Shellsharks Blogroll - BlogFlock

AMA: Can One Setup Their Digital Life to Be Subscription Free? - Kev Quirk

2026-04-04T13:18:00.000Z

Sanjay asked me in a comment on my AMA post:

Dear Kev,

I am a fellow reader of multiple blogs of yours and others. But somehow I have been searching for any article where any one can setup of his entire digital life using subscription free model.

I am not talking about to get everything FREE and become a PRODUCT. If you think you can setup everything using opensource then how would you setup all of your essentials. You can write a post anytime when you have a time.

For example.

Free domain based email via MX Routing
Hosting on Github or Cloudflare Pages
RSS feed
CDN
Database
Note App
Reminder
Music
OS - most important using Linux
Document, Spreadsheet, Presentation
Video Editing

And so on.. There may be many more things. I always think what would happen to my subscriptions if I will no more or I will have some issue or financial constraint. Will the subscription be a burden to my family when I will not be there. Or any of my important services will stop working for not paying suddenly?

Currently I am not paying any subscription for any of my services as I have reduced as minimum services I can opt.

Regards,
Sanjay

I think the short answer to your question, Sanjay, is mostly yes. But I'd advise against it for some things*.

The easy things

Some of the items on your list are really easy to get without a subscription, for example:

RSS feed reader - there are many feed readers you can install locally for free. Vivaldi has one built right into their browser, for example. Or you could self-host something like FreshRSS, or Miniflux.
Notes app - my recommendation here would be Obsidian. I personally sync via WebDAV to my server at home. If you don't have the ability to do that, most operating systems have a note taking app pre-installed.
Reminders - you can use the calendar app on your device, or on mobile, the built-in reminders/to-do apps.
Document editing - LibreOffice is great, as is Only Office if you want something more modern looking.
Operating system - Ubuntu for the win. It's what I use.
Video editing - Kdenlive is available for all major operating systems, and works really well.

The not-so-easy things

Unfortunately, some things on your list are either going to cost you money, privacy, or time somewhere along the line.

Email with a custom domain

Domains cost money. I know some don't but they tend to be very spammy and have poor email delivery as a result. Also, any email service worth their salt will require you to pay. If not, they're probably sniffing your mail.

You could self-host your email at home, but there's then a cost associated with the hardware to host the mail server, or your time administering the system. Email is notoriously difficult for self-hosters too.

Website hosting (GitHub or Cloudflare)

As with most things that are free on the web, if it's free, you're probably the product. And that's true with both GitHub and Cloudflare, in my opinion.

You can host a site for free on either service, but you would either need to buy a domain, or be happy using one of their free sub-domains. There's also the technical debt required to create the static sites that these services support. So there's a time cost.

Again, you can host at home, but there's the same hardware or time costs that are associated with self-hosting email.

CDN & Databases

Like email hosting, any service worth their salt is going to charge. Some may have initial tiers that are free, but I doubt they will be very generous. I personally use Bunny for my CDN needs. They're reasonably priced and have a pay-as-you-go model, so no subscription involved. Obviously you can't host a CDN at home, as that would defeat the object of the whole thing.

For databases; same story as above. You can host at home, but there's a hardware/time cost associated, or you can pay for a reputable host to do it for you.

Music

I think this one is easy. Your options are threefold:

A self-hosted media library that will consist of:
- Ripped music from a physical collection.
- Buying digital music from services like Bandcamp where you actually own the music, but this can get expensive.
- Pirated music 🏴‍☠️.
A free account on a streaming service like Spotify, but it will be riddled with ads.
A paid subscription to a streaming service.

Final thoughts

I think these decisions ultimately come down to personal preference, and a compromise in one of three things - cost, time, or privacy.

A service can be free and private, but it will be time consuming to manage.
It can be quick to get started (hosted) and private, but it won't be free.
It can be quick to get started (hosted) and free, but it won't respect your privacy.

There's always a trade off with this stuff. It just boils down to what you're willing to trade off, personally.

Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️

You can reply to this post by email, or leave a comment.

The AI writing witchhunt is pointless. - Westenberg

2026-04-04T12:01:37.000Z

Alexandre Dumas ran what was essentially a content production house in 19th century Paris. His most famous collaborator was Auguste Maquet, who wrote substantial portions of The Three Musketeers and The Count of Monte Cristo. Maquet would produce drafts and outlines, and Dumas would rewrite and polish them, but the books went out under Dumas's name alone. Maquet eventually sued him over it in 1858 - and won a financial settlement - but the court ruled Dumas was the sole author.

At the peak of his Factory, Dumas had something like 73 collaborators working with him at various points. A contemporary writer named Eugène de Mirecourt published a pamphlet in 1845 called Fabrique de Romans: Maison Alexandre Dumas et Cie ("Novel Factory: The House of Alexandre Dumas and Company") accusing him of running a ghostwriting sweatshop. Dumas sued for libel and won, but nobody really disputed the underlying facts.

Dumas published around 100,000 pages in his lifetime.

Even his defenders admitted he couldn't have written all of it alone.

Put a pin in that, we'll come back to it later...

In November 2025, Hachette published a horror novel called Shy Girl by Mia Ballard. It is, decidedly, not my cup of tea. But, it had sold about 1,800 copies in the UK, and it had almost 5,000 ratings on Goodreads, averaging 3.51 stars. It was an ordinary debut, with a built-in fanbase.

And then the internet decided it was written by AI, and the world began a witchhunt.

A Reddit thread blew up, followed by a YouTube video titled "I'm pretty sure this book is ai slop" pulling in 1.2 million views. Goodreads reviewers started dissecting individual sentences like forensic linguists with a grudge, and by early 2026, Hachette had pulled the book from shelves, cancelled the US release, and scrubbed it from Amazon.

Ballard says she didn't use AI herself.

She says an acquaintance she'd hired to work on an earlier self-published version had incorporated AI tools without her knowledge.

"This controversy has changed my life in many ways and my mental health is at an all time low and my name is ruined for something I didn't even personally do," she wrote to the New York Times.

And I'll stand up right now and say - fuck it.

Maybe she's telling the truth.

Or, maybe she isn't.

I don't actually give a shit, because I don't actually know, and neither do you actually know, and neither do the thousands of people who participated in destroying her career.

We just. Don't. Know.

What I do know boils down to pretty much this: the tools // methods people used to reach their verdict are fucking garbage. The culture that's grown up around AI detection is poisonous, and I refuse to have anything to do with it.

AI detection tools are unreliable.

It's been shown over and over.

OpenAI launched its own AI text classifier in January 2023, and by July 2023, they'd shut it down because it correctly identified AI-written text only 26% of the time - worse, if I may point out, than a coin toss...

GPTZero, Turnitin's AI detection feature, Originality.ai, Pangram etc: the whole cottage industry that's sprung up here shares the same limitation. They're pattern matchers trained on statistical likelihoods, flagging text that looks like it could have come from a language model, and the problem is, a lot of perfectly human writing also looks like it could have come from a language model, because language models were trained on human writing, and even the AI-based AI detection tools are just playing an eternal // infernal game of whackamole with this model and that moel and the next model.

Snake, meet tail.

You're going to get along swimmingly.

Researchers at Stanford found in 2023 that AI detectors disproportionately flagged writing by non-native English speakers as AI-generated, based on simpler sentence structures, based on fewer idioms, based on predictable word choices, based on all the things a person writing in their second or third language might produce.

All the things a detector reads as "probably a robot."

The same thing happens to neurodivergent writers.

Autistic writers.

Such as myself...

The tools are biased and inaccurate, they spit out false positives at rates that should make anyone uncomfortable using them as evidence of anything, and yet people treat the output like a blood test that came back positive, forgetting apparently that blood tests are retested and retested because no one test is entirely accurate.

But most of the people who went after Shy Girl weren't even using formal detection tools; they were reading passages and going: "This sounds like ChatGPT to me" - and maybe it did, and maybe it was, but a gut feeling seems like an awfully precarious thing over which to fuck an entire career.

Just because someone on Reddit reads a sentence that feels generic, or a metaphor that lands a little flat, they (increasingly) conclude with absolute certainty that a machine wrote it, as if mediocre prose is a new invention, as if bad writing didn't exist before November 2022. And may God forgive us if we condemn each other to permanent damnation for producing shitty prose; sans the production of shitty prose, no writer has ever grown one jot.

