10 interesting stories served every morning and every evening.

Obfuscated, self-evaluating bash script by CDN Akamai being supplied to consumers via retail stores

tris.sherliker.net

When my wife said to me Let me show you a t-shirt I saw…”, I was­n’t sure what to ex­pect, but it def­i­nitely was­n’t an ob­fus­cated bash script printed on the back de­signed to print a happy Easter egg mes­sage.

I’m not in the habit of click­baity head­li­ne­sI’ve no idea at all how many views this site gets, but I’m will­ing to bet it’s not even dou­ble-digit hu­mans per month. but I can see why sube­d­i­tors have such fun with them. The ti­tle above is, strictly speak­ing, en­tirely ac­cu­rate, but prob­a­bly not what you think. The ob­fus­cated code in ques­tion is ac­tu­ally an easter egg, it’s be­ing sup­plied via Uniqlo stores on an ex­cel­lent t-shirt de­signed by Akamai in sup­port of their Peace for All cam­paign.

And it’s very cool! The front has a heart in curly braces:

While the back has a big al­phanu­meric block:

Is that … a she­bang?!

My wife was right that I’d want to see it. Was that… a she­bang?

Take a closer look at the text block:

Yes, a she­bang! On a t-shirt sold in a high street store, no less. And it is clearly a base64 en­coded Here string be­ing fed to eval via base64 –decode.

Interesting. I told my wife that’s ba­si­cally how peo­ple ship virus­es’ and bought it.

OCR was cum­ber­some

There was good news and bad news:

The bad news was that base64 has­n’t got er­ror cor­rec­tion, mean­ing that the tran­scrip­tion would need to be per­fect. Sigh.

The good news was that the string seemed to be in­tact - at least, it ter­mi­nated with the ex­pected padding and had match­ing quotes and braces. This is a good thing be­cause Uniqlo x Akamai sells an­other de­sign of shirt in the same range which is plainly in­com­plete­For ex­am­ple, its im­ports are trun­cated and it ends retu” in­stead of return”. This is a pity, be­cause it’s a re­ally nice colour com­bi­na­tion and con­tains the highly id­iomatic in­struc­tion go doStuff(msg, work… which any­one can re­late to., a trun­cated crop from a wider text block which could never com­pile.

I ran OCR in a few ways: First, us­ing the built-in OCR of the cir­cle-to-search fea­ture on Android, which is of­ten very good. Second, by us­ing Tesseract with a few op­tions and tweaks. And third by run­ning it through Claude. After diff­ing the three to look for mis­matches and get­ting Claude to out­put a table of lo­ca­tions for quick scan­ning, it be­came triv­ial but time-con­suimg to tidy up the re­main­der. The re­sult­ing string was:

IyEvYmluL2Jhc2gKCiMgQ29uZ3JhdHVsYXRpb25zISBZb3UgZm91bmQgdGhlIGVhc3RlciBlZ2chIOKdpO+4jwojIOOBiuOCgeOBp+OBqOOBhuOBlOOBluOBhOOBvuOBme+8gemaoOOBleOCjOOBn+OCteODl+ODqeOCpOOCuuOCkuimi+OBpOOBkeOBvuOBl+OBn++8geKdpO+4jwoKIyBEZWZpbmUgdGhlIHRleHQgdG8gYW5pbWF0ZQp0ZXh0PSLimaVQRUFDReKZpUZPUuKZpUFMTOKZpVBFQUNF4pmlRk9S4pmlQUxM4pmlUEVBQ0XimaVGT1LimaVBTEzimaVQRUFDReKZpUZPUuKZpUFMTOKZpVBFQUNF4pmlRk9S4pmlQUxM4pmlIgoKIyBHZXQgdGVybWluYWwgZGltZW5zaW9ucwpjb2xzPSQodHB1dCBjb2xzKQpsaW5lcz0kKHRwdXQgbGluZXMpCgojIENhbGN1bGF0ZSB0aGUgbGVuZ3RoIG9mIHRoZSB0ZXh0CnRleHRfbGVuZ3RoPSR7I3RleHR9CgojIEhpZGUgdGhlIGN1cnNvcgp0cHV0IGNpdmlzCgojIFRyYXAgQ1RSTCtDIHRvIHNob3cgdGhlIGN1cnNvciBiZWZvcmUgZXhpdGluZwp0cmFwICJ0cHV0IGNub3JtOyBleGl0IiBTSUdJTlQKCiMgU2V0IGZyZXF1ZW5jeSBzY2FsaW5nIGZhY3RvcgpmcmVxPTAuMgoKIyBJbmZpbml0ZSBsb29wIGZvciBjb250aW51b3VzIGFuaW1hdGlvbgpmb3IgKCggdD0wOyA7IHQrPTEgKSk7IGRvCiAgICAjIEV4dHJhY3Qgb25lIGNoYXJhY3RlciBhdCBhIHRpbWUKICAgIGNoYXI9IiR7dGV4dDp0ICUgdGV4dF9sZW5ndGg6MX0iCiAgICAKICAgICMgQ2FsY3VsYXRlIHRoZSBhbmdsZSBpbiByYWRpYW5zCiAgICBhbmdsZT0kKGVjaG8gIigkdCkgKiAkZnJlcSIgfCBiYyAtbCkKCiAgICAjIENhbGN1bGF0ZSB0aGUgc2luZSBvZiB0aGUgYW5nbGUKICAgIHNpbmVfdmFsdWU9JChlY2hvICJzKCRhbmdsZSkiIHwgYmMgLWwpCgogICAgIyBDYWxjdWxhdGUgeCBwb3NpdGlvbiB1c2luZyB0aGUgc2luZSB2YWx1ZQogICAgeD0kKGVjaG8gIigkY29scyAvIDIpICsgKCRjb2xzIC8gNCkgKiAkc2luZV92YWx1ZSIgfCBiYyAtbCkKICAgIHg9JChwcmludGYgIiUuMGYiICIkeCIpCgogICAgIyBFbnN1cmUgeCBpcyB3aXRoaW4gdGVybWluYWwgYm91bmRzCiAgICBpZiAoKCB4IDwgMCApKTsgdGhlbiB4PTA7IGZpCiAgICBpZiAoKCB4ID49IGNvbHMgKSk7IHRoZW4geD0kKChjb2xzIC0gMSkpOyBmaQoKICAgICMgQ2FsY3VsYXRlIGNvbG9yIGdyYWRpZW50IGJldHdlZW4gMTIgKGN5YW4pIGFuZCAyMDggKG9yYW5nZSkKICAgIGNvbG9yX3N0YXJ0PTEyCiAgICBjb2xvcl9lbmQ9MjA4CiAgICBjb2xvcl9yYW5nZT0kKChjb2xvcl9lbmQgLSBjb2xvcl9zdGFydCkpCiAgICBjb2xvcj0kKChjb2xvcl9zdGFydCArIChjb2xvcl9yYW5nZSAqIHQgLyBsaW5lcykgJSBjb2xvcl9yYW5nZSkpCgogICAgIyBQcmludCB0aGUgY2hhcmFjdGVyIHdpdGggMjU2LWNvbG9yIHN1cHBvcnQKICAgIGVjaG8gLW5lICJcMDMzWzM4OzU7JHtjb2xvcn1tIiQodHB1dCBjdXAgJHQgJHgpIiRjaGFyXDAzM1swbSIKCiAgICAjIExpbmUgZmVlZCB0byBtb3ZlIGRvd253YXJkCiAgICBlY2hvICIiCgpkb25lCgo=

The de­coded script

After Base64 de­cod­ing, the re­sult­ing script is a wel­com­ing and nicely com­mented Easter egg:

#!/bin/bash

# Congratulations! You found the easter egg! ❤️ # おめでとうございます!隠されたサプライズを見つけました!❤️

# Define the text to an­i­mate text=“♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥”

# Get ter­mi­nal di­men­sions cols=$(tput cols) lines=$(tput lines)

# Calculate the length of the text tex­t_length=${#text}

# Hide the cur­sor tput civis

# Trap CTRL+C to show the cur­sor be­fore ex­it­ing trap tput cnorm; exit” SIGINT

# Set fre­quency scal­ing fac­tor freq=0.2

# Infinite loop for con­tin­u­ous an­i­ma­tion for (( t=0; ; t+=1 )); do # Extract one char­ac­ter at a time char=“${text:t % tex­t_length:1}”

# Calculate the an­gle in ra­di­ans an­gle=$(echo ($t) * $freq” | bc -l)

# Calculate the sine of the an­gle sine_­value=$(echo s($angle)” | bc -l)

# Calculate x po­si­tion us­ing the sine value x=$(echo ($cols / 2) + ($cols / 4) * $sine_value” | bc -l) x=$(printf %.0f” $x”)

# Ensure x is within ter­mi­nal bounds if (( x < 0 )); then x=0; fi if (( x >= cols )); then x=$((cols - 1)); fi

# Calculate color gra­di­ent be­tween 12 (cyan) and 208 (orange) col­or_s­tart=12 col­or_end=208 col­or_range=$((col­or_end - col­or_s­tart)) color=$((col­or_s­tart + (color_range * t / lines) % col­or_range))

# Print the char­ac­ter with 256-color sup­port echo -ne \033[38;5;${color}m”$(tput cup $t $x)“$char\033[0m”

# Line feed to move down­ward echo

done

The re­sult is a con­tin­u­ous happy sine-wave loop of the cam­paign mes­sage, Peace for All:

Detail: The font choice

Edit: The fol­low­ing font ID is wrong! User ral­phi­nus on Hacker News pointed out that the font is Roboto Mono. I don’t know how I over­looked the very dif­fer­ent g.

