Shellsharks Blogroll - BlogFlock

Try our new dimensional analysis Claude plugin - Trail of Bits Blog

2026-03-25T11:00:00.000Z

We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post. Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with dimensional types, then flags mismatches mechanically. In testing against real audit findings, it achieved 93% recall versus 50% for baseline prompts.

You can download and use our new dimensional-analysis plugin by running these commands:

claude plugin marketplace add trailofbits/skills claude plugin install dimensional-analysis@trailofbits claude /dimensional-analysis

How our plugin differs from most skills

This plugin release is quite different from the wave of security analysis skills released over the past few weeks. The skills we’ve seen tend to take a relatively simple approach, where the LLM is primed with a set of vulnerability classes, exploration instructions, and example findings, and is then told to try to identify bugs within the scope of the skill.

Unfortunately, these approaches tend to produce low-quality results, with precision, recall, and determinism that is often much poorer than simply asking an LLM to “find the bugs in this project.”

What makes dimensional-analysis different is that instead of relying on LLM judgement to search for, identify, and rank vulnerabilities, it uses the LLM as a vocabulary-building/categorization machine that directly annotates the codebase. If the annotations are correct and a dimensional bug is present, that bug shows up as a mismatch between annotations instead of having to rely on an LLM’s judgement to determine how viable a finding is. In effect, this changes the calculus of how the LLM’s reasoning capability is being used, and produces much better results than baseline prompts that overly rely on LLM reasoning capabilities.

Benchmarking

We tested dimensional-analysis against a set of dimensional mismatch issues found during several unpublished audits and compared it to a baseline prompt using 10 samples per codebase. For this evaluation, the dimensional-analysis plugin had a recall rate of 93% with a standard deviation of 12%, versus the baseline prompt, which had a recall rate of 50% with a standard deviation of 20%. This means that dimensional-analysis performed both better and more consistently than the baseline prompt.

How it works

If you haven’t already, read our first blog post on the dimensional analysis technique. The plugin works over four main phases: dimension discovery, dimension annotation, dimension propagation, and dimension validation.

In the first phase, a subagent performs dimension discovery, with the goal of identifying a vocabulary of fundamental base units that every numerical term in the system is composed of. During this process, it also identifies a set of common derived units for quick reference by later agents.

Figure 1: A sample of a dimensional vocabulary for a protocol using Uniswap v4 hooks

The dimensional vocabulary is persisted to DIMENSIONAL_UNITS.md, where it can be read by other agents or used during development if you choose to make the annotations a permanent part of your software development lifecycle.

In the second phase, a group of subagents is launched to directly annotate the codebase using the dimensional vocabulary. Each subagent is provided with the DIMENSIONAL_UNITS.md file, a batch of files to annotate, and instructions to annotate state variables, function arguments, variable declarations, and any portions of complex arithmetic. These initial annotations are called “anchor” annotations.

} else if (currentPrice < peakPrice) {
 // D18{1} = (D18{price} - D18{price}) * D18{1} / (D18{price} - D18{price})
 imbalance =
 ((peakPrice - currentPrice) * imbalanceSlopeData.imbalanceSlopeBelowPeak) /
 (peakPrice - eclpParams.alpha.toUint256());
} else {
 // D18{1} = (D18{price} - D18{price}) * D18{1} / (D18{price} - D18{price})
 imbalance =
 ((currentPrice - peakPrice) * imbalanceSlopeData.imbalanceSlopeAbovePeak) /
 (eclpParams.beta.toUint256() - peakPrice);
}

Figure 2: A sample of annotated arithmetic from Balancer v3

In the third phase, dimensions are “propagated” across each file to callers and callees. This phase adds extra annotations to low-priority files that didn’t receive annotations on the first pass, and performs the first set of checks to make sure that dimensions agree within the same code context and across files.

It’s important to note that a dimensional mismatch at this stage doesn’t necessarily mean a vulnerability is present; sometimes it’s not possible to infer the precise dimension of a called function argument without reading the implementation of the function itself, and the system will over-generalize or make a poor guess. This third phase attempts to “repair” these over-generalized annotations and, if repair is not possible, flags them for triage in the final step.

In the fourth and final phase, the plugin attempts to discover mismatches and perform triage. Dimensional mismatching is checked for during assignment, during arithmetic, across function boundaries, across return paths, and across external calls. Dimensional mismatches are compared against a severity classification based on the nature of the mismatch, and a final report is returned to the user.

What’s next?

If you’re a developer working on an arithmetic-heavy project like a smart contract or blockchain node, we highly recommend running this plugin, then committing DIMENSIONAL_UNITS.md along with all of the annotations created by the plugin. Besides finding bugs, these annotations can greatly improve how long it takes to build a thorough understanding of a complex codebase and help improve both human and LLM understanding of the semantic meaning of your project’s arithmetic expressions.

While new tools are exciting, at this time we don’t believe that this tool can find every source of dimensional error. LLMs are probabilistic, which means there is always going to be some level of error. We’re interested in improving this plugin wherever possible, so if you run it and it misses a dimensional error, please open an issue on our GitHub.

Read "Goodhart's Law vs "prediction markets"" - Molly White's activity feed

2026-03-24T19:59:37.000Z

Read:

“Goodhart's Law vs "prediction markets"”.

Cory Doctorow in his blog. Published March 24, 2026.

Note published on March 24, 2026 at 7:47 PM UTC - Molly White's activity feed

2026-03-24T19:47:05.000Z

i love combing through FEC data because how else would i have learned of Big Nut

PSP gaming and a new ereader - W12 - Joel's Log Files

2026-03-24T15:40:00.000Z

These weeknotes are full of gaming related topics yet again, but also some reading, let us celebrate such an accomplishment, yay!

💻 Now that it’s over, it’s weird to think about all the work I did while my workmate was out. It sure was stressful and there were many times where I still felt like I should ask him what to do. These weeks proved to me that even though I’m still not the best, I can handle myself better than I thought—or stall things until he returns and knows what to do better lol.
💪 Gotta say I have not gone to the gym for a while, work has been a pain and I got phone calls off-hours, I just want to get home and be lazy for the rest of the day, and always ready just in case. Thankfully, I finally returned this Monday night and it was a good time.
📚 My XTEINK X4—a tiny e-ink reader—finally arrived, at the same time as Jeremy’s, both of us already installed the Crosspoint firmware too. I had some fun setting up wallpapers and
🍜 Went to a Japanese restaurant with some friends over the weekend! We ate some ramen and had a wonderful time chatting and catching up with each other. We also played a couple of rounds of Garctic Phone, guaranteed fun for everyone.
📦 Another couple of Nintendo Switch game arrived. I got Gris earlier on, and Crow Country arrived later, the first because of the great experience Amin—and he keeps nagging me to play it—and the latter due to the marvelous experience I had with Resident Evil 2, I may play the original RE first though.
💾 Transferred a few games to my PSP, the What Did I Do To Deserve This, My Lord?! 2, Danganronpa, BlackRock Shooter, and Mega Man Powered Up!. I wish there was a Resident Evil game for PSP, it would have been so cool…
🎧 Acquired Gris: Unreleased sketches, a new album by Berlinist with early drafts of tracks from the game of the same name! It’s just 11 minutes long, but it’s wonderful.

Reading

Started

🕰️ Chrono Trigger by Michael P. Williams - I transferred a few books to my Xteink X4 reader and this was one of them. I already flew through 25% of it! A great book about Chrono Trigger, the author’s personal experience with it, and apparently there’s some interviews and more neat stuff coming up!
🛰️ Strange Dogs by James S.A. Corey - A novella taking place before the events of Persepolis Rising from The Expanse. It seems super promising so far.

Ongoing

🥷 Kagurabachi by Takeru Hokazono - Up to chapter 82. This is great shonen stuff, and it has been rock-solid from the beginning. I’ve already flew past a couple of excellent arcs and I am enamoured by the story, the characters and the pure aura of each panel as the fight scenes and the power system develop further. The progression has been really good and I have no complaints. I ready more than 70 chapters in a week, after all.

Completed

🌳 Non-Stop by Brian W. Aldiss - What a book! What a start to Aldiss’ career as a published writer. Among the first stories of its kind, with a lot of ideas, concepts and neat, if dated characters. I reall y

Watching

🪨 David - We went to the movies and chose this one on a whim, it’s an animated rendition of the biblical tale of King David’s rise to the throne. I was rather surprised by the quality of it. It’s a musical, but it wasn’t very catchy, at least to me. It still pales in comparison to the masterpiece that is The Prince of Egypt though.

