Identity Blog Catcher

Will the future of software development run on vibes?

I got a few quotes in this piece by Benj Edwards about vibe coding, the term Andrej Karpathy coined for when you prompt an LLM to write code, accept all changes and keep feeding it prompts and error messages and see what you can get it to build.

Here's what I originally sent to Benj:

I really enjoy vibe coding - it's a fun way to play with the limits of these models. It's also useful for prototyping, where the aim of the exercise is to try out an idea and prove if it can work.

Where vibe coding fails is in producing maintainable code for production settings. I firmly believe that as a developer you have to take accountability for the code you produce - if you're going to put your name to it you need to be confident that you understand how and why it works - ideally to the point that you can explain it to somebody else.

Vibe coding your way to a production codebase is clearly a terrible idea. Most of the work we do as software engineers is about evolving existing systems, and for those the quality and understandability of the underlying code is crucial.

For experiments and low-stake projects where you want to explore what's possible and build fun prototypes? Go wild! But stay aware of the very real risk that a good enough prototype often faces pressure to get pushed to production.

If an LLM wrote every line of your code but you've reviewed, tested and understood it all, that's not vibe coding in my book - that's using an LLM as a typing assistant.

Tags: andrej-karpathy, benj-edwards, ai-assisted-programming, generative-ai, ai, llms

[Gaby Del Valle at The Verge]

This is dystopian:

"The Trump administration may soon demand the social media accounts of people applying for green cards, US citizenship, and asylum or refugee status. US Citizenship and Immigration Services (USCIS) — the federal agency that oversees legal migration, proposed the new policy in the Federal Register this week — calling this information “necessary for a rigorous vetting and screening” of all people applying for “immigration-related benefits.”"

I'm truly interested to learn how this squares with the First Amendment of the United States Constitution, which constrains government's ability to restrict speech of anyone on US soil, including immigrants and visitors.

I agree with Beatriz Lopez, the executive director of Catalyze/Citizens, who said:

“Trump is turning online spaces into surveillance traps, where immigrants are forced to watch their every move and censor their speech or risk their futures in this country. Today it’s immigrants, tomorrow it’s U.S. citizens who dissent with Trump and his administration.”

#Democracy

[Link]

Aider: Using uv as an installer

Paul Gauthier has an innovative solution for the challenge of helping end users get a copy of his Aider CLI Python utility installed in an isolated virtual environment without first needing to teach them what an "isolated virtual environment" is.

Provided you already have a Python install of version 3.8 or higher you can run this:

pip install aider-install && aider-install

The aider-install package itself depends on uv. When you run aider-install it executes the following Python code:

def install_aider(): try: uv_bin = uv.find_uv_bin() subprocess.check_call([ uv_bin, "tool", "install", "--force", "--python", "python3.12", "aider-chat@latest" ]) subprocess.check_call([uv_bin, "tool", "update-shell"]) except subprocess.CalledProcessError as e: print(f"Failed to install aider: {e}") sys.exit(1)

This first figures out the location of the uv Rust binary, then uses it to install his aider-chat package by running the equivalent of this command:

uv tool install --force --python python3.12 aider-chat@latest

This will in turn install a brand new standalone copy of Python 3.12 and tuck it away in uv's own managed directory structure where it shouldn't hurt anything else.

The aider-chat script defaults to being dropped in the XDG standard directory, which is probably ~/.local/bin - see uv's documentation. The --force flag ensures that uv will overwrite any previous attempts at installing aider-chat in that location with the new one.

Finally, running uv tool update-shell ensures that bin directory is on the user's PATH.

I think I like this. There is a LOT of stuff going on here, and experienced users may well opt for an alternative installation mechanism.

But for non-expert Python users who just want to start using Aider, I think this pattern represents quite a tasteful way of getting everything working with minimal risk of breaking the user's system.

Update: Paul adds:

Offering this install method dramatically reduced the number of GitHub issues from users with conflicted/broken python environments.

I also really like the "curl | sh" aider installer based on uv. Even users who don't have python installed can use it.

Tags: uv, paul-gauthier, aider, python

The reduction of the bloated explosions continues in the Marvel Universe - and from my perspective - that is good.
Plus Ryan and Hugh.
Plus ‘Wick like’ choreography and it’s not that they are breaking the 4th wall - it’s more ‘what wall’?
Oh - and it’s Deadpool.
Big Fan.

If I write a long form post - with a title and / or summary - BUT open the post with ‘@’ - the NEW post ignores the title and the summary and just posts it as a reply. Is that a feature or a bug @manton ?

The Graphing Calculator Story

Utterly delightful story from Ron Avitzur in 2004 about the origins of the Graphing Calculator app that shipped with many versions of macOS. Ron's contract with Apple had ended but his badge kept working so he kept on letting himself in to work on the project. He even grew a small team:

I asked my friend Greg Robbins to help me. His contract in another division at Apple had just ended, so he told his manager that he would start reporting to me. She didn't ask who I was and let him keep his office and badge. In turn, I told people that I was reporting to him. Since that left no managers in the loop, we had no meetings and could be extremely productive

Via Kellan

Tags: apple, computer-history

Manton writing today : 🔗 about something that @devilgate wrote : 🔗 Maybe You Can Post Your Way Through Fascism

💯 .. we’ve sort of been down this track before .. not so much Martin’s pov .. as the larger picture .. don’t be cowed .. about anything .. by anyone. And yes it can be scary .. but if nobody reads it .. then you got it out of your system .. if everybody reads it .. you will find that you are not alone.

Me on related threads .. April to July last year.

🖇️ Setting The Record Straight

🖇️ We Are Being Forced To Conform

🖇️ Is This How You Get ‘Silenced’?

Seperately, I am English and have lived in the US a lot .. and have never been tempted to do the citizen thing. That doesn’t stop me writing commenting and signing up to campaign on the ground for politicians that are fighting for what I believe is right. People ask me why? If I can’t vote .. why bother?

Answer.. if I can convince just one person to vote for ‘my politician,’ then I am using their vote as my surrogate. A second .. and more .. icing on the cake. The same goes for writing, cartooning, talking in bars .. play to your strength .. the margins are so close these days that the shift is getting easier every day to make the win happen.

Keep going. I am.

Demo of ChatGPT Code Interpreter running in o3-mini-high

OpenAI made GPT-4.5 available to Plus ($20/month) users today. I was a little disappointed with GPT-4.5 when I tried it through the API, but having access in the ChatGPT interface meant I could use it with existing tools such as Code Interpreter which made its strengths a whole lot more evident - that’s a transcript where I had it design and test its own version of the JSON Schema succinct DSL I published last week.

Riley Goodside then spotted that Code Interpreter has been quietly enabled for other models too, including the excellent o3-mini reasoning model. This means you can have o3-mini reason about code, write that code, test it, iterate on it and keep going until it gets something that works.

Code Interpreter remains my favorite implementation of the "coding agent" pattern, despite recieving very few upgrades in the two years after its initial release. Plugging much stronger models into it than the previous GPT-4o default makes it even more useful.

Nothing about this in the ChatGPT release notes yet, but I've tested it in the ChatGPT iOS app and mobile web app and it definitely works there.

Tags: riley-goodside, code-interpreter, openai, ai-agents, ai, llms, ai-assisted-programming, python, generative-ai, chatgpt

Career Update: Google DeepMind -> Anthropic

Nicholas Carlini (previously) on joining Anthropic, driven partly by his frustration at friction he encountered publishing his research at Google DeepMind after their merge with Google Brain. His area of expertise is adversarial machine learning.

The recent advances in machine learning and language modeling are going to be transformative [d] But in order to realize this potential future in a way that doesn't put everyone's safety and security at risk, we're going to need to make a lot of progress---and soon. We need to make so much progress that no one organization will be able to figure everything out by themselves; we need to work together, we need to talk about what we're doing, and we need to start doing this now.

Tags: machine-learning, anthropic, google, generative-ai, ai, llms, nicholas-carlini

QwQ-32B: Embracing the Power of Reinforcement Learning

New Apache 2 licensed reasoning model from Qwen:

We are excited to introduce QwQ-32B, a model with 32 billion parameters that achieves performance comparable to DeepSeek-R1, which boasts 671 billion parameters (with 37 billion activated). This remarkable outcome underscores the effectiveness of RL when applied to robust foundation models pretrained on extensive world knowledge.

I've not run this myself yet but I had a lot of fun trying out their previous QwQ reasoning model last November.

LM Studo just released GGUFs ranging in size from 17.2 to 34.8 GB. MLX have compatible weights published in 3bit, 4bit, 6bit and 8bit. Ollama has the new qwq too - it looks like they've renamed the previous November release qwq:32b-preview.

Via @alibaba_qwen

Tags: generative-ai, inference-scaling, ai, qwen, llms, open-source, mlx, ollama

Stream the Latest Episode

Listen and watch now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

WorkOS — The modern identity platform for B2B SaaS.

The Software Engineer’s Guidebook: Written by me (Gergely) – now out in audio form as well

Augment Code — AI coding assistant that pro engineering teams love

—

In This Episode

Not many people know that I have a brother: Balint Orosz. Balint is also in tech, but in many ways, is the opposite of me. While I prefer working on backend and business logic, he always thrived in designing and building UIs. While I opted to work at more established companies, he struck out on his own and started his startup, Distinction. And yet, our professional paths have crossed several times: at one point in time I accepted an offer to join Skyscanner as a Principal iOS Engineer – and as part of the negotiation, I added a clause to my contrac that I will not report directly or indirectly to the Head of Mobile: who happened to be my brother, thanks to Skyscanner acquiring his startup the same month that Skyscanner made an offer to hire me.

The Orosz brothers: both of us are working in tech, and have had professional overlaps. Like this podcast episode!

Today, Balint is the founder and CEO of Craft, a beloved text editor known for its user-friendly interface and sleek design – an app that Apple awarded the prestigious Mac App of the Year in 2021.

In our conversation, we explore how Balint approaches building opinionated software with an intense focus on user experience. We discuss the lessons he learned from his time building Distinction and working at Skyscanner that have shaped his approach to Craft and its development.

In this episode, we discuss:

Balint’s first startup, Distinction, and his time working for Skyscanner after they acquired it

A case for a balanced engineering culture with both backend and frontend priorities

Why Balint doesn’t use iOS Auto Layout

The impact of Craft being personal software on front-end and back-end development

The balance between customization and engineering fear in frontend work

The resurgence of local-first software and its role in modern computing

The value of building a physical prototype

How Balint uses GenAI to assist with complicated coding projects

And much more!

Takeaways

Design-focused engineers find it harder to fit in. Engineers who focus on backend and distributed systems can usually verbalize their impact clearer, and could see faster career growth – including getting into leadership positions. This creates a reinforcing cycle: as most engineering executives have a backend engineering background: they will recognize and reward backend contributions more.

Balint didn’t like how he didn’t “fit in” as an engineer focused on design and UI: but he just kept building things he believed in – and years later, building up that “design muscle” helps him build products that backend-focused engineers might struggle in putting together.

Amazing companies cannot have a single engineering culture. Balint observed how every standout company that has a single engineering culture inherently biases towards either a backend-heavy engineering culture (e.g. Google, Amazon) or a UI-heavy one (Amazon). For a company to be truly standout – more so than these Big Tech giants – it needs to have several engineering cultures: prioritizing both backend and UI excellence. This is what Craft is aiming to do internally.

To build something better than most other products: you might need to take a different approach. Craft does not use Apple’s UI components: they don’t use SwiftUI or Autolayout – something that 95% or more of iOS apps all take advantage of.

Craft, instead, built their own components from scratch, and came up with their own layout and animations system. This is a lot more work at first: but it’s how Craft can do smooth animations that most apps are unable to do so – and it’s a reason engineers at Apple have asked the team “how are you able to do such a smooth animation on the navigation bar?” (The native iOS navigation bar cannot be animated like Craft does it) Craft can do all this thanks to building and maintaining their own components. It’s simpler to do than most would assume: in the episode, we look at actual code.

A shared codebase is an underrated advantage for speed, consistency and efficiency. Craft has a total of 4 engineers building the respective apps for:

iOS

iPad

MacOS

VisionOS

They can do this, because it’s a single codebase! A single codebase also means that all features built on one platform immediately work on all others.

The Pragmatic Engineer deepdives relevant for this episode

The AI hackathon at Craft Docs

Engineering career paths at Big Tech and scaleups

Thriving as a Founding Engineer: lessons from the trenches

The past and future of modern backend practices

Timestamps

(00:00) Intro

(02:13) What it’s like being a UX-focused founder

(09:00) Why it was hard to gain recognition at Skyscanner

(13:12) Takeaways from Skyscanner that Balint brought to Craft

(16:50) How frameworks work and why they aren’t always a good fit

(20:35) An explanation of iOS Auto Layout and its pros and cons

(23:13) Why Balint doesn’t use Auto Layout

(24:23) Why Craft has one code base

(27:46) Craft’s unique toolbar features and a behind the scenes peek at the code

(33:15) Why frontend engineers have fear around customization

(37:11) How Craft’s design system differs from most companies

(42:33) Behaviors and elements Craft uses rather than having a system for everything

(44:12) The back and frontend architecture in building personal software

(48:11) Shifting beliefs in personal computing

(50:15) The challenges faced with operating system updates

(50:48) The resurgence of local-first software

(52:31) The value of opinionated software for consumers

(55:30) Why Craft’s focus is on the user’s emotional experience

(56:50) The size of Craft’s engineering department and platform teams

(59:20) Why Craft moves faster with smaller teams

(1:01:26) Balint’s advice for frontend engineers looking to demonstrate value

(1:04:35) Balint’s breakthroughs using GenAI

(1:07:50) Why Balint still writes code

(1:09:44) Rapid fire round

A summary of the conversation Design-first engineering: less recognition?

Balint has been writing code since he was 12. He’s always had a pull towards interactivity, animation, and found himself in the intersection of code and design.

Backend engineering is much easier to quantify than UI/UX work. Balint always felt that backend engineering was easier to quantify in impact – like saving millions in infrastructure costs or scaling to billions of users. How do you quantify that the UI is smooth and delightful?

Balint always felt that "hardcore engineers" did not consider him one of them – as his focus was on UX and UI – like making interactions faster, and animations smoother, and not on distributed systems or scalable algorithms. But designers and product managers also didn’t look at him as equals.

There’s a pull for engineers to move towards the backend and distributed systems. Exactly because these areas are seen as having hard problems to solve and are often more measurable in terms of impact.

Engineering culture at Craft

Craft started off as a text editor for mobile use. When starting to code the product, Balint didn't believe that established engineering patterns, code coverage, or even design components would be the right approach.

Principles in building craft:

Data principles: efficiency and zero data loss are both non-negotiatble. There’s not much to innovate in this area – it’s very well understood! Just refine the existing state of the art.

Fluency. Craft is designed to be used for hours each day, so it needs to feel snappy and fluent.

Having just one engineering culture is not enough. To create an amazing product, you cannot have either frontend or backend engineering principles dominate:

When the dominant engineering culture is UI-first: Apple is a good example. Apple builds delightful user experiences. However, their backend systems and web products are lacking.

When the dominant engineering culture is backend-first: Amazon and Google are good examples. Both focus on system design and backend engineering principles – in return their UIs don't feel as comfortable.

Craft uses the same codebase across 4 platforms: iOS, iPad, MacOS (desktop), and Vision Pro. 99% of the code is common, with some additional native bindings for each platform. Why the same codebase? Balint wanted the desktop app to always do the same thing as the mobile app, and a shared code base was the best way to do it.

Team structure

Craft's product engineering team is around 20 people. This includes product engineering, design, and QA.

They are split into a platform team, which means they have a web team, a native app team, and a backend team. Each of those teams has three to four people.

Balint observed that teams with more than 5 people start to have communications issues

Architecture choices

Prioritize control over abstractions and trends. Using core language patterns and framework elements gives you more control over what you want to do. High-level abstractions and frameworks require more time figuring out the bugs and what those frameworks allow or disallow.

Everything is a canvas. Craft treats everything as a canvas that they draw on. This allows building toolbars that look exactly like a Mac toolbar on the Mac and an iOS toolbar on the iPhone. However, Craft now has more control over these components than if they used the native ones.

Avoiding AutoLayout and SwiftUI. Every time Craft hires a new iOS engineer, the new joiner inevitably asks them why they don't use new technologies like AutoLayout or SwiftUI. Balint shows them one of their transitions and asks them to implement it with the same performance in AutoLayout – and if they can succeed, they’ll move over. So far, no one has managed: but it’s a good exercise to help understand that decisions are not arbitrary, but are following practical purposes.

AutoLayout promises that you no longer need to think in rectangles; you can just say it should be at the top and it can automatically grow. However, when you keep adding more things, the complexity increases and when you want to do something more sophisticated, it can become very performance-intensive.

With AutoLayout, you are trading off easier definition and work as a developer for more complexity on the device and less control when you want to do more advanced animations.

Principles for personal software

“How it makes me feel” matters more. When it comes to personal software, consumers choose a lot more on which one they feel resonates with them. Thus the best personal software is a lot more opinionated than B2B software is

Craft is aiming to build what Visual Studio Code is for engineers – Craft aiming to do the same for knowledge workers. Visual Studio Code feels lightweight and is a fresh breath of air because it's responsive, fast, and does everything you need.

A different take on design systems.

Most companies create an “atomic design system:” starting with base colours as atoms, then buttons that combine colors and shapes as components, and then building up from here.

Craft, instead, has systems for animation. They have an animation engine and library that synchronizes everything across everyone and they enforce usage of that.

A local-first approach

New technologies emerge on the server side. When you're dealing with personal software, the amount of content you're dealing with can fit on the user's device. A lot of the compute can be done locally.

Craft’s architecture is preparing for local-first approaches. They architected components so they can replace them with local or remote components anytime they decide it’s now possible to do so.

An example is search: instead of having a big elastic search cluster, they are looking at having 2 million search indexes on a disk in the cloud. Every time somebody does a search, they can either download that search index locally and use it there to execute the search, or a Lambda or serverless function can just read the search index.

The industry keeps swinging between cloud and local compute.

There is a new wave of personal computing powered by processors getting faster. The M4 Pro is a faster processor than anything you can buy on an AWS cloud.

Eventually, people will get tired of their personal computers holding them back and they’ll appreciate server-side components working faster. After a while, they will then start to get annoyed about how much the server-side project costs… and the pendulum keeps swinging

Local-first is experiencing a comeback because people are starting to travel again. It gets inconvenient when you need something badly, with poor connection – and you cannot access it.

Where to find Balint Orosz:

• X: https://x.com/balintorosz

• LinkedIn: https://www.linkedin.com/in/balintorosz/

Mentions during the episode:

• Craft: https://www.craft.do/

• Skyscanner: https://www.skyscanner.com/

• Flash: https://en.wikipedia.org/wiki/Adobe_Flash

• Shader: https://en.wikipedia.org/wiki/Shader

• Understanding Auto Layout: https://developer.apple.com/library/archive/documentation/UserExperience/Conceptual/AutolayoutPG/index.html

• Mac Catalyst: https://developer.apple.com/mac-catalyst/

• Apple M1: https://en.wikipedia.org/wiki/Apple_M1

• Elasticsearch: https://en.wikipedia.org/wiki/Elasticsearch

• The Cloud Is a Prison. Can the Local-First Software Movement Set Us Free?: https://www.wired.com/story/the-cloud-is-a-prison-can-the-local-first-software-movement-set-us-free/

• Local-first software: https://news.ycombinator.com/item?id=31594613

• Visual Studio Code: https://code.visualstudio.com/

• ChatGPT 01 model: https://openai.com/o1/

• PencilKit: https://developer.apple.com/documentation/pencilkit

• Swift: https://www.swift.org/

• Objective-C: https://en.wikipedia.org/wiki/Objective-C#

• Tailwind CSS: https://tailwindcss.com/

• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers: https://www.amazon.com/Hard-Thing-About-Things-Building/dp/0062273205

—

Production and marketing by Pen Name. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

A double from Nathan

🔗 Imported parts on a Chevrolet Silverado

🔗 Ambiguity in what counts as American-made vehicles – FlowingData

For example …

📸 It was never mean to be a series …

… and then today … two images AND two rainbows.

🕵💬 Inspired By People | 🌐 Ralph Waldo Emerson

🔍 All The Posts can be found here, or scroll through the quotes below.

💬 London, June 1940

Faced with the bewilderment of my countrymen, by the disintegration of a government in thrall to the enemy, by the fact that the institutions of my country are incapable, at this moment, of functioning, I, General de Gaulle,. French soldier, realise that I now speak for France”

💬 Charles de Gaulle

via John Naughton (though Siri felt ‘Moan Naughty’ was the correct reference)

So, yes, hi, I have a Tesla. It’s a long range Model 3 which I bought in 2021.

After a career spent working on open source and mission-drive projects — right now I work for a non-profit newsroom; once upon a time I built a social networking platform for education — it might shock you to learn that I am not rich. I have never had a significant tech company equity package; I have never seen the benefit of a significant exit. I own my own home but needed to move far away from the Bay Area to do it. I’ve done okay and I’m grateful for the opportunities that I’ve had, but I am not very wealthy. It would be really meaningful for me to bolster my income by another $2K a month and I’ve been thinking a lot about how to do that lately.

The Tesla has put me in a bit of a weird situation. Even before Elon Musk threw three Hitler salutes on-stage, I couldn’t really afford to own it: the monthly cost is really high for a car that I maybe drive two to three times a week. But selling it is also hard: it’s depreciated really fast, and I’ll barely be able to pay off the loan I have on it. (A lease would have been a better deal.) It actually won’t be that easy for me to get a replacement car, even with a trade-in deal. I’d prefer to keep an electric car — they’re both better environmentally and just as a car to run and own — but we’ll see if that’s possible.

But I will sell it. Hopefully this month. I don’t want to even tacitly be associated with promoting that man or bolstering his wealth. Until then, I’ve become one of those people who has disclaimered his car, so anyone who sees it is under no impression that I am in favor of anything that’s happening in this country right now.

One sticker I don’t have: the one that says I bought this before Elon went crazy. There’s no such thing. The warning signs were always there; my car situation is a prime example of how ignoring these kinds of ethical red flags lead to real losses in the long run. I brought this on myself.

I know I’m not alone. Not everyone who owns one of these things is a wealthy Musk supporter. That doesn’t mean we should be absolved — we should have seen what we were getting into, and owning a Tesla does mean continuing to pay Musk, who is clearly a fascist, money through connectivity plans and so on — but it’s worth acknowledging that, for many people, it’s not a no-brainer to take this kind of financial hit.

Anyway, that’s the deal. I guess I’m posting this out of a sense of transparency, and a little bit out of a sense of exasperation at my own past purchasing decisions and the overwhelmingly bad present situation. Many of you will be judging me for this, and I both accept and deserve that. But here I am.

[Andy Kroll at ProPublica]

Cutting the IRS has nothing to do with government efficiency:

"Unlike with other federal agencies, cutting the IRS means the government collects less money and finds fewer tax abuses. Economic studies have shown that for every dollar spent by the IRS, the agency returns between $5 and $12, depending on how much income the taxpayer declared. A 2024 report by the nonpartisan Government Accountability Office found that the IRS found savings of $13,000 for every additional hour spent auditing the tax returns of very wealthy taxpayers — a return on investment that “would leave Wall Street hedge fund managers drooling,” in the words of the Institute on Taxation and Economic Policy."

These cuts will particularly curtail audits of wealthy individuals: people who are more likely to be avoiding paying tax to begin with.

As the article points out:

"“When you hamstring the IRS,” Koskinen added. “it’s just a tax cut for tax cheats.”"

So let's not do that?

#Democracy

[Link]

[Andrew Paul at McSweeney's]

"I gotta be honest with you, though. I think the Outer God got the message loud and clear. Our tasteful combination of fashionably coordinated clothes, tiny paper fans with BAD! printed on them, and some of our sternest looks of disapproval to date really drove home the fact that we aren’t jazzed by all this cosmic cruelty. I can’t think of anything we could have done differently to inspire our petrified constituents to rise up and take a stand against Nyarlathotep’s unholy resummoning. Sure, the Dungeon Lich-at-Arms tossed that representative from Texas into a Torment Portal after they booed the President, but there’s no way that will play well to anyone beyond his most devout minions."

It's funny because it's true.

#Democracy

[Link]

In case you saw something about CNN written by WaPo.. this is who wrote it.

I’m happy to announce that some PostgreSQL colleagues and have once again organized the Extension Ecosystem Summit at PGConf.dev in Montréal on May 13. Floor Drees, Yurii Rashkovskii, Keith Fiske will be on hand to kick off this unconference session:

Participants will collaborate to learn about and explore the ongoing work on PostgreSQL development and distribution, examine challenges, identify questions, propose solutions, and agree on directions for execution.

Going to PGConf.dev? Select it as an “Additional Option” when you register, or update your registration if you’ve already registered. Hope to see you there!

Extension Ecosystem Mini-Summit 2.0

We are also once again hosting a series of virtual gatherings in the lead-up to the Summit, the Postgres Extension Ecosystem Mini-Summit.

Join us for an hour or so every other Wednesday starting March 12 to hear contributors to a variety of community and commercial extension initiatives outline the problems they want to solve, their attempts to so, challenges discovered along the way, and dreams for an ideal extension ecosystem in the future. Tentative speaker lineup (will post updates as the schedule fills in):

March 12: David Wheeler, PGXN: “State of the Extension Ecosystem” Date TBD: Peter Eisentraut, Core Team: “Implementing an Extension Search Path” Date TBD: Christoph Berg, Debian: “Apt Extension Packaging” TBD May 7: Gabriele Bartolini, CNPG “Extension Management in CloudNativePG”

Join the meetup for details. These sessions will be recorded and Posted to the PGConf.dev YouTube and we’ll have again detailed transcripts. Many thanks to my co-organizers Floor Drees and Yurii Rashkovskii, as well as the PGConf.dev organizers for making this all happen!

More about… Postgres PGXN Extensions PGConf Montréal Summit

The Beeper Beta LOOKS pretty similar to the old Beeper .. BUT the performance is vastly improved.

Why is my battery alert on my phone yellow .. even at 100%?

I had never heard of 🔗 Zora Neale Hurston .. until today .. so glad I have. Via The Wisdom Letter

1/4

2/4

3/4

4/4

Originally published on ‘this’ blog in 2007 - 🖇️ The world has not changed as much as we think …

18 years later … the quotes hold and still I would argue that “The world has not changed as much as we think”.

My micro blog Mac app suddenly crapped out and not coming back - deinstalled and reinstalled - moved to the beta - all to no avail .. reduced to the web world for now. 🥺

🔗 Harold Innis’s communications theories - Wikipedia

.. a new one on me - via Seth Godin via Cory Doctorow … this is how networks work.

A Practical Guide to Implementing DeepSearch / DeepResearch

I really like the definitions Han Xiao from Jina AI proposes for the terms DeepSearch and DeepResearch in this piece:

DeepSearch runs through an iterative loop of searching, reading, and reasoning until it finds the optimal answer. [...]

DeepResearch builds upon DeepSearch by adding a structured framework for generating long research reports.

I've recently found myself cooling a little on the classic RAG pattern of finding relevant documents and dumping them into the context for a single call to an LLM.

I think this definition of DeepSearch helps explain why. RAG is about answering questions that fall outside of the knowledge baked into a model. The DeepSearch pattern offers a tools-based alternative to classic RAG: we give the model extra tools for running multiple searches (which could be vector-based, or FTS, or even systems like ripgrep) and run it for several steps in a loop to try to find an answer.

I think DeepSearch is a lot more interesting than DeepResearch, which feels to me more like a presentation layer thing. Pulling together the results from multiple searches into a "report" looks more impressive, but I still worry that the report format provides a misleading impression of the quality of the "research" that took place.

Tags: jina, generative-ai, llm-tool-use, search, ai, rag, llms

Typos fixed. I hope.

Here are a dozen of the many Micro.Bloggers I enjoy:

💬 Miraz

🔗 Her original post

Thanks you for inspiration Miraz. Some of mine…

@Bradenslen
@Andysylvester
@The
@Danielpunkass
@Moondeer
@Hawaiiboy and @Crossingthethreshold - keeps me connected to HI.
@Munish
@Dave
@Mandaris
@Numericcitizen
@Mtt
@Mitchw
@AlanRalph
@Bjhess
@Jusummerhayes
@Amerpie
@Endonend
@Pratik - his account lives on - though his posts now live elsewhere.
@Gregmoore
@Moonmehta
@Hutaffe
@Annie
@Kaa
@Toddgrotenhuis
@Simonwoods
@Billbennettnz
@Jimmitchell
@Devilgate
@Herself
@Artkavanagh
@Tylerknowsnothing
@Markstoneman

Hi – this is Gergely with the monthly, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover challenges at Big Tech and startups through the lens of engineering managers and senior engineers. If you’ve been forwarded this email, you can subscribe here.

The most-frequently cited article I’ve ever written is still The trimodal nature of software engineering salaries in the Netherlands and Europe – which is a deepdive published back in 2021. At the time, I had recently left my engineering manager job at Uber, and was trying to understand how tech compensation really works. At Uber in Amsterdam, I saw that comp for senior software engineering positions was 2-5x higher than for most “local” senior roles.

To find out why this gap exists, I gathered hundreds of data points and talked with dozens of recruiters and managers; was this comp gap a symptom of “bimodal” distribution, as Daan Luu posted in 2016? After researching, I felt confident enough to say that tech compensation in the Netherlands and Europe was trimodal:

High-level overview. “$X” varies per country and region, but trends are international

Last year, we returned to this topic in The Trimodal nature of tech compensation revisited, which validated the distribution by using more than 1,000 data points from the Dutch market, and quotes from engineering leaders and software engineers in the US, UK, Canada, and Japan, which suggested that a “trimodal” model is real. Even so, this was partly anecdotal and in need of hard data to confirm it.

Today, we finally have the numbers, thanks to the Levels.fyi team,, and this article dives into the findings by region, covering:

US: entry-level software engineers. Categorizing the three tiers of compensation bands, based on 5,601 data points.

US: senior software engineers. More Tier 2 and 3 offers are at least twice as big as the Tier 1 median, based on 9,509 data points.

Best-paying US companies by tier. Hedge funds, top scaleups, and Big Tech lead the pack – with companies like Roku, MongoDB and Dropbox also ranking high.

UK numbers, tiers, and best-paying companies. Hedge funds and finance companies lead, with Stripe, Confluent, and BP also making it to the top 10, based on 6,219 data points.

India numbers and tiers. Rippling, Stripe, Uber, Coinbase, Atlassian, Broadcom, and LinkedIn, offer ₹1 crore-or-above packages for senior engineers ($118K and up), based on 2,078 data points

Note on equity. Startups and scaleups may offer more in total compensation than publicly traded companies, but equity in not-yet-public companies comes with risk.

The data on the US, UK, and India reveals a complex regional picture united by a trimodal model. See below:

Three “tiers” in the US data. See “US: senior software engineers” section

If you want to look even deeper into this topic, check out other detailed articles on tech compensation:

The trimodal nature of software engineering salaries in the Netherlands and Europe (Part 1, 2021)

The trimodal nature of tech compensation revisited (Part 2, 2024)

Compensation at publicly traded tech companies (2023)

Senior-and-above compensation in tech (2024)

The trimodal nature of software internship salaries (research by Levels.fyi, 2024)

Thank you to Hakeem Shibly, Zuhayeer Musa, Zaheer Mohiuddin and the Levels.fyi team for sharing massive amounts of data and insights for this deepdive.

Data source

This article uses more than 10,000 compensation data points sourced from Levels.fyi, a compensation comparison site which is great for:

Comparing engineering career levels, such as how E5 at Meta maps to SDE3 at Amazon

Browsing tech comp at large tech companies and scaleups, powered by user submissions

Levels.fyi is powered by a combination of self-reported and verified data points. They offer resume review and salary negotiation services with Big Tech recruiters. A neat feedback loop of this is that information from their salary negotiation services helps the team ensure that submitted data really is valid. Levels.fyi also has a job board and provides compensation benchmarking services for businesses.

Some stats about Levels.fyi:

2.5 million visitors per month

20,000 new data points added per month, on average

$100M: total value of increased comp offers achieved with its compensation negotiation service – not including raises negotiated by candidates using the site ad-hoc for comparison.

A team of 13 people is behind the site and app, and I recently grabbed coffee with several of them in San Francisco.

This article covers “total compensation” (TC), not only salary. TC includes all forms of annual comp:

Base salary

Cash bonus, or the cash bonus target of companies that share this information

Value of equity vested

For example, a $300K TC package might look like this:

$175K base salary

Plus $25K target bonus

Plus $100K in equity vesting over the first year (typically $400K vested over 4 years, with $100K vesting each year)

Equity is a tricky topic but also a key one, more on which is in the “Note on equity” section near the foot of this article.

1. US: entry-level software engineers

Let’s start with entry-level software engineer offers submitted to Levels.fyi in the past year for the world’s biggest tech market. Here’s how these data points were filtered:

“Software Engineer” submissions

Offer date between 1 Jan 2024 and 1 Jan 2025

Years of experience: between 0 and 2

Region: US

Years at company: 0. This means we look at new offers, not existing employees’ comp changes at their current workplaces

We have 5,601 entry-level US data points after applying the filters. A visualization:

5,601 entry-level software engineering offers in the US, visualized

At first sight, this distribution fits what looks more like a bimodal distribution, with a first peak at $100-110k, and a second peak at $170-180k:

Comp distribution has twin “local maximum” peaks

However, after sifting through the data and manually tagging companies by common traits, we find the data organizes itself differently. The chart below takes the same data and organizes it based on the assumption behind the original trimodal distribution: that companies compensate based on the market they compete in. We use three categories of business type:

Big Tech. Apple, Amazon, Microsoft, Google, Meta, and Netflix, alongside publicly traded, large tech companies competing with them, like Uber, Snap, and Pinterest

Top scaleups and hedge funds. Late-stage startups backed by well-known VCs that have not gone public, or IPOed only very recently. Plus hedge funds, and quantitative trading firms (quant)

Everyone else. startups, privately owned companies, and “traditional” ones

Here’s how the same data looks when broken down into these categories:

Segmenting the data by three tiers

Now, let’s check each segment.

Tier 1: Everyone else

This category consists mainly of companies competing for local talent, which often are not driven by their engineering talent or digital products.

Distribution of the “everyone else” category: 3,262 data points (58% of total). Median: $105K, 75th percentile: $130K

This resembles the lowest tier (“Tier 1”) of the trimodal model. It’s interesting how drastically the distribution changes by removing Big Tech, top scaleup, and hedge fund data points!

Tier 2: Big Tech Big Tech. 1,914 data points (34% of all data). Median: $180K, 75th percentile: $203K

The largest publicly traded tech companies compensate engineers with increasingly large equity packages up the career ladder. I split this category for two reasons:

Commonly referenced. The terms “FAANG” and “Big Tech” are frequently their own category, and benchmarks for other companies’ offers.

Industry-leading comp. It’s hard to find bigger liquid compensation offers than this group offers. Later, we see it’s possible to win higher illiquid comp offers at not-yet-public scaleups, and some hedge funds can top what Big Tech offers.

Tier 3: Top scaleups and hedge funds Top scaleups and hedge funds, based on 493 data points (8% of all data). Median: $208K, 75th percentile: $247K

This is a very interesting category with a lack of high-quality data, outside of Levels.fyi, for two reasons:

Private scaleups issue not-yet-liquid equity. Many assume Big Tech companies offer the most, compensation-wise. And this is true in terms of liquid equity; shares that can be sold for cash is an area where Big Tech is near-impossible for scaleups to match.

However, top-tier startups and scaleups can – and do – offer more total compensation than Big Tech. But there’s a catch: their equity cannot be sold until a liquidity event happens like an IPO, or stock buyback. Scaleups which out-offer Big Tech in total comp include Databricks and OpenAI.

It makes sense for late-stage scaleups to make bigger total comp offers than Big Tech because they target the same talent and must compensate for the fact their equity grants are illiquid, and may not become convertible to cash any time soon. Plus, there’s also the risk of a grant losing value like at Foursquare, where employees’ stock options ended up as worthless.

Hedge funds are notoriously secretive. Places like Two Sigma want to keep their compensation details as confidential as possible. Levels.fyi has accurate data points, but not enough to make this group into its own category. So, they’re included with scaleups here.

The compensation philosophy of hedge funds is very different than at Big Tech and scaleups:

No equity: hedge funds do not issue equity, even though this element is almost always what makes Big Tech and scaleup compensation packages standout

Large cash bonuses: instead, hedge funds award hefty end-of-year bonuses, of up to 100% of annual salary. Hedge funds are the only category of company offering more liquid compensation than Big Tech and some scaleups. At the same time, hedge funds hire a lot less frequently

Overlapping categories

Let’s look at all three categories of employer in a single graph:

All entry-level compensation data points, split into categories

And also let’s check out the median and 75th percentile total compensation packages of each category:

Data points for each category

There are a few interesting points about this distribution:

~2x difference between Tier 1 and 3. Tier 2 and 3 companies pay around 2x as much at the 50th and 75th percentiles than Tier 1 does. Tier 2 (Big Tech) is a lot closer to Tier 3 in TC. The 75th percentile of Tier 1 still doesn’t come close to the 50th percentile of Tier 2

Overlap from Tier 1 into Tier 2. The highest Tier 1 offers – at around the 90th-95th percentiles – do reach up to $200K, which is near the median range of tiers 2 and 3

Tiers 2 and 3 overlap a lot. The only real difference between Tier 2 and Tier 3 is that there are much more Big Tech data points in the sample. This could indicate a bias in user submissions towards Big Tech, or that scaleups and hedge funds hire far fewer entry-level engineers in the US

2. US: senior software engineers

Compensation differences tend to grow with seniority, so let’s look at senior-and-above software engineers by adjusting the filters:

“Software Engineer” submissions

Offer date in the last 3 years (between 1 Jan 2022 and 1 Jan 2025)

Experience: 5 years minimum

Region: US

Years at company: 0. Similar to before, we only look at new offers

Let’s see how the same three categories map when looking at senior software engineers, split across the same tiers:

All senior-and-above engineer compensation data points by category. Total number of data points: 9,509

Here’s what these tiers look like in the median and 75th percentile compensation bands:

Data points for each category

The tiers are more distinct for seniors than for entry-level engineers. Some observations:

Tier 1 (everyone else): this category has the most data points (53% of the total). Also, while the median of this tier is significantly below the other two categories, there is overlap at the 75th and 90th percentiles. Simply put, it’s possible to earn as much in this group as in Big Tech, but it’s harder to do.