I guess Uniqlo is run through Windows though: one thing that struck me was the font, which I’m I was pre­vi­ously al­most cer­tain is ConsolasI was for­tu­nate enough to cor­re­spond with the de­signer, Lucas de Groot, once in re­la­tion to a le­gal case in which some­one had used one of his fonts to forge a doc­u­ment. He was very help­ful and kind enough to con­firm the nec­es­sary facts in writ­ing, even though he owed noth­ing to us. , which I’m fond of. Note the very shal­lowly-slashed 0, the lack of serif on the 1 and the rounded curves of let­ters like BDyg and num­ber 2. It’s strik­ing be­cause it’s pri­mar­ily a Windows font, so not the sort of thing I’d ex­pect to see call­ing Bash.

Linux, the lan­guage of the Internet

Akamai put out a press re­lease about the shirt when it was re­leased, which is an­other sort of in­ter­est­ing due to the blend of tech and mar­ket­ing:

Design mes­sage More than 25 years ago, Akamai helped make the in­ter­net we know to­day pos­si­ble. This shirt’s de­sign is a call­back to those early days of life on­line. The light tan color is a ref­er­ence to the beige box” plas­tic cas­ings that housed the early in­ter­net com­put­ers, and the heart on the front rep­re­sents how the in­ter­net has been used for good all over the world. On the back of the T-shirt is real code. It’s a ref­er­ence to Linux, the open-source lan­guage of the in­ter­net. This com­mon lan­guage unites Akamai with the world’s top brands and the peo­ple they serve, as we work to­gether to­ward a vi­sion of a safer and more con­nected world.

Design mes­sage

More than 25 years ago, Akamai helped make the in­ter­net we know to­day pos­si­ble. This shirt’s de­sign is a call­back to those early days of life on­line. The light tan color is a ref­er­ence to the beige box” plas­tic cas­ings that housed the early in­ter­net com­put­ers, and the heart on the front rep­re­sents how the in­ter­net has been used for good all over the world. On the back of the T-shirt is real code. It’s a ref­er­ence to Linux, the open-source lan­guage of the in­ter­net. This com­mon lan­guage unites Akamai with the world’s top brands and the peo­ple they serve, as we work to­gether to­ward a vi­sion of a safer and more con­nected world.

Not the first

I de­lib­er­ately did­n’t search for spoil­ers at first, but I see that I am of course not the first per­son to get nerd-sniped by this. Wen Chuan Lee and that post also links to an­other (against which I’ve cross-checked my tran­scrip­tion above). I’m happy to carry on the chain.

Read the dis­cus­sion of this post on Hacker News, which in­cludes links to more info from the de­signer and other in­ter­est­ing ob­ser­va­tions

FTC secures right to repair settlement with farming equipment giant John Deere | AP News

apnews.com

It looks like John Deere own­ers can soon feel free to fix their own ma­chines.

The Federal Trade Commission and at­tor­neys gen­eral from sev­eral states se­cured a right-to-re­pair set­tle­ment Wednesday with agri­cul­ture equip­ment gi­ant Deere & Co. — com­monly known as John Deere — that re­quires the com­pany to let farm­ers and in­de­pen­dent shops fix their own equip­ment.

The Illinois-based man­u­fac­turer has faced com­plaints for years for with­hold­ing the soft­ware needed for re­pairs and forc­ing cus­tomers to use au­tho­rized deal­ers in­stead of in­de­pen­dent ones.

This marks the sec­ond right-to-re­pair set­tle­ment Deere has reached this year, fol­low­ing a sep­a­rate $99 mil­lion class-ac­tion set­tle­ment with farm­ers in April. Though the class-ac­tion com­pen­sated con­sumers, the FTCs set­tle­ment in­stead re­quires Deere to make its re­pair ser­vices avail­able to equip­ment own­ers and in­de­pen­dent shops.

The FTC and at­tor­neys gen­eral from Arizona, Illinois, Michigan, Minnesota and Wisconsin brought the an­titrust law­suit in January 2025, ar­gu­ing that Deere had il­le­gally re­stricted farm­ers and in­de­pen­dent shops that might oth­er­wise ser­vice them from re­pair­ing farm equip­ment such as trac­tors. Deere also makes en­gines and equip­ment for forestry, land­scap­ing and con­struc­tion.

Under the or­der filed in Illinois, Deere will now be re­quired to make di­ag­nos­tic and re­pair tools avail­able to equip­ment own­ers and in­de­pen­dent re­pair shops, not only its own net­work of au­tho­rized deal­ers. It also pre­vents Deere deal­ers from re­tal­i­at­ing against equip­ment own­ers or re­pair shops who choose to fix their own equip­ment in­stead of pay­ing for Deere’s ser­vices. The or­der is headed to Judge Iain D. Johnston for his ap­proval.

For too long, Arizona farm­ers and in­de­pen­dent me­chan­ics have been at the mercy of Deere’s mo­nop­oly over re­pair tools, forced to wait — and pay — for au­tho­rized deal­ers just to fix bro­ken trac­tors and other equip­ment,” Arizona Attorney General Kris Mayes said in a state­ment Wednesday.

Deere must pay $1 mil­lion col­lec­tively to the five states for an­titrust en­force­ment costs and will be sub­ject to strict com­pli­ance over­sight for the next 10 years.

In the com­plaint, the FTC ar­gued that Deere pro­vides a ser­vice soft­ware tool to au­tho­rized deal­ers but does not pro­vide the full ver­sion to equip­ment own­ers or in­de­pen­dent shops. Deere had said the law­suit was base­less, de­nied that its dis­tri­b­u­tion of ser­vice tools was an­ti­com­pet­i­tive and ar­gued that it could not mo­nop­o­lize ser­vices since it does not di­rectly pro­vide them.

Sign up for Morning Wire: Our flag­ship newslet­ter breaks down the biggest head­lines of the day.

Deere main­tained its com­mit­ment to in­de­pen­dent re­pair in a state­ment Wednesday, adding that the agree­ment with the FTC re­in­forces its in­no­va­tion of more flex­i­ble re­pair op­tions.

This is good news for our cus­tomers and for the fu­ture of how Deere equip­ment is sup­ported,” said Denver Caldwell, vice pres­i­dent of af­ter­mar­ket and cus­tomer sup­port.

Right-to-repair has be­come an in­creas­ingly com­mon is­sue over the years, es­pe­cially for tech prod­ucts, with con­sumers com­plain­ing that even sim­ple re­pairs can only be done by com­pany-au­tho­rized deal­ers.

Half-Baked Product

weli.dev

The Founder

A freshly minted founder de­cides to get into the oven busi­ness. He can’t bake a cake or knead bread, but he knows the kitchen ap­pli­ance mar­ket in­side and out. He’s an­a­lyzed every busi­ness in Spain and reached a con­clu­sion: if he sells a new oven to the coun­try’s pizza mak­ers, pas­try chefs, and bak­ers, he only needs to cap­ture 10% of the mar­ket to be­come a bil­lion­aire.

10% al­ways looks small when you type it into an Excel spread­sheet.

The founder is very good. He builds a plan that, on pa­per, is flaw­less and air­tight: man­u­fac­ture a more ef­fi­cient oven us­ing new tech­nol­ogy. Selling it is easy. Want to work more ef­fi­ciently? Buy our oven. End of pitch. The founder has ex­pe­ri­ence talk­ing to in­vestors and raises enough money to build an MVP.