I've been writing professionally for years, and I've read thousands of self-published and traditionally published books and a huge percentage of them contain clunky sentences, and overused phrases, and cliché metaphors, and prose that reads like it was assembled by so many monkeys with so many MacBooks. But that, dear reader is writing. Most writing is ok. Functional at best. Some writing is good enough to create // destroy empires and so on, and that was true in 2005 and it was true in every moment of our crummy, bargain-bin history up to the introduction of ChatGPT, and damn it, it's true now.

You can't read a paragraph and reliably, with a human life on the line (because that's the stakes, when you destroy a writer's career and a writer's reputation) tell beyond any reasonable doubt, whether a human or a machine produced it. Humans writing in familiar genres, leaning on conventions and common phrasings, leaning on their own context windows, containing everything from Ian Kershaw to Ursula LeGuin to a smattering of Harry Potter fanfiction from 2005 to a series of brain-rotted TikTok reels are doing the best they can to find the right words and shove them into something resembling the right order. A romance novel that uses "his eyes darkened with desire" isn't necessarily AI-generated, even if it reads like a steaming pile to those of us enlightened enough to call ourselves the Literati. Following genre conventions doth not a fraud make. A horror novel with clunky exposition isn't ChatGPT. It might just be a first-time author who hasn't found their voice yet, and they'll never find their voice if we wave pitchforks and torches at every line we personally dislike.

The big publishers are not the ones who'll get hurt by this, obviously. Hachette pulled Shy Girl and moved on, with a swiftly issued statement about "protecting original creative expression." Back to business, and so it goes.

No, the folks getting hurt are the writers. Not only the ones who are tarred - all of us. Every single God-forsaken one of us. We are all made smaller by the pursuit of unproven and unprovable purity. Whether Ballard used AI or not (and she says she didn't, and naive or not I'm inclined to throw my cynicism to the wind and just take her at face value, and you can mock me if you like), the punishment landed before any verdict was reached, because no verdict can ever be reached. Not beyond a reasonable doubt. Never beyond a reasonable doubt.

She's not going to be the last. This whole setup, where anyone can accuse any writer of using AI based on gut feeling, and broken detection tools get treated as proof and publishers fold at the first hint of controversy because the PR cost outweighs the book's revenue, is going to grind up a lot of people into a fleshy, bloody, bony paste. Most of them will be small-time writers, debut authors, indie-published folks without the platform or the money to fight back.

The motivations of the accusers are more complicated than they'd like to admit.

First - the writers who feel threatened by AI are channeling that fear into vigilante enforcement, and I get the fear. I share it, ~to a point. I think it's clear that AI is flooding the market with cheap content, even if I can't confidently crucify any individual for it. But destroying individual careers on the basis of speculation doesn't fight that problem - it simply gives you someone to punish, and the drive for revenge is, while altogether human, altogether bullshit.

Beyond the slighted writers, you've got the internet sleuths who've found a new game. The same energy that drove Reddit to misidentify the Boston Marathon bomber (remember that?) is now being applied to prose style analysis, with the same overconfidence, and the same total absence of accountability when they get it wrong.

Third - the booktok etc influencers who smell blood (and engagement) in the water. "I dissected this book and found some awkward sentences" doesn't get 1.2 million YouTube views. "This book is AI slop" apparently does.

Finally - the readers who feel betrayed by the idea that something they read might not have been "real." I understand that impulse, too - but the logical endpoint is a world where every writer is suspect, and every flat passage becomes evidence, and the act of reading itself is poisoned by constant suspicion.

What unites all of them is the conviction that they, ~they can tell. That they've developed a sixth sense for machine-generated prose through sheer exposure. Well, they haven't. Nobody has. The researchers who build these models can't reliably tell, and the companies that created the AI can't reliably tell, and I am comfortable concluding that someone with a Goodreads account and strong opinions sure as shit hasn't cracked it either.

Give me a break.

The "human-written" certification badges that have started popping up deserve a closer look, because they reveal how badly this whole discourse has gone off the rails...

The Society of Authors' logo and the Authors Guild's certification both operate on the honor system. You register, you say "I wrote this myself," and you get a sticker on your book. There is no forensic review (wouldn't make a difference), no manuscript audit (to what end?) Nobody's testifying under oath that they watched you type every word.

So what do these badges actually prove? That someone was willing to check a box? A person who used AI and wanted to hide it would check that box too. And a person who didn't use AI but can't afford the registration fee, or doesn't belong to the right trade association, or just didn't know the program existed, doesn't get the badge. The absence of the badge becomes its own accusation.

We've been here before. The "organic" label in food. The "fair trade" stamp on coffee. These things start as consumer protection and end as marketing advantages for folks with the resources to participate, and the writers who need protection the most - debut authors // the self-published, writers without agents or industry connections, are the ones least likely to know about or access these programs.

By creating a "certified human" category, you've implicitly created an "uncertified" category. Every book without the badge now carries a faint question mark, and so the presumption of innocence gets torn to shreds, and nobody has to take responsibility for it, because it happened through a logo, not a law.

I'm not going to use AI detection tools on other people's writing.

Not privately, not publicly, not ever.

I'm not going to participate in crowdsourced investigations of whether someone's novel or essay or blog post was "really" written by a human, and I won't share threads that claim to have found proof, and I won't add my voice to the chorus of outrage. My fingers are better employed typing out my own work than pointing at people I've never met.

The cost of a false accusation is a person's career and their mental health, while the cost of letting an AI-assisted book sit on a shelf is... a book sitting on a shelf. And I find I just do not give a shit. That asymmetry is so extreme I can't wrap my head around how more people aren't troubled by it.

If a publisher wants anti-AI clauses in their contracts, fine. If a literary prize wants attestation that no AI was used, that's their call. Those are agreements between parties who chose to be there and good luck to them. But the mob version of this, where anonymous internet users appoint themselves the AI police armed with broken tools and absolute conviction, is something I want no part of.

Writing has always been messy, and writers have always borrowed, imitated, recycled, and leaned on formulaic structures. Ghost writers exist, and editors sometimes rewrite entire chapters. Collaborative writing has been around for centuries. The line between "authentic" and "assisted" has never been as clean as people are pretending it is right now.

If The Three Musketeers were published today, and someone published the 2026 version of a Pamphlet, what would happen? Would a Reddit thread decide that the prose felt too formulaic? Would a YouTube video rack up a million views dissecting the sentence structure? Would Hachette pull it from shelves?

The answer is: fucking, probably. Because the current system doesn't care about the actual quality of the work, or the process behind it, or the centuries of collaborative tradition that produced some of the best writing we have. It cares about the appearance of purity. It cares about whether a mob can be convinced that something smells wrong.

Dumas is in the literary canon, and his books are assigned in schools.

But the way he made them would get him destroyed on the internet in 2026.

This seems suboptimal, to say the least.

I don't know what the right "policy framework" for AI and publishing looks like. Nobody does. We're probably going to spend years figuring it out and we're probably going to get a lot of it wrong.

But I am 100% sure that I know what the wrong version looks like. It looks like a YouTube video with a smug title and a million views, and a Reddit thread full of folks who've never published anything cosplaying as literary forensic experts, and a debut author's name becoming synonymous with fraud because her prose wasn't polished enough to survive a vibe check run by strangers on the internet.

Mia Ballard sold 1,800 books. She had a 3.51 on Goodreads. She was nobody. Most writers are nobody. The internet ate her alive because it felt good to have a villain.

She won't be the last.

And I still won't be any part of it.

Westenberg is designed, built and funded by my solo-powered agency, Studio Self. Reach out and work with me:

Work with me

Welcome to RSS Club! - Terence Eden’s Blog

2026-04-04T11:34:13.000Z

What if I told you there was a secret social network, hidden in plain sight? If you're reading this message, you're now a member of RSS Club!

RSS Club is a series of posts which are only visible to RSS / Atom subscribers. Like you 😃

If I've done everything right⁰, this page isn't visible on the web. It can't be found by a search engine. It doesn't share to Mastodon or appear syndicated to ActivityPub.