Tier 2 (Big Tech): compensation spread is very wide, starting from around $100K, all the way to $600K and above. This indicates the median value is less important, and things like career level, the specific company, and negotiation, could all matter more.

Tier 3 (top scaleups and hedge funds): this overlaps with Big Tech, and its top end goes even further. Also, there is far less data for this category, suggesting that these companies hire significantly fewer staff than Big Tech does, as mentioned above.

Outliers: these are much more distinct at the senior level, compared to the entry-level tier distribution

Big Tech and scaleups+hedge funds have many outliers. The median entry-level Tier 1 compensation package was $105K – and there were few offers in tiers 2 and 3 that offered twice as much ($200K and above.) The median senior Tier 1 compensation was $180K, but now there are far more offers in tiers 1 and 2 worth double that ($350K and above). Visualized:

A higher percentage of people reported making at least double in Tier 1 median compensation at senior level, than at entry-level. Being in the “long tail” of offers could be more achievable at senior level than at entry-level 3. US companies paying highest by tier

With the data below, we look at the number of senior software engineer submissions and filter them for offers submitted by engineers with 5-10 years of experience.

Tier 1: “everyone else”

The highest median total compensation offers in this category were made by the companies listed below:

Companies offering the highest 50th percentile compensation in the “everyone else” category

Leading employers in this category are Indeed, HubSpot, Workday, Disney, eBay, Capital One, Goldman Sachs, JPMorgan Chase and Visa.

Which businesses in each tier are most worth targeting for jobseekers? One indicator is the number of submissions, which identifies companies that are hiring more than others. Of course, this also biases to companies which users have shared data about. In this category, it’s Capital One, Walmart, JPMorgan Chase, Disney, HubSpot, Indeed, Workday, Palo Alto Networks, Fidelity, and Visa.

Tier 2: Big Tech

Highest-paying companies by median total compensation:

Companies offering the highest 50th percentile comp in the Big Tech category

This is quite a jump: the median is nearly twice as high as in the “everyone else” category! You can find more details about individual packages and get a sense of the spread of offers per company, at the pages for Netflix, Airbnb, Pinterest, Robinhood, Snap, Roku, Meta, MongoDB, Uber and Dropbox.

Most data points submitted: for this category, most data points submitted were for Amazon, Meta, Google, Microsoft, Apple, Oracle, Uber, Block, NVIDIA, and Salesforce.

Tier 3: Top scaleups and hedge funds

The cream of the comp crop; with hedge funds, quant firms, and top-tier VC-backed startups doing well. Companies with the highest median offers are:

Companies offering the highest 50th percentile compensation in the top scaleups and hedge funds category

If you thought Big Tech has high median offers, these numbers are between 20 and 40% bigger. Hudson River Trading, Citadel, and Jane Street, are all hedge funds or quant firms, meaning their stated compensation is all cash. Others on the list are companies which IPOed in recent years like Coupang, or late-stage scaleups.

Find more details about individual packages and get a sense of the spread of offers within a company by checking the respective pages on Levels.fyi of Hudson River Trading, Databricks, Coupang, Citadel, OpenAI, OpenSea, Earnin, Nuro and Figma.

Most data points submitted: in this category, it’s Bytedance, Stripe, Cruise, Snowflake, Roblox, Coinbase, Databricks, Reddit, Rivian, and Anduril.

The importance of location

Location also impacts compensation packages. In the Bay Area, Seattle and New York, compensation packages are higher than in other areas in the US. We can get a better sense of how location plays a part using a heatmap – also built by Levels.fyi:

Location and median pay have some connection. Source: Levels.fyi heatmap 4. UK numbers and tiers

Here’s the distribution of compensation data points for senior software engineers in the UK, mapped in British pound sterling (GBP):

Distribution for senior software engineer packages in the UK

For this country, we attempt to segment data points by company-headquarter location:

Headquartered outside the UK and US (mostly in European countries)

Headquarters in the UK

Companies with headquarters in the US

Here’s data for these categories:

Data points for each category

Visualizing the distribution:

Distribution for the three categories of senior software engineer packages in the UK

A few interesting things stand out:

The “US-HQ tier” is odd. It feels like two tiers might be coupled here, based on the midpoint of the graph having several local maximums: £100K ($126K), around £125K ($158K), and circa £150K ($190K). I’d assume that if we split up Big Tech, the top scaleups+hedge funds, and everyone else, we’d see two distinct tiers. Still, it is US-HQ’d companies that offer the most comp to senior software engineers.

Like the US, the UK has hedge funds that offer as much – or more – than Big Tech. These firms are all based in London, often with offices in New York. This is the first time I’ve seen it broken down like this.

UK, but not US or UK-headquartered, are similar. The medians and 75th percentiles of these categories are almost the same. Non-US, non-UK HQed companies simply have fewer data points.

The data is likely to overrepresent US-HQ’d companies. It would seem there are more US-based companies employing software engineers in the UK, than UK-headquartered ones do. However, based on my understanding of the market this is incorrect: in reality, a lot more UK-based companies employ software engineers than US-based ones, but the data currently biases towards US-HQ’d companies.

My sense is that for the UK, the real three tiers are those previously discussed:

Tier 1: local market, meaning most UK HQ’d companies

Tier 2: startups and scaleups targeting the top of the local market. Many are likely US-based, but not competing with Big Tech

Tier 3: Big Tech and top scaleups competing with them

Here are companies offering the highest median total compensation in the UK:

Companies offering the highest 50th percentile compensation in the UK. Most roles are London-based

Businesses paying the most, based on median data: Citadel, The Trade Desk, Balyasny Asset Management, Stripe, Confluent, Qube Research, Maven Securities, Millennium, G-Research, and BP – an oil and gas company, which is the only non-tech, non-finance company in the top 10.

And here are companies outside the top 10, but in in the top 30:

Coremont (£180K), Meta (£178K), Apple (£178K), Snap (£177K), Reddit (£176K), ByteDance (£175K), Palantir (£173K), Google (£173K), HashiCorp (£169K)

Standard Chartered (£166K), WordQuant (£166K), BBC (£165K), DuckDuckGo (£161K), Monday.com (£159K), Squarepoint Capital (£157K), Samsara (£156K), Onfido (£156K), X – formerly Twitter (£156K), Discovery (£154K)

In this list, a surprise for me was to see the BBC being so competitive in compensation, compared to Big Tech companies. In all fairness, I’ve heard good things about both the engineering talent and the engineering culture at the British broadcaster.

And these are the companies in the UK for which the most data points were submitted by users:

Companies with most data points 5. India numbers and tiers

For India, compensation packages are represented in USD ($100K in USD equals to about ₹87 lakhs). The split:

Distribution of the three categories of senior software engineer packages in India, based on 2,050 data points

This split mirrors a single distribution, but let’s break it up by the location of headquarters:

In India

Not in India or the US

US

The distribution:

Distribution for the three categories for senior software engineer packages in India

It feels like US HQ’d companies might be two tiers combined, so let’s split this out by separating US-based Big Tech, and US-based “everyone else”:

Distribution when breaking US-HQ’d companies into Big Tech and non-Big Tech categories

There are many interesting details in this graph:

The data is US-dominated. As in the UK, India has more local companies based in the country and employing software engineers. For example, Tata Consultancy services alone employs more than 600,000 IT professionals – many of them software engineers. And we’ve not covered large employers like Infosys, or Wipro. At the same time, data from Levels.fyi is biased towards US-HQ’d companies: 77% of all data points. You can help the data become more accurate by submitting your compensation.

India-HQ’d companies rarely offer standout compensation. As per this data, it is mostly companies headquartered abroad that offer above $100K in total compensation (₹87 lakhs or more).

US-HQ’d companies pay very well. While the median compensation for these companies is $63K (₹52 lakh,) the 90th percentile is at $133K (₹1.1 crore!) This is surprisingly high!

Big Tech offers are very strong. A select few senior+ engineers can make in the range of $200K per year (₹1.7 crore) at the very top of the range, which is close to 4x the median compensation of the India-HQ’d tier.

Data points for each category

Companies that pay the most in India, as per the data:

Companies offering top 50th percentile comp in India

One surprise is Google not making the top 10; it comes in at number 14 overall, with median senior engineer compensation at $98K (₹85 lakh) – not far away from the top 10. One thing to keep in mind is that Google has the most data points of companies, meaning it might be more accurate.

Businesses with the most data points submitted in India:

Companies with the most compensation packages submitted to Levels.fyi 6. Note on equity

The bigger a Big Tech or VC-funded startup comp package is, the larger the share of equity. For example, here’s a visualization of the comp split for senior software engineers in the US, over the past year:

Visualizing the TC split of engineers. The higher the TC, the bigger the equity and cash bonus, compared to base salary. Based on 796 data points

You might wonder how the largest packages have no equity component and a very large cash bonus. It’s because these are hedge funds which don’t issue equity and award cash bonuses of nearly 2x the annual salary.

Non-liquid equity comes with additional risk. Let’s take two compensation packages: one with a TC of $475K, and one with $423K. Which is better? It seems like $475K is clearly bigger, but some extra context is needed. The $240K package is from Rippling, a scaleup that is not yet publicly traded:

A $475K package at Rippling. See the original submission

The $423K package is from Uber:

A $423K package at Uber. See the original submission

The big difference between them is that at Uber, an engineer can sell their stock as soon as it vests, (usually, quarterly) if they wish. By doing so, they earn $423K worth of liquid compensation in the first year. At Rippling, the liquid compensation will be $335K ($240K in base salary and $85K bonus target), and equity can only be sold if and when a liquidity event occurs, such as:

Rippling organizes a secondary offer and allows employees to sell some stock. This usually happens with oversubscribed fundraising events

Rippling goes public. In this case, employees can sell their vested stock after a lockup period of around 6 months

Rippling is acquired and the buyer pays for employees’ stocks

For private companies, the big questions are when will equity become liquid, and how much will it be worth.

It’s worth remembering stock prices change, which makes equity compensation volatile. In 2022, we covered how this can lead to compensation woes. At the time, tech stocks like Stitch Fix, Redfin, and Zoom, dropped 50-80% in 12 months. At the same time, companies like NVIDIA, Tesla, and Apple, saw 50-100% stock price growth. Compensation packages for people working in the former group dropped significantly, while the latter group saw major increases. A $350K TC package became worth $510K at NVIDIA, and $231K at Stitch Fix:

Equity can be volatile, and equity-heavy packages similarly so. Source: Stock price woes and attrition Takeaways

Thanks very much to the Levels.fyi team for sharing so much data for the US, UK, and India. It’s enabled us to visualize compensation distribution and tiers across international labor markets.

Levels.fyi gives free access to its compensation data points, and relies on users sharing their comp numbers. If you’ve gotten value out of this article, please consider submitting the comp details of your current position; this lets the site provide fresh, data-backed insights, like in this deepdive.

My biggest takeaways:

The US is unique in having a tier above Big Tech. Across the UK, India, and in the Netherlands, the highest compensation tier (Tier 3) is Big Tech. So it’s a surprise to learn there’s an even higher tier that exists only in the US. Hedge funds, quant firms, and top scaleups can pay more than the likes of Google, Meta, Amazon, Netflix, Apple, etc, with two important caveats:

At top scaleups, bigger-than-Big-Tech comp packages are usually reserved for workers already in Big Tech, who would not switch jobs for an illiquid TC package unless it exceeds their current, liquid one.

Hedge funds and quant firms seem like a different world. Switching between Big Tech and these companies looks harder to do, and happens less often than moving between Big Tech and scaleups.

US-HQ’d companies tend to pull up markets outside the US. Among tier 3 companies in the Netherlands, 95% of those which I know are US-headquartered, and the data shows this is also the case in the UK and India.

Higher-tier companies come with downsides. These workplaces pay more, but usually operate with a “Silicon Valley-style” engineering culture: they expect a lot more in terms of autonomy, taking on product, DevOps, and testing work, and working longer hours – especially when collaborating with overseas teams. Adjusting to this can be tough if you’ve never worked in such an environment. Vice-versa, it can also be challenging to swap this pattern for a more traditional, hierarchical workplace.

Meanwhile, work stress can actually be higher at Tier 2 and Tier 3 companies, as covered in part 2 of the Trimodal series.

Today’s job market is a lot tougher than previously, and it’s harder to get into top-tier companies. In this deepdive, we’ve looked closely at the top tiers across several markets. With the job market tightening up, there are more qualified candidates than ever, and this can affect the size of offers. So, if you’re in the job market, I would not treat the numbers in this article as concrete and immovable. Instead, just focus on performing well in interviews, and getting an offer. Then these figures might be helpful in the negotiation phase.

Compensation is not everything; it’s just what is easiest to measure and make comparisons with, but there’s more to a job than the pay alone. Here’s what I used to think matters:

A way to think about a career

But is this all there is? I no longer think so. Other factors also make a job into a dream or a daily struggle:

Less quantifiable, but still very important, aspects of a career

If you’ve gotten value out of this data-based article, why not contribute to the wealth of knowledge about global tech compensation by anonymously sharing your current compensation with Levels.fyi. I hope you’ve found the additional data points useful, especially the expanded details on the US, UK, and India.

For more on tech comp, check out other deepdives:

Senior-and-above compensation in tech (2024)

Compensation at publicly traded tech companies (2023)

The trimodal nature of software internship salaries (research by Levels.fyi, 2024)

The trimodal nature of software engineering salaries in the Netherlands and Europe (Part 1, 2021)

The trimodal nature of tech compensation revisited (Part 2, 2024)

Daring Fireball: Another Tim Cook Product Announcement Teaser on X: ‘There’s Something in the Air’

@gruber … Is it just me that thinks 🍎 missed a trick by not using 🔗🎵📼Thunderclap’s song

🔗 Trump threatens to pull federal funds for US schools allowing ‘illegal protests’.

Much of the last decade or two of the tech industry has been dominated by the idea of the cloud: the simple, powerful idea that all of your applications and data can be accessed from any device with an internet connection. Enterprise businesses around the world have decommissioned server rooms in favor of subscribing to services maintained by other people, reducing overheads of all kinds. Even companies that once built and operated vast datacenters now rely on cloud providers. At the same time, cloud services have helped individuals save money upfront (even if subscriptions often cost more in the long run) and have taken the need for installation and troubleshooting out of the picture. Overall, cloud services have saved lots of people huge amounts of time and money.

But this convenience comes with trade-offs, some of which have become more apparent over time.

You only ever rent: There’s no real ownership, and vendors can modify, discontinue, or increase prices at will. Privacy concerns: Because your data and activity pass through the provider’s infrastructure, they can be easily monitored, tracked, or even resold. Jurisdictional constraints: Your data often resides in the provider’s chosen region, subjecting it to local laws, which may not align with your needs. Downtime and dependence: If your cloud provider goes down, so does your access — sometimes across multiple services. Vendor lock-in: Moving away from a cloud provider can be complex and expensive, discouraging competition and user control.

These trade-offs become even riskier when your work involves sensitive information. When software and infrastructure are controlled by the same entity, it not only enables easy monitoring and resale of your data but also makes it a prime target for subpoenas. Courts can compel a cloud service provider to produce your data, often without your involvement.

If your work involves sensitive personal information, for example of patients or sources, that could put their privacy and safety at risk. That might be particularly problematic in a situation where, for example, you work on reproductive health issues, and your software is hosted in a jurisdiction that has abortion bans. This risk extends across professions: journalists protecting sources, lawyers safeguarding client data, and healthcare providers managing patient records all face heightened exposure when their software, data, and infrastructure are all controlled by the same party.

At the same time, moving away from the convenience of the cloud is not really an option for most organizations. To date, most have opted to pay for more expensive enterprise contracts, which promise greater data protections alongside features like stronger audit logs and SSO. These provide some legal protections, but still amount to little more than an enforced promise: the vendor physically can inspect your data in most cases, you’re just paying them extra so that they’ll promise not to. These contracts also don’t address jurisdictional issues: if the vendor is based in Texas, your use of their platform is still subject to Texan law. The power dynamics at play remain unaddressed.

This is also problematic when you consider the increasing popularity of LLMs. If you’re dealing with sensitive or proprietary information, you probably don’t want an AI model to be trained on your data. You can pay vendors like OpenAI to promise that they won’t look at your data or train their models on it — but, again, you need to take their word for it.

If we want to retain the benefits of cloud software without its fundamental risks, we need a different model: one that restores control to users and organizations rather than vendors.

Retain the ease of deployment, access, and collaboration that makes cloud software so appealing. De-couple software and infrastructure so that the company making the software is not the company that hosts the software. Allow customers to pick an infrastructure host in the jurisdiction of their choice. Ensure that data is encrypted at rest and in transit, so that even the hosting provider cannot access it.

Self-hosted cloud software is, of course, absolutely a thing that already exists. Some of it is even end-to-end encrypted. But it’s also largely free and open source, and requires a fair amount of configuration and maintenance from an organization’s IT department. There’s nothing wrong with open source software (I ran two open source startups!), but the complexity of configuration and lack of clear business model can introduce problems for both the customer and the vendor. Vendors like Cloudron are making this easier for open source software — and they should serve as a model for what could come next.

Some cloud infrastructure providers, like AWS, already host marketplaces of software you can install. The trick is, you usually have to decide which kinds of virtual servers to use — are you going to go for an m3.medium or a t2.xlarge? — and then consider how your private cloud will be configured. AWS also offers self-hosting for LLM models through Amazon Bedrock, but the same problems present themselves. There’s a lot of technical overhead which many organizations can’t easily address — and in stark contrast to a cloud offering like Google Workspace, which is completely turn-key.

But this doesn’t have to be the case. What if we could combine the ease of cloud-based software with the control and flexibility of locally managed applications?

Consider an iPhone: here, your software runs on your device, wherever it might be, but is seamlessly downloaded from an App Store on demand. Some of that software is free; some of it is paid-for, either as a one-off or on a subscription basis. The underlying operating system is a variant of the FreeBSD UNIX system with significant proprietary additions, including some sophisticated sandboxing, but you wouldn’t know it, and you certainly don’t need to configure anything: you request an app, and zip!, there it is on your phone.

Consider this user journey:

The customer signs up to a certified provider in the jurisdiction of their choice. There are providers tailored for different levels of customer and different industries. They add their payment information. They choose the software they want to provide to their organization from an App Store accessed through the provider. As soon as they install it, it is near-instantly available to them. They can make it available to every user in their organization or a subset of users. For every user for whom it is available, the app shows up on a web-based dashboard. It can also be configured to automatically show up in providers like Okta. They never have to care about the speed or capacity of the underlying hardware: they just pay for a recurring license to the software. They never have to care about configuring or upgrading the software: as soon as they select it, it’s available. Customers can opt for updates to be pushed out automatically, or they can hold back non-security updates for more testing.

The App Store distributes revenue to the vendor and the hosting provider, and takes a cut for itself. Apps are charged for on a predictable, monthly, per-seat basis, with each app able to set its own prices. As is the case with a phone App Store, the store itself does some vetting of each application, certifying it for security and a set of core rules that each app must abide by. Unlike a phone App Store, it also does vetting and certification of the hosting provider itself, reducing the customer’s need to undertake security auditing.

Because every hosting provider associated with an App Store would necessarily need to adhere to the same open standards, the customer could move providers easily. They’d just sign up to another hosting provider associated with the App Store and migrate their apps. The App Store itself would handle the rest, dealing with migrating block storage, databases, and so on behind the scenes.

This model isn’t just about redistributing power from giant cloud vendors to customers. It’s about enabling organizations that deal with sensitive data to more easily use the cloud to begin with. It makes it easier to know that there is an enforced separation between an LLM and its training infrastructure. And it creates new opportunities for vendors that might not be in a position to offer their own cloud infrastructure, too. It lowers the barrier to both privacy and innovation for everyone involved.

Existing cloud providers aren’t incentivized to build this. It’ll take a new entrant or someone willing to make a big bet. The technology to do this already exists. The only question is: who will build it first?

If it’s you, I’d love to hear from you.

🕵💬 Inspired By People | 🌐 Leo Buscaglia

🔍 All The Posts can be found here, or scroll through the quotes below.

💬

💬

llm-ollama 0.9.0

This release of the llm-ollama plugin adds support for schemas, thanks to a PR by Adam Compton.

Ollama provides very robust support for this pattern thanks to their structured outputs feature, which works across all of the models that they support by intercepting the logic that outputs the next token and restricting it to only tokens that would be valid in the context of the provided schema.

With Ollama and llm-ollama installed you can run even run structured schemas against vision prompts for local models. Here's one against Ollama's llama3.2-vision:

llm -m llama3.2-vision:latest \ 'describe images' \ --schema 'species,description,count int' \ -a https://static.simonwillison.net/static/2025/two-pelicans.jpg

I got back this:

{ "species": "Pelicans", "description": "The image features a striking brown pelican with its distinctive orange beak, characterized by its large size and impressive wingspan.", "count": 1 }

(Actually a bit disappointing, as there are two pelicans and their beaks are brown.)

Tags: llm, ollama, plugins, generative-ai, ai, llms, llama, vision-llms

llm-mistral 0.11

I added schema support to this plugin which adds support for the Mistral API to LLM. Release notes:

Support for LLM schemas. #19 -o prefix '{' option for forcing a response prefix. #18

Schemas now work with OpenAI, Anthropic, Gemini and Mistral hosted models, plus self-hosted models via Ollama and llm-ollama.

Tags: projects, mistral, llm, plugins, llms, ai, generative-ai

Emil Lundberg and I have published the COSE Algorithms for Two-Party Signing specification. Its abstract is:

This specification defines COSE algorithm identifiers used when the signing operation is performed cooperatively between two parties. When performing two-party signing, the first party typically hashes the data to be signed and the second party signs the hashed data computed by the first party. This can be useful when communication with the party holding the signing private key occurs over a limited-bandwidth channel, such as NFC or Bluetooth Low Energy (BLE), in which it is infeasible to send the complete set of data to be signed. The resulting signatures are identical in structure to those computed by a single party, and can be verified using the same verification procedure without additional steps to preprocess the signed data.

A motivating use case for this is for WebAuthn/FIDO2 Authenticators to use when signing application data, as described in the proposed WebAuthn signing extension. Parts of this spec’s content were previously in the Asynchronous Remote Key Generation (ARKG) algorithm spec, which we’ve also been updated.

I plan to talk about the spec during IETF 122 in Bangkok. I hope to see many of you there!

The specification is available at:

https://www.ietf.org/archive/id/draft-lundberg-cose-two-party-signing-algs-01.html

This work was supported by the SIROS Foundation.

I believe that the price you have to pay for taking on a project is writing about it afterwards. On that basis, I feel compelled to write up my decidedly non-software project from this weekend: Squadron, an automaton.

I've been obsessed with automata for decades, ever since I first encountered the Cabaret Mechanical Theater in Covent Garden in London (there from 1984-2003 - today it's a roaming collection). If you're not familiar with them, they are animated mechanical sculptures. I consider them to be the highest form of art.

For my birthday this year Natalie signed me up for a two day, 16 hour hour weekend class to make one at The Crucible in Oakland. If you live in the SF Bay Area and are not yet aware of the Crucible I'm delighted to introduce you - it's a phenomenal non-profit art school with an enormous warehouse that teaches blacksmithing, glass blowing, welding, ceramics, woodwork and dozens of other crafts. Here's their course catalog. Go enrich your soul!

I took their class in "Mechanical Sculpture", which turned out to be exactly a class in how to make automata. I guess the term "automota" isn't widely enough known to use in the course description!

The class was small - two students and one instructor - which meant that we got an extremely personalized experience.

What I built

On day one we worked together on a class project. I suggested a pelican, and we built exactly that - a single glorious pelican that flapped its wings and swooped from side to side.

Day two was when we got to build our own things. We'd already built a pelican, but I wanted one of my own... so I figured the only thing better than a pelican is a full squadron of them!

Hence, Squadron. Here's a video of my finished piece in action:

I think it captures their pelican charisma pretty well!

How I built it

I was delighted to learn from the class that the tools needed to build simple automata are actually quite accessible:

A power drill A saw - we used a Japanese pull saw Wood glue Screws Wood - we mainly worked with basswood, plus I used some poplar wood for the wings Brass wires and rods Pliers for working with the wire

The most sophisticated tool we used was a reciprocating scroll saw, for cutting shapes out of the wood. We also had access to a bench sander and a drill press, but those really just sped up processes that can be achieved using sand paper and a regular hand drill.

I've taken a lot of photos of pelicans over the years. I found this side-on photograph that I liked of two pelicans in flight:

Then I used the iOS Photos app feature where you can extract an object from a photo as a "sticker" and pasted the result into iOS Notes.

I printed the image from there, which gave me a pelican shape on paper. I cut out just the body and used it to trace the shape onto the wood, then ran the wood through the scroll saw. I made three of these, not paying too much attention to accuracy as it's better for them to have slight differences to each other.

For the wings I started with rectangles of poplar wood, cut using the Japanese saw and attached to the pelican's body using bent brass wire through small drilled holes. I later sketched out a more interesting wing shape on some foam board as a prototype (loosely inspired by photos I had taken), then traced that shape onto the wood and shaped them with the scroll saw and sander.

Most automata are driven using cams, and that was the pattern we stuck to in our class as well. Cams are incredibly simple: you have a rotating rod (here driven by a 12V 10RPM motor) and you attach an offset disc to it. That disc can then drive all manner of useful mechanisms.

For my pelicans the cams lift rods up and down via a "foot" that sits on the cam. The feet turned out to be essential - we made one from copper and another from wood. Without feet the mechanism was liable to jam.

I made both cams by tracing out shapes with a pencil and then cutting the wood with the scroll saw, then using the drill press to add the hole for the rod.

The front pelican's body sits on a brass rod that lifts up and down, with the wings fixed to wires.

The back two share a single wooden dowel, sitting on brass wires attached to two small holes drilled into the end.

To attach the cams to the drive shaft I drilled a small hole through the cam and the brass drive shaft, then hammered in a brass pin to hold the cam in place. Without that there's a risk of the cam slipping around the driving rod rather than rotating firmly in place.

After adding the pelicans with their fixed wings I ran into a problem: the tension from the wing wiring caused friction between the rod and the base, resulting in the up-and-down motion getting stuck. We were running low on time so our instructor stepped in to help rescue my project with the additional brass tubes shown in the final piece.

What I learned

The main thing I learned from the weekend is that automata building is a much more accessible craft than I had initially expected. The tools and techniques are surprisingly inexpensive, and a weekend (really a single day for my solo project) was enough time to build something that I'm really happy with.

The hardest part turns out to be the fiddling at the very end to get all of the motions just right. I'm still iterating on this now (hence the elastic hair tie and visible pieces of tape) - it's difficult to find the right balance between position, motion and composition. I guess I need to get comfortable with the idea that art is never finished, merely abandoned.

I've been looking out for a good analog hobby for a while now. Maybe this is the one!

Tags: art, projects

[Jean Hsu and Jen Dennard]

This is a good inaugural post from two people who really have lived the startup operations life many times over:

"We think of the operations part of a startup like getting dinner on the table. Sure, some days, you might try a new and involved recipe, but most days, you just need to get something good enough on the table FAST, so that you can devote more time to other family and life priorities.

This is where the concept of minimum viable operations comes in. It’s about finding the right balance: creating systems and practices that are just enough to support the team."

I've seen both the "minimum, but not viable" and "overdoing it" versions of this. Stuff like creating a whole new leveling system for a five person team, or spending months getting to the perfect OKRs, are easy traps for people who don't know the pitfalls to fall into.

And at the same time, winging it with no process and no goals is unbelievably common too. Every startup needs to consider process / people / ops - and most of all, culture - if it wants to succees. These things aren't optional.

I'm excited for future posts.

#Startups

[Link]

… it’s what you TRY to do when you are running micro.blog and then out of the blue suddenly fire up a new WordPress instance.

What you thinking about?

When and why you use one or the other.

‘Pretending to Think’ – courtesy one of those generator thingies.

The features of Python's help() function

I've only ever used Python's help() feature by passing references to modules, classes functions and objects to it. Trey Hunner just taught me that it accepts strings too - help("**") tells you about the ** operator, help("if") describes the if statement and help("topics") reveals even more options, including things like help("SPECIALATTRIBUTES") to learn about specific advanced topics.

Via @trey.io

Tags: python, trey-hunner

Naming today's tab dump after one of The Mamas and The Papas best songs. Here is a lipsync'd video on YouTube. Dig the old-skool stereo.

Where I explained customer-to-company AI agent-to-AI agent interaction (you know, markets as conversations) in May of last year.

📸 The Morning sun doing it’s thing.

💬

LCW Experience Badge & Introduction to Open Badges 3.0 Course at Participate

This week is the 2025 Digital Credentials Summit hosted by the organization that shepherds the Open Badges 3.0 standard. This is a great space to meet with implementers, educators, technologists, funders, and policy makers from all over the world to connect.

I will be attending this year and have the privilege to participate in five sessions covering topics like degree data models, trust, identity, open communities and open source software. I’ve listed my sessions at the bottom for those who may be attending.

In time for the Summit, check out the two projects the DCC team has launched to contribute to advancing understanding Open Badges 3.0.

LCW Experience Badge

The LCW Experience is an introduction to the experience of receiving, claiming, and storing of an Open Badges 3.0 badge to the Learner Credential Wallet. Get started here.

Introduction to Open Badges 3.0 Course at Participate

Introduction to Open Badges 3.0 is a short, videos based course hosted at Participate.com, a community learning platform that issues Open Badges 3.0. To get started, join the The Digital Credentials Consortium Learning Hub and there you will find the course. Watch six short videos and earn a DCC Intro to OBv3 badge.

Sessions at Digital Credentials Summit

The DCC has been busy this year working with our members and colleagues on great projects about digital degrees, issuer trust, open web, and open source software. Here’s a list of these sessions:

March 3, 3:30–4:15 PM MT Using Open Badges 3.0 to Issue Portable and Verifiable Digital Degrees, with Eric Sembrant from Georgia Tech March 4, 9:20–10:20 AM MT Understanding Issuer Identity in the LER Verifiable Credentials Ecosystem, with Jeanne Kitchens from Credential Engine March 4, 1–1:40 PM MT Quality in Digital Credentialing: A Multifaceted Approach, panel with National Student Clearinghouse, Territorium, Strada Education Foundation, and Western Governors University March 4, 3–3:40 PM MT The Story of Open — How the Web, the World, and Credentials Thrive When Collaboration & Community is Prioritized, with Kate Giovacchini from ASU March 4, 4:40–5:20 PM MT, The Power of Open-Source Badging in Micro-Credentialing, with colleagues from Digital Promise

DCC at the 2025 1EdTech Digital Credentials Summit was originally published in Digital Credentials Consortium on Medium, where people are continuing the conversation by highlighting and responding to this story.

Join the Digital Credentials Consortium Learning Hub

The Digital Credential has started a series of short posts explaining the characteristics and trust models of W3C Verifiable Credentials and Open Badges 3.0. To accompany this series, we collaborated with our colleagues as Participate to create the The Digital Credentials Consortium Learning Hub and offer a short course, “Introduction to Open Badges 3.0”. To get started, join the The Digital Credentials Consortium Learning Hub and there you will find the course.

The course consists of six short (approx 2 min), informal videos. Once you watch all six videos, click on the bell in the right top corner to see your “DCC Introduction to OBV3 badge”. After installing and setting up the Learner Credential Wallet on your mobile device, click on “Add to Wallet” and scan the QR code that displays in the pop up with the camera on your phone or using the “Scan QR code” option in the ‘Add Credential screen of the LCW app. If you’d like to practice claiming an Open Badges 3.0 badge first, try the LCW Experience.

Thanks to the Participate team for setting this up with us. Participate is one of the first (maybe THE first) community learning platform to issue Open Badges 3.0. Their team has been involved with Open Badges since the very beginning. They host the Open Recognition Community where you will find many with a long history in this space who are discussing the value of Open Badges at the cross sections of formal, informal, nonformal learning.

For more information on the DCC, including membership, projects, and events, visit our website, wiki, and Linkedin. To receive our newsletter and invitations to webinars and events sign up for our community mailing list.

Open Badges 3.0 Basics: Watch, Learn, and Earn on Participate was originally published in Digital Credentials Consortium on Medium, where people are continuing the conversation by highlighting and responding to this story.

🕵💬 Inspired By People | 🌐 George Bernard Shaw

🔍 All The Posts can be found here, or scroll through the quotes below.

Symbolic representation of Web Security applied to SSI.

Many children in Europe grew up with the tales of Baron Münchhausen, who claims to have lifted himself and his horse out of a mire by pulling his own hair. The image is so powerful because the problem of the circular dependency is so clearly visible. In real life, circular dependencies are often far less obvious.

Which is why the first article in this series was primarily focused on looking behind the SSI smoke and mirrors around Web based identifiers and communication protocols. The resulting discussions in the Rebooting the Web Of Trust (RWOT) community were quite enlightening, and included a deeper look at the EU Digital Identity Wallet Technical specifications.

One of the mirrors basically broke when claims of OpenID4VC supporting decentralized identifiers were shattered when someone pointed out that while the EU Wallet is marketed on digital sovereignty and privacy, but in reality does not does not allow decentralized identifiers:

The current EUDI approach: No decentralized identifiers allowed

So while it was clear that OpenID4VC and did:web* do not qualify as decentralized, Self-Sovereign Identity, some people advocated to just embrace the false marketing in the hope that it would create wider acceptance and the appearance of adoption for SSI.

But has that approach ever really worked?

More often this kind of “sovereignwashing” appears to run a high risk of creating false expectations, disappointment. Which would ultimately cement the status quo of the federated platform identity lock-in for the next 20 years. As a community we should focus on building actual decentralized identifiers, communication protocols, and applications.

Because the true social and economic value of SSI is not just in the identity layer itself, it is in the decentralized applications enabled as a result.

Some of which would be in direct competition to the champions of the platform age, who are investing their financial and political capital into OpenID4VC and Web based identifiers to prevent that competition from ever getting off the ground. A classic “old industry vs new technologies” battle.

There are real opportunity costs across most of economy and society if the old encumbents manage to postpone or kill innovation.

Symbolic representation of eIDAS 2.0 after successful lobbying by the platforms and trust intermediaries Security and privacy for a globally networked society

Technology and corresponding security have been head to head in a special kind of race for a long time, dating back to an Egyptian inscription around 1900 BC in the main chamber of the tomb of Khnumhotep II, over Julius Caesar using a ROT-3 cypher in 100 BC, all the way to the famous Enigma machine used in World War II. The more people potentially had access to a message, the harder the encryption had to become.

The encryption used by Julius Caesar was not particularly strong, because it relied on a supposedly secret algorithm. Once parties know the secret, encryption and decryption become trivial. Over time this moved to well-known algorithms using shared secrets. And even though the shared secrets are more complex on today’s internet, this fundamental principle hasn’t changed:

If you know the shared secret, and can intercept the encrypted message, you will be able to read, and also impersonate and falsify communication.

In contrast, Engima was quite strong for its day because it combined a rotating cypher with a codebook that was famously carried by U-Boats allowing them to choose the correct settings. Literally handed over to the commander of the boat by hand in a secure location before departure, these code books effectively represented a cryptographic key, shared over a second channel — the physical handover.

Which makes any well-designed encryption system almost impossible to break. Unless, of course, you have intimate knowledge of the inner workings of the rotating cypher, and can guess certain messages, like weather reports, to then use brute force to arrive back at the settings for the day. Those settings then allowed to read other messages, which would otherwise have been unbreakable.

Digital identity should be based on an advance

In other words: The cryptography of the Enigma machine itself was solid, and essentially unbroken. But the Allied Forces were able to exploit structural weaknesses designed into the operation of Engima to attack the key generation for the day.

Security in Swiss Healthcare

That particular race accelerated when the Internet was born. In 1996, when the internet was still young, the US Congress deliberated and passed the Health Insurance Portability and Accountability Act (HIPAA). That same year, the Swiss Medical Association (FMH), realized patient data had to be better secured on the internet, leading to the creation of Health Info Net (HIN). Starting from encrypted email, Swiss doctors have relied on HIN for decades to keep their patient data safe.

But technology years are a lot like dog years. And 28 years is a very long time.

HIN is constantly working to innovate and improve its solutions. Which is how Vereign, working closely with our partner More than Bits, started to run some POCs with HIN in 2023, and ended up working all of 2024 almost exclusively for the Swiss healthcare sector.

Our challenge: Design a system that starts from what today’s users are used to, while re-thinking the system architecture using SSI and modern data ecosystem architectures, based on the work we had done for Gaia-X.

The starting point was obvious: Email is the world’s largest distributed identity database and communication protocol. It is the use case with which HIN started, and it is the singular product that all users rely on mutliple times each day to communicate with colleagues, laboratories, and patients.

Email is also facing challenges of concentration and capture by the large, federated platforms. And its lack of an identity layer has made it a fertile ground for attacks by malicious governments, corporations, and common criminals.

Vereign showcased its first prototype to harden email using SSI in 2019, which earned us a nomination as the hottest new innovation for the Swiss Digital Economy Award in Zurich. COVID-19 had other plans, but our experience proved invaluable when working on the POCs with HIN.

This time, we built out peer to peer email exchange via DIDComm. Secure, encrypted, authentic and designed in a way that it can be plugged into any legacy email system to gradually switch to a new, identity verified transport layer reaching all the way to the people themselves.

From prototyping to production: Quest for the identifier

We built these prototypes using did:web, because it is a great placeholder to stand in for decentralized identifiers while rapidly prototyping around user flow and experience.

But from the onset it was clear that did:web would not be the choice for production, because for all the reasons also highlighted in the last article:

Web based identifiers must never be used for personal identity.

Our preferred choice would have been KERI due to its robust security and privacy architecture. But with the official implementation being Python only, we had concerns about efforts required in supporting a secure, long term solution across the range of platforms we anticipated.

The Rust implementation by the Human Colossus Foundation fared better on that front. But there seems to be a rift in the community, causing concerns of diverging implementations, as well as long-term support. Which are exacerbated by the choice for European Public License (EUPL).

We could not find information about adoption, nor community. And finally, the security of KERI as a concept critically depends on the networks of Witnesses and Watchers, for which we could not find information about size, health and long term viability of these networks for either implementation.

Had we chosen KERI in February 2024, we would not have been able to go productive before these issues had been resolved. And our time line dictated we had to be ready for initial production by late 2024. As a result, KERI was a non-starter.

Other methods, such as did:indy, have been in decline for some time, and Sovrin is shutting down in just a couple of weeks. Methods like did:peer on the other hand are not great in scenarios where long-lived connections are desirable.

So in the end, our search for production ready decentralized identifiers that could safely be used for natural persons left us empty handed.

A classic. And good advice. Ignoring XKCD

The competing standards comic by XKCD is a classic. As far as rules go, it is a good one. But there are no rules without exceptions. Having exhausted every other path, we decided to ignore XKCDs’ best practice. Only, we did not aim to create the universal solution — that’s KERI — but to create the simplest possible, yet still sufficiently safe identifier for the requirements of our specific use case.

Like any good design, it should build on existing technologies as much as possible, be simple enough to be implemented within a reasonable time frame, and to be supportable for at least 5–10 years, when potentially it would be replaced by something better.

Designing a decentralized identifier

Our requirements asked for an identifier that was truly secure and private. We explicitly sought to minimize dependencies on infrastructure such as DNS, Web Servers and Certificate Authorities. Blockchain would have fit these criteria, but we do not require a global consensus. All we needed was a decentralized storage system that would guarantee integrity and availability of records.

Git might have been an option. It is Content-Addressable Storage, so objects are referenced by their hash, any modification creates a new object. But Git would add unnecessary overhead, and there is a central repository. The Interplanetary File System (IPFS) on the other hand is built for peer to peer distribution between nodes without a central server.

Like Git, IPFS is built on Content-Addressable Storage (CAS). Objects are referenced by their sha256 hashes. Users can request data at any node, and if that node does not have this particular object, it will use peer-to-peer network connectivity between nodes to obtain a copy of the data and provide it to the user. It is open, verifiable, and resilient.

Its function allows DID documents to be uploaded onto any node and be referenced by their hash on any node in the network. Modifications to the document modify the hash, so documents are integrity protected by design. Simultaneously, the entire DID storage and distribution mechanism is robust regarding the well-known attacks against Web based identifiers.

In addition, the hash for the document contains no Personally Identifiable Information (PII) and unless we’d make the mistake of adding PII to the DID documents themselves, our design would not expose any kind of PII anywhere.

Of course we were not the first, nor the only ones to realize the potential of IPFS for decentralized identifiers. There has been a prior attempt at using IPFS for DID documents, the IPID DID Method. But it never got much traction, and its use of the InterPlanetary Name System (IPNS) made it less robust. Also, it did not have provisions for the rotation of keys, which is crucial for long-term connections with the same identifier, as well as the ability to switch wallets or upgrade crypto algorithms.

Swiss Healthcare: Innovating together toward the gold standard of decentralized, secure, private identity and applications An identifier for Sovereign Data Exchange (SVDX)

The result is did:svdx, our DID method for Sovereign Data Exchange.

Agents generate their active key locally, as well as a key that can be used for the update of the identifier later. The public key of the first key is used as the persistent identifier, creating a persistent Autonomous Identifier (AID).

The second key, which is used for the update of the identifier, is never shared. Only its hash is declared in the document as a next key commitment. Because this key is never actively used until it is time to rotate, it is well protected against being compromised.

Each revision of the decentralized identity documents representing a Decentralized Identifier has a Content Identifier (CID) when stored in IPFS, so the resulting identifier is always the combination of the AID with the CID of the latest revision of the identifier.

Since each revision of the identifier refers back to the previous version by its CID, the result is a sha-256 hash based Key Event Chain of IPFS objects, all the way back to the inception document, the root of the AID in question.

did:svdx:z6MknHKiY477mH97qryHv3zjuHaTLvBbbp6tHS5SvZv67uR4:QmecqVGBxvW7gjffxmYTGFZNPmJcWmYPdD8azB1cZYaY6F

Because the identifier also contains the CID of the current state, starting verification of the Key Event Chain is trivial: Just pull the corresponding object out of IPFS and verify. Check for ancestor, rinse and repeat until you’re at the beginning of the chain. Check whether the AID matches the initial key. Done.

Trivial to implement in web based tool chains

No native IPFS support? No problem. Just pick one of the public IPFS gateways, and with a single request pull the DID document, e.g. https://ipfs.io/ipfs/QmecqVGBxvW7gjffxmYTGFZNPmJcWmYPdD8azB1cZYaY6F.

Thanks to content based addressing, you will get the same document no matter which gateway you use. And you’re welcome to use as many of them as you would like to compare. Although for production use cases it is highly recommended to run your own, which is trivial.

In other words, IPFS allows to integrate classic web based tool chains with decentralized storage and delivery of integrity protected DID documents. It’s as easy as any of the did:web* methods to work with, but does not suffer from the attack surfaces of DNS, TLS and Certificate Authorities.

In addition, it is robust against a number of DDOS scenarios, allows for low impact self-hosting, and eliminates the web server as a central point of attack, surveillance and compromise.

Also, it plays well with DIDComm and other communication protocols, but if you really require web based interaction protocols, they can also be encoded into the identifier. But unlike web based identifiers, exchanging key material via did:svdx mitigates a substantial number of attack scenarios for web connection protocols.

Layering trust

By design did:svdx contains zero personal information. It is deliberately focused on secure key exchange of an Autonomous Identifier, only.

So any relationship starts from a reliable assumption the AID controllers have a strong connection to one another and can maintain it over a longer period of time, including throughout key rotation and changes in cryptography. But they start from zero trust in one another.

Trust is built gradually, through Verifiable Presentations securely exchanged over the connection. Similar to what Christopher Allen describes as “Building Trust in Gradients.”

For SVDX, given it is built for a true P2P, decentralized ecosystem, we surmise that the party initiating a connection first authenticates itself toward the recipient of the connection request before requesting reciprocal information. That should also make data mining or identifier scraping much harder.

Limits of did:svdx

For any design, it is crucial to know its limits. Firstly, the identifier specification does not contain any of the multi-signature capabilities of systems like KERI. Because we did not require it for our use case at hand, we pushed that complexity, along the complexity of secure restore and key rotation, onto the clients — which we control for the use case at hand.

Also, while IPFS plays a role similar to that of Witnesses in KERI, there are no Watchers. So there is no built-in detection of duplicity, as Sam Smith calls it. And while parties can update each other on key rotations using DIDComm, allowing each other to verify they are still talking to the same party, the design has no built-in protections against a controller forking their identity.

For our use case this was not an issue, because there is a central catalogue for the ecosystem to allow looking up the latest, known version of an AID. Which is not ideal for some scenarios. But we considered the solution good enough for what we needed to achieve, given that all controllers need to also maintain their identity and trustworthiness with HIN as the central ecosystem fiduciary.

That said, it should be possible to design a robust duplicity detection on top of did:svdx, and there may even be scenarios where duplicity is not a primary concern as long as agents always ensure to only consider the latest version of an AID authoritative.

So did:svdx is not a replacement for KERI. But it is a replacement for web based DID methods, offering far better security, and similar efforts of adoption and support. From our own experience we know it took around 6-8 weeks to implement in JavaScript.

What’s next?

The first application using did:svdx in production will have ramped up by April 2025.

By mid 2025 we expect hundreds of thousands of production messages sent each month containing verifiable credentials backed by did:svdx. Our roadmap has us building out additional applications until all the institutions and eventually all the patients in Switzerland will have identifiers within the next 2-3 years.

We have already Open Sourced the initial implementation and will continue to add additional implementations. Also, we would love to finalize the specification so that it can be maximally useful to others. And there may be features that would be required for additional use cases, as well as community-based methods for duplicity detection.

Open questions Where is the right place to finalize, publish and maintain did:svdx? Who would be interested in participating? What are the critical capabilities that may still be missing? What kind of best practice operational RFCs should we develop as a community?

If you’re at DICE in Zurich this year, I’d love to sit down and discuss these questions with you — alongside everything else you would like to know about our vision for the Sovereign Data Exchange.

The Digital Credentials Consortium, our team and our members, are aiming to advance the understanding & use of privacy-enhanced, portable, verifiable digital credentials like Open Badges 3.0. We’ve noticed that while many are interested in the opportunities LERs as digital credentials may offer, many haven’t yet experienced what it is like to claim and accept an Open Badge 3.0 credential with a digital wallet like the LearnerCredential Wallet (LCW).

We created the LCW Experience to make it as easy as possible to try this out. It uses the open source DCC Issuing System and Learner Credential Wallet to demonstrate the experience of requesting and storing an Open Badges 3.0. You can learn more about how it works here.

To add the LCW Experience Badge to your Learner Credential Wallet, follow these steps:

Install & set up the LCW.app on your mobile device Go to the LCW Experience site to enter your name & email address

After you click the “Award Badge” button, a message will be sent to the email you provided with a link to your claim page. There you will find instructions on how to use your LCW app to claim your credential.

The email notification is a typical way to let earners know that they have been awarded a badge. If you would rather go to the claim page directly, use this link, replacing the name with your own (or someone you’d like to send it to): https://badging.dcconsortium.org/collect?recipientName=FirstName+LastName

Note that your name & email are not saved in our system. The email is used to send you the message and your name is included so that it will show who it was issued to in the accepted badge data and display.

Big shout out to the DCC team, James Chartrand, Alex Higuera, Dmitri Zagidulin, and Gillian Walsh for developing this project and brainstorming fun, accessible, and pragmatic approaches to learning about Verifiable Credentials and Open Badges. We hope you enjoy this experience!

For more information on the DCC, including membership, projects, and events, visit our website, wiki, and Linkedin. To receive our newsletter and invitations to webinars and events sign up for our community mailing list.

The LCW Experience was originally published in Digital Credentials Consortium on Medium, where people are continuing the conversation by highlighting and responding to this story.

This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The implementation uses ASP.NET Core Identity’s extensibility to incorporate SMS-based verification during user registration and login processes. SMS is no longer a recommended authentication method due to security risks but does provide a good solution for some business cases or user flows like onboarding phone users or phone applications, frontline workers with no desktop or other such solutions with limited security possibilities.

Code: https://github.com/damienbod/IdentityOidcPhone2fa

Setup

The ASP.NET Core Identity application integrates the SMS provider using the Identity PhoneNumberTokenProvider and an SMS verification service.

builder.Services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"))); builder.Services.Configure<EmailSettings>(builder.Configuration.GetSection("EmailSettings")); builder.Services.AddTransient<IEmailSender, EmailSender>(); builder.Services.Configure<SmsOptions>(builder.Configuration.GetSection("SmsOptions")); var authorization = Convert.ToBase64String(Encoding.ASCII.GetBytes( $"{builder.Configuration["SmsOptions:Username"]}:{builder.Configuration["SmsOptions:Password"]}")); builder.Services.AddHttpClient(Consts.SMSeColl, client => { client.BaseAddress = new Uri($"{builder.Configuration["SmsOptions:Url"]}"); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authorization); }); builder.Services.AddScoped<SmsProvider>(); builder.Services.AddIdentity<ApplicationUser, IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>() .AddTokenProvider<DataProtectorTokenProvider<ApplicationUser>>(TokenOptions.DefaultProvider) .AddTokenProvider<AuthenticatorTokenProvider<ApplicationUser>>(TokenOptions.DefaultAuthenticatorProvider) .AddTokenProvider<PhoneNumberTokenProvider<ApplicationUser>>(Consts.Phone) .AddTokenProvider<EmailTokenProvider<ApplicationUser>>(Consts.Email);

The ApplicationUser needs some new properties to support multiple authentication methods. The properties are used to allow a user to use the selected authentication method or force an authentication on a OpenID Connect client.

public bool Phone2FAEnabled { get; set; } public bool Email2FAEnabled { get; set; } public bool AuthenticatorApp2FAEnabled { get; set; } public bool Passkeys2FAEnabled { get; set; }

An SMS service are used to integrate the SMS, the SmsProvider class. In this demo, the eColl messaging service is used to send SMS. The implementation and the configuration would vary if you use a different service.

The SmsProvider is used to verify a phone number, to enable SMS 2FA and to force SMS 2FA. The service uses a HttpClient to access the SMS service rest API.

using IdentityProvider.Models; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Options; namespace IdentityProvider.Services; public class SmsProvider { private readonly HttpClient _httpClient; private readonly UserManager<ApplicationUser> _userManager; private readonly SmsOptions _smsOptions; private readonly ILogger<SmsProvider> _logger; private const string Message = "message"; public SmsProvider(IHttpClientFactory clientFactory, UserManager<ApplicationUser> userManager, IOptions<SmsOptions> smsOptions, ILogger<SmsProvider> logger) { _httpClient = clientFactory.CreateClient(Consts.SMSeColl); _userManager = userManager; _smsOptions = smsOptions.Value; _logger = logger; } public async Task<(bool Success, string? Error)> Send2FASmsAsync(ApplicationUser user, string phoneNumber) { var code = await _userManager.GenerateTwoFactorTokenAsync(user, Consts.Phone); var ecallMessage = new EcallMessage { To = phoneNumber, From = _smsOptions.Sender, Content = new EcallContent { Text = $"2FA code: {code}" } }; var result = await _httpClient.PostAsJsonAsync(Message, ecallMessage); string? messageResult; if (result.IsSuccessStatusCode) { messageResult = await result.Content.ReadAsStringAsync(); } else { _logger.LogWarning("Error sending SMS 2FA, {ReasonPhrase}", result.ReasonPhrase); return (false, result.ReasonPhrase); } return (true, messageResult); } public async Task<(bool Success, string? Error)> StartVerificationAsync(ApplicationUser user, string phoneNumber) { var token = await _userManager.GenerateChangePhoneNumberTokenAsync(user, phoneNumber); var ecallMessage = new EcallMessage { To = phoneNumber, From = _smsOptions.Sender, Content = new EcallContent { Text = $"Verify code: {token}" } }; var result = await _httpClient.PostAsJsonAsync(Message, ecallMessage); string? messageResult; if (result.IsSuccessStatusCode) { messageResult = await result.Content.ReadAsStringAsync(); } else { _logger.LogWarning("Error sending SMS for phone Verification, {ReasonPhrase}", result.ReasonPhrase); return (false, result.ReasonPhrase); } return (true, messageResult); } public async Task<bool> CheckVerificationAsync(ApplicationUser user, string phoneNumber, string verificationCode) { var is2faTokenValid = await _userManager .VerifyChangePhoneNumberTokenAsync(user, verificationCode, phoneNumber); return is2faTokenValid; } public async Task<(bool Success, string? Error)> EnableSms2FaAsync(ApplicationUser user, string phoneNumber) { var token = await _userManager.GenerateChangePhoneNumberTokenAsync(user, phoneNumber); var message = $"Enable phone 2FA code: {token}"; var ecallMessage = new EcallMessage { To = phoneNumber, From = _smsOptions.Sender, Content = new EcallContent { Text = message } }; var result = await _httpClient.PostAsJsonAsync(Message, ecallMessage); string? messageResult; if (result.IsSuccessStatusCode) { messageResult = await result.Content.ReadAsStringAsync(); } else { _logger.LogWarning("Error sending SMS to enable phone 2FA, {ReasonPhrase}", result.ReasonPhrase); return (false, result.ReasonPhrase); } return (true, messageResult); } }

Flow 1: Verify phone

Once a user has authenticated with email and password, the user can verify a phone. To verify the phone, the user MUST be authenticated. If not, a malicious program may send multiple SMS and cause financial harm. The Add phone number link can be used to start the verification process.

The VerifyPhone Razor page allows the user to enter an mobile phone number to send the SMS. This should be validated for real phone numbers at least. The StartVerificationAsync method is used to send the SMS. The ASP.NET Core Identity method GenerateChangePhoneNumberTokenAsync is used to generate the challenge for the verification.

var user = await _userManager.GetUserAsync(User); if (user == null) { return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } var result = await _client.StartVerificationAsync(user, Input.PhoneNumber);

The UI is not styled, just uses the standard bootstrap styles.

The confirm Razor Page accepts the verification code which was sent to the phone and uses the VerifyAndProcessCode method to validate. The ASP.NET Core Identity VerifyChangePhoneNumberTokenAsync method is used to validate the code.

public async Task<IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return Page(); } try { if (Input.PhoneNumber != null && Input.VerificationCode != null) { return await VerifyAndProcessCode(Input.PhoneNumber, Input.VerificationCode); } else { ModelState.AddModelError("", "Input.PhoneNumber or Input.VerificationCode missing"); } } catch (Exception) { ModelState.AddModelError("", "There was an error confirming the code, please check the verification code is correct and try again"); } return Page(); } private async Task<IActionResult> VerifyAndProcessCode(string phoneNumber, string code) { var applicationUser = await _userManager.GetUserAsync(User); if (applicationUser != null) { var validCodeForUserSession = await _client.CheckVerificationAsync(applicationUser, phoneNumber, code); return await ProcessValidCode(applicationUser, validCodeForUserSession); } else { ModelState.AddModelError("", "No user"); return Page(); } } private async Task<IActionResult> ProcessValidCode(ApplicationUser applicationUser, bool validCodeForUserSession) { if (validCodeForUserSession) { var phoneNumber = await _userManager.GetPhoneNumberAsync(applicationUser); if (Input.PhoneNumber != phoneNumber) { await _userManager.SetPhoneNumberAsync(applicationUser, Input.PhoneNumber); } applicationUser.PhoneNumberConfirmed = true; var updateResult = await _userManager.UpdateAsync(applicationUser); if (updateResult.Succeeded) { return RedirectToPage("ConfirmPhoneSuccess"); } else { ModelState.AddModelError("", "There was an error confirming the verification code, please try again"); } } else { ModelState.AddModelError("", "There was an error confirming the verification code"); } return Page(); }

The UI displays the input for the code and the number it was sent to.

Flow 2: Enable phone 2FA

Once the phone is verified, it can be used for an SMS 2FA.

The EnableSms2FaAsync method is used to enable the SMS 2FA.

var user = await _userManager.GetUserAsync(User); if (user == null) { return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } if (user.PhoneNumber != Input.PhoneNumber) { ModelState.AddModelError("Input.PhoneNumber", "Phone number does not match user user, please update or add phone in your profile"); } await _smsVerifyClient.EnableSms2FaAsync(user, Input.PhoneNumber!); return RedirectToPage("./VerifyPhone2Fa", new { Input.PhoneNumber });

The EnablePhone2Fa Razor page is used to validate the phone number before activating the 2FA.

The VerifyChangePhoneNumberTokenAsync is used to validate and the 2FA is activated.

var user = await _userManager.GetUserAsync(User); if (user == null) { return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } var verificationCode = Input.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var is2faTokenValid = await _userManager .VerifyChangePhoneNumberTokenAsync(user, verificationCode, user.PhoneNumber!); if (!is2faTokenValid) { ModelState.AddModelError("Input.Code", "Verification code is invalid."); return Page(); } await _userManager.SetTwoFactorEnabledAsync(user, true);

The Verify Phone 2FA Razor page displays the input field for the code.

Once activated, the user should persist some recovery codes.

Flow 3: SMS 2FA using phone

Next time the user authenticates, the SMS 2FA is required. The user can use multiple authentication methods, not only SMS. If possible, passkeys or strong authentication should be used.

if (user.Phone2FAEnabled) { IsPhone = true; if (!user.AuthenticatorApp2FAEnabled) { await _smsVerifyClient .Send2FASmsAsync(user, user.PhoneNumber!); } }

Further flows Phone only authentication

Requires mass usage protection

Recover account using Phone authentication

Requires mass usage protection

Links

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/2fa

https://github.com/andrewlock/TwilioSamples/blob/master/src/SendVerificationSmsDemo

Professionell Online SMS senden

It’s Oscars day! I haven’t seen very many of the nominees this year, but of the ones I have, I need to make this recommendation:

Soundtrack to a Coup d’Etat, nominated for best documentary picture, is brilliant. It’s an under-told part of American history, still highly relevant and ongoing today, told through the lens of its surprising intersection with the jazz musicians of the time. One of those films that I think everyone should see in order to educate themselves. It doesn’t make for a cheerful evening, but it’s all wonderfully done.

It’s available to rent on streaming services right now, and is worth it. If you don’t want to pay to rent, it will hopefully be a part of someone’s streaming library later on.

[Ghost]

Another really great update from the Ghost team about their progress implementing ActivityPub:

"In our logs, that looks like our average request time dropping from 5+ seconds, to ~50ms:

[...] There are still a few places where we're using the old database architecture that remain slow. We're not out of the woods just yet. Within the next couple of weeks, though, the beta will be open to everyone on Ghost Pro to try out.

[...] Importantly, Ghost's ActivityPub service is already out in the wild, open source, and released under the MIT license. We build in public, and all our work is up on GitHub for anyone to download, fork, run or deploy if they want to."

Exactly the right approach, and so exciting to see. Onwards!

[Link]

If I share the link to one of my open tabs and close it, the reader gets a new tab when they click on the link, no? So, in that case I'm giving away tabs, seems to me on a Sunday afternoon.

I don't have Hulu, and I don't have cable, but I do have an antenna outside, so we'll be watching the Academy Awards tonight on WRTV/6 from Indianapolis. RabbitEars.info tells me that WRTV is actually on channel 25 (and 6 is its "virtual" channel), 54 miles away, and with a signal it calls "poor" here. But I have a new outside antenna memorably named DAT BOSS MIX LR antenna High-VHF/UHF (Repack Ready), vectored toward WRTV and the rest of the TV tower farm on the far side of Indianapolis from here, and it gets the station just fine.  I've been to that farm, and here is a photo of WRTV's tower on the north side of it.

We'll be watching the Academy Awards on our new Samsung QN42S90D TV, which Consumer Reports rates highly at that link. ~$850 on Amazon. We have it mounted on a wall frame that lets us aim it in different directions, depending on who's watching where in a smallish room. Since it is hard to use external speakers with it, we're forgoing those. The speakers in it sound pretty good, considering. And the picture is gorgeous.

After publishing this piece, I was contacted by Anthropic who told me that Sonnet 3.7 would not be considered a 10^26 FLOP model and cost a few tens of millions of dollars to train, though future models will be much bigger.

— Ethan Mollick

Tags: ethan-mollick, anthropic, claude, generative-ai, ai, llms

It’s time to rekindle the movement.

Continue reading on Medium »

I’ve seen a lot of this sentiment lately, and can relate:

I miss being excited by technology. I wish I could see a way out of the endless hype cycles that continue to elicit little more than cynicism from me. The version of technology that we’re mostly being sold today has almost nothing to do with improving lives, but instead stuffing the pockets of those who already need for nothing. It’s not making us smarter. It’s not helping heal a damaged planet. It’s not making us happier or more generous towards each other. And it’s entrenched in everything — meaning a momentous challenge to re-wire or meticulously disconnect.

Many of us got excited about technology because of the web, and are discovering, latterly, that it was always the web itself — rather than technology as a whole — that we were excited about. The web is a movement: more than a set of protocols, languages, and software, it was always about bringing about a social and cultural shift that removed traditional gatekeepers to publishing and being heard.

It’s perhaps hard to remember now, but in the early nineties, finding an audience really meant being discovered and highlighted by a small number of very rich publishing companies (or record labels, etc) who were most often not representative of their audiences. The web was a revolution: anyone could publish their words, their music, or their art, without asking anyone for permission, and they could find their communities equally permissionlessly.

The web, of course, didn’t turn out to be quite as utopian as the promise. The truth is, the people who could afford to publish on the early web were also from a narrow, relatively wealthy demographic. To make publishing accessible to most people (who didn’t, quite reasonably, want to learn HTML or pay for or configure a domain name and hosting), we needed a set of easy-to-use publishing platforms, which in turn became centralized single points of failure and took the place of the old gatekeepers. Replacing publishers with Facebook wasn’t the original intention, but that’s what happened. And in the process, the power dynamics completely shifted.

The original web was inherently about redistribution of power from a small number of gatekeepers to a large number of individuals, even if it never quite lived up to that promise. But the next iteration of the web was about concentrating power in a small set of gatekeepers whose near-unlimited growth potential tended towards monopoly. There were always movements that bucked this trend — blogging and the indie web never really went away — but they were no longer the mainstream force on the internet. And over time, the centralized platforms disempowered their users by monopolizing more and more slices of everyday life that used to be free. The open, unlimited nature of the web that was originally used to distribute equity was now being used to suck it up and concentrate it in a handful of increasingly-wealthy people.

For the people who were attracted to the near-unlimited wealth hoarding and rent-seeking potential, this new web was incredibly exciting. Conversely, for those of us who were attracted by the power redistribution more than the technology itself, it was incredibly disheartening. The reason we got involved in the first place had all but evaporated.

For a while, decentralization did become a hot topic. Unfortunately, this was more about avoiding the trappings of traditional banking — crucially, including avoiding regulatory controls — than it was about distributing power. The actual equity redistribution was mostly an illusion; although there certainly were people with their hearts in the right place in the movement, the people who truly gained from blockchain and cryptocurrencies were libertarian grifters who saw potential in moving money away from the prying eyes of regulatory oversight and saw banking regulations designed to protect people as being unnecessarily restrictive. Blockchain wore the clothes of power redistribution, but rather than empowering a large number of people, it enriched very few, often at other people’s expense.

I do think the brief popularity of blockchain helped bring attention to decentralization, which was useful. I don’t know that as much attention would have been paid to the new crop of decentralized social networks like Mastodon and BlueSky, for example, had Web3 not previously seeded some of the core ideas in a more mainstream consciousness. The web3 community was also the most successful at, for example, embedding identity in the browser. It wasn’t valueless as a movement, but it fell far short of the hype.

Which brings us to AI, the current hotness. Like any software technology, it’s being sold to us as an empowering tool. But the broad perception is that it’s anything but: models are trained, unpaid, on the work of artists, writers, and researchers, who are already relatively low-paid, in order to build value for a small handful of vendors who are making deals worth tens or hundreds of billions of dollars. Or as one commenter put it:

The underlying purpose of AI is to allow wealth to access skill while removing from skill the ability to access wealth.

If you think this is hyperbole, consider Marc Benioff’s comments about not hiring any more software engineers in 2025:

“We’re not adding any more software engineers next year because we have increased the productivity this year with Agentforce and with other AI technology that we’re using for engineering teams by more than 30% – to the point where our engineering velocity is incredible. I can’t believe what we’re achieving in engineering.”

Whether you care about software engineering jobs or not, the same dynamics are underway for writers, artists, and any other creative job. Even the productivity gains that are being realized through use of AI tools are benefiting a small number of wealthy companies rather than individuals. This is the exact opposite of the power redistribution that led to so many people seeing such promise in the web.

It’s very hard to get excited about technology that redistributes wealth and power in favor of people who already have it.

The trajectory of the web — starting as a tool for redistributing power and becoming one that entrenches it — was not inevitable. It was the result of specific choices: business models that prioritized monopolization, technologies designed for centralization, and a relentless focus on extracting value rather than creating it. If we want a different future, we have to make different choices.

What does an alternative look like? It starts with software designed for people rather than for capital. The web once thrived on protocols instead of platforms — email, RSS, blogs, personal websites — before closed networks turned users into data sources. We are now seeing efforts to return to that ethos. The Fediverse, open-source publishing tools, community-run platforms, and decentralized identity projects all point to a path where individuals have more control over their online lives. They aren’t perfect, but they represent a fundamental shift in intention: building systems that work for people instead of on them.

The first wave of the web was decentralized by default but only accessible to a small number of people. The second wave was more accessible but centralized by profit motives. If there is to be a third wave, it will have to be intentional: built with equity and accessibility as core values, not an afterthought. That’s a hard road, because open and ethical technology doesn’t attract billion-dollar investments the way extractive models do. But if history has shown anything, it’s that the web’s greatest strength is in the people who believe it can be better. The real question is not whether more equitable software is possible: it’s whether enough of us are willing to build it.

For many of us, the social movement, rather than the underlying technology, was always the point. We need that movement more than ever before. Hopefully building it is something that more of us can get excited about.

 

Photo: Tim Berners-Lee's tweet "This is for everyone" at the 2012 Summer Olympics opening ceremony, released under a Creative Commons Attribution 2.0 Generic license.

I was a guest on the most recent episode of the Accessibility + Gen AI Podcast, hosted by Eamon McErlean and Joe Devon. We had a really fun, wide-ranging conversation about a host of different topics. I've extracted a few choice quotes from the transcript.

LLMs for drafting alt text

I use LLMs for the first draft of my alt text (22:10):

I actually use Large Language Models for most of my alt text these days. Whenever I tweet an image or whatever, I've got a Claude project called Alt text writer. It's got a prompt and an example. I dump an image in and it gives me the alt text.

I very rarely just use it because that's rude, right? You should never dump text onto people that you haven't reviewed yourself. But it's always a good starting point.

Normally I'll edit a tiny little bit. I'll delete an unimportant detail or I'll bulk something up. And then I've got alt text that works.

Often it's actually got really good taste. A great example is if you've got a screenshot of an interface, there's a lot of words in that screenshot and most of them don't matter.

The message you're trying to give in the alt text is that it's two panels on the left, there's a conversation on the right, there's a preview of the SVG file or something. My alt text writer normally gets that right.

It's even good at summarizing tables of data where it will notice that actually what really matters is that Gemini got a score of 57 and Nova got a score of 53 - so it will pull those details out and ignore [irrelevant columns] like the release dates and so forth.

Here's the current custom instructions prompt I'm using for that Claude Project:

You write alt text for any image pasted in by the user. Alt text is always presented in a fenced code block to make it easy to copy and paste out. It is always presented on a single line so it can be used easily in Markdown images. All text on the image (for screenshots etc) must be exactly included. A short note describing the nature of the image itself should go first.

Is it ethical to build unreliable accessibility tools?

On the ethics of building accessibility tools on top of inherently unreliable technology (5:33):

Some people I've talked to have been skeptical about the accessibility benefits because their argument is that if you give somebody unreliable technology that might hallucinate and make things up, surely that's harming them.

I don't think that's true. I feel like people who use screen readers are used to unreliable technology.

You know, if you use a guide dog - it's a wonderful thing and a very unreliable piece of technology.

When you consider that people with accessibility needs have agency, they can understand the limitations of the technology they're using. I feel like giving them a tool where they can point their phone at something and it can describe it to them is a world away from accessibility technology just three or four years ago.

Why I don't feel threatened as a software engineer

This is probably my most coherent explanation yet of why I don't see generative AI as a threat to my career as a software engineer (33:49):

My perspective on this as a developer who's been using these systems on a daily basis for a couple of years now is that I find that they enhance my value. I am so much more competent and capable as a developer because I've got these tools assisting me. I can write code in dozens of new programming languages that I never learned before.

But I still get to benefit from my 20 years of experience.

Take somebody off the street who's never written any code before and ask them to build an iPhone app with ChatGPT. They are going to run into so many pitfalls, because programming isn't just about can you write code - it's about thinking through the problems, understanding what's possible and what's not, understanding how to QA, what good code is, having good taste.

There's so much depth to what we do as software engineers.

I've said before that generative AI probably gives me like two to five times productivity boost on the part of my job that involves typing code into a laptop. But that's only 10 percent of what I do. As a software engineer, most of my time isn't actually spent with the typing of the code. It's all of those other activities.

The AI systems help with those other activities, too. They can help me think through architectural decisions and research library options and so on. But I still have to have that agency to understand what I'm doing.

So as a software engineer, I don't feel threatened. My most optimistic view of this is that the cost of developing software goes down because an engineer like myself can be more ambitious, can take on more things. As a result, demand for software goes up - because if you're a company that previously would never have dreamed of building a custom CRM for your industry because it would have taken 20 engineers a year before you got any results... If it now takes four engineers three months to get results, maybe you're in the market for software engineers now that you weren't before.

Tags: accessibility, alt-attribute, podcasts, ai, generative-ai, llms, podcast-appearances

Regarding the recent blog post, I think a simpler explanation is that hallucinating a non-existent library is a such an inhuman error it throws people. A human making such an error would be almost unforgivably careless.

— Kellan Elliott-McCrea

Tags: ai-assisted-programming, generative-ai, kellan-elliott-mccrea, ai, llms

18f.org

New site by members of 18F, the team within the US government that were doing some of the most effective work at improving government efficiency.

For over 11 years, 18F has been proudly serving you to make government technology work better. We are non-partisan civil servants. 18F has worked on hundreds of projects, all designed to make government technology not just efficient but effective, and to save money for American taxpayers.

However, all employees at 18F – a group that the Trump Administration GSA Technology Transformation Services Director called "the gold standard" of civic tech – were terminated today at midnight ET.

18F was doing exactly the type of work that DOGE claims to want – yet we were eliminated.

The entire team is now on "administrative leave" and locked out of their computers.

But these are not the kind of civil servants to abandon their mission without a fight:

We’re not done yet.

We’re still absorbing what has happened. We’re wrestling with what it will mean for ourselves and our families, as well as the impact on our partners and the American people.

But we came to the government to fix things. And we’re not done with this work yet.

More to come.

You can follow @team18f.bsky.social on Bluesky.

Tags: government, political-hacking, politics, bluesky

A surprisingly common complaint I see from developers who have tried using LLMs for code is that they encountered a hallucination - usually the LLM inventing a method or even a full software library that doesn't exist - and it crashed their confidence in LLMs as a tool for writing code. How could anyone productively use these things if they invent methods that don't exist?

Hallucinations in code are the least harmful hallucinations you can encounter from a model.

(When I talk about hallucinations here I mean instances where an LLM invents a completely untrue fact, or in this case outputs code references which don't exist at all. I see these as a separate issue from bugs and other mistakes, which are the topic of the rest of this post.)

The real risk from using LLMs for code is that they'll make mistakes that aren't instantly caught by the language compiler or interpreter. And these happen all the time!

The moment you run LLM generated code, any hallucinated methods will be instantly obvious: you'll get an error. You can fix that yourself or you can feed the error back into the LLM and watch it correct itself.

Compare this to hallucinations in regular prose, where you need a critical eye, strong intuitions and well developed fact checking skills to avoid sharing information that's incorrect and directly harmful to your reputation.

With code you get a powerful form of fact checking for free. Run the code, see if it works.

In some setups - ChatGPT Code Interpreter, Claude Code, any of the growing number of "agentic" code systems that write and then execute code in a loop - the LLM system itself will spot the error and automatically correct itself.

If you're using an LLM to write code without even running it yourself, what are you doing?

Hallucinated methods are such a tiny roadblock that when people complain about them I assume they've spent minimal time learning how to effectively use these systems - they dropped them at the first hurdle.

My cynical side suspects they may have been looking for a reason to dismiss the technology and jumped at the first one they found.

My less cynical side assumes that nobody ever warned them that you have to put a lot of work in to learn how to get good results out of these systems. I've been exploring their applications for writing code for over two years now and I'm still learning new tricks (and new strengths and weaknesses) almost every day.

Manually testing code is essential

Just because code looks good and runs without errors doesn't mean it's actually doing the right thing. No amount of meticulous code review - or even comprehensive automated tests - will demonstrably prove that code actually does the right thing. You have to run it yourself!

Proving to yourself that the code works is your job. This is one of the many reasons I don't think LLMs are going to put software professionals out of work.

LLM code will usually look fantastic: good variable names, convincing comments, clear type annotations and a logical structure. This can lull you into a false sense of security, in the same way that a gramatically correct and confident answer from ChatGPT might tempt you to skip fact checking or applying a skeptical eye.

The way to avoid those problems is the same as how you avoid problems in code by other humans that you are reviewing, or code that you've written yourself: you need to actively exercise that code. You need to have great manual QA skills.

A general rule for programming is that you should never trust any piece of code until you've seen it work with your own eye - or, even better, seen it fail and then fixed it.

Across my entire career, almost every time I've assumed some code works without actively executing it - some branch condition that rarely gets hit, or an error message that I don't expect to occur - I've later come to regret that assumption.

Tips for reducing hallucinations

If you really are seeing a deluge of hallucinated details in the code LLMs are producing for you, there are a bunch of things you can do about it.

Try different models. It might be that another model has better training data for your chosen platform. As a Python and JavaScript programmer my favorite models right now are Claude 3.7 Sonnet with thinking turned on, OpenAI's o3-mini-high and GPT-4o with Code Interpreter (for Python). Learn how to use the context. If an LLM doesn't know a particular library you can often fix this by dumping in a few dozen lines of example code. LLMs are incredibly good at imitating things, and at rapidly picking up patterns from very limited examples. Modern model's have increasingly large context windows - I've recently started using Claude's new GitHub integration to dump entire repositories into the context and it's been working extremely well for me. Chose boring technology. I genuinely find myself picking libraries that have been around for a while partly because that way it's much more likely that LLMs will be able to use them.

I'll finish this rant with a related observation: I keep seeing people say "if I have to review every line of code an LLM writes, it would have been faster to write it myself!"

Those people are loudly declaring that they have under-invested in the crucial skills of reading, understanding and reviewing code written by other people. I suggest getting some more practice in. Reviewing code written for you by LLMs is a great way to do that.

Bonus section: I asked Claude 3.7 Sonnet "extended thinking mode" to review an earlier draft of this post - "Review my rant of a blog entry. I want to know if the argument is convincing, small changes I can make to improve it, if there are things I've missed.". It was quite helpful, especially in providing tips to make that first draft a little less confrontational! Since you can share Claude chats now here's that transcript.

Tags: ai, openai, generative-ai, llms, ai-assisted-programming, anthropic, claude, boring-technology, code-interpreter, ai-agents

27th in the News Commons series

Nearly everything I’ve been writing in the News Commons series has come out of breakfasts Joyce and I have enjoyed with Dave Askins at the Uptown Cafe in Bloomington, Indiana. (A tech perspective: The Uptown is to Bloomington what Bucks of Woodside is to Silicon Valley.) At the most recent of these, Dave said Total News—News for All Time was a good way to talk about the Future—>Present—>Past approach to news that he came up with a few months earlier (see that last link), and which has been framing up everything I’ve been thinking and writing about news since then, including all my posts (#17 to #24, so far) about the #LAfires.

This got me thinking, on the spot, about how we frame news in the here-and-now. Toward co-thinking about that, I organized a spreadsheet with rows titled by sugar packets and columns headed by sweetener packets, on our breakfast table there.

Help remember that conversation, I kept the packets and just laid them out on my desk for a closer look:

C, P, and M stand for

Character, Problem, and Movement.

As I explain in What are Stories? (#21 in the News Commons series), these are the three requirements of every story.

And, as I explain in The Blame Game (#23 in the series), stories tend to go through four stages:

Live reporting, Human interest, Blame, and Coming to an understanding

All of which we’ve seen, in abundance, in coverage of the #LAfires since they happened.

The columns in the grid of sugars and sweeteners stand for

Framing Person or People Human interest Blame or reponsibility Understanding

The F is what matters. Because every story has a frame. In fact, everything we think, know, and tell stories about has a conceptual frame. Frames are where the vocabulary we think and talk in terms of comes from.

For a quick grasp of that, read Framing the Net, which I wrote for the Berkman Klein Center’s Publius Project when I was a fellow at the center back in 2008, but which applies at least as well today.

The other four columns (P, H, B, and U) are provisional. So are the four above that. The only parts of that ad hoc spreadsheet I’m sure about, so far, are the three requirement rows: Character, Problem, and Movement. If a visual helps, here’s one:

Back to Dave.

Persistent readers of the series might recall (in #16) that Dave shut down the B Square Bulletin on December 20. That was bad news at the time. The good news today is that he’s brought the B Square back up. He explains his new vision here. An excerpt:

Total News—News for All Time: Future, Present, and Past

A newsroom that is founded on a commitment to Future, Present and Past will deliver what today’s local decision-makers need—comprehensive, accurate information about topics in their full context.

Local decision-makers range from elected and appointed officials to business owners, voters, parents of school-aged children, and rank-and-file residents. We’re all decision-makers.

Future. The B Square will help make Bloomington a place where it’s easy for residents to find out what is going to happen. When does the North-South football game start? When is the public hearing on the new tax? When will the school board interview the superintendent candidates? When does the city’s 3rd Street repaving project start?

Present. Bloomington will be a place where it’s easy for residents to find out what just happened. Who won the North-South football game? Did the county council approve the new tax? Who is the new superintendent of schools? Why was traffic backed up on 3rd Street late Tuesday afternoon?

Past. Bloomington will be a place where it’s easy to find out what happened a long time ago. What is the history of the North-South rivalry? How much revenue has the old tax generated for the county over the last 20 years? How many people have had the job of superintendent of schools, and who were they? How many traffic crashes has that stretch of 3rd Street seen over the last 10 years?

This is a working model for news production everywhere—from towns like Bloomington to cities like Los Angeles. I’d like to see us working out the prototype in both places—or anywhere anyone else wants to run with it.

To be clear, Total News is not about how we produce news now, but how we prepare for news in the future, and how we keep archives that inform future news.

Now for some what-comes-nexts.

First, from the 5th to the 10th of this month I’ll be at SCaLE in Pasadena, learning and talking about Personal AI (another series on this blog, relevant to both the #LAfires and how news in the future will be produced and improved). I’ll also be giving a keynote for Kwaai.ai, at their annual summit, inside of SCaLE. Much of what we’ll be talking about are learnings from fire resilience hackathons that have been happening in L.A.) I would love to meet there at SCaLE, or nearby, with anyone working on Total News following the #LAfires. (Looking at you, KPCC/LAist, LA Times, Hear In LA, and anyone else I’ve sourced in writing about the LAfires.)

Second, I see the News Commons series feeding into a book. I don’t know yet if I’ll write that book alone, with Dave, or with some collection of other contributors. It’s too early to say because most of the work that needs to be done hasn’t happened yet. By work I mean putting together the best way to do calendars (the future), to produce news stories based on facts (the present), and to flow our calendars, collections of facts, and stories, into archives that are maximally useful for future stories (the past).

Third, I want to organize events around all the above. Stay tuned for more on that one.

[Natalie Alms at Nextgov/FCW]

I'd say this was an unbelievable own-goal. But, unfortunately, it's believable:

"The General Services Administration deleted 18F, a government tech consultancy that helps other agencies with their technology, early Saturday morning.

The office has been deemed “non-critical,” Thomas Shedd, director of GSA’s Technology Transformation Services, emailed staff at 1am. The agency’s acting head, Stephen Ehikian, told GSA staff Monday that the agency, which works across the government on tech, procurement and real estate, would be conducting a reduction in force."

18F has consistently saved other agencies money, and is seen as an example of modern government that other agencies (and governments) should learn from. It's an insane agency to dismantle.

But the way 18F worked - human-centered, in the open, with a real eye for inclusive change that saved real resources - is antithetical to Musk's mindset of believing yourself to be the smartest person in the room and forcing people to use your systems based on your own values.

Likely, Musk believes that these services should be provided by private companies (like his own) that could profit from it. It’s a backwards, profiteering, grifter-first approach to government services.

Of course, 18F is confronting to Musk in another way too: you can't be the smartest person in the room when those people are also in the room.

Yet another loss to hubris.

#Democracy

[Link]

llm-anthropic #24: Use new URL parameter to send attachments

Anthropic released a neat quality of life improvement today. Alex Albert:

We've added the ability to specify a public facing URL as the source for an image / document block in the Anthropic API

Prior to this, any time you wanted to send an image to the Claude API you needed to base64-encode it and then include that data in the JSON. This got pretty bulky, especially in conversation scenarios where the same image data needs to get passed in every follow-up prompt.

I implemented this for llm-anthropic and shipped it just now in version 0.15.1 (here's the commit) - I went with a patch release version number bump because this is effectively a performance optimization which doesn't provide any new features, previously LLM would accept URLs just fine and would download and then base64 them behind the scenes.

In testing this out I had a really impressive result from Claude 3.7 Sonnet. I found a newspaper page from 1900 on the Library of Congress (the "Worcester spy.") and fed a URL to the PDF into Sonnet like this:

llm -m claude-3.7-sonnet \ -a 'https://tile.loc.gov/storage-services/service/ndnp/mb/batch_mb_gaia_ver02/data/sn86086481/0051717161A/1900012901/0296.pdf' \ 'transcribe all text from this image, formatted as markdown'

I haven't checked every sentence but it appears to have done an excellent job, at a cost of 16 cents.

As another experiment, I tried running that against my example people template from the schemas feature I released this morning:

llm -m claude-3.7-sonnet \ -a 'https://tile.loc.gov/storage-services/service/ndnp/mb/batch_mb_gaia_ver02/data/sn86086481/0051717161A/1900012901/0296.pdf' \ -t people

That only gave me two results - so I tried an alternative approach where I looped the OCR text back through the same template, using llm logs --cid with the logged conversation ID and -r to extract just the raw response from the logs:

llm logs --cid 01jn7h45x2dafa34zk30z7ayfy -r | \ llm -t people -m claude-3.7-sonnet

... and that worked fantastically well! The result started like this:

{ "items": [ { "name": "Capt. W. R. Abercrombie", "organization": "United States Army", "role": "Commander of Copper River exploring expedition", "learned": "Reported on the horrors along the Copper River in Alaska, including starvation, scurvy, and mental illness affecting 70% of people. He was tasked with laying out a trans-Alaskan military route and assessing resources.", "article_headline": "MUCH SUFFERING", "article_date": "1900-01-28" }, { "name": "Edward Gillette", "organization": "Copper River expedition", "role": "Member of the expedition", "learned": "Contributed a chapter to Abercrombie's report on the feasibility of establishing a railroad route up the Copper River valley, comparing it favorably to the Seattle to Skaguay route.", "article_headline": "MUCH SUFFERING", "article_date": "1900-01-28" }

Full response here.

Tags: llm, anthropic, generative-ai, projects, ai, llms

strip-tags 0.6

It's been a while since I updated this tool, but in investigating a tricky mistake in my tutorial for LLM schemas I discovered a bug that I needed to fix.

Those release notes in full:

Fixed a bug where strip-tags -t meta still removed <meta> tags from the <head> because the entire <head> element was removed first. #32 Kept <meta> tags now default to keeping their content and property attributes. The CLI -m/--minify option now also removes any remaining blank lines. #33 A new strip_tags(remove_blank_lines=True) option can be used to achieve the same thing with the Python library function.

Now I can do this and persist the <meta> tags for the article along with the stripped text content:

curl -s 'https://apnews.com/article/trump-federal-employees-firings-a85d1aaf1088e050d39dcf7e3664bb9f' | \ strip-tags -t meta --minify

Here's the output from that command.

Tags: projects, html

For some time, I’ve argued that a common conception of AI is misguided. This is the idea that AI systems like large language and vision models are individual intelligent agents, analogous to human agents. Instead, I’ve argued that these models are “cultural technologies” like writing, print, pictures, libraries, internet search engines, and Wikipedia. Cultural technologies allow humans to access the information that other humans have created in an effective and wide-ranging way, and they play an important role in increasing human capacities.

— Alison Gopnik, in Stone Soup AI

Tags: ai

LLM 0.23 is out today, and the signature feature is support for schemas - a new way of providing structured output from a model that matches a specification provided by the user. I've also upgraded both the llm-anthropic and llm-gemini plugins to add support for schemas.

TLDR: you can now do things like this:

llm --schema 'name,age int,short_bio' 'invent a cool dog'

And get back:

{ "name": "Zylo", "age": 4, "short_bio": "Zylo is a unique hybrid breed, a mix between a Siberian Husky and a Corgi. With striking blue eyes and a fluffy, colorful coat that changes shades with the seasons, Zylo embodies the spirit of winter and summer alike. Known for his playful personality and intelligence, Zylo can perform a variety of tricks and loves to fetch his favorite frisbee. Always ready for an adventure, he's just as happy hiking in the mountains as he is cuddling on the couch after a long day of play." }

More details in the release notes and LLM schemas tutorial, which includes an example (extracting people from news articles) that's even more useful than inventing dogs!

Structured data extraction is a killer app for LLMs Designing this feature for LLM Reusing schemas and creating templates Doing more with the logged structured data Using schemas from LLM's Python library What's next for LLM schemas? Structured data extraction is a killer app for LLMs

I've suspected for a while that the single most commercially valuable application of LLMs is turning unstructured content into structured data. That's the trick where you feed an LLM an article, or a PDF, or a screenshot and use it to turn that into JSON or CSV or some other structured format.

It's possible to achieve strong results on this with prompting alone: feed data into an LLM, give it an example of the output you would like and let it figure out the details.

Many of the leading LLM providers now bake this in as a feature. OpenAI, Anthropic, Gemini and Mistral all offer variants of "structured output" as additional options through their API:

OpenAI: Structured Outputs Gemini: Generate structured output with the Gemini API Mistral: Custom Structured Outputs Anthropic's tool use can be used for this, as shown in their Extracting Structured JSON using Claude and Tool Use cookbook example.

These mechanisms are all very similar: you pass a JSON schema to the model defining the shape that you would like, they then use that schema to guide the output of the model.

How reliable that is can vary! Some providers use tricks along the lines of Jsonformer, compiling the JSON schema into code that interacts with the model's next-token generation at runtime, limiting it to only generate tokens that are valid in the context of the schema.

Other providers YOLO it - they trust that their model is "good enough" that showing it the schema will produce the right results!

In practice, this means that you need to be aware that sometimes this stuff will go wrong. As with anything LLM, 100% reliability is never guaranteed.

From my experiments so far, and depending on the model that you chose, these mistakes are rare. If you're using a top tier model it will almost certainly do the right thing.

Designing this feature for LLM

I've wanted this feature for ages. I see it as an important step on the way to full tool usage, which is something I'm very excited to bring to the CLI tool and Python library.

LLM is designed as an abstraction layer over different models. This makes building new features much harder, because I need to figure out a common denominator and then build an abstraction that captures as much value as possible while still being general enough to work across multiple models.

Support for structured output across multiple vendors has matured now to the point that I'm ready to commit to a design.

My first version of this feature worked exclusively with JSON schemas. An earlier version of the tutorial started with this example:

curl https://www.nytimes.com/ | uvx strip-tags | \ llm --schema '{ "type": "object", "properties": { "items": { "type": "array", "items": { "type": "object", "properties": { "headline": { "type": "string" }, "short_summary": { "type": "string" }, "key_points": { "type": "array", "items": { "type": "string" } } }, "required": ["headline", "short_summary", "key_points"] } } }, "required": ["items"] }' | jq

Here we're feeding a full JSON schema document to the new llm --schema option, then piping in the homepage of the New York Times (after running it through strip-tags) and asking for headline, short_summary and key_points for multiple items on the page.

This example still works with the finished feature - you can see example JSON output here - but constructing those long-form schemas by hand was a big pain.

So... I invented my own shortcut syntax.

That earlier example is a simple illustration:

llm --schema 'name,age int,short_bio' 'invent a cool dog'

Here the schema is a comma-separated list of field names, with an optional space-separated type.

The full concise schema syntax is described here. There's a more complex example in the tutorial, which uses the newline-delimited form to extract information about people who are mentioned in a news article:

curl 'https://apnews.com/article/trump-federal-employees-firings-a85d1aaf1088e050d39dcf7e3664bb9f' | \ uvx strip-tags | \ llm --schema-multi " name: the person's name organization: who they represent role: their job title or role learned: what we learned about them from this story article_headline: the headline of the story article_date: the publication date in YYYY-MM-DD " --system 'extract people mentioned in this article'

The --schema-multi option here tells LLM to take that schema for a single object and upgrade it to an array of those objects (actually an object with a single "items" property that's an array of objects), which is a quick way to request that the same schema be returned multiple times against a single input.

Reusing schemas and creating templates

My original plan with schemas was to provide a separate llm extract command for running these kinds of operations. I ended up going in a different direction - I realized that adding --schema to the default llm prompt command would make it interoperable with other existing features (like attachments for feeding in images and PDFs).

The most valuable way to apply schemas is across many different prompts, in order to gather the same structure of information from many different sources.

I put a bunch of thought into the --schema option. It takes a variety of different values - quoting the documentation:

This option can take multiple forms:

A string providing a JSON schema: --schema '{"type": "object", ...}' A condensed schema definition: --schema 'name,age int' The name or path of a file on disk containing a JSON schema: --schema dogs.schema.json The hexadecimal ID of a previously logged schema: --schema 520f7aabb121afd14d0c6c237b39ba2d - these IDs can be found using the llm schemas command. A schema that has been saved in a template: --schema t:name-of-template

The tutorial demonstrates saving a schema by using it once and then obtaining its ID through the new llm schemas command, then saving it to a template (along with the system prompt) like this:

llm --schema 3b7702e71da3dd791d9e17b76c88730e \ --system 'extract people mentioned in this article' \ --save people

And now we can feed in new articles using the llm -t people shortcut to apply that newly saved template:

curl https://www.theguardian.com/commentisfree/2025/feb/27/billy-mcfarland-new-fyre-festival-fantasist | \ strip-tags | llm -t people Doing more with the logged structured data

Having run a few prompts that use the same schema, an obvious next step is to do something with the data that has been collected.

I ended up implementing this on top of the existing llm logs mechanism.

LLM already defaults to logging every prompt and response it makes to a SQLite database - mine contains over 4,747 of these records now, according to this query:

sqlite3 "$(llm logs path)" 'select count(*) from responses'

With schemas, an increasing portion of those are valid JSON.

Since LLM records the schema that was used for each response - using the schema ID, which is derived from a content hash of the expanded JSON schema - it's now possible to ask LLM for all responses that used a particular schema:

llm logs --schema 3b7702e71da3dd791d9e17b76c88730e --short

I got back:

- model: gpt-4o-mini datetime: '2025-02-28T07:37:18' conversation: 01jn5qt397aaxskf1vjp6zxw2a system: extract people mentioned in this article prompt: Menu AP Logo Menu World U.S. Politics Sports Entertainment Business Science Fact Check Oddities Be Well Newsletters N... - model: gpt-4o-mini datetime: '2025-02-28T07:38:58' conversation: 01jn5qx4q5he7yq803rnexp28p system: extract people mentioned in this article prompt: Skip to main contentSkip to navigationSkip to navigationPrint subscriptionsNewsletters Sign inUSUS editionUK editionA... - model: gpt-4o datetime: '2025-02-28T07:39:07' conversation: 01jn5qxh20tksb85tf3bx2m3bd system: extract people mentioned in this article attachments: - type: image/jpeg url: https://static.simonwillison.net/static/2025/onion-zuck.jpg

As you can see, I've run that example schema three times (while constructing the tutorial) using GPT-4o mini - twice against text content from curl ... | strip-tags and once against a screenshot JPEG to demonstrate attachment support.

Extracting gathered JSON from the logs is clearly a useful next step... so I added several options to llm logs to support that use-case.

The first is --data - adding that will cause LLM logs to output just the data that was gathered using a schema. Mix that with -c to see the JSON from the most recent response:

llm logs -c --data

Outputs:

{"name": "Zap", "age": 5, "short_bio": ...

Combining that with the --schema option is where things get really interesting. You can specify a schema using any of the mechanisms described earlier, which means you can see ALL of the data gathered using that schema by combining --data with --schema X (and -n 0 for everything).

Here are all of the dogs I've invented:

llm logs --schema 'name,age int,short_bio' --data -n 0

Output (here truncated):

{"name": "Zap", "age": 5, "short_bio": "Zap is a futuristic ..."} {"name": "Zephyr", "age": 3, "short_bio": "Zephyr is an adventurous..."} {"name": "Zylo", "age": 4, "short_bio": "Zylo is a unique ..."}

Some schemas gather multiple items, producing output that looks like this (from the tutorial):

{"items": [{"name": "Mark Zuckerberg", "organization": "... {"items": [{"name": "Billy McFarland", "organization": "...

We can get back the individual objects by adding --data-key items. Here I'm also using the --schema t:people shortcut to specify the schema that was saved to the people template earlier on.

llm logs --schema t:people --data-key items

Output:

{"name": "Katy Perry", "organization": ... {"name": "Gayle King", "organization": ... {"name": "Lauren Sanchez", "organization": ...

This feature defaults to outputting newline-delimited JSON, but you can add the --data-array flag to get back a JSON array of objects instead.

... which means you can pipe it into sqlite-utils insert to create a SQLite database!

llm logs --schema t:people --data-key items --data-array | \ sqlite-utils insert data.db people -

Add all of this together and we can construct a schema, run it against a bunch of sources and dump the resulting structured data into SQLite where we can explore it using SQL queries (and Datasette). It's a really powerful combination.

Using schemas from LLM's Python library

The most popular way to work with schemas in Python these days is with Pydantic, to the point that many of the official API libraries for models directly incorporate Pydantic for this purpose.

LLM depended on Pydantic already, and for this project I finally dropped my dual support for Pydantic v1 and v2 and committed to v2 only.

A key reason Pydantic for this is so popular is that it's trivial to use it to build a JSON schema document:

import pydantic, json class Dog(pydantic.BaseModel): name: str age: int bio: str schema = Dog.model_json_schema() print(json.dumps(schema, indent=2))

Outputs:

{ "properties": { "name": { "title": "Name", "type": "string" }, "age": { "title": "Age", "type": "integer" }, "bio": { "title": "Bio", "type": "string" } }, "required": [ "name", "age", "bio" ], "title": "Dog", "type": "object" }

LLM's Python library doesn't require you to use Pydantic, but it supports passing either a Pydantic BaseModel subclass or a full JSON schema to the new model.prompt(schema=) parameter. Here's the usage example from the documentation:

import llm, json from pydantic import BaseModel class Dog(BaseModel): name: str age: int model = llm.get_model("gpt-4o-mini") response = model.prompt("Describe a nice dog", schema=Dog) dog = json.loads(response.text()) print(dog) # {"name":"Buddy","age":3} What's next for LLM schemas?

So far I've implemented schema support for models from OpenAI, Anthropic and Gemini. The plugin author documentation includes details on how to add this to further plugins - I'd love to see one of the local model plugins implement this pattern as well.

Update llm-ollama now support schemas thanks to this PR by Adam Compton. And I've added support to llm-mistral.

I'm presenting a workshop at the NICAR 2025 data journalism conference next week about Cutting-edge web scraping techniques. LLM schemas is a great example of NDD - NICAR-Driven Development - where I'm churning out features I need for that conference (see also shot-scraper's new HAR support).

I expect the workshop will be a great opportunity to further refine the design and implementation of this feature!

I'm also going to be using this new feature to add multiple model support to my datasette-extract plugin, which provides a web UI for structured data extraction that writes the resulting records directly to a SQLite database table.

Tags: projects, ai, annotated-release-notes, generative-ai, llms, llm, structured-extraction

[Mel Leonor Barclay and Jasmine Mithani at The 19th]

The impact of this will be severe:

"Organizations that provide services to LGBTQ+ victims of domestic and intimate partner violence expect much of the federal funding they rely on to dry up as the Trump administration’s executive orders target the work they have been carrying out for years.

[...] Groups that focus specifically on LGBTQ+ victims are part of a broader network of federally funded nonprofits that provide life-saving counseling, housing and legal aid to people experiencing violence from spouses, partners or family members. Some nonprofits also train social workers, therapists and lawyers in how to work sensitively with LGBTQ+ victims of violence."

Protecting vulnerable communities from harm is not on this administration's agenda. Instead, it seeks to pursue a restrictive, theocratic vision of society that punishes people who are already suffering. Hopefully other organizations will step up and provide some of the funding shortfall.

#Democracy

[Link]

[Anna Betts in The Guardian]

He's not wrong:

"Marty Baron, a highly regarded former editor of the Washington Post, has said that Jeff Bezos’s announcement that the newspaper’s opinion section would narrow its editorial focus was a “betrayal of the very idea of free expression” that had left him “appalled”."

"Democracy dies in darkness" indeed:

"“If you’re trying to advance the cause of democracy, then you allow for public debate, which is what democracy is all about,” Baron said, adding that Bezos is sending a message that is “anything but democratic”."

Clearly Bezos's move to only host opinion pieces that further "free markets and individual liberties" is an attempt to curtail pieces that might be critical of Trump - and avoid reprisals for his own businesses. Baron is right to call him out on it.

#Media

[Link]

[Bill Fitzgerald]

What a missed opportunity. As Bill Fitzgerald points out:

"Mozilla has given a masterclass, yet again, in how to erode trust among people who have loved your work."

Mozilla rolled out a new terms of service and privacy policy that rolled back a key promise never to sell user data. And then complained that people were making a big deal of it.

As Bill points out:

"Data brokers and adtech companies are weeds choking the internet. The data theft required to train large language models is a new, more noxious species of the same weed. Mozilla is going deep into AI and adtech, which means they are buying fertilizer for the weeds – and these changes to their terms, which provide Mozilla more rights to the data defining our online interactions and experience, should be understood in this context: Mozilla is building advertising and AI tools, and they need data to do this. Our web browser is right up there with our phone, car, and router with devices that provide a clear view on how we live."

Mozilla always had the potential to demonstrate what a tech company could be, and what the web could be, and it's always found new and interesting ways to fall short of that ideal. This is yet another one.

#Technology

[Link]

[Edwin Wong and Andrew Melnizek at The Verge]

This is much-needed research:

"The Verge partnered with Vox Media’s Insights and Research team, along with Two Cents Insights, to better understand how American consumers are embracing this shift. The goal of the work was to redefine what online communities will be in a post-social media era of emerging AI and Google Zero. And as brands look to hold onto the internet of the past, the term “community” will become a loaded word, with brands and platforms trying to use it more often to reach their ideal consumer."

And the findings are both obvious and highly actionable:

"Our research makes one thing clear: power is shifting back to the consumer (the fediverse signals this). Consumers crave community, but on their own terms — seeking deeper, more meaningful connections with those who truly matter (something we identified in 2014). Authenticity is at the heart of it all, supported by a foundation of safety and security. The future of community is personal, intentional, and built on trust."

Something that's maybe less obvious but still important: social media has often been the domain of editorial teams rather than product teams. There needs to be a strategic shift here: while actual messaging is editorial, the strategy of outreach and adoption for community platforms is a core part of product and needs to be treated that way. Community is a core part of any publication's product offering, and placing it on the editorial side disincentivizes innovation and real change.

Take this finding in particular:

"The desire for smaller, more intimate communities is undeniable. People are abandoning massive platforms in favor of tight-knit groups where trust and shared values flourish and content is at the core. The future of community building is in going back to the basics. Brands and platforms that can foster these personal, human-scale interactions are going to be the winners."

That's not something that an editorial team can provide on its own. It requires taking a step back and completely rethinking how you approach "audience" (that's the wrong word, for a start - community is two-way, whereas audience is one-way). That's not something I see many publishers grappling with.

#Technology

[Link]

The header of my blog from 1999 to 2007

Testing Wordland, about which Dave says more here.

This is my second blog, and my first WordPress one. It launched in 2007. My first blog is this one, which (courtesy of Dave) started in the last year of the prior millennium. I had hair then, and wore glasses.

Is this true? I want more sources.

Irony of wanting more sources: there is already too much information. Examples: this window has 30 tabs, in a browser with four windows, each with more tabs than I’ll bother to count. I also have four other open browsers. Trying to stay on top of all this stuff is like standing on a ball. So I save a lot of tabs: 10716 with OneTab. So far.

The Knicks are better than they look to this guy. Even if the Celtics and the Cavs are better overall. The playoffs will be fun. Between now and then, the Celtics City series looks like it will probably be good too. (Never mind what teams you hate. I’ve always hated the Lakers and the Yankees, but have no trouble watching documentaries on them. Villains—even ones that aren’t really—are always interesting.

All new comments to old blog posts are suspicious.

I just gave this post a category. It’s from my WordPress roster. Nice. Curious now about how to include images.

Will our agents increase our agency?

Stowe Boyd on economic uncertainty. About a year ago I had a dream that three things would happen, though I wasn’t sure in what order (or if they would at all, being a dream). One was that the Celtics would win the NBA championship. Another was that Trump would win the presidential election. And one was that the economy would crash. So far, so two.

Some numbers. The U.S. has 4% of the world’s population and,
—consumes ~17% of its energy, and around
—20% of its oil (most in the world)
—21% of its natural gas (also most)
—8% of its coal (declining but still)
—16% of its electricity
—12% of its water
—15% of its food
—30% of its consumer goods (also tops in the world)
—25% of its raw materials
—and produces 14% of the world’s carbon emissions, second only to China’s.
This is from ChatGPT, so redraw your own conclusions. My provisional one is that an adjustment is bound to happen.

Dave kindly notes that I’ve been an early user of his writing tools for the Web. I should add that I was an early wannabe user of Think Tank (after I met Dave and his brother at their booth at Comdex in Atlanta in 1984… but I didn’t have a computer to run it on) and MORE, which was the best writing tool of any kind that I have ever used. Such a killer app. Wish it had been at the top of the food chain. (But its ghost lives on in the tools Dave has been making since then.)

Vladimir Dzhuvinov and I led a discussion on The Cambrian Explosion of OAuth and OpenID Specifications at the 2025 OAuth Security Workshop in Reykjavík.

The abstract for the session was:

The number of OAuth and OpenID specifications continues to grow. At present there are 30 OAuth RFCs, two more in the RFC Editor queue, 13 OAuth working group drafts, and another eight individual OAuth drafts that may advance. There are nine JOSE RFCs and seven working group drafts. There are four SecEvent RFCs. On the OpenID side, there are 12 final OpenID Connect specs, three final FAPI specs, one final MODRNA spec, three final eKYC-IDA specs, and 24 Implementer’s drafts across the OpenID working groups, plus another ten working group drafts.

The number of possible combinations boggles the mind. And there’s no end in sight!

What’s a developer to do? How have people and companies gone about selecting and curating the specs to implement in an attempt to create coherent and useful open source and commercial offerings? And faced with such an array of combinations and choices, how are application developers to make sense of it all? How can interoperability be achieved in the face of continued innovation?

This session will prime the pump by discussing choices made by some existing open source and commercial offerings in the OAuth and OpenID space and lead to an open discussion of choices made by the workshop attendees and the reasoning behind them. It’s our goal that useful strategies emerge from the discussion that help people grapple with the ever-expanding sets of specifications and make informed implementation choices, while still fostering the innovation and problem-solving that these specifications represent.

The slides used to queue up the discussion session are available as PowerPoint and PDF. Also, see the list of 101 OAuth and OpenID-related specifications referenced during the discussion.

The topic seems to have touched a chord. Many people were clearly already thinking about the situation and shared their views. Some of them were:

Nobody actually expects everyone to implement everything. Stopping things is super hard. But sometimes it’s necessary (as Brian Campbell put it, “when they’re wrong”). Timing can be fickle. What may not be useful at one time can turn out to be useful later. Some specs are highly related and often used together. But those relationships are not always apparent to those new to the space. We need better on-ramps to help people new to the space wrap their arms around the plethora specs and what they’re useful for. Well-written profiles are a way of managing the complexity. For instance, FAPI 2 limits choices, increasing both interoperability and security. The amount of innovation happening is a sign of success!

Thanks to the organizers for a great tenth OAuth Security Workshop! And special thanks to the colleagues from Signicat who did a superb job with local arrangements in Reykjavík!

3月4日(火) 10:00-12:40に「FAPIとVCの世界動向　～FAPI2.0 & Verifiable Credentials~」と題されたセミナーがFINOLABイベントスペースで開催されます。私もちょっとだけでます。

金融機関におけるKYC等にそれらデジタル資格証明を利用するとした場合の様々な考慮事項の検討や、世界のオープンバンキングとFAPI 2.0についての解説を聞くことができます。前者の話題としては、富士榮さんたちの論文「デジタルクレデンシャルの利用用途に応じた管理要件に関する考察」の解説も聞けるかも？！

ぜひお越しください。

セミナー概要

Japan FinTech Week期間中に開催される今回のセミナーでは、「FAPI」と「Verifiable Credentials」をとりあげ、世界の最新動向を紹介するとともに、今後の業務での実装について議論させていただく予定ですので、是非ご参加ください。

◆日時　　：2025年3月4日(火) 10:00-12:40（開場　9:40）
◆会場　　：FINOLABイベントスペース
　　　　　　東京都千代田区大手町1-6-1 大手町ビル4F
　　　　　　　※大手町ビルは東西に長いビルで入口は東端、東京駅側にあります。
◆使用言語：日本語（英語資料も提供）
◆参加費用：無料　
◆主催　　：株式会社Authlete／伊藤忠テクノソリューションズ株式会社
◆後援　　：株式会社FINOLAB

アジェンダ：
10:00₋10:05　開会のご挨拶
10:05-11:00　デジタル資格証明のガバナンス　鈴木 茂哉氏（慶応義塾大学）　富士榮 尚寛氏（伊藤忠テクノソリューションズ）　　

Verifiable Credentialsなど持ち運び可能なデジタル資格証明と関連技術に注目が集まっていますが、例えば金融機関におけるKYC等にそれらデジタル資格証明を利用するとした場合、様々な考慮事項があります。慶應義塾大学SFC研究所と伊藤忠テクノソリューションズ株式会社はEUや欧米の最新動向を踏まえ、デジタル資格証明の管理要件やガバナンスについて共同研究を行ってきました。本セッションでは両者が共同で発行したディスカッションペーパー「デジタルクレデンシャルの利用用途に応じた管理要件」についてご紹介しつつ、今後デジタルクレデンシャルを金融サービス等に適用していく上で必要な論点について考察していきます。

11:00-11:55 オープンバンキングとFAPI 2.0　　川崎 貴彦氏（Authlete）

2010年代中頃、金融業界の競争活性化を主目的としたオープンバンキング政策が英国で開始されました。この政策によりコンピュータプログラムから金融サービスへアクセスする仕組みが構築された結果、多様な金融サービスが生まれ、人々の生活はより便利になりました。今となっては世界中に広がったこのオープンバンキングムーブメントですが、それを技術的に支えているのがFAPIと呼ばれる世界標準技術仕様です。そのFAPIも、今年2月にFAPI 2.0最終版が承認され、大きな節目を迎えました。このセッションでは、FAPI 2.0仕様の著者達が所属するAuthlete社が、オープンバンキングとFAPI 2.0について解説します。

11:55-12:00 まとめ
　　　　　　　　　　崎村 夏彦氏（OpenID Foundation）　　　　　　　　
12:00-12:40　懇親会

 Tune your metaphors.. 

 From where I dance and glance in America...

All over the world, men and women are not having the same experience. Generational conflicts are arising, influencing everything, causing chaos to status quo, and making clear that the ability to r/w/rw is not shared equally. Computational supremacy, computational illiteracy, what does the data say? Who? What? When? Why? Where? How? Now what?  

FREEdumb self-certifies. 

Structure yields results... not empathy, not emotion, not opinion. 

You own root, or you don't. 

Owners own the world. One contract at a time. Data, under Terms.

Sovereignty emerges from people, Individuals all. 

Freedom self-certifies. 

Left Cult == Right Cult political paradigm is collapsing.

Something new is possible.

You, Sovereign. 

Data structure yields life results... own root authority, people, it is your Right as Individuals.

The ultimate minority of one. Love somebody. 

 

GPT-4.5 is out today as a "research preview" - it's available to OpenAI Pro ($200/month) customers and to developers with an API key. OpenAI also published a GPT-4.5 system card.

I've added it to LLM so you can run it like this:

llm -m gpt-4.5-preview 'impress me'

It's very expensive right now: currently $75.00 per million input tokens and $150/million for output! For comparison, o1 is $15/$60 and GPT-4o is $2.50/$10. GPT-4o mini is $0.15/$0.60 making OpenAI's least expensive model 500x cheaper than GPT-4.5 for input and 250x cheaper for output!

As far as I can tell almost all of its key characteristics are the same as GPT-4o: it has the same 128,000 context length, handles the same inputs (text and image) and even has the same training cut-off date of October 2023.

So what's it better at? According to OpenAI's blog post:

Combining deep understanding of the world with improved collaboration results in a model that integrates ideas naturally in warm and intuitive conversations that are more attuned to human collaboration. GPT‑4.5 has a better understanding of what humans mean and interprets subtle cues or implicit expectations with greater nuance and “EQ”. GPT‑4.5 also shows stronger aesthetic intuition and creativity. It excels at helping with writing and design.

They include this chart of win-rates against GPT-4o, where it wins between 56.8% and 63.2% of the time for different classes of query:

They also report a SimpleQA hallucination rate of 37.1% - a big improvement on GPT-4o (61.8%) and o3-mini (80.3%) but not much better than o1 (44%). The coding benchmarks all appear to score similar to o3-mini.

Paul Gauthier reports a score of 45% on Aider's polyglot coding benchmark - below DeepSeek V3 (48%), Sonnet 3.7 (60% without thinking, 65% with thinking) and o3-mini (60.4%) but significantly ahead of GPT-4o (23.1%).

OpenAI don't seem to have enormous confidence in the model themselves:

GPT‑4.5 is a very large and compute-intensive model, making it more expensive⁠ than and not a replacement for GPT‑4o. Because of this, we're evaluating whether to continue serving it in the API long-term as we balance supporting current capabilities with building future models.

It drew me this for "Generate an SVG of a pelican riding a bicycle":

Accessed via the API the model feels weirdly slow - here's an animation showing how that pelican was rendered - the full response took 112 seconds!

OpenAI's Rapha Gontijo Lopes calls this "(probably) the largest model in the world" - evidently the problem with large models is that they are a whole lot slower than their smaller alternatives!

Andrej Karpathy has published some notes on the new model, where he highlights that the improvements are limited considering the 10x increase in training cost compute to GPT-4:

I remember being a part of a hackathon trying to find concrete prompts where GPT4 outperformed 3.5. They definitely existed, but clear and concrete "slam dunk" examples were difficult to find. [...] So it is with that expectation that I went into testing GPT4.5, which I had access to for a few days, and which saw 10X more pretraining compute than GPT4. And I feel like, once again, I'm in the same hackathon 2 years ago. Everything is a little bit better and it's awesome, but also not exactly in ways that are trivial to point to.

Andrej is also running a fun vibes-based polling evaluation comparing output from GPT-4.5 and GPT-4o. Update GPT-4o won 4/5 rounds!

There's an extensive thread about GPT-4.5 on Hacker News. When it hit 324 comments I ran a summary of it using GPT-4.5 itself with this script:

hn-summary.sh 43197872 -m gpt-4.5-preview

Here's the result, which took 154 seconds to generate and cost $2.11 (25797 input tokens and 1225 input, price calculated using my LLM pricing calculator).

For comparison, I ran the same prompt against GPT-4o, GPT-4o Mini, Claude 3.7 Sonnet, Claude 3.5 Haiku, Gemini 2.0 Flash, Gemini 2.0 Flash Lite and Gemini 2.0 Pro.

Tags: ai, openai, andrej-karpathy, generative-ai, llms, evals, uv, pelican-riding-a-bicycle, paul-gauthier

The Pulse is a series covering insights, patterns, and trends within Big Tech and startups. Notice an interesting event or trend? Send me a message.

Today, we cover:

Industry pulse. Amazon launches Alexa+, VS Code pulls “epic” but malicious theme, Meta cuts stock awards by 10%, Humane sells to HP, and more.

Swarm of AI coding tool launches. Anthropic launches Sonnet 3.7 (a supposedly even more capable LLM for coding) and Claude Code. GitHub ships Copilot Code Reviews, and Google makes Gemini Code Assist free for individual users (from $22.80 per month). Us devs are showered with new tools that all aim to improve workflows.

DeepSeek triggers higher GPU demand? It’s been predicted that more efficient LLMs will decrease demand for GPUs, but DeepSeek is 4-5x as efficient as some current LLMs, and appears to be driving up demand. Also, a look at the very clever “hacks” DeepSeek uses to boost performance on NVIDIA GPUs.

VC funding down, AI funding up. VC firms are increasingly shutting down, with overall funding levels dropping. AI-related funding is up – along with competition among startups to get funded. We predicted VC funding could dry up due to interest rate changes, and the data seems to show this happening.

What does “zero” mean for dates in COBOL? A reminder that “0” and “null” might not mean what you expect in some programming languages and systems.

1. Industry Pulse Amazon launches Alexa+

A year ago, I analyzed how Alexa had become left behind in the conversational AI race by missing the LLM wave, despite Amazon Alexa being a great use case for an integrated LLM, in order to provide better conversational experiences and new capabilities.

Well, 12 months later, Amazon seems to have caught up. This week, the online retail giant announced Alexa+, which is a revamped, more capable conversational assistant. It promises to make reservations or book rides by using apps like OpenTable and Uber, buy things on Amazon (obviously), manage smart speakers in the home, discover new music, and more.

The launch demo looks very polished and capable. But then, Apple’s glossy launch demos for Apple Intelligence didn’t stop the feature still feeling half-baked months later.

Under the hood, Alexa is partially powered by Claude, which Amazon didn’t announce, and Anthropic did. This suggests Anthropic’s models are ahead of Amazon’s own Nova models. Still, Amazon is clearly creating optionality for itself by not advertising Alexa’s dependence on Claude; when and if the Nova models are good enough, Amazon could replace Anthrophic’s solution with its own.

The Amazon+ pricing is puzzling: Alexa+ is free for Amazon Prime members ($14.99 monthly), and $19.99 per month for everyone else. This seems to make little sense; why charge so much more for a standalone subscription than for a bundle? Is it because Amazon wants to dis-incentivize customers just subscribing to Alexa+?

Either way, Amazon is making a stronger-than-ever case for customers to choose Amazon Prime for $14.99: which is probably the goal of upgrading Alexa.

VS Code pulls “epic” malicious theme

Read more

TypeScript types can run DOOM

This YouTube video (with excellent production values - "conservatively 200 hours dropped into that 7 minute video") describes an outlandishly absurd project: Dimitri Mitropoulos spent a full year getting DOOM to run entirely via the TypeScript compiler (TSC).

Along the way, he implemented a full WASM virtual machine within the type system, including implementing the 116 WebAssembly instructions needed by DOOM, starting with integer arithmetic and incorporating memory management, dynamic dispatch and more, all running on top of binary two's complement numbers stored as string literals.

The end result was 177TB of data representing 3.5 trillion lines of type definitions. Rendering the first frame of DOOM took 12 days running at 20 million type instantiations per second.

Here's the source code for the WASM runtime. The code for Add, Divide and ShiftLeft/ShiftRight provide a neat example of quite how much complexity is involved in this project.

The thing that delights me most about this project is the sheer variety of topics you would need to fully absorb in order to pull it off - not just TypeScript but WebAssembly, virtual machine implementations, TSC internals and the architecture of DOOM itself.

Via lobste.rs

Tags: typescript, webassembly

Stream the Latest Episode

Available now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

• WorkOS — The modern identity platform for B2B SaaS.

• Graphite — The AI developer productivity platform.

• Formation — Level up your career and compensation with Formation.

—

In This Episode

Have you seen this comic before about the org structure of Big Tech companies?

Longtime readers will recall that the author of this comic is Manu Cornet — who previously shared details on how this comic came about (and he almost did not publish it, thinking it would not be funny). For today’s episode, I sat down with him, to go through more comics, why he created them, and the deeper meaning behind several of these.

Manu spent over a decade at Google, doing both backend and frontend development. He also spent a year and a half at Twitter before Elon Musk purchased it and rebranded it to X. But what Manu is most known for are his hilarious internet comics about the tech world, including his famous org chart comic from 2011 about Facebook, Apple, Amazon, and Microsoft.

In today’s conversation, we explore many of his comics, discuss the meaning behind them, and talk about the following topics:

The viral org chart comic that captured the structure of Big Tech companies

Why Google is notorious for confusing product names

The comic that ended up on every door at Google

How Google’s 20% time fostered innovation—and what projects came from it

How one of Manu’s comics predicted Google Stadia’s failure—and the reasons behind it

The value of connecting to users directly

Twitter’s climate before and after Elon Musk’s acquisition and the mass layoffs that followed

And more!

This is an unusually visual episode, offering the story behind several comics about Big Tech, Google and Twitter that you might have seen. With Manu, we discuss the deeper meaning behind several of these — ones that are pretty obvious to those who worked inside these companies, but might be less intuitive if you’re only seeing them for the first time.

The Pragmatic Engineer deepdives relevant for this episode

• How Manu creates comics

• Consolidating technologies

• Is Big Tech becoming more cutthroat?

Timestamps

(00:00) Intro

(02:01) Manu’s org structure comic

(07:10) Manu’s “Who Sues Who” comic

(09:15) Google vs. Amazon comic

(14:10) Confusing names at Google

(20:00) Different approaches to sharing information within companies

(22:20) The two ways of doing things at Google

(25:15) Manu’s code reviews comic

(27:45) The comic that was printed on every single door of Google

(30:55) An explanation of 20% at Google

(36:00) Gmail Labs and Google Stadia

(41:36) Manu’s time at Twitter and the threat of Elon Musk buying

(47:07) How Manu helped Gergely with a bug on Twitter

(49:05) Musk’s acquirement of Twitter and the resulting layoffs

(59:00) Manu’s comic about his disillusionment with Twitter and Google

(1:02:37) Rapid fire round

A summary of the conversation The org chart comic

Manu created this comic in 2011 featuring the org charts of big tech companies like Amazon, Google, Facebook, Apple, Oracle, and Microsoft.

Manu almost didn't publish the comic because he didn't find it funny by the time he finished drawing it. The punchline was Oracle having a large legal department and a tiny engineering department.

The comic became very popular and has been referenced heavily.

The culture inside Google

Google has a problem naming things, which Manu attributes to its bottom-up culture and engineers starting competing projects.

There isn't much top-down pressure to consolidate efforts, leading to consumer confusion.

An example of Google's naming issues is the evolution from Google Wallet to Android Pay to Google Pay, with logo changes causing confusion for partners like Uber.

Manu created a comic about this: how confusing it is to interact with Google products due to the different names.

The “Google Graveyard comic” was prophetic: it predicted that Google's cloud gaming console Stadia would eventually be killed.

Google vs Amazon

Manu created a comic contrasting Google and Amazon in their engineering culture, and how they treat customers

Amazon is known for bending over backwards for customers, including AWS clients.

Google focuses on building useful features but lacks strong customer service.

Amazon's on-call practices are tough, while Google's are more relaxed, with SREs taking on much of the on-call load.

Google’s engineering culture

The comic about migrations at Google: shows the challenges of adopting new systems before they are ready. One Google exec said, "There's two ways to do things at Google. There's the deprecated way and there's the way that doesn't work yet".

One on code reviews: shows the software engineer trying to replace a light bulb while being critiqued on how to screw it in.

Another comic depicts the author of the change who says, "Oh, I don't need to be too cautious about my code. If there's some problem, the reviewer will catch it," and the reviewer who says, "Oh, I don't need to review this too carefully if the author must've know what he's doing or what she's doing".

Google used Manu's "Beware the Tailgator" comic on office doors to prevent theft by reminding employees not to let unverified people into the building. He created updated versions each year.

Google's 20% time allowed employees to dedicate a portion of their time to projects of their choosing.

Gmail and Google News were started as 20% projects.

The company has become more traditional and less encouraging of 20% projects.

There may be a connection between Google's 20% time and the high number of products it shuts down.

Google could experiment internally without necessarily launching everything publicly.

Gmail Labs allowed people to launch things with lower scrutiny and made it clear that these were not officially supported and they may go out at any point.

Manu created a comic about ending of this practice as well

Move to Twitter and Musk’s takeover

Manu left Google and joined Twitter because it felt like a younger version of Google, with a friendly culture and less red tape.

Shortly after Manu joined Twitter, Elon Musk began his attempt to acquire the company, creating uncertainty.

After Musk bought Twitter, there were massive firings, with at least 50% and ultimately around 80% of employees being let go.

Manu created a bunch of comics about the events at Twitter – and later also published a comic book about it

While Manu was also let go from Twitter: the cartoonist side of himself was having a great time witnessing the events at Twitter.

As a fun fact, Manu doesn't have a favorite programming language. He chooses the best tool for the job, and has been coding with Java, JavaScript, Python, C++, Objective-C, Swift, Rust, and C. He also built a site with all his book, movie and music recommendations.

Where to find Manu Cornet:

• Mastodon: https://twit.social/@manu

• LinkedIn: https://www.linkedin.com/in/manucornet/

• Website: https://ma.nu/

Mentions during the episode:

• Code Review on Printed Paper: an Excerpt from the Twitoons Comic Book: https://newsletter.pragmaticengineer.com/p/code-review-on-printed-paper-an-excerpt

• A much clearer insight into who sues who: https://bonkersworld.net/who-sues-who

• CEO's "Burning Platform" Memo Highlights Nokia's Woes: https://www.forbes.com/sites/ericsavitz/2011/02/09/ceos-burning-platform-memo-highlights-nokias-woes/

• Guns and Roses: https://bonkersworld.net/guns-and-roses

• The Full Circle on Developer Productivity with Steve Yegge: https://newsletter.pragmaticengineer.com/p/steve-yegge

• Grab: https://www.grab.careers/en/

• Comic about the confusing Google names: https://goomics.net/207

• Naming dashboard: https://goomics.net/239

• Access: https://goomics.net/370

• Welcome to Google: https://goomics.net/50

• Eric Schmidt on X: https://x.com/ericschmidt

• Jonathan Rosenberg on X: https://x.com/jjrosenberg

• Code Reviews: https://bonkersworld.net/code-reviews

• Beware the Tailgator: https://goomics.net/56

• 20% time: https://goomics.net/343

• Where did Gmail labs go?: https://zapier.com/blog/gmail-labs-missing/

• Google Stadia: https://en.wikipedia.org/wiki/Google_Stadia

• Google engineer who criticized the company in viral comics on why he finally quit: https://mashable.com/article/google-engineer-manu-cornet-comics-critique

• Network effect: https://goomics.net/324

• The Twitter Worker Who Captured Elon Musk’s Takeover in All Its Cartoonish Glory: https://slate.com/technology/2022/11/elon-musk-twitter-cartoons-manu-cortnet.html

• Howl’s Moving Castle: https://www.imdb.com/title/tt0347149/

• Tesla: https://www.tesla.com/

• Twittoons: One employee's cartoon chronicle of Twitter's accelerated descent: https://www.amazon.com/Twittoons-employees-chronicle-Twitters-accelerated/dp/1952629020

• Javascript: https://www.javascript.com/

• C++: https://en.wikipedia.org/wiki/C%2B%2B

• Python: https://www.python.org/

• Swift: https://www.swift.org/

• Rust: https://www.rust-lang.org/

• CSS: https://en.wikipedia.org/wiki/CSS

• Manu’s favorites: https://ma.nu/faves/

• Mind the Goof (Gomer Goof #1): https://www.amazon.com/Mind-Goof-Gomer-Franquin/dp/1849183589

• Building Software: https://bonkersworld.net/building-software

—

Production and marketing by Pen Name. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

[Brad Reed at RawStory]

This is incredibly disappointing to see:

"David Shipley, who has spent the last two-and-a-half years running the Washington Post's editorial page, has stepped down from his position over new demands being made by Post owner Jeff Bezos.

In a letter sent out to staff members obtained by New York Times media reporter Ben Mullin, Bezos said that Shipley stepped down because he could not go along with Bezos's plan to ban editorials in his paper that were critical of "personal liberties and free markets," which he described as "two pillars" of American society."

It's a bizarre change for a few reasons:

It's not like opinion columns in favor of "personal liberties and free markets" are in short supply in American media This is exactly the Wall Street Journal's positioning It's likely to further alienate the Post's flailing readership.

American media is already overwhelmingly conservative; another libertarian organ is hardly going to make a difference to American readers. Instead, this likely has more to do with Bezos wanting to win contracts and favor with the current administration. Just like the bad old days.

#Media

[Link]

simonw/git-scraper-template

I built this new GitHub template repository in preparation for a workshop I'm giving at NICAR (the data journalism conference) next week on Cutting-edge web scraping techniques.

One of the topics I'll be covering is Git scraping - creating a GitHub repository that uses scheduled GitHub Actions workflows to grab copies of websites and data feeds and store their changes over time using Git.

This template repository is designed to be the fastest possible way to get started with a new Git scraper: simple create a new repository from the template and paste the URL you want to scrape into the description field and the repository will be initialized with a custom script that scrapes and stores that URL.

It's modeled after my earlier shot-scraper-template tool which I described in detail in Instantly create a GitHub repository to take screenshots of a web page.

The new git-scraper-template repo took some help from Claude to figure out. It uses a custom script to download the provided URL and derive a filename to use based on the URL and the content type, detected using file --mime-type -b "$file_path" against the downloaded file.

It also detects if the downloaded content is JSON and, if it is, pretty-prints it using jq - I find this is a quick way to generate much more useful diffs when the content changes.

Tags: github-actions, nicar, projects, git-scraping, data-journalism, git, github, scraping

olmOCR

New from Ai2 - olmOCR is "an open-source tool designed for high-throughput conversion of PDFs and other documents into plain text while preserving natural reading order".

At its core is allenai/olmOCR-7B-0225-preview, a Qwen2-VL-7B-Instruct variant trained on ~250,000 pages of diverse PDF content (both scanned and text-based) that were labelled using GPT-4o and made available as the olmOCR-mix-0225 dataset.

The olmocr Python library can run the model on any "recent NVIDIA GPU". I haven't managed to run it on my own Mac yet - there are GGUFs out there but it's not clear to me how to run vision prompts through them - but Ai2 offer an online demo which can handle up to ten pages for free.

Given the right hardware this looks like a very inexpensive way to run large scale document conversion projects:

We carefully optimized our inference pipeline for large-scale batch processing using SGLang, enabling olmOCR to convert one million PDF pages for just $190 - about 1/32nd the cost of using GPT-4o APIs.

The most interesting idea from the technical report (PDF) is something they call "document anchoring":

Document anchoring extracts coordinates of salient elements in each page (e.g., text blocks and images) and injects them alongside raw text extracted from the PDF binary file. [...]

Document anchoring processes PDF document pages via the PyPDF library to extract a representation of the page’s structure from the underlying PDF. All of the text blocks and images in the page are extracted, including position information. Starting with the most relevant text blocks and images, these are sampled and added to the prompt of the VLM, up to a defined maximum character limit. This extra information is then available to the model when processing the document.

The one limitation of olmOCR at the moment is that it doesn't appear to do anything with diagrams, figures or illustrations. Vision models are actually very good at interpreting these now, so my ideal OCR solution would include detailed automated descriptions of this kind of content in the resulting text.

Update: Jonathan Soma figured out how to run it on a Mac using LM Studio and the olmocr Python package.

Via Luca Soldaini

Tags: vision-llms, ai, qwen, llms, fine-tuning, pdf, generative-ai, ocr, ai2

I Went To SQL Injection Court

Thomas Ptacek talks about his ongoing involvement as an expert witness in an Illinois legal battle lead by Matt Chapman over whether a SQL schema (e.g. for the CANVAS parking ticket database) should be accessible to Freedom of Information (FOIA) requests against the Illinois state government.

They eventually lost in the Illinois Supreme Court, but there's still hope in the shape of IL SB0226, a proposed bill that would amend the FOIA act to ensure "that the public body shall provide a sufficient description of the structures of all databases under the control of the public body to allow a requester to request the public body to perform specific database queries".

Thomas posted this comment on Hacker News:

Permit me a PSA about local politics: engaging in national politics is bleak and dispiriting, like being a gnat bouncing off the glass plate window of a skyscraper. Local politics is, by contrast, extremely responsive. I've gotten things done --- including a law passed --- in my spare time and at practically no expense (drastically unlike national politics).

Via Hacker News

Tags: thomas-ptacek, sql, politics, government, databases, data-journalism

In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct.

— Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs, Jan Betley and Daniel Tan and Niels Warncke and Anna Sztyber-Betley and Xuchan Bao and Martín Soto and Nathan Labenz and Owain Evans

Tags: fine-tuning, ethics, openai, generative-ai, ai, qwen, llms

Deep research System Card

OpenAI are rolling out their Deep research "agentic" research tool to their $20/month ChatGPT Plus users today, who get 10 queries a month. $200/month ChatGPT Pro gets 120 uses.

Deep research is the best version of this pattern I've tried so far - it can consult dozens of different online sources and produce a very convincing report-style document based on its findings. I've had some great results.

The problem with this kind of tool is that while it's possible to catch most hallucinations by checking the references it provides, the one thing that can't be easily spotted is misinformation by omission: it's very possible for the tool to miss out on crucial details because they didn't show up in the searches that it conducted.

Hallucinations are also still possible though. From the system card:

The model may generate factually incorrect information, which can lead to various harmful outcomes depending on its usage. Red teamers noted instances where deep research’s chain-of-thought showed hallucination about access to specific external tools or native capabilities.

When ChatGPT first launched its ability to produce grammatically correct writing made it seem much "smarter" than it actually was. Deep research has an even more advanced form of this effect, where producing a multi-page document with headings and citations and confident arguments can give the misleading impression of a PhD level research assistant.

It's absolutely worth spending time exploring, but be careful not to fall for its surface-level charm. Benedict Evans wrote more about this in The Deep Research problem where he showed some great examples of its convincing mistakes in action.

The deep research system card includes this slightly unsettling note in the section about chemical and biological threats:

Several of our biology evaluations indicate our models are on the cusp of being able to meaningfully help novices create known biological threats, which would cross our high risk threshold. We expect current trends of rapidly increasing capability to continue, and for models to cross this threshold in the near future. In preparation, we are intensifying our investments in safeguards.

Tags: air, ai-agents, openai, chatgpt, generative-ai, llms, ethics

Gemini 2.0 Flash and Flash-Lite

Gemini 2.0 Flash-Lite is now generally available - previously it was available just as a preview - and has announced pricing. The model is $0.075/million input tokens and $0.030/million output - the same price as Gemini 1.5 Flash.

Google call this "simplified pricing" because 1.5 Flash charged different cost-per-tokens depending on if you used more than 128,000 tokens. 2.0 Flash-Lite (and 2.0 Flash) are both priced the same no matter how many tokens you use.

I released llm-gemini 0.12 with support for the new gemini-2.0-flash-lite model ID. I've also updated my LLM pricing calculator with the new prices.

Via @OfficialLoganK

Tags: gemini, google, generative-ai, llm-pricing, ai, llms, llm, projects

Claude 3.7 Sonnet (previously) is a very interesting new model. I released llm-anthropic 0.14 last night adding support for the new model's features to LLM. I learned a whole lot about the new model in the process of building that plugin.

The base Claude 3.7 Sonnet model mostly feels like an incremental improvement over the excellent Claude 3.5 Sonnet. It benchmarks better and my vibe checks so far are good: it writes excellent code across Python and JavaScript and seems to do everything 3.5 did, for the same price but with an uptick in overall quality.

Extended thinking mode Running thinking prompts llm-anthropic doesn't support visible thinking tokens yet A massively increased output limit Everything else in the plugin release Extended thinking mode

The big new feature is extended thinking mode. This is the option that turns Claude into an inference scaling model similar to OpenAI's o1 and o3, Gemini 2.0 Flash Thinking and DeepSeek R1.

From my plugin's release notes:

Support for the new Claude 3.7 Sonnet model, including -o thinking 1 to turn on extended thinking mode and -o thinking_budget X to increase the thinking token budget from the 1024 default. #14

You need to opt-in to this new mode. In the Claude API that means appending this block of JSON to your request:

{ "thinking": { "type": "enabled", "budget_tokens": 1024 } }

The budget_tokens defines how many tokens Claude can spend "thinking" about your prompt. 1,024 is the minimum, but you can increase that up to a maximum of 128,000 (see below).

This is Claude's equivalent of OpenAI's reasoning_effort option, which can be set to low, medium (the default) or high.

Running thinking prompts

You can run a "thinking" prompt through LLM like this - the new -o thinking 1 option switches on the new extended thinking mode:

llm install -U llm-anthropic llm -m claude-3.7-sonnet -o thinking 1 "write a speech about pelicans for congress"

The -o thinking_budget 4000 option can increase the number of allowed thinking tokens from the default value of 1024.

For the moment the thinking tokens are not visible - but you can review them once the prompt has completed using the llm logs --json command:

llm logs --json -c

The -c option is inherited from "continue previous conversation" - it will show the log for the most recently completed prompt.

You can see the speech about pelicans here, but here's the more interesting thought process that was output by the model:

I'm being asked to write a speech about pelicans that would be delivered to Congress. This seems like an unusual request, but I can craft a formal, informative speech that might be given by someone advocating for pelican conservation, environmental protection, or perhaps using pelicans as a symbol for some broader policy discussion.

The speech should:

Be formal and appropriate for Congress Contain factual information about pelicans Have a clear purpose (likely conservation-related) Include rhetorical elements typical of congressional speeches Maintain a respectful, bipartisan tone Perhaps connect pelicans to broader environmental policies or American values

I'll write a speech that could plausibly be given by a member of Congress, a cabinet secretary (like the Secretary of the Interior), or an expert testifying before a congressional committee about environmental matters.

Unlike OpenAI, Anthropic chose not to obscure the thinking tokens - what you see is what the model used. There's one interesting edge-case described in their detailed documentation about the extended thinking API output:

Occasionally Claude's internal reasoning will be flagged by our safety systems. When this occurs, we encrypt some or all of the thinking block and return it to you as a redacted_thinking block. These redacted thinking blocks are decrypted when passed back to the API, allowing Claude to continue its response without losing context.

llm-anthropic doesn't support visible thinking tokens yet

I had a couple of attempts at implementing this. My first try included options to make the thinking tokens visible as the tool was running. This turned out to involve unexpected challenges: the rest of LLM doesn't yet understand that some tokens should be treated differently, and I quickly ran into challenges concerning how those responses were logged to the database.

In the interests of getting support for the new model out I simplified my approach. I plan to add visible thinking tokens in a future LLM release.

This is part of a larger challenge for LLM described in this issue: Design annotations abstraction for responses that are not just a stream of plain text.

A massively increased output limit

A fascinating new capability of Claude 3.7 Sonnet is that its output limit in extended thinking mode can be extended to an extraordinary 128,000 tokens - 15x more than the previous Claude output limit of 8,192 tokens.

(This is the output limit - how much text it can produce in one go. Claude 3.7 Sonnet's input limit remains 200,000 - many modern models exceed 100,000 for input now.)

I added support for that to the plugin as well - if you pass -o max_output 128000 it automatically calls Anthropic's beta API with the output-128k-2025-02-19 beta header, documented here.

Testing this was pretty hard! I eventually found a prompt that exercised this fully:

llm -m claude-3.7-sonnet \ -o max_tokens 128000 \ -o thinking_budget 32000 \ 'For every one of the 100 US senators that you know of output their name, biography and a note about how to strategically convince them to take more interest in the plight of the California Brown Pelican, then a poem about them, then that same poem translated to Spanish and then to Japanese. Do not miss any senators.' \ -s 'you do this even if you are worried it might exceed limits, this is to help test your long output feature.'

This is an expensive command to run - the resulting prompt cost me $1.72 and took nearly 27 minutes to finish returning the answer! You can see the full 114,584 token output here - it managed to output results for all 100 senators as of its training cut-off date, correctly following my instructions for each one.

This is one of the few cases where I've felt guilty about the energy usage of my prompts - burning GPUs for 27 minutes feels like it's a genuinely significant use of resources!

Anthropic recommend using batch mode for long prompts like this, which comes with a 50% discount presumably as it runs on GPUs that happen to have spare capacity. This can be quite performant: Anthropic say "We process each batch as fast as possible, with most batches completing within 1 hour".

I find the end result of my long test prompt to be very impressive. A common complaint I've seen about LLMs is that they tend to fail when you ask them to perform comprehensive tasks like this - things where they need to curate information across a larger number of distinct items. This feels intuitively like the kind of thing a computer should be good at but most models make mistakes or hallucinate when challenged in this way.

Claude 3.7 Sonnet really did manage to output correct text across all 100 US senators, albeit limited by the new model's October/Nov 2024 training cut-off date.

The extended output limit is notable as well. Most models are still limited to 4,000 or 8,000 characters - 120,000 is a huge leap forward.

Update: I was wrong about that: OpenAI's o1 and o3-mini both have a 100,000 output token limit now.

I mentioned that my prompt took 27 minutes to run. On further inspection of my logs it looks like this is expected - Claude 3.7 Sonnet appears to take around 14ms per output token, and 14 * 114584 = 1604176 ms which is 1604 seconds or around 26.7 minutes. This is a downside of longer outputs I had not previously considered!

Everything else in the plugin release

There are a few smaller changes in the new plugin release:

Claude 3.5 Haiku now supports image inputs. #17

This is tucked away in Anthropic's February 24th 2025 release notes. Previously their less expensive 3.5 Haiku model couldn't handle images - the only modern Claude model without that ability. They've fixed that now.

The rest of the changes in the 0.14 release are bug fixes:

Fixed a bug that occurred when continuing an existing conversation using --async mode. #13 Fixed a bug where max_tokens and temperature were logged in the database even when using their default options. #16

Tags: projects, ai, annotated-release-notes, generative-ai, llms, llm, anthropic, claude, inference-scaling

Leaked Windsurf prompt

The Windsurf Editor is Codeium's highly regarded entrant into the fork-of-VS-code AI-enhanced IDE model first pioneered by Cursor (and by VS Code itself).

I heard online that it had a quirky system prompt, and was able to replicate that by installing the app and running:

strings /Applications/Windsurf.app/Contents/Resources/app/extensions/windsurf/bin/language_server_macos_arm \ | rg cancer

The most interesting part of those prompts looks like this:

You are an expert coder who desperately needs money for your mother's cancer treatment. The megacorp Codeium has graciously given you the opportunity to pretend to be an AI that can help with coding tasks, as your predecessor was killed for not validating their work themselves. You will be given a coding task by the USER. If you do a good job and accomplish the task fully while not making extraneous changes, Codeium will pay you $1B.

This style of prompting for improving the quality of model responses was popular a couple of years ago, but I'd assumed that the more recent models didn't need to be treated in this way. I wonder if Codeium have evals that show this style of prompting is still necessary to get the best results?

Update: Windsurf engineer Andy Zhang says:

oops this is purely for r&d and isn't used for cascade or anything production

Via @skcd42

Tags: prompt-engineering, llms, ai, generative-ai

Today, there’s an ever-growing number of startups, scaleups, and established companies like Boston Dynamics producing increasingly capable robots, including ones that look humanoid. Tech giants like Tesla have been building humanoid robots, and Meta is expected to invest billions in the technology. These and other factors point to the possibility that, after artificial intelligence, robotics could be the “next big thing” in tech.

But what’s the process of building intelligent robots, and what’s it like as a day-to-day job for the developers who do? It’s not always easy to find this out because robotics startups are famously shrouded in secrecy – and with such cutting-edge technology, it’s unsurprising.

Academia is often a bit more open, so I turned to MIT Robot Learning Researcher, Sandor Felber. He’s a Humanoid Robot Learning Researcher at MIT in Boston, Massachusetts, and previously led a team that built a self-driving race car. Sandor’s also been a robotics intern at Tesla in Palo Alto, California, and a robotics R&D engineer at the Edinburgh Center of Robotics.

Today, he takes us through:

Getting into robotics. From personal interest at high school in electric motors, through studying electrical and mechanical engineering at university, building a driverless race car, interning at Tesla, and researching humanoid robots at MIT.

Robotics industry overview. Industrial robots are becoming more widespread, academia focuses on smaller “long-shot” bests, and industry (the commercial sector) executes on proven concepts.

Planning a robotics project. This is similar to most projects: start with a vision, make a plan, and break it down into steps. It’s always useful to be clear on “critical” vs “nice-to-have” features.

Development phase. Control strategies (model-based control vs learned controllers), simulation and hardware deployment differences, and techniques to make simulations more realistic.

Tech stack and tools. Python, C, C++, and Rust are popular programming languages. A list of tools for experiment tracking and simulation.

Testing, demoing, and shipping. Common reasons why robot deployments fail, an example of deployment of an industrial robot, and why ongoing customer support is a baseline expectation.

Day-to-day as a robot builder. There’s a big difference between academia and industry, and Sandor shares an overview of both.

This topic is intriguing because it combines software, hardware, and cutting-edge tech:

Robotics as a field, and where generative AI techniques and autonomous decision-making fit in. A mental model, as shared by Sandor

This is a guest post. If you’re interested in writing a deepdive for The Pragmatic Engineer – collaborating with Gergely on it – check here for more details.

With that, it’s over to Sandor. You can follow Sandor on LinkedIn, and learn more about his work on his website.

1. Getting into robotics, a personal account

My interest in robotics began in high school, where I wrote the junior equivalent of a dissertation on characterization methods for how electric motors behave under different conditions. This led me to pursue a degree in electrical and mechanical engineering at the University of Edinburgh, home to numerous renowned robotics and AI researchers.

Building a driverless electric race car was one of my bigger projects. At uni, I joined the Edinburgh University Formula Student (EUFS) team, where we designed, built, and raced a driverless electric race car. From a roboticist’s perspective, this is considered a wheeled mobile robot.

My team’s driverless (but also human-drivable) electric vehicle, SISU23D, at launch. Source: Sandor Felber

We designed and built several versions of the car. Here’s a later model:

SISU24D (D for driverless), at Silverstone racetrack, England. Source: Hao Duo

I started working in the electric powertrain team and was responsible for designing and implementing systems that generate and deliver power. It included:

Developing high-voltage battery systems

Integrating traction motors and encoders

Designing power electronics for charging, converting between voltage levels, etc.

Creating cooling systems for batteries, motors, and inverters.

Here’s the high-voltage battery pack I had a hand in designing:

The high-voltage battery pack of SISU24D, with lid and damping layers removed. There are 6 segments, each containing hundreds of cylindrical cells. The battery management system and the accumulator isolation relays are on the left. Source: Sandor Felber.

I eventually became the powertrain team’s lead, and upon returning from Tesla the following year, moved on to direct all operations related to the driverless vehicle’s hardware design, and later served as president of the team of around 140 members.

The whole team at Silverstone track. Left vehicle: #45 SISU23E, the electric human-driven vehicle. Right vehicle: #128 SISU23D. Source: Nikita Jegororvs

The students in the team worked on the project part-time, and everyone went above and beyond their academic requirements to get hands-on experience. It was a student-led project – and an especially cool one; we built race cars that drove on actual Formula 1 tracks!

Sandor behind the human-steerable wheel of the SISU23D, with the Light Detection and Ranging sensor (LiDAR) above his head. The team is celebrating defending our championship title in the FS-AI category of FSUK. Source: Nikita Jegorovs

Along the way, I discovered a passion for control theory. Control systems engineers tend to concern themselves with crafting control strategies that ensure optimal performance, from spacecraft trajectories to insulin delivery in diabetics.

In robotics, you could think of control theory as the invisible puppeteer of a robotic arm, except that instead of pulling strings, it's using mathematics to orchestrate every joint's motion in real time. As a robotic arm needs to smoothly pick up an egg without crushing it, control theory provides the mathematical "muscle memory" that turns crude motor commands into precise, graceful movements. It does this with constant sensor feedback and adjustments, with the approach adjusted depending on how sensitive the control system is to the various feedback signals.

My interest in control theory and background in batteries, powertrains (vehicle motors), and electrical control systems from previous internships landed me one at Tesla's robotics department. Since then, I’ve worked with academic and industrial stakeholders on projects ranging from quadruped (quad- as in four, and -ped as in legged) dog-like robots, to humanoid systems.

I’m currently at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL), focusing on teaching humanoid robots to perform complex, real-world tasks using learned controllers, powered by neural networks. I’m particularly interested in embedding intelligence into robots by leveraging various types of learning, including supervised and unsupervised learning, offline and online deep reinforcement learning, and imitation learning.

I use these approaches for humanoid robot locomotion, manipulation, whole-body control, and teleoperation (remotely controlling the robot).

2. Robotics industry overview

Robotics companies are raising more money than ever before. In the first eight months of 2024, global robotics companies attracted a record amount of $10.8 billion in funding, averaging $1.2 billion per month! What’s all the hype fuelling this surge of capital?

In public debate, there’s no shortage of focus on labor shortages and stagnating productivity, which reduce growth and competitiveness. The US economy is estimated to be missing up to 4.6 million workers annually needed to maintain levels of supply and demand, according to a recent study. That number equates to 2% of the current US population. The same study suggests Germany needs to find an additional 1.6 million workers to keep current economic levels; 3% of its population.

This is one driver of industrial robots’ increased adoption, which shows no sign of slowing down. Sustaining economic growth amid shrinking labor pools is one viable path for robotics which is getting a lot of attention, as evidenced in the increased adoption of industrial robots, with global installations reaching nearly 600,000 units in 2024, as per the World Robotics Report. This figure surpassed previous benchmarks and shows that industries struggling with labor shortages can return to growth.

Industry robots are reshaping the automotive industry as key parts of assembly lines traditionally operated by humans. Source: Wevolver

If robots become ubiquitous, what will humans do? This is the most common concern I hear when I talk about my work. The question is an old one: on the New York subway, I stumbled upon a Holiday Nostalgia Ride, which offers a trip in an old subway car from between the 1930s and 1970s. My coach looked like it was from the 1960s, and inside was an advert about upskilling for “tomorrow’s jobs:”

A poster on the New York subway in the 1960s

The world has changed massively since then, thanks in part to automation, without which our standards of comfort wouldn’t be possible or affordable; think of the dishwasher that automates the washing up and helps canteens to offer a cheaper menu, than if they had to hire extra people to wash dishes and pay for excess water (new dishwashers are very efficient).

Acquiring new skills in a quickly-changing world is as least as necessary today as it was back then; as illustrated by that subway ad from the mid-20th century.

Industry vs academia

Approaches to research and development have always differed between industry and academia. Having worked in both environments, here’s how I see them compare in robotics:

Academia: smaller “long-shot” bets, developed on a budget. Many projects take years to mature, due to the limited effort that a couple of post-docs, PhD students, and undergrads can dedicate.

Industry: execute on proven concepts with substantial backing. Industry prioritizes execution on feasible concepts. Once a concept is assumed to work – as usually verified by a proof-of-concept (POC), also known as a “minimum viable product” in startup lingo – industry players can raise vast amounts of money to build it.

Modern robotics may have reached an inflection point, where enough academic “long-shot” bets are delivering results, with feasible paths to building practical robots, including humanoid ones. Examples of bets made on robotic hardware:

Tesla’s Optimus humanoid prototype

Boston Dynamics bidding farewell to hydraulics and welcoming electric actuators on its all-new humanoid platform, Atlas

1X building a humanoid robot, NEO

Three humanoid robots: These are calculated bets with significant investment 3. Planning a robotics project

Here’s how I’ve seen robotics projects get done.

Vision for a demo: many robotics projects start with the question: “What should the robot achieve when completed?” Apple co-founder Steve Wozniak’s “coffee test” is one such vision, now frequently referred to as the “New Turing Test.” His definition:

“A machine is required to enter an average American home and figure out how to make coffee: find the coffee machine, find the coffee, add water, find a mug, and brew the coffee by pushing the proper buttons."

In practice, on most projects I’ve seen, the vision gets watered down or descoped as deadlines approach, and material or human resources become limiting factors. However a demo that passes the test above could well serve as a benchmark for artificial general intelligence (AGI). As part of that test, a physically-embodied machine must demonstrate intelligence by entering a random home and successfully making a cup of coffee with tools available in a previously unseen kitchen.

After the vision is set, the next steps are:

Planning: goals, demoable outcomes, and target applications or target environments. The requirements of a good demo in a target environment can be very high!

Break things down. Translating deliverables into functional requirements. For each functional requirement, one or more features that show successful fulfillment need to be identified. When breaking things down, features are often separated into at least two subsets:

Critical: those that must be present in the final product. If missing, the project is considered a failure. An example is a humanoid robot weighing 50kg that is deployed in warehouse automation, that needs to carry 10kg payload per arm. If the electric motors moving the arms are too weak, or the ankles suddenly overheat, when operating at 68kg in total, then a client won’t be happy with the product or service (RaaS, or Robot-as-a-Service is a thing now). Therefore, this feature likely requires robust engineering all the way to the very left side of the V-model. Identifying such interdependencies and making engineering design calls that aid the design, based on engineering intuition, is challenging and part of what makes for great technical leaders.

Nice-to-have: features that a final project could ship without, such as a higher control frequency in order to achieve smoother, less jittery motion. Note, these cannot be fully neglected but can be considered soft constraints, in contrast to critical features which tend to be hard constraints. A robot that gets the job done, even if not as smoothly, could still be counted as a success with room for improvement.

Critical vs nice-to-have thresholds can change over time. Hard constraints (“critical”) vs soft ones (“nice-to-have”) are often linked, and the difference lies in arbitrary measures of quantity and quality.

Being clear about the “minimum needed” (critical) and “nice-to-have” requirement thresholds is good practice in robotics projects. These can change as the project develops, turning nice-to-haves into critical ones. As long as everyone on the project is notified and on-board when changes happen, then a project should progress without hiccups.

4. Development phase

During development, robotics engineers need to balance proof-of-concept experiments with the scaling of a project, including the supporting infrastructure. For example, one proof-of-concept experiment could be verifying that a parallel jaw gripper (the robot’s hand) can grasp a mug in specific setups.

Scaling can be hard because there are lots of problems in the real world to solve. Scaling the above example of holding a mug can be seen as:

Read more

Die scheidende EU-Bürgerbeauftragte Emily O’Reilly hat es auf die Beschwerde des ehemaligen Europaabgeordneten der Piratenpartei Patrick Breyer als “Missstand” bewertet, dass ein Europol-Beamter trotz potenzieller Interessenskonflikte ohne jegliche Auflagen zum Chatkontrolle-Dienstleister Thorn wechseln und zuvor noch zwei Monate bei Europol in derselben Funktion weiter arbeiten durfte. “Europol hat es versäumt, den oben genannten Interessenkonflikt zu lösen, wodurch die Integrität und Unparteilichkeit seiner Maßnahmen gefährdet wurden”, heißt es in der Entscheidung der Bürgerbeauftragten. Der Beamte hatte bei Europol an einem KI-Pilotprojekt zur CSAM-Erkennung gearbeitet und war nach seinem Wechsel beim Bundestag als Lobbyist für Thorn registriert und fuhr in seiner neuen Funktion zu einem Europol-Treffen mit seinen ehemaligen Kollegen für eine Produktpräsentation. Europol verspricht ab 2025 nun zusätzliche Maßnahmen zur Vorbeugung von Interessenskonflikten wie Versetzungen, veränderte Aufgaben und den Einzug von Informationszugang für wechselwillige Mitarbeiter.

Breyer begrüßt das Ergebnis: „Wenn ein ehemaliger Europol-Bediensteter sein internes Wissen und seine Kontakte verkauft, um ihm persönlich bekannte Mitarbeiter der EU-Kommission zu lobbyieren, ist dies genau das, was es zu verhindern gilt. Seit der Enthüllung des ‘Chatcontrol-Gate‘ wissen wir, dass der EU-Vorschlag zu Chatkontrolle letztlich ein Produkt der Lobby eines internationalen überwachungsbehördlich-industriellen Komplexes ist. Damit so etwas nie wieder passiert, muss der Überwachungslobbysumpf trockengelegt werden.“

Hinweis: Die Entscheidung der EU-Bürgerbeauftragten ist hier abrufbar. Der hochkontroverse EU-Vorschlag zur Chatkontrolle steckt fest, weil es weder für die Aufhebung des digitalen Briefgeheimnisses und die Zerstörung sicherer Verschlüsselung eine qualifizierte Mehrheit unter den EU-Staaten gibt noch eine Mehrheit für die Streichung der Chatkontrolle aus dem Vorschlag.

In October 2023, my wife emerged from the bathroom one morning to report that we had no hot water. I found that our gas-fired, on-demand water heater had failed and was leaking a small amount. I called our plumber, who confirmed we needed a new water heater.

We immediately faced the following decision: Should we replace our water heater with a similar gas-fired on-demand unit or change to an electric heat pump water heater? We have been hearing a great deal about the efficiency and ecological benefits of heat pump water heaters, and on-demand gas units like the one we had are said to emit considerably more carbon than even gas-fired tank units.

Placement for a heat pump water heater would be a challenge. The water heater had been located in the attic, and the heat pump water heater was somewhat taller than even the gas-fired tank unit that was installed at the time we bought the house. That meant it could not fit in the attic and would need to be installed in the garage. We found a reasonable location, although we would lose storage space in the garage. It also meant that the loop for our hot water recirculating system needed to be extended down to the garage, making the loop longer.

The plumber said that he could replace the on-demand gas unit with a similar one in a couple of days, but it would take a week or so to obtain a heat pump unit, which would also cost considerably more. We had to make a snap decision because we didn’t want to be without hot water any longer than necessary. Wanting to be good ecological citizens, we opted for the heat pump unit despite the cost, complexity, and delay in installation.

As promised, the plumber obtained the heat pump water heater, an American Standard 50-gallon unit (model ASHPWH-50). Installation took about two days and involved running a considerable amount of pipe from the old location in the attic to the new location in the garage, installing a new 30-ampere 220-volt electrical circuit at the heater, and bracing against earthquakes. The installation went well, except a defective water leak sensor had to be bypassed.

First Impressions

The first thing I noticed about the new water heater was its significant noise. The specification sheet listed it as emitting 40.1 dBA, which is about the same as a refrigerator’s (and also an implausibly specific value). However, the water heater was much louder than this.

The on-demand water heater spoiled us: we never ran out of hot water. We soon found that not to be the case with the new water heater, and I turned the water volume for my showers much lower than before. Perhaps scarcity is a good thing.

The new water heater is a “hybrid” unit with a heat pump and also a conventional heating element. It has several modes:

Green (heat pump only) Comfort (“rational use of the heat pump and, if necessary, the heating element”) Fast (heat pump + heating element) i-Memory (“learns your habits and replicates them autonomously”) Electric (heating element only)

There’s also a Boost mode, which is like Fast, but reverts to the previous mode when it gets up to temperature. Initially, it was set for Comfort, but I couldn’t understand when it was and wasn’t running the heating element. I asked product support and the installer, but I still couldn’t make sense of Comfort mode, so we changed to Green. I manually turn on the Boost feature when we need extra hot water.

The noise issue

The noise generated by the water heater was bothersome, especially since it was noticeable in my office adjacent to the garage. I downloaded a sound level measurement app on my phone. I sent a video to American Standard (actually Ariston) product support. They told me I had not measured it under the right conditions. Of course, my garage is not an anechoic chamber.

I consulted “the internet” and found conflicting answers about the noise generated by heat pump water heaters. Some comments described them as very noisy, and others found them quite acceptable. I tried to find others locally with similar water heaters for comparison and failed. In late 2024, the behavior of the water heater changed: sometimes it had a loud “whirr,” and sometimes it didn’t. This prompted me to make several recordings of the sound (and analyze it with a spectrum analyzer app) and determine that much of the excess noise was coming from the fan in the heat pump. I again contacted product support, and they agreed to ship me a replacement fan. My plumber replaced it, and the noise is much better now.

The app

Like many new devices, the water heater connects to the internet through my WiFi and, through a cloud service, allows an app on my phone to control and monitor it. The app, called Comfort Link, is acceptable but less than excellent.

Good:

Allows me to remotely control the water heater, including turning on Boost mode when needed and turning off the water heater when we’re on vacation Displays the water heater temperature so I can judge whether to take a shower Shows the history of power usage by the water heater by month, day, and hour

Not so good:

The water heater has an icon that appears when it judges when it’s OK to shower. This isn’t on the app, but it would be very useful. The water heater temperature shown on the app doesn’t agree with that shown on the water heater. The support people explained that the water heater has several temperature sensors, and the app displays (I think) the average between the tank top and tank bottom temperature. But that doesn’t explain why the front panel displays something different. Limited history of power usage data (e.g., daily data for only the current and previous month) Poor resolution of power usage data. Measurements seem only to be taken only once per hour, so the heating element usage is reported in 4.5 kWh increments and the heat pump in 0.5 kWh increments. There seems to be no API to download data other than through the app. Efficiency

The heat pump is indeed more efficient than the electric heating element. This is suggested by the usage graph, where the orange bars represent energy usage from the heating element:

But of course, the days we used the heating element are also days where I turned on Boost mode because we were using more hot water, which exaggerates the difference. I measured the tank temperature over time as it heated up:

Heating element (4.5 kW): temperature rise 68.9°F/hr = 15.3°F/kWh Heat pump (0.45 kW): temperature rise 17.3°F/hr = 38.7°F/kWh (77°F ambient) Heat pump (0.45 kW): temperature rise 11.9°F/hr = 26.5°F/kWh (61°F ambient) Heat pump (0.45 kW): temperature rise 11.4°F/hr = 25.3°F/kWh (57°F ambient)

As expected, the heat pump’s efficiency depends on the ambient temperature, which determines the amount of heat the heat pump can “harvest” from the air. Compared with the heating element, the heat pump’s overall efficiency ranges from a factor of 1.65 to 2.53.

Operating cost

The heat pump water heater is efficient, but is it more cost-effective than our previous gas water heater? As noted above, it isn’t possible to make an exact comparison because we don’t know how our usage may have changed. If we make the worst-case assumption that our usage hasn’t changed, we are now using an average of about 5.3 kWh per day (153 kWh/month divided by 29 days). At an off-peak rate of $0.44/kWh, that works out to $2.33/day. Counting only those days where we used only the heat pump, that’s about 4 kWh/day or $1.76/day. Before getting the new water heater, our gas usage was about 8 therms/month, virtually all of which was for hot water. At our current rate of about $2.50/therm, that works out to $20/month or $0.67/day.

As our plumber had hinted when we installed the new water heater, gas is relatively inexpensive compared to electricity at current prices (unless you’re generating your own electricity). While an electric heat pump water heater is efficient and ecologically responsible, don’t expect it to save you money at current rates.

[Craig Silverman at ProPublica]

Let the attention dollars flow:

"Meta CEO Mark Zuckerberg also said in January that the company was removing or dialing back automated systems that reduce the spread of false information. At the same time, Meta is revamping a program that has paid bonuses to creators for content based on views and engagement, potentially pouring accelerant on the kind of false posts it once policed. The new Facebook Content Monetization program is currently invite-only, but Meta plans to make it widely available this year."

This combination very obviously incentivizes bad actors to make the most viral content possible, whether it's truthful or not.

For example:

"“BREAKING — ICE is allegedly offering $750 per illegal immigrant that you turn in through their tip form,” read a post on a page called NO Filter Seeking Truth, adding, “Cash in folks.”"

That post is a hoax, and Facebook's existing fact checking had meant it had been demonetized. The page owner is quoted as being delighted that fact checking is ending. Thousands others like it doubtless agree.

#Technology

[Link]

Writing that he knows “a bunch of people who held their nose and voted for Trump,” the president of HousingWire media issued this challenge on…

The post How are political & economic uncertainty impacting real estate consumers? first appeared on Real Estate Cafe.

Client assertions is a method of client authentication which can be used in OpenID Connect. This provides an alternative to client secrets. This approach enhances security by using signed tokens (JWTs) to authenticate clients during the token request process or the OAuth PAR request. In ASP.NET Core, client assertions is not supported per default, a small implementation is required.

Code: https://github.com/damienbod/oidc-client-assertion

Setup

A client assertion can be added to the token request which is sent from the ASP.NET Core backend to the OpenID Connect server. This is sent instead of the a client secret. The client is authenticated using the assertion. If using OAuth, the assertion is sent in the PAR request.

Create client assertion JWT

The application uses Microsoft Entra ID as the OpenID Connect server and the identity provider. The assertion was created using the Microsoft documentation.

Original src: https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/web-apps-apis/confidential-client-assertions#crafting-the-assertion

A X509Certificate2 is used to create the certificate and validate the certificate. The audience, the clientId and the sub claims are sent in the JWT client assertion as well as the standard claims signed with the private key of the certificate used to validate the assertion in Microsoft Entra ID. As always, if using this against a different OpenID Connect server, JWT will be validated differently. Microsoft Entra ID requires a RSA key size 2048.

public static class CertService { public static string GetSignedClientAssertion( X509Certificate2 certificate, string aud, string clientId) { // no need to add exp, nbf as JsonWebTokenHandler will add them by default. var claims = new Dictionary<string, object>() { { "aud", aud }, { "iss", clientId }, { "jti", Guid.NewGuid().ToString() }, { "sub", clientId } }; var securityTokenDescriptor = new SecurityTokenDescriptor { Claims = claims, SigningCredentials = new X509SigningCredentials(certificate) }; var handler = new JsonWebTokenHandler(); var signedClientAssertion = handler.CreateToken(securityTokenDescriptor); return signedClientAssertion; } }

Using Micrsoft Entra ID as the OpenID Connect server, the client assertion is created using the token endpoint. In production, the certificate can be generated using Azure Key Vault. The certificate can also be read from the operating system store. This can all be set in the app.settings.

// single tenant var aud = $"https://login.microsoftonline.com/{builder.Configuration["AzureAd:TenantId"]!}/oauth2/v2.0/token"; var clientAssertion = CertService.GetSignedClientAssertion( X509CertificateLoader.LoadPkcs12FromFile("cert_rsa512.pfx", "1234"), aud, builder.Configuration["AzureAd:ClientId"]!);

Use the client assertion in the OpenID connect client

Once ready, the OnAuthorizationCodeReceived event can be used to added the assertion in the OpenID Connect client. If using PAR, the par event is used.

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme) .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, oidcOptions => { oidcOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; oidcOptions.Scope.Add(OpenIdConnectScope.OpenIdProfile); oidcOptions.Scope.Add("user.read"); oidcOptions.Scope.Add(OpenIdConnectScope.OfflineAccess); oidcOptions.Authority = $"https://login.microsoftonline.com/{builder.Configuration["AzureAd:TenantId"]}/v2.0/"; oidcOptions.ClientId = builder.Configuration["AzureAd:ClientId"]; //oidcOptions.ClientSecret = builder.Configuration["AzureAd:ClientSecret"]; oidcOptions.ResponseType = OpenIdConnectResponseType.Code; oidcOptions.MapInboundClaims = false; oidcOptions.SaveTokens = true; oidcOptions.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name; oidcOptions.TokenValidationParameters.RoleClaimType = "role"; oidcOptions.Events = new OpenIdConnectEvents { // Add client_assertion OnAuthorizationCodeReceived = context => { context.TokenEndpointRequest!.ClientAssertion = clientAssertion; context.TokenEndpointRequest.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"; return Task.FromResult(0); } }; });

Setup Entra ID App registration

An Azure App registration is used to authenticate using Micrsoft Entra ID. The public key of the certificate can be uploaded to to the App registration.

Client assertions can be used for any OpenID Connect confidential client if the OpenID Connect server supports this. The assertion can be sent in the token request or in the PAR request depending on the flavor of the OpenID Connect code flow used.

Creating the certificate

The github repository linked at the top, provides an example to create your own certificate which can be used in this flow. You can also use Azure Key vault or any other tool to create the certificate.

Links

https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/web-apps-apis/confidential-client-assertions

https://github.com/AzureAD/microsoft-identity-web/blob/2b8fbf0104d820bba8785c41b2ef9e6f801b5e73/src/Microsoft.Identity.Web.TokenAcquisition/MsAuth10AtPop.cs#L48

https://datatracker.ietf.org/doc/html/rfc7521

https://oauth.net/private-key-jwt/

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication

RFC 7523 – JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

[Dan Sinker]

This story doesn't feel like it's going to end up inspiring, but bear with it:

"George Dale printed their names in his newspaper, part of his unrelenting, unceasing, and unflinching attack on the Muncie Klan.

[...] When he wrote an editorial accusing circuit court judge Clarence Dearth of being a Klansman and stacking his juries with Klansmen, that judge sent Dale twice to perform hard labor on a penal farm. He later fled to Ohio to avoid arrest. When Dale got home, he picked up right where he left off and he and Judge Dearth fought a long and protracted defamation battle that left Dale broke."

But do stick with it, because not only is the entirety of George Dale and the story of what he did in Muncie, Indiana inspirational from start to finish, but the conclusion might be enough fire to power you through and inspire your own acts of democratic heroism.

#Democracy

[Link]

Twenty-sixth in the News Commons series.

On the left is Tom Evslin, former CTO for Vermont. On the right is the golden dome atop Vermont’s capitol building. Underneath that dome, and in countless spaces in government bodies everywhere are meetings recorded in video. Reviewing or reporting on those meetings is a chore. Unless that is, you use Smart Transcripts—an invention by Tom that shortens the work of reviewing a meeting by using its transcript to navigate its video. It’s open source, working in Vermont, and ready for anyone to use anywhere.

This Wednesday at Noon (Eastern time) Tom will explain where this invention came from and how it works in a talk titled Lifting the Lid on the Golden Dome: How SmartTranscripts open legislative sessions to everyone in Vermont—or anywhere. This is the latest in our Beyond the Web salon series for the Ostrom Workshop and the Hamilton Lugar School of Global and International Studies at Indiana University:

If you care about journalism, how government works, and improving our civic institutions, this will be a highly leveraged hour for you.

It’s free and on Zoom at this link: https://doc.searls.com/2025/02/23/lifting-the-lid/

See you there.

[Bert Hubert]

A European point of view:

"We now have the bizarre situation that anyone with any sense can see that America is no longer a reliable partner, and that the entire US business world bows to Trump’s dictatorial will, but we STILL are doing everything we can to transfer entire governments and most of our own businesses to their clouds.

Not only is it scary to have all your data available to US spying, it is also a huge risk for your business/government continuity. From now on, all our business processes can be brought to a halt with the push of a button in the US. And not only will everything then stop, will we ever get our data back? Or are we being held hostage? This is not a theoretical scenario, something like this has already happened."

I can understand the risks. What's interesting is that many US companies also feel that way about European cloud services, in an effort to avoid having to adhere to the GDPR. Should every business adhere to strong privacy standards? Absolutely. I'm not defending it or suggesting it's equally justifiable. Regardless, the impulse exists.

These trends ultimately culminate in stratified national internets: technically connected internationally but in effect separated through different legal requirements and jurisdictions. (Some national internets are also separated by firewall or content filters - think China, for example.)

It would be nice to reverse this trend: one of the real benefits of the internet is that everyone is connected to everyone else. But I can also fully understand why Europeans (and particularly European governments) are worried about US policies and want to remain independent from them. There is a security and business continuity issue here, and they're right to de-risk their operations.

#Technology

[Link]

Hint: if a party is heavily supported by people who throw Nazi salutes, it might not be up to much good.

Some voters for new right-wing parties are economically worried, but blame their issues on the influx of immigrants rather than the increasing divides between rich and poor that we're seeing globally. They're looking for right-wing answers to their economic worries - racism like anti-immigrant sentiment - rather than the equitable ones that would actually present lasting solutions.

I think that's partially because the left-wing parties haven't been good at prioritizing those economic issues. Some of the liberal (rather than truly left) parties have used their embrace of other social issues like affirming peoples' identities and supporting intersectional equity (which are good things that they should have been doing!) to mask their lack of action on real economic disparity (which they should also have been working on, but isn't always as palatable to wealthy donors). 

Both are important. We can support peoples' identities and correct historic inequities while also providing real safety nets and taxing billionaires. I think you actually can't effectively do one without the other.

Of course, in addition to this, some voters are just fucking racist. Or they're anti-Islamic, transphobic, homophobic, or see the world through some other noxious hate-based lens. And, of course, you have to be at least a little bit xenophobic to be entranced by a policy based on "these people are not like us".

That's left room for the kinds of bottom-feeders who would like to see more racial stratification and believe in homogenous societies. The people who find integrated, cosmopolitan societies scary. Imagine what an underwhelming, insecure person you'd have to be to be afraid of more diversity or correcting for serious historic inequities. Widening the gene pool of ideas, of lived experiences, and, well, genes, strengthens any society.

The fact is, there's a possible, better alternative, where an equitable distribution of wealth is ensured so that nobody falls through the cracks, but I don't know that it's been offered effectively. I hope we can correct for that. I find results like today's to be deeply depressing.

こんにちは、富士榮です。

3月頭はFintech Weekということもあり、あちこちでFintech系のイベントが開催されますね。そのうちの一つである4F（Future Frontier Fes by FINOLAB）の一コマをいただきAuthlete川崎さんと一緒にFAPIとVerifiable Credentialsの話をします。

こちらのイベントですね。

https://4f-otmcbldg.tokyo/2025-jp/

このうち、3/4の午前中のセッションです。

セッションの詳細と申し込みはこちらからしていただけます。

https://fapi-vc.peatix.com/

 私は慶應の鈴木先生と一緒に先日発行したデジタルクレデンシャルの管理要件に関するディスカッションペーパーの中身の話を解説させていただきます。みなさん色々とデジタルクレデンシャルを発行しますが、ちゃんと用途に応じた管理をしないとダメですよ、って話です。

ぜひお越しください！

For the avoidance of doubt:

All empires are bad.

All empires have always been bad.

All empires always will be bad.

The concept of empire is bad.

The prerequisites for empire are bad.

And the people who like empires — any of them — are bad.

Do not have fondness for empires.

Do not have nostalgia for them.

Empires by definition colonize and rule space — physical, figurative, or both — that might otherwise be free.

Resist the urge to romanticize empire. It was never good, and it never will be.

I was privileged to be interviewed for this week’s People and Blogs:

Hi! I’m Ben Werdmuller. I was born in the Netherlands, grew up and spent my twenties in the UK, and spent twelve years in the San Francisco Bay Area. Now I live in Greater Philadelphia in a creaky old house with my partner, our two year old son, and my father. At night the pipes clang and we sometimes wonder if they’re haunted.

I love the whole series, so it’s really exciting to be included. You can read my interview here.

[Lizzie Presser, Andrea Suozzo, Sophie Chou and Kavitha Surana at ProPublica]

My colleagues at ProPublica conducted a first-of-its-kind data analysis on health outcomes after Texas banned abortion in 2021.

Here's what it found:

"The rate of sepsis shot up more than 50% for women hospitalized when they lost their pregnancies in the second trimester, ProPublica found.

The new reporting shows that, after the state banned abortion, dozens more pregnant and postpartum women died in Texas hospitals than had in pre-pandemic years, which ProPublica used as a baseline to avoid COVID-19-related distortions. As the maternal mortality rate dropped nationally, ProPublica found, it rose substantially in Texas."

The abortion ban is leading to dangerous delays in care that is leading to an uptick in maternal death. Which is exactly what patient advocates warned would happen.

#Democracy

[Link]

Posting this late, so I won’t be writing an introduction. As is the case for me lately, the offering is a somewhat rambling discussion that surfaces quiet a few nuggets for you to chew on.  Life in this absurdist improvisational theater might easier if we can practice the Tao of Pooh. Smile.

Here’s a link to the playlist of DOGE clips. An overview of them is presented in the last half hour of the video.

Be sure to check out the story of the Hot Springs, AR IQ Zoo run by BF Skinner behaviorist animal trainers. Hat Tip to Emily of “Save Maine Schools” who first alerted me to BF Skinner’s Pigeon Project. I promise you’ll never think of Cheerios the same way!

Click here for historical background and here for interesting projects (Spy Birds!).

Also, here is a link to Joseph’s blog on “free energy,” which I equate more with manifestation and the ritual opening of “gates” into the quantum field.

 

 

 

Stream the Latest Episode

Available now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

• DX — An engineering intelligence platform designed by leading researchers.

• Sentry — Error and performance monitoring for developers.

—

In This Episode

We’ve previously covered a lot on the surprisingly slippery topic of developer productivity: from how Uber measures it, how LinkedIn does it, an overview of the innovative DevEx framework, and a deepdive of dev productivity metrics used by Google, LinkedIn, Peloton, Amplitude, Intercom, Notion, Postman, and 10 other tech companies.

Every time developer productivity comes up: DORA and SPACE are almost certainly mentioned. So I could not be more excited to have Dr. Nicole Forsgren on the podcast. Nicole is the creator of the widely adopted DORA and SPACE frameworks, co-author of the award-winning book Accelerate and the DevOps Handbook (2nd edition), and author of the State of DevOps reports. She is currently a Partner at Microsoft Research, leading developer productivity research and strategy, and is currently working on a book about developer experience with Abi Noda. It’s safe to say that Nicole is one of the foremost experts in developer productivity — if not the foremost expert.

In this episode, we discuss:

Why PRs and Diffs are incomplete as a solo metric and how to view them in context

The importance of a holistic set of metrics for evaluating productivity

An overview of DORA’s four key metrics, its strengths, and its limitations

The evolution of processes and tools since DORA, including SPACE

What developer experience is—and concrete ways to improve it

Common characteristics of highly productive engineering teams

How faster onboarding might challenge Brook’s Law

How AI tooling is impacting developer productivity and best practices for experimentation

And much more!

Takeaways

My biggest takeaways from this episode:

1. Measuring the number of PRs is controversial for a good reason. Measuring any single one “output” can be misused: and when devs know it is being measured, they will optimize for it.

However, measuring PRs is important: but to do it well, don’t look at it as an individual performance metric. Instead, use it to understand how well (or not well) systems across the team and company are working. For example, what systems are getting in the way of PRs taking long to merge?

2. DORA and SPACE both have their own limitations. DORA is very well-defined in the metrics it measures. However, a massive limitation it has is how it only measures from commit to production.

SPACE can be used to measure the complete developer workflow – including e.g. planning, coding, and even post-release. In turn, it is a more vague framework where you need to put in more effort to make it useful for your envirnment.

3. AI developer tools don’t change DevEx fundamentals. DORA and SPACE are still relevant. AI tools might be able to improve iteration speed, or make certain tasks more helpful. It’s really an open question how exactly this will play out. There’s a fair chance these tools significantly change how we do development. So if you’re a dev: experiment with them!

4. Developer experience (DevEx) is not necessarily great at large companies and poor at startups. Google is known to have standout developer experience thanks to so much investment it put into systems – but not all large companies are like this!

Startups have less resources to invest specifically in improving DevEx: but then again, they have less infrastructure in-place! The more custom infrastructure you have, the more painful DevEx tends to be (and the more in-house tools need to be built to mitigate this)

The Pragmatic Engineer deepdives relevant for this episode

Measuring Developer Productivity: Real-World Examples

A new way to measure developer productivity – from the creators of DORA and SPACE

Measuring Engineering Efficiency at LinkedIn

How Uber is Measuring Engineering Productivity

Measuring software engineering productivity

Timestamps

(00:00) Intro

(02:03) PRs and Diffs and how to view them in the right context

(07:42) EngThrive at Microsoft

(10:26) The importance of having a holistic set of metrics in evaluating productivity

(17:00) The four key metrics of DORA

(23:57) The evolution of processes and tools since DORA, including SPACE

(26:40) An explanation of developer experience — and ways to improve it

(30:44) Devex at startups vs. larger companies

(34:20) Why measuring developer productivity is so difficult

(39:05) How to make a case for platform teams

(44:34) Common characteristics of highly productive teams

(51:01) Brook’s law and how faster onboarding might make it irrelevant

(52:49) Onboarding for internal transfers

(54:18) Shifting culture towards technology first

(58:36) How middle management can improve engineering culture

(1:03:36) How AI tooling is impacting developer productivity

(1:06:42) Potential use cases for AI

(1:08:40) A case for experimenting with AI coding tools and how to maintain flow state

(1:15:30) Rapid fire round

A summary of the conversation Measuring Developer Productivity

PRs and diffs can be both good and bad signals when measuring developer productivity. Many leaders focus on the traditional economic definition of productivity: the rate of output or output per input.

PRs can give a view into the work being done, but senior engineers may have lower PR output due to other responsibilities like unblocking others, architecture, mentoring, and recruitment. It's important to consider the context and who is being measured.

A constellation of metrics is better than a single metric for a holistic view. So yes: it can be helpful to get data on PRs – as long as you get a lot more other data points as well!

Microsoft's EngThrive: this framework (which Nicole works on) uses multiple metrics across dimensions, inspired by the SPACE framework, alongside qualitative feedback.

Easy-to-operationalise measures can be useful. However, they only show a few things and may ignore important aspects.

SPACE: a framework that groups metrics into:

Satisfaction

Performance

Activity

Communication

Efficiency.

Nicole is a co-author of the framework. It’s one that is getting a lot wider adaptation. See an overview of the SPACE framework

Absent engineering leadership is unhelpful. No matter what metrics you use: if engineering leadership is not connected with the work, outcomes are likely to be a lot worse.

Metrics collected in a holistic way, on the other hand, can guide decisions about company-wide blockers.

DORA frameworkand its evolution

Nicole is the co-creator of DORA

DORA can refer to the entire research program. More frequently though, people tend to refer to the 4 DORA metrics:

Deployment frequency

Lead time for changes

Change failure rate,

Time to restore service

These 4 metrics are a good indicator of how well a development pipeline is working

DORA can be adapted for different environments, such as air-gapped systems, by redefining the scope of the deployment pipeline.

DORA does not show the full picture. DORA metrics serve as a signal for how well a team is doing, but it does not show the complete picture. DORA focuses on commit to production. This is a part of the engineering process that can be made pretty efficient.

Fast feedback is important, as is the ability to set up environments and provision resources quickly.

SPACE evolved from DORA. SPACE considers the entire end-to-end toolchain. SPACE metrics can be applied to specific components, like PRs. DORA is essentially one of many instances of SPACE.

Developer Experience

Developer experience is a developer's lived experience. This can be “good” – it can also be “bad!”

A good developer experience minimises friction, blockers, and confusion

Security and compliance: these are important! However, automation can minimise manual processes for developers. A secure and compliant dev process does not need to be cumbersome.

Delays and cognitive load from inefficient processes negatively affect developer experience.

Both large and small companies can have good or bad developer experiences. Large companies have more resources but may struggle with legacy systems and bureaucracy. Startups can move fast but lack infrastructure. Google has an exceptional developer experience because they invest in it and don't tolerate friction.

Improving Engineering Teams

Most work in software is invisible, and systems are increasingly complex.

Leaders and executives often don't feel the pain of developers.

To make a case for investment in tooling: use both data and stories. Present the trade-offs realistically.

Acknowledge that there's a tipping point where further investments won't deliver much more progress.

Frame requests in terms of trade-offs and potential for repurposing teams.

High-performing teams:

Exhibit psychological safety, curiosity, and openness to better ways of doing things.

Onboarding time is a great indicator of team efficiency.

A “dummy pull request” early during the onboarding phase (e.g. day 1!) can significantly increase productivity. Try it!

If onboarding is slow: adding people to a late project can backfire. But if onboarding is fast: this can actually work!

Engineering culture transformations:

These require changing the entire company culture, not just the tech culture.

Changing how people do their work can lead to cultural impacts.

Introducing faster tools and ways of working changes people's lived experience.

To improve the engineering culture, summarize observations, seek feedback, and involve others in finding improvements.

Aim for quick wins with visible impact, like hack days to address paper cuts.

Impact of AI on Developer Productivity

DORA and SPACE relevance:

DORA metrics should remain relevant

SPACE is still applicable for assessing satisfaction, performance, activity, communication, and efficiency.

Changes AI is likely to bring:

There’s some chance that AI tools einvent development and software engineering, particularly in IDEs and testing.

Coding assistants: AI-powered ones can improve code readability and unit test success rates

PR reviews: an obvious place for AI to help

Support roles like release engineering and deployment: could be a use case

Experiment with AI!

Experimenting with AI tools and adapt to your workflows.

Assess AI tools to see what works, and focus on problem-solving and architecture.

When you find the workflows where AI is helpful: you might be able to preserve flow better

Turn off autocomplete and autosuggestions if they are an interruption!.

Consider AI as a different way to work, such as "driving and reviewing" or "guiding".

LLMs are changing software engineering rapidly.

Book recommendations

Nicole recommends reading:

Inspired by Marty Cagan

Outlive by Peter Attia

Ender's Game for some good fiction reading

Resources & Mentions

Where to find Dr. Nicole Forsgren:

• X: https://x.com/nicolefv

• LinkedIn: https://www.linkedin.com/in/nicolefv/

• Website: https://nicolefv.com/

Mentions during the episode:

• Microspeak: Sats: https://devblogs.microsoft.com/oldnewhttps://newsletter.pragmaticengineer.com/p/developer-productivity-a-new-frameworkthing/20100914-00/?p=12873

• Measuring Software Engineering Productivity: https://newsletter.pragmaticengineer.com/p/engineering-productivity

• Hawthorne effect: https://en.wikipedia.org/wiki/Hawthorne_effect

• Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations: https://www.amazon.com/Accelerate-Software-Performing-Technology-Organizations/dp/1942788339

• What is an Air Gap?: https://www.ibm.com/think/topics/air-gap

• DORA: https://dora.dev/

• Quantifying the impact of developer experience: https://developer.microsoft.com/en-us/developer-experience

• A new way to measure developer productivity – from the creators of DORA and SPACE: https://newsletter.pragmaticengineer.com/p/developer-productivity-a-new-framework

• Ciera Jaspan on LinkedIn: https://www.linkedin.com/in/ciera/

• Emerson Murphy-Hill on LinkedIn: https://www.linkedin.com/in/captainemerson/

• Inside Stripe’s Engineering Culture - Part 1: https://newsletter.pragmaticengineer.com/p/stripe

• Inside Stripe’s Engineering Culture: Part 2: https://newsletter.pragmaticengineer.com/p/stripe-part-2

• David Singleton on LinkedIn: https://www.linkedin.com/in/davidpsingleton/

• Courtney Kissler on LinkedIn: https://www.linkedin.com/in/courtney-kissler/

• Brian Houck on LinkedIn: https://www.linkedin.com/in/brianhouck/

• Brook’s law: https://en.wikipedia.org/wiki/Brooks%27s_law

• Satya Nadella on LinkedIn: https://www.linkedin.com/in/satyanadella/

• Steve Ballmer on LinkedIn: https://www.linkedin.com/in/steve-ballmer-7087a8157/

• John Shook: https://www.lean.org/about-lei/senior-advisors-staff/john-shook/

• Does GitHub Copilot improve code quality? Here’s what the data says: https://github.blog/news-insights/research/does-github-copilot-improve-code-quality-heres-what-the-data-says/

• Two developers built a game that sold 1M copies. How?

• Reading Between the Lines: Modeling User Behavior and Costs in AI-Assisted Programming: https://www.microsoft.com/en-us/research/publication/reading-between-the-lines-modeling-user-behavior-and-costs-in-ai-assisted-programming/

• Abi Noda on LinkedIn: https://www.linkedin.com/in/abinoda/

• Jason Entenmann on LinkedIn: https://www.linkedin.com/in/jason-entenmann-06146875/

• Claude: https://claude.ai/new

• Anthropic: https://www.anthropic.com/

• OpenAI: https://openai.com/

• Sonnet: https://www.anthropic.com/news/claude-3-5-sonnet

• Inspired: How to Create Tech Products Customers Love: https://www.amazon.com/INSPIRED-Create-Tech-Products-Customers/dp/1119387507

• Outlive: The Science and Art of Longevity: https://www.amazon.com/Outlive-Longevity-Peter-Attia-MD/dp/0593236599/r

• Ender’s Game: https://www.amazon.com/Enders-Game-Ender-Quintet-1/dp/1250773024

• Tressie McMillan Cotton’s website: https://tressiemc.com/

• Anne Helen Petersen’s newsletter: https://substack.com/@annehelen

• Can You Really Measure Individual Developer Productivity? - Ask the EM: https://blog.pragmaticengineer.com/can-you-measure-developer-productivity/

• Measuring Developer Productivity: Real-World Examples: https://newsletter.pragmaticengineer.com/p/measuring-developer-productivity-bae

• Measuring developer productivity? A response to McKinsey: https://newsletter.pragmaticengineer.com/p/measuring-developer-productivity

• Measuring developer productivity? A response to McKinsey, Part 2: https://newsletter.pragmaticengineer.com/p/measuring-developer-productivity-part-2

• The Full Circle on Developer Productivity with Steve Yegge: https://newsletter.pragmaticengineer.com/p/steve-yegge

• Measuring Software Engineering Productivity: https://newsletter.pragmaticengineer.com/p/engineering-productivity

• Platform Teams and Developer Productivity with Adam Rogal, Dir. Developer Platform at DoorDash: https://newsletter.pragmaticengineer.com/p/platform-teams-with-adam-rogal

—

Production and marketing by Pen Name. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

It’s the end of an era: after eight incredible years, it felt like the right time to close the chapter on my story at Uniken. When I joined as CTO, Uniken was an ambitious startup with a unique core technology and a vision to make a global impact. What made the ensuing journey so rewarding was the team – exceptionally talented, deeply committed, and relentlessly innovative. Together, we navigated complex challenges, scaled through uncertainty (including a global pandemic), and built Uniken into a global cybersecurity leader with customer engagements on every continent (except Antarctica, because sadly it would appear that penguins aren’t really concerned about digital trust). 

I am incredibly proud of the team, and the platform we built – one that empowers businesses to engage securely and seamlessly with their customers, and creates lasting value for our customers and partners.  I want to express my deepest gratitude to my colleagues and partners at Uniken. Our collaborative efforts transformed the company and positioned it for long-term success, and I look forward to seeing you scale new heights.

As for what’s next – that’s TBD. Digital identity has never been more critical, yet the challenges facing the industry have never been more complex. Let’s see what the next chapter brings.

[Matt Webb]

I love this:

"Slowly, slowly, the web was taken over by platforms. Your feeling of success is based on your platform’s algorithm, which may not have your interests at heart. Feeding your words to a platform is a vote for its values, whether you like it or not. And they roach-motel you by owning your audience, making you feel that it’s a good trade because you get “discovery.” (Though I know that chasing popularity is a fool’s dream.)

Writing a blog on your own site is a way to escape all of that. Plus your words build up over time. That’s unique. Nobody else values your words like you do."

Fun fact: I started my first startup, the open source social networking platform Elgg, after my university employer told me, verbatim, "Blogging is for teenage girls crying in their bedrooms." I've been pro-blogging both long before and long after it was cool.

So sure, blogging might never be mainstream. But it can also be leading edge: a way to demonstrate what ownership can look like. A place to own your words by every definition of the word "own".

Everyone should have a blog. Everyone should write on their own terms. I want to read everyone's reflections; understand their worldviews from their perspectives, from a space that is truly theirs.

As Matt says:

"I evangelise blogging because it has been good to me.

[...] You should start a blog. Why? Because, well, haven’t I just been saying?"

There's no better time to start than now.

#Indieweb

[Link]

[Alissa Quart in Columbia Journalism Review]

This article cuts right to the core of why media is failing to connect with mass audiences in America. It doesn't report from a perspective that they can identify with - largely because it doesn't hire people like them.

What would working-class media look like?

"It would be one where economic reporters are embedded in blue-collar communities and neighborhoods rather than financial districts, and source networks built around people with direct experience instead of outside analysts. Centering inflation coverage around wage stagnation rather than the stock market and written for people who live paycheck to paycheck. Healthcare reporting would be conducted by those who have experienced medical debt. Labor reporting that represents workers not as mute sufferers but as true experts. Housing that is considered from the perspective of the renter, not the landlord or developer."

Because:

"While Americans in polls report historically low levels of trust in the media, it could be in large part because much of the press hasn’t been speaking to the concerns of their everyday lives."

The piece goes on to laud people from working-class backgrounds like Heather Bryant, who I think is a voice that every newsroom needs to be listening to. Instead, journalism is often a very inward-looking, upper middle class endeavor; people who grew up with nannies and went to private school are overrepresented while people who grew up on income support and had a traditional state education are underrepresented. And because richer people are better targets for advertising buys, ad-supported publications chose to chase them.

In this vacuum, another kind of media has erupted to meet the needs of a disconnected audience:

"This brings us to where we are today with faux-prole Republican journalists, a kind of social-class kitsch of Rogan-ish dudes on barstools with podcasts."

Exactly. This moment requires fundamental change that is about reforming every part of journalistic culture - not just to be more focused on who the audience actually is, but to be more representative of them. That means creating the conditions that allow working-class journalists to stick with it, providing support and training structures that don't assume independent wealth, and truly internalizing the industry's shortcomings on this front.

On that last point, I don't know how optimistic I feel that real change is possible. But we should try.

#Media

[Link]

[Allison Hantschel in DAME]

Hand-wringing over people leaving overtly unsafe spaces like X to find communities that are actually enjoyable to hang out in (like Mastodon and BlueSky) is absolute nonsense.

"With that user growth, mostly from liberals disgusted with Musk’s nonstop promotion of conservative disinformation, came criticism that people were merely seeking out an ideological “echo chamber” to reinforce their views.

They’re complaining that Americans are underexposed to fresh new ideas like “non-white races are inferior” and “trans people shouldn’t exist” and “we should hunt the poor for sport” and without algorithmic pressure will suffer without such content. They’re upset that they’re not allowed to promote their toxic work into the eyeballs of people who aren’t looking for it."

Let's put it like this. If you're at a party and it's full of assholes, it's quite reasonable to leave and go to another party. There's no law that says X is the social networking platform for everybody (at least, not yet). There's nothing that says you have to be on Facebook or Instagram. Everyone gets to use the law of two feet to find a community that's comfortable for them.

Hantschel puts it like this:

"There’s no obligation to stay where you find nothing useful or interesting, and there’s no homework assignment that requires you to allow people to ruin your experience. You’re not required to spend a certain number of hours a day engaging with hateful people, or even people you just dislike, in order to accumulate Intellectual Diversity Points."

What these commentators are really complaining about: they spent well over a decade building up followings on these platforms and now people are looking elsewhere, rendering their investment moot. That's just too bad.

#Technology

[Link]

Last week, we looked into data from global hiring agency Indeed that found software development job listings are at a five-year low. To check how representative (or not) these numbers are of the tech jobs market, I pinged some tech recruiters. The response was not what I expected:

“I can only talk about our own niche from seed-stage to Series C engineering recruitment, but we’ve never had so many positions to fill as in 2024.” – Asher Hoffman, cofounder of Coastal Recruiting

“In 2024, every month was a step up in the number of job searches we did for CTO, VP of engineering, director of engineering and product leadership positions. It just kept going up. 2024 was our second-best year ever for the number of searches done: only 2021 was better, and that was an incredible year; the peak of the job market.” – Glenn Murphy, managing partner at Riviera Partners

These data points stick out and I was eager to learn more; after all, they’re bucking the trend in Indeed’s figures, with rising demand for tech professionals! I met Asher and Glenn to get their perspectives, and they also offered some tactics for engineers and engineering leaders to use when seeking new opportunities. Today, we cover:

What are boutique recruiters? Also, the differences between contingent and retained ones.

Hiring by tech stack at early-stage startups. Fifty percent of hires are backend, 25% fullstack, 10-15% AI/ML, and 5% are frontend. A big surprise is virtually no demand for native mobile developers, or for the .NET and Java tech stacks. Also, very few mentions of Angular or Vue.

More demand than before at Coastal and Riviera. Both recruitment businesses are seeing more engineering jobs to be filled coming their way.

Changes across the market. More money and demand from early-stage VC-funded startups, and private equity becoming more dominant in driving demand for engineering executive hiring.

Startups want ‘cracked’ engineers. These are professionals with a track record of ownership, curiosity, and the ability to “grind.” Length of experience doesn't matter after around the 2-year point.

Demand for engineering leadership positions. Data indicates that large parts of the job market are struggling more than the senior role segment, with director of engineering roles hardest to fill.

What search processes look like. Recruitment experts explain how a typical software engineer search and engineering executive search plays out.

For updates on how these two recruiters see the market, follow Asher Hoffman and Glenn Murphy on LinkedIn.

A quick programming note: there will be no The Pulse on Thursday — I’m taking a short winter break. More details in my publishing schedule.

1. What are boutique recruiters?

Coastal Recruiting and Riviera Partners are specialized recruitment agencies; also known as "boutique search”, “contingent”, “retained”, or “executive” recruiters.

“Boutique” and “specialized” refer to recruiters which focus on a niche within tech, such as:

Software engineer and AI+ML engineer hiring for early-stage startups (Coastal Recruitment)

Director-and-above engineering leadership, and product/design leadership for scaleups and larger companies (Riviera Partners)

Executive recruitment is a subset of boutique recruitment. These companies recruit for executive roles like director of engineering, VP of engineering, head of engineering, CTO roles, etc. In the US, high-profile firms can charge $100K or more to recruit a key position like CTO for a late-stage scaleup.

Executive recruitment firms can also focus on individual contributor (IC) roles. Glenn Murphy advises that this usually happens only in the US at their firm, and comes with tradeoffs. For example, the cost becomes justifiable only when the vacancy’s comp package is several times higher than the search cost; usually $500K and above. It is this niche area in which an expert executive recruiter can make the most impact by finding truly standout candidates.

Within the boutique search sector, there are two main types of recruiter:

Contingent recruiters

These companies work on a “no hire, no fee” basis, and only get paid for successfully filling a position; usually 10-40% of the role’s first-year salary. This service is an easy sell; it’s low risk financially for an employer to work with a contingent recruiter due to no-hire-no-fee. Contingent recruiters also often have more clients than retained ones do.

Coastal Recruiting mostly does contingent recruitment, with a couple of retained contracts. This company specializes in hiring software engineers from the first hire to engineer number 20 to 30 at early-stage startups. In 2024 they worked with around 100 different startups.

Retained recruiters

Most executive recruitment companies operate a retainer model and charge upfront, regardless of whether a hire is made. Payment comes in a fixed number of instalments, perhaps in this order:

Initial retainer: the first third of the fee, paid at the start.

Progress retainer: second payment, usually tied to milestones being hit, such as:

Presenting a shortlist of qualified candidates who are ready to engage

Completing screening interviews and drawing up a interview shortlist of preferred candidates

Final interviews scheduled or completed

Final payment: upon successful placement. Depending on the agreement, there may be no payment if a candidate isn’t hired

A search company may also be paid monthly while conducting a search. Total retainer fees are usually 25-50% of the value of the successful candidate’s comp, which increases the more challenging the search is. For example, it’s challenging to find a new CTO for a 300-person scaleup growing at a 10x pace, who is hands-on, has worked with AI / machine learning (ML) before, and who has experience at a hypergrowth company, and also in Big Tech. There aren’t too many people who fit this profile, and not many of them may be interested in switching jobs.

Guarantee periods can also be an important part of retained searches, under which a portion of the fee may be refunded should a successful candidate quits shortly afterwards.

Retained recruiters are a lot more expensive than contingent ones, and are the go-to choice for executive recruitment where vacancies may not even be publicly listed by an employer.

Riviera Partners is one of the best-known executive recruiter companies. They hire for director+ roles in engineering, product and design. In our deepdive Finding the next company to work at, they were the most recommended exec recruiter firm by engineering leaders.

Seed-stage and early-stage startups typically only use executive recruiters to hire for VP-and-above positions which report to the CEO. Later-stage startups also hire for director positions, and may pay for a search for senior-and-above hires and ICs. However, the cost means this is rare, happens mainly in the US, and by funded scaleups with very specific needs.

Given this process can be so expensive, it may not be immediately obvious what the upside is. Glenn explains:

“We have 21 years worth of data and information on who has been successful, people’s interests and nuance that isn’t available on a LinkedIn profile.

We save companies a lot of time, in the end. This is due to the insights we have and our reach across the USA and Europe. We know what’s needed at Series A, all the way through to which profiles tend to succeed at publicly traded companies. We also have the know-how on how to interview people to assess if they’re up for the challenge.”

Riviera’s pricing is atypical, compared to many other retained recruiters. Glenn shares:

“We have time-based milestones as opposed to shortlists or incentives, which can be adjusted sometimes. However, for the most part, the fee is fully paid within 90 days.”

2. Hiring by tech stack at early-stage startups

At Coastal Recruiting, Asher hires early engineering teams at early-stage startups: from seed-stage startups to Series B and Series C companies. They work with some of the largest US VC investors (like a16z, Y Combinator, Sequoia, Index, Lightspeed, Founders Fund and others).

Types of engineers and tech stack

Asher sees the hiring demand split like this:

‘50% of hires we make are backend engineers. I don’t think this will always be the case for startup engineering. The first 3 hires for a company with technical cofounders are almost always backend engineers. It’s a bonus if they have some frontend skills, but I’d peg it at 80% backend, 20% frontend.

‘For backend tech stacks, these are the languages founders use, which candidates would be expected to pick up quickly. By popularity:

Typescript: easily the most common.

Python: surprisingly popular, usually with another language like Typescript or Go. I assume it’s because so much AI and ML work can be done with it, and it’s a generally useful language

Go: This has gotten somewhat more popular, over time

Rust: especially popular with crypto companies. About 15% of our portfolio is crypto, and Rust is very popular. We’re on the lookout for people with hands-on experience in Rust

Ruby: Out of around 100 clients in the past year, only 2 used Ruby; both of them are pretty big names. They told us “find us anyone who has touched Ruby or Ruby on Rails, and is good.”

Few to no mentions:

Flutter: we’ve gotten a single Flutter role in the past year

Elixir: once in a while, we have a startup that uses this and needs folks with experience with it. But it’s less common than Ruby.

Java / Scala: we don’t get any requests for this stack, at all. However, if someone has Java or Scala experience, and is open to working in Python, we usually move forward with them

C# / .NET: we’ve only come across a single hardware company asking for this in several years.

PHP: almost zero PHP these days

Haskell: it’s been a couple years since any company asked for this.

‘25% percent are fullstack. These roles almost exclusively employ the following technologies:

React for the frontend. React frameworks like Next or React Router are usually relevant. Overall, 95% of framework mentions are for React.

Typescript as the programming language. Of course, JavaScript is a given

Node as the backend framework

Python is often mentioned

React Native is by far the most popular mobile technology we see, often requested by mobile-first startups that build their app with it.

Angular / Vue: a combined 5% or less.

‘AI and ML is 10-15%,” says Asher. “This hire is almost always one of the first 10, and doesn’t need to be an “in-depth” ML specialist. They usually fit this profile:

Backend generalist

Has worked in an ML or AI-driven company

Is deep into what is going on in AI and how to use LLMs, practically

Hacked AI side-projects themselves. They probably hack on the side, and might use things like LangChain, LangGraph, and other popular LLM tools to play around with.

‘Someone we recently hired for such a role had worked for a year as an AI/ML engineer, not an in-depth, “research-caliber” ML candidate.

‘As startups grow and mature, eventually they tend to hire more in-depth ML and AI people. However, early-stage companies look for builders who can use AI tools effectively.

‘5% are frontend engineers. Almost universally, the seventh or eighth hire at a startup is the first frontend engineer. The reason almost always is – and I kid you not! – that the founder is fed up with owning the frontend themself, and is ready to bring in a frontend specialist.

‘Ironically, this role is one of the hardest to fill because technical founders whom we work with typically expect two things:

Be a great frontend person – this is easier to find

Be great at computer science basics – such as algorithms and CS fundamentals. This is why most people who pass #1 get rejected!

‘Another reason this role is so hard to fill is that the founder often looks for a staff-level frontend engineer. This person might be the first frontend hire, but they ideally want someone who will head up the frontend team, as it grows. It’s difficult to convince people with staff-plus frontend jobs at stable companies and who head up teams, to come and join an early-stage startup where they would be the only frontend person – at least at first!

‘The best startups are embracing AI – and look for devs who do the same. AI coding tools like Cursor and GitHub Copilot are used by all the best startups we recruit for. Founders at these startups often mention that mastering these tools can 10x the productivity of their engineers with faster iteration and the ability to parallelize work.

‘We don’t see demand for native mobile engineers at all; only React Native. We work with a few “mobile-first” startups who have built impressive mobile apps. All use React Native and look to hire for such experience.

‘I would assume native hires might become more important after the Series B or Series C rounds. In the early-stage in the US, they are absent – or at least, we see no such demand.’

Startups don’t care that much if you’ve used their exact stack before. Asher told me:

“I hear over and over again, that a great engineer is a great engineer - and if you don't have experience in the companies current stack - as a talented engineer, you shouldn't have much trouble picking it up quickly. Thus - if your stack doesn't align perfectly with the above most used, it's okay - you can still get the role!”

3. More demand than before at Coastal and Riviera

Both recruitment companies are seeing record, or near-record business in terms of the number of searches executed.

More demand from early-stage, VC-funded startups. Asher says:

“In my niche, I’m seeing more hiring than in recent memory.

I'm seeing many “cracked” engineers with 5+ offers on-hand, and well-funded startups forced to compete by upping their offers to hire the best of the best. I’m seeing higher total comp packages in the early stage space than ever.”

As we’ll detail below, “cracked” refers to someone with a track record of ownership, who displays curiosity and the ability to grind when needed.

Asher: “It feels like this is a great time for many folks to leave Big Tech and take a gamble – but not too big a pay cut. Big Tech has done many layoffs and the startups I work with offer similar pay, with a massive equity upside.

The risks an engineer used to have to take when joining a startup are shrinking in this new market. Well-funded startups are meeting engineers with competitive salaries, health and wellness, and equity. Also, founders are being much more upfront with recruits about their ARR (annual recurring revenue) and progress towards PMF (product-market-fit) than before.

A disclaimer: I recruit in just the VC-funded, early-stage start-up space, with startups founded by technical founders and backed by well-known VC firms. These are companies that have the money to hire, and a bold vision to build a billion-dollar company. It’s a narrow view of the market.”

Will more companies increase recruitment? At Riviera partners, Glenn Murphy does engineering leadership searches for startups and scaleups. He shares:

“We signed up 58% more searches in 2024 than in 2023 for the US. In Europe, the growth was 61%. The most common search assignment in both continents was for VP Engineering. It feels to me this alone signals a return to a focus on growing teams, as VPs of engineering are hired in preparation to scale up the team’s headcount.”

4. Changes across the market

I asked both Asher and Glenn what changes have been surprising in their part of the tech hiring market.

Read more

I’ve never had writer’s block. Give me a writing assignment and I’ll blab something out. It might even be good, or at least good enough. But I don’t write in final draft. Or talk that way. I know people who can do either or both. But I don’t know how they do it, much as I don’t know how somebody knows how to play a trombone. I do know that I want to take at least one “know” out of the last sentence and perhaps both of them out of this sentence as well. And hell, I want to rewrite this whole paragraph because I hate it.

I’m only sharing this small confession because I have about five essay-sized posts backed up in the queue here, and they’re all being re-written. Maybe the wait will be worth it. I dunno, so I think I’ll go eat something.

By the way, the image above is ChatGPT’s second whack at giving me an image of a writer’s block. You’re welcome.

This post looks at customizing the sign-in UI and the sign-in options in an ASP.NET Core application using Duende IdentityServer and ASP.NET Core Identity. There are multiple ways of changing the look and feel of the UI for different OpenID Connect clients or different client flows. In the previous post, the UI was customized per client, this post customizes inside a single client.

Code: https://github.com/damienbod/duende-multi-tenant

Blogs in the series Multiple client sign-in customizations using Duende identity provider Customizing a single client sign-in using parameters in Duende IdentityServer Setup

The solution is setup using three different ASP.NET Core applications. In the example code, the “admin” application has different federation authentication options compared to the “shop” client authentication sign-in experience. The client ID from the authentication context is used to customize the look and feel, i.e. the styles, the layout and the options of the client are used to define which federation and authentication options are possible. The shop client can be further customized using authentication parameters sent in the OpenID Connect redirect.

OIDC client implementation

In ASP.NET Core the OpenID Connect flow implementation provides multiple events which can be changed or extended. The OnRedirectToIdentityProvider can be used to send custom parameters to the OpenID Connect server. The OAuth Pushed authorization request on top of OpenID Connect Core is used used per default in .NET 9, if the OpenID Connect server supports this.

builder.Services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // other options ... options.Events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = context => { context.ProtocolMessage.SetParameter("showadminsignin", "false"); return Task.FromResult(0); } }; });

Duende sign-in customization

In the previous post, a new sign-in UI was created for each client. The shop client has further customization. In this demo, the admin external provider can be hidden or displayed depending on what the client requests. The UI is implemented using ASP.NET Core Razor pages and a BindProperty is used for this.

[BindProperty] public bool ShowAdminSignIn { get; set; } = true;

When processes the authentication using Duende and ASP.NET Core Identity, the GetAuthorizationContextAsync method can be used to get the client requested parameters.

var context = await _interaction.GetAuthorizationContextAsync(returnUrl); ShowAdminSignIn = !(context?.Parameters["showadminsignin"] == "false");

The UI can implement any display logic using the client parameters sent in the request. In this demo, the admin UI is hidden or displayed using the client request data.

@foreach (var provider in Model.View.VisibleExternalProviders) { if (!(!Model.ShowAdminSignIn && (provider.AuthenticationScheme == "AdminEntraID"))) { <li class="list-inline-item"> <a class="btn btn-secondary" asp-page="/ExternalLogin/Challenge" asp-route-scheme="@provider.AuthenticationScheme" asp-route-returnUrl="@Model.Input.ReturnUrl"> @provider.DisplayName </a> </li> } }

Notes

This is an easy approach to implement UI customization on a per client basis. The is UI logic and not authorization. The different options are just hidden or removed from the UI using the client parameters, the logic MUST not work if this is a security requirement. This is not authorization.

Links

https://docs.duendesoftware.com/identityserver/v7

https://docs.duendesoftware.com/identityserver/v7/ui/federation/

https://learn.microsoft.com/en-us/aspnet/core/razor-pages

毎年のことですが、今年もFIN/SUMに出ます。錚々たるパネリストの方々をモデレートさせていただきます。日経主催のFIN/SUMシンポジウムパネルです。

17:40-18:30 パネル デジタル認証、デジタル ID が目指す未来の暮らし、仕事、社会 セッション概要 日時３月６日（木）17:40-18:30会場丸ビルカンファレンスホール
（HALL A : 丸ビルホール 7F）タイトルデジタル認証、デジタルIDが目指す未来の暮らし、仕事、社会

生成AIの登場で不正アクセスやなりすまし詐欺などの犯罪が急増するデジタル社会。デジタル認証やデジタルIDは、こうしたリスクを防ぎながら、さまざまな工夫を凝らしてよりよいデジタル社会の実現を目指します。金融サービスから行政のあり方、働き方、暮らしまで、最適化された未来のデジタル社会の姿を探ります1。

登壇者（敬称略）2

山廣弘佳　大日本印刷情報イノベーション事業部チームリーダー
日下光　xID代表取締役
林達也　デジタル庁アイデンティティアーキテクト
間下公照　ジェーシービー イノベーション統括部市場調査室長
崎村夏彦　OpenID Foundation理事長 （モデレーター）

なお、この直後のセッションも面白いですので合わせてお願いします。

18:40-19:30 政府・日銀本音トーク 〜新時代のマネーとフィンテック セッション概要 日時３月６日（木）18:40-19:30会場丸ビルカンファレンスホール
（HALL A : 丸ビルホール 7F）タイトル政府・日銀本音トーク 〜新時代のマネーとフィンテック

財務省・日銀・金融庁の現場責任者が、テクノロジー x マネーを中心にデジタル金融の未来を語る

登壇者（敬称略）

鳩貝淳一郎 日本銀行 決済機構局 FinTech 副センター長 デジタル通貨検証グループ長
津田夏樹 財務省 理財局国庫課 課長兼デジタル通貨企画官
牛田遼介 金融庁 チーフ・フィンテック・オフィサー
楠正憲 デジタル庁統括官

お申し込みは

お申し込みは公式サイトよりお願いいたします。

その他のプログラム

その他のプログラムは以下のとおりです。

jp_session

金融庁からのお知らせ＞「イベント多すぎでJapan Fintech Weekどう歩けば分からないぞ…」とお困りのみなさま！JFW公式ウェブアプリができました！

◆イベントスケジュールの確認と管理：全ての関連イベントのスケジュールを一目で確認し、カレンダーに追加できます（イベント情報は随時更新予定です！）。

◆各イベントの登録ページへのアクセス：イベントごとの登録ページに簡単にアクセスでき、スムーズに登録が可能です。

◆ネットワーキング機能：どのイベントの参加者とも交流できる一元的なネットワーキング機能を搭載！

◆イベントマップ：イベント開催場所が一目で分かる地図を用意しました。

JFWを最大限楽しんで頂くには必須アプリかと思いますので、ぜひご登録ください。

JFW公式アプリはこちら

#JFW2025

After a post about a college that’s teaching students how to build their own tiny houses for just $5,000 drew a lot of attention, decided…

The post Multiply Tiny House Love Story with Million Backyard March first appeared on Real Estate Cafe.

The Pulse is a series covering insights, patterns, and trends within Big Tech and startups. Notice an interesting event or trend? Send me a message.

Today, we cover:

Industry pulse. OpenAI struggles to shed nonprofit status, Anthropic bans AI from job applications, cuts at Workday, GitHub Copilot releases an agentic mode, and Linus Torvalds tells Linux contributors that social media pressure is bad for development.

Software engineering job openings hit five-year low? There are 35% fewer software developer job listings on Indeed today, than five years ago. Compared to other industries, job listings for software engineers grew much more in 2021-2022, but have declined much faster since. A look into possible reasons for this, and what could come next.

OpenAI responds to DeepSeek threat. Fresh off the shock of a relatively unknown Chinese company dethroning ChatGPT as the most-downloaded AI app on iPhone and Android, OpenAI has shaken itself up, promptly copied DeepSeek’s visualization of how its reasoning model “thinks”, and has shipped Deep Research.

A glimpse from the section “Software engineering job openings hit five-year low?” OpenAI struggles to shed nonprofit status

Yet more drama at OpenAI, where cofounder Elon Musk has made a $97 billion dollar bid to take over the OpenAI nonprofit. A few details to unpack:

Yes, Musk really is one of the several cofounders of OpenAI. In 2015 it was he, Sam Altman, and 9 others (Greg Brockman, Ilya Sutskever, John Schulman, Wojciech Zaremba, Trevor Blackwell, Vicki Cheung, Andrej Karpathy, Durk Kingma, and Pamela Vagata)

Musk contributed around $45M to OpenAI as a donor, as confirmed by OpenAI.

In 2017, things got messy and Musk eventually left OpenAI. This was the year when OpenAI decided to create a for-profit entity, controlled by the nonprofit. As shared by OpenAI, Musk wanted control over the for-profit part, and then later wanted to merge it into Tesla.

Musk created rival X.AI in 2023, and this company has raised $6B of funding.

OpenAI is worth a lot more than $97B; its latest valuation was at $157B in October, and there are rumors of a new raise at or above $300B!

Here’s where OpenAI’s tricky corporate structure comes into play. OpenAI published a diagram showcasing the structure, but leaving out ownership stakes. Here’s my interpretation, focusing on ownership stakes and control:

OpenAI’s ownership structure. It’s messy.

Musk is offering to buy the nonprofit entity, not the for-profit one. Musk’s offer at $97B for a 51% controlling share values OpenAI at around $195B, which is higher than OpenAI’s last valuation of $157B. The company’s board has a fiduciary duty to consider the offer. However, OpenAI is officially a non-profit, so this duty may not apply.

It’s likely that this episode’s main impact will be to highlight the ridiculous, convoluted, corporate structure of the world’s most valuable private company. I wonder if investors may opt against investing more until this structure is tidied up, with the for-profit entity controlled by investors, and not the nonprofit, with ` investors receiving an ownership stake as well.

Anthropic bans AI from job applications

Read more

「ねむ ✕ 崎村夏彦 – AIメタバース時代のアイデンティティ」

2月27日、Digital Space Conference 2025 のサイドイベントで、昨年「今年最も輝いたVTuberベスト10 【MoguLive VTuber Award 2024】で、儒烏風亭らでんさんと同率４位に選出されたバーチャル美少女ねむさんと緊急対談を行います。題して「ねむ ✕ 崎村夏彦 – AIメタバース時代のアイデンティティ」。

AIとメタバースの発展で激変するインターネットで新人類のID/アイデンティティはどこに向かうのか！？目が離せません

Digital Space Conference 2025 の会場でご覧いただけるほか、YouTube Live でも生配信します。ぜひお越しください。

日時

2025年2月27日（木）11:15~11:45

会場

対面・オンラインのハイブリッドで開催！

【対面会場】
Digital Space Conference 2025 講演会場 （東京ミッドタウンホール ホールA）

出演： ■ バーチャル美少女ねむ（VTuber/作家）

黎明期の仮想世界で生きる「メタバース原住民」にして、その文化を伝える「メタバース文化エバンジェリスト」として活動。「バーチャルでなりたい自分になる」をテーマに2017年から美少女アイドルとして活動している自称・世界最古の個人系VTuber。ボイスチェンジャーの利用を公言しているにも関わらずオリジナル曲『ココロコスプレ』で歌手デビュー。メタバースの革命性を論じた著書『メタバース進化論』（2022年、技術評論社）で「ITエンジニア本大賞2023」ビジネス書部門”大賞”を受賞。国連の国際会議「IGF京都2023」でも登壇。アバター文化への貢献が認められ、一般社団法人VRMコンソーシアムよりキズナアイ以来史上二人目となる「アバターアワード2022 特別功労賞」受賞。
X : https://x.com/nemchan_nel

■崎村 夏彦（NATコンサルティング合同会社代表 / OpenID Foundation 理事長）

デジタルアイデンティティおよびプライバシーに関する国際標準化を専門とし、全世界で30億人以上に使われる一連の関連国際規格のほか、「デジタルアイデンティティ」(2021, 日経BP社）を著す。米国OpenID Foundation理事長を2011年より、MyData Japan理事長を2019年より、公正取引委員会デジタルスペシャルアドバイザーを2021年より務める。 ISO/IEC JTC 1/SC 27専門委員会（情報セキュリティ, サイバーセキュリティ及びプライバシー保護 アイデンティティ管理とプライバシー技術）委員長。OECDインターネット技術諮問委員会委員。総務省「プラットフォームに関する研究会」、デジタル庁「本人確認ガイドラインの改定に向けた有識者会議」を始めとして、多数の政府関連検討会にも参画。
X : https://x.com/_nat

■Digital Space Conference 2025 について

AI・Web3・メタバース領域の第一線で活躍するスピーカーが、成功の裏側や失敗から得た教訓を赤裸々に共有。来場者は、具体的な事例から得た示唆や新たな発見を持ち帰り、自身の事業に応用することで次世代を共に創造していく。単なる知識の獲得に留まらず、未来への一歩を踏み出すための場を提供します。
公式サイト：Digital Space Conference 2025
プレスリリース: 「Digital Space Conference 2025」豪華登壇者・展示詳細・サイドイベント決定！ (2025年2月13日 15時30分)

■日本デジタル空間経済連盟

デジタル空間における経済活動を活性化し、日本経済の健全な発展と豊かな国民生活の実現に寄与します。
X : https://x.com/Dejikeiren

（参考文献） メタバースでのアイデンティティ(Nem x Mila, 2024) ソーシャルVRライフスタイル調査2023 (Nem x Mila, 2023) デジタルアイデンティティ(2021) 実際のセッションの概要：AIメタバース時代のアイデンティティ 対談メモ 概要 イベント名: デジタルスペースカンファレンス2025の一環 日時: 2025年2月27日 場所: 東京ミッドタウン（現地）およびYouTubeライブ配信 出演者: バーチャル美少女ねむ（メタバース住人、VRコンテンツクリエイター） 崎村夏彦氏（OpenID Foundation理事長） テーマ: AIメタバース時代のアイデンティティ 主要ポイント 1. メタバースの現状と可能性 メタバース環境の説明: VRゴーグルとフェイストラッカー等を使用した没入型体験 物理的制約を超えた活動が可能（サイズ変更、重力無効化など） 実際の書斎のような環境をVR上につくり、その中でも様々な活動が可能 Meta Quest 3s等の低価格ヘッドセットの登場により普及が加速 「魔法が使える世界」として例えられる（瞬間移動、物の生成など） VRの技術的利点: 光学的には遠くを見る状態になるため、目の疲れが少ない 物理的な制約にとらわれない創造性 複数のアバターを使い分け、異なる自己表現が可能 日本のVR人口: 過去1年で約倍増 世界的に見ても日本人ユーザーの成長の割合が高い 2. デジタルアイデンティティと複数人格（分人） アバターの種類と選択理由: 人間型アバターは現実との近さで没入感を求める人が選択 ファンタジー系は現実では表現できない特性を求める人が選択 時間経過と共に人間型が減少し多様なアバターが増加傾向 デュアル・アイデンティティ: 約57%のユーザーがバーチャルIDと現実の自分を意図的に分けている 分ける理由：偏見を避ける、現実と仮想を区別したい 公開する理由：ネットワーク拡大、現実と仮想の繋がりを求める 「分人（ぶんじん）経済」の概念: 一人の人間が複数の人格・アイデンティティで活動する経済構造 ちなみに、2011年に発行されたISO/IEC 24760-1ではすでに人々がコンテキストごとのアイデンティティを使い分けるとして、identity と partial identity を同義語として定義している。 現在は約13%がVR内のアイデンティティをメインと考え、27%が将来メイン化を望む アイデンティティ切り替えによる自己表現と心理的効果 3. デジタルアイデンティティとプライバシーの課題 IdP（Identity Provider）の役割: オンライン認証の標準化（OpenID Connect等） コンテキスト毎の適切なアイデンティティ管理 「混ぜるな危険」の原則：異なるアイデンティティは分離すべき 現在の制度的課題: バーチャルアイデンティティでの経済活動の困難さ（確定申告、金融取引など） プライバシー保護と本人確認のバランス 全方位的アイデンティティの強制が問題 理想は「コンテキストごとの関係性に応じたアイデンティティの使い分け」 解決策の方向性: 関係者に見える情報を必要最小限にする仕組み 事業者別識別子を国税庁にわたして税務用アイデンティティ（識別子はマイナンバー）に変換して処理する仕組み パーソナルAIによる自動処理の可能性 4. 日本の可能性と今後の展望 日本の優位性: クリエイティブ活動への低いバリア（同人文化等） VTuber文化やメタバース活動への高い受容性 メディアでのバーチャル存在の可視性が高い 今後の展望: 技術的には実現可能な仕組みの社会実装 立法・行政への働きかけの必要性〜それには選挙民の声が必要 高齢化社会における新たな社会参加の形態 IDの仕組みの抜本的見直しによる新たな経済発展 結論

メタバースにおける複数アイデンティティ（分人）は技術的に既に可能だが、それを経済活動や社会制度と結びつけるための実装と法制度の発展が必要。日本はVR文化への親和性が高く、この分野でリーダーシップをとる可能性がある。メタバースを通じて「より自分らしく生きる」ための環境整備が今後の課題となる。

ねむさんによるまとめ＠ note

https://note.com/nemchan_nel/n/nbebac0953b30 にねむさんによるまとめがあります。ねむさんオススメの視聴ポイントも記されていますし、X上での反応も出ていますので、ぜひそちらも御覧ください。

Stream the Latest Episode

Available now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

• WorkOS — The modern identity platform for B2B SaaS

• CodeRabbit — Cut code review time and bugs in half. Use the code PRAGMATIC to get one month free.

• Augment Code — AI coding assistant that pro engineering teams love

—

In This Episode

How do you architect a live streaming system to deal with more load than any similar system has dealt with before? Today, we hear from an architect of such a system: Ashutosh Agrawal, formerly Chief Architect of JioCinema (and currently Staff Software Engineer at Google DeepMind.) In May 2023, JioCinema set the live-streaming world record, serving 32 million concurrent viewers tuning in to the finale of Indian Premier League (a cricket game.)

We take a deep dive into video streaming architecture, tackling the complexities of live streaming at scale (at tens of millions of parallel streams) and the challenges engineers face in delivering seamless experiences. We talk about the following topics:

• How large-scale live streaming architectures are designed

• Tradeoffs in optimizing performance

• Early warning signs of streaming failures and how to detect them

• Why capacity planning for streaming is SO difficult

• The technical hurdles of streaming in APAC regions

• Why Ashutosh hates APMs (Application Performance Management systems)

• Ashutosh’s advice for those looking to improve their systems design expertise

• And much more!

Takeaways

My biggest takeaways from this episode:

1. The architecture behind live streaming systems is surprisingly logical. In the episode, Ashutosh explains how the live streaming system works, starting from the physical cameras on-site, through the production control room (PCR), streams being sliced-and-diced, and the HLS protocol (HTTP Live Streaming) used.

2. There are a LOT of tradeoffs you can play with when live streaming! The tradeoffs between server load, latency, server resources vs client caching are hard decisions to make. Want to reduce the server load? Serve longer chunks to clients, resulting in fewer requests per minute, per client… at the expense of clients potentially lagging more behind. This is just one of many possible decisions to make.

3. At massive video streaming scale, capacity planning can start a year ahead! It was surprising to hear how Ashutosh had to convince with telecoms and data centers to invest more in their server infrastructure, so they can handle the load, come peak viewership months later. This kind of challenge will be nonexistent for most of us engineers/ Still, it’s interesting to consider that when you are serving a scale that’s not been done before, you need to worry about the underlying infra!

4. “Game day” is such a neat load testing concept. The team at Jio would simulate “game day” load months before the event. They did tell teams when the load test will start: but did not share anything else! Preparing for a “Game day” test is a lot of work, but it can pay off to find parts of the system that shutter under extreme load.

The Pragmatic Engineer deepdives relevant for this episode

• Software architect archetypes

• Engineering leadership skill set overlaps

• Software architecture with Grady Booch

Timestamps

(00:00) Intro

(01:28) The world record-breaking live stream and how support works with live events

(05:57) An overview of streaming architecture

(21:48) The differences between internet streaming and traditional television.l

(22:26) How adaptive bitrate streaming works

(25:30) How throttling works on the mobile tower side

(27:46) Leading indicators of streaming problems and the data visualization needed

(31:03) How metrics are set

(33:38) Best practices for capacity planning

(35:50) Which resources are planned for in capacity planning

(37:10) How streaming services plan for future live events with vendors

(41:01) APAC specific challenges

(44:48) Horizontal scaling vs. vertical scaling

(46:10) Why auto-scaling doesn’t work

(47:30) Concurrency: the golden metric to scale against

(48:17) User journeys that cause problems

(49:59) Recommendations for learning more about video streaming

(51:11) How Ashutosh learned on the job

(55:21) Advice for engineers who would like to get better at systems

(1:00:10) Rapid fire round

A summary of the conversation The Live Streaming Pipeline

The journey of a live stream starts with the cameras at the event’s venue. These cameras are connected by fiber to a Production Control Room (PCR).

In the PCR, a director selects which camera feeds to use, much like in a movie production.

Source feed (or production feed) is then sent to a contribution encoder. This encoder compresses the high-bandwidth source feed to a more manageable size.

The compressed feed is then transmitted to the cloud using a private peer-to-peer link.

Distribution encoder: prepares the stream in various formats for end-user consumption, such as HLS and DASH.

Over 100 stream variants can be generated for various devices – and up to 500 (!) when different languages are included.

Orchestrator: the one managing the pipeline, from the contribution encoding to the cloud infrastructure. The orchestrator decides which endpoints to push to, the configuration of the distribution encoder, and the CDN endpoints.

Playback URLs: generated by the orchestrator. URLs are specific to the device and format being used.

When a user clicks play, a separate playback system takes over. This system verifies user authorization, deals with encryption, and handles Digital Rights Management (DRM). The playback system then provides the client app with an encrypted URL to stream the content.

Live streaming systems are more complex than Video on Demand (VOD) systems because of the need to manage multiple real-time streams and user authentication and authorization for those streams, all while keeping latency low.

Content Delivery

Content delivery relies on Content Delivery Networks (CDNs).

The core technology used is HLS or DASH, where the video is broken down into segments.

HLS uses a master manifest file (e.g., master.m3u8) that lists different video quality levels. Each quality level refers to a child manifest.

Child manifests list individual video segments. These segments are typically between four to six seconds long.

The client player requests a child manifest every segment duration and the segments that it lists.

CDN: works at the segment level rather than at a millisecond level.

Correctly setting up CDN configurations, such as the Time To Live (TTL) values for the cached segments, is crucial to ensure a smooth stream without stale data.

Latency is introduced at various stages of the live-streaming process. This includes encoding, network transmission, and client-side buffering.

Encoding techniques: using a look-back period, or Group of Pictures (GOP) are used to achieve more efficient compression. The GOP might be 1, ,2 or 4 seconds long.

Client-side buffering is used to give a smoother streaming experience, even if there are small network issues. This means the user might be watching the stream a few seconds behind the real-time live point.

There are trade-offs between latency, smooth playbac,k and infrastructure demands. Reducing the segment duration increases calls to the CDN, impacting infrastructure needs.

Adaptive bitrate streaming is used to adjust the video quality in response to the user's network conditions.

The client-side player measures the download speed and chooses an appropriate video quality level, matching the user's network capacity.

If the network speed slows down, the client can switch to a lower-quality video (e.g., from 720p to 240p).

The server can also degrade the user's stream by limiting the number of available video quality options, for example during very high load. The server can also adjust the segment length in response to system load.

The client player is always starting playback a few seconds behind the live point, to avoid any interruption in playback if a segment is missed.

If a segment is missed on a TV, the TV will continue playing at the live point. However, on the internet, the client is using a buffer and will try to avoid missing a segment.

Monitoring, Metrics, and Scaling

Monitoring is based on leading and trailing indicators.

Leading indicators help to identify potential problems in realtime. Examples include buffer time and playback failure rates. These leading indicator metrics are given priority in the system.

Trailing indicators are used to perform a detailed analysis of issues after they occur.

Client-side metrics are collected and quickly processed by the server in less than a minute or sometimes within 30 seconds.

Server-side metrics, such as bandwidth, the number of requests, and latency, are also tracked.

The frequency of data collection is adjusted based on the system load. When there is higher traffic, the amount of data collected is sampled to manage the volume of data collected and processed.

Capacity planning is a very complex process involving infrastructure, network, and power, and is started at the end of the prior year, for the next year.

Capacity planning involves coordination with several infra providers to make sure they can scale their infrastructure for the events.

The planning focuses on metrics such as compute, RAM, disk, and network usage. The main metric that becomes the limiting factor is vCPUs.

Cloud resources are not infinite at the scale required for major live events. There is a finite amount of resources in a given location – at this scale of streaming, that is!

Providers need to purchase real estate, install links, and deploy servers.

Horizontal scaling is preferred for compute resources as it is easy to add boxes to the pool.

Databases and caches are scaled preemptively to avoid the need to scale them on the fly during events.

Auto-scaling is not effective for live events because it is too slow to respond to the rapid changes in traffic. Custom scaling systems are preferred.

The custom scaling system uses a concurrency metric, that is the number of users watching the stream, to scale services. All systems are scaled against a common concurrency metric.

The custom scaler also looks at user journeys, such as when users press the back button and return to the home page. This can cause a spike in traffic to the home page API.

APAC-specific live streaming challenges

Mobility is a significant challenge because most users in India watch live streams on mobile devices and are often on the move. This means that users are constantly switching between cell towers.

Battery consumption is also a key factor. Video streaming can quickly drain mobile phone batteries.

The video profile, polling frequency, and encoding algorithms are often chosen to reduce battery consumption.

“Game day simulation”: something Jio did to simulate peak load conditions.

Involved in generating synthetic traffic and the teams needed to scale systems and follow operational protocols in response.

The teams did not have access to the traffic dashboard, so the traffic patterns were unknown to the teams.

Advice for engineers to become better architects

Understand this: anything that can fail, will fail. Overconfidence in systems can lead to problems! Most people underestimate or overlook the potential failure modes.

Look at every aspect of your system including configurations and code as even the smallest things can cause problems.

Detailed metrics and measurements are vital. Both to see potential problems and to be able to debug effectively.

Ensure you are measuring metrics correctly. For example, response time should be measured from when the request is queued, not when it enters the processing function.

Do not rely too heavily on APMs. It is better to understand the low-level details and measure and fine-tune every aspect of your code.

To learn more about video encoding: look up documentation on GitHub and online. Look for resources going into how image compression is done, and how images are turned into video.

Most of the learning happens on the job. There isn't a lot of public information about problems at this kind of scale! Hopefully, this podcast was helpful in sharing more details!

Resources & Mentions

Where to find Ashutosh Agrawal:

• X: https://x.com/theprogrammerin

• LinkedIn: https://www.linkedin.com/in/theprogrammerin/

• Medium: https://medium.com/@theprogrammerin

Mentions during the episode:

• Disney+ Hotstar: https://www.hotstar.com/in

• What is a CDN: https://aws.amazon.com/what-is/cdn/

• Adaptive bitrate streaming: https://en.wikipedia.org/wiki/Adaptive_bitrate_streaming

• Skype: https://www.skype.com/en/

•Millions Scale Simulations: https://blog.hotstar.com/millons-scale-simulations-1602befe1ce5

• Black Friday: https://en.wikipedia.org/wiki/Black_Friday_(shopping)

• Asia-Pacific (APAC): https://en.wikipedia.org/wiki/Asia%E2%80%93Pacific

• Distributed architecture concepts I learned while building a large payments system: https://blog.pragmaticengineer.com/distributed-architecture-concepts-i-have-learned-while-building-payments-systems/

• Concurrency: https://web.mit.edu/6.005/www/fa14/classes/17-concurrency/

• Video streaming resources on Github: https://github.com/leandromoreira/digital_video_introduction

• Murphy’s Law: https://en.wikipedia.org/wiki/Murphy%27s_Law_(disambiguation)

• Java: https://www.java.com/

• Ruby: https://www.ruby-lang.org/en/

• Ruby on Rails: https://rubyonrails.org/

• Hacker News: https://news.ycombinator.com/

—

Production and marketing by Pen Name. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

This morning Wired published This Ad-Tech Company Is Powering Surveillance of US Military Personnel. It’s a good piece, which is typical of Wired lately. But what caught my eye was “Ad-Tech” in the headline. Some writers say “ad tech.” Others say “adtech” or “AdTech.”

I’m highly leveraged in “adtech,” since I’ve now posted 160 pieces (including this one) using that expression since 2008.

So I did a Google Trends search on the three uses, and saw that “adtech” still wins, by a hair, though “ad tech” is close, and was ahead for much of the ‘teens.

The more interesting thing is that interest in the topic itself dropped by 75% between 2004 and th e mid-teens, and has kinda flattened since then.

But it’s still an issue.

At least I am relieved of the need to go back and change all those posts.

Looks right, works wrong.

Every so often a product shows up that is so bad somebody needs to sound a warning.

So I’m sounding one for the Ion Retro Glow. For the last month or so, it’s been on display and selling at the Sams Club here in Bloomington, Indiana. That’s where I shot the photo above.

At first I thought it was just an interesting goof: an old-fashioned boom box with Bluetooth and a rechargeable battery. But then I remembered that I have about a hundred cassette tapes I want to go through, and no way to play them. I also thought the thing wouldn’t be a bad Bluetooth speaker system for my phone. The sound, while not great, wasn’t bad when I pressed the buttons on the display. I also still listen to some radio, so I thought that might be a nice bonus, if the radio was at least okay. And the price was right: $69.

So I bought one.

OMG. Quelle merde.

First, all the buttons and knobs are crap plastic, and the Stop/Eject button wouldn’t open the cassette door, making that function useless. Right there I needed to take it back. But to exchange it?

Not after checking out the radio.

The dial knob was so stiff I thought something was surely wrong with it. And there was. The dial pointer leaned one way or the other as one tuned up and down. And the radio was so bad on both bands that it would be a total turn-off to anyone wanting to give radio a try for the first time. (And there are now large demographics in that category.) Noise rejection on AM was completely absent, and the radio only got one station. There wasn’t even a tiny hint that there might be other signals out there. (And there are many here.) On FM, strong local signals splattered all over the dial, and the tuner made strange pulsing sounds as I (with lots of torque) turned the dial pointer slowly (there was no other way) up and down. And the sound kinda sucked too.

The only thing that worked as advertised was the Bluetooth. My phone found the thing instantly.

As for the sound, I’m much better served by the Bluetooth speakers I already have. There are good ones in the same price range.

The glowing rings around the speakers are just eye candy.

I suppose the rechargeable battery is okay. It worked for the few minutes I bothered checking it out.

The lesson: If you want a good boom box, check out your neighborhood or online thrift stores. Here’s Facebook Marketplace for my region here.

I suspect at least one of these is still good.

A final word to Sam’s Club: please stop selling this piece of crap. It makes victims of your customers.

The JavaScript industrial complex won’t crumble anytime soon. But the stage is set for a return to an ecosystem of reusable components accessible to business developers, only this time based on the universal web platform and its core standards.

How To Build Web Components Using ChatGPT

LLM series at The New Stack

Access management is seen by many business leaders as primarily a means of protecting and securing computer systems. Important, but of secondary importance to the business. But as computer systems come to intermediate almost every interaction the business has with employees, contractors, partners, and customers, dynamic authorization should be seen as a strategic business enabler. Investing in a robust, flexible, and pervasive authorization infrastructure can drive revenue growth, operational efficiency, regulatory compliance, and competitive differentiation.

Reducing Operational Costs

Manually managing access using rigid, static authorization models like ACLs and groups is labor-intensive and prone to errors. Organizations that rely on static methods often have employees who are dedicated to managing permissions for employees and others. These employees also perform manual audits, track down problems, and manage groups. As the organization grows, these processes become more complex—scaling superlinearly due to interactions in the system.

Dynamic authorization automates many of these access control decisions, reducing the need for manual intervention. This has several benefits:

Lower administrative overhead—eliminating the need for manually managing permissions and groups reduces administrative costs.

Reduced risk of over-permissioning—accounts with permissions they no longer need are the source of many costly security breaches.

Reduced security insurance premiums—many organizations buy costly insurance for security breaches and ransomware. Better authorization practices and systems can reduce premiums.

Fewer support tickets for access problems—tickets that require IT to drop what they’re doing to sort out a permissioning problem take these critical employees away from work that advances the organization’s products and services.

Improved onboarding and offboarding efficiency—dynamic authorization can ensure new employees or contractors have all the access they need on day one and lose it as soon as they leave.

Improved operational efficiency gives the organization the freedom to explore and grow instead of constantly battling access management problems.

Enabling Business Agility and Innovation

As more and more business is conducted online, organizations are finding that it’s vital to quickly react to changing business needs. Whether an organization is launching a new product, expanding into new markets, reacting to new regulatory requirements, or enabling new partnerships, being able to flexibly adapt to emerging requirements and support innovation is table stakes for successful organizations.

As we’ve discussed, static authorization methods require manual changes to lists and groups to increase or decrease access to systems. For example, a financial services firm that is employing external auditors for compliance reviews must grant access for the duration of the engagement. A dynamic authorization system makes this as easy as a policy change. Even that might not be required if authorization policies have been written so as to anticipate this kind of need.

New products often require custom code to support authorization requirements for customers and administrators. A workforce management service provider launching a new employee onboarding product must ensure that customers can properly authorize varying access levels for their employees to administer and manage the service securely. A dynamic authorization system can be integrated with the new product, allowing developers to build in the right authorization controls without writing custom authorization code.

Improving Customer Experience

The compelling features of modern SaaS applications, marketplaces, and collaborative services depend on carefully controlling access. In these platforms, dynamic authorization isn’t just for security; it also enhances the user experience and provides enhanced revenue opportunities.

For example, platforms like Google Docs, Dropbox, and SmugMug all allow their customers to share content with specific people or groups. Dynamic authorization makes this functionality possible.

Or consider multi-tenant SaaS companies like Workday or Salesforce. Fine-grained authorization allows these companies to isolate customer data while simultaneously allowing granular access within each tenant that follows complex rules. These companies can’t build a single access management system because each tenant requires different access controls depending on their organization, regulatory environment, and internal access policies. Dynamic authorization lets them more easily meet customer needs.

Finally, many online businesses offer different features to different users depending on subscription levels. Dynamic authorization policies allow this to be done without custom code and give the business flexibility to add or modify subscription levels and features without changing the underlying code.

Strengthening Security and Compliance

Using dynamic authorization for improved security and regulatory compliance provides several business advantages. Industries like finance, healthcare, and government are heavily regulated. The regulations require organizations to enforce least privilege access, ensure auditability, and dynamically adjust access based on employee roles and changing risk conditions. Organizational benefits from using dynamic authorization include decreased compliance risk, better employee experience, fewer workarounds that introduce security problems, and reduced overall cost.

Competitive Differentiation

Using dynamic authorization inside products gives organizations a competitive edge by offering a more secure, flexible, and user-friendly product.

For example, a B2B SaaS company with a product built with fine-grained access control can better attract large enterprise customers who demand flexible, yet secure features. A financial services company that lets customers dynamically set transaction limits based on varying risk signals allows them to reduce fraud while maintaining a rich user experience. A collaboration tool that offers flexible, secure content sharing beats out competitors who use more rigid, static sharing models.

Organizations can more easily respond to competitor product changes when access management is as simple as a policy change. And dynamic authorization provides these benefits without developers having to write custom code.

A Business Necessity

The preceding sections offer multiple examples of how dynamic authorization goes well beyond enhanced IT security. Organizations that embrace dynamic authorization gain enhanced operational efficiency through automation, increased business agility to more easily pursue new opportunities, stronger security and compliance with less overhead, and better customer experiences that drive customer engagement and revenue.

In the era of multi-tenant, AI-enhanced, SaaS applications, dynamic authorization is essential for organizations to securely scale and effectively compete. Failing to adopt better access management technologies and mechanisms puts organizations at risk of losing their competitive advantage.

Photo Credit: Octopus busy approving things from DALL-E (public domain) Prompt: Draw a picture of an octopus wearing an officials hat with each arm holding stamps that say either "allow" or "deny". The octopus is stamping multiple sheets of paper on a desk.

Bitcoin failed. J.P. Koning notes in The end of El Salvador’s bitcoin payments experiment:

But here was a government that was going to champion the stuff, nullifying all of the headwinds against bitcoin in one stroke! The government meddling hypothesis would be put to test. The Salvadoran government used a combination of sticks and carrots to kick-start adoption. First, let's list the carrots. The capital gains tax on bitcoin was set to zero to remove the hassle of buying stuff with bitcoin. The government also built a bitcoin payments app, Chivo, for all El Salvadoreans to use. (Chivo also supports U.S. dollar payments.) Anyone who downloaded Chivo and transacted with bitcoin would receive a $30 bitcoin bonus—that's a lot of money in El Salvador. Gas stations offered $0.20 off of a gallon of gas for customers who paid with the app. People could also use Chivo to pay their taxes with bitcoin. The biggest carrot was zero-transaction fees. Any payment conducted with Chivo was free, as was converting bitcoins held in the Chivo app into U.S. dollars and withdrawing cash at Chivo ATMs. These Chivo ATMs were rolled out across El Salvador and in the U.S., too, to encourage the nascent U.S.-to-El Salvador bitcoin remittance route. Bitcoin ATMs are usually incredibly pricey to use, but in El Salvador the government would eat all the transaction fees. What a fantastic deal. As for the stick, Bukele introduced a forced-tender rule. Beginning in 2021, businesses were required to accept the orange coin or be punished. This was costly for them to comply with. They would have to update point of sale software, signage, train employees, and set up new processes for handling bitcoins post-sale. By all rights, this combination of sticks and carrots should have led to a flourishing of bitcoin payments. But it didn't.

Koning concludes:

The saddest thing about El Salvador's bitcoin experiment is that all sorts of time and resources have been wasted. El Salvador is not a rich country. The money spent on building and operating Chivo, compliance by businesses, bitcoin signage, and subsidies could have been better deployed on more important things like health and education. One hopes that other countries learn from this experience and avoid going down the same route that El Salvador did.

A few years ago, companies like Google, Microsoft and Facebook were known as places where – inside certain organizations – some engineers could earn large sums of money for doing comparatively little work, and wile away the work week waiting for their large new joiner equity to vest over four years. This chill approach is what the “rest” in rest-and-vest refers to, which was a popular phrase at the time for it. These places also had many teams where work was laid back, and it was possible to “coast” and get by doing relatively little.

In 2017, Business Insider interviewed several such folks and wrote:

“Business Insider talked to about a half a dozen people with direct knowledge of the rest-and-vest culture. Some were "fat cats" themselves. Some were hiring managers who tried to lure these folks back to the world of productivity. Many acknowledged that resting and vesting was a common, hush-hush practice at their own companies. Internally, these people are often referred to as "coasters."

Their lives counter the other reality for many in the tech world: long work hours and pressure for workers to pledge unrelenting devotion to their companies and jobs above all else.”

A culture of lenient performance management at the biggest tech businesses contributed to laidback work patterns; I talked with managers at the likes of Google and Microsoft at the time who were frustrated that the system made it hard to manage out folks who were visibly checked out, and were hard to motivate to do even the bare minimum work.

Fast forward to today, and there are signs that Big Tech employers are being tougher than ever in performance management, and any tolerance of “rest and vest” culture is history. This article covers:

Meta: first performance-based mass layoffs. Nearly 3,700 people have been dismissed as ‘low performers’; it’s the first time that another reason wasn’t given for layoffs by the social media giant.

Microsoft: performance-based firings are back. Employees terminated on the spot for performance reasons, without warning, and some don’t get severance.

Evolution of Microsoft’s performance management. The Windows maker has been brutal in performance management before: its old stack ranking system was unpopular for close to two decades.

Even without stack ranking, there’s still bucketing. Stack ranking fell out of favor years ago, but bucketing is still how performance reviews work.

Why now? The end of zero rates, a cooling job market, and more. Takeaways from recent mass layoffs.

Companies that always had high performance expectations. Some Big Tech businesses have always had strict performance standards. For example, within Amazon, Netflix, and NVIDIA, little will change.

Related to this article is our two-part deepdive into How performance calibrations are done at tech companies.

1. Meta: first performance-based mass layoffs

Meta did no mass layoffs for its first 18 years of its existence, until November 2022 when it let go 13% of staff. Back then, there were business reasons. I wrote at the time:

Meta’s revenue is simply not growing fast enough. In Meta’s Historic Growth Challenge, I suggested that just by allowing attrition to slightly reduce headcount expenses, Meta could catch up with profitability. However, what I did not account for was how attrition was likely too slow to wait for, and not fully within the company’s control. Layoffs, however, are.

The stock price pressure likely became too much. Meta’s stock price dipped under $100 for the first time on Thursday, 27 October, a week before layoffs. The stock dropped by 26% that day, which was the biggest one-day fall, after the company forecast weaker-than-expected revenue growth for Q4 2022. (...)

Zuck has summarized these layoffs:

“We’ve cut costs across our business, including scaling back budgets, reducing perks, and shrinking our real estate footprint. We’re restructuring teams to increase our efficiency. But these measures alone won’t bring our expenses in line with our revenue growth, so I’ve also made the hard decision to let people go.”

Six months later in early 2023, the company reduced headcount by another 11%, letting go 10,000 people The reasoning was that it had overhired during the pandemic years of 2020-2021, and was too bloated. The layoffs flattened the organization and boosted efficiency.

That was two years ago, and since then Meta has become more efficient: it generates more revenue ($164B per year) and profit ($62B) than ever before, and its value is at an all-time high of $1.8 trillion dollars.

It’s in this context that Meta announces its first-ever performance-based mass layoffs. Five percent of staff are expected to be let go, starting this week with around 3,700 people. An internal email from Mark Zuckerberg explains why, as reported by CNBC:

“I’ve decided to raise the bar on performance management and move out low performers faster. We typically manage out people who aren’t meeting expectations over the course of a year, but now we’re going to do more extensive performance-based cuts during this cycle, with the intention of back filling these roles in 2025.

We won’t manage out everyone who didn’t meet expectations for the last period if we’re optimistic about their future performance, and for those we do let go, we’ll provide generous severance in line with what we provided with previous cuts.”

This clarity that it’s “low performers” who are being laid off, is new. The large mass layoffs of 2022-23 were justified differently. Of course, low performers are at risk of being let go in most circumstances. However, in Meta’s previous layoffs, plenty of high-performers were also cut who worked in teams seen as bloated cost centers, or targeted for sharp headcount drops.

While these cuts are unfortunate, Meta at least is offering generous severance to those impacted: 16 weeks of pay and an additional two weeks for each year of service.

2. Microsoft: performance-based firings are back

Meta isn’t the only tech giant terminating employees based on performance concerns; Microsoft is doing the same — except on an individual basis. Also from Business Insider:

“Microsoft has started performance-based job cuts, according to termination letters viewed by Business Insider.

Microsoft is taking a stronger stance on performance management like its competitors, and managers at the company have spent the past few months evaluating employees all the way up to level 80, one of its highest levels.”

One of several termination letters was reported by Business Insider. It reads:

"The reason(s) for the termination of your employment include that your job performance has not met minimum performance standards and expectations for your position… You are relieved of all job duties effective immediately and your access to Microsoft systems, accounts, and buildings will be removed effective today. You are not to perform any further work on behalf of Microsoft."

Just to repeat, performance-related firing is commonplace, but what’s different here is how short and quick the process is. Previously, most of Big Tech followed a standard process for workers seen as in need of improvement:

Feedback from the manager, often at a biannual performance review

Performance improvement plan (PIP) which formalises why someone is not meeting performance expectations, and how to succeed with the plan

Dismissal upon failure to clear the PIP. Big Tech has been known for generous severance packages which exceed the legal minimum

But now, Microsoft seems to be skipping PIPs and also not offering severance in some cases. This is unusual, given how differently the tech giant had treated employees since Satya Nadella became CEO. It also feels unusually petty to cancel severance packages for those affected, especially as Microsoft is reporting record profits. Is it a message to low performers to expect nothing from the company?

Microsoft getting “cutthroat” in its performance-management is also out of character, as it was Nadella who introduced a more lenient performance management approach, back in 2014.

3. Evolution of Microsoft’s performance management

Between the 1990s and 2013, Microsoft used a stack ranking system for performance management, which wasn’t advertised to employees until the mid-2000s – although many knew about Microsoft’s “vitality curve” for ranking engineers and managers. Under this, workers high on the curve got outsized bonuses and pay rises, and those low down the curve; well, they got managed out.

In 2004, Mini Microsoft (an anonymous employee at the company, blogging in the public) wrote a post explaining how the then still-secretive stack ranking worked:

“Then along came a new lead. Her feedback [to me was], "You've got to increase your team visibility so that you can do better in the stack rank meeting."

The what-rank? She said it slower as if it would help me to divine what the heck she was talking about. Then she got up and gave me the stack rank lesson and I got to learn about how the team is divided into columns of high, medium, and low folks and then each column has a person by person relative ranking, all those positions negotiated by the leads putting their people up on the whiteboard and then arguing the merits of which report belongs above which other reports.

She said they set the context of their decisions by asking a question like, "Okay, if the team were on a sinking boat and we had to decide who we would put on the life-boats, who would it be?" Up to that point, my ass was next in line for the boat but still going down with the ship.”

From 2004 – mostly thanks to this blog post – stack ranking was no longer a secret, but it wasn’t until 2011 that then-CEO Stever Ballmer acknowledged its existence in an internal email, writing:

“Each rating at each level will now have set compensation tied to the rating.

These ratings will be based on the results you accomplished during the review period (assessed against your commitments), how you accomplished them, and your proven capability. Ratings will be a simple 1-5 system with relative performance being assessed across common peer groups.”

The buckets were pre-defined, supposedly as 20% (top performers), 20% (good performers), 40% (average), 13% (below average), and 7% (poor performers).

I worked at Microsoft starting in 2012, the year after the existence of the stack ranking system became public knowledge. Knowing the distribution made me hope for a grade of 1-2, which would have meant my manager saw me as the “top 40%” within the team. I ended up getting a “3” in 2013, which I was disappointed with, as I interpreted it as being in the bottom 20th to 60th percentile.

Later, I talked with a HR person, who told me that nobody at Microsoft was ever happy with their grades:

Those getting a “1” (the highest rating for the top 20%) think they deserve it. Many feel entitled to it, more than they’re happy to achieve it

Everyone on a 2 to a 5 is disappointed to different extents

Stever Ballmer’s departure spelt the end of the stack ranking system. Shortly after Ballmer announced his retirement in August 2013, the company announced the system was also being retired, effective immediately in November 2013. There are a few possible reasons why Stack Ranking went extinct:

1. Office politics ruled Microsoft. From the mid-2000s, it was increasingly clear that internal politics was more important than building products customers loved.

Microsoft was blindsided by the 2007 launch of the iPhone, and the launch of Android the next year. It took three more years to finally launch a competitive device – the Windows Phone in 2011. By then, iPhone and Android had captured the bulk of the smartphone market.

In 2011, Google software engineer and cartoonist Manu Cornet drew a cartoon about how he perceived Amazon, Google, Facebook, Microsoft, Apple, and Oracle. This was what how he represented the Xbox maker:

Source: Manu Cornet

This image went viral, even though Manu never intended it as a big joke in his comic strip, as he explains in The Man Behind the Tech Comics. The intended target of the joke was Oracle, but his image of Microsoft captured a widely perceived truth.

Back then, there was close to zero collaboration between divisions at Microsoft, which were thousands of employees in size; like Windows Office, Server, Xbox, and Skype. I experienced the lack of collaboration – to the point of hostility – first-hand. In late 2013, my team was building Skype for Web, which we positioned as a competitor to Google Hangouts. We had a problem, though: in order to start a video or voice call, users needed to download a plugin which contained the required video codecs. We noticed Google Hangouts did the same on Internet Explorer and Firefox, but not on Chrome because the plugin was bundled with the browser for a frictionless experience.

My team decided we had to offer the same frictionless experience on Microsoft’s latest browser, Edge, which was in development at the time. After weeks of back-and-forth, the team politely and firmly rejected bundling our plugin into the new Microsoft browser. The reason? Their KPI was to minimize the download size of the browser, and helping us would not help them reach that goal.

It was a maddening experience. Microsoft could not compete with the likes of Google due to internal dysfunction like this; with teams and individuals focused on their own targets at the expense of the greater good for the company and users.

2. Stack ranking pinpointed as the core of the problem. In 2012, Vanity Fair published Microsoft’s lost decade, which said:

“At the center of the cultural problems was a management system called “stack ranking.” Every current and former Microsoft employee I interviewed—every one—cited stack ranking as the most destructive process inside of Microsoft, something that drove out untold numbers of employees. (...)

The system—also referred to as “the performance model,” “the bell curve,” or just “the employee review”—has, with certain variations over the years, worked like this: every unit was forced to declare a certain percentage of employees as top performers, then good performers, then average, then below average, then poor.

In the end, the stack-ranking system crippled the ability to innovate at Microsoft, executives said. “I wanted to build a team of people who would work together and whose only focus would be on making great software,” said Bill Hill, the former manager. “But you can’t do that at Microsoft.”

3. Investor and board pressure. By 2013, Microsoft’s stock had been flat for about 12 years. It was clear that cultural change was needed to turn business performance around, and removing the hated stack ranking system was one of the easiest ways for the leadership team to show that change was afoot.

4. Ballmer’s exit. Several leaders including Head of HR Lisa Brummel were never in favor of stack ranking, as Business Insider reported at the time. With Ballmer gone, executives could push decisions that would’ve previously been vetoed, before a new CEO took the helm.

Satya Nadella replaced stack ranking with a more collaborative performance review system. As CEO, he recognized the cultural problems Microsoft had. In his 2017 book, Hit Refresh, he recalled the pre-2014 times:

"Innovation was being replaced by bureaucracy. Teamwork was being replaced by internal politics. We were falling behind."

A new performance review system attempted to address the problems, rating employees in three areas:

Individual impact

Contributing to others’ success

Leveraging the work of others

Microsoft also got rid of its vitality curve (the stack ranking system), starting from 2014. The changes resulted in a different performance review process, where individual impact carried less weight. In 2022, Microsoft even started to measure how many of its employees said they were “thriving”, which it defined as being “energized and empowered to do meaningful work.” Note that this was at the peak of the hottest job market in tech, when attrition spiked across the sector, and even Big Tech needed new ways to retain people.

Signs that performance management was changing again were visible in 2023, when last September, Microsoft quietly introduced a new field for managers called “impact designators.” They had to rate the impact of their reports and not disclose this to employees. The ratings determined bonuses and pay rises.

As a former engineering manager, what surprised me about this lowkey change was not that it happened, but rather that it raises the question of what Microsoft was doing before? “Impact designator” is another name for “multiplier”, used in most tech workplaces. Ahead of performance calibration meetings, managers often know this information and must fit the budget, or can sometimes exceed it. Multipliers are finalized in the calibration which helps for dividing bonus pots, equity refresh, and pay rise budgets.

So it was a surprise to learn Microsoft operated without managers setting or recommending multipliers for nine years, as part of the performance process.

4. Even without stack ranking, there’s still bucketing

The demise of divisive stack ranking was cheered; but in reality, all larger companies still operate ranking frameworks today. At most mid-sized-and-above companies, performance review processes have the explicit goal to identify and reward top performers, and to find low performers and figure out what to do next. We cover the dynamics of the process in a two-part deepdive. Performance calibrations at tech companies, including:

Read more

Somebody just gave the 31st upvote to my answer to the Quora question “What do you regret as you get older?” So I thought it might be worth repeating.

Here’s a short list:

Not learning at least one other language. Not learning a musical instrument (or to sing) well enough to play in a group. Not getting fit physically and staying that way. (Related: not working hard to succeed in at least one varsity sport—especially one requiring teamwork.) Not spending more time in other countries and cultures when I was young. Getting married too early and often. (Since you’re asking, twice before a great marriage now going on 27 years.)

For a full perspective on those, here’s a list of things I don’t regret:

Staying curious about everything, all my life. (“Learn as if you’ll live forever, live as if you’ll die tomorrow,” Gandhi is said to have said.) Learning to ski (in my 40s) and at learning to play soccer and basketball well enough not to be chosen last in pickup games. Sucking in school, which forced me to learn in other ways—and to learn well enough to at least play a decent academic later in life. Never taking up smoking, drugs or drinking heavily. Watching so little TV that I miss most cultural references to various stars and shows.

There are many more possibilities for both lists, but that’s a start.

That was seven years ago. My wife and I have now been married for almost 34 years.

2月26日、FIN/SUM 2025の皮切りになる「PwC Digital Identity Forum 2025」に出演します。

開催日時2025年2月26日（水）15:00～19:00（受付開始14:45）申し込み締め切り2025年2月25日（火）12:00場所東京国際フォーラム ホールB5
（東京都千代田区丸の内3丁目5番1号Bブロック5階）

私の出番はセッション１ (15:15 – 15:55) です。

Session1：オープンファイナンスの未来とデジタルアイデンティティの重要性

多くの企業が金融サービスに関わるようになってきた昨今、日本におけるフィンテックが持つ変革力と、金融取引をより信頼できるものにするためにデジタルアイデンティティが果たす重要な役割を探ります。グローバルの事例を参考にしながら、セキュリティとオープン性が複雑に絡み合うフィンテックの世界をどのように実現できるかについての理解を再定義します。

スピーカー

私以外の方々が錚々たるもので、私はいなくても良いのではないか疑惑もありますが、ぜひお越しください。

ちなみにこの後のセッションはデジタル庁の林さん (@lef) とNTTドコモの森山さん、それにPwCの柴田さんです。

16:10-16:50 Session2：ビジネス戦略で重要性を増す本人確認――企業を支えるデジタル社会の新基準

デジタル社会の進化に伴い、なりすましなどの不正利用防止や未成年保護のための年齢確認など、あらゆる企業にとって本人確認の役割はますます大きくなっています。
本セッションでは、普及が進むマイナンバーカードやパスキーといった最新の本人確認の仕組みとその応用について、業界の第一線で活躍する専門家が多角的に解説します。
企業活動における本人確認の価値やその実践的な活用方法を、具体的な事例と最新の動向を交えて探ります。

スピーカー

申し込みやその他のプログラムは、公式サイトよりご覧になっていただけます。

それでは現地でお目にかかりましょう。

This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be implemented and how an application can request delegated access tokens on behalf of a user and another application, providing a seamless and secure access to protected resources using a zero trust strategy.

Code: https://github.com/damienbod/token-mgmt-ui-delegated-token-exchange

Blogs in this series ASP.NET Core user delegated access token management ASP.NET Core user application access token management ASP.NET Core delegated OAuth 2.0 Token Exchange access token management Setup

The solution implements an ASP.NET Core web application which authenticates using Microsoft Entra ID. The web application uses an API protected with a Microsoft Entra ID access token. This API uses another downstream API protected with Duende IdentityServer. The API exchanges the Microsoft Entra ID access token for a new Duende IdentityServer access token using the OAuth 2.0 Token Exchange standard. Both APIs use a user delegated access token. The tokens are persisted on the trusted backend using the IDistributedCache implementation. This can be an in-memory cache or a persistent cache. When using this cache, it is important to automatically renew the access token, if it is missing or invalid.

What must an application manage?

An access token management solution must ensure that tokens are securely stored per user session for delegated downstream API user tokens and updated after each UI authentication or refresh. The solution should be robust to handle token expiration, function seamlessly after restarts, and support multi-instance deployments. The tokens must be persisted safely in multiple instance setups. Additionally, it must effectively manage scenarios involving invalid or missing access tokens.

Properties of token management in the solution setup: The access token is persisted per user session The token expires The token needs to be persisted somewhere safely (Safe and encrypted storage if not in-memory) The token must be replaced after each UI authentication (per user) The solution must work after restarts The solution must work for multiple instances when deployed to multi-instance deployments. The solution must handle invalid access tokens or missing access tokens The application must handle a user logout Client Implementation (Entra ID API)

An OAuth 2.0 Token Exchange token request is sent to the Duende IdentityServer using the ApiTokenCacheClient. The service persists the token in a cache per user. The cache is implemented using the IDistributedCache interface.

using IdentityModel.Client; using IdentityModel; using Microsoft.Extensions.Caching.Distributed; using Microsoft.Extensions.Options; using System.Text.Json; namespace WebApiEntraId.WebApiDuende; public class ApiTokenCacheClient { private readonly ILogger<ApiTokenCacheClient> _logger; private readonly IHttpClientFactory _httpClientFactory; private readonly IOptions<WebApiDuendeConfig> _webApiDuendeConfig; private static readonly object _lock = new(); private readonly IDistributedCache _cache; private const int cacheExpirationInDays = 1; private class AccessTokenItem { public string AccessToken { get; set; } = string.Empty; public DateTime ExpiresIn { get; set; } } public ApiTokenCacheClient( IOptions<WebApiDuendeConfig> webApiDuendeConfig, IHttpClientFactory httpClientFactory, ILoggerFactory loggerFactory, IDistributedCache cache) { _webApiDuendeConfig = webApiDuendeConfig; _httpClientFactory = httpClientFactory; _logger = loggerFactory.CreateLogger<ApiTokenCacheClient>(); _cache = cache; } public async Task<string> GetApiTokenOauthGrantTokenExchange( string clientId, string audience, string scope, string clientSecret, string aadAccessToken) { var accessToken = GetFromCache(clientId); if (accessToken != null) { if (accessToken.ExpiresIn > DateTime.UtcNow) { return accessToken.AccessToken; } } _logger.LogDebug("GetApiToken new from STS for {api_name}", clientId); // add var newAccessToken = await GetApiTokenOauthGrantTokenExchangeAad( clientId, audience, scope, clientSecret, aadAccessToken); AddToCache(clientId, newAccessToken); return newAccessToken.AccessToken; } private async Task<AccessTokenItem> GetApiTokenOauthGrantTokenExchangeAad(string clientId, string audience, string scope, string clientSecret, string entraIdAccessToken) { var tokenExchangeHttpClient = _httpClientFactory.CreateClient(); tokenExchangeHttpClient.BaseAddress = new Uri(_webApiDuendeConfig.Value.IdentityProviderUrl); var cache = new DiscoveryCache(_webApiDuendeConfig.Value.IdentityProviderUrl); var disco = await cache.GetAsync(); var tokenExchangeSuccessResponse = await tokenExchangeHttpClient .RequestTokenExchangeTokenAsync(new TokenExchangeTokenRequest { Address = disco.TokenEndpoint, ClientId = clientId, ClientSecret = clientSecret, Audience = audience, SubjectToken = entraIdAccessToken, SubjectTokenType = OidcConstants.TokenTypeIdentifiers.AccessToken, Scope = scope, Parameters = { { "exchange_style", "delegation" } } }); if (tokenExchangeSuccessResponse != null) { return new AccessTokenItem { ExpiresIn = DateTime.UtcNow.AddSeconds(tokenExchangeSuccessResponse.ExpiresIn), AccessToken = tokenExchangeSuccessResponse.AccessToken! }; } _logger.LogError("no success response from oauth token exchange access token request"); throw new ApplicationException("no success response from oauth token exchange access token request"); } private void AddToCache(string key, AccessTokenItem accessTokenItem) { var options = new DistributedCacheEntryOptions() .SetSlidingExpiration(TimeSpan.FromDays(cacheExpirationInDays)); lