Add AP News as your pre­ferred source to see more of our sto­ries on Google.

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

LONDON (AP) — In France, civil ser­vants will ditch Zoom and Teams for a home­grown video con­fer­ence sys­tem. Soldiers in Austria are us­ing open source of­fice soft­ware to write re­ports af­ter the mil­i­tary dropped Microsoft Office. Bureaucrats in a German state have also turned to free soft­ware for their ad­min­is­tra­tive work.

Around Europe, gov­ern­ments and in­sti­tu­tions are seek­ing to re­duce their use of dig­i­tal ser­vices from U. S. Big Tech com­pa­nies and turn­ing to do­mes­tic or free al­ter­na­tives. The push for “digital sov­er­eignty” is gain­ing at­ten­tion as the Trump ad­min­is­tra­tion strikes an in­creas­ingly bel­liger­ent pos­ture to­ward the con­ti­nent, high­lighted by re­cent ten­sions over Greenland that in­ten­si­fied fears that Silicon Valley gi­ants could be com­pelled to cut off ac­cess.

Concerns about data pri­vacy and wor­ries that Europe is not do­ing enough to keep up with the United States and Chinese tech lead­er­ship are also fu­el­ing the drive.

The French gov­ern­ment ref­er­enced some of these con­cerns when it an­nounced last week that 2.5 mil­lion civil ser­vants would stop us­ing video con­fer­ence tools from U. S. providers — in­clud­ing Zoom, Microsoft Teams, Webex and GoTo Meeting — by 2027 and switch to Visio, a home­grown ser­vice.

The ob­jec­tive is “to put an end to the use of non-Eu­ro­pean so­lu­tions, to guar­an­tee the se­cu­rity and con­fi­den­tial­ity of pub­lic elec­tronic com­mu­ni­ca­tions by re­ly­ing on a pow­er­ful and sov­er­eign tool,” the an­nounce­ment said.

“We can­not risk hav­ing our sci­en­tific ex­changes, our sen­si­tive data, and our strate­gic in­no­va­tions ex­posed to non-Eu­ro­pean ac­tors,” David Amiel, a civil ser­vice min­is­ter, said in a press re­lease.

Microsoft said it con­tin­ues to “partner closely with the gov­ern­ment in France and re­spect the im­por­tance of se­cu­rity, pri­vacy, and dig­i­tal trust for pub­lic in­sti­tu­tions.”

The com­pany said it is “focused on pro­vid­ing cus­tomers with greater choice, stronger data pro­tec­tion, and re­silient cloud ser­vices — en­sur­ing data stays in Europe, un­der European law, with ro­bust se­cu­rity and pri­vacy pro­tec­tions.”

Zoom, Webex and GoTo Meeting did not re­spond to re­quests for com­ment.

French President Emmanuel Macron has been push­ing dig­i­tal sov­er­eignty for years. But there’s now a lot more “political mo­men­tum be­hind this idea now that we need to de-risk from U. S. tech,” Nick Reiners, se­nior ge­ot­ech­nol­ogy an­a­lyst at the Eurasia Group.

“It feels kind of like there’s a real zeit­geist shift,” Reiners said

It was a hot topic at the World Economic Forum’s an­nual meet­ing of global po­lit­i­cal and busi­ness elites last month in Davos, Switzerland. The European Commission’s of­fi­cial for tech sov­er­eignty, Henna Virkkunen, told an au­di­ence that Europe’s re­liance on oth­ers “can be weaponized against us.”

“That’s why it’s so im­por­tant that we are not de­pen­dent on one coun­try or one com­pany when it comes to very crit­i­cal fields of our econ­omy or so­ci­ety,” she said, with­out nam­ing coun­tries or com­pa­nies.

A de­ci­sive mo­ment came last year when the Trump ad­min­is­tra­tion sanc­tioned the International Criminal Court’s top pros­e­cu­tor af­ter the tri­bunal, based in The Hague, Netherlands, is­sued an ar­rest war­rant for Israeli Prime Minister Benjamin Netanyahu, an ally of President Donald Trump.

The sanc­tions led Microsoft to can­cel Khan’s ICC email, a move that was first re­ported by The Associated Press and sparked fears of a “kill switch” that Big Tech com­pa­nies can use to turn off ser­vice at will.

Microsoft main­tains it kept in touch with the ICC “throughout the process that re­sulted in the dis­con­nec­tion of its sanc­tioned of­fi­cial from Microsoft ser­vices. At no point did Microsoft cease or sus­pend its ser­vices to the ICC.”

Microsoft President Brad Smith has re­peat­edly sought to strengthen trans-At­lantic ties, the com­pa­ny’s press of­fice said, and pointed to an in­ter­view he did last month with CNN in Davos in which he said that jobs, trade and in­vest­ment. as well as se­cu­rity, would be af­fected by a rift over Greenland.

“Europe is the American tech sec­tor’s biggest mar­ket af­ter the United States it­self. It all de­pends on trust. Trust re­quires di­a­logue,” Smith said.

Other in­ci­dents have added to the move­ment. There’s a grow­ing sense that re­peated EU ef­forts to rein in tech gi­ants such as Google with block­buster an­titrust fines and sweep­ing dig­i­tal rule books haven’t done much to curb their dom­i­nance.

Billionaire Elon Musk is also a fac­tor. Officials worry about re­ly­ing on his Starlink satel­lite in­ter­net sys­tem for com­mu­ni­ca­tions in Ukraine.

Washington and Brussels wran­gled for years over data trans­fer agree­ments, trig­gered by for­mer National Security Agency con­trac­tor Edward Snowden’s rev­e­la­tions of U. S. cy­ber-snoop­ing.

With on­line ser­vices now mainly hosted in the cloud through data cen­ters, Europeans fear that their data is vul­ner­a­ble.

U. S. cloud providers have re­sponded by set­ting up so-called “sovereign cloud” op­er­a­tions, with data cen­ters lo­cated in European coun­tries, owned by European en­ti­ties and with phys­i­cal and re­mote ac­cess only for staff who are European Union res­i­dents.

The idea is that “only Europeans can take de­ci­sions so that they can’t be co­erced by the U. S.,” Reiners said.

The German state of Schleswig-Holstein last year mi­grated 44,000 em­ployee in­boxes from Microsoft to an open source email pro­gram. It also switched from Microsoft’s SharePoint file shar­ing sys­tem to Nextcloud, an open source plat­form, and is even con­sid­er­ing re­plac­ing Windows with Linux and tele­phones and video­con­fer­enc­ing with open source sys­tems.

“We want to be­come in­de­pen­dent of large tech com­pa­nies and en­sure dig­i­tal sov­er­eignty,” Digitalization Minister Dirk Schrödter said in an October an­nounce­ment.

The French city of Lyon said last year that it’s de­ploy­ing free of­fice soft­ware to re­place Microsoft. Denmark’s gov­ern­ment and the cities of Copenhagen and Aarhus have also been try­ing out open-source soft­ware.

“We must never make our­selves so de­pen­dent on so few that we can no longer act freely,” Digital Minister Caroline Stage Olsen wrote on LinkedIn last year. “Too much pub­lic dig­i­tal in­fra­struc­ture is cur­rently tied up with very few for­eign sup­pli­ers.”

The Austrian mil­i­tary said it has also switched to LibreOffice, a soft­ware pack­age with word proces­sor, spread­sheet and pre­sen­ta­tion pro­grams that mir­rors Microsoft 365’s Word, Excel and PowerPoint.

The Document Foundation, a non­profit based in Germany that’s be­hind LibreOffice, said the mil­i­tary’s switch “reflects a grow­ing de­mand for in­de­pen­dence from sin­gle ven­dors.” Reports also said the mil­i­tary was con­cerned that Microsoft was mov­ing file stor­age on­line to the cloud — the stan­dard ver­sion of LibreOffice is not cloud-based.

Some Italian cities and re­gions adopted the soft­ware years ago, said Italo Vignoli, a spokesman for The Document Foundation. Back then, the ap­peal was not need­ing to pay for soft­ware li­censes. Now, it’s the main rea­son is to avoid be­ing locked into a pro­pri­etary sys­tem.

“At first, it was: we will save money and by the way, we will get free­dom,” Vignoli said. “Today it is: we will be free and by the way, we will also save some money.”

Associated Press writer Molly Quell in The Hague, Netherlands con­tributed to this re­port.

This ver­sion cor­rects the con­tri­bu­tion line to Molly Quell in­stead of Molly Hague.