The Engineer

The founder looks for some­one who knows how to build ovens and finds an en­gi­neer from a pres­ti­gious school. The en­gi­neer has spent 10 years build­ing ovens and knows how to make one. More than that: he’s the kind of per­son who spends all day talk­ing and ar­gu­ing about ovens. He goes to oven con­fer­ences. When he gets home at night, he ar­gues for hours on Italian fo­rums about which type of oven is best. The Italian fo­rums are, to him, the ul­ti­mate source of oven-truth.

He’s tired of build­ing ovens at Corporate Oven. Ten years mak­ing the same oven he’s told to make. He wants the free­dom to build his own.

The founder of­fers him 20% of the com­pany and to­tal free­dom to build the per­fect oven. The salary is­n’t great, but there’s the promise: if things go well, some­day he could be a mil­lion­aire. And some­thing more im­por­tant than money: he’ll fi­nally get to build the oven of his dreams.

He signs.

The MVP

With lit­tle money and lots of en­thu­si­asm, they build an MVP. Two months later it’s done. It’s a func­tional oven and, more im­por­tantly, it has one im­prove­ment over tra­di­tional ovens: you in­put the amount of flour, yeast, and wa­ter, and the oven au­to­mat­i­cally knows when to stop for a per­fect bake.

In the­ory.

In prac­tice it does­n’t work very well, but it’s good enough for an MVP. They go to mar­ket and sell 5 pro­to­types: two bak­ers the founder knows, the en­gi­neer’s mother who bakes cakes, and two oven en­thu­si­asts who buy it out of cu­rios­ity.

The feed­back is unan­i­mous:

My bread came out burnt.” The cake was raw.” Every sin­gle pizza burns.”

But all things con­sid­ered, it’s pos­i­tive: a third of the time, the pro­to­type worked and pro­duced the per­fect cake, bread, or pizza.

This is just a pro­to­type. Imagine when we ship the real prod­uct. Trust us.”

And with that, the founder goes to see an old col­league who now works at a VC: In 2 months we’ve built a pro­to­type, we al­ready have 5 cus­tomers, and it’s very promis­ing. We just need money to scale, build a bet­ter ver­sion, and sell to every bak­ery and pas­try shop in Spain.”

Nobody asks whether the 5 cus­tomers would buy again.

The founder is very good. He raises 5 mil­lion. Ovens Inc. is born.

Forum of the Bakers

They start im­prov­ing the pro­to­type. The en­gi­neer re­al­izes some­thing: build­ing an al­go­rithm that cal­cu­lates bak­ing time for cakes, piz­zas, and bread is quite a bit more com­plex than it looked. Every dough is its own uni­verse. They need to hire more en­gi­neers.

The en­gi­neer knows ex­actly where to look. On the Italian fo­rums there are two users he’s spent years ar­gu­ing with about con­vec­tion and re­frac­tory stone: Mario and Luigi. He’s never met them in per­son, but he knows their opin­ions on ovens bet­ter than his own fam­i­ly’s. He of­fers them the same deal he got: low salary, lots of free­dom, the per­fect oven.

They sign.

Meanwhile, the founder needs to sell ovens, but Facebook and Instagram ads get no trac­tion. Turns out no­body buys a fif­teen-thou­sand-euro in­dus­trial oven be­cause it popped up in their sto­ries. So he hires a leg­endary sales team: the best sales­peo­ple in all of Spain. People who have never sold ovens, who know noth­ing about ovens, but who are hun­gry to sell and very ex­cited about the com­pany.

At first it goes badly. Few peo­ple want a new oven; they’re happy with the one they have. Why switch? Most small busi­nesses don’t care about a 15% ef­fi­ciency gain: the risk of switch­ing is too high. If Juan’s Bakery swaps ovens and the new oven fails, Juan loses his cus­tomers and shuts down. For Juan, ef­fi­ciency is op­tional; to­mor­row’s bread is not. Better to stick with the old oven, even if it’s worse on pa­per. He’d only switch if Manolo’s Bakery across the street started sell­ing cheaper bread thanks to a more ef­fi­cient oven and he had no choice. But Manolo thinks ex­actly the same as Juan, so no­body moves. Perfect equi­lib­rium. Economists have a name for this; Juan and Manolo call it com­mon sense.

Big busi­nesses are an­other story. For them, 15% ef­fi­ciency means mil­lions saved every year. And one sales­per­son man­ages to make con­tact with Pepepizza.

The Decision

Meanwhile, over in en­gi­neer­ing, things aren’t go­ing any bet­ter. The al­go­rithm is un­sta­ble. They’ve got­ten the fail­ure rate down from two thirds to one third, but each point of im­prove­ment costs twice as much as the last. And then comes the un­com­fort­able dis­cov­ery: if the oven only does two of the three things (bread, cakes, or pizza), the al­go­rithm fails just 5% of the time.

The en­gi­neer brings the pro­posal to the founder: let’s sac­ri­fice one mar­ket and have a prod­uct that works.

The founder gets an­gry. He promised the VCs 10% of Spain’s oven mar­ket. The en­tire mar­ket. We can’t sac­ri­fice any of them.”

It’s not just greed. The 5 mil­lion was raised with the en­tire mar­ket on the slide. The founder is­n’t choos­ing be­tween right and wrong: he’s choos­ing which promise to break.

The en­gi­neer goes back to his desk with his three doughs and his 33% fail­ure rate.

Mallorca

Back to sales: there’s con­tact with Pepepizza, but en­ter­prise deals don’t close over email. The founder flies to Pepepizza head­quar­ters and meets the owner. They hit it off. They hit it off so well they go to Mallorca to­gether. Nobody knows what was dis­cussed there. What’s known is that when they come back, there’s a deal. Nobody has tried the oven yet. No need. Enterprise sales is­n’t about ovens.

The hand­shake comes first. The re­quire­ments come later.

And they come. Pepepizza’s op­er­a­tions team sends the list to sales: their kitchens are cus­tom-built, so they need ovens with spe­cific di­men­sions. Oh, and a ro­tat­ing base like the one they al­ready have.

Sales replies: No prob­lem.”

The founder is eu­phoric. Pepepizza wants to buy an ini­tial batch of 500 ovens. Five hun­dred. That’s more rev­enue than every­thing since they started. For Pepepizza it’s a small pi­lot, a trial in a few lo­ca­tions be­fore de­cid­ing any­thing. For Ovens Inc. it’s bet­ting the en­tire com­pany.

Engineer, we need 500 ovens for Pepepizza. They want spe­cific di­men­sions and a base that spins. Let’s make it hap­pen.”

The en­gi­neer does­n’t faint only be­cause he’s al­ready sit­ting down.

The al­go­rithm barely works for pizza. The mold di­men­sions have spent 5 months be­ing op­ti­mized in CAD for the stan­dard size. And no­body, ever, has dis­cussed ro­tat­ing bases on the Italian fo­rums. If it’s not on the Italian fo­rums, does it even ex­ist?

The en­gi­neer opens the CAD file in front of the founder. He shows him why the new di­men­sions break the en­tire ther­mal de­sign. The founder looks at the screen, looks at the blue­prints, looks at the en­gi­neer.

But this is just chang­ing a num­ber, right?”

We can’t. Not un­til we fix the al­go­rithm and re­design the in­verter for the new sizes. That’s 5 more months.”

The Miracle

It’s not 5 months.

After many lost week­ends and en­tire nights run­ning on Red Bull, in 3 weeks there’s a pro­to­type for Pepepizza. Compromises were made. The al­go­rithm still fails plenty, but at least the di­men­sions are right. The ro­tat­ing base? Doesn’t ex­ist yet. Pepepizza is promised an add-on in a cou­ple of months.” Pepepizza says fine.

The Candle Button

Sales has had a rev­e­la­tion: if you sell the oven that ex­ists to­day, you don’t sell ovens. You have to sell the oven that will ex­ist in 6 months. Promise fea­tures. It worked last time: they promised Pepepizza the im­pos­si­ble and the team de­liv­ered in 3 weeks. What could go wrong?

Sales, of course, has no idea what hap­pens af­ter the con­tract is signed. The com­mis­sion is paid at sign­ing. Whatever comes next is an­other de­part­men­t’s prob­lem.

Though there’s some­thing no­body in en­gi­neer­ing wants to look at: Ovens Inc. does­n’t live off sell­ing ovens (for now). It lives off rais­ing rounds. And rounds are raised with pro­jec­tions, and pro­jec­tions are man­u­fac­tured out of what­ever sales promises. The No prob­lem” peo­ple are also the only life raft.

