From the be­gin­ning, our goal has been to build tools that rad­i­cally change what it feels like to work with Python — tools that feel fast, ro­bust, in­tu­itive, and in­te­grated.

Today, we’re tak­ing a step for­ward in that mis­sion by an­nounc­ing that we’ve en­tered into an agree­ment to join OpenAI as part of the Codex

team.

Over the past few years, our tools have grown from zero to hun­dreds of mil­lions of down­loads per month across Ruff, uv, and

ty. The Astral tool­chain has be­come foun­da­tional to mod­ern Python de­vel­op­ment. The num­bers — and the im­pact — went far be­yond my most am­bi­tious ex­pec­ta­tions at every step of the way.

Open source is at the heart of that im­pact and the heart of that story; it sits at the cen­ter of every­thing we do. In line with our phi­los­o­phy and

OpenAI’s own an­nounce­ment, OpenAI will con­tinue sup­port­ing our open source tools af­ter the deal closes. We’ll keep build­ing in the open, along­side our com­mu­nity — and for the broader Python ecosys­tem — just as we have from the start.

I view build­ing tools as an in­cred­i­bly high-lever­age en­deavor. As I wrote in our

launch post three years ago: “If you could make the Python ecosys­tem even 1% more pro­duc­tive, imag­ine how that im­pact would com­pound?”

Today, AI is rapidly chang­ing the way we build soft­ware, and the pace of that change is only ac­cel­er­at­ing. If our goal is to make pro­gram­ming more pro­duc­tive, then build­ing at the fron­tier of AI and soft­ware feels like the high­est-lever­age thing we can do.

It is in­creas­ingly clear to me that Codex is that fron­tier. And by bring­ing Astral’s tool­ing and ex­per­tise to OpenAI, we’re putting our­selves in a po­si­tion to push it for­ward. After join­ing the Codex team, we’ll con­tinue build­ing our open source tools, ex­plore ways they can work more seam­lessly with Codex, and ex­pand our reach to think more broadly about the fu­ture of soft­ware de­vel­op­ment.

Through it all, though, our goal re­mains the same: to make pro­gram­ming more pro­duc­tive. To build tools that rad­i­cally change what it feels like to build soft­ware.

On a per­sonal note, I want to say thank you, first, to the Astral team, who have al­ways put our users first and shipped some of the most beloved soft­ware in the world. You’ve pushed me to be a bet­ter leader and a bet­ter pro­gram­mer. I am so ex­cited to keep build­ing with you.

Second, to our in­vestors, es­pe­cially

Casey Aylward from Accel, who led our Seed and Series A, and Jennifer Li from Andreessen Horowitz, who led our Series B. As a first-time, tech­ni­cal, solo founder, you showed far more be­lief in me than I ever showed in my­self, and I will never for­get that.

And third, to our users. Our tools ex­ist be­cause of you. Thank you for your trust. We won’t let you down.

The ver­dict was the ic­ing on the cake.

Afroman did not de­fame Ohio cops in a satir­i­cal mu­sic video that fea­tured footage of them fruit­lessly raid­ing the rap­per’s house, a jury found on Wednesday.

The 51-year-old “Because I Got High” rap­per, whose real name is Joseph Foreman, held up his hands in tri­umph and hugged peo­ple in the court­room af­ter he was found not li­able for defama­tion, or in­va­sion of pri­vacy false light pub­lic­ity.

Foreman was sued by the Adams County Sheriff’s Office over a drug search at his home in August 2022 that re­sulted in no crim­i­nal charges.

The hip hop star wrote the satir­i­cal song “Lemon Pound Cake” and made a mu­sic video with real footage of the raid taken from his home sur­veil­lance cam­eras to raise money for prop­erty dam­age caused dur­ing the search, he has said.

Seven cops with the sher­if­f’s of­fice then sued him in March 2023, al­leg­ing the mu­sic video de­famed them, in­vaded their con­sti­tu­tional pri­vacy, and was an in­ten­tional in­flic­tion of emo­tional dis­tress.

The video fea­tures footage of the cops bust­ing down his door dur­ing, and of one of­fi­cer eye­ing his “mama’s lemon pound­cake” with his gun drawn.

After mak­ing the mu­sic video, Foreman al­legedly con­tin­ued putting up so­cial me­dia posts with names of the of­fi­cers in­volved, the law­suit states.

Several of the posts al­legedly falsely claimed that the cops “stole my money” and were “criminals dis­guised as law en­force­ment,” ac­cord­ing to the suit.

They also falsely stated that the of­fi­cers are “white su­prema­cists,” that Officer Brian Newman “used to do hard drugs” be­fore “snitching” on his friends, and that Officer Lisa Phillips is “biologically male,” ac­cord­ing to the law­suit.

Foreman’s lawyer had ar­gued the song, which he de­scribed as a com­bi­na­tion of com­edy and mu­sic, was sim­ply free speech.

“We see pub­lic of­fi­cials all the time that are made fun of,” lawyer David Osborne said in a clos­ing state­ment Wednesday. “They are go­ing to be held to higher stan­dards, their work is go­ing to be crit­i­cized, that’s just what hap­pens when you’re a pub­lic of­fi­cial.”

“It’s a so­cial com­men­tary on the fact that they did­n’t do things cor­rectly,” he said of the of­fi­cers.

An at­tor­ney for the po­lice, mean­while, de­manded a to­tal of $3.9 mil­lion in dam­ages — di­vided among the seven of­fi­cers in­volved.

“[Foreman]  per­pet­u­ated lies in­ten­tion­ally re­peat­edly over 3 1/2 years on the in­ter­net about these seven brave deputy sher­iffs,” lawyer Robert Klingler said in clos­ing re­marks Wednesday. “[He] knew that what he posted on  the in­ter­net were lies.”

“He says he’s not go­ing to stop…tell him through your ver­dict that he needs to stop,” Klingler added.

“All of this is their fault,” Foreman tes­ti­fied in court Tuesday, ac­cord­ing to WCPO.

“If they had­n’t wrongly raided my house, there would be no law­suit, I would not know their names, they would­n’t be on my home sur­veil­lance sys­tem, and there would be no songs … my money would still be in­tact.”

Zen gives you ac­cess to a hand­picked set of AI mod­els that OpenCode has tested and bench­marked specif­i­cally for cod­ing agents. No need to worry about in­con­sis­tent per­for­mance and qual­ity across providers, use val­i­dated mod­els that work.

The “advanced flow” will be avail­able be­fore ver­i­fi­ca­tion en­force­ment be­gins later this year.

Google is plan­ning big changes for Android in 2026 aimed at com­bat­ing mal­ware across the en­tire de­vice ecosys­tem. Starting in September, Google will be­gin re­strict­ing ap­pli­ca­tion side­load­ing with its de­vel­oper ver­i­fi­ca­tion pro­gram, but not every­one is on board. Android Ecosystem President Sameer Samat tells Ars that the com­pany has been lis­ten­ing to feed­back, and the re­sult is the newly un­veiled ad­vanced flow, which will al­low power users to skip app ver­i­fi­ca­tion.

With its new lim­its on side­load­ing, Android phones will only in­stall apps that come from ver­i­fied de­vel­op­ers. To ver­ify, devs re­leas­ing apps out­side of Google Play will have to pro­vide iden­ti­fi­ca­tion, up­load a copy of their sign­ing keys, and pay a $25 fee. It all seems rather oner­ous for peo­ple who just want to make apps with­out Google’s in­ter­ven­tion.

Apps that come from un­ver­i­fied de­vel­op­ers won’t be in­stal­lable on Android phones—un­less you use the new ad­vanced flow, which will be buried in the de­vel­oper set­tings.

When side­load­ing apps to­day, Android phones alert the user to the “unknown sources” tog­gle in the set­tings, and there’s a flow to help you turn it on. The ver­i­fi­ca­tion by­pass is dif­fer­ent and will not be re­vealed to users. You have to know where this is and proac­tively turn it on your­self, and it’s not a quick process. Here are the steps:

Enable de­vel­oper op­tions by tap­ping the soft­ware build num­ber in About Phone seven times

In Settings > System, open Developer Options and scroll down to “Allow Unverified Packages.”