Gaming

Ongoing

🥐 CrossCode - Last week I stared the first out of three dungeons in Chapter 8, I have now beath two of them and unlocked my way into the third one! The game keeps being simply awesome, the puzzles continue to get my brain muscles to work.
🍄 Super Mario 3D World - We have managed to complete all the levels and beat Bowser once more. We finally got to the last last stage and did a couple more levels! The end of this game is near, but we are still collecting all the stickers!
⚔️ Gladiator Begins - I only mentioned this in passing on a Gaming Recap from 2024, I can’t believe I never brought it up in other notes at all… In any case, it’s a great PSP arena fighter with kinda complex controls and depth. I’ve enjoyed it quite a bit, lots of customization and challenging fights.
🃏 Balatro - Literally one year later, this roguelike was opened on a whim by my friends on my Switch and we ended up playing for two hours. I wasn’t fully present during this time, but I played a few rounds here and there, it is still awesome.

Started

💀 What Did I Do To Deserve This, My Lord!? 2 - A strange tower-defense/dungeon maker where I have to design a cave system that autopopulates with minions in charge of defending the bad guy. Depending of the shapes I dig, certain species grow, and then bigger and bigger ones that are stronger and more durable. Every once in a while “heroes” will show up to defeat me. The weird thing here is that I have no way to dictate where the minions go, I have to work within their movement patterns and plan accordingly, it’s rather interesting but I can’t figure it out yet and can’t get past World 2.
🧪 Metroid Fusion - I started it on a whim again, this time on my Miyoo Mini Flip. I reached the first boss of the game! Kind of want to fly through it just because it’s fun.
🚗 Ridge Racer Type 4 - Started it on my Miyoo Mini Flip too, I think I’ll stick with the PSP one though.

Around the Web

Blog posts

Unfinished must-want-to-play games - Love listicles like this one.
The Sandwich - A very personal slice of life.
Your computer hates you - A rant on technology today, I disagree with many things, but found it worth reading.
Damn, I Can Still Read - Reading is great, and it’s fun to realize you actually like it.
Just checking in - Sam has mostly stuck to weekly summaries that are generated from his social media feed, but I’ve been missing a proper post like this one.

YouTube

Why smaller pixel art is actually harder - The title is pretty clear here.
The Failed MASTERPIECE That Gave Us Resident Evil 4 - Never heard of this game, looks kinda fun.
Why Classic Games Feel Better - Nothing like a good old video essay about something I agree with.
The Return of Polished AAA Games - I mostly play old games that released ages ago, but it’s nice when something new comes out that just runs well.

Reply to this post via email | Reply on Fediverse

Book Review: If We Cannot Go at the Speed of Light by Kim Choyeop ★★☆☆☆ - Terence Eden’s Blog

2026-03-24T12:34:27.000Z

Short stories offer you the chance to dip briefly into a world and then skip out so there's not much time for development; just straight in to the plot and off we go. But this is all exposition and very little action. Rather than let the plots develop naturally, there are just vast passages of infodumping. I'm sad to say this is a rather dreary and insipid collection of stories.

Some of the stories start out with an interesting premise but then just fizzle out. There's a reasonably good idea in "The Materiality of Emotions" which describes people buying little trinkets which induce emotions in them. Again, emotions as drugs is well-worn stuff, but this builds up momentum nicely before suddenly ending.

The highlight is "Spectrum" which has some delightful world-building but, like the others, it's rather derivative of older stories. A woman's space ship crashes on a strange planet and she tries to befriend the local hominids. You've almost certainly read it before.

Overall I found it underwhelming.

Many thanks to NetGalley for the review copy.

Spotting issues in DeFi with dimensional analysis - Trail of Bits Blog

2026-03-24T11:00:00.000Z

Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning!

One of the first lessons in physics is learning to think in terms of dimensions. Physicists can often spot a flawed formula in seconds just by checking whether the dimensions make sense. I once had a teacher who even kept a stamp that said “non-homogeneous formula” for that purpose (and it was used a lot on students’ work). Developers can use the same approach to spot incorrect arithmetic in smart contracts.

In this post, we’ll start with the basics of dimensional analysis in physics and then apply the same reasoning to real DeFi formulas. We’ll also show you how this can be implemented in practice, using Reserve Protocol as an example. Along the way, we’ll see why developers need to think explicitly about dimensional safety when writing smart contracts, and why the DeFi ecosystem would benefit from tooling that can automatically catch these classes of bugs. Speaking of which, while putting together this post, we actually built a Claude plugin for this purpose, but we’ll get into the details in a follow-up post.

Quantities and dimensions

We will start with two formulas:

$$\textit{Speed} = \textit{distance} + \textit{time}$$$$\textit{Speed} = \frac{\textit{distance}}{\textit{time}}$$

Which of the two formulas is the correct way to calculate the speed of an object? Clearly, it’s the second one, but not just because you’ve memorized the correct formula. The deeper reason lies in dimensions.

Physics recognizes seven fundamental quantities: length (meters), mass (grams), time (seconds), electric current (amps), thermodynamic temperature (kelvin), amount of substance (moles), and luminous intensity (candela).

Every other physical concept, like speed, force, or energy, is a derived quantity, defined in terms of the fundamental ones.

For example, this is how speed is defined:

$$\textit{Speed} = \textit{distance} / \textit{time}$$

And this is how it’s represented in dimensional terms:

$$\textit{Speed}\text{(meters/second)} = \frac{\textit{length}\text{ (meters)}}{\textit{time}\text{ (seconds)}}$$

The golden rule is simple: both sides of an equation must have the same dimension.

And, just as important, you can’t add or subtract quantities with different dimensions.

So if we reason through the incorrect speed formula in terms of dimensions, we’ll get this:

$$\textit{Speed}\text{ (meters/second)} = \frac{\textit{length}\text{ (meters)}}{\textit{time}\text{ (seconds)}} = \textit{length}\text{ (meters)} + \textit{time}\text{ (seconds)}$$

This is clearly nonsense. If dimensions could scream, they would. So we can easily say that this formula can’t be used to calculate anything, speed or otherwise.

Note that even when dimensions check out, you must still use consistent units!

Dimensional thinking in DeFi

Now let’s shift the lens. Physics deals with meters, seconds, and kilograms, but DeFi has its own “dimensions”: tokens, prices, liquidity, and so on.

Here’s where mistakes start to creep in. Imagine you’re coding an AMM and you write this:

$$K = x + y$$

Does that look right? It shouldn’t.

Here, x might represent the number of “token A” and y the number of “token B.” Adding them together is just as meaningless as adding distance and time. They’re different dimensions.

At this point, you might object: “Wait, this is exactly how Curve Stable Pools work!”

And you’d be right. But the key is in the name: stable. In a stable pool, tokens are designed to maintain near-equal value. Under that assumption, token A and token B are treated as if they were the same “dimension.” This trick makes the formula workable in this special case. But outside of stable pools, blindly adding tokens together is as absurd as writing $\textit{speed} = \textit{distance} + \textit{time}$. Understanding homogeneous formulas helps you not only find issues but also understand why a formula is structured the way it is.

In physics, speed is a derived quantity built from the fundamental quantities of length and time. DeFi has its own derived quantities: liquidity, for example, is built from token balances.

For example, in a Uniswap v3 pool with reserves x and y, liquidity is calculated as follows:

$$\textit{Liquidity} = \sqrt{x \cdot y}$$

Dimensionally, this calculation looks like this:

$$\textit{Liquidity} = \sqrt{[A] \cdot [B]}$$

Here, [A] is a dimension that represents the number of token A, and [B] is a dimension that represents the number of token B.

On its own, “token A × token B” doesn’t have a direct interpretation, just like “meters × seconds” doesn’t. But within the invariant equation $k = x \cdot y$, the $x \cdot y$ part defines a conserved relationship that governs swaps.

k and the liquidity are not base dimensions; they are derived ones, combining the balances of multiple tokens into a single pool-wide property.

Why some price formulas don’t work

Example 1

Suppose someone writes this incorrect formula in his protocol:

$$\textit{Price} = \frac{\text{number of token A}}{\textit{liquidity}}$$

We can easily spot the issue with dimensional analysis.

This is an example of a correct and straightforward way to define a price:

$$\text{Price of B in terms of A} = \frac{\text{amount of A}}{\text{amount of B}} = \frac{[A]}{[B]}$$

If the formula $\textit{Price} = \frac{\text{number of token A}}{\textit{liquidity}}$ were correct, the right side of the equation would have the same dimensions as the correct price definition above.

But dimensionally, the right side of the formula is as follows:

$$\frac{[A]}{\sqrt{[A] \cdot [B]}} = \frac{\sqrt{[A]} \cdot \sqrt{[A]}}{\sqrt{[A] \cdot [B]}} = \sqrt{\frac{[A]}{[B]}}$$

That’s not a price; it’s the square root of a price. The formula produces something, but it’s not a price.

Consequently, we have different dimensions on the right and left sides of the formula. This means the formula $\textit{Price} = \frac{\text{number of token A}}{\textit{liquidity}}$ is incorrect. This is discernible without further knowledge of the DEX.

Example 2

Let’s take another example that is harder to spot without dimensional analysis. Which of these formulas is incorrect?

$$K = (\text{number of token A})^2 \cdot \text{Price of B in terms of A}$$
$$K = \frac{(\text{number of token A})^2}{\text{Price of B in terms of A}}$$

Here is a tip: K is often defined as $\text{number of token A} \cdot \text{number of token B}$ .