And then the daily re­quests be­gin:

A lot of our po­ten­tial cus­tomers make birth­day cakes. When they ask if we have spe­cial birth­day-cake fea­tures, we have to say no, and we lose them. Can we add the fea­ture?”

The founder has no doubts. Last time a fea­ture was re­quested, they es­ti­mated 5 months and did it in 3 weeks. And this is much eas­ier. It’s just a sim­ple but­ton that adds can­dles.”

The en­gi­neer is climb­ing the walls. They still haven’t fin­ished clean­ing up the Pepepizza wreck­age. This is ab­solutely not what peo­ple dis­cuss on the Italian fo­rums. Adding a can­dle but­ton is an in­sult to the state of the art, or rather, the state of the oven.

But he caves.

Just this once.”

Sales sells 2 more ovens a month thanks to the new but­ton. Or so they be­lieve. They have no way of check­ing whether they’d have sold them any­way with­out the but­ton.

The Second-Highest Priority

Soon af­ter, more fea­ture re­quests ar­rive.

My oven at home con­nects to the fire­place. Does yours?”

I make a lot of wed­ding cakes, what have you got for me?”

Do you have a Ramadan mode?”

They build all of them.

Engineering stops try­ing to build a good oven and starts adding but­tons and fea­tures. Nobody made that de­ci­sion. It just hap­pened, one ticket at a time.

And there’s a de­tail every­one seems to ig­nore: each but­ton takes longer than the last. The can­dle but­ton took three days. The fire­place one, a week. The lat­est one took three. It’s not that the en­gi­neers are get­ting slower: it’s that every new but­ton has to co­ex­ist with all the pre­vi­ous but­tons.

Meanwhile, cus­tomers who buy the oven re­turn it within a week. The rea­son? The bread and cakes still burn 10% of the time. The MVP prob­lem. The orig­i­nal one. The one from day one. Underneath the twelve new but­tons sits the same al­go­rithm from the very first day, and a baker who loses one out of every ten batches is not con­soled by the fact that the oven does can­dles.

When a cus­tomer calls to can­cel, sup­port tries to re­tain them by of­fer­ing what’s avail­able: the new but­ton from the lat­est re­lease. The baker whose bread keeps burn­ing is of­fered Ramadan mode. The baker leaves any­way. It gets logged as feed­back. Engineering has no time to stop and re­think their ap­proach, be­cause stop­ping is­n’t in the back­log.

And then the worst day ar­rives. Pepepizza calls:

Where is the ro­tat­ing base?”

The founder swal­lows hard. The ticket has been sit­ting on the kan­ban board for a month and a half. It’s not that no­body saw it: it’s that every week some­thing jumped ahead of it. The can­dle but­ton. The fire­place thing. The Ramadan thing. The ro­tat­ing base was al­ways the sec­ond-high­est pri­or­ity, and the sec­ond-high­est pri­or­ity never gets done. So he an­swers with con­vic­tion:

Almost fin­ished.”

The Request

Guys, these next two weeks we’re go­ing to fo­cus on the ro­tat­ing base,” says the founder.

The team can’t be­lieve it. They al­ready said the ro­tat­ing base was im­pos­si­ble. They al­ready ex­plained why. Besides, Mario has va­ca­tion planned, the va­ca­tion he was promised af­ter the Pepepizza crunch. And Luigi’s per­for­mance has been slip­ping for weeks and no­body knows why.

The en­gi­neer tries one more time:

We can’t do the ro­tat­ing base right now. We need to refac­tor, con­sol­i­date, and add an ab­strac­tion layer for com­part­ments and but­tons. Otherwise, every new fea­ture takes twice as long as the last. Also, Mario has va­ca­tion planned, and I’m not sure Luigi is in a good place to be asked for more.”

The founder nods. He gets it. He gets all of it.

But this is a startup. And star­tups are built with blood and sweat. Everyone here has to sac­ri­fice. You have two weeks.”

And he’s not say­ing it from the couch: the founder takes the low­est salary in the com­pany and has­n’t had a va­ca­tion in two years (Mallorca was work). He’s the first to live the speech. That is ex­actly the prob­lem.

When Everything Is Urgent, Nothing Is

There’s a new crunch. This time with less en­thu­si­asm and less pas­sion. The first one was an epic feat; this one is pa­per­work. Mario can­cels his va­ca­tion. Luigi keeps show­ing up. Nobody asks how he’s do­ing.

Two weeks later, the re­sult: a ro­tat­ing base that re­quires three spe­cial but­ton com­bi­na­tions. It’s in­com­pat­i­ble with every other mode, but it’s not like no­body tested it.

It gets in­stalled at Pepepizza. Pepepizza’s re­sponse:

It does­n’t ro­tate clock­wise. We’re go­ing with Corporate Oven.”

The team: dev­as­tated. They just lost their most im­por­tant cus­tomer. Nobody in prod­uct ever com­mu­ni­cated that it had to ro­tate clock­wise. Somewhere be­tween sales, the founder, and the back­log, the sin­gle most im­por­tant re­quire­ment of the pro­ject sim­ply never ex­isted.

And the worst part is­n’t los­ing Pepepizza. The worst part is that the changes made for the ro­tat­ing base will haunt the oven’s de­sign un­til the end of time. The cus­tomer leaves now. Their ro­tat­ing base stays for­ever.

No Blockers

A month later, Mario leaves the com­pany. He’s not go­ing to a com­peti­tor and he has­n’t found any­thing bet­ter: he leaves be­cause it’s the only way he can see to get a va­ca­tion. In the retro, it gets writ­ten down as a learning.”

Luigi stays. He now main­tains the can­dle but­ton. It’s his spe­cialty, they say. Nobody re­mem­bers who de­cided that, but it’s his spe­cialty. He keeps show­ing up every day, keeps do­ing his work. On the Italian fo­rums, peo­ple ask why Luigi has­n’t posted in 5 months. In standups he says no block­ers” and every­one moves on to the next per­son.

Epilogue

Six months later.

Ovens Inc. is still alive. Technically. There’s money for eight more months and a new ver­sion of the pitch deck where the word oven” no longer ap­pears: it’s now an intelligent bak­ing plat­form.”

The en­gi­neer left in March. He did­n’t slam the door or write a vi­ral thread about his ex­pe­ri­ence. One day he sim­ply stopped ar­gu­ing in meet­ings, a month later he stopped show­ing up, and his farewell was a three-line email. Nobody has touched his code since. Nobody dares.

The founder has it all fig­ured out: the prob­lem was never the plan. The prob­lem was the ex­e­cu­tion. He needs an­other en­gi­neer.

And he finds one.

Young, grad­u­ated from a pres­ti­gious school, has spent years build­ing ovens at Corporate Oven and he’s tired. More than that: he’s the kind of per­son who spends all day talk­ing and ar­gu­ing about ovens. He goes to oven con­fer­ences. When he gets home at night, he ar­gues for hours on Italian oven fo­rums about which type of oven is best. On the fo­rum an old user warns Make sure that you sup­port ro­tat­ing bases day 1”. The young en­gi­neer laughs. Who uses ro­tat­ing bases in an oven?

The founder of­fers him 5% of the com­pany. It can’t be 20 any­more; there’s been di­lu­tion (funding-round stuff, it’s com­pli­cated). But the salary does­n’t mat­ter, be­cause he’s of­fer­ing the im­por­tant thing: to­tal free­dom to build the per­fect oven.

The kid smiles.

OpenTools / OpenPrinter

www.opentools.studio

is a re­pairable, com­pact, and ro­bust printer de­signed to last.

Fully re­pairable and equipped with a re­fill­able ink sys­tem, it adapts to your needs while re­duc­ing your print­ing costs.

Easy to main­tain, it of­fers a sus­tain­able, eco­nom­i­cal, and eco-friendly al­ter­na­tive to tra­di­tional print­ers.

With Openprinter, eas­ily re­fill your car­tridges.

Reduce your costs and limit the waste of con­sum­ables.

Take con­trol of your ink con­sump­tion

Master your ink con­sump­tion in a few steps.

Freedom to use your car­tridges

Use your black and/​or colour car­tridges in­de­pen­dently : print in black for es­sen­tials or in colour for your cre­ations.

No more frus­trat­ing block­ages like: Cannot print in black be­cause the yel­low is empty.”

1. Just the black car­tridge

Print a rich and deep black

2. Just the color car­tridge

Print vi­brant col­ors and a light black

3. Cartridges black & color

You have both op­tions

Free pa­per for­mat

With Openprinter, you are free to choose be­tween stan­dard sheets or a roll of ver­sa­tile pa­per.