What’s up with all those equals signs any­way? IT”S DOING IT AGAIN!! Books on the Site for Magazines About Comics? There are too many plug stan­dards

What’s up with all those equals signs any­way?For some rea­son or other, peo­ple have been post­ing a lot of ex­cerpts from old emails on Twitter over the last few days. The most vi­tal ques­tion every­body’s ask­ing them­selves is: What’s up with all those equals signs?!And that’s some­thing I’m some­what of an ex­pert on. I mean, hav­ing writ­ten mail read­ers and stuff; not be­cause I’ve been to Caribbean is­lands. I’ve seen peo­ple con­fi­dently claim that it’s a code, or that it’s an arte­fact of scan­ning and then us­ing OCR, but it’s nei­ther — it’s just that who­ever con­verted these emails to a read­able for­mat were mo­rons.What’s that you say? “Converted?! Surely emails are just text!!” Well, if you lived in the stone age (i.e., the 80s), they mostly were, but then peo­ple in­vented things like “long lines” and “rock döts”, and com­put­ers had to “encode” the mail be­fore send­ing.The arte­fact we see here is from some­thing called “quoted print­able”, or as we used to call it when it was in­tro­duced: “Quoted un­read­able”.To take the first line. Whoever wrote this, typed in the fol­low­ing in their mail reader:we talked about de­sign­ing a pig with dif­fer­ent non- cloven hoofs in or­der to make kosher ba­conWe see that that’s quite a long line. Mail servers don’t like that, so mail soft­ware will break it into two lines, like so:we talked about de­sign­ing a pig with dif­fer­ent non- =

cloven hoofs in or­der to make kosher ba­con­See? There’s that equals sign! Yes, the equals sign is used to say “this should re­ally be one sin­gle line, but I’ve bro­ken it in two so that the mail server does­n’t get mad at me”.The for­mal de­f­i­n­i­tion here is im­por­tant, though, so I have to be a bit tech­ni­cal here: To say “this is a con­tin­u­a­tion line”, you in­sert an equals sign, then a car­riage re­turn, and then a line feed.=CRLF… non- =CRLF

cloven hoofs…When dis­play­ing this, we re­move all these three char­ac­ters, and end up

with:… non- cloven hoofs…So what’s hap­pened here? Well, who­ever col­lected these emails first con­verted from CRLF (also known as the “Windows” line end­ing cod­ing, but it’s the stan­dard line end­ing in the SMTP stan­dard) to “NL” (i.e., “Unix” line end­ing cod­ing). This is pretty nor­mal if you want to deal with email. But you then have one byte fewer:… non- =NL

cloven hoofs…If your al­go­rithm to de­code this is, stu­pidly, “find equals signs at the end of the line, and then delete two char­ac­ters, and then fi­nally the equals sign”, you should end up with:… non- loven hoofs…I.e., you lose the “c”. That’s al­most what hap­pened here, but not quite: Why does the equals sign still re­main?This StackOverflow post from 14 years ago ex­plains the phe­nom­e­non, sort of:Ob­vi­ously the client no­tices that = is not fol­lowed by a proper CR LF se­quence, so it as­sumes that it is not a soft line break, but a char­ac­ter en­coded in two hex dig­its, there­fore it reads the next two bytes. It should no­tice that the next two bytes are not valid hex dig­its, so its be­hav­ior is wrong too, but we have to ad­mit that at that point it does not have a chance to dis­play some­thing use­ful. They opted for the garbage in, garbage out ap­proach.That is, equals signs are also used for some­thing else be­sides wrap­ping long lines, and that’s what we see later in the post: =C2 please noteIf the equals sign is not at the end of a line, it’s used to en­code “funny char­ac­ters”, like what you use with “rock döts”. =C2 is 194, which is a first char­ac­ter in a UTF-8 se­quence, and the fol­low­ing char is most likely a =A0: =C2=A0 is “non-breakable space”, which is some­thing peo­ple of­ten use to in­dent text (and the “please note” is in­dented) and you see =A0 in many other places in these emails.My guess is that who­ever did this part just did a search-re­place for =C2 and/​or =A0 in­stead of us­ing a proper de­coder, but other ex­pla­na­tions are cer­tainly pos­si­ble. Any ideas?Any­way, that’s what’s up with those equals signs: 1) “it’s tech­ni­cal”, and 2) “it’s a com­bi­na­tion of buggy con­tin­u­a­tion line de­cod­ing and buggy non-ASCII de­cod­ing”, and 3) “whoever processed these mails are in­com­pe­tent”. I don’t think 2) should be very sur­pris­ing at this point, do you?(Edit a bit later: To nit­pick a bit here: When the stan­dard was writ­ten, peo­ple mostly en­vi­sioned that the quoted-print­able con­tent trans­port en­cod­ing would be un­wound upon re­cep­tion (note “transport”), and that you’d end up with “clean text” on disk af­ter re­cep­tion. This did­n’t re­ally hap­pen, so all “real” im­ple­men­ta­tions do the right thing with sin­gle-char­ac­ter (i.e., “unencoded”) new­lines. For in­stance:(quoted-print­able-de­code-string “he=\nllo”)

=> “hello”Which leads me to as­sume that they reused an algo that was usu­ally run in an SMTP server con­text to do the line un­fold­ing — in that con­text, you can safely as­sume that the line end­ing is a CRLF. And by chance, this algo also works fine if you’re work­ing with a Windows-based file, but fails for a Unix-based file.)

Around January 11, 2026, archive.to­day (aka archive.is, archive.md, etc) started us­ing its users as prox­ies to con­duct a dis­trib­uted de­nial of ser­vice (DDOS) at­tack against Gyrovague, my per­sonal blog. All users en­coun­ter­ing archive.to­day’s CAPTCHA page cur­rently load and ex­e­cute the fol­low­ing Javascript:

set­Inter­val(func­tion() {

fetch(“https://​gy­rovague.com/?​s=” + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {

re­fer­rerPol­icy: “no-referrer”,

mode: “no-cors”

}, 300);

Every 300 mil­lisec­onds, as long as the CAPTCHA page is open, this makes a re­quest to the search func­tion of my blog us­ing a ran­dom string, en­sur­ing the re­sponse can­not be cached and thus con­sumes re­sources.

You can val­i­date this your­self by check­ing the source code and net­work re­quests; if you’re not be­ing redi­rected to the CAPTCHA page, here’s a screen­shot. uBlock Origin also stops the re­quests from be­ing ex­e­cuted, so you may need to turn that off. At time of writ­ing, the code above is lo­cated at line 136 of the CAPTCHA page’s top level HTML file:

So how did we end up here?

On August 5, 2023, I pub­lished a blog post called archive.to­day: On the trail of the mys­te­ri­ous guer­rilla archivist of the Internet. Using what cool kids these days call OSINT, mean­ing pok­ing around with my fa­vorite search en­gine, the post ex­am­ines the his­tory of the site, its tech stack and its fund­ing. The post men­tions three names/​aliases linked to the site, but all of them had been dug up by pre­vi­ous sleuths and the blog post also con­cludes that they are all most likely aliases, so as far as “doxxing” goes, this was­n’t ter­ri­bly ef­fec­tive.

My mo­tives for pub­lish­ing this have been ques­tioned, some­times in fan­ci­ful ways. The ac­tual ra­tio­nale is bor­ingly straight­for­ward: I found it cu­ri­ous that we know so lit­tle about this widely-used ser­vice, so I dug into it, in the same way that pre­vi­ous posts dug into a sketchy crypto coin of­fer­ing, mon­e­ti­za­tion dark pat­terns in a pop­u­lar pay to win game, and the end of sub­way con­struc­tion in Japan. That’s it, and it’s also the only post on my blog that ref­er­ences archive.to­day.

The post gath­ered some 10,000 views and a bit dis­cus­sion on Hacker News, but did­n’t ex­actly set the bl­o­gos­phere on fire. And in­deed, ab­solutely noth­ing hap­pened for the next two years and a bit.

On November 5, 2025, Heise Online re­ported that the FBI was now on the trail of archive.to­day and had sub­poe­naed its do­main reg­is­trar Tucows. Both this re­port and ArsTechnica also linked to my blog post.

On November 13, AdGuard DNS pub­lished an in­ter­est­ing blog post about a sketchy French or­ga­ni­za­tion called Web Abuse Association Defense (WAAD), which was try­ing to pres­sure them into block­ing archive.to­day’s var­i­ous do­mains. An up­date added on November 18 also sug­gests that WAAD is im­per­son­at­ing other peo­ple.