Dimensionally, this means $K = [A] \cdot [B]$.

Now that we have the dimensions of the left side of the equation, let’s check if one of the two formulas has the same dimensions on the right side.

$$K = [A]^2 \cdot \frac{[A]}{[B]} = \frac{[A]^3}{[B]}$$
$$K = \frac{[A]^2}{\frac{[A]}{[B]}} = [A] \cdot [B]$$

So we can see that the first formula can’t be valid, and the second one is dimensionally valid!

Example 3

For an example in a DeFi context, let’s consider a real vulnerability that we identified during the CAP Labs audit (TOB-CAP-17).

function price(address _asset) external view returns (uint256 latestAnswer, uint256 lastUpdated) {
 address capToken = IERC4626(_asset).asset();
 (latestAnswer, lastUpdated) = IOracle(msg.sender).getPrice(capToken);
 uint256 capTokenDecimals = IERC20Metadata(capToken).decimals();
 uint256 pricePerFullShare = IERC4626(_asset).convertToAssets(capTokenDecimals);
 latestAnswer = latestAnswer * pricePerFullShare / capTokenDecimals;
}

Figure 1: Price calculation function in CAP

ERC-4626 explicitly expects a number of assets as the only input of the convertToAssets function. But the CAP Labs implementation sends decimals! That’s exactly the kind of issue that can be identified with a quick dimensional analysis, even without knowing what the codebase does.

Real-life best practices

Some programming languages make dimensional safety a first-class feature. For instance, F# has a “units of measure” system: you can declare a value as float<m/s> or float<USD/token>, and the compiler will reject equations where the units don’t align. It’s enforced at compile time. Solidity lacks this feature, so developers must emulate it through comments and naming conventions.

For example, Reserve Protocol’s unit comments are a textbook best practice. They codify dimensional reasoning in its codebase. All state variables and parameters are annotated with unit comments that define how values relate. This practice enforces that assignments in code must preserve matching dimensions, often with nearby comments showing unit equivalences. In Reserve Protocol contracts, each variable carries a comment like the one shown in figure 2. In this example, the comment indicates that the price is represented as a 27-decimal fixed-point unit of account per token. Because both the dimension (UoA/tok) and the numeric scale (D27) are documented, developers and auditors instantly know what a number represents and how to handle it. This eliminates ambiguity, prevents values with different scales from being mixed, and acts as a guardian against subtle formula bugs.

 /// Start a new rebalance, ending the currently running auction
 /// @dev If caller omits old tokens they will be kept in the basket for mint/redeem but skipped in the rebalance
 /// @dev Note that weights will be _slightly_ stale after the fee supply inflation on a 24h boundary
 /// @param tokens Tokens to rebalance, MUST be unique
 /// @param weights D27{tok/BU} Basket weight ranges for the basket unit definition; cannot be empty [0, 1e54]
 /// @param prices D27{UoA/tok} Prices for each token in terms of the unit of account; cannot be empty (0, 1e45]
 /// @param limits D18{BU/share} Target number of baskets should have at end of rebalance (0, 1e27]
 /// @param auctionLauncherWindow {s} The amount of time the AUCTION_LAUNCHER has to open auctions, can be extended
 /// @param ttl {s} The amount of time the rebalance is valid for
 function startRebalance(

Figure 2: Example of a comment explaining the dimension of a price in Reserve Protocol smart contracts

This approach is not limited to large or mature protocols. Any smart contract codebase can benefit from explicitly documenting dimensions and units.

Developers should treat dimensional annotations as part of the protocol’s safety model rather than as optional documentation. Clearly labeling whether a variable represents tokens, prices, liquidity shares, or fixed-point scaled values makes code easier to review, safer to modify, and significantly simpler to audit.

When designing a dimensional annotation system, a few general principles can help:

Make dimensions explicit and consistent. Decide early how dimensions will be represented (for example, tok, UoA, shares, etc.) and apply the convention uniformly across the codebase.
Always document scale together with dimension. In DeFi, mismatched decimals are often as dangerous as mismatched dimensions. Including fixed-point precision (such as D18 or D27) alongside dimensional annotations removes ambiguity.
Annotate inputs, outputs, and state variables. Dimension safety breaks down if only storage variables are documented, but function parameters and return values are not.
Prefer clarity over brevity. Slightly longer variable names or comments are far cheaper than subtle arithmetic bugs.
Document conversions explicitly. Whenever values change dimension or scale (for example, shares to assets or tokens to unit of account), adding a short comment explaining the transformation greatly improves auditability.

These conventions require discipline, but they improve dimensional safety in a language that does not natively support it.

Toward dimensional safety in Solidity

We’ve taken a first step toward automating this kind of analysis with a Claude plugin for dimensional checking, which we’ll introduce in a follow-up post. Beyond that, the ecosystem would benefit from deeper static analysis tooling that blends the semantic capabilities of LLMs. For example, a Slither-based linting or static analysis tool for Solidity could completely infer, propagate, and check “units” and “dimensions” across a codebase, flagging mismatches in the same way that Solidity warns about most incompatible types.

In the meantime, document your protocol’s dimensions and decimals: note in comments what each variable represents, and be explicit about the scale and units of every stored or computed value. These small habits will make your formulas more readable, auditable, and robust.

And try out our new Claude plugin for dimensional analysis when it’s available. Look out for more info in our next post.

22.00.0190 Decimal Diary: Happy 1st birthday to the SBS - Johnny.Decimal

2026-03-24T09:01:22.000Z

Happy 1st birthday to the SBS

Today's blog is a guest post by Lucy.

I've been thinking a lot about 'this time last year'. It was a period of upheaval for us, but also of huge productivity.

We were madly selling everything we owned on Gumtree and getting ready to move out of our home of 5 years. And we'd set a hard deadline that the Small Business System (SBS) had to be released by the end of March.

A year ago, I was buried in a looong document. For reasons, this was also a very sad time. And while it sounds cliched (and I'm no workaholic), I was grateful to have work to bury myself in. Johnny was nearby figuring out the code to make a website with a login.¹ I'm pretty sure I saw steam coming out of his laptop from time to time.

Break to stand at the whiteboard and discuss something. Write more words. Break to pack a moving box. Write more code. Break to run outside and help the buyer of our pot plants load them into a trailer. Back to the whiteboard. And so it continued.

In a nutshell, here's how we made it.

The process

We followed our own advice and stuck to the process in the Workbook/Workshop.

Scope

Our scope statement was basically "try to think of everything a small business has to do". We drew on our combined 40+ years of experience and also tested our ideas on a list of about 20 different business types. We defined a small business as fewer than 10 people, roughly.

Discovery

I opened the first of many blank mind maps and started reading different business and tax websites from the Australian Government. I pulled out keywords on anything to do with starting a small business.

Then I reviewed:

Everything in my archived filesystems from when I was a freelancer (Johnny did the same).
Everything in the Johnny.Decimal business filesystem and JDex.
Some filesystems and feedback from real small businesses in the US and New Zealand.²

I wrote down as many things as possible. I sat and thought. I walked and thought. I went down many research rabbit holes. I printed out a 20-page business plan template, stuck it to a wall, and stared at it many times a day. This went on for a few weeks.

Figure 22.00.0190A. An inspirational government business plan template on our wall.

Creating areas and categories

Then it was time to start grouping the 'discoveries' into areas and categories. And having Big Discussions with Johnny at the whiteboard. During this time, we also got up at 5am every day for Big Discussion Walks around our neighbourhood with mugs of coffee.

The mind map began to take shape and grow.

Figure 22.00.0190B. The SBS areas and categories in progress.

Building the system

This was a very collaborative process and Johnny spent a lot of time riding the whiteboard:

I took notes, photos, and audio recordings of our conversations.
We named the IDs and wrote the descriptions.
We numbered the IDs only after much consideration.
Then I wrote the supporting words for each ID.

Figure 22.00.0190C. Figuring out the finance category.

ID by ID, we began at the beginning and kept going until we reached the end. There were several rounds of review and feedback on mind maps and my master document.

When the content was 'approved', I pasted it into hundreds of text files to become the website. More rounds of review of the website followed. By the end, we were both quite batty and delirious.

Figure 22.00.0190D. Putting Johnny's feedback and other edits into the master document with a Friday-evening martini.

Figure 22.00.0190E. Proofreading the master document at the kitchen table before turning it into the website.

Final stats

A quick review of our archived files shows:

Our new system had 5 areas, 21 categories, and 344 IDs.³
There were 13 research and planning mind maps.
The master document had 342 pages and 46,309 words (written in Markdown).
Johnny had written 13,000 lines of code.
The project lasted 6 months, from September 2024 to March 2025.

We also did a sticker mailout to the first 100 people around the world who bought the system before it was released. Thank you for trusting us!

Figure 22.00.0190F. The pre-release sticker (Johnny loves planes) – we're still repping ours.