Of course, that also means that I can't receive any comments or feedback about it. I'd love it if you dropped me a note to say you found this post. My contact details are on https://edent.tel/ - feel free to use whichever method you like.

So, what can you expect from this exclusive content? More of the same old nonsense - but probably stuff I don't want to argue about on Social Media.

As a first pass, let's talk about this "Let's write a constitution" post from Matt Ellery. In it, he discusses various fun / sensible things you could do with a written constitution. I particularly like the idea of having a "Prime Number Election".

In my modernist tweak, I'd set up something like this:

Local council elections every 3 years.
National MP elections every 5 years.
Upper chamber elections every 7 years.

That ensures that no one party can dominate. Once every 35 years, the upper chamber elections would be brought forward by one year, with their next term lengthened to 8 years.

I'm less sure about having the locals be at the same time for every council. I think that could be a lot of work for democratic volunteers. Perhaps stagger them into thirds or quarters of the year?

Either way, I doubt we'll be getting a written constitution any time soon!

There is every possibility I have not and am now scrambling to fix things. ↩︎

Saturday morning reading - James' Coffee Blog

2026-04-04T00:00:00.000Z

My warm breath steams up my glasses a little bit. I have my cold pillow resting on my chin. I’m still under the covers. I started my morning with a book, Hot Chocolate on Thursday, a cosy tale that took me to Japan and Sydney all without my leaving my bedroom. I love reading in the mornings, although of late I have been a bit too busy to read so early. Saturday mornings, however, are always there for reading.

The prospect of staying warm under the covers for a while longer was enticing – and the cold of the pillow was comforting, too – but the light of morning encouraged me to get up. I had no bread in the house so I went out for breakfast, another one of those things I haven’t done for a few Saturdays now. Going out to a coffee shop and getting breakfast is one of my favourite things to do. Reading there makes the experience even more special.

I packed my book and set off to go and get some breakfast and coffee.

On my journey I noticed the changes in the trees and the bushes. The winter branches were budding. The green of each bud, collectively, brought new life to the trees and bushes. Spring is here. The same white blossom tree that caught my eye a week or two ago is still in full blossom. I know, soon, too, the tree will be green.

After placing my order at the coffee shop, I sat down and unpacked my book. I have run out of bookmarks and so the inside of the dust jacket serves as my bookmark. Soon I will make my way through all the mangas and books I have started. This morning was my way of making a bit of progress to that end. Decaf flat white for James. I went and got my coffee then settled in with my book.

Moments later, I heard a voice I hadn’t heard for a while. The song on the radio. It took me only a few moments to realise which song it was: Brightside by the Lumineers. I started singing along to myself. I remember when the album came out. I haven’t listened to that song in so long. Just as it had been a while since I had been in a cafe, enjoying a coffee and reading a book that brings me joy.

Update on the eBay Scam - Kev Quirk

2026-04-03T17:54:00.000Z

Last week I wrote about how I thought I was being scammed by someone on eBay. In the post I said the following:

I've asked eBay to step in and help resolve the situation, so we will see what happens. But there's a lot of buyer protection on eBay (and rightly so) but there's very little in the way of seller protection, even though I'm not a business. So I have a feeling they will find in favour of the buyer and I'll be out a few quid.

Well, a few days after publishing that post, I received an automated email from eBay, saying:

I then logged into eBay to check the conversation I'd had with this user via the eBay messenger. At the bottom of the message thread, there was a notice that said:

So it seems that eBay, for whatever reason, deemed the user's account to be problematic enough to warrant a suspension/termination.

What now?

Honestly, I don't know. I haven't had the payment for the watch taken from my account, and eBay haven't requested that I refund the payment. So I assume that I get to keep Ollee watch¹, and the money the potential scammer originally paid.

We message back and forth on WhatsApp, and they haven't messaged me there - if I were in their position and a legit buyer, I'd be seething and would have definitely messaged on WhatsApp. So something tells me this isn't their first rodeo, and the potential loss is just collateral damage.

Does this mean that for once the scammers have lost? We'll see. At this point I think the issue is closed from an eBay perspective, so I'm planning to re-list the Ollee Watch for a much discounted price in the next few. If eBay subsequently request the money be returned to the scammy user, I'll just have to take the hit on that.

If you're based in the UK and interested in this watch, please get in touch using the reply button below.

Albeit now worth way less since it doesn't have the original Casio module, or any of the Ollee packaging. ↩

Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️

You can reply to this post by email, or leave a comment.

Verifying human authorship with human.json - Joel's Log Files

2026-04-03T15:44:11.000Z

I’ve decided to implement the human.json protocol on my website as well.

Basically, this file is a way for websites to vouch for the human authorship of others. It comes with a web extension you can install that will let you know if a site is vouched by another.

I saw a couple of people doing it and decided to jump on the bandwagon, as it is part of what inspired me to write about human websites before.

Some of the people I saw implementing this protocol were Axxuy, Naty and STFN, but I think the post that got me to pull the trigger was Neil’s.

Handling json is not very human friendly, it’s one of the many funny quirks about this protocol, but alas, it’s just a fun thing to do so, whatever.

For now, I simply created a humans.yml file inside my Jekyll’s _data folder, and created a human.json file in my root directory with the following Liquid template:

---
layout: none
permalink: /human.json
---
{
	"version": "0.1.1",
	"url": "{{ site.url }}",
	"vouches": [
		{% for human in site.data.humans %}
		{
			"url": "{{ human.link }}",
			"vouched_at": "{{ human.date }}"
		},
		{% endfor %}
		{
			"url": "https://examplefinalwebsite.com/",
			"vouched_at": "2026-04-03"
		}
	]
}

The humans.yml file simply looks like this:

- link: "https://example.com"
  date: 2026-04-03
- link: "https://example2.com"
  date: 2026-04-03
- link: "https://example3.com"
  date: 2026-04-03

and last but not least, adding a <link> tag in the HTML <head> section:

<link rel="human-json" href="/path/to/human.json">

Of course, having a YAML file that gets turned into a JSON file is not the best thing ever, but it’s easier to edit and modify on the fly, it only gets generated at build time anyway.

Given what this project entails, I’ve been a bit conflicted on what websites would make it to my own list. The obvious ones are easy, but those that are real people who used generated content in one shape or another, even if the rest is human-made are harder to decide for me.

Part of me wants to be kind of gatekeepy and leave out websites just because they use an generated profile pic, or thumbnail here or there, or maybe they have written a couple of articles about using an LLM to generate some code, or whatever.

But well, I’ve decided to just go by feel for those cases that are hard to pinpoint exactly.

Another word can be said about having to do all of this in the first place. That humans are the ones having to prove themselves, instead of websites being clear about using generated content.

In any case, the project seems very fun. It will probably not be a big thing in most websites, but alas, I don’t mind doing this and vouching for other people. I’ll try to keep it updated over time, and be sure to let me know if you find a site I link that isn’t as human anymore.

This is day 45 of #100DaysToOffload.

Reply to this post via email | Reply on Fediverse

Read "The machines are fine. I'm worried about us." - Molly White's activity feed

2026-04-03T12:43:08.000Z

Read:

“The machines are fine. I'm worried about us.”

Minas Karamanis in ergosphere.blog. Published March 30, 2026.

People call this friction "grunt work." Schwartz uses exactly that phrase, and he's right that LLMs can remove it. What he doesn't say, because he already has decades of hard-won intuition and doesn't need the grunt work anymore, is that for someone who doesn't yet have that intuition, the grunt work is the work. The boring parts and the important parts are tangled together in a way that you can't separate in advance. You don't know which afternoon of debugging was the one that taught you something fundamental about your data until three years later, when you're working on a completely different problem and the insight surfaces. Serendipity doesn't come from efficiency. It comes from spending time in the space where the problem lives, getting your hands dirty, making mistakes that nobody asked you to make and learning things nobody assigned you to learn.

Notable links: April 3, 2026 - Werd I/O

2026-04-03T11:58:00.000Z

Most Fridays, I share a handful of pieces that caught my eye at the intersection of technology, media, and society.

Did I miss something important? Send me an email to let me know.

The open web isn't dying. We're killing it

Julien Genestoux is right:

“Why did we keep outsourcing identity, distribution, and monetization to companies whose incentives were obviously misaligned with ours?