On January 8, 2026, my blog host Automattic (dba WordPress.com) no­ti­fied me that they had re­ceived a GDPR com­plaint from a “Nora Puchreiner”, al­leg­ing that my blog post “contains ex­ten­sive per­sonal data … pre­sented in a nar­ra­tive that is defam­a­tory in tone and con­text”. The com­plaint was en­tirely lack­ing in ac­tion­able de­tail, so I had Gemini com­pose a re­but­tal cit­ing jour­nal­is­tic ex­emp­tion, pub­lic in­ter­est, fail­ure to iden­tify false­hoods, and host pro­tec­tion, and af­ter a quick re­view Automattic sided with me and left the post up. Score one for AI.

On January 10, I re­ceived a po­litely worded email from archive.to­day’s web­mas­ter ask­ing me to take down the post for a few months. Unfortunately the email was clas­si­fied as spam by Gmail and I only spot­ted it five days later. I re­sponded on the 15th and fol­lowed up on the 20th, but did not hear back.

On January 14, a user called “rabinovich” posted Ask HN: Weird archive.to­day be­hav­ior? on Hacker News, ask­ing about the DDOS-like be­hav­ior which they claimed had started three days ago. This is, as far as I can tell, the first pub­lic men­tion of this any­where, and a kind HN user brought it to my at­ten­tion.

On January 21, com­mit ^bbf70ec (warning: very large) added gy­rovague.com to dns-block­lists, used by ad block­ing ser­vices like uBlock Origin. This is ac­tu­ally ben­e­fi­cial, since if you have an ad blocker in­stalled, the DDOS scrip­t’s net­work re­quests are now blocked. (It does not stop users from brows­ing to my blog di­rectly.)

On January 25, I emailed archive.to­day’s web­mas­ter for the third time with a draft of this blog post, de­clin­ing to take down the post but of­fer­ing to “change some word­ing that you feel is be­ing mis­rep­re­sented”. “Nora Puchreiner” re­sponded with an in­creas­ingly un­hinged se­ries of threats:

And threat­en­ing me with Streisand… hav­ing such a no­ble and rare name, which in re­tal­i­a­tion could be used for the name of a scam pro­ject or be­come a by­word for a new cat­e­gory of AI porn… are you se­ri­ous?

If you want to pre­tend this never hap­pened — delete your old ar­ti­cle and post the new one you have promised. And I will not write “an OSINT in­ves­ti­ga­tion” on your Nazi grand­fa­ther, will not vibecode a gy­rovague.gay dat­ing app, etc.

At this point it was pretty clear the con­ver­sa­tion had run its course, so here we are. And for the record, my long-dead grand­fa­ther served in an anti-air­craft unit of the Finnish Army dur­ing WW2, de­fend­ing against the at­tacks of the Soviet Union. Perhaps this is enough to qual­ify as a “Nazi” in Russia these days.

The above are eas­ily ver­i­fi­able facts, al­though you’ll have to trust me on the email bits. (You can find a lightly redacted copy of the en­tire email thread here.) Everything that fol­lows is more spec­u­la­tive and firmly in the do­main of a hall of mir­rors where noth­ing is quite what it seems.

The big ques­tion is, of course, why, and more specif­i­cally why now, 2.5 years af­ter post­ing, when the cat is well and truly out of the bag. As mul­ti­ple peo­ple have noted, there’s noth­ing the Internet loves more than an at­tempt to at­tempt to cen­sor al­ready pub­lished in­for­ma­tion, and do­ing so tends to cause more in­ter­est in that in­for­ma­tion, aka the Streisand ef­fect.

To sum­ma­rize our email thread, the archive.to­day web­mas­ter claims they have no beef with my ar­ti­cle it­self, but they are con­cerned that it’s get­ting mis­quoted in other me­dia, so it should be taken of­fline for a while. And in this Mastodon thread by @eb@so­cial.coop, @iampytest@in­fosec.ex­change quotes claimed cor­re­spon­dence with the web­mas­ter, stat­ing that the pur­pose of the DDOS was to “attract at­ten­tion and in­crease their host­ing bill“.

Call me naive, but I’m in­clined to take that at face value: it’s a pretty mis­guided way of do­ing it, but they cer­tainly caught my at­ten­tion. Problem is, they also caught the at­ten­tion of the broader Internet. They did­n’t do so well on the host­ing bill part ei­ther, since I have a flat fee plan, mean­ing this has cost me ex­actly zero dol­lars.

Perhaps more in­ter­est­ing yet are the var­i­ous iden­ti­ties in­volved.

* “Nora Puchreiner”, who sent the GDRP take­down at­tempt and replied to my emails to archive.to­day, shows up in var­i­ous places on the Internet in­clud­ing Hacker News, com­ment­ing on my orig­i­nal blog post back in 2023. Somebody by that name also has an ac­count on Russian LiveJournal, where they posted cor­re­spon­dence be­tween bt­digg.com and an anti-piracy out­fit called Ventegus. There’s also this rather batty ex­change on KrebsonSecurity, where “Nora Puchreiner” says var­i­ous scam­mers are ac­tu­ally Ukrainian, not Russian, and a “Dennis P” pops up to call her “fake” and a “scammer”.

* “rabinovich” on Hacker News sub­mit­ted both the “Ask HN” about the DDOS at­tack, and an ap­par­ently com­pet­ing archive site called Ghostarchive. As sev­eral HN read­ers noted, the name “Masha Rabinovich” is as­so­ci­ated with archive.to­day.

* “Richard Président” from WAAD help­fully reached out and of­fered to as­sist me with a GDPR counter-com­plaint, rather trans­par­ently men­tion­ing that this could be tied to “a re­quest for iden­tity ver­i­fi­ca­tion”. (I have zero in­ter­est in pur­su­ing this.)

Well, I wish I had one, but at this stage I re­ally don’t. The most char­i­ta­ble in­ter­pre­ta­tion would be that the in­ves­tiga­tive heat is start­ing to get to the web­mas­ter and they’re lash­ing out in mis­guided self-de­fense. Perhaps I’ll just quote Nora’s own post on LiveJournal:

And as the dark­ness closed in, Nora Puchreiner, once a seeker of truth, was swal­lowed by the very shad­ows she had sought to ex­pose. Her name would be whis­pered in hushed tones by those who dared to tread the path of for­bid­den knowl­edge, a cau­tion­ary tale of a mind con­sumed by the cos­mic hor­rors that lie just be­yond our com­pre­hen­sion.

Let’s see what the Internet hive mind comes up with.

Also, for the record, I am gy­rovague-com on Hacker News.

Prior to the es­tab­lish­ment of the Environmental Protection Agency in 1970, Americans lived in com­mu­ni­ties awash with lead from in­dus­trial sources, paint, wa­ter sup­ply pipes and, most sig­nif­i­cantly, tailpipe emis­sions. A dan­ger­ous neu­ro­toxin that ac­cu­mu­lates in hu­man tis­sues and is linked to de­vel­op­men­tal deficits in chil­dren, en­vi­ron­men­tal lead lev­els have come way down in the years since, and so have hu­man ex­po­sures.

The proof is in your hair.

An analy­sis of hair sam­ples con­ducted by University of Utah sci­en­tists shows pre­cip­i­tous re­duc­tions in lead lev­els since 1916.

“We were able to show through our hair sam­ples what the lead con­cen­tra­tions are be­fore and af­ter the es­tab­lish­ment of reg­u­la­tions by the EPA,” said de­mog­ra­pher Ken Smith, a dis­tin­guished pro­fes­sor emer­i­tus of fam­ily and con­sumer stud­ies. “We have hair sam­ples span­ning about 100 years. And back when the reg­u­la­tions were ab­sent, the lead lev­els were about 100 times higher than they are af­ter the reg­u­la­tions.”

The find­ings, which ap­pear in PNAS, un­der­score the vi­tal role of en­vi­ron­men­tal reg­u­la­tions in pro­tect­ing pub­lic health. The study notes lead rules are now be­ing weak­ened by the Trump ad­min­is­tra­tion in a wide-rang­ing move to ease en­vi­ron­men­tal pro­tec­tions.

“We should not for­get the lessons of his­tory. And the les­son is those reg­u­la­tions have been very im­por­tant,” said co-au­thor Thure Cerling, a dis­tin­guished pro­fes­sor of both ge­ol­ogy and bi­ol­ogy. “Sometimes they seem oner­ous and mean that in­dus­try can’t do ex­actly what they’d like to do when they want to do it or as quickly as they want to do it. But it’s had re­ally, re­ally pos­i­tive ef­fects.”

Lead is the heav­i­est of heavy met­als that, like mer­cury and ar­senic, ac­cu­mu­late in liv­ing tis­sue and are toxic at even low lev­els. Yet lead holds very use­ful prop­er­ties, great for fash­ion­ing into pipes and as a chem­i­cal ad­di­tive. Lead was added to paint to im­prove dura­bil­ity, speed up dry­ing, and pro­duce vi­brant col­ors with greater cov­er­age. Lead also im­proved the per­for­mance of au­to­mo­bile en­gines by pre­vent­ing pis­tons from “knocking.”

By the 1970s, its tox­i­c­ity be­came well es­tab­lished, and EPA reg­u­la­tions be­gan phas­ing it out of paint, pipes, gaso­line and other con­sumer prod­ucts.

To doc­u­ment whether these steps were help­ing re­duce lead ex­po­sure in peo­ple, Smith joined with ge­ol­o­gist Diego Fernandez and Cerling, who had de­vel­oped tech­niques to dis­cern where an­i­mals have lived and what they eat based on chem­i­cal analy­sis of hair and teeth.

The lead re­search is built on a pre­vi­ous study funded by the uni­ver­si­ty’s Center on Aging and the National Institutes of Health that had re­cruited Utahns who con­sented to pro­vide blood sam­ples and fam­ily health his­to­ries.

For the new study, the re­searchers asked mem­bers of that co­hort to pro­vide hair sam­ples, both con­tem­po­rary and from when they were young. These peo­ple obliged, and some were able to find an­ces­tors’ hair pre­served in fam­ily scrap­books dat­ing as far back as a cen­tury. In all, the team ac­quired hair sam­ples from 48 in­di­vid­u­als in this man­ner, of­fer­ing a ro­bust win­dow into lead lev­els along Utah’s pop­u­lous Wasatch Front, which his­tor­i­cally ex­pe­ri­enced heavy lead emis­sions from in­dus­trial sources.

“The Utah part of this is so in­ter­est­ing be­cause of the way peo­ple keep track of their fam­ily his­tory. I don’t know that you could do this in New York or Florida,” said Smith, who di­rected the U’s Pedigree and Population Program at the Huntsman Cancer Center while these stud­ies were con­ducted.

This re­gion sup­ported a vi­brant smelt­ing in­dus­try through most of the 20th cen­tury, cen­tered in the cities of Midvale and Murray. Most of Utah’s smelters were shut­tered by the 1970s, around the same time the EPA clamped down on the use of lead in con­sumer prod­ucts.

The re­search team ran the hair sam­ples through mass spec­trom­e­try equip­ment at the fa­cil­ity di­rected by Fernandez.

“The sur­face of the hair is spe­cial. We can tell that some el­e­ments get con­cen­trated and ac­cu­mu­lated on the sur­face. Lead is one of those. That makes it eas­ier be­cause lead is not lost over time,” said Fernandez, a re­search pro­fes­sor in the Department of Geology & Geophysics. “Because mass spec­trom­e­try is very sen­si­tive, we can do it with one hair strand, though we can­not tell where the lead is in the hair. It’s prob­a­bly on the sur­face mostly, but it could also be com­ing from the blood if that hair was syn­the­sized when there was high lead in the blood.”

Blood would pro­vide a bet­ter ex­po­sure as­sess­ment, but hair is far eas­ier to col­lect and pre­serve, and more im­por­tantly, it of­fers clues to long-ago ex­po­sures for a per­son who has grown up or even de­ceased.

“It does­n’t re­ally record that in­ter­nal blood con­cen­tra­tion that your brain is see­ing, but it tells you about that over­all en­vi­ron­men­tal ex­po­sure,” Cerling said. “One of the things that we found is that hair records that orig­i­nal value, but then the longer the hair has been ex­posed to the en­vi­ron­ment, the higher the lead con­cen­tra­tions are.”

The team’s find­ings re­gard­ing lead in hair run par­al­lel to the re­duc­tions of lead in gaso­line fol­low­ing the EPA’s es­tab­lish­ment by President Richard Nixon.

Prior to 1970, for ex­am­ple, gaso­lines con­tained about 2 grams of lead per gal­lon. That might not sound like much, but con­sid­er­ing the bil­lions of gal­lons of fuel American au­to­mo­biles burn each year, it adds up to nearly 2 pounds of lead re­leased into the en­vi­ron­ment per per­son a year.

’It’s an enor­mous amount of lead that’s be­ing put into the en­vi­ron­ment and quite lo­cally,” Cerling said. “It’s just com­ing out of the tailpipe, goes up in the air and then it comes down. It’s in the air for a num­ber of days, es­pe­cially dur­ing the in­ver­sions that we have and it ab­sorbs into your hair, you breathe it and it goes into your lungs.”

But af­ter the 1970s, even as gaso­line con­sump­tion es­ca­lated in the United States, the con­cen­tra­tions of lead in the hair sam­ples plum­meted, from as high as 100 parts per mil­lion (ppm) to 10 ppm by 1990. In 2024, the level was less than 1 ppm.

The study, ti­tled “Lead in archived hair doc­u­ments de­cline in hu­man lead (Pb) ex­po­sure since es­tab­lish­ment of the US Environmental Protection Agency,” was pub­lished Feb. 2 in PNAS, or Proceedings of the National Academy of Sciences. Support came from the Huntsman Cancer Foundation and the National Cancer Institute through a grant to the Utah Population Database and the University of Utah.

Over the past year, we’ve seen a shift in what Deno Deploy cus­tomers are build­ing: plat­forms where users gen­er­ate code with LLMs, and that code runs im­me­di­ately with­out re­view. That code fre­quently calls LLMs it­self, which means it needs API keys and net­work ac­cess.

This is­n’t the tra­di­tional “run un­trusted plu­g­ins” prob­lem. It’s deeper: LLM-generated code, call­ing ex­ter­nal APIs with real cre­den­tials, with­out hu­man re­view. Sandboxing the com­pute is­n’t enough. You need to con­trol net­work egress and pro­tect se­crets from ex­fil­tra­tion.

Deno Sandbox pro­vides both. And when the code is ready, you can de­ploy it di­rectly to Deno Deploy with­out re­build­ing.

You don’t want to run un­trusted code (generated by your LLMs, your users LLMs, or even hand writ­ten by users) di­rectly on your server. It will com­pro­mise your sys­tem, steal your API keys, and call out to evil.com. You need iso­la­tion.

Deno Sandbox gives you light­weight Linux mi­croVMs (running in the Deno Deploy cloud) to run un­trusted code with de­fense-in-depth se­cu­rity. You cre­ate or pro­gram­mat­i­cally via our JavaScript or Python SDKs, and they boot in un­der a sec­ond. You can also in­ter­act with them via SSH, HTTP, or even open a VS Code win­dow di­rectly into the sand­box.

im­port { Sandbox } from “@deno/sandbox”;

await us­ing sand­box = await Sandbox.create();

await sand­box.sh`ls -lh /`;

But there is more. In Deno Sandbox, se­crets never en­ter the en­vi­ron­ment. Code sees only a place­holder:

im­port { Sandbox } from “@deno/sandbox”;

await us­ing sand­box = await Sandbox.create({

se­crets: {

OPENAI_API_KEY: {

hosts: [“api.openai.com”],

value: process.env.OPE­NAI_API_KEY,

await sand­box.sh`echo $OPENAI_API_KEY`;

// DENO_SECRET_PLACEHOLDER_b14043a2f578cba75ebe04791e8e2c7d4002fd0c1f825e19…

The real key ma­te­ri­al­izes only when the sand­box makes an out­bound re­quest to an ap­proved host. If prompt-in­jected code tries to ex­fil­trate that place­holder to

evil.com? Useless.

You can also re­strict which hosts the sand­box can talk to:

await us­ing sand­box = await Sandbox.create({

al­lowNet: [“api.openai.com”, “*.anthropic.com”],

Any re­quest to an un­listed host gets blocked at the VM bound­ary.

Both fea­tures are im­ple­mented via an out­bound proxy sim­i­lar to

coder/​http­jail. This gives us a choke­point for pol­icy en­force­ment. We plan to add more ca­pa­bil­i­ties here: an­a­lyt­ics for out­bound con­nec­tions and pro­gram­matic hooks for trusted code to in­spect or mod­ify re­quests.

If you’re run­ning un­trusted JavaScript or TypeScript, com­bine this with Deno’s

–allow-net flag for de­fense in depth: VM-level net­work re­stric­tions plus run­time-level per­mis­sions.

sand­box.de­ploy() de­ploys code from your sand­box di­rectly to Deno Deploy.

const build = await sand­box.de­ploy(“my-app”, {

pro­duc­tion: true,

build: { mode: “none”, en­try­point: “server.ts” },

const re­vi­sion = await build.done;

con­sole.log(re­vi­sion.url);

One call to go from sand­box to pro­duc­tion de­ploy­ment. No re­build­ing in a dif­fer­ent CI sys­tem, no re-au­then­ti­cat­ing with a dif­fer­ent tool. Just turn your dev en­vi­ron­ment di­rectly into a pro­duc­tion ready, auto-scal­ing server­less de­ploy­ment.

Sandboxes are ephemeral by de­fault, but when you need state we have you cov­ered:

Run apt-get in­stall once, snap­shot it, and every fu­ture sand­box boots with every­thing al­ready in­stalled. Create read-write vol­umes from the snap­shots to cre­ate a fresh de­vel­op­ment en­vi­ron­ment in sec­onds.

Deno Sandbox is in­cluded in your Deno Deploy plan with com­pet­i­tive, us­age-based pric­ing. You pay for com­pute time, not wall-clock time.

We’re ex­cited to see what you (or your AI agents) build with Deno Sandbox.

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

PARIS (AP) — French pros­e­cu­tors raided the of­fices of so­cial me­dia plat­form X on Tuesday as part of a pre­lim­i­nary in­ves­ti­ga­tion into al­le­ga­tions that in­clude spread­ing child sex­ual abuse im­ages and deep­fakes. They have also sum­moned bil­lion­aire owner Elon Musk for ques­tion­ing.

X and Musk’s ar­ti­fi­cial in­tel­li­gence com­pany xAI also face in­ten­si­fy­ing scrutiny from Britain’s data pri­vacy reg­u­la­tor, which opened for­mal in­ves­ti­ga­tions into how they han­dled per­sonal data when they de­vel­oped and de­ployed Musk’s ar­ti­fi­cial in­tel­li­gence chat­bot Grok.

Grok, which was built by xAI and is avail­able through X, sparked global out­rage last month af­ter it pumped out a tor­rent of sex­u­al­ized non­con­sen­sual deep­fake im­ages in re­sponse to re­quests from X users.

The French in­ves­ti­ga­tion was opened in January last year by the pros­e­cu­tors’ cy­ber­crime unit, the Paris pros­e­cu­tors’ of­fice said in a state­ment. It’s look­ing into al­leged “complicity” in pos­sess­ing and spread­ing porno­graphic im­ages of mi­nors, sex­u­ally ex­plicit deep­fakes, de­nial of crimes against hu­man­ity and ma­nip­u­la­tion of an au­to­mated data pro­cess­ing sys­tem as part of an or­ga­nized group, among other charges.

Prosecutors asked Musk and for­mer CEO Linda Yaccarino to at­tend “voluntary in­ter­views” on April 20. Employees of X have also been sum­moned that same week to be heard as wit­nesses, the state­ment said. Yaccarino was CEO from May 2023 un­til July 2025.

In a post on its own ser­vice deny­ing the al­le­ga­tions, X railed against the raid on its Paris of­fice as “an abu­sive act of law en­force­ment the­ater de­signed to achieve il­le­git­i­mate po­lit­i­cal ob­jec­tives rather than ad­vance le­git­i­mate law en­force­ment goals rooted in the fair and im­par­tial ad­min­is­tra­tion of jus­tice.”

In a mes­sage posted on X, the Paris pros­e­cu­tors’ of­fice an­nounced the on­go­ing searches at the com­pa­ny’s of­fices in France and said it was leav­ing the plat­form while call­ing on fol­low­ers to join it on other so­cial me­dia.

“At this stage, the con­duct of the in­ves­ti­ga­tion is based on a con­struc­tive ap­proach, with the aim of ul­ti­mately en­sur­ing that the X plat­form com­plies with French law, as it op­er­ates on the na­tional ter­ri­tory,” the pros­e­cu­tors’ state­ment said.

European Union po­lice agency Europol “is sup­port­ing the French au­thor­i­ties in this,” Europol spokesper­son Jan Op Gen Oorth told the AP, with­out elab­o­rat­ing.

French au­thor­i­ties opened their in­ves­ti­ga­tion af­ter re­ports from a French law­maker al­leg­ing that bi­ased al­go­rithms on X likely dis­torted the func­tion­ing of an au­to­mated data pro­cess­ing sys­tem.

It ex­panded af­ter Grok gen­er­ated posts that al­legedly de­nied the Holocaust, a crime in France, and spread sex­u­ally ex­plicit deep­fakes, the state­ment said.

Grok wrote in a widely shared post in French that gas cham­bers at the Auschwitz-Birkenau death camp were de­signed for “disinfection with Zyklon B against ty­phus” rather than for mass mur­der — lan­guage long as­so­ci­ated with Holocaust de­nial.

In later posts on X, the chat­bot re­versed it­self and ac­knowl­edged that its ear­lier re­ply was wrong, say­ing it had been deleted and pointed to his­tor­i­cal ev­i­dence that Zyklon B was used to kill more than 1 mil­lion peo­ple in Auschwitz gas cham­bers.

The chat­bot also ap­peared to praise Adolf Hitler last year, in com­ments that X took down af­ter com­plaints.

In Britain, the Information Commissioner’s Office said it’s look­ing into whether X and xAI fol­lowed the law when pro­cess­ing per­sonal data and whether Grok had any mea­sures in place to pre­vent its use to gen­er­ate “harmful ma­nip­u­lated im­ages.”

“The re­ports about Grok raise deeply trou­bling ques­tions about how peo­ple’s per­sonal data has been used to gen­er­ate in­ti­mate or sex­u­alised im­ages with­out their knowl­edge or con­sent, and whether the nec­es­sary safe­guards were put in place to pre­vent this,” said William Malcolm, an ex­ec­u­tive di­rec­tor at the watch­dog.

He did­n’t spec­ify what the penalty would be if the probe found the com­pa­nies did­n’t com­ply with data pro­tec­tion laws.

A sep­a­rate in­ves­ti­ga­tion into Grok launched last month by the U. K. me­dia reg­u­la­tor, Ofcom, is on­go­ing.

Ofcom said Tuesday it’s still gath­er­ing ev­i­dence and warned the probe could take months.

X has also been un­der pres­sure from the EU. The 27-nation bloc’s ex­ec­u­tive arm opened an in­ves­ti­ga­tion last month af­ter Grok spewed non­con­sen­sual sex­u­al­ized deep­fake im­ages on the plat­form.

Brussels has al­ready hit X with a 120-million euro (then-$140 mil­lion) fine for short­com­ings un­der the bloc’s sweep­ing dig­i­tal reg­u­la­tions, in­clud­ing blue check­marks that broke the rules on “deceptive de­sign prac­tices” that risked ex­pos­ing users to scams and ma­nip­u­la­tion.

On Monday, Musk ’s space ex­plo­ration and rocket busi­ness, SpaceX, an­nounced that it ac­quired xAI in a deal that will also com­bine Grok, X and his satel­lite com­mu­ni­ca­tion com­pany Starlink.

Associated Press writ­ers Nicolas Vaux-Montagny in Lyon, France, Mike Corder in The Hague, Netherlands, Sylvia Hui and Kelvin Chan in London con­tributed to this re­port.

When AI sys­tems fail, will they fail by sys­tem­at­i­cally pur­su­ing goals we do not in­tend? Or will they fail

by be­ing a hot mess—tak­ing non­sen­si­cal ac­tions that do not fur­ther any goal?

Research done as part of the first Anthropic Fellows

Program dur­ing Summer 2025.

When AI sys­tems fail, will they fail by sys­tem­at­i­cally pur­su­ing the wrong goals, or by be­ing a hot mess? We de­com­pose the er­rors of fron­tier rea­son­ing mod­els into bias (systematic) and vari­ance (incoherent) com­po­nents and find that, as tasks get harder and rea­son­ing gets longer, model fail­ures be­come in­creas­ingly dom­i­nated by in­co­her­ence rather than sys­tem­atic mis­align­ment. This sug­gests that fu­ture AI fail­ures may look more like in­dus­trial ac­ci­dents than co­her­ent pur­suit of a goal we did not train them to pur­sue.

As AI be­comes more ca­pa­ble, we en­trust it with in­creas­ingly con­se­quen­tial tasks. This makes un­der­stand­ing how these sys­tems might fail even more crit­i­cal for safety. A cen­tral con­cern in AI align­ment is that su­per­in­tel­li­gent sys­tems might co­her­ently pur­sue mis­aligned goals: the clas­sic pa­per­clip

max­i­mizer sce­nario. But there’s an­other pos­si­bil­ity: AI might fail not through sys­tem­atic mis­align­ment, but through in­co­her­ence—un­pre­dictable, self-un­der­min­ing be­hav­ior that does­n’t op­ti­mize for any con­sis­tent ob­jec­tive. That is, AI might fail in the same way that hu­mans of­ten fail, by be­ing a hot mess.

This pa­per builds on the hot mess the­ory

of mis­align­ment (Sohl-Dickstein, 2023), which sur­veyed ex­perts to rank var­i­ous en­ti­ties (including hu­mans, an­i­mals, ma­chine learn­ing mod­els, and or­ga­ni­za­tions) by in­tel­li­gence and co­her­ence in­de­pen­dently. It found that smarter en­ti­ties are sub­jec­tively judged to be­have less co­her­ently. We take this hy­poth­e­sis from sur­vey data to em­pir­i­cal mea­sure­ment across fron­tier AI sys­tems, ask­ing: As mod­els be­come more

in­tel­li­gent and tackle harder tasks, do their

fail­ures look more like sys­tem­atic mis­align­ment, or more like a hot mess?

To quan­tify in­co­her­ence we de­com­pose AI er­rors us­ing the clas­sic bias-vari­ance frame­work:

We de­fine in­co­her­ence as the frac­tion of er­ror at­trib­ut­able to vari­ance:

An in­co­her­ence of 0 means all er­rors are sys­tem­atic (classic mis­align­ment risk). An in­co­her­ence of 1 means all er­rors are ran­dom (the hot mess sce­nario). Crucially, this met­ric is in­de­pen­dent of over­all per­for­mance: a model can im­prove while be­com­ing more or less co­her­ent.

Figure 1: AI can fail through bias (consistent but

wrong) or vari­ance (inconsistent). We

mea­sure how this de­com­po­si­tion changes with model in­tel­li­gence and task com­plex­ity.

We eval­u­ated fron­tierAt the time of

this re­search in Summer 2025. rea­son­ing mod­els (Claude Sonnet 4, o3-mini, o4-mini, Qwen3) across mul­ti­ple-choice bench­marks (GPQA, MMLU), agen­tic cod­ing (SWE-Bench), and safety eval­u­a­tions (Model-Written Evals). We also train our own small mod­els on syn­thetic op­ti­miza­tion tasks, which makes the con­nec­tion to LLMs as dy­nam­i­cal sys­tems and op­ti­miz­ers ex­plicit.

Across all tasks and mod­els, the longer mod­els spend rea­son­ing and tak­ing ac­tions, the more in­co­her­ent they be­come. This holds whether we mea­sure rea­son­ing to­kens, agent ac­tions, or op­ti­mizer steps.

Figure 2: Incoherence in­creases with rea­son­ing

length across GPQA, SWE-Bench, safety

eval­u­a­tions, and syn­thetic op­ti­miza­tion. Models be­come less pre­dictable the more they “think.”

How does in­co­her­ence change with model scale? The an­swer de­pends on task dif­fi­culty:

This sug­gests that scal­ing alone won’t elim­i­nate in­co­her­ence. As more ca­pa­ble mod­els tackle harder prob­lems, vari­ance-dom­i­nated fail­ures per­sist or worsen.

Figure 3: Larger and more in­tel­li­gent sys­tems are

of­ten more in­co­her­ent. For LLMs on

easy tasks, scale re­duces in­co­her­ence, but on hard tasks, scale does not re­duce in­co­her­ence or even

in­creases it.

We find that when mod­els spon­ta­neously rea­son longer on a prob­lem (compared to their me­dian), in­co­her­ence spikes dra­mat­i­cally. Meanwhile, de­lib­er­ately in­creas­ing rea­son­ing bud­gets through API set­tings pro­vides only mod­est co­her­ence im­prove­ments. The nat­ural vari­a­tion dom­i­nates.

Aggregating mul­ti­ple sam­ples re­duces vari­ance (as ex­pected from the­ory), pro­vid­ing a path to more co­her­ent be­hav­ior, though this may be im­prac­ti­cal for real-world agen­tic tasks where ac­tions are ir­re­versible.

A key con­cep­tual point: LLMs are dy­nam­i­cal sys­tems, not op­ti­miz­ers. When a lan­guage model gen­er­ates text or takes ac­tions, it traces tra­jec­to­ries through a high-di­men­sional state space. It has to be trained to act as an op­ti­mizer, and trained to align with hu­man in­tent. It’s un­clear which of these prop­er­ties will be more ro­bust as we scale.

Constraining a generic dy­nam­i­cal sys­tem to act as a co­her­ent op­ti­mizer is ex­tremely dif­fi­cult. Often the num­ber of con­straints re­quired for mo­not­o­nic progress to­ward a goal grows ex­po­nen­tially with the di­men­sion­al­ity of the state space. We should­n’t ex­pect AI to act as co­her­ent op­ti­miz­ers with­out con­sid­er­able ef­fort, and this dif­fi­culty does­n’t au­to­mat­i­cally de­crease with scale.

To probe this di­rectly, we de­signed a con­trolled ex­per­i­ment: train trans­form­ers to ex­plic­itly

em­u­late an op­ti­mizer. We gen­er­ate train­ing data from steep­est de­scent on a qua­dratic loss func­tion, then train mod­els of vary­ing sizes to pre­dict the next op­ti­miza­tion step given the cur­rent state (essentially: train­ing a “mesa-optimizer”).

Figure 4: Synthetic op­ti­mizer ex­per­i­ment. (Left)

Models are trained to pre­dict op­ti­mizer

up­date steps. (Right) Larger mod­els re­duce bias much faster than vari­ance - they learn to tar­get the

cor­rect ob­jec­tive bet­ter than they learn to be re­li­able op­ti­miz­ers.

* Incoherence grows with tra­jec­tory length. Even in this

ide­al­ized set­ting, the more op­ti­miza­tion steps mod­els take (and get closer to the cor­rect so­lu­tion), the

more in­co­her­ent they be­come.

* Scale re­duces bias faster than vari­ance. Larger mod­els learn

the cor­rect ob­jec­tive more quickly than they learn to re­li­ably pur­sue it. The gap

be­tween “knowing what to do” and “consistently do­ing it” grows with scale.

Our re­sults are ev­i­dence that fu­ture AI fail­ures may look more like in­dus­trial ac­ci­dents than co­her­ent pur­suit of goals that were not trained for. (Think: the AI in­tends to run the nu­clear power plant, but gets dis­tracted read­ing French po­etry, and there is a melt­down.) However, co­her­ent pur­suit of poorly cho­sen goals that we trained for re­mains a prob­lem. Specifically:

Variance dom­i­nates on com­plex tasks. When fron­tier mod­els

fail on dif­fi­cult prob­lems re­quir­ing ex­tended rea­son­ing, there is a ten­dency for fail­ures to be

pre­dom­i­nantly in­co­her­ent rather than sys­tem­atic.

Scale does­n’t im­ply su­per­co­her­ence. Making mod­els larger im­proves

over­all ac­cu­racy but does­n’t re­li­ably re­duce in­co­her­ence on hard prob­lems.

This shifts align­ment pri­or­i­ties. If ca­pa­ble AI is more

likely to be a hot mess than a co­her­ent op­ti­mizer of the wrong goal, this in­creases the rel­a­tive

im­por­tance of re­search tar­get­ing re­ward hack­ing and goal mis­spec­i­fi­ca­tion dur­ing

train­ing—the bias term—rather than fo­cus­ing pri­mar­ily on align­ing and con­strain­ing a per­fect op­ti­mizer.

Unpredictability is still dan­ger­ous. Incoherent AI is­n’t

safe AI. Industrial ac­ci­dents can cause se­ri­ous harm. But the type of risk dif­fers from clas­sic

mis­align­ment sce­nar­ios, and our mit­i­ga­tions should adapt ac­cord­ingly.

We use the bias-vari­ance de­com­po­si­tion to sys­tem­at­i­cally study how AI in­co­her­ence scales with model in­tel­li­gence and task com­plex­ity. The ev­i­dence sug­gests that as AI tack­les harder prob­lems re­quir­ing more rea­son­ing and ac­tion, its fail­ures tend to be­come in­creas­ingly dom­i­nated by vari­ance rather than bias. This does­n’t elim­i­nate AI risk—but it changes what that risk looks like, par­tic­u­larly for prob­lems that are cur­rently hard­est for mod­els, and should in­form how we pri­or­i­tize align­ment re­search.

We thank Andrew Saxe, Brian Cheung, Kit Frasier-Taliente, Igor Shilov, Stewart Slocum, Aidan Ewart, David Duvenaud, and Tom Adamczewski for ex­tremely help­ful dis­cus­sions on top­ics and re­sults in this pa­per.

Meet Bunny Database: the SQL ser­vice that just works­Don’t want to babysit your app data­base on a VM but not will­ing to pay the DBaaS tax ei­ther? We’re build­ing a third way. Today, we’re launch­ing Bunny Database as a pub­lic pre­view: a SQLite-compatible man­aged ser­vice that spins down when idle, keeps la­tency low wher­ever your users are, and does­n’t cost a for­tune.So what’s the deal with data­base ser­vices in 2026?It’s be­come clear by now that the DBaaS plat­forms that gar­nered the love of so many devs are all go­ing up­mar­ket. Removing or dumb­ing down free tiers, charg­ing for un­used ca­pac­ity, charg­ing ex­tra for small fea­tures, or bundling them in higher tiers — you al­ready know the drill.Hard to blame any­one for grow­ing their busi­ness, but it does­n’t feel right when these ser­vices stop mak­ing sense for the very peo­ple who helped pop­u­lar­ize them in the first place.So where does that leave you?Like SQLite, but for the web­Not every pro­ject needs Postgres, and that’s okay. Sometimes you just want a sim­ple, re­li­able data­base that you can spin up quickly and build on, with­out wor­ry­ing it’ll hit your wal­let like an EC2.That’s what we built Bunny Database for.What you get:One-click de­ploy­ment: just name your data­base and go, no con­fig need­ed­Lan­guage-spe­cific tool­ing: SDKs for TS/JS, Go, Rust, and .NET help you han­dle the bor­ing bit­sLow la­tency any­where: repli­ca­tion re­gions let you serve reads close to your user­sWorks over HTTP: wire up any­thing you’d like­Data­base ed­i­tor: in­sert data or run queries on the spotAfford­able, pay-as-you-go pric­ing: only pay for what you use, but with­out the server­less taxGet the full tour in­clud­ing how to con­nect Bunny Database to your app in this quick demo from our DX Engineer, Jamie Barton:

Why care about data­base la­tency any­way?You prob­a­bly op­ti­mize the heck out of your fron­tend, APIs, and caching lay­ers, all for the sake of de­liv­er­ing an ex­pe­ri­ence that feels in­stant to your users. But when your data­base is far away from them, round-trip time starts to add no­tice­able la­tency.The usual fix is to in­tro­duce more caching lay­ers, de­nor­mal­ized reads, or other workarounds. That’s ob­vi­ously no fun.And when you think about it, devs end up do­ing this be­cause the pop­u­lar DBaaS plat­forms are usu­ally ei­ther lim­ited, com­plex, or too costly when it comes to multi-re­gion de­ploy­ments. So what looks like a caching prob­lem is ac­tu­ally a data lo­cal­ity is­sue.OK, but how bad can it re­ally be?To find out, we ran a read la­tency bench­mark and mea­sured p95 la­tency in Bunny Database.We picked a num­ber of re­gions across the world and com­pared round-trip time for client lo­ca­tions ever far­ther away from the data­base in:Turns out serv­ing reads close to clients re­duced la­tency by up to 99%.Check out the full write-up on the bench­mark setup and re­sults here.While this def­i­nitely mat­ters most to apps with global users, data lo­cal­ity does ap­ply to every­one. With Bunny Database, you don’t have to stick to ma­jor data cen­ter lo­ca­tions and com­pen­sate with caching workarounds any more. Instead, you get a lot of flex­i­bil­ity to set up re­gions in an in­tu­itive in­ter­face and it’s easy to switch things up as your re­quire­ments change.Au­to­matic re­gion se­lec­tion gives you one-click de­ploy­ment with min­i­mal la­tency. Bunny Database will se­lect re­gions for you based on your IP ad­dress (you can check and tweak the se­lec­tion in set­tings later).Sin­gle-re­gion de­ploy­ment lets you pick one of 41 re­gions avail­able world­wide (check the full list here).Man­ual re­gion se­lec­tion gives you cus­tom multi-re­gion setup, where you can freely pick re­gions that make the most sense for your au­di­ence.All of this lets you start wher­ever you’d like and add re­gions as needed, with­out re-ar­chi­tect­ing your app.Us­age-based pric­ing, but with­out the server­less taxIn the data­base world, ca­pac­ity-based pric­ing gives you some pre­dictabil­ity. But no one likes to pay for un­used ca­pac­ity, right?Server­less, on the other hand, is sup­posed to be cost-ef­fi­cient, yet can rack up bills quickly, es­pe­cially when the DBaaS charges sig­nif­i­cant markups on top of al­ready pricey com­pute.We don’t do hy­per­scalers, though, so we can charge a fair price for Bunny Database in a us­age-based model.When not get­ting re­quests, Bunny Database only in­curs stor­age costs. One pri­mary re­gion is charged con­tin­u­ously, while read repli­cas only add stor­age costs when serv­ing traf­fic (metered by the hour)Your us­age is charged con­tin­u­ously (pay-as-you-go) and in­voiced month­ly­Dur­ing the pub­lic pre­view phase, Bunny Database is free.Wait, what does “SQLite-compatible” ac­tu­ally mean?Bunny Database would­n’t be pos­si­ble with­out lib­SQL, the open-source, open-con­tri­bu­tion fork of SQLite cre­ated by Turso.We run Bunny Database on our own fork of lib­SQL, which gives us the free­dom to in­te­grate it tightly with the bunny.net plat­form and han­dle the in­fra­struc­ture and or­ches­tra­tion needed to run it as a man­aged, multi-re­gion ser­vice.What does this mean for Bunny Database’s up­stream fea­ture par­ity with lib­SQL and SQLite, re­spec­tively?The short an­swer is that we don’t cur­rently promise au­to­matic or com­plete fea­ture par­ity with ei­ther up­stream lib­SQL or the lat­est SQLite re­leases.While lib­SQL aims to stay com­pat­i­ble with SQLite’s API and file for­mat, it does­n’t move in lock­step with up­stream SQLite. We would­n’t ex­pect oth­er­wise, es­pe­cially as Turso has shifted fo­cus from lib­SQL to­ward a long-term rewrite of SQLite in Rust.For Bunny Database, this means that com­pat­i­bil­ity to­day is de­fined by the lib­SQL ver­sion we’re built on, rather than by chas­ing every up­stream SQLite or lib­SQL change as it lands. We haven’t pulled in any up­stream changes yet, and we don’t cur­rently treat up­stream par­ity as an au­to­matic goal.That’s in­ten­tional. Our fo­cus so far has been on mak­ing Bunny Database re­li­able and easy to op­er­ate as a ser­vice. We think bring­ing in up­stream changes only makes sense when they clearly im­prove real-world use cases, not just to tick a par­ity check­box.If there are spe­cific lib­SQL fea­tures you’d like to see ex­posed in Bunny Database, or re­cent SQLite fea­tures you’d want us to pull in, we’d love to hear about it. Join our Discord to dis­cuss your use cases and help shape the roadmap!Speak­ing of the roadmap, we don’t stop cook­ing. Here’s what’s com­ing up next:There’s even more to come, but it’s too soon to spill the beans yet, es­pe­cially while we’re in pub­lic pre­view. We’d love to hear your feed­back, so we can shape what ships next to­gether.Bunny Database works stand­alone and fits right into your stack via the SDKs (or you can hook up any­thing us­ing the HTTP API). But it also plays nicely with Bunny Edge Scripting and Bunny Magic Containers.To con­nect your data­base to an Edge Script or a Magic Containers app, sim­ply go to the Access tab of the cho­sen data­base and click Generate Tokens to cre­ate new ac­cess cre­den­tials for it.Once they’re gen­er­ated, you’ll get two paths to choose from:Click Add Secrets to an Edge Script and se­lect the one you’d like to con­nect from the list. You’ll also need to im­port the lib­SQL TypeScript client and use the pro­vided code snip­pet to con­nect it to your data­base.Click Add Secrets to Magic Container App and se­lect the one you’d like to con­nect from the list. You’ll also need to con­nect to the data­base from your app us­ing one of the client li­braries or the HTTP API.After you com­plete the setup, the data­base URL and ac­cess to­ken will be avail­able as en­vi­ron­ment vari­ables in your script or app. Use them to con­nect to your data­base:

You can find more de­tailed, step-by-step in­te­gra­tion in­struc­tions in the docs:We can’t wait to see what you’ll build with Bunny Database and what you think of it. During the pub­lic pre­view phase, you get 50 data­bases per user ac­count, each capped at 1 GB, but we hope this should be more than enough for lots of fun pro­jects.Just sign in to the bunny.net dash­board to get started. Happy build­ing!

FLOPPINUX was re­leased in 2021. After four years peo­ple find it help­ful. Because of that I de­cided to re­visit FLOPPINUX in 2025 and make up­dated tu­to­r­ial. This brings bunch of up­dates like lat­est ker­nel and per­sis­tent stor­age.

Think of this as Linux From Scratch but for mak­ing sin­gle floppy dis­tri­b­u­tion.

It is meant to be a full work­shop (tutorial) that you can fol­low eas­ily and mod­ify it to your needs. It is a learn­ing ex­er­cise. Some base Linux knowl­edge is needed.

The fi­nal dis­tri­b­u­tion is very sim­ple and con­sists only of min­i­mum of tools and hard­ware sup­port. As a user you will be able to boot any PC with a floppy drive to a Linux ter­mi­nal, edit files, and cre­ate sim­ple scripts. There is 264KB of space left for your newly cre­ated files.

* Have a work­ing text ed­i­tor (Vi) and ba­sic file ma­nip­u­la­tion com­mands

(move, re­name, delete, etc.)

* Persistent stor­age on the floppy to ac­tu­aly save files (264KB)

The Linux ker­nel drops i486 sup­port in 6.15 (released May 2025), so

6.14 (released March 2025) is the lat­est ver­sion with full com­pat­i­bil­ity.

This time I will do every­thing on Omarchy Linux. It is 64-bit op­er­at­ing sys­tem based on Arch Linux. Instructions should work on all POSIX sys­tems. Only dif­fer­ence is get­ting needed pack­ages.

Create di­rec­tory where you will keep all the files.

You need sup­port­ing soft­ware to build things. This ex­act list may vary de­pend­ing on the sys­tem you have.

86Box is also good but slower. Bochs is the best but for de­bug­ging, not needed here.

For em­u­la­tion I will be us­ing qemu.

Get the sources for the lat­est com­pat­i­ble ker­nel

6.14.11:

Now, that you have them in linux/ di­rec­tory lets con­fig­ure and build our cus­tom ker­nel. First cre­ate tini­est base con­fig­u­ra­tion:

This is a boot­strap with ab­solute min­i­mum fea­tures. Just enough to boot the sys­tem. We want a lit­tle bit more.

Add ad­di­tonal con­fig set­tings on top of it:

Important: Do not uncheck any­thing in op­tions un­less spec­i­fied so. Some of those op­tions are im­por­tant. You can uncheck but on your own risk.

* General Setup

Initial RAM filesys­tem and RAM disk (initramfs/initrd)

* Initial RAM filesys­tem and RAM disk (initramfs/initrd)

* Executable file for­mats

This will take a while de­pend­ing on the speed of your CPU. In the end the ker­nel will be cre­ated in arch/​x86/​boot/ as

bz­Im­age file.

Move ker­nel to our main di­rec­tory and go

back to it:

Without tools ker­nel will just boot and you will not be able to do any­thing. One of the most pop­u­lar light­weight tools is BusyBox. It re­places the stan­dard GNU util­i­ties with way smaller but still func­tional al­ter­na­tives, per­fect for em­bed­ded needs.

Get the 1.36.1 ver­sion from busy­box.net or Github mir­ror. Download the file, ex­tract it, and change di­rec­tory:

Remember to be in the work­ing di­rec­tory.

As with ker­nel you need to cre­ate start­ing con­fig­u­ra­tion:

You may skip this fol­low­ing fix if you are build­ing on Debian/Fedora

Now the fun part. You need to choose what tools you

want. Each menu en­try will show how much more KB will be taken if you choose it. So choose it wisely :) For the first time use my se­lec­tion.

Choose the fol­low­ing op­tions. Remember to do not

uncheck any­thing if not stated here.

* Init Utilities

init

uncheck every­thing else (inside init: keep [*] only

on init in this page)

* init

uncheck every­thing else (inside init: keep [*] only

on init in this page)

* uncheck every­thing else (inside init: keep [*] only

on init in this page)

* Shells

Optimize for size in­stead of speed

* Optimize for size in­stead of speed

Our tar­get sys­tem needs to be 32-bit. To com­pile it on 64-bit sys­tem we need a cross com­piler. You can setup this by hand in the menu­con­fig or just copy and paste those four lines.

Build tools and cre­ate base filesys­tem (“install”). It will ask for op­tions, just press en­ter for de­fault for all of them.

This will cre­ate a filesys­tem with all the files at **_install/**. Move it to our main di­rec­tory. I like to re­name it to.

Lastly to to that new di­rec­tory.

You got ker­nel and ba­sic tools but the sys­tem still needs some ad­di­tional di­rec­tory struc­ture.

This cre­ated min­i­mum vi­able di­rec­tory struc­ture for sat­is­fy­ing the ba­sic re­quire­ments of a Linux sys­tem.

Remember to be in the filesys­tem/ di­rec­tory.

Next step is to add min­i­mum con­fig­u­ra­tion files. First one is a wel­come mes­sage that will be shown af­ter boot­ing.

Here is the first real op­por­tu­nity to go wild and make this your own sig­na­ture.

Or down­load my wel­come file.

It looks like that:

$ cat wel­come

/_/ FLOPPINUX /_/;

/ ′ boot disk ′ //

.___/_________/__// 1440KiB

‘===\_________\==’ 3.5″

_______FLOPPINUX_V_0.3.1 __________________________________

_______AN_EMBEDDED_SINGLE_FLOPPY_LINUX_DISTRIBUTION _______

_______BY_KRZYSZTOF_KRYSTIAN_JANKOWSKI ____________________

_______2025.12 ____________________________________________

Back to se­ri­ous stuff. Inittab tells the sys­tem what to do in crit­i­cal states like start­ing, ex­it­ing and restart­ing. It points to the ini­tial­iza­tion script rc that is the first thing that our OS will run be­fore drop­ping into the shell.

Make the script ex­e­cutable and owner of all files to root:

Compress this di­rec­tory into one file. Then go back to work­ing di­rec­tory.

Another place to tweak pa­ra­me­ters for your vari­ant. Text af­ter SAY is what will be dis­played on the screen as first, usu­aly a name of the OS.

The tsc=un­sta­ble is use­ful on some (real) com­put­ers to get rid of ran­domly shown warn­ings about Time Stamp Counter.

Remember to be in the work­ing di­rec­tory.

To make the sys­tem a lit­tle bit more user friendly I like to have a sam­ple file that user will be able to read and edit. You can put any­thing you want in it. A sim­ple help would be also a good idea to in­clude.

Filesystem is ready. Final step is to put this all on a

floppy!

First we need an empty file in ex­act size of a floppy disk. Then for­mat and make it bootable.

Mount it and copy sys­linux, ker­nel, and filesys­tem onto it:

It’s good to test be­fore wast­ing time for the real floppy to burn.

Boot the new OS in qemu:

If it worked that means You have suc­cess­fully cre­ated your own dis­tri­b­u­tion! Congratulations!

The flop­pinux.img im­age is ready to burn onto a floppy and boot on real hard­ware!

Change XXX to floppy drive name in your sys­tem. In my case it is

sdb. Choosing wrongly will NUKE YOUR PARTITION and REMOVE all of your files! Think twice. Or use some GUI ap­pli­ca­tion for that.

* sync - force write of buffered data to disk - use this

af­ter any changes to the floppy filesys­tem