Print not only in stan­dard

for­mats

, but also in

ban­ners

, strips

and com­pletely cus­tomized

for­mats.

Thanks to the in­te­grated cut­ter, un­leash your cre­ativ­ity.

Print also on sheets A4 and A3

Remove the roller eas­ily

to place pa­per’s sheets (A4, A3, Tabloid, Letter)

Flexible con­fig­u­ra­tions

To place on a desk or mount on a wall — you choose. Openprinter fits any­where.

Create a new work space that makes your ex­changes smoother and more mod­ern.

Compact

The most com­pact printer/​plot­ter on the mar­ket. Easy to move, it fits any­where and can be stored in an in­stant.

Robust. Repairable. Open. Durable.

Composed of stan­dard and open source com­po­nents, Openprinter is easy to as­sem­ble, main­tain, and re­pair, en­sur­ing longevity.

Keep your ma­chine and con­sum­ables for as long as pos­si­ble and help re­duce elec­tronic waste.

A self-as­sem­bly kit or al­ready as­sem­bled and ready to use.

Independent of op­er­at­ing sys­tems

Equipped with an open source print server (CUPS), Open Printer works with Windows, MacOS, Linux, Android, iOS.

It han­dles all your print­ing, both lo­cally and over the net­work, for a sim­ple, flex­i­ble, and dri­ver-free ex­pe­ri­ence.

Customize it

Choose the coloured ver­sion that re­sem­bles you. Thanks to open source, you can also print your own 3D parts to cre­ate a unique printer.

Technical spec­i­fi­ca­tions

Black and white : 600 dpi

Color : 1200 dpi

Speed : to be de­fined

European for­mats

Sheet : A4, A3

Paper roll : 29.7 cm (wide) 18 m or 37.5 m (long)

North American for­mats

Letter, Tabloid

Paper roll : 11 inch (wide)

Compatible car­tridges

HP 63 and HP 63 XL (US)

HP 302 and HP 302 XL (Europe)

HP 803 and HP 803 XL (Asia)

Rechargeable ink car­tridges (with the Inkit)

100ml ink bot­tles (Black, Magenta, Cyan, Yellow)

Vials

Modes of car­tridge use

sin­gle car­tridge (black or color)

or both (black and color)

USB Type-C (computer)

USB Type-A (USB flash drive / stor­age de­vice)

Wi-Fi 802.11ac (AirPrint)

Bluetooth 4.1

Main board : Raspberry Pi Zero W

Cartridge board : STM32 mi­cro­con­troller

Computer : Windows, ma­cOS, Linux,

Phone : iOS, Android

497 × 233 × 111 mm

19,5 × 9,2 × 4,4 in

On a desk

Mural (with the wall kit)

24 V DC, 2.1 mm con­nec­tor

TFT LCD 1.47 inch, 172 x 320 px

Pre-order cam­paign

To re­serve your ma­chine, fol­low our crowd­fund­ing cam­paign on Crowd­sup­ply.

Frequently Asked Questions

Cartridges

The car­tridges can be found in usual re­tail out­lets and on­line. This model is sold world­wide and widely dis­trib­uted.

Europe : HP 302, HP 302 XL

US : HP 63, HP 63XL

Asia : HP 803, HP 803XL

You can also find them at our sup­pli­ers: Printerre.

Paper roll

Paper roll (29.7 cm x 18 m) or (29.7 cm x 37.5 m) are eas­ily found on­line.

Ink

Open Tools will sell the Inkit :  4 x bot­tles (black, ma­genta, cyan, yel­low) and re­fill tools.

Two el­e­ments will help you save money :

Machine durable :

de­signed to be ro­bust and last a long time, all com­po­nents are re­pairable, and re­place­ment parts are avail­able in full for a long time.

By keep­ing your ma­chine over time, you save money.

Low ink and con­sum­able costs :

the car­tridges are re­fill­able with ink and with­out block­ing (no DRM).

Moreover, the ink sold by Open Tools al­lows you to achieve an eco­nom­i­cal cost per page.

With your phone

, you can scan all your doc­u­ments in high de­f­i­n­i­tion. The

Chatto is now Open Source!

www.hmans.dev

Hot damn. This is the big one.

I’m happy to an­nounce that Chatto, the group and team chat ap­pli­ca­tion that I’ve been work­ing on for the past year or so, is now of­fi­cially Open Source, and avail­able for any­one to self-host.

The fastest way to give it a try is through Homebrew:

brew in­stall chat­to­corp/​tap/​chatto chatto init chatto run

See Chatto’s Getting Started Guide for de­tails. Or stick around to hear more!

Chat Just Got Real

Chatto aims to be the group chat ap­pli­ca­tion that you ac­tu­ally en­joy us­ing. You’re prob­a­bly fa­mil­iar with the one that rhymes with knack”, or the one that rhymes with beams”, or the one that rhymes with this gourd”.

Chatto is just like those. Except you’re go­ing to love how com­pact and snappy it is. And that it’s Open Source. And you can just self-host it. For free, too! (A weird thing to write, but the OSS chat app space has be­come very weird in many ways!)

This is what it looks like:

If you want to see it in ac­tion, drop by the Chatto HQ Community!

It’s de­signed to be ex­tremely easy to self-host on your own in­fra­struc­ture. In its most ba­sic shape, you just run the ex­e­cutable, and that’s it. It even serves its own fron­tend!

It’s very light on re­sources, and prob­a­bly has the snap­pi­est fron­tend that you’ve ever used in an app like this. It puts data pro­tec­tion and pri­vacy first, with all per­sonal and chat data fully en­crypted at rest with per-user keys that get shred­ded when a user de­cides to delete their ac­count.

Each Chatto server pow­ers a sin­gle com­mu­nity, with no fed­er­a­tion of data be­tween servers, nor any third-party track­ing or an­a­lyt­ics. If you want to hang out in mul­ti­ple servers at once, the client will sim­ply con­nect to all of them di­rectly. If you want to host mul­ti­ple com­mu­ni­ties, just spin up mul­ti­ple Chatto processes. Easy!

Chatto comes with full sup­port for voice and video calls, with screen-shar­ing, built in. Calls are fully end-to-end en­crypted and will scale to as many par­tic­i­pants as your in­fra­struc­ture can han­dle.

And you can use it to­day, for free, by self-host­ing it on your own server. Binaries are avail­able for Linux (x86_64 and ARM64), ma­cOS, and Windows; head over to the Chatto Self-Hosting Documentation site to get started.

Chatto Cloud

If you pre­fer some­one else to take care of the host­ing, I’m also happy to an­nounce that Chatto Cloud will soon en­ter pub­lic beta. Chatto Cloud’s of­fer­ing is very sim­ple: it pro­vides paid host­ing for Chatto servers — and that’s it. No pre­mium sub­scrip­tions, no ads, no icky bits. Just host­ing.

And it’s re­ally good host­ing! Chatto Cloud is launch­ing with fully European and European-owned in­fra­struc­ture, with more re­gions slated for launch in early 2027. Every Chatto server on Chatto Cloud ben­e­fits from au­to­matic scal­ing, nightly back­ups of all data, and zero-down­time ver­sion up­grades.

There’s no lock-in; servers hosted through Chatto Cloud are 100% com­pat­i­ble with self-hosted ones, and you can pack up your data and move into or out of Chatto Cloud at any time.

If you want to get no­ti­fied about the start of the beta, please see the end of this post for a low-vol­ume newslet­ter you can sub­scribe to.

What’s Next for Chatto

Chatto is now at ver­sion 0.4. I con­sider it sta­ble enough for pro­duc­tion use, but there are a few im­por­tant fea­tures still miss­ing — head over to the Chatto Roadmap if you want an overview.

The fo­cus for Chatto 0.5 will be on ad­di­tional safety fea­tures (content re­port­ing and mod­er­a­tion) as well as pol­ish­ing the client, par­tic­u­larly its multi-server func­tion­al­ity. I have some fun stuff planned for this that I can’t wait to put into peo­ple’s hands.

I ex­pect Chatto to hit 1.0.0 in about 6 – 12 months. Until then, there may still be break­ing changes, even though I’ll be try­ing to keep them to a min­i­mum. If you do de­cide to self-host, please be ready to up­date to new ver­sions as they are re­leased.

Get in Touch

It’s been an ex­cit­ing jour­ney so far and I’m look­ing for­ward to find­ing out what’s ahead. If you’re self-host­ing Chatto, I’m su­per ea­ger to hear from you about your ex­pe­ri­ence — please don’t hes­i­tate to head over to the Chatto HQ com­mu­nity and get in touch.

Also please feel free to drop by and say hello if you’re in­ter­ested in Chatto for your com­pany, Open Source pro­ject, or sim­i­lar. I’d love to learn more about your re­quire­ments, and help you get set up.

Links

Chatto HQ Community - we have a #self-hosting sup­port chan­nel!

Chatto Self-Hosting Documentation

GitHub Repository

Chatto on Bluesky

Newsletter

If you want to be no­ti­fied about new re­leases or the start of Chatto Cloud’s beta, you’re in­vited to sub­scribe to the Chatto an­nounce­ments newslet­ter. It’s su­per low-vol­ume (~1 email per month), and is only used for no­ti­fy­ing you when ex­cit­ing new stuff be­comes avail­able.

Chat Control 1.0 vs 2.0

fightchatcontrol.eu

The tem­po­rary, vol­un­tary scan­ning regime — adopted in 2021, re­jected by Parliament in March 2026, ex­pired in April 2026, and now the sub­ject of an un­prece­dented re­vival at­tempt.

Jul 14, 2021

Temporary dero­ga­tion adopted

Regulation (EU) 2021/1232 cre­ates a tem­po­rary ex­cep­tion to the ePri­vacy Directive, giv­ing providers a le­gal ba­sis to vol­un­tar­ily scan pri­vate mes­sages for child sex­ual abuse ma­te­r­ial. Originally set to ex­pire 3 August 2024.

Apr 29, 2024

First ex­ten­sion

With the per­ma­nent reg­u­la­tion (Chat Control 2.0) nowhere near agree­ment, the dero­ga­tion is ex­tended un­til 3 April 2026.

Dec 18, 2025

Commission pro­poses sec­ond ex­ten­sion

The Commission pro­poses ex­tend­ing the dero­ga­tion by an­other two years, to April 2028.

Mar 2, 2026

LIBE com­mit­tee re­jects the ex­ten­sion

In a sur­prise vote, the Parliament’s civil lib­er­ties com­mit­tee re­jects the draft ex­ten­sion by 38 votes to 28.

Mar 11, 2026

Parliament adopts a pro­tec­tive po­si­tion

The ple­nary votes 458 – 103 for a com­pro­mise: ex­tend to 2027, but only with tar­geted and pro­por­tion­ate de­tec­tion of known con­tent, no end-to-end en­crypted com­mu­ni­ca­tions, and lim­it­ing scan­ning to sus­pected users or groups iden­ti­fied by the com­pe­tent ju­di­cial au­thor­ity.

Mid-Mar 2026

Trilogue on the ex­ten­sion col­lapses

The Council re­jects Parliament’s con­di­tions and shows no flex­i­bil­ity in ne­go­ti­a­tions; talks on the ex­ten­sion break down.

Mar 26, 2026

Parliament re­jects the ex­ten­sion out­right

311 MEPs vote against ex­tend­ing the dero­ga­tion (228 in favour, 92 ab­sten­tions). The crit­i­cal Amendment 34, re­ject­ing au­to­mated as­sess­ment of un­known pho­tos and texts, passes by a sin­gle vote (307 – 306).

Apr 4, 2026

Chat Control 1.0 ex­pires

The le­gal ground for vol­un­tary, in­dis­crim­i­nate scan­ning ends. Google, Meta, Microsoft, and Snap state they will con­tinue scan­ning pri­vate mes­sages re­gard­less.

Jun 26, 2026

Council moves to res­ur­rect the ex­pired law

EU am­bas­sadors agree to push a tem­po­rary re­vival — un­prece­dented, as Parliament’s re­jec­tion was con­sid­ered fi­nal. Because an ex­pired reg­u­la­tion can­not be ex­tended, the Council pro­poses a for­mally new law with iden­ti­cal con­tent via an ex­pe­dited pro­ce­dure.

Jul 2, 2026

Council adopts its po­si­tion

The Council adopts its po­si­tion on the new” reg­u­la­tion via writ­ten pro­ce­dure.

Jul 7, 2026

Urgency pro­ce­dure ap­proved

Parliament voted 331 – 303 (11 ab­sten­tions) to fast-track the ex­pired dero­ga­tion, skip­ping the re­spon­si­ble Committee. A bind­ing vote fol­lows on Thursday, 9 July, where an ab­solute ma­jor­ity of 361 MEPs is needed to stop it.

The per­ma­nent CSA Regulation — pro­posed in 2022, dead­locked for years, and still un­a­greed af­ter five rounds of tri­logue ne­go­ti­a­tions. Encryption re­mains the red line.

May 11, 2022

Commission pro­poses the CSA Regulation

Home Affairs Commissioner Ylva Johansson un­veils a pro­posal for a per­ma­nent reg­u­la­tion mak­ing de­tec­tion and re­port­ing of child sex­ual abuse ma­te­r­ial a le­gal re­quire­ment for plat­forms — in­clud­ing a re­quire­ment to by­pass end-to-end en­cryp­tion.

Nov 2023

Parliament adopts a pro­tec­tive man­date

No scan­ning of end-to-end en­crypted ser­vices, de­tec­tion lim­ited to vi­sual ma­te­r­ial, ju­di­cial war­rants tar­geted at spe­cific sus­pects, and no manda­tory age ver­i­fi­ca­tion.

Oct 2025

Germany breaks the Council dead­lock

After years of Council dead­lock, Germany an­nounces it will vote against manda­tory sus­pi­cion­less scan­ning. The Danish pres­i­dency drops de­tec­tion or­ders and shifts to risk as­sess­ment and mit­i­ga­tion oblig­a­tions for providers, while propos­ing to make the vol­un­tary sus­pi­cion­less scan­ning (interim reg­u­la­tion) per­ma­nent.

Nov 26, 2025

Council en­dorses its po­si­tion

The Council adopts the soft­ened Danish com­pro­mise, open­ing tri­logue ne­go­ti­a­tions. Critics note the text still al­lows voluntary” sus­pi­cion­less de­tec­tion and im­poses broad risk-mit­i­ga­tion du­ties, in­clud­ing manda­tory age ver­i­fi­ca­tion, that could re­shape pri­vate mes­sag­ing in prac­tice.

Dec 2025 — May 2026

Four tri­logue rounds

Negotiations be­tween Parliament, Council, and Commission take place on 9 December 2025, 26 February, 16 April, and 11 May 2026 — with­out agree­ment on the core is­sues.

Jun 10, 2026

Council’s own lawyers raise the alarm

The Council Legal Service states that the voluntary” scan­ning pro­posal still con­sti­tutes gen­er­alised scan­ning of com­mu­ni­ca­tions — in­com­pat­i­ble with Article 7 of the EU Charter ab­sent rea­son­able sus­pi­cion and prior ju­di­cial au­tho­ri­sa­tion.

Jun 29, 2026

Final” tri­logue fails

The fifth tri­logue, billed as the last with adop­tion tar­geted for July, pro­duces no deal. Negotiators can­not agree on mak­ing sus­pi­cion­less scan­ning per­ma­nent, as re­quested by Council. Progress is re­ported on ex­clud­ing manda­tory age ver­i­fi­ca­tion, but agree­ment is post­poned and talks con­tinue un­der the in­com­ing Irish pres­i­dency.

Jul 14, 2021

Chat Control 1.0

Temporary dero­ga­tion adopted

Regulation (EU) 2021/1232 cre­ates a tem­po­rary ex­cep­tion to the ePri­vacy Directive, giv­ing providers a le­gal ba­sis to vol­un­tar­ily scan pri­vate mes­sages for child sex­ual abuse ma­te­r­ial. Originally set to ex­pire 3 August 2024.

May 11, 2022

Chat Control 2.0

Commission pro­poses the CSA Regulation

Home Affairs Commissioner Ylva Johansson un­veils a pro­posal for a per­ma­nent reg­u­la­tion mak­ing de­tec­tion and re­port­ing of child sex­ual abuse ma­te­r­ial a le­gal re­quire­ment for plat­forms — in­clud­ing a re­quire­ment to by­pass end-to-end en­cryp­tion.

Nov 2023

Chat Control 2.0

Parliament adopts a pro­tec­tive man­date

No scan­ning of end-to-end en­crypted ser­vices, de­tec­tion lim­ited to vi­sual ma­te­r­ial, ju­di­cial war­rants tar­geted at spe­cific sus­pects, and no manda­tory age ver­i­fi­ca­tion.

Apr 29, 2024

Chat Control 1.0

First ex­ten­sion

With the per­ma­nent reg­u­la­tion (Chat Control 2.0) nowhere near agree­ment, the dero­ga­tion is ex­tended un­til 3 April 2026.

Oct 2025

Chat Control 2.0

Germany breaks the Council dead­lock

After years of Council dead­lock, Germany an­nounces it will vote against manda­tory sus­pi­cion­less scan­ning. The Danish pres­i­dency drops de­tec­tion or­ders and shifts to risk as­sess­ment and mit­i­ga­tion oblig­a­tions for providers, while propos­ing to make the vol­un­tary sus­pi­cion­less scan­ning (interim reg­u­la­tion) per­ma­nent.

Nov 26, 2025

Chat Control 2.0

Council en­dorses its po­si­tion

The Council adopts the soft­ened Danish com­pro­mise, open­ing tri­logue ne­go­ti­a­tions. Critics note the text still al­lows voluntary” sus­pi­cion­less de­tec­tion and im­poses broad risk-mit­i­ga­tion du­ties, in­clud­ing manda­tory age ver­i­fi­ca­tion, that could re­shape pri­vate mes­sag­ing in prac­tice.

Dec 18, 2025

Chat Control 1.0

Commission pro­poses sec­ond ex­ten­sion

The Commission pro­poses ex­tend­ing the dero­ga­tion by an­other two years, to April 2028.

Dec 2025 — May 2026

Chat Control 2.0

Four tri­logue rounds

Negotiations be­tween Parliament, Council, and Commission take place on 9 December 2025, 26 February, 16 April, and 11 May 2026 — with­out agree­ment on the core is­sues.

Mar 2, 2026

Chat Control 1.0

LIBE com­mit­tee re­jects the ex­ten­sion

In a sur­prise vote, the Parliament’s civil lib­er­ties com­mit­tee re­jects the draft ex­ten­sion by 38 votes to 28.

Mar 11, 2026

Chat Control 1.0

Parliament adopts a pro­tec­tive po­si­tion

The ple­nary votes 458 – 103 for a com­pro­mise: ex­tend to 2027, but only with tar­geted and pro­por­tion­ate de­tec­tion of known con­tent, no end-to-end en­crypted com­mu­ni­ca­tions, and lim­it­ing scan­ning to sus­pected users or groups iden­ti­fied by the com­pe­tent ju­di­cial au­thor­ity.

Mid-Mar 2026

Chat Control 1.0

Trilogue on the ex­ten­sion col­lapses

The Council re­jects Parliament’s con­di­tions and shows no flex­i­bil­ity in ne­go­ti­a­tions; talks on the ex­ten­sion break down.

openai.com

EU Parliament greenlights Chat Control 1.0 – Breyer: "Our children lose out"

www.patrick-breyer.de

Today, the European Parliament al­lowed the sus­pi­cion­less mass scan­ning of pri­vate com­mu­ni­ca­tions (“Chat Control 1.0”) to pass, a mea­sure it had re­jected twice in March. Although a ma­jor­ity of vot­ing Members of the European Parliament (MEPs) ac­tu­ally op­posed the reg­u­la­tion (314 against, 276 in fa­vor, 17 ab­sten­tions), the mo­tion to re­ject it failed to se­cure the re­quired ab­solute ma­jor­ity of 361 votes. As a re­sult, mass scan­ning is now per­mit­ted again un­til 2028.

A sym­bolic ex­emp­tion was adopted for en­crypted com­mu­ni­ca­tions—though in prac­tice, ser­vice providers do not scan these any­way. Furthermore, while a ma­jor­ity of vot­ing MEPs wanted to re­strict the scan­ning of pri­vate com­mu­ni­ca­tions strictly to sus­pects iden­ti­fied by the ju­di­ciary (322 to 255 votes), this amend­ment like­wise fell short of the re­quired ab­solute ma­jor­ity.

Dr. Patrick Breyer, civil rights ac­tivist and for­mer Member of the European Parliament (MEP), warns of the con­se­quences:

The fact that Chat Control is mov­ing for­ward against the will of the ma­jor­ity of vot­ing MEPs is a farce and dam­ages democ­racy. Our chil­dren are the real losers in this un­de­mo­c­ra­tic process. The pas­sage of a gen­uine, per­ma­nent child pro­tec­tion reg­u­la­tion is now in se­ri­ous jeop­ardy. The Council will never agree to a des­per­ately needed par­a­digm shift as long as they can sim­ply stick to the old ap­proach of sus­pi­cion­less scan­ning at the whim of the tech in­dus­try.”

Despite the leg­isla­tive de­feat, Breyer re­mains de­fi­ant re­gard­ing the up­com­ing ne­go­ti­a­tions:

Today’s vote on the in­terim reg­u­la­tion was a set­back, but the po­lit­i­cal bat­tle over the per­ma­nent Chat Control 2.0’ is just get­ting started. The re­sis­tance we saw in Parliament to­day was so strong that find­ing a ma­jor­ity for per­ma­nent, sus­pi­cion­less mass scan­ning in fu­ture ne­go­ti­a­tions is a com­plete pipe dream.”

Breyer fun­da­men­tally re­jects the mass sur­veil­lance ap­proach:

Trying to pro­tect chil­dren with sus­pi­cion­less mass sur­veil­lance is like fran­ti­cally mop­ping the floor while the faucet is still run­ning. Blanket chat con­trol is just as un­ac­cept­able as in­dis­crim­i­nately open­ing every­one’s phys­i­cal mail. For five years, this failed sys­tem has served as a smoke­screen to de­lay real ac­tion, all while over­whelm­ing the po­lice with false alarms. We need more child pro­tec­tion, not less—but we need ef­fec­tive pro­tec­tion, not the il­lu­sion of se­cu­rity.”

What hap­pens next?The in­terim reg­u­la­tion passed to­day will re­main in ef­fect un­til 2028, or un­til an agree­ment on a per­ma­nent reg­u­la­tion is reached. Negotiations for the per­ma­nent law will re­sume in September. The core dis­pute be­tween the EU Parliament, mem­ber state gov­ern­ments, and the EU Commission re­mains the scan­ning of pri­vate chats: should it be in­dis­crim­i­nate, or tar­geted at crim­i­nal sus­pects?

What changes with the re­turn of Chat Control 1.0—and what stays the same:

What is com­ing back: US tech com­pa­nies are once again al­lowed to scan pri­vate mes­sages with­out a war­rant or prior sus­pi­cion. This af­fects di­rect mes­sages on plat­forms like Instagram, Discord, Snapchat, Skype, and Xbox, as well as emails via Google’s Gmail and Apple’s iCloud.

What re­mains un­changed: Public so­cial me­dia posts and files hosted in cloud stor­age could al­ready be scanned with­out this law. Furthermore, pri­vate mes­sages can al­ways be re­ported by users, or mon­i­tored by au­thor­i­ties us­ing tar­geted, court-or­dered wire­tap­ping.

What is still NOT be­ing scanned: End-to-end en­crypted chats, such as those on WhatsApp, have al­ways been ex­empt from these scans. Additionally, European providers of mes­sag­ing and email ser­vices have never im­ple­mented chat con­trol mea­sures.

Why Chat Control is the wrong ap­proach:

Since 2022, the vol­ume of sus­pected abuse re­ports from the US has al­ready dropped by 50 per­cent due to the grow­ing use of mes­sage en­cryp­tion.

According to EU Commission fig­ures, mass scan­ning of pri­vate chats ac­counted for only 36 per­cent of all abuse re­ports in 2024 (the ma­jor­ity came from pub­lic posts and cloud stor­age).

The German Federal Criminal Police Office (BKA) re­ports that 48 per­cent of all in­com­ing alerts are not crim­i­nally rel­e­vant in the first place.

Crime sta­tis­tics re­veal that 40 per­cent of the re­sult­ing in­ves­ti­ga­tions ac­tu­ally tar­get mi­nors them­selves.

Under the chat con­trol sys­tem, an es­ti­mated 99 per­cent of re­ports gen­er­ated by Meta con­sist of pre­vi­ously known ma­te­r­ial, which gen­er­ally does lit­tle to stop on­go­ing, ac­tive abuse.

The EU Commission ad­mits there is no ev­i­dence that sus­pi­cion­less scan­ning of pri­vate com­mu­ni­ca­tions has led to an in­crease in crim­i­nal con­vic­tions or in res­cued chil­dren.

Talk of avert­ing a protection gap” is there­fore highly mis­lead­ing. The most ef­fec­tive law en­force­ment tools—court-or­dered wire­taps, user re­ports, and the scan­ning of pub­lic plat­forms and cloud stor­age—were never at risk and re­main fully in­tact. The only prac­tice that was tem­porar­ily banned since April was the in­dis­crim­i­nate, war­rant­less search­ing of pri­vate, un­en­crypted mes­sages of in­no­cent peo­ple on a hand­ful of US plat­forms.

Background: The dead­lock over a per­ma­nent so­lu­tionIn par­al­lel, ne­go­ti­a­tions are on­go­ing for a per­ma­nent reg­u­la­tion to pro­tect chil­dren from sex­u­al­ized on­line vi­o­lence (the CSAM Regulation” or Chat Control 2.0”). In these talks, the EU Parliament is push­ing for a par­a­digm shift in how we ap­proach on­line child safety, de­mand­ing:

Mandatory, tar­geted de­tec­tion or­ders against ac­tual crim­i­nal sus­pects, rather than blan­ket mass scan­ning left to the tech in­dus­try’s dis­cre­tion.

An EU Child Protection Centre tasked with the sys­tem­atic re­moval of known abuse ma­te­r­ial from the pub­lic in­ter­net.

Strict se­cu­rity stan­dards for mes­sag­ing apps (“Security by Design”) to pre­vent cy­ber groom­ing.

This per­ma­nent leg­is­la­tion has stalled be­cause EU mem­ber states in­sist on main­tain­ing the out­dated ap­proach of vol­un­tary, sus­pi­cion­less scan­ning of pri­vate com­mu­ni­ca­tions. Critics warn that re­peat­edly ex­tend­ing the in­terim rules re­moves the po­lit­i­cal pres­sure needed to reach a vi­able, per­ma­nent agree­ment. Ultimately, cling­ing to the sta­tus quo threat­ens to de­rail real progress on child pro­tec­tion.

Patrick Breyer sums up the prob­lem:“As long as EU gov­ern­ments can use pro­ce­dural loop­holes to con­tin­u­ally ex­tend their com­fort­able sta­tus quo of vol­un­tary, in­dis­crim­i­nate mass scan­ning, they have zero in­cen­tive to en­gage with the Parliament’s tar­geted, legally sound, and far more ef­fec­tive child pro­tec­tion strat­egy.

The Voices of Survivors: We need pri­vacy to bring abusers to jus­tice”

Survivors of sex­ual vi­o­lence ex­plic­itly em­pha­size that un­tar­geted Chat Control did not help vic­tims:

Alexander Hanff, sur­vivor of child sex­ual abuse and pri­vacy ad­vo­cate, clar­i­fies:“As a sur­vivor I re­lied on con­fi­den­tial com­mu­ni­ca­tions to tell my story and find jus­tice for 28 school­boys—my­self in­cluded—re­sult­ing in the con­vic­tion of mul­ti­ple of­fend­ers. We sur­vivors need pri­vacy, be­cause with­out it we lose our voice. Chat Control was not cre­ated to pro­tect chil­dren. It was about Big Tech com­pa­nies like Meta or Google want­ing ac­cess to our data for prof­i­teer­ing, and states at­tempt­ing to ex­pand mass sur­veil­lance. The EU Commission has wasted five years and mil­lions of eu­ros on al­go­rithms that can­not pro­tect chil­dren and were never meant to. This money should have been di­verted to real polic­ing, causal re­search, and sup­port for sur­vivors, mil­lions of whom have never re­ceived any sup­port at all.”

Marcel Schneider* (name changed), a sur­vivor who has been su­ing Meta in court over its vol­un­tary Chat Control, adds:“Any­one mourn­ing the end of Chat Control has not un­der­stood what ac­tu­ally helps sur­vivors of sex­ual vi­o­lence. Mass sur­veil­lance by cor­po­ra­tions like Meta does not pre­vent abuse. Genuine pro­tec­tion means: delet­ing ma­te­r­ial at the source, proac­tive po­lice work on the Darknet, and apps that are safe by de­sign for chil­dren from the very start.”

Dorothée Hahne, found­ing mem­ber and vice-chair of the sur­vivors’ ini­tia­tive MOGiS e.V. (A Voice for Survivors), em­pha­sizes the dan­ger mass sur­veil­lance poses to vic­tims them­selves:“As sur­vivors, we see our safe spaces’, our pro­tected ar­eas and com­mu­ni­ca­tion chan­nels, en­dan­gered or de­stroyed by this. For sur­vivors, this need is ex­is­ten­tial.“

StreetComplete

streetcomplete.app

Help im­prove OpenStreetMap with StreetComplete! This app finds miss­ing map data in your vicin­ity and dis­plays it on a map as quests. Solve each quest by vis­it­ing the lo­ca­tion on-site and an­swer­ing a sim­ple ques­tion to up­date the map. The info you en­ter is di­rectly added to OpenStreetMap in your name, with­out the need to use an­other ed­i­tor.

The bottleneck might be the air in the room

blog.mikebowler.ca

You gather your most ex­pen­sive peo­ple into a room to make your most im­por­tant de­ci­sions. Then, some­where in the sec­ond hour, the room qui­etly gets worse at mak­ing them. Not the peo­ple. The room.

I now travel with a portable CO2 mon­i­tor. Outdoors it reads around 400 parts per mil­lion. In a closed meet­ing room with a hand­ful of peo­ple in it, I have watched it climb past 2,000. The photo here is a real read­ing: 2,143.

That num­ber mat­ters more than it looks. Researchers at Lawrence Berkeley National Laboratory put peo­ple in a cham­ber and var­ied only the CO2. At 1,000 ppm, per­for­mance dropped sig­nif­i­cantly on six of nine de­ci­sion-mak­ing mea­sures com­pared with a clean-air base­line of 600. At 2,500 ppm, seven of the nine fell sub­stan­tially, some into a range they called dys­func­tional. A sep­a­rate study out of Harvard found cog­ni­tive scores de­clin­ing as CO2 rose, with the steep­est losses in ex­actly the do­mains you called the meet­ing for: strat­egy, plan­ning, and us­ing in­for­ma­tion un­der pres­sure.

Here is the un­com­fort­able part. 1,000 ppm is not an ex­treme num­ber. A closed room with a few peo­ple breath­ing in it reaches that in­side the first hour. Your all-day plan­ning ses­sion, your ar­chi­tec­ture re­view, your quar­terly strat­egy off­site in the win­dow­less board­room: those are pre­cisely the con­di­tions that push CO2 into the range where de­ci­sion qual­ity mea­sur­ably falls. You are run­ning your high­est-stakes think­ing in the en­vi­ron­ment least suited to it.

And it is in­vis­i­ble from in­side. Nobody in the room feels im­paired. They feel a lit­tle tired, a lit­tle foggy, a lit­tle checked out, and they put it down to the length of the meet­ing, a bad night’s sleep, or the per­son who won’t stop talk­ing. The one vari­able al­most no­body checks is the air.

This is not only a board­room prob­lem. With so much work now re­mote, your peo­ple spend their days in small home of­fices with the door shut. Same physics, same climb, same af­ter­noon fog. The dip your team hits mid-af­ter­noon may owe less to mo­ti­va­tion than to a room that has­n’t ex­changed its air since morn­ing.

A few years ago, one client tried to use this as an ar­gu­ment for bring­ing every­one back to the of­fice. They touted how much bet­ter the build­ing’s air was than any­thing peo­ple had at home. So I brought the mon­i­tor and it was eye-open­ing. Some parts of the build­ing were gen­uinely as good as out­door air; plenty were not. The meet­ing rooms were still a prob­lem, and the more peo­ple in an area, the worse it got.

I’ve spent decades un­der­stand­ing why ca­pa­ble teams un­der­per­form, and I have learned to be sus­pi­cious of any ex­pla­na­tion that starts by blam­ing the peo­ple. Before you con­clude that the team is dis­en­gaged, that they can’t think strate­gi­cally, or that the meet­ing cul­ture is bro­ken, it is worth rul­ing out the cheap­est vari­able in the build­ing. A CO2 mon­i­tor costs less than an hour of your time. Opening a win­dow or a door costs noth­ing.

You al­ready in­stru­ment your build pipeline, your cy­cle time, your de­fect rates. You mea­sure the sys­tems your peo­ple work in­side be­cause you know the en­vi­ron­ment shapes the out­put. The air in the room is part of that en­vi­ron­ment, and right now it is the one in­put you are not mea­sur­ing.

I learned this the mem­o­rable way once, by seal­ing my own team into a room full of CO2 as a Halloween stunt. The every­day ver­sion is far less dra­matic and far more com­mon.

Open a win­dow. Then watch what hap­pens to the sec­ond half of the meet­ing.

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

Visit pancik.com for more.