Flip the tog­gle and tap to con­firm you are not be­ing co­erced

Return to the un­ver­i­fied pack­ages menu at the end of the se­cu­rity de­lay

Scroll past ad­di­tional warn­ings and se­lect ei­ther “Allow tem­porar­ily” (seven days) or “Allow in­def­i­nitely.”

Check the box con­firm­ing you un­der­stand the risks.

You can now in­stall un­ver­i­fied pack­ages on the de­vice by tap­ping the “Install any­way” op­tion in the pack­age man­ager.

The ac­tual leg­work to ac­ti­vate this fea­ture only takes a few sec­onds, but the 24-hour count­down makes it some­thing you can­not do spur of the mo­ment. But why 24 hours? According to Samat, this is de­signed to com­bat the ris­ing use of high-pres­sure so­cial en­gi­neer­ing at­tacks, in which the scam­mer con­vinces the vic­tim they have to in­stall an app im­me­di­ately to avoid se­vere con­se­quences.

You’ll have to wait 24 hours to by­pass ver­i­fi­ca­tion.

You’ll have to wait 24 hours to by­pass ver­i­fi­ca­tion.

“In that 24-hour pe­riod, we think it be­comes much harder for at­tack­ers to per­sist their at­tack,” said Samat. “In that time, you can prob­a­bly find out that your loved one is­n’t re­ally be­ing held in jail or that your bank ac­count is­n’t re­ally un­der at­tack.”

But for peo­ple who are sure they don’t want Google’s ver­i­fi­ca­tion sys­tem to get in the way of side­load­ing any old APK they come across, they don’t have to wait un­til they en­counter an un­ver­i­fied app to get started. You only have to se­lect the “indefinitely” op­tion once on a phone, and you can turn dev op­tions off again af­ter­ward.

According to Samat, Google feels a re­spon­si­bil­ity to Android users world­wide, and things are dif­fer­ent than they used to be with more than 3 bil­lion ac­tive de­vices out there.

“For a lot of peo­ple in the world, their phone is their only com­puter, and it stores some of their most pri­vate in­for­ma­tion,” Samat said. “Over the years, we’ve evolved the plat­form to keep it open while also keep­ing it safe. And I want to em­pha­size, if the plat­form is­n’t safe, peo­ple aren’t go­ing to use it, and that’s a lose-lose sit­u­a­tion for every­one, in­clud­ing de­vel­op­ers.”

But what does that safety look like? Google swears it’s not in­ter­ested in the con­tent of apps, and it won’t be check­ing proac­tively when de­vel­op­ers reg­is­ter. This is only about iden­tity ver­i­fi­ca­tion—you should know when you’re in­stalling an app that it’s not an im­poster and does not come from known pur­vey­ors of mal­ware. If a ver­i­fied de­vel­oper dis­trib­utes mal­ware, they’re un­likely to re­main ver­i­fied. And what is mal­ware? For Samat, mal­ware in the con­text of de­vel­oper ver­i­fi­ca­tion is an ap­pli­ca­tion pack­age that “causes harm to the user’s de­vice or per­sonal data that the user did not in­tend.”

So a rootkit can be mal­ware, but a rootkit you down­loaded in­ten­tion­ally be­cause you want root ac­cess on your phone is not mal­ware, from Samat’s per­spec­tive. Likewise, an al­ter­na­tive YouTube client that by­passes Google’s ads and fea­ture lim­its is­n’t caus­ing the kind of harm that would lead to is­sues with ver­i­fi­ca­tion. But these are just broad strokes; Google has not com­mented on any spe­cific apps.

Google says side­load­ing is­n’t go­ing away, but it is chang­ing.

Google says side­load­ing is­n’t go­ing away, but it is chang­ing.

Google is pro­ceed­ing cau­tiously with the ver­i­fi­ca­tion roll­out, and some de­tails are still spotty. Privacy ad­vo­cates have ex­pressed con­cern that ver­i­fi­ca­tion will cre­ate a data­base that puts in­de­pen­dent de­vel­op­ers at risk of le­gal ac­tion. Samat says that Google does push back on ju­di­cial or­ders for user data when they are im­proper. The com­pany fur­ther sug­gests it’s not in­tend­ing to cre­ate a per­ma­nent list of de­vel­oper iden­ti­ties that would be vul­ner­a­ble to le­gal de­mands. We’ve asked for more de­tail on what data Google re­tains from the ver­i­fi­ca­tion process and for what length of time.

There is also con­cern that de­vel­op­ers liv­ing in sanc­tioned na­tions might be un­able to ver­ify due to the re­quired fee. Google notes that the ver­i­fi­ca­tion process may vary across coun­tries and was not cre­ated specif­i­cally to bar de­vel­op­ers in places like Cuba or Iran. We’ve asked for de­tails on how Google will han­dle these edge cases and will up­date if we learn more.

Rolling out in 2026 and be­yond

Android users in most of the world don’t have to worry about de­vel­oper ver­i­fi­ca­tion yet, but that day is com­ing. In September, ver­i­fi­ca­tion en­force­ment will be­gin in Brazil, Singapore, Indonesia, and Thailand. Impersonation and guided scams are more com­mon in these re­gions, so Google is start­ing there be­fore ex­pand­ing ver­i­fi­ca­tion glob­ally next year. Google has stressed that the ad­vanced flow will be avail­able be­fore the ini­tial roll­out in September.

Google stands by its as­ser­tion that users are 50 times more likely to get mal­ware out­side Google Play than in it. A big part of the gap, Samat says, is Google’s de­ci­sion in 2023 to be­gin ver­i­fy­ing de­vel­oper iden­ti­ties in the Play Store. This pro­vided a frame­work for uni­ver­sal de­vel­oper ver­i­fi­ca­tion. While there are cer­tainly rea­sons Google might like the con­trol ver­i­fi­ca­tion gives it, the Android team has felt real pres­sure from reg­u­la­tors in ar­eas with mal­ware is­sues to ad­dress plat­form se­cu­rity.

“In a lot of coun­tries, there is chat­ter about if this is­n’t safer, then there may need to be reg­u­la­tory ac­tion to lock down more of this stuff,” Samat told Ars Technica. “I don’t think that it’s well un­der­stood that this is a real se­cu­rity con­cern in a num­ber of coun­tries.”

Google has al­ready started de­liv­er­ing the ver­i­fier to de­vices around the world—it’s in­te­grated with Android 16.1, which launched late in 2025. Eventually, the ver­i­fier and ad­vanced flow will be on all cur­rently sup­ported Android de­vices. However, the UI will be con­sis­tent, with Google pro­vid­ing all the com­po­nents and scare screens. So what you see here should be sim­i­lar to what ap­pears on your phone in a few months, re­gard­less of who made it.

Ryan Whitwam is a se­nior tech­nol­ogy re­porter at Ars Technica, cov­er­ing the ways Google, AI, and mo­bile tech­nol­ogy con­tinue to change the world. Over his 20-year ca­reer, he’s writ­ten for Android Police, ExtremeTech, Wirecutter, NY Times, and more. He has re­viewed more phones than most peo­ple will ever own. You can fol­low him on Bluesky, where you will see pho­tos of his dozens of me­chan­i­cal key­boards.

Once again, ULA can’t de­liver when the US mil­i­tary needs a satel­lite in or­bit

You’re likely al­ready in­fected with a brain-eat­ing virus you’ve never heard of

NASA wants to know how the launch in­dus­try’s chic new rocket fuel ex­plodes

Rocket Report: Canada makes a ma­jor move, US Space Force says ac­tu­ally, let’s be hasty

Microsoft keeps in­sist­ing that it’s deeply com­mit­ted to the qual­ity of Windows 11

Linux gam­ing has come a long way. When Valve launched Proton back in 2018, it felt like a turn­ing point, turn­ing the Linux gam­ing ex­pe­ri­ence from “technically pos­si­ble if you’re okay with a lot of pain” to some­thing that more or less worked. Since then, we’ve seen in­cre­men­tal Wine re­leases, each one chip­ping away at com­pat­i­bil­ity is­sues and im­prov­ing per­for­mance bit by bit. Wine 10, Wine 9, and so on; each one a col­lec­tion of bug fixes and small im­prove­ments that kept the ecosys­tem mov­ing for­ward.