Everything related to this project was made with sweat, tears, and love by two humans.

What now

We're really happy that we made this system. We'd talked about making something for small business for ages, we just weren't sure where to begin. We spend all day in ours and we hope it's helped other businesses feel more organised.

We have ideas for improvements and welcome feedback. In the meantime, there's a new YouTube playlist for videos on how Johnny uses the SBS.

And, finally, a special shoutout to Genesis and the inventor of the martini, without whom this project would not have been possible.

Versus a one-off download and PDF from Shopify as per the Life Admin System v1.0. ↩
Thank you Dan from Paparonis, Des from Datum Machines, and Jeff from Lovett Sundries. And any other Decimals who were in touch on the forum, Discord, or email. 😊 ↩
Not including all the standard zeros throughout. ↩

Tread carefully, because you tread on my fucks. - Westenberg

2026-03-24T05:33:06.000Z

This newsletter is free to read, and it’ll stay that way. But if you want more - extra posts each month, access to the community, and a direct line to ask me things - paid subscriptions are $2.50/month. A lot of people have told me it’s worth it.

Upgrade

On any given day, I have roughly 5 or so fucks to give.

Before anyone takes that as a confession of total selfishness, I want to be precise about what I mean.

I wake up each morning with a finite quantity of moral and emotional attention. That quantity isn’t replenishable on demand by any external urgency, by any movement, by any poster on any social media platform. By the time I’ve spent however many fucks on my own anxieties, my own work, my own relationships, my own family, my own half-articulated and variously grasping fears about the future - there is precious little left over for the existential dread and the exhortations for me to “not look away” that keep arriving in my feed with all their attached moral instruction.

When I scroll past your doom posting, your thread about how everything is bad and the world is full of horrors, your viral images, your statistics, I’m not making a statement about how important the things you give a fuck about actually are in the real world.

But I’m already living on the edge of a nervous system that’s already fully deployed, and no amount of public shaming or insistence has ever - or will ever - expand my capacity by a single unit.

Various online activists will insist that this makes me complicit // part of the problem. A bystander, by which I mean a Bad Person™️ in the modern sense of someone who has access to information and does not perform the “correct” response. That accusation assumes that moral concern, panic, fear, depression, hopelessness, outrage, disgust etc are a matter of will, and that people who aren’t experiencing any // all of those emotions simply need more social pressure.

This is not a reasonable position.

Herbert Simon described this in 1971; and it was already a structural problem long before the internet turned it into the moral emergency of our time. “A wealth of information,” Simon wrote, "creates a poverty of attention." And he was right - attention is a finite resource, becoming increasingly scarce. Any system that actively increases the supply of information while failing to increase the supply of attention is doing nothing more than performing an act of brutal. Social media floods every channel with call after call for moral attention. Each cause is real, each crisis is urgent, and each demand comes with the implicit claim that id deserves priority over anything and everything else occupying your heart // mind // time.

Well I have news for you.

When everything is urgent, urgency ceases to function as a signal of any worth.

Adam Smith worked through this in 1759, in “The Theory of Moral Sentiments.” In a passage that still makes good folks uncomfortable (and of course, you and I are good folks) he describes a man in Europe who, upon hearing that a hundred thousand people have died in an earthquake in China, expresses his sympathy and then sleeps just fine.

The point: sympathy is a psychological mechanism with operational limits. It works best at close range, and it diminishes with distance, whether that distance is geographical, relational or a function of how much shit one has on one’s plate at any given time.

Robin Dunbar’s research on social cognition puts a sort of a rough number on it: we are neurologically equipped to maintain meaningful relationships with max 150 people. The internet’s scale and convenience does not dissolve or expand this limit. Viral, trending, excessively hashtagged suffering produces a numbness that can only be called compassion fatigue. You’re not connected to everyone, but you’re exposed to them, and you’re exposed to their pain, and you’re exposed to their pain about each others’ pain, and your nervous system is handling that the best it can - by rationing.

All of which is to say: my limited, five give-able fucks are not a moral failing. They are a strict and damn-near non-negotiable biological budget. I can do my best to expand that budget. I will do my best. But I will always find a limit. And however much you posture or pose or insist otherwise, so will you.

David Foster Wallace described attention as the primary moral capacity; the thing that lets you choose what to notice and how to interpret it instead of running on the default settings installed by circumstance and habit. Genuine attention is exhausting to sustain and has to be chosen, actively, against the pull of everything designed to capture it without your consent. He died in 2008, before the decade that would build platforms specifically engineered to interrupt and redirect attention hundreds of times daily, making chosen and sustained attention harder to achieve exactly as more people were demanding it be directed at more things at once. I think about his framing a lot when I'm deciding where my five fucks go. I try to spend them on things where my attention actually does something. I don’t always succeed.

Tocqueville called it individualism in the democratic sense: the tendency of people in free societies to withdraw into their small circles, absorbed in private concerns, disengaged from the larger civic life that democracy depends on. He thought civic institutions were the corrective, that the way to pull people out of private absorption was to give them something to join and do together. What he identified as a structural vulnerability, the contemporary internet has industrialized. The feeds maximize private absorption in content that generates engagement, and then the people running causes that need public support are left competing for attention in an environment built entirely around incentives that have nothing to do with their goals, and wondering why no one shows up.

My five fucks are mine. Biology gave them to me and circumstance has depleted them, and I spend them according to priorities I've developed over a life nobody else has lived. The snarking sniper on Threads cataloguing my failure as a moral agent hasn’t audited what all else my fucks paid for today. They have no idea what’s sitting in the background of my nervous system at 11pm when I finally have time to scroll the feed, and they don’t know what weight I’m carrying. Their contempt, and their demands, however confident, have never once manufactured capacity to give a damn in someone who had already reached their limit.

I get the urgency.

I get your cause.

I get why you care.

But my limits are real, and they are fundamentally not a moral position. They’re a fact of my human limitations. I can accept that. You must, too.

I built a CLI for Ghost - Werd I/O

2026-03-23T10:57:01.000Z

[John O'Nolan]

One of the most fascinating things about the AI transformation is how quickly it’s pushed against the siloed model of web applications (not to mention mobile apps!) we’ve been used to for decades now. Claude Cowork and systems like OpenClaw use the inherent connectedness of our desktop computers to get stuff done. Command lines, the UNIX philosophy, and the openness of the filesystem itself are all plusses again.

Ghost’s founder John O’Nolan built a CLI for his platform — a UI that he probably knows better than anyone else on the planet — and found that it sped him up in ways he wasn’t expecting:

“[…] Within about ~1hr of using Ghost via Claude/CLI, it was hard to imagine going back to caveman-clicking around a browser to get something done. […] I know Ghost’s UI extremely well, and know exactly where to go and what to click to do the thing I want – and even for me, using Claude is significantly faster/easier than clicking myself.”

A fun thing about this is that an update that’s aimed at making AI use faster and easier is also potentially very useful for humans that don’t want anything to do with AI. A command-line interface can be used to script updates, connect with other systems, and integrate in ways that just aren’t as easy if you’re limited to a web UI.

For AI users, CLI tools are turning out to be more token-efficient than AI-native integrations like MCP. (And even MCP is encouraging every service to build an API at an accelerated rate.) For someone who has advocated for open systems with easy off-ramps for your data for decades, it’s slightly surreal. Suddenly what might have seemed like a niche thing to want to do is the mainstream, hottest thing in tech. It’s Web 2.0 mashups all over again — but on steroids.

Everything AI can do, a human can do too. There’s no reason in the world why a non-AI system couldn’t use MCP. There’s certainly no reason why they couldn’t use a command-line interface, one of the most venerable user experiences in computing. Whatever you might think about LLMs themselves, this is quite a lovely thing.

[Link]

Earth being ‘pushed beyond its limits’ as energy imbalance reaches record high - Werd I/O

2026-03-23T10:34:54.000Z

[Jonathan Watts in The Guardian]

My mental model is that a lot of what’s happening in the world right now is driven by this:

“The United Nations body confirmed 2015 to 2025 were the hottest 11 years ever measured, but a still bleaker message was that the rising temperature experienced by humans on the surface was only 1% of the faster-accumulating heat in the wider Earth system.

More than 90% of that excess is absorbed by the oceans, which experienced the highest heat content in history last year. The rate of ocean warming has more than doubled over the past two decades, compared with the average over the previous 45 years.”

We’ve been experiencing the tip of the iceberg and making policy based on that, while the oceans have been absorbing the vast majority of the heat difference. That heat will continue to radiate back to us, committing us to more warming even if we drastically change now.

The result is inevitably fewer resources. Fewer livable areas on Earth, plus agricultural upheaval, lead to increased migration, more competition for less land, less food, and, as an obvious outcome, more conflict. For those that seek to maintain control over resources, authoritarian governments are an easier path: a rigidly-controlled population is easier to keep in line. When we could be co-operating and building more equitable societies to deal with the crisis in collaboration with each other, many of the very wealthiest are encouraging the opposite in order to shore up their own positions.

You can see it in right-wing governments moving away from renewable energy back to fossil fuels; in erosion of democratic norms; in backlashes to equity and inclusion policies that could lead to more equity and collaboration; in the surprising embrace by politicians of end times rhetoric from religious extremists. And you can see it in some of the very wealthiest buying land in places like New Zealand where they can maintain their own control and safety.

We can still say no. There are people on the ground who are fighting for something better. Activists — often from vulnerable communities that have the most to lose — are showing the way. I hope that we can demand the more equitable societies that will bring more of us through the crisis and allow us to get through it together by sharing resources and working on science-based solutions. But there’s a window of opportunity, and it won’t stay open forever.

[Link]

"Collaboration" is bullshit. - Westenberg

2026-03-22T23:31:25.000Z

Upgrade

In 1944, the Wehrmacht launched into Hitler’s last ditch effort to save the Third Reich. The Battle of the Bulge was a doomed campaign and a doomed gamble from a doomed regime, but its brutality was a true second test of the US Army on the Western Front. During the battle, Army historian S.L.A Marshall began interviewing infantry companies who’d been baptised in combat. Published 3 years later in his 1947 book, Men Against Fire, Marshall’s research showed that just 15-20% of riflemen in active combat positions ever fired their weapons - most kept their heads down. They moved when they were ordered and they held their positions, and they mimicked the outward appearance of a soldier in battle - but shoot, they did not. By any standard organisational metric, the men were present and accounted for, but 4 out of 5 never pulled the trigger.

You can debate the extent of Marshall’s numbers, and you can debate his methodology, but his ratio shows up, again and again. IBM stumbled onto it in the ‘60s when they discovered that 80% of computer usage came from 20% of the system’s features. The pattern recurs because it describes something real about how effort is distributed inside groups, where a fraction of the people do most of the work, and the rest provide what you might ~charitably call “structural support.”

Anyone who has worked in any large organisation knows exactly what I’m talking about.

The modern tech industry looked at the problem of human coordination and participation and decided the solution was “collaboration.” If only 20% of us are operating with a “killer instinct” we need to be better at managing the shared instincts of the other 80%. And so collaboration became our shared obsession. We pursue “teamwork” as a holy grail.

The teamwork revolution, if you can call it that, gave us Notion for our documents, ClickUp for our tasks, Slack for our conversations, Jira for our tickets, Monday for our boards, Teams for the calls that should been emails, emails for the things that we couldn’t squeeze in anywhere else, and now agents attempting to re-invent the whole stack. The average knowledge worker maintains accounts across system after system, switching between applications hundreds of times per day. And they produce, in aggregate, a staggering amount of coordinated and collaborative activity that never actually becomes anything resembling ~output.

When you strip away the product marketing and the dev relations and the blog posts and the funding rounds and the fuckery-upon-fuckery of it all, we’re left with a simulation of collective engagement - but very little else. Transparency got confused with progress, visibility got confused with accountability, and being included in the thread became the same thing, socially and organizationally, as owning the outcome.

Once that confusion set in at the cultural level it became nearly impossible to dislodge. The feeling of collaboration is pleasant in a way that personal accountability can never be. Owning something means you, specifically and visibly you, can fail at it, specifically and visibly, in ways that attach to your name.

Collaborating means the failure belongs to the process.

So everyone chose collaboration, and we called it culture.

Marshall's riflemen were ordinary people responding to the diffusion of responsibility that happens inside any group. Maximilien Ringelmann measured the same phenomenon with ropes in 1913, long before there were Slack workspaces to offer an emoji-react to it. Individual effort drops predictably as group size increases. The presence of others dissolves the sense of personal responsibility in a way that feels, to everyone experiencing it, entirely reasonable. You're part of a team, you're contributing, you're also (measurably) pulling less hard than you would if the rope were yours alone. Every single person on the rope is doing this simultaneously, which is why the total force never adds up the way the headcount says it should.

Frederick Brooks identified the same dynamic in software development in 1975, watching IBM's System/360 project illustrate his emerging thesis that adding people to a late project makes it later. Communication overhead grows faster than headcount, coordination costs compound, and every new person contributes their capacity along with their relationships to everyone else. Those relationships require maintenance and produce misalignment and generate the need for more meetings to address the misalignment those meetings created.

Brooks might as well have described your company's Q3 roadmap planning cycle and your startup's sprint retrospective, all of which have gotten longer every year and produced, relative to their investment, less.

The collaboration industry has spent a fortune obscuring a dirty truth: most complex, high-quality work is done by individuals or very small groups operating with clear authority and sharp accountability, then rationalized into the language of teamwork afterward. Dostoevsky wrote _The Brothers Karamazov_ alone. The Apollo Guidance Computer came from a team at MIT small enough to have real ownership, hierarchical enough that Margaret Hamilton's name could go on the error-detection routines she personally designed.

Communication matters, and shared context matters. But there’s a huge difference between communication and collaboration as infrastructure to support individual, high-agency ownership, and communication and collaboration as the primary activity of an organisation. Which, if we’re honest, is what most collaboration-first cultures have actually built. They’ve constructed extraordinarily sophisticated machinery for the social management of work, without actually doing the work they’re socialising about.

If and when it exists, ownership looks like an individual who deeply gives a shit, making a call without waiting for group-consensus. That individual will be right sometimes, and they’ll be wrong other times, and they’ll own it. They won’t sit around waiting to find out who has the authority to move a card from one column to another and post about it in the #celebrations channel.

But being that person sucks when “collaboration” is the reigning value, because every unilateral decision gets read as a cultural violation and a signal that you aren’t a team player. Collaboration-as-ideology has made ownership and responsibility feel antisocial, which is a hell of a thing, given that ownership is the only mechanism that gets anything across the finish line.

You can see this excess everywhere. Standups where people announce their busy work and as long as everyone’s “on the same page” nobody changes course. Documents that are written to perform thinking so somebody else can perform thinking, with no decision in sight. Retros, and kickoffs, and WIP meetings that spawn their own retros, kickoffs and WIP meetings like cells dividing and re-dividing, with zero connection to the work that it’s nominally organising around.

Every project now seems to carry more coordination overhead than execution time, and when it fails the postmortem just recommends more collaboration...

At some point (and I think that point was fucking yesterday) we have to ask ourselves - what are we actually producing and who is actually responsible for producing it?

Because at some level, the answer for “who is responsible for X” has to be one single person, no matter how much the collaborative apparatus layered over modern work has been engineered to make that person invisible and dissolve accountability.

We need to find some path back to trusting that individuals will do their jobs, without every responsibility being visible to an entire organisation, without follow-ups being scheduled by a cadre of overpaid managers with their overfed metrics.

Maybe - just maybe - we could make our lives a little easier. Maybe we could let human beings keep their own lists of tasks, and we could let them sink or swim by how they manage those tasks, and we could assign blame to them and to them alone when they fuck up. Maybe we could do it without needing to have team-level views of every Kanban, calendar and task list. And maybe - if we let go of the warm, expensive fiction of collective endeavour - we could make it a little easier to see who among us are pulling the trigger and who are just keeping their heads down.

Note published on March 22, 2026 at 10:29 PM UTC - Molly White's activity feed

2026-03-22T22:29:29.000Z

the great pierogiing

Histomat of F/OSS: We should reclaim LLMs, not reject them - Werd I/O

2026-03-22T15:44:17.000Z

[Hong Minhee]

This is very close to how I feel:

“I want my code to be used for LLM training. What I don't want is for that training to produce proprietary models that become the exclusive property of AI corporations. The problem isn't the technology or even the training process itself. The problem is the enclosure of the commons, the privatization of collective knowledge, the one-way flow of value from the many to the few.

[…] The question is: who owns the models? Who benefits from the commons that trained them? If millions of F/OSS developers contributed their code to the public domain, should the resulting models be proprietary?”

The problem with LLMs, in my mind, isn’t that they exist to begin with. They’re genuinely useful. It’s an issue of power dynamics and consent. Training material shouldn’t be taken from creators without their knowledge or participation; the resulting models should not be owned by a small number of wealthy corporations instead of a collectively by the people who put their work and creativity into them.

Rather than pretending that LLMs will go away and we’ll revert to a pre-AI state of being, what would it look like for these things to be built and run equitably and sustainably?

I’m inspired by ETH’s Apertus model — a fully open, multilingual LLM that is built with shared openness and representation in mind. More will likely follow (and I’m beginning to hear similar stories in specific fields like journalism). Can that be part of our future? Possibly, and the first step is not necessarily rejecting AI but rejecting how it’s run today. Software, as we’ve learned, is best built for the people, and open has historically won eventually. Open, consensual models will almost certainly win too.

[Link]

Ageless Linux - Werd I/O

2026-03-22T13:24:34.000Z

[Ageless Linux]

Ageless Linux is an act of open source activism designed to take the issue of age verification to the courts. I love it.

As lots of people have noted, while age verification laws are ostensibly being proposed to protect children, they create an authentication layer that deanonymizes the internet. The effect is a surveillance layer that will both chill speech and disproportionately harm vulnerable communities by requiring people who may already be targeted by conservative governments to fully reveal their identities.

As Rindala Alajaji and Molly Buckley wrote in Techdirt recently:

“The coalition of organizations that filed amicus briefs in support of Texas’s age verification law tells us everything we need to know about the true intentions behind legislating access to information online: censorship, surveillance, and control. After all, if the race to age-gate the internet was purely about child safety, we would expect its strongest supporters to be child-development experts or privacy advocates. Instead, the loudest advocates are organizations dedicated to policing sexuality, attacking LGBTQ+ folks and reproductive rights, and censoring anything that doesn’t fit within their worldview.”

Enter Ageless Linux, which makes its position clear as it describes its hardware product:

“A physical computing device designed to satisfy every element of the California Digital Age Assurance Act's regulatory scope while deliberately refusing to comply with its requirements. The device costs less than lunch and will be handed to children.“

The site maintains a list of age verification laws they are violating, as well as states that have proposed laws that they would violate. It’s sobering: these aren’t just the usual suspects (although that would be bad enough in itself, of course). California has a pending law that will take effect in 2027. New York and Illinois have laws under discussion.

The named contact at the bottom of the site, John McCardle, has an explanatory blog post, where he concludes:

“Since the California AG can charge me $7,500 per child that uses my OS, I may need to lawyer up. If you'd like to give me some money, I'd appreciate support on Patreon.”

Mike Godwin has published a riveting post about the unraveling of the Communications Decency Act in the nineties. I hope these laws, which are cut from the same ideological cloth, suffer the same fate. Perhaps efforts like Ageless Linux can be part of the road to get there.

[Link]

Bored of eating your own dogfood? Try smelling your own farts! - Terence Eden’s Blog

2026-03-22T12:34:07.000Z

I called a large company the other day. Did I know the information I wanted could be found on their website?⁰ And was I aware that I could manage my account online?¹ And would I like to receive a link to chat with their AI assistant via WhatsApp?²

Naturally, call volumes were higher than expected. I can only assume that whoever was in charge of predicting call volumes had recent suffered a traumatic brain injury and was unable to count beyond five without pulling their other hand out of their fundament.

The cheerful woman warbled through her pre-recorded script and was suddenly replaced with a hideous electronic monstrosity. I recorded the call³ so that you can experience this monument to synthetic glory!

🔊

💾 Download this audio file.

This is from a company whose website gushes about how innovative it is. AI is transforming its business at scale! Dedicated to technological excellence and delivering ISO accredited quality in all its divisions! And yet, somewhere, someone decided that customer experience was good enough.

"Dogfooding" is a sacred practice in the tech industry. Use your own products. That's it. That's all you have to do. For example, if you work for Slack - you can't use Teams for your messaging solution. You have to show people that you have faith in your own products.

But it goes deeper than that. When I used to work for mobile phone networks, they asked us to spend time in call centres. It isn't enough to receive a quarterly report on customer KPIs. You have to hear the rage in customers' voices as they struggle with your billing system. Perhaps that will convince you to have empathy with the people paying to use your product.

There's an oft told story about Jeff Bezos pausing a meeting to call his own customer service number - and waiting over 10 minutes for an answer. When was the last time the CEO of the above company called their own customer support line?

It's all very well to experience your own product when it is working, but when was the last time anyone in the above organisation went through a "difficult" customer journey.

By contrast, I recently cancelled a subscription to a small start-up's service. Someone from their senior leadership team asked if they could call to chat about why I cancelled. I said sure and had an enjoyable half-hour whinge / chat about their failings. At almost every complaint, they replied either "Oh, yeah, I also find that annoying" or "Huh, I've not experienced that, but I can see why it would suck."

At no point did they ever say "Our metrics don't show a problem" or "Do people really care about that?"

Maybe I was being flattered. Maybe it's a waste of senior leadership time to start every meeting with a ritual phone call to the call centre. Maybe I'm the only one who gets annoyed when people can't be bothered to put the bare minimum effort into their job.

But, maybe, breathing in the noxious output of barely digested slurry is the only way to get people to improve their diet.

It couldn't! ↩︎
Not if I wanted to cancel. ↩︎
I'd rather stick my head in a bucket of lukewarm sick! ↩︎
For training and monitoring purposes, of course! ↩︎

22.00.0188 A Productive Conversation with Mike Vardy - Johnny.Decimal

2026-03-22T02:04:52.000Z

A Productive Conversation with Mike Vardy

Last week it was my pleasure to have A Productive Conversation with Mike Vardy. We talked about the origin story of Johnny.Decimal, and why there's room for plenty more systems in the productivity world; about the links between my system, task management, and Mike's concept of TimeCrafting; and about content vs. context, and how we're often better off starting with the latter, even though our instincts start us with the former.

Listen using the link below, or in any podcast player.

share.transistor.fm/s/99794f34

100% human. 0% AI. Always.

AI is changing the style and substance of human writing, study finds - Werd I/O

2026-03-21T21:34:51.000Z

[Jared Perlo at NBC News]

Repeat after me: an LLM cannot replace a human’s skill, judgment, or taste.

Another exhibit for the jury:

“The research team found that users who heavily relied on large language models (LLMs) produced responses that diverged significantly in meaning from the answers of participants who only partially relied on LLMs or avoided their use altogether, suggesting heavy AI use alters the substance of humans’ arguments in addition to changing writing style.”

It might seem easy or fast, or a neat way to push out more content with less effort. But the software really does change the substance of your writing in what I would call objectively bad ways: it makes it less personal and less emotional, and it actively changes its underlying meaning in the process. It’s less human. Sure, ask it to give you feedback, if you want, but don’t actually let it polish your writing itself.

For the record, my posts aren’t written or conceived with an LLM, although I know an increasing number of people who use one to write a first draft and then edit. I’m not a fan. The whole point of the web — its beauty — is that it’s unrelentingly human and diverse. There are lots of ways in which AI is eating away at that core (fewer search engine referrals, more automated content, more spam), but this is the most insidious: through people who believe they are writing the piece themselves but are actually handing over their creativity to the model.

[Link]

Democratic Backsliding Reaches Western Democracies, with U.S. Decline “Unprecedented” - Werd I/O

2026-03-21T21:00:49.000Z

[Varieties of Democracy]

File under “oh, fun”, from the V-Dem Project at the University of Gothenburg:

“The U.S. democracy is currently in a much faster deterioration process than any other democracy in modern times. Within only one year, the USA’s score on the V-Dem Liberal Democracy index has declined by 24 percent, while its world rank dropped from 20th to 51st place out of 179 nations.”

The report compares the USA’s rate of decline to Hungary, Serbia, India, Russia, and Türkiye, and shows that what took Orbán four years and Modi a decade, the current administration accomplished in one. Only six countries have registered larger one-year drops on the LDI since 2000, and five of those were military coups.

As the report points out, the midterms will be a litmus test. Will it be a free and fair election — or something else? Time will tell. Election-specific indicators in the report are only reassessed in election years, so the 2025 LDI score is actually held up by the quality of the 2024 elections. If the 2026 elections are compromised, our score will plummet.

And it’s not just us.

“Nearly a quarter of the world’s nations are going through democratic backsliding, or autocratization, in 2025, and six out of the ten new autocratizing countries identified in the 2026 Democracy Report are in Europe and North America. Among them are large and influential countries like Italy, the United Kingdom, and the USA, according to the report authored by a team led by Professor Staffan I Lindberg at the V-Dem Institute, University of Gothenburg.”

The UK doesn’t get away scot-free. It’s listed as a new autocratizer this year, driven primarily by declines in freedom of expression and media freedom. But as sobering as that fact is, the fall is nowhere near as fast or precipitous as the United States.

It’s worth saying that this is the University of Gothenburg, an international university collaborating with other institutions, and not some random organization or mouthpiece. It should be taken seriously, and it's particularly the people who believe American ideals are infallible that need to wake up.

[Link]

Old PC Games on Cereal Boxes - Joel's Log Files

2026-03-21T18:10:00.000Z

I mentioned a bit of this a few years back in a post where I shared some early computing memories. At the time, I only recalled what the games were about, but I didn’t remember the names or specific game mechanics.

However, through vague descriptions and looking in some abandonware sites, I found the games and decided to share them here. There were a couple of educational titles, a couple of racing games and a zoo management game that is actually still being sold on Steam!

All of these games were bundled in Cereal boxes somewhere in the 2000s in Mexico! They were everywhere and absolutely worked on me, I just wanted my parents to get me some every time, there’s a chance some of those games aren’t listed here, but the ones that left an impression are mentioned, at least.

I talked about this post idea to Wouter, and he immediately reminded me about his own post of a similar vein where he reminisced on edutainment games from his childhood, so there you go, check it out too once you are done, or before, since they are older games than mine. 😉

Without further to do, here’s my list!

Superbike Racing

This is one of the earliest games I have memory of ever playing on a computer. I booted it up on a kinda bulky Toshiba laptop that my father had. It was developed (or maybe just published?) by IncaGold and I remember playing it around 2007.

This game had pretty neat graphics for my young eyes, and it was of the realistic style, rather than arcadey. This made the physics and the speed way too slow for me, and really deterred me from playing it that much as a kid.

I had not really played Mario Kart at the time, but I guess I just didn’t vibe with a simulator kind of game at that age, and this was closer to those, even if rather low budget. I never quite managed to turn properly and never won a race in it that I recall.

I somehow didn’t remember the name of this game at all, but once I did, I immediately recalled how I used to just say “SuperBike” in Spanish as a kid (“SuperBique”) and that made me chuckle.

A race is about to begin!

Check out this gameplay video—where I got the screenshot from—it really brought some memories back!

Pet Racer

I thinks I played this much later than Superbike Racing, and I think I was already familiar with Mario Kart Wii—which I played at an older friend’s house. Either way, this is a blatant rip-off of Nintendo’s franchise, but I didn’t really care much about that. This game was pretty fun to play around 2008.

Unfortunately, I don’t really have any significant memories about it. I just know it was a racing game and that all the characters were pretty ugly, to be honest, my favorite was the shark. I wish I could say some more things about it, but it’s probably the shallowest of the games mentioned here. There is a lot of gameplay footage out there though, so I guess I could check it out, but the next few games proved to be much more interesting.

This is definitely not Mario Kart

You can easily find gameplay of this one on YouTube, but just play Super Tux Kart, honestly, although the music ain’t too bad.

Zoo Empire

Now, this was more my jam, and I didn’t even remember it very well. Nowadays I rarely touch management games, but I really was addicted to this one as a kid. Just the thought of having my own mini-world inside my computer were animals roamed around was so fun. The game had lots of fun animations and interactions, and causing mayhem by putting animals in the same space was fun.

This game was developed by Enlight Software and was first published in 2004. I think I played it around 2009 myself, but I can’t be sure.

You managed a zoo and took care of animals, building their habitats, as well as the passageways and commodities for visitors. What blows my mind is that the game was fully 3D! with full camera controls and stuff. The graphics are old by now, but still have a lot of charm.

Another thing I really liked was the amount of terraforming you can. I can modifying terrain and making mountains or lakes and using those instead of fences.

I’m kind of interested on giving this one a revisit, the game is still available on Steam and on sale right now. It will probably suck by today standards, but I will give it a go for nostalgia’s sake.

Reviews say that the game will eventually crash, but it will be fun to just mess around for a bit.

The zoo is thriving! Screenshot from the Steam page

Check some gameplay here!—The music actually holds up so well and unlocked my nostalgia even more than the gameplay itself.

My Amazing Human Body

This is an educational game about—you guessed it—the human body. Titled in Spanish as Mi Increíble Cuerpo Humano, and developed by DK Multimedia in 1997, although I played the version I did around 2007 or so. It was full of minigames and things to click around. There’s also a character that narrates the game and asks questsions named Seymour Skinless—he is just Skelly in Spanish though—and yes, he’s a talking skeleton.

There were puzzle games about dragging and dropping body parts in the right place, tons of fun facts about each part of the body, and each organ will also come with specific games to learn what they do. For example, the brain information page has a memory game or tells you to attempt to write with your non-dominant hand, while the eye section comes with optical illusion experiments, explaining how the eyes are fooled by it. Everything in this game has plenty of drawings, models and diagrams.

This is a game that really rewards exploration, and each description of how an organ works will often highlight other specific terms and link to another terms, it is very easy to get into rabbit holes just reading and looking at visuals. There really is a whole glossary not only about the organs, but the systems and processes and how the body develops over time as we grow. I skimmed through a playthrough of the game online and was truly astonished by how much information it has, all the text on it is fully dubbed as well.

Main interface of the game, Skelly in the middle

Check some gameplay of it on YouTube—I must admit I prefer the Spanish dub, even though it’s not Latin Spanish, I just got used to the voice.

My First Amazing History Explorer

This was just La Máquina del Tiempo del Pequeño Aventurero in Spanish and was also developed by DK Multimedia, however, where a lot of the artwork on the Human Body consisted of prerrendered 3D models and 3D animation. Most of what is found in this game is mostly 2D graphics. It makes sense given the presence of paintings, maps and similar art compared to organs and bones.

Anyway, this was an extremely fun game, and had more of a story too, since I traveled through time to find the whereabouts of a missing professor. Like Skelly, there’s another character who calls himself the Time Fugitive—altough he calls himself Cronos in Spanish!—and he’s the one behind the professors disappearance, simply to get more people interested in History—a bit of a stretch but okay.

In any case, this game is as deep and fun to poke around with, letting you explore through the professor’s house—which acts as a hub or main menu of sorts—as well as access the Time Machine itself, which let’s you visit eight different time periods, showing a giant map with graphics, animations and things to click and get into rabbit holes just like the previous game, so much interactivity everywhere. There’s puzzles and questions and minigames, you can collect stamps for each time period and fill a book with them. I really enjoyed revisiting gameplay online.

Each time period was a colorful map full of animations and stuff to click

There are whole playthroughs on YouTube! they evoke so much nostalgia. The English dub is really good, the Spanish voice is kinda annoying, but I didn’t mind much as a kid.

Finishing thoughts

All these games—except maybe for Pet Racer—were such a nostalgia hit for me. Remembering the days were I would get these free games on cereal boxes from Kellog’s or Nestle. I am amazed at how much I already know computers back then, as I set up these games myself without help from my parents and such.

I am not sure of where in the world the CD-ROMs are in my dad’s office space. There’s a chance there would be more games there that I didn’t remember at all. I have a vague memory of a flight simulator, but I think the disc got scratched and I never played much of it.

In any case, I wonder how many of you have played these games or even got them for free too! Let me know by contacting me or leaving a comment!

This is day 37 of #100DaysToOffload

Reply to this post via email | Reply on Fediverse

Notable links: March 20, 2026 - Werd I/O

2026-03-20T20:19:45.000Z

Most Fridays, I share a handful of pieces that caught my eye at the intersection of technology, media, and society.

Did I miss something important? Send me an email to let me know.

Agentic Engineering Patterns

Simon Willison’s work-in-progress deep dive into agentic engineering is predictably good.

From the introduction, distinguishing agentic engineering from vibe coding:

“Some people extend that definition to cover any time an LLM is used to produce code at all, but I think that's a mistake. Vibe coding is more useful in its original definition - we need a term to describe unreviewed, prototype-quality LLM-generated code that distinguishes it from code that the author has brought up to a production ready standard.”

I’ve been using the term AI-assisted engineering, but standardizing around agentic seems more precise for the kind of activity we’re talking about.

And from the anti-patterns page:

“Don't file pull requests with code you haven't reviewed yourself.

If you open a PR with hundreds (or thousands) of lines of code that an agent produced for you, and you haven't done the work to ensure that code is functional yourself, you are delegating the actual work to other people.

They could have prompted an agent themselves. What value are you even providing?”

The temptation is to write and push code that you haven’t reviewed personally, but technology leaders need to enforce a human-review process. You are responsible for all code you push, and you are responsible for not wasting your colleagues’ time.

From writing code is cheap now:

“Delivering new code has dropped in price to almost free... but delivering good code remains significantly more expensive than that.”

Simon is building a really great guide to not just the process but the underlying mindsets behind good agentic engineering. It’s worth reading and following.

When Using AI Leads to “Brain Fry”

Interesting research about the interaction between AI use and burnout, studying 1488 (an incidentally unfortunate number) US-based workers. Burnout is real:

“Participants described a “buzzing” feeling or a mental fog with difficulty focusing, slower decision-making, and headaches. This AI-associated mental strain carries significant costs in the form of increased employee errors, decision fatigue, and intention to quit.

There’s some nuance here, however. We also found when AI is used to replace routine or repetitive tasks, burnout scores—but not mental fatigue scores—are lower. This highlights the subtle-but-important distinction between the types of stress that AI can alleviate, and those that it may worsen.”

So the kind of AI use matters. The researchers found that AI use cases that required increased oversight (coding is one, using AI with sensitive internal data is another) increased the risk of burnout. This was particularly true because the people who used these tools were more likely to take on more work, pushing their total cognitive load beyond their limits. But using it for more straightforward repetitive tasks reduced the risk of burnout.

The high-risk activities cluster around certain teams:

“After marketing, people operations, operations, engineering, finance, and IT were the functions with the highest prevalence of AI brain fry.”

Legal teams, who presumably use AI on evidence sets and on contract analysis using tools like Harvey but not their actual legal analysis, were the least likely to suffer from this problem.

This should inform how managers think about AI use and how to set humane norms internally.

Four things about Yahoo News that may surprise you

I still think Yahoo is undervalued: clearly not a tech darling, it’s quietly been chugging along, running one of the most popular news sites in the world alongside a raft of other services. None of it is pushing the envelope, particularly, but it does seem to be executing very well, and the team behind it is on an explicit mission to revitalize the brand.

This is the right approach, in my opinion — and clearly it’s working:

“Lanzone says Yahoo, owned by private equity firm Apollo Global Management since 2021, has billions in revenue. “It is very profitable,” he told Decoder’s Nilay Patel.

“Having direct deals with publishers to have their content aggregated with us has actually been part of the history of the company going back two-plus decades,” Lanzone says at one point. “We send them traffic and, in many cases, share revenue.””

It’s more recently made that strategy cleaner: it’s not trying to do its own reporting, but instead is surfacing other peoples’ and providing reach.

The underlying ethos seems to be to point to great content on the web rather than being the originator of it. In a world where other platforms, Google included, are trying to be the all-encompassing destination, it’s a web-first way to look at the world. That revitalization is right on time.

BuzzFeed Nearing Bankruptcy After Disastrous Turn Toward AI

This looks like a cut and dry story about a media company turning from producing content using writers to using AI and suffering the consequences:

“Peretti said BuzzFeed would be using the software to enhance the company’s infamous quizzes by generating personalized responses.

[…] Now, three years after its AI pivot, the writing is on the wall. The company reported a net loss of $57.3 million in 2025 in an earnings report released on Thursday. In an official statement, the company glumly hinted at the possibility of going under sooner rather than later, writing that “there is substantial doubt about the Company’s ability to continue as a going concern.””

The content was underwhelming, and this shift coincided with Buzzfeed shutting down its award-winning news division.

There’s a lot AI can do, but it can’t replace the judgment and taste of human beings. It can’t be a great writer or a great creative. It can take on drudge-work and be a good copilot, like a grammar checker or other supportive tools can be good copilots, but it’s not a replacement for a skilled workforce. (I would also argue that there’s no such thing as unskilled labor: almost every job you can think of benefits from human nuance and judgment.)

But there are a lot of people who see dollar signs and hope that replacing people with predictive engines will help them scale and increase their margins. All that means is that there will be a lot more Buzzfeeds.

Businesses rush to rehire staff after regretted AI-driven cuts

Not a surprise. Careerminds polled 600 HR professionals from organizations that had made layoffs in the last year.

“It found that 32.7% of organisations that conducted AI-led layoffs had already rehired between 25% to 50% of the roles they initially let go.

Another 35.6% said they had already rehired more than half of the roles that they cut.”

Say it with me: AI can’t replace the skill, judgment, creativity, and taste of real people. Replace the word “AI” with “spreadsheet” and the nonsense behind AI-led layoffs becomes even clearer. AI is a potentially very powerful tool, but it’s just a tool, and it works better when more highly-skilled people are using it.

Which organizations are beginning to find out:

“According to the findings, more than half of HR leaders said AI required more human insight than anticipated.”

It’s worth saying that around 21% of respondents did report that their layoffs went okay. It’s possible that they’re lying. They could also have been employing people to do very manual, repetitive data work without any degree of insight, which seems like a poor use of a workforce. But generally speaking, the study found hundreds of orgs that saw the potential to save costs and were so blinded by dollar signs that they didn’t go beyond the marketing claims about what AI could actually do:

“What ties all these findings together is that the organisations that struggled the most were making significant, irreversible decisions without the full picture of AI capabilities and what a reduction would do to their workforce.”

These organizations treated people poorly. The real tragedy is that they seem not to have understood the skills and value of their own employees. There’s a deeper problem there than just AI.

Trump is using immigration policy to suppress speech, lawsuit claims

This lawsuit, filed by The Knight First Amendment Institute at Columbia University and Protect Democracy on behalf of the Coalition for Independent Technology Research (CITR), is important:

“The suit accuses the administration of violating the First Amendment with an official policy to deny visas to or deport noncitizens who work on or study social media platforms, fact-checking or other activities the government deems "censorship" of Americans' speech. It argues that amounts to unconstitutional viewpoint discrimination.”

The work conducted by researchers into social media is vital: it helps us build safer communities that allow democratic discourse to take place. Unfortunately, the Trump administration has decided that this safety work is a radical act — and in particular that research into Trump ally Elon Musk’s X is verboten. I would assume that Ellison’s American TikTok will receive the same preferential treatment.

My friend Dr J. Nathan Matias, who runs the amazing Citizens and Technology Lab, is a named declarant. His experiences are laid out in the suit:

“[…] the Censorship Policy has deprived Dr. Matias of significant contributions from his noncitizen collaborators in the United States. Because of the fear that they will be denied reentry to the United States under the Policy, some of Dr. Matias’s U.S.-based noncitizen collaborators have decided not to travel abroad, including to attend meetings with new community partners who have important experiences related to online safety and freedom of expression. As a result, Dr. Matias has been unable to pursue collaborations with those partners, who would have added significant value to his research. Because of the same fear, one of Dr. Matias’s noncitizen collaborators felt compelled to make extensive contingency plans in connection with international travel, requiring more flexibility in their work and less visibility on their projects, which has significantly delayed progress on those projects. Additionally, because of the fear that they will be targeted for detention or deportation under the Policy based on their work, at least one of Dr. Matias’s noncitizen collaborators has decided not to speak to journalists or answer questions from policymakers on topics related to their work. As a result of these chilling effects, Dr. Matias has lost important opportunities to develop new research, obtain expert feedback on research, and bring visibility to his work and the work of his lab.”

This is unacceptable. We should all hope that the lawsuit is successful.

The Last Quiet Thing

This is a useful reframe of our relationship to technology, presented in an arresting way:

“What if the exhaustion everybody feels isn't a moral failure but the completely rational response to being made responsible for an ecosystem of objects that never stop asking?”

I’m less enamored with the author’s reframe of the work to be done to maintain these devices as shifting from an IT department. That’s not the point, and it distracts from a stronger argument about finished products vs continuously-updated devices that want to have a codependent relationship with us. Whether it’s with an end user or an IT department, it’s still dysfunctional.

It reminds me of Amber Case’s Calm Tech Institute, which aims to promote these kinds of values. The quote it features on its homepage — “What matters is not technology itself, but its relationship to us.” from Xerox PARC technician Mark Weiser — is completely on-point. I hope we have more of these sorts of conversations.

Shellsharks Blogroll - BlogFlock

Try our new dimensional analysis Claude plugin - Trail of Bits Blog

How our plugin differs from most skills

Benchmarking

How it works

What’s next?

Read "Goodhart's Law vs "prediction markets"" - Molly White's activity feed

Note published on March 24, 2026 at 7:47 PM UTC - Molly White's activity feed

PSP gaming and a new ereader - W12 - Joel's Log Files

Reading

Started

Ongoing

Completed

Watching

Gaming

Ongoing

Started

Around the Web

Blog posts

YouTube

Book Review: If We Cannot Go at the Speed of Light by Kim Choyeop ★★☆☆☆ - Terence Eden’s Blog

Spotting issues in DeFi with dimensional analysis - Trail of Bits Blog

Quantities and dimensions

Dimensional thinking in DeFi

Why some price formulas don’t work

Example 1

Example 2

Example 3

Real-life best practices

Toward dimensional safety in Solidity

22.00.0190 Decimal Diary: Happy 1st birthday to the SBS - Johnny.Decimal

Happy 1st birthday to the SBS

The process

Scope

Discovery

Creating areas and categories

Building the system

Final stats

What now

Footnotes

Tread carefully, because you tread on my fucks. - Westenberg

I built a CLI for Ghost - Werd I/O

Earth being ‘pushed beyond its limits’ as energy imbalance reaches record high - Werd I/O

"Collaboration" is bullshit. - Westenberg

Note published on March 22, 2026 at 10:29 PM UTC - Molly White's activity feed

Histomat of F/OSS: We should reclaim LLMs, not reject them - Werd I/O

Ageless Linux - Werd I/O

Bored of eating your own dogfood? Try smelling your own farts! - Terence Eden’s Blog

22.00.0188 A Productive Conversation with Mike Vardy - Johnny.Decimal

A Productive Conversation with Mike Vardy

AI is changing the style and substance of human writing, study finds - Werd I/O

Democratic Backsliding Reaches Western Democracies, with U.S. Decline “Unprecedented” - Werd I/O

Old PC Games on Cereal Boxes - Joel's Log Files

Superbike Racing

Pet Racer

Zoo Empire

My Amazing Human Body

My First Amazing History Explorer

Finishing thoughts

Notable links: March 20, 2026 - Werd I/O

Agentic Engineering Patterns

When Using AI Leads to “Brain Fry”

Four things about Yahoo News that may surprise you

BuzzFeed Nearing Bankruptcy After Disastrous Turn Toward AI

Businesses rush to rehire staff after regretted AI-driven cuts

Trump is using immigration policy to suppress speech, lawsuit claims

The Last Quiet Thing