. She is, he writes, as bold as any man in battle, and yet fair of face. But they are not free. Together, through the dark streets of Wulfleet, they hunt the Master still.
The English in which I write this paragraph is not the English of fifty years ago, and it will not be the English of fifty years in the future.
Go back far enough, and English writing becomes unrecognisable. Go forward far enough and the same thing will happen, though none of us will be around to notice.
Our poor blogger didn’t notice either, even as he and his language travelled back in time through the centuries. He just kept writing even as he was carried off to somewhere he couldn’t come back from. Some say that, far away in Wulfleet, he’s writing still.
...
Read the original on www.deadlanguagesociety.com »
I desperately need a Matt Levine style explanation of how OAuth works. What is the historical cascade of requirements that got us to this place?
There are plenty of explanations of the inner mechanical workings of OAuth, and lots of explanations about how various flows etc work, but Geoffrey is asking a different question:
What I need is to understand why it is designed this wayconcrete examples of use cases that motivate the design
In the 19 years (!) since I wrote the first sketch of an OAuth specification, there has been a lot of minutiae and cruft added, but the core idea remains the same. Thankfully, it’s a very simple core. Geoffrey’s a very smart guy, and the fact that he’s asking this question made me think it’s time to write down an answer to this.
It’s maybe easiest to start with the Sign-In use-case, which is a much more complicated specification (OpenID Connect) than core OAuth. OIDC uses OAuth under the hood, but helps us get to the heart of what’s actually happening.
We send a secret to a place that only the person trying to identify themselves can access, and they prove that they can access that place by showing us the secret.
The rest is just accumulated consensus, in part bikeshedding (agreeing on vocabulary, etc), part UX, and part making sure that all the specific mechanisms are secure.
There’s also an historical reason to start with OIDC to explain how all this works: in late 2006, I was working on Twitter, and we wanted to support OpenID (then 1.0) so that ahem Twitter wouldn’t become a centralized holder of online identities. After chatting with the OpenID folks, we quickly realized that as it was constructed, we wouldn’t be able to support both desktop clients and web sign-in, since our users wouldn’t have passwords anymore! (mobile apps didn’t exist yet, but weren’t far out). So, in order to allow OpenID sign-in, we needed a way for folks using Twitter via alternative clients to sign in without a password.
There were plenty of solutions for this; Flickr had an approach, AWS had one, delicious had one, lots of sites just let random other apps sign-in to your account with your password, etc, but virtually every site in the “Web 2.0” cohort needed a way to do this. They were all insecure and all fully custom.
Rather than building TwitterAuth, I figured it was time to have a standard. Insert XKCD 927:
Fortunately, the charging one has been solved now that we've all standardized on mini-USB. Or is it micro-USB? Shit.
Thankfully, against all odds, we now have one standard for delegated auth. What it does is very simple:
At its core, OAuth for delegation is a standard way to do the following:
* The first half exists to send, with consent, a multi-use secret to a known delegate.
* The other half of OAuth details how the delegate can use that secret to make subsequent requests on behalf of the person that gave the consent in the first place.
That’s it. The rest is (sadly, mostly necessary) noise.
Obviously, the above elides absolute volumes of detail about how this is done securely and in a consistent interoperable way. This is the unenviable work of standards bodies. I have plenty of opinions on the pros and cons of our current standards bodies, but that’s for another time.
There are very credible arguments that the-set-of-IETF-standards-that-describe-OAuth are less a standard than a framework. I’m not sure that’s a bad thing, though. HTML is a framework, too – not all browsers need to implement all features, by design.
OIDC itself is an interesting thing — immediately after creating OAuth, we realized that we could compose OpenID’s behaviour out of OAuth, even though it was impossible to use OpenID to do what OAuth did. For various social, political, technical, and operational reasons it took the better part of a decade to write down the bits to make that insight a thing that was true in the world. I consider it one of my biggest successes with OAuth that I was in no way involved in that work. I don’t have children, but know all the remarkable and complicated feelings of having created something that takes on a life of its own.
More generally, though, authentication and authorization are complicated, situated beasts, impossible to separate from the UX and architectural concerns of the systems that incorporate them.
The important thing when implementing a standard like OAuth is to understand first what you’re trying to do and why. Once that’s in place, the how is usually a “simple” question of mechanics with fairly constrained requirements. I think that’s what makes Geoffrey’s question so powerful – it digs into the core of the reason why OAuth is often so inscrutable to so many: the complicated machinery of the standard means that the actual goals it encodes are lost.
Hopefully, this post helps clear that up!
...
Read the original on leaflet.pub »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.