Wine 11 is dif­fer­ent. This is­n’t just an­other yearly re­lease with a few hun­dred bug fixes and some com­pat­i­bil­ity tweaks. It rep­re­sents a huge num­ber of changes and bug fixes. However, it also ships with NTSYNC sup­port, which is a fea­ture that has been years in the mak­ing and rewrites how Wine han­dles one of the most per­for­mance-sen­si­tive op­er­a­tions in mod­ern gam­ing. On top of that, the WoW64 ar­chi­tec­ture over­haul is fi­nally com­plete, the Wayland dri­ver has grown up a lot, and there’s a big list of smaller im­prove­ments that col­lec­tively make this feel like an all-new pro­ject.

I should be clear: not every game is go­ing to see a night-and-day dif­fer­ence. Some ti­tles will run iden­ti­cally to be­fore. But for the games that do ben­e­fit from these changes, the im­prove­ments range from no­tice­able to ab­surd. And be­cause Proton, SteamOS, and every down­stream pro­ject builds on top of Wine, those gains trickle down to every­one.

Everything up un­til now was a workaround

Esync and fsync worked, but they weren’t ideal

If you’ve spent any time tweak­ing Wine or Proton set­tings, you’ve prob­a­bly en­coun­tered the terms “esync” and “fsync” be­fore. Maybe you tog­gled them on in Lutris, or no­ticed them in Proton launch op­tions, with­out fully un­der­stand­ing what they do. To un­der­stand why NTSYNC mat­ters, you need to un­der­stand the prob­lem these so­lu­tions were all try­ing to solve.

Windows games, es­pe­cially mod­ern ones, are heav­ily multi-threaded. Your CPU is­n’t just run­ning one thing at a time, and in­stead, it’s jug­gling ren­der­ing, physics cal­cu­la­tions, as­set stream­ing, au­dio pro­cess­ing, AI rou­tines, and more, all in par­al­lel across mul­ti­ple threads. These threads need to co­or­di­nate with each other con­stantly. One thread might need to wait for an­other to fin­ish load­ing a tex­ture be­fore it can ren­der a frame. Another might need ex­clu­sive ac­cess to a shared re­source so two threads don’t try to mod­ify it si­mul­ta­ne­ously.

Windows han­dles this co­or­di­na­tion through what are called NT syn­chro­niza­tion prim­i­tives… mu­texes, sem­a­phores, events, and the like. They’re baked deep into the Windows ker­nel, and games rely on them heav­ily. The prob­lem is that Linux does­n’t have na­tive equiv­a­lents that be­have ex­actly the same way. Wine has his­tor­i­cally had to em­u­late these syn­chro­niza­tion mech­a­nisms, and the way it did so was, to put it sim­ply, not ideal.

The orig­i­nal ap­proach in­volved mak­ing a round-trip RPC call to a ded­i­cated “kernel” process called wine­server every sin­gle time a game needed to syn­chro­nize be­tween threads. For a game mak­ing thou­sands of these calls per sec­ond, that over­head added up fast and served to be a bot­tle­neck. And it was a bot­tle­neck that man­i­fested as sub­tle frame stut­ters, in­con­sis­tent frame pac­ing, and games that just felt a lit­tle bit off even when the raw FPS num­bers looked fine.

Esync was the first at­tempt at a workaround. Developed by Elizabeth Figura at CodeWeavers, it used Linux’s eventfd sys­tem call to han­dle syn­chro­niza­tion with­out bounc­ing through the wine­server. It worked, and it helped, but it had quirks. Some dis­tros ran into is­sues with file de­scrip­tor lim­its, since every syn­chro­niza­tion ob­ject needed its own file de­scrip­tor, and games that opened a lot of them could hit the sys­tem’s ceil­ing quite quickly.

Fsync came next, us­ing Linux fu­texes for even bet­ter per­for­mance. It was faster than esync in most cases, but it re­quired out-of-tree ker­nel patches that never made it into the main­line Linux ker­nel or to up­stream Wine out of the box. That meant you needed a cus­tom or patched ker­nel to use it, which is fine for en­thu­si­asts run­ning CachyOS or Proton-GE, but not ex­actly ac­ces­si­ble for the av­er­age user on Ubuntu or Fedora. Futex2, of­ten re­ferred to in­ter­change­ably with fsync, did make it to Linux ker­nel 5.16 as fu­tex_waitv, but the orig­i­nal im­ple­men­ta­tion of fsync is­n’t that. Fsync used fu­tex_wait­_­mul­ti­ple, and Futex2 used fu­tex_waitv. Applications such as Lutris still re­fer to it as Fsync, though. It’s still kind of fsync, but it’s not the orig­i­nal fsync.

Here’s the thing about both esync and fsync: they were workarounds. Clever ones, but workarounds nonethe­less. They ap­prox­i­mated NT syn­chro­niza­tion be­hav­ior us­ing Linux prim­i­tives that weren’t de­signed for the job, and cer­tain edge cases sim­ply could­n’t be han­dled cor­rectly. Operations like NtPulseEvent() and the “wait-for-all” mode in NtWaitForMultipleObjects() re­quire di­rect con­trol over the un­der­ly­ing wait queues in ways that user-space im­ple­men­ta­tions just can’t re­li­ably pro­vide.

Synchronization at the ker­nel-level, rather than in user-space

NTSYNC takes a com­pletely dif­fer­ent ap­proach. Instead of try­ing to shoe­horn Windows syn­chro­niza­tion be­hav­ior into ex­ist­ing Linux prim­i­tives, it adds a new ker­nel dri­ver that di­rectly mod­els the Windows NT syn­chro­niza­tion ob­ject API. It ex­poses a /dev/ntsync de­vice that Wine can talk to, and the ker­nel it­self han­dles the co­or­di­na­tion. No more round trips to wine­server, no more ap­prox­i­ma­tions, and the syn­chro­niza­tion hap­pens in the ker­nel, which is where it should be. And it has proper queue man­age­ment, proper event se­man­tics, and proper atomic op­er­a­tions.

What makes this even bet­ter is that NTSYNC was de­vel­oped by the same per­son who cre­ated esync and fsync in the first place. Elizabeth Figura has been work­ing on this prob­lem for years, it­er­at­ing through mul­ti­ple ker­nel patch re­vi­sions, pre­sent­ing the work at the Linux Plumbers Conference in 2023, and push­ing through mul­ti­ple ver­sions of the patch set be­fore it was fi­nally merged into the main­line Linux ker­nel with ver­sion 6.14.

The num­bers are wild. In de­vel­oper bench­marks, Dirt 3 went from 110.6 FPS to 860.7 FPS, which is an im­pres­sive 678% im­prove­ment. Resident Evil 2 jumped from 26 FPS to 77 FPS. Call of Juarez went from 99.8 FPS to 224.1 FPS. Tiny Tina’s Wonderlands saw gains from 130 FPS to 360 FPS. As well, Call of Duty: Black Ops I is now ac­tu­ally playable on Linux, too. Those bench­marks com­pare Wine NTSYNC against up­stream vanilla Wine, which means there’s no fsync or esync ei­ther. Gamers who use fsync are not go­ing to see such a leap in per­for­mance in most games.