[…] It is because, collectively, we preferred the short-term consumer surplus of convenience over the long-term responsibilities of stewardship.”

We can raise the alarm about the demise of the open web all we want, but the truth is that other solutions were quicker and easier — even for many of us that held up the open web banner.

Julien’s proposal is that we should think of ourselves as netizens rather than just consumers. I actually think that this is driving a lot of the innovation in the ATproto ecosystem in particular, but also on the Fediverse. People in those spaces have intentionally moved somewhere new where they can have a credible exit, can export their data cleanly, and can feel like they’re having safer, more productive, less fascistic conversations.

But the money piece isn’t there. The running joke is that the Fediverse hates money — conversations about revenue or capitalism are very often shut down early, and people who try to fundraise are often criticized — but it’s also been an ongoing issue in ATproto land too. If people are going to build good things, they need to be able to eat and pay rent so they can keep doing it. I’d argue that, yes, you do need netizens, and I’m very excited to see a resurgence in this kind of movement across the open social web in particular. We need more netizens, and the more there are, the more likely it is that people will pay for the right kind of services.

I work for a newsroom that people often donate to out of a sense of catharsis — a gratitude that something is being done in a world where they feel powerless. I think there’s something to learn from here too. In the past, I’ve argued that highly ideological tech spaces need more product thinking so that we can more sharply identify valuable solutions to people’s problems, and there’s still truth in that — but I've learned that sometimes the product value is agency in the face of powerlessness rather than a set of features. There may well be value in leaning right in to the anti big tech angle on the open web. What might it look like to put people’s distrust of X, Google, Microsoft, et al front and center, and put a fundraising banner up like Wikipedia does?

I think we can take Julien’s point about netizens and connect it directly to the idea of citizens. People see what’s going on in the world and know that tech companies are intertwined with it. Some of them — not most of them, but a reasonable number — may want to do something about that. Not because they believe in an open web as such, or even know what that is, but because they believe in an open society. Using this kind of messaging would be overtly political in a way that tech is sometimes afraid to be, but we’ve seen similar messaging create interest in funding alternatives to US big tech in Europe, for example (and result in actual funding). I think the interest is there to move away from the tech powers-that-be globally, but engaged citizens don't always know what to concretely do about it. We can bring our message to them.

We need more netizens and citizens both, and we should be talking about this more. Rather than de-emphasizing the ideology of the open web in favor of more proximate product value, which is a thing I’ve sometimes argued for in the past, we should accept that it is a work of engaged citizenry that verges on activism. Embracing that could find us aligned people outside of our existing development circles who might be interested in broadening our impact. I’d like to see us try.

An AI company set out to fix news deserts. Instead, it copied local journalists’ work

Repeat after me: AI cannot write journalism and should never be used in place of a journalist. I believe it can be a very useful tool — but it is a tool for humans.

So this whole initiative was misconceived:

“Artificial intelligence company Nota — whose clients include organizations like The Boston Globe and the Institute for Nonprofit News — is scrapping its network of local news sites after learning that they contained dozens of instances of plagiarism. […] The 11 sites — collectively called Nota News — launched in September as an effort to bring “bilingual local reporting and civic tools to underserved communities.””

The deal here was that the company would identify news deserts: places that were unserved or underserved by real newsrooms. And then it would try to serve those areas with content created by an LLM-based system.

This was inevitably going to plagiarize existing journalism, because what other source could it possibly use? An agentic system can’t do the on-the-ground research and reporting work involved in creating a story. It can gather together data points and turn them into something that looks like news, rather than journalism: sports scores, city council votes, and that kind of thing. But it can’t provide context if someone hasn’t already written it.

As the linked Poynter article points out:

“The articles were supposed to be based on publicly available civic information, such as press releases and videos of city council meetings. In reality, Poynter found more than 70 stories dating back to October that included reporting, writing and photography from local journalists without attribution.”

Someone had already written it: human journalists whose work was subsequently incorporated without attribution. The eleven human editors who used the LLM tools to generate content apparently didn’t realize that this work had been drawn into the mix. Again: that was inevitably going to happen as the stories began to not just say what had happened but explain why.

The AI hype cycle has created a bunch of really regrettable case studies that other organizations should learn from. This is one. There are more like it, where good intentions lead to accidental plagiarism (or hallucinations). There are plenty of stories where organizations have prematurely let people go because they incorrectly think they can replace human initiative with software. And all of them come down to believing a science fiction version of what this technology does instead of the actual reality of it.

That’s understandable: the reality is shifting quickly, and the marketing machine is incredibly strong. But everyone needs to take a breath with AI and get themselves to a more nuanced understanding of what it is — and isn’t.

LinkedIn Is Illegally Searching Your Computer

This is quite a serious accusation:

“Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.”

This is an EU-based site, hence the reference to the location of the cybersecurity firm. The authors are quick to point out that they believe this scanning is illegal in the EU.

The claim is also partially a little bit hyperbolic. “Installed software” makes it sound like LinkedIn is scanning your whole computer. In reality, it’s checking for browser extensions. That’s a fairly common component of modern browser fingerprinting: at this point it’s fairly well-known that, because of the individual mix of extensions, fonts, etc available to a browser, this can be used to track individuals on the web without using cookies.

That’s not to say that it’s not invasive — it clearly is!

Browser extensions can cover a ton of identifying activity: they can reveal a person’s religion, sexuality, interests, political orientation, and so on. The implication is that this is specifically bad here because LinkedIn knows the identity of its logged-in users; as a result, this is information it could use to hydrate profiles of the specific, known individuals who use its site for unknown purposes. It’s a little over the top to call this espionage, as the linked site here does, but it’s an abuse of trust that is certainly worth calling out.

I was mostly interested in how this works; if LinkedIn is doing it, then others surely are too. The answer seems to be a set of JS calls that work in most Chromium-based browsers (Chrome, Edge, Arc, Dia, etc). They’re checking for over six thousand extensions that they know and care about, which all have specific “tells” that a website can check for. And then they check to see if the page has been modified by anything to catch any that weren’t on their list. They also check, cheekily, to see if you have “Do Not Track” switched on, but track you regardless (it’s just another part of the fingerprint to them). Finally, they’re gathering everything from your screen size and CPU type to your battery level.

This all does double duty: the resulting fingerprint is so detailed that they can track you and notice when you’re using a different computer or have changed your settings, but can also be used to profile you for profit.

The quickest solution is to use Firefox, which blocks these kinds of fingerprinting attacks. Zen Browser, which is based on the Firefox core, is my day-to-day browser, and I love it. But Chromium-based browsers need to do more to stop fingerprinting, and jurisdictions like the EU need to ban the practice outright.

What Digital Isolation and Censorship Evasion Look Like In Wartime Iran

I’ve worried that the internet will become a casualty of our worsening global politics. The inherent co-operation needed to let global networks talk to each other is aligned with an open world but not so much with an authoritarian one. Walled-off national internets — often called splinternets — may become more common.

While I worry about this for the US as the authoritarian screws continue to tighten, this is the concrete reality for people in Iran and 20 other countries today. As this piece in Tech Policy Press points out:

“The cybersecurity company Surfshark recorded 81 new internet restrictions in 2025 across 21 countries, pointing to evolving patterns of repression. Out of the 81 restrictions Surfshark tracked, 51 of these restrictive measures were taken in response to political situations.”

News and information needs to be shared differently in this kind of environment: the digital distribution techniques we’ve spent the last few decades learning simply don’t apply. Last year, in Building distributed media for a democratic breakdown, I wrote about how we might learn from Cuba’s ‌El Paquete Semanal and take advantage of both sneakernets and peer-to-peer networks to overcome these kinds of blockades. In a restrictive environment, people need news and journalism more than ever.

I wrote that piece somewhat speculatively, but the reception to it in journalistic circles took me by surprise. It’s an idea and a worry that people are taking seriously. And over the last six months, in a world that has seen more conflict, more restrictions, and more attacks on free speech, there have only been reasons to take it more so.

The Right Is Using AI Content Scanners to Try to Supercharge Book Banning

This AI-powered effort is intentionally designed to create chilling effects and reduce support for vulnerable communities:

“Conservative parents’ advocacy groups have been experimenting with using commercially available artificial intelligence tools to help them flag more books they’ve deemed pornographic to be removed from public schools and libraries. Even though LLMs are notoriously error-prone, and the books in question aren’t pornographic, these groups continue to explore use cases for AI anyway.”

According to 404 Media’s reporting, the script has a list of 300 or so words that form the basis of a heuristic that applies an “appropriateness” score to each one. If the book is deemed inappropriate, the script creates an automated report designed to be attached to book challenges at the school district level.

This reminds me of DOGE itself, which used a keyword-based system to flag “woke” grants that should be defunded that led to some incredibly dumb decisions about what should go:

“Among them, for example, was a $470,000 grant to study the evolution of mint plants and how they spread across continents. As best we can tell, the project ran into trouble with Republicans on the Senate Committee on Commerce, Science and Transportation because of two specific words used in its application to the NSF: “diversify,” referring to the biodiversity of plants, and “female,” where the application noted how the project would support a young female scientist on the research team.”

These techniques are clearly inaccurate, but that’s not the point: it’s enough to cause havoc and make people second guess publishing books on certain topics. It’s the same culture of chaos that led to a school librarian being fired for (correctly) refusing to remove over a hundred LGBTQ books from the children’s to the adult section of her library. And it’s all designed to harm some of the people who need the most support.

The DOJ thinks news is contraband

This Freedom of the Press piece is highly relevant to how one might think about source materials in any kind of newsroom that accepts tips from others. It might not be obvious to outsiders, but newsrooms don’t facilitate tips directly from sources: material has to be volunteered without participation from the newsroom. Aside from generic instructions, nobody’s helping sources to do it.

A Biden-era precedent, now leapt on enthusiastically by the Trump administration, has begun to treat those materials as contraband regardless of how they were obtained. It’s also expanded that definition to include interviews with anyone who’s not approved to speak on the record. That line of thinking justified the raid on Washington Post reporter Hannah Natanson, where they took terabytes of data. Natanson had, just a month prior, published her account of being an engagement reporter whose job included receiving tips from the federal government. In more normal times, that account would not have made her a target.

It was previously found, in the aftermath of Daniel Ellsberg’s Pentagon Papers case, that newsrooms could publish information that was leaked to them. That’s a vital foundation for journalism and a free press, and therefore our ability to make informed democratic decisions. But this new precedent undermines that principle, and therefore our ability to understand the world around us. As the Freedom of the Press Foundation put it:

“The Pentagon Papers case stands for the proposition that the government cannot suppress the publication of truthful information of public concern, even when it would very much like to. The contraband theory is an attempt to achieve the suppression indirectly — by redefining journalists’ work product as something illicit that the government can confiscate.”

As they point out in the piece, legislation is in the works to rein these abuses in, and the judge in a pending court case has the opportunity to stand up for the First Amendment and a free press.

But there’s everything to play for. In the current political environment it’s not a slam dunk that our right to understand the world around us through investigative journalism will be upheld. We need it to be if we want to have any hope of holding people with power accountable.

The White House has an app now, and Trump wants you to report people to ICE on it

A little history lesson from the Wiener Holocaust Library:

“In Nazi Germany, some citizens passed on information about their neighbours, family, and friends to the Gestapo . This was called informing. Nazi propaganda presented the Gestapo as an omnipresent , all-seeing, all-knowing group, but in reality there was just one secret police officer for approximately every 10,000 citizens of Nazi Germany. The Gestapo were therefore reliant on a network of thousands of informants.

The information passed on by informants typically accused someone of breaking the law or of being a criminal in some way. The information provided was not always based on fact and could often be rumour or suspicion.”

Meanwhile, in completely unrelated news, The Verge reports on a new app from the White House:

“A new official White House app on Android and iOS takes the content from the White House website and copies it into app format. […] A handful of tabs in the app mostly replicate pages that exist on the Trump Administration’s version of the White House website, including news, livestreams, social feeds, and a gallery. A prominent “Get in Touch” button on the social feeds tab includes an option for users to submit a tip to ICE, which takes them to a tip form on the ICE website.”

Wow, am I glad to be living in a time where everything is normal and the historical precedents are not literally screaming at us.

Book Review: Superintelligence - Paths, Dangers, Strategies by Nick Bostrom ★★★★⯪ - Terence Eden’s Blog

2026-04-03T11:34:34.000Z

When I finally invent time-travel, the first thing I'll do is go back in time and give everyone a copy of this book. Published in 2014, it clearly sets out the likely problems with true Artificial Intelligence (not the LLM crap we have now) and what measures need to be put in place before it is created.

It opens with The Unfinished Fable of the Sparrows:

Which, frankly, should be the end of the discussion. Oh Scronkfinkle, why didn't they listen to you?

This book attempts to set out they why and the how of protecting humanity from the (inevitable?) arrival of machines which we would describe as "superintelligent". That is, capable of human-level reasoning and understanding, but unlimited in terms of speed, working memory, and accuracy.

For example, automated trading algorithms caused a "Flash Crash" of the stock market in 2010. Unchecked machines very nearly destabilised the financial work. As Bostrom writes:

[…] while automation contributed to the incident, it also contributed to its resolution. The pre-preprogrammed stop order logic, which suspended trading when prices moved too far out of whack, was set to execute automatically because it had been correctly anticipated that the triggering events could happen on a timescale too swift for humans to respond. The need for pre-installed and automatically executing safety functionality—as opposed to reliance on runtime human supervision—again foreshadows a theme that will be important in our discussion of machine superintelligence.

So where are those safety functions now? Are any of the AI providers building in guardrails to prevent atrocities? We know that some LLMs are restricted from sharing details about devastating weapons of mass destruction - but there seems little else put in place.

The book is mostly accessible but veers wildly between casual language, deep philosophical tracts, pointed snark, and the occasional dive into maths and physics. For anyone with even a passing interest in the progression of any technology, it is a worthwhile read.

Many of the predictions are spot on:

As of 2012, the Zen series of go-playing programs has reached rank 6 dan in fast games (the level of a very strong amateur player), using Monte Carlo tree search and machine learning techniques. Go-playing programs have been improving at a rate of about 1 dan/year in recent years. If this rate of improvement continues, they might beat the human world champion in about a decade.

In fact, AlphaGo achieved mastery at the end of 2016.

In the slightly longer term, the cost of acquiring additional hardware may be driven up as a growing portion of the world’s installed capacity is being used to run digital minds […] as investors bid up the price for existing computing infrastructure to match the return they expect from their investment

As I wrote about in "AI is a NAND Maximiser" this too has come to pass.

While LLMs weren't yet invented when this was written, there's an excellent prediction about how an AI could become a pernicious psychological adversary:

Caution and restraint would be required, however, for us not to ask too many such questions—and not to allow ourselves to partake of too many details of the answers given to the questions we do ask—lest we give the untrustworthy oracle opportunities to work on our psychology (by means of plausible-seeming but subtly manipulative messages). It might not take many bits of communication for an AI with the social manipulation superpower to bend us to its will.

Indeed, I think it is clear that this is already happening. While I don't ascribe malice (or any other motivation) to the AIs, it is clear that their makers have a bias towards obsequiousness.

Other predictions are perhaps a little wide of the mark:

if somebody were to succeed in creating an AI that could understand natural language as well as a human adult, they would in all likelihood also either already have succeeded in creating an AI that could do everything else that human intelligence can do, or they would be but a very short step from such a general capability.

We're a few years in to the LLM revolution and, while we can quibble about what "understand" means, it's clear that natural language can now mostly be interpreted by computers. But that doesn't seem to have made the leap to general intelligence, nor the acceleration of art and science.

Others are hopeful but possibly a bit naïve:

A future superintelligence occupies an epistemically superior vantage point: its beliefs are (probably, on most topics) more likely than ours to be true. We should therefore defer to the superintelligence’s opinion whenever feasible.

Yes, there probably are modern concepts which have more in common with "phlogiston" than reality. But if a scientist were to time-travel back to the early 1700s, how easy would it be for them to disprove the theory? Perhaps AI ought to exist in the "trust but verify" space?

It is slightly over-footnoted, with no distinction between citation and diverting passage. There's also a tendency to go off in fanciful directions - the stuff on genetically enhancing humans goes on a bit too long for my tastes. Similarly, the philosophy of maximising happiness by emulating brains and virtually doping them seemed unconvincing.

That said, some of the thought experiments are both fun and profound - the seminal "Paperclip Maximiser" was introduced in this book.

There are some downsides. An over-reliance on specific individuals like Eliezer Yudkowsky crowds out some of the other important thinkers.

One of the suggestions made has already fallen:

One valuable asset would be a donor network comprising individuals devoted to rational philanthropy, informed about existential risk, and discerning about the means of mitigation. It is especially desirable that the early-day funders be astute and altruistic, because they may have opportunities to shape the field’s culture before the usual venal interests take up position and entrench.

The "Effective Altruism" movement is now hopelessly compromised and seemingly in tatters. Similarly, the cult of rationalism has taken an unfortunate turn to the bizarre and dangerous.

Nevertheless, it's hard to argue with the philosophy. Whether or not "superintelligence" is ever achieved, we should have systems in place now to protect us. It's the same as any other technology - the time to set up nuclear non-proliferation agreements and the systems to monitor them was before we invented them.

Simplifying MBA obfuscation with CoBRA - Trail of Bits Blog

2026-04-03T11:00:00.000Z

Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simplifiers don’t understand bitwise logic, and Boolean minimizers can’t handle arithmetic.

We’re releasing CoBRA, an open-source tool that simplifies the full range of MBA expressions used in the wild. Point it at an obfuscated expression and it recovers a simplified equivalent:

$ cobra-cli --mba "(x&y)+(x|y)"
x + y

$ cobra-cli --mba "((a^b)|(a^c)) + 65469 * ~((a&(b&c))) + 65470 * (a&(b&c))" --bitwidth 16
67 + (a | b | c)

CoBRA simplifies 99.86% of the 73,000+ expressions drawn from seven independent datasets. It ships as a CLI tool, a C++ library, and an LLVM pass plugin. If you’ve hit MBA obfuscation during malware analysis, reversing software protection schemes, or tearing apart VM-based obfuscators, CoBRA gives you readable expressions back.

Why existing approaches fall short

The core difficulty is that verifying MBA identities requires reasoning about how bits and arithmetic interact under modular wrapping, where values silently overflow and wrap around at fixed bit-widths. An identity like (x ^ y) + 2 * (x & y) == x + y is true precisely because of this interaction, but algebraic simplifiers only see the arithmetic and Boolean minimizers only see the logic; neither can verify it alone. Obfuscators layer these substitutions to build arbitrarily complex expressions from simpler operations.

Previous MBA simplifiers have tackled parts of this problem. SiMBA handles linear expressions well. GAMBA extends support to polynomial cases. Until CoBRA, no single tool achieved high success rates across the full range of MBA expression types that security engineers encounter in the wild.

How CoBRA works

CoBRA uses a worklist-based orchestrator that classifies each input expression and selects the right combination of simplification techniques. The orchestrator manages 36 discrete passes organized across four families—linear, semilinear, polynomial, and mixed—and routes work items based on the expression’s structure.

Most MBA expressions in the wild are linear: sums of bitwise terms like (x & y), (x | y), and ~x, each multiplied by a constant. For these, the orchestrator evaluates the expression on all Boolean inputs to produce a signature, then races multiple recovery techniques against each other and picks the cheapest verified result. Here’s what that looks like for (x ^ y) + 2 * (x & y):

CoBRA linear simplification flow: (x ^ y) + 2 * (x & y)
Step 1: Classification Input expression is identified as Linear MBA
↓
Step 2: Truth Table Generation Evaluate on all boolean inputs → `[0, 1, 1, 2] truth table`
↓
Step 3a: Pattern Match Scan identity database	Step 3b: ANF Conversion Bitwise normal form	Step 3c: Interpolation Solve basis coefficients
↓
Step 4: Competition Compare candidate results → Winner: x + y (Lowest Cost)
↓
Step 5: Verification Spot-check against random 64-bit inputs or prove with Z3 → Pass

When constant masks appear (like x & 0xFF), the expression enters CoBRA’s semi-linear pipeline, which breaks it down into its smallest bitwise building blocks, recovers structural patterns, and reconstructs a simplified result through bit-partitioned assembly. For expressions involving products of bitwise subexpressions (like (x & y) * (x | y)), a decomposition engine extracts polynomial cores and solves residuals.

Mixed expressions that combine products with bitwise operations often contain repeated subexpressions. A lifting pass replaces these with temporary variables, simplifying the inner pieces first, then solving the expression that connects them. Here’s what that looks like for a product identity (x & y) * (x | y) + (x & ~y) * (~x & y):

CoBRA mixed simplification flow: (x & y) * (x \| y) + (x & ~y) * (~x & y)
Step 1: Classification Input is identified as Mixed MBA
↓
Step 2: Decompose Decompose into subexpressions ↓
(x & y) * (x \| y)	(x & ~y) * (~x & y)
↓	↓
Step 3: Lift & Solve Lift products, solve inner pieces
↓
Step 4: Collapse Identity Collapse product identity → *x y**
↓
Step 5: Verification Spot-check against random 64-bit inputs or prove with Z3 → Pass

Regardless of which pipeline an expression passes through, the final step is the same: CoBRA verifies every result against random inputs or proves equivalence with Z3. No simplification is returned unless it is confirmed correct.

What you can do with it

CoBRA runs in three modes:

CLI tool: Pass an expression directly and get the simplified form back. Use --bitwidth to set modular arithmetic width (1 to 64 bits) and --verify for Z3 equivalence proofs.
C++ library: Link against CoBRA’s core library to integrate simplification into your own tools. If you’re building an automated analysis pipeline, the Simplify API takes an expression and returns a simplified result or reports it as unsupported.
LLVM pass plugin: Load libCobraPass.so into opt to deobfuscate MBA patterns directly in LLVM IR. If you’re building deobfuscation pipelines on top of tools like Remill, this integrates directly as a pass. It handles patterns spanning multiple basic blocks and applies a cost gate, only replacing instructions when the simplified form is smaller, and supports LLVM 19 through 22.

Validated against seven independent datasets

We tested CoBRA against 73,066 expressions from SiMBA, GAMBA, OSES, and four other independent sources. These cover the full spectrum of MBA complexity, from two-variable linear expressions to deeply nested mixed-product obfuscations.

Category	Expressions	Simplified	Rate
Linear	~55,000	~55,000	~100%
Semilinear	~1,000	~1,000	~100%
Polynomial	~5,000	~4,950	~99%
Mixed	~9,000	~8,900	~99%
Total	73,066	72,960	99.86%

The 106 unsupported expressions are carry-sensitive mixed-domain cases where bitwise and arithmetic operations interact in ways that current techniques can’t decompose. CoBRA reports these as unsupported rather than guessing wrong. The full benchmark breakdown is in DATASETS.md.

What’s next

CoBRA’s remaining failures fall into two categories: expressions with heavy subexpression duplication that exhaust the worklist budget even with lifting, and carry-sensitive residuals where bitwise masks over arithmetic products create bit-level dependencies that no current decomposition technique can recover. We’re also exploring broader integration options beyond just an LLVM pass, like native plugins for IDA Pro and Binary Ninja.

The source is available on GitHub under the Apache 2.0 license. If you run into expressions CoBRA can’t simplify, please open an issue on the repository. We want the hard problems.

The "Passive Income" trap ate a generation of entrepreneurs - Westenberg

2026-04-03T06:25:28.000Z

I had coffee last year with a guy - I won't use his real name - who told me he was "building a business." I asked what it did. Dropshipping jade face rollers.

I made him say it twice.

Jade face rollers.

He'd found them on Alibaba for $1.20 each, and started selling them through Shopify for $29.99. Never used one himself. Didn't really know what they were for - something about lymphatic drainage? Reducing puffiness? He said "lymphatic" the way you say a word you've only ever read and never heard out loud.

Some guy on YouTube said jade rollers were "trending," the margins looked insane on paper, so he'd "built" a website with stock photos of a dewy-skinned woman rolling a green rock across her cheekbone and started running Facebook ads at $50 a day. Customers would email asking where their stuff was - shipping from Guangzhou, three to six weeks, sometimes way longer - and he'd copy-paste a response he found on a dropshipping subreddit. He had a Google Doc full of pre-written customer service replies.

Never talked to a single customer.

I swear to god.

Five months in, he was $800 in the hole.

He told me all this like he'd invented the wheel.

I bought him another coffee. I genuinely had no idea what else to do.

Jade Roller Guy has become my go-to example of something that went drastically, terribly wrong with how a whole generation of would-be entrepreneurs thought about work and money. A specific ideology - I've been calling it Passive Income Brain - grabbed a huge chunk of the people who were, by temperament and ability, most likely to start real businesses, and it gave them a completely fucked set of priorities.

Somewhere between 2015 and 2022, "passive income" stopped being a boring financial planning term and became, I don't know how else to put this, a salvation narrative. I mean that literally. There was an eschatology if you want to get nerdy about it. The Rapture was the day your "passive income" exceeded your monthly expenses and you could quit your job forever. People talked about it with that exact energy.

But, of course, the folks making any actual income, of any kind, were the ones selling courses about making passive income. It was an ouroboros. It was an ouroboros that had incorporated in Delaware and was running Facebook ads.

The pitch went something like: you, a sucker, currently trade your time for money. This is what employees do, and employees are suckers. (I'm paraphrasing, but not by much.) Smart people build SYSTEMS. A system is anything that generates revenue without your ongoing involvement. Write an ebook. Build a dropshipping store. Create an online course. Set up affiliate websites.

The specific vehicle doesn't matter because the important thing isn't what you build, it's the structure. You want a machine that generates cash while you sleep, and once you have that machine, you are free.

Free to do what? Sit on a beach, apparently. Every single one of these people wanted to sit on a beach. I've never understood this. Have they been to a beach? There's sand. It gets everywhere. You can sit there for maybe three hours before you want to do literally anything else.

But I digress.

The allure is real. Who doesn't want money that shows up while you sleep?

I'd fucking love that. I'd love it very much indeed. But "passive income" as an organizing philosophy for your entire business life, for how you think about work, is almost perfectly designed to produce garbage.

When you make "passivity" the thing you're optimizing for, you stop caring about anything a customer might actually want. Caring is active. Caring takes time. Caring is work.

Giving a shit is, by definition, not passive.

Between 2019 and 2021, roughly 700,000 new Shopify stores opened. The platform went from about a million merchants to 1.7 million in two years. About 90% of those stores failed within their first year. That's not a business model. That's a meat grinder with a landing page.

We started drowning in a million businesses nobody was actually running. Dropshipping stores with six-week shipping times and customer service that was just copy-pasted templates. Guys who'd put their "brand name" - usually something like ZENITHPRO or AXELVIBE, always in all caps, always vaguely aggressive - on a garlic press identical to four hundred other garlic presses on the same Amazon page. AXELVIBE! For a garlic press!

And the affiliate blogs! Hundreds of thousands of them, pumped full of SEO-optimized reviews of products the authors had never touched, never even seen in person. A fractal of bullshit that technically qualifies as commerce but puts zero dollars of actual value into the world.

Leverage is real; I'm not disputing that. There is a difference between trading hours for dollars and building something that scales. Software does this. Publishing does this. You write a book once, sell it many times, nobody calls that a scam. Fine! That part they got right!

Where it went wrong is that the whole movement confused "build a good product that scales" with "build any mechanism that extracts money without you being involved." I don't think that confusion was accidental. I think the confusion was the point. Because if you're teaching people to build real businesses, you have to sit with hard, boring questions about whether anyone actually wants what you're selling. But if you're teaching people to build "passive income streams" you can skip all of that and go straight to the fun tactical shit. How to run Facebook ads, how to set up a Shopify store in a weekend, how to write email sequences that manipulate people into buying things they don't need.

Nobody talks enough about what the passive income movement did to the content quality of the entire internet. If you've tried to google "best [anything]" in the last five years and gotten a wall of nearly identical listicles, all with the same structure ("We tested 47 blenders so you don't have to!"), all making the same recommendations, all linking to the same Amazon products, you've experienced the results.

Those articles weren't written by people who cared whether you bought a good blender. They were written by people who cared whether you clicked their affiliate link, because that's what generated passive income, and the incentives made honesty actively counterproductive.

The honest review of blenders is: "most blenders are fine, just get whatever's on sale, the differences below $100 are basically meaningless." That review generates zero affiliate revenue. So nobody wrote it.

Instead you got "The Vitamix A3500 is our #1 pick!" with a nice affiliate link, written by someone who has never blended anything in their life. Multiply this across every product category and you start to understand the informational desert we've been living in. We broke Google results, at least partly, because an army of passive income seekers had an incentive to flood the internet with plausible-sounding garbage.

(Someone is going to object that Google should have filtered this stuff out, and yes, sure, but also, "the people creating the pollution aren't at fault because the EPA should have caught it" has never been a great argument.)

I've met dozens of smart, capable people who had actual energy, and who spent their entire twenties bouncing between passive income schemes instead of building real skills // real businesses // real careers. The pattern was always the same: six months on a dropshipping store, it fails, pivot to Amazon FBA, that fails, pivot to creating a course about dropshipping (because of course), and then the course doesn't sell either because by 2021 there were approximately forty thousand courses about dropshipping and the market had been saturated since before they started.

And the whole time they were getting further and further from the thing that actually creates economic value, which is: find a real problem, solve it for real people, care enough to stick around and keep improving. The boring thing. The thing that takes years. The thing that is, to be absolutely clear about this, not passive.

I once saw a guy ask whether he should start a dog walking business and the top response was something like "dog walking isn't scalable, you should build a dog walking platform instead." This person liked dogs! He liked walking! He lived in a neighborhood full of busy professionals with dogs!

But the Passive Income Brain thing had gotten so deep into how people talked about business online that "do the simple obvious thing that works for you" was considered naive, and "build a technology platform for an activity you've never actually done as a business" was considered smart.

The dog walking guy could have been profitable in a week.

The app guy would have burned through his savings in six months and ended up with a landing page and no users.

By 2020 the passive income world was absolutely crawling with grift: guys posing with rented Lamborghinis in YouTube thumbnails, "digital nomads" whose actual income came entirely from selling the dream of being a digital nomad to other aspiring digital nomads, podcast hosts interviewing each other in an endless circle of mutual promotion where everyone claimed to make $30K/month and nobody could explain what they actually produced. By 2021 or so it started to look like a distributed, socially acceptable MLM. The product was the dream of not working. The customers were people desperate enough to pay for it.

Not everyone in this world was cynical. I genuinely believe that. A lot of the people selling passive income content believed their own pitch. They'd had some real success with a niche site - pulled $3,000/month for a while, it does happen - read the same books everyone else read, figured okay, I'll teach other people my system. Why not. I would have done the same thing at 24. I'm almost sure of it.

But zoom out and what you had was just an enormous machine converting human ambition into noise. Affiliate spam // dropshipped junk // ebooks about passive income // courses about courses. An entire layer of the internet that was nothing but confident-sounding bullshit produced by people who had optimized for everything except making something worth buying.

The people near the top made money. Everyone else spent months or years chasing a mirage and came out with nothing but a Shopify subscription they forgot to cancel. They thought they'd failed. They hadn't failed. The system, every system, failed them.

What actually makes money hasn't changed. You find something people need. You get good at providing it. You charge a fair price and you keep showing up even when it's tedious and even when you don't want to. You build relationships over years. You build reputation over years. None of it is passive, and none of it has ever been passive! All of it revolves around giving a shit, day after day, about something specific. I don't think anyone has ever found a way around that and I don't think anyone will.

The passive income thing was a fantasy about not having to give a shit.

This is a terrible foundation for pretty much anything.

The affiliate SEO blogs are being slaughtered right now by AI-generated content. The people who spent years producing algorithmically optimized content of no value to humans are getting outcompeted by software that does the exact same thing, faster and cheaper. Facebook ad costs went through the roof and took the dropshipping gold rush with them. The biggest passive income gurus have already pivoted to selling AI courses. The machine keeps running. It just swaps out the brochure.

But I've noticed more people talking about what I'd call "give a shit" businesses - people who make furniture, run plumbing companies, write software they actually use themselves. Stuff where the answer to "why does your business exist?" isn't "to generate passive income for me." This works a lot better than the laptop-on-the-beach grind.

Jade Roller Guy, if you're out there: I hope you found something real.

I hope it keeps you busy.

Westenberg is designed, built and funded by my solo-powered agency, Studio Self. Reach out and work with me:

Work with me

The open web isn't dying. We're killing it - Werd I/O

2026-04-03T01:58:17.000Z

[Julien Genestoux]

Julien is right:

“Why did we keep outsourcing identity, distribution, and monetization to companies whose incentives were obviously misaligned with ours?

[…] It is because, collectively, we preferred the short-term consumer surplus of convenience over the long-term responsibilities of stewardship.”

We can raise the alarm about the demise of the open web all we want, but you can’t sell or promote a technology based on ideology alone. The truth is that other solutions were quicker and easier — even for many of us that held up the open web banner.

[Link]

An AI company set out to fix news deserts. Instead, it copied local journalists’ work - Werd I/O

2026-04-03T01:26:38.000Z

[Angela Fu in Poynter]

Repeat after me: AI cannot write journalism and should never be used in place of a journalist. I believe it can be a very useful tool — but it is a tool for humans.

So this whole initiative was misconceived:

“Artificial intelligence company Nota — whose clients include organizations like The Boston Globe and the Institute for Nonprofit News — is scrapping its network of local news sites after learning that they contained dozens of instances of plagiarism. […] The 11 sites — collectively called Nota News — launched in September as an effort to bring “bilingual local reporting and civic tools to underserved communities.””

As the linked Poynter article points out:

“The articles were supposed to be based on publicly available civic information, such as press releases and videos of city council meetings. In reality, Poynter found more than 70 stories dating back to October that included reporting, writing and photography from local journalists without attribution.”

[Link]

LinkedIn Is Illegally Searching Your Computer - Werd I/O

2026-04-03T01:11:11.000Z

[BrowserGate by Fairlinked]

This is quite a serious accusation:

“Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.”

This is an EU-based site, hence the reference to the location of the cybersecurity firm. The authors are quick to point out that they believe this scanning is illegal in the EU.

The claim is also partially a little bit hyperbolic. “Installed software” makes it sound like LinkedIn is scanning your whole computer; in reality, it’s checking for browser extensions. That’s a fairly common component of modern browser fingerprinting; at this point it’s fairly well-known that, because of the individual mix of extensions, fonts, etc available to a browser, this can be used to track individuals on the web without using cookies. That’s not to say that it’s not invasive — it clearly is!

[Link]

Surf demonstrates the power of the open social web - Werd I/O

2026-04-02T19:32:28.000Z

My friends at Flipboard launched Surf, its open social web browser, on the web today.

I’ve been using Surf for a while. It’s a kind of browser for the open social web: a way to bring together all of your social feeds (Bluesky, Mastodon, RSS, YouTube) in one place and read them together. You can get an all-in-one feed, but anyone can create a curated feed for a specific topic.

For example, here’s my Speaking Truth to Power feed, which I’ve curated to highlight reporting shared by non-profit newsrooms covering the US. I also have a companion Speaking Truth to Tech Power feed, which specifically highlights tech stories that go a little bit deeper and explore the power dynamics technology can enforce.

For media companies, it’s even more interesting. The feed for Decoder, the podcast from The Verge, lets you listen to every Decoder episode. But if you click through to the other tabs, you’ll also find posts from sources and topics that the Verge thinks are interesting, and any discussion about the show that uses the #decoder hashtag. You can also click to see the sources that the Verge used to make the feed, which allows you to remix and make your own.

Beyond Decoder and The Verge, there are a whole host of other publications already creating feeds in Surf. I’m aware of (deep breath): WIRED, Rolling Stone Politics, 404 Media, Shutdown Fullcast, The MMQB, Defector: Sports!, All Net, FilmFeed, and The Oregonian, but more will follow. These are media properties that have chosen to create their own feeds with Surf, but it’s important to understand that they’ve also made the conscious choice to join the open social web.

This kind of functionality is only possible on an open social web: a place where all content can be brought together using open protocols to create new kinds of community experiences. It’s genuinely exciting to me. Surf is a first-class consumer web service, but it’s also one of the first to show what the unique value of the open social web can truly be for publishers. Any publication can now showcase its own posts across platforms together, with the social proof of conversation from other people who are talking about its work, together with media from other, relevant companies. And they can do it without asking anyone for permission.

And this openness goes both ways. As well as content from the open social web flowing into Surf, feeds made with Surf integrate with Bluesky, so you can follow the curated posts there, too. For example, here’s Speaking Truth to Power and its tech equivalent over there. This openness also demonstrates that publishers aren’t locked into Surf itself, and you can easily imagine more developers integrating with these feeds and creating other interesting experiences around them.

In short, I think this is great: a tool that shows (not tells) what the open social web makes possible, creates new value for publishers in the process, and does it through a first-class experience. More like this, please.

You can sign up for Surf at surf.social.

Note published on April 2, 2026 at 5:41 PM UTC - Molly White's activity feed

2026-04-02T17:41:11.000Z

One of the government's attorneys in the CFTC's lawsuit against the states who've sued Kalshi was a lawyer for Kalshi in its lawsuit against the CFTC in 2023. He joined the DOJ in February 2025.

Note published on April 2, 2026 at 5:17 PM UTC - Molly White's activity feed

2026-04-02T17:17:59.000Z

The CFTC (the US commodities regulator) has just sued Arizona, Connecticut, and Illinois for their efforts to "outlaw, regulate, or otherwise restrain" prediction markets like Kalshi.

This is another escalation by newly appointed CFTC chair Mike Selig (and sole Commissioner at the agency), who has taken it upon himself to assert the CFTC's sole regulatory authority over prediction markets. Recently, the CFTC filed a supporting brief in Crypto.com's lawsuit against Nevada.

As I wrote then, "Since the CFTC has filed no enforcement actions against prediction markets after embracing the sector following Trump’s election, Selig’s jurisdictional claim seems designed to shield the sector rather than regulate it."

Nevertheless, the CFTC's press release accompanying these lawsuits claims that state regulatory intervention could result in "poorer consumer protection and increased risk of fraud and manipulation".

Note published on April 2, 2026 at 2:32 PM UTC - Molly White's activity feed

2026-04-02T14:32:45.000Z

misophonia sufferers vindicated as scientists confirm the remaining 3% are also under investigation

"Study: 97% Of All Sounds Infuriating", The Onion

Concert Review: London Philharmonic - Pictures at an Exhibition ★★★★★ - Terence Eden’s Blog

2026-04-02T11:34:07.000Z

A delightful and emotional rendition of three rather different works.

Mark-Anthony Turnage's "Three Screaming Popes" was a chaotic cacophony. Wild, bizarre, inventive, and seemingly driven by excess. A fascinating performance, although not one I'll put on in the background. Turnage himself took to the stage to bask in the applause.

Bartók's Violin Concerto No. 1. Reading the story behind the composition made the performance by soloist Alina Ibragimova even more terrifying than it might have otherwise been. The sounds emanating from her violin were somewhere between a tantrum and flirtatious coquette. Stunning to see her tear up the stage.

Mussorgsky's Pictures at an Exhibition. Outstanding. Hearing a 100 piece orchestra power through the score was exhilarating. It is such a vivid piece. There's no other way to describe it - each movement is distinct and full of character. One of those rare pieces where you can feel the music worming its way into your brain.

You can listen to the concert on BBC Radio 3.

Pre- and Post-Show

I've written before about The art of the Pre-Show and Post-Show. Venues and shows have multiple ways to make an event special for an audience.

This concert did some things really well. For a start - the programme was free! I wish the West End was a bit more like Broadway with a free "Playbill" at every show. Even better, the programme was actually useful! Some nice blurbs about the performers and the pieces.

I particularly liked this little snippet:

How wonderful! It's always someone's first time at an orchestral concert. More programmes should have these little comfort notes.

Other than that, there wasn't much. There was no interaction between the conductor and audience, which felt a little odd. The programme had a QR code to a 31(!) point questionnaire. I'm not sure how many people would be bothered to complete that.

Royal Festival Hall is a delight - plenty of space, multiple bars, lots of seating areas, and a larger number of spacious & clean toilets. An excellent venue.

Time is a User-Interface - Westenberg

2026-04-02T00:32:14.000Z