The games that ben­e­fit most from NTSYNC are the ones that were strug­gling be­fore, such as ti­tles with heavy multi-threaded work­loads where the syn­chro­niza­tion over­head was a gen­uine bot­tle­neck. For those games, the dif­fer­ence is night and day. And un­like fsync, NTSYNC is in the main­line ker­nel, mean­ing you don’t need any cus­tom patches or out-of-tree mod­ules for it work. Any dis­tro ship­ping ker­nel 6.14 or later, which at this point in­cludes Fedora 42, Ubuntu 25.04, and more re­cent re­leases, will sup­port it. Valve has al­ready added the NTSYNC ker­nel dri­ver to SteamOS 3.7.20 beta, load­ing the mod­ule by de­fault, and an un­of­fi­cial Proton fork, Proton GE, al­ready has it en­abled. When Valve’s of­fi­cial Proton re­bases on Wine 11, every Steam Deck owner gets this for free.

All of this is what makes NTSYNC such a big deal, as it’s not sim­ply a run-of-the-mill per­for­mance patch. Instead, it’s some­thing much big­ger: this is the first time Wine’s syn­chro­niza­tion has been cor­rect at the ker­nel level, im­ple­mented in the main­line Linux ker­nel, and avail­able to every­one with­out jump­ing through hoops.

If NTSYNC is the head­line fea­ture, the com­ple­tion of Wine’s WoW64 ar­chi­tec­ture is the change that will qui­etly im­prove every­one’s life go­ing for­ward. On Windows, WoW64 (Windows 32-bit on Windows 64-bit) is the sub­sys­tem that lets 32-bit ap­pli­ca­tions run on 64-bit sys­tems. Wine has been work­ing to­ward its own im­ple­men­ta­tion of this for years, and Wine 11 marks the point where it’s of­fi­cially done.

What this means in prac­tice is that you no longer need 32-bit sys­tem li­braries in­stalled on your 64-bit Linux sys­tem to run 32-bit Windows ap­pli­ca­tions. Wine han­dles the trans­la­tion in­ter­nally, us­ing a sin­gle uni­fied bi­nary that au­to­mat­i­cally de­tects whether it’s deal­ing with a 32-bit or 64-bit ex­e­cutable. The old days of in­stalling mul­ti­lib pack­ages, con­fig­ur­ing ia32-libs, or fight­ing with 32-bit de­pen­den­cies on your 64-bit dis­tro thank­fully over.

This might sound like a small qual­ity-of-life im­prove­ment, but it’s a mas­sive piece of en­gi­neer­ing work. The WoW64 mode now han­dles OpenGL mem­ory map­pings, SCSI pass-through, and even 16-bit ap­pli­ca­tion sup­port. Yes, 16-bit! If you’ve got an­cient Windows soft­ware from the ’90s that you need to run for what­ever rea­son, Wine 11 has you cov­ered.

For gam­ing specif­i­cally, this mat­ters be­cause a sur­pris­ing num­ber of games, es­pe­cially older ones, are 32-bit ex­e­cuta­bles. Previously, get­ting these to work of­ten meant wrestling with your dis­tro’s mul­ti­lib setup, which var­ied in qual­ity and ease de­pend­ing on whether you were on Ubuntu, Arch, Fedora, or some­thing else en­tirely. Now, Wine just han­dles it for you.

The rest of Wine 11 is­n’t just filler

There are more fixes, too

It’s easy to let NTSYNC and WoW64 steal the spot­light, but Wine 11 is packed to the gills with other stuff worth talk­ing about.

The Wayland dri­ver has come a long way. Clipboard sup­port now works bidi­rec­tion­ally be­tween Wine and na­tive Wayland ap­pli­ca­tions, which is one of those things you don’t think about un­til it does­n’t work and it dri­ves you mad. Drag-and-drop from Wayland apps into Wine win­dows is sup­ported. Display mode changes are now em­u­lated through com­pos­i­tor scal­ing, which means older games that try to switch to lower res­o­lu­tions like 640x480 ac­tu­ally be­have prop­erly in­stead of leav­ing you with a bro­ken desk­top. If you’ve been hold­ing off on switch­ing from X11 to Wayland be­cause of Wine com­pat­i­bil­ity con­cerns, Wine 11 re­moves a lot of those bar­ri­ers.

On the graph­ics front, EGL is now the de­fault back­end for OpenGL ren­der­ing on X11, re­plac­ing the older GLX path. Vulkan sup­port has been bumped to API ver­sion 1.4, and there’s ini­tial sup­port for hard­ware-ac­cel­er­ated H.264 de­cod­ing through Direct3D 11 video APIs us­ing Vulkan Video. That last one is par­tic­u­larly in­ter­est­ing for games and ap­pli­ca­tions that use video play­back for things like cutscenes or in-game stream­ing.

Force feed­back sup­port has been im­proved for rac­ing wheels and flight sticks, which is great news if you’re run­ning a sim setup on Linux. As well, Bluetooth has re­ceived a new dri­ver with BLE ser­vices and proper pair­ing sup­port, MIDI sound­font han­dling has been im­proved for legacy game mu­sic, and there are a cou­ple of mi­nor ex­tras like Zip64 com­pres­sion sup­port, Unicode 17.0.0 sup­port, TWAIN 2.0 scan­ning for 64-bit apps, and IPv6 ping func­tion­al­ity.

Thread pri­or­ity man­age­ment has been im­proved on both Linux and ma­cOS, which helps with multi-threaded ap­pli­ca­tion per­for­mance be­yond just the NTSYNC gains. ARM64 de­vices can now sim­u­late 4K page sizes on sys­tems with larger na­tive pages, which keeps the door open for Wine on Arm hard­ware. And with more Arm-based Linux de­vices show­ing up every year, that mat­ters more than it used to.

Plus, there are a ton of bug fixes. Games like Nioh 2, StarCraft 2, The Witcher 2, Call of Duty: Black Ops II, Final Fantasy XI, and Battle.net all re­ceived spe­cific com­pat­i­bil­ity fixes, which is ad­di­tional to the broader im­prove­ments made across the board that will im­prove per­for­mance and com­pat­i­bil­ity across sig­nif­i­cantly more ti­tles.

Wine 11 is a big re­lease, and it’s not just NTSYNC that makes it the case. Sure, NTSYNC alone would have made it worth pay­ing at­ten­tion to, but com­bined with the WoW64 com­ple­tion, the Wayland im­prove­ments, and the sheer vol­ume of fixes, it’s the most im­por­tant Wine re­lease since Proton made Linux gam­ing vi­able. Everything built on top of Wine, from Proton to Lutris to Bottles, gets bet­ter be­cause of it. If you play games on Linux at all, Wine 11 is worth your time try­ing out.

Microsoft just an­nounced a 7-point plan to fix Windows 11, and the tech press is treat­ing it like a re­demp­tion arc. Pavan Davuluri, the Windows pres­i­dent, ad­mit­ted in January 2026 that “Windows 11 had gone off track” and said Microsoft was en­ter­ing a mode called “swarming” where en­gi­neers would be pulled off new fea­tures to fix ex­ist­ing prob­lems.

I saw this head­line and my first thought was: it’s like be­ing in an abu­sive re­la­tion­ship. They beat you, then show up with flow­ers say­ing they’ve changed. And every­one around you says “see, they’re get­ting bet­ter.” But the bruises are still there and the apol­ogy only cov­ers the hits peo­ple no­ticed.

I want to walk through what Microsoft ac­tu­ally did to Windows 11 over the past four years, be­cause this “fix” an­nounce­ment only makes sense when you see the full dam­age list and re­al­ize that the worst of­fenses aren’t even part of the re­pair plan.

The Copilot in­va­sion started September 26, 2023, when Microsoft pushed their AI chat­bot into Windows 11 ahead of the for­mal 23H2 re­lease. The icon ap­peared be­tween your Start menu and sys­tem tray, you could­n’t move it, you could­n’t re­move it through nor­mal set­tings, and it hi­jacked the Win+C key­board short­cut. Over the next two years, Copilot but­tons metas­ta­sized into Snipping Tool, Photos, Notepad, Widgets, File Explorer con­text menus, Start menu search, and sys­tem Settings. Microsoft even planned to force-in­stall the Microsoft 365 Copilot app di­rectly onto Start menus of “eligible PCs.” The new plan promises to re­move all of that. They want credit for pulling their hand out of your pocket.

On April 24, 2024, Microsoft shipped up­date KB5036980, which in­jected ad­ver­tise­ments into the Windows 11 Start menu’s “Recommended” sec­tion. These showed up la­beled “Promoted” and pushed apps like Opera browser and some pass­word man­ager no­body asked for. And the Start menu was just one sur­face, they also placed ads on the lock screen, in the Settings home­page hawk­ing Game Pass sub­scrip­tions, in­side File Explorer push­ing OneDrive, and through “tip” no­ti­fi­ca­tions that were thinly veiled prod­uct pitches. The “fix” promises “fewer ads.” Fewer. The op­er­at­ing sys­tem you paid $139 for at re­tail should have ex­actly zero ads, and the fact that “fewer” is sup­posed to im­press any­one shows how thor­oughly Microsoft has low­ered the bar.

The pri­vacy an­gle is where this gets dan­ger­ous. When Windows 11 launched in October 2021, Home edi­tion re­quired a Microsoft ac­count dur­ing setup. By October 2025, Microsoft had sys­tem­at­i­cally hunted down and killed every sin­gle workaround for cre­at­ing a lo­cal ac­count, the `oobe\bypassnro` com­mand, the BypassNRO reg­istry tog­gle, the `ms-cxh:localonly` trick, even the old fake email method. Amanda Langowski from Microsoft stated it plainly: they were “removing known mech­a­nisms for cre­at­ing a lo­cal ac­count in the Windows Setup ex­pe­ri­ence.”

A Microsoft ac­count means your iden­tity is tied to your OS from first boot. Your ac­tiv­ity, your app us­age, your brows­ing through Edge, your files through OneDrive, all fun­neled into a pro­file Microsoft con­trols. And this par­tic­u­lar abuse is nowhere in the 7-point fix plan.

OneDrive got the same treat­ment. Microsoft silently changed Windows 11 setup in 2024 so that OneDrive folder backup en­ables au­to­mat­i­cally with no con­sent di­a­log, sync­ing your Desktop, Documents, Pictures, Music, and Videos to Microsoft’s cloud. When peo­ple dis­cov­ered this and tried to turn it off, their files dis­ap­peared from their lo­cal ma­chine be­cause OneDrive had moved them, trans­ferred own­er­ship of your per­sonal files to their cloud ser­vice with­out ask­ing. Author Jason Pargin went vi­ral de­scrib­ing how OneDrive ac­ti­vated it­self, moved his files, then started delet­ing them when he hit the free 5GB stor­age limit. Microsoft’s re­sponse to this was si­lence. Also not in the fix plan.

Windows Recall is worth lin­ger­ing on. Announced May 2024, it’s an AI fea­ture that screen­shots every­thing on your screen every few sec­onds and makes it search­able. Security re­searcher Kevin Beaumont demon­strated that the en­tire Recall data­base was stored in plain­text in an AppData folder where any mal­ware could ex­tract it. Bank num­bers, Social Security num­bers, pass­words, all sit­ting in an un­en­crypted SQLite data­base.

The UK’s Information Commissioner’s Office got in­volved. Microsoft de­layed it, made it opt-in, added en­cryp­tion, and qui­etly re­launched it for Insiders in November 2024. They built a sur­veil­lance fea­ture, shipped it bro­ken, got caught, and called the patch “responding to feed­back.”

But the abuse pat­tern goes back way fur­ther than Windows 11. In 2015 and 2016, Microsoft ran the GWX (Get Windows 10) cam­paign, full-screen nag di­alogs that pushed Windows 10 up­grades on Windows 7 and 8 users. In May 2016, they changed the be­hav­ior of the red X but­ton so that click­ing it, which for decades had meant “close” or “cancel”, in­stead sched­uled the Windows 10 up­grade. Microsoft’s own se­cu­rity ad­vice told users to close sus­pi­cious di­alogs us­ing the X but­ton, and they weaponized that trained be­hav­ior against their own cus­tomers. A woman named Teri Goldstein sued af­ter the forced up­grade bricked her travel agency PC and won $10,000. Microsoft ap­pealed, then dropped the ap­peal and paid. They even­tu­ally ad­mit­ted they “went too far.”

And right now, Microsoft is about to force 240 mil­lion PCs into the land­fill. Windows 10 hit end of life on October 14, 2025, and Windows 11 re­quires TPM 2.0, spe­cific CPU gen­er­a­tions, UEFI Secure Boot, hard­ware re­quire­ments that ex­cluded roughly 20% of all PCs world­wide. Perfectly func­tional ma­chines, ren­dered “obsolete” by ar­bi­trary soft­ware re­stric­tions. If you want to keep get­ting se­cu­rity patches on Windows 10, Microsoft will charge you $30 per year, pay­ing for patches to an op­er­at­ing sys­tem you al­ready bought a li­cense for. Enterprise cus­tomers pay $61 per de­vice for Year 1, $122 for Year 2, and $244 for Year 3, with the price dou­bling each year.

Edge is its own dis­as­ter. Mozilla com­mis­sioned an in­de­pen­dent re­port ti­tled “Over the Edge” that doc­u­mented spe­cific dark pat­terns in­clud­ing con­firmsham­ing (pop-ups im­ply­ing you’re “shopping in a dumb way” if you don’t use Edge), dis­guised ads in­jected into Google.com and the Chrome Web Store, and de­fault browser set­tings that hi­jack back to Edge with­out no­ti­fi­ca­tion. Certain Windows web links still force-open in Edge re­gard­less of your de­fault browser set­ting. Despite all this ma­nip­u­la­tion, Edge holds just 5.35% global mar­ket share. Even with the full weight of an op­er­at­ing sys­tem mo­nop­oly forc­ing their browser on peo­ple, al­most no­body chooses to use it.

And the teleme­try ques­tion. On Windows 11 Home and Pro, you can­not fully dis­able teleme­try. Setting `AllowTelemetry` to 0 in the reg­istry on non-En­ter­prise edi­tions gets silently over­rid­den back to 1. Only Enterprise and Education edi­tions can ac­tu­ally turn it off. The op­er­at­ing sys­tem you paid for re­ports data about you to Microsoft, and the set­ting to stop it is a lie on con­sumer edi­tions. Also not in the fix plan.

I haven’t even men­tioned the EU fin­ing Microsoft over 2.2 bil­lion eu­ros across mul­ti­ple an­titrust rul­ings, in­clud­ing 561 mil­lion eu­ros specif­i­cally for break­ing a browser bal­lot promise, a Windows 7 up­date silently re­moved the choice screen for 14 months, af­fect­ing 15 mil­lion users, and it was the first time the EU fined a com­pany for vi­o­lat­ing a “commitment de­ci­sion.” Or the _NSAKEY con­tro­versy from 1999 where a sec­ond crypto key la­beled lit­er­ally `_NSAKEY` was found em­bed­ded in Windows NT. Or the time in August 2024 when a Microsoft up­date bricked Linux dual-boot sys­tems across Ubuntu, Mint, and other dis­tros, and it took 9 months to fully fix.

Ok so here’s the table that tells the whole story:

The bot­tom four rows are the ones that mat­ter. The pri­vacy-hos­tile changes, the forced Microsoft ac­counts, the teleme­try that lies about be­ing dis­abled, OneDrive hi­jack­ing your files, the pre-in­stalled garbage, none of that is part of the fix plan. Microsoft’s “swarming” ef­fort tar­gets the most vis­i­ble UI an­noy­ances, the ones that gen­er­ate bad head­lines. Data col­lec­tion, ven­dor lock-in, forced ac­counts, those stay be­cause those are the rev­enue model.

Microsoft spent four years de­lib­er­ately de­grad­ing an op­er­at­ing sys­tem that peo­ple paid $139 or more for, and now they’re an­nounc­ing the re­moval of their own dam­age as if it’s a gift. The “fix” is them tak­ing their foot off your neck and ex­pect­ing ap­plause. The ads should have never been there, the Copilot but­tons should have never been forced, and the taskbar should have never been crip­pled in the first place. And the things they’re choos­ing to keep, the teleme­try, the forced ac­counts, the data har­vest­ing, those are the real prod­uct, be­cause at this point, you are.

For var­i­ous rea­sons, I have de­cided to move as many ser­vices and sub­scrip­tions as pos­si­ble from non-EU coun­tries to the EU or to switch to European ser­vice providers. The rea­sons for this are the cur­rent global po­lit­i­cal sit­u­a­tion and im­proved data pro­tec­tion. I don’t want to go into the first point any fur­ther for var­i­ous rea­sons, but the sec­ond point should be im­me­di­ately ob­vi­ous, since the EU cur­rently has the most user-friendly laws when it comes to data pro­tec­tion. Below, I will list both the old and new ser­vice providers; this is not an ad­ver­tise­ment, but sim­ply the re­sult of my re­search, which was aimed at achiev­ing the same or bet­ter qual­ity at af­ford­able prices.

I would call this post an in­terim re­port, and I will ex­pand on it if I end up mi­grat­ing more ser­vices.

In my opin­ion, Fastmail is one of the best email providers. In all the years I’ve had my email ac­counts there, I’ve never had any prob­lems. I paid 10 eu­ros a month for two ac­counts, could use an un­lim­ited num­ber of my own do­mains, and could not only set up catch-all ad­dresses but also send emails from any email ad­dress I wanted. This is im­por­tant for my email setup. The cal­en­dar is also solid and was used within the fam­ily. All of this was also avail­able in a well-de­signed Android app. Finding a European al­ter­na­tive that of­fers all of this proved dif­fi­cult. First, I tried mail­box.org, which I can gen­er­ally rec­om­mend with­out reser­va­tion. Unfortunately, you can’t send emails from any ad­dress on your own do­main with­out a workaround, so the search con­tin­ued. Eventually, I landed on Uberspace. This “pay what you want” provider of­fers a shell ac­count, web host­ing, email host­ing, and more at fair prices. In ad­di­tion, you can use as many of your own do­mains as you like for both web and email, and send emails from any sender ad­dress. There is­n’t a ded­i­cated app, which is why I now use Thunderbird for Android and am very sat­is­fied with it.

Uberspace does­n’t of­fer a built-in cal­en­dar so­lu­tion. So I tried in­stalling var­i­ous CalDAV servers, but none of them re­ally con­vinced me. In the end, I sim­ply in­stalled NextCloud on my Uberspace Asteroid, which has CalDAV and CardDAV built in. On my desk­top, I use Thunderbird as a client; on Android, I use DAVx5 and Fossil Calendar. It works great, even if NextCloud does come with some over­head. In re­turn, I can now eas­ily share files with oth­ers and, in the­ory, also use NextCloud’s on­line of­fice func­tion­al­ity.

Now that I’m al­ready us­ing Uberspace for my email and cal­en­dar, I was able to host this web­site there as well. I pre­vi­ously had a VPS with Hetzner for this pur­pose, which I no longer need. The only mi­nor hur­dle was that I use SSI on this site to man­age the header cen­trally. I had pre­vi­ously used Nginx, but Uberspace hosts on Apache, where the SSI im­ple­men­ta­tion is han­dled slightly dif­fer­ently. However, adapt­ing my HTML code was quite sim­ple, so I was able to quickly mi­grate the site to Uberspace.

For a long time, I was a sat­is­fied Namecheap cus­tomer. They of­fer good prices, a wide se­lec­tion of avail­able do­mains, their DNS man­age­ment has every­thing you need, and their sup­port team has helped me quickly on sev­eral oc­ca­sions. But now it was time to look for a com­pa­ra­ble provider in the EU. In the end, I set­tled on host­ing.de. Some of the rea­sons were the prices, re­views, the lo­ca­tion in Germany, and the avail­abil­ity of .is do­mains. So far, every­thing has been run­ning smoothly; sup­port helped me quickly and com­pe­tently with one is­sue; and while prices for non-Ger­man do­mains are slightly higher, they’re still within an ac­cept­able range.

At some point, pretty much every­one had their code on GitHub (or still does). I was no ex­cep­tion, though I had also hosted my own Gitea in­stance. Eventually, I got tired of that too and mi­grated all my Git repos­i­to­ries to code­berg.org. Codeberg is a German-based non­profit or­ga­ni­za­tion, and it’s hard to imag­ine go­ing wrong with this choice.

No changes here. I’ve al­ways been a happy Mullvad cus­tomer. For 5 eu­ros a month, I pay a Swedish com­pany that has proven it does­n’t log any data and does­n’t even re­quire me to cre­ate an ac­count. No sub­scrip­tion traps, no weird Black Friday deals, no dis­counts: just 5 eu­ros a month for a re­li­able, trust­wor­thy ser­vice.

For many years, I used my work smart­phone for per­sonal use as well. I was more than sat­is­fied with the Pixel 6, but un­der­stand­ably, I was­n’t al­lowed to in­stall a cus­tom ROM or use al­ter­na­tive app stores like F-Droid. That’s why I de­cided to buy a sep­a­rate per­sonal smart­phone. I chose the Pixel 9a, which is sup­ported by Graphene OS. I still in­stalled the Google Play Store so I could in­stall a sig­nif­i­cant num­ber of apps that are only avail­able there. However, I can now use al­ter­na­tive app stores, which al­lows me to in­stall and use apps like NewPipe. This way, I can en­joy YouTube ad-free and with­out an ac­count.

For ca­sual use on the couch, a Chromebook has been un­beat­able for me so far. It’s af­ford­able, the bat­tery lasts for­ever, and it wakes up from sleep mode ex­tremely quickly. To break away from Google here as well, I re­cently bought a cheap used 11-inch MacBook Air (A1465) to in­stall MX Linux with Fluxbox on it and use it for brows­ing and watch­ing videos. I haven’t had a chance to test it out yet, but I’m hop­ing it will be able to re­place the Chromebook.

Age ver­i­fi­ca­tion is no longer a nar­row mech­a­nism for a few adult web­sites. Across Europe, the USA, the UK, Australia, and else­where, it is ex­pand­ing into so­cial me­dia, mes­sag­ing, gam­ing, search, and other main­stream ser­vices.

The com­mon fram­ing says these sys­tems ex­ist to pro­tect chil­dren. That con­cern is real. Children are ex­posed to harm­ful con­tent, ma­nip­u­la­tive rec­om­men­da­tion sys­tems, preda­tory be­hav­ior, and com­pul­sive plat­form de­sign. Even adults are ma­nip­u­lated, quite suc­ces­fully, with tech­niques that can in­flu­ence na­tional elec­tions.

But from a tech­ni­cal and po­lit­i­cal point of view, age ver­i­fi­ca­tion is not just a child-safety fea­ture. It is an ac­cess con­trol ar­chi­tec­ture. It changes the de­fault con­di­tion of the net­work from open ac­cess to per­mis­sioned ac­cess. Instead of re­ceiv­ing con­tent un­less some­thing is blocked, users in­creas­ingly have to prove some­thing about them­selves be­fore a ser­vice is al­lowed to re­spond.

That shift be­comes clearer when age as­sur­ance moves down into the op­er­at­ing sys­tem. In some US pro­pos­als, the model is no longer a one-off check at a web­site. It be­comes a per­sis­tent age-sta­tus layer main­tained by the OS and ex­posed to ap­pli­ca­tions through a sys­tem-level in­ter­face. At that point, age ver­i­fi­ca­tion stops look­ing like a lim­ited safe­guard and starts look­ing like a gen­eral iden­tity layer for the whole de­vice.

This is no longer only a pro­pri­etary-plat­form story ei­ther. Even the Linux desk­top stack is be­gin­ning to ab­sorb this pres­sure. sys­temd has re­port­edly added an op­tional birth­Date field to userdb in re­sponse to age-as­sur­ance laws. Regulation is be­gin­ning to shape the data model of per­sonal com­put­ing, so that higher-level com­po­nents can build age-aware be­hav­ior on top.

Content mod­er­a­tion is about clas­si­fi­ca­tion and fil­ter­ing. It asks whether some con­tent should be blocked, la­beled, de­layed, or han­dled dif­fer­ently. Guardianship is some­thing else. It is the con­tex­tual re­spon­si­bil­ity of par­ents, teach­ers, schools, and other trusted adults to de­cide what is ap­pro­pri­ate for a child, when ex­cep­tions make sense, and how su­per­vi­sion should evolve over time. Moderation is partly tech­ni­cal. Guardianship is re­la­tional, lo­cal, and sit­u­ated in spe­cific con­texts.

I am also a par­ent. I un­der­stand the fear be­hind these pro­pos­als be­cause I live with it too. Children do face real on­line risks. But rec­og­niz­ing that does not oblige us to ac­cept any so­lu­tion placed in front of us, least of all one that weak­ens pri­vacy for every­one while shift­ing re­spon­si­bil­ity away from fam­i­lies, schools, and the peo­ple who ac­tu­ally have to guide chil­dren through dig­i­tal life.

Age-verification laws col­lapse these two ques­tions into one cen­tral­ized an­swer. The re­sult is pre­dictable. A plat­form, browser ven­dor, app store, op­er­at­ing-sys­tem provider, or iden­tity in­ter­me­di­ary is asked to en­force what is pre­sented as a child-pro­tec­tion pol­icy, even though no cen­tral­ized ac­tor can re­place the judg­ment of a par­ent, a school, or a lo­cal com­mu­nity.

It also fails on its own terms. The by­passes are ob­vi­ous: VPNs, bor­rowed ac­counts, pur­chased cre­den­tials, fake cre­den­tials, and tricks against age-es­ti­ma­tion sys­tems. A con­trol that is easy to evade but ex­pen­sive to im­pose is not a se­ri­ous com­pro­mise: it is an er­ror or, one may say, a cor­po­rate data-grab.

The price is high and paid by every­one. More iden­tity checks. More meta­data. More log­ging. More ven­dors in the mid­dle. More fric­tion for peo­ple who lack the right de­vice, the right pa­pers, or the right dig­i­tal skills. This is not a mi­nor safety fea­ture. It is a new con­trol layer for the net­work.

And once that layer ex­ists, it rarely stays con­fined to age. Infrastructure built for one at­tribute is eas­ily reused for oth­ers: lo­ca­tion, cit­i­zen­ship, le­gal sta­tus, plat­form pol­icy, or what­ever the next panic de­mands. This is how a lim­ited check be­comes a gen­eral gate.

Keep guardian­ship where it be­longs: with par­ents, teach­ers, schools, and com­mu­ni­ties that can make con­tex­tual de­ci­sions, au­tho­rize ex­cep­tions, and ad­just over time.

The op­er­at­ing sys­tem can help here, but only as a lo­cal pol­icy sur­face un­der the con­trol of users and guardians. It should not be­come a uni­ver­sal age-broad­cast­ing layer for apps and re­mote ser­vices. That is the ar­chi­tec­tural line that mat­ters.

Most of the harms in­voked in this de­bate do not come from the mere ex­is­tence of con­tent on­line. They come from rec­om­men­da­tion sys­tems, dark pat­terns, ad­dic­tive met­rics, and busi­ness mod­els that re­ward am­pli­fi­ca­tion with­out re­spon­si­bil­ity. If the goal is to pro­tect mi­nors, that is where reg­u­la­tion should bite.

If we are se­ri­ous about re­duc­ing harm, we should stop ask­ing how to iden­tify every­one and start ask­ing how to strengthen lo­cal con­trol with­out turn­ing the net­work into a check­point.

It is en­cour­ag­ing to see this ar­ti­cle cir­cu­lat­ing widely, as it may con­tribute to a shift in how pol­i­cy­mak­ers ap­proach the is­sue. Given its grow­ing vis­i­bil­ity, I will keep a con­cise record here of the se­quence of its cov­er­age across me­dia out­lets, as well pi­lot im­ple­men­ta­tions across the world.

My first ac­count on the prob­lem emerged from a di­a­logue with Brave’s de­vel­oper Kyle den Hartog at a cypher­punk re­treat in Berlin. It was right af­ter fa­cil­i­tat­ing the dig­i­tal iden­tity track of the event that I pub­lished a rather tech­ni­cal piece on the topic.

Later, as age ver­i­fi­ca­tion mea­sures be­gan to take hold, and in align­ment with our com­mu­nity fa­cil­i­ta­tors at the Dyne.org foun­da­tion, we de­cided to dis­con­tinue Discord as a chan­nel for par­tic­i­pa­tion, as the plat­form moved to im­pose age ver­i­fi­ca­tion.

Then the sys­temd dis­pute un­folded, and I found my­self, as founder of the pro­ject, as the first dis­tro main­tainer stat­ing that we would not im­ple­ment age ver­i­fi­ca­tion in Devuan GNU/Linux, a Debian fork with­out sys­temd that has, since 2016, shown fewer bugs and se­cu­rity ad­vi­sories. The tech jour­nal­ist Lunduke picked it up im­me­di­ately, set­ting off a wave of sim­i­lar de­c­la­ra­tions across the dis­tri­b­u­tion main­tainer com­mu­nity.

That was the mo­ment I re­alised the need to set out, in clear terms, the rea­sons be­hind this choice, and the grounds for a form of con­sci­en­tious ob­jec­tion should such laws ever be en­forced on our pro­jects at Dyne.org. I then wrote a piece for Wired Italy, in Italian, my mother tongue, which is due to be pub­lished by the mag­a­zine in the com­ing days (link TBD).

While await­ing pub­li­ca­tion in Wired, I trans­lated the ar­ti­cle and pub­lished it here, in English, through our think and do tank. The piece you have just read quickly reached the front page of Hacker News, draw­ing nearly 400 com­ments from con­cerned read­ers and tech­ni­cal ex­perts, a valu­able body of ma­te­r­ial to build on.

As the dis­cus­sion gains mo­men­tum, I am en­gag­ing with col­leagues at the City of Lugano and the Plan₿ Foundation, where I have re­cently taken on the role of Scientific Director. The pro­posal is to move from analy­sis to ac­tion by es­tab­lish­ing a city-wide pi­lot that ex­plores tech­nolo­gies for lo­cally man­aged guardian­ship, of­fer­ing a con­struc­tive ex­am­ple for Switzerland.

We are ap­proach­ing this with con­fi­dence and prepar­ing for a roll­out for Lugano within the next two years. At the same time, within the Swiss Confederation there are signs of a more grounded di­rec­tion, as re­flected in “The Internet Initiative” plac­ing re­spon­si­bil­ity on Big Tech and bring­ing to­gether rep­re­sen­ta­tives from all ma­jor Swiss po­lit­i­cal par­ties.

My next steps in­clude reach­ing out to con­tacts in Europe to help broaden the dis­cus­sion and con­tribute to a more bal­anced pub­lic de­bate, in the face of sus­tained pres­sure from cor­po­rate lob­bies ad­vanc­ing data-ex­trac­tive mea­sures.

And you can play a mean­ing­ful role as well: en­gage with the is­sue, bring your tech­ni­cal and po­lit­i­cal un­der­stand­ing to it, and help sus­tain at­ten­tion so that those who make up the in­ter­net are not ex­cluded from de­ci­sions that af­fect it. I hope this ma­te­r­ial and the rea­son­ing be­hind it can be use­ful in that di­rec­tion. Do let us at Dyne.org know if we can as­sist in mak­ing vis­i­ble suc­cess­ful lo­cal pi­lots that im­ple­ment child pro­tec­tion in a sound and pro­por­tion­ate way.

If you like to read fur­ther, I’ve writ­ten more about the prob­lems of European Digital Identity im­ple­men­ta­tion plans and ar­chi­tec­ture.

I’ve been work­ing on pri­vacy and iden­tity tech­nol­ogy for over a decade, pri­mar­ily in pro­jects funded by the European Commission.

Among my ef­forts are de­code­pro­ject.eu and re­flow­pro­ject.eu, var­i­ous aca­d­e­mic pa­pers, in­clud­ing SD-BLS, re­cently pub­lished by IEEE. Additionally, with our team at The Forkbomb Company we’ve de­vel­oped dig­i­tal iden­tity prod­ucts as DID­ROOM.com and CRED­IMI.io.

There’s not much worth quot­ing in this PC Gamer ar­ti­cle but I do want to draw your at­ten­tion to three things.

First, what you see when you nav­i­gate to the page: a no­ti­fi­ca­tion popup, a newslet­ter popup that ob­scures the ar­ti­cle, and a dimmed back­ground with at least five vis­i­ble ads.

Second, once you get passed the wel­come mat: yes, five ads, a ti­tle and a sub­ti­tle.

Third, this is a whop­ping 37MB web­page on ini­tial load. But that’s not the worst part. In the five min­utes since I started writ­ing this post the web­site has down­loaded al­most half a gi­ga­byte of new ads.

We’re lucky to have so many good RSS read­ers that cut through this non­sense. 1

Trees take quite a while to grow. If some­one 50 years ago planted a row of oaks or a chest­nut tree on your plot of land, you have some­thing that no amount of money or ef­fort can repli­cate. The only way is to wait. Tree-lined roads, old gar­dens, houses shel­tered by decades of canopy: if you want to start fresh on an empty plot, you will not be able to get that.

Because some things just take time.

We know this in­tu­itively. We pay pre­mi­ums for Swiss watches, Hermès bags and old prop­er­ties pre­cisely be­cause of the time em­bed­ded in them. Either be­cause of the time it took to build them or be­cause of their age. We re­quire age min­i­mums for dri­ving, vot­ing, and drink­ing be­cause we be­lieve ma­tu­rity only comes through lived ex­pe­ri­ence.

Yet right now we also live in a time of in­stant grat­i­fi­ca­tion, and it’s en­ter­ing how we build soft­ware and com­pa­nies. As much as we can speed up code gen­er­a­tion, the real defin­ing el­e­ment of a suc­cess­ful com­pany or an Open Source pro­ject will con­tinue to be tenac­ity. The abil­ity of lead­er­ship or the main­tain­ers to stick to a prob­lem for years, to build re­la­tion­ships, to work through chal­lenges fun­da­men­tally de­fined by hu­man life­times.

The cur­rent gen­er­a­tion of startup founders and pro­gram­mers is ob­sessed with speed. Fast it­er­a­tion, rapid de­ploy­ment, do­ing every­thing as quickly as pos­si­ble. For many things, that’s fine. You can go fast, leave some qual­ity on the table, and learn some­thing along the way.

But there are things where speed is ac­tively harm­ful, where the fric­tion ex­ists for a rea­son. Compliance is one of those cases. There’s a strong de­sire to elim­i­nate every­thing that processes like SOC2 re­quire, and an en­tire in­dus­try of turnkey so­lu­tions has sprung up to help —

Delve just be­ing one ex­am­ple, there are more.

There’s a feel­ing that all the things that cre­ate fric­tion in your life should be au­to­mated away. That hu­man in­volve­ment should be re­placed by AI-based de­ci­sion-mak­ing. Because it is the fric­tion of the process that is the prob­lem. When in fact many times the fric­tion, or that things just take time, is pre­cisely the point.

There’s a rea­son we have cool­ing-off pe­ri­ods for some im­por­tant de­ci­sions in one’s life. We rec­og­nize that peo­ple need time to think about what they’re do­ing, and that do­ing some­thing right once does­n’t mean much be­cause you need to be able to do it over a longer pe­riod of time.

AI writes code fast which is­n’t news any­more. What’s in­ter­est­ing is that we’re push­ing this force down­stream: we seem­ingly have this de­sire to ship faster than ever, to run more ex­per­i­ments and that cre­ates a new de­sire, one to re­move all the re­main­ing fric­tion of re­views, de­sign­ing and con­fig­ur­ing in­fra­struc­ture, any­thing that slows the pipeline. If the ma­chines are so great, why do we even need check­lists or per­mis­sion sys­tems? Express de­sire, en­joy re­sult.

Because we now be­lieve it is im­por­tant for us to just do every­thing faster. But in­creas­ingly, I also feel like this means that the shelf life of much of the soft­ware be­ing cre­ated to­day — soft­ware that peo­ple and busi­nesses should de­pend on — can be mea­sured only in months rather than decades, and the re­la­tion­ships along­side.

In one of last year’s ear­lier YC batches, there was al­ready a hand­ful that just dis­ap­peared with­out even say­ing what they learned or say­ing good­bye to their cus­tomers. They just shut down their pub­lic pres­ence and moved on to other things. And to me, that is not a sign of healthy it­er­a­tion. That is a sign of break­ing the ba­sic trust you need to build a re­la­tion­ship with cus­tomers. A proper shut­down takes time and ef­fort, and our cur­rent en­vi­ron­ment treats that as time not wisely spent. Better to just move on to the next thing.

This is ex­tend­ing to Open Source pro­jects as well. All of a sud­den, every­thing is an Open Source pro­ject, but many of them only have com­mits for a week or so, and then they go away be­cause the mo­ti­va­tion of the cre­ator al­ready waned. And in the name of ex­per­i­men­ta­tion, that is all good and well, but what makes a good Open Source pro­ject is that you think and truly be­lieve that the per­son that cre­ated it is ei­ther go­ing to stick with it for a very long pe­riod of time, or they are able to set up a strat­egy for suc­ces­sion, or they have cre­ated enough of a com­mu­nity that these pro­jects will stand the test of time in one form or an­other.

Relatedly, I’m also in­creas­ingly skep­ti­cal of any­one who sells me some­thing that sup­pos­edly saves my time. When all that I see is that every­body who is like me, fully on­boarded into AI and agen­tic tools, seem­ingly has less and less time avail­able be­cause we fall into a trap where we’re im­me­di­ately fill­ing it with more things.

We all sell each other the idea that we’re go­ing to save time, but that is not what’s hap­pen­ing. Any time saved gets im­me­di­ately cap­tured by com­pe­ti­tion. Someone who ac­tu­ally takes a breath is out­ma­neu­vered by some­one who fills every freed-up hour with new out­put. There is no easy way to bank the time and it just dis­ap­pears.

I feel this acutely. I’m very close to the red-hot cen­ter of where eco­nomic ac­tiv­ity around AI is tak­ing place, and more than any­thing, I have less and less time, even when I try to pur­pose­fully scale back and cre­ate the space. For me this is a prob­lem. It’s a prob­lem be­cause even with the best in­ten­tions, I ac­tu­ally find it very hard to cre­ate qual­ity when we are quickly com­modi­tiz­ing soft­ware, and the ma­chines make it so ap­peal­ing.

I keep com­ing back to the trees. I’ve been main­tain­ing Open Source pro­jects for close to two decades now. The last startup I worked on, I spent 10 years at. That’s not be­cause I’m par­tic­u­larly dis­ci­plined or vir­tu­ous. It’s be­cause I or some­one else, planted some­thing, and then I kept show­ing up, and even­tu­ally the thing had roots that went deeper than my en­thu­si­asm on any given day. That’s what time does! It turns some idea or plan into a com­mit­ment and a com­mit­ment into some­thing that can shel­ter and grow other peo­ple.

Nobody is go­ing to mass-pro­duce a 50-year-old oak. And no­body is go­ing to con­jure trust, or qual­ity, or com­mu­nity out of a week­end sprint. The things I value most — the pro­jects, the re­la­tion­ships, the com­mu­ni­ties — are all things that took years to be­come what they are. No tool, no mat­ter how fast, was go­ing to get them there sooner.

We re­cently planted a new tree with Colin. I want it to grow into a large one. I know that’s go­ing to take time, and I’m not in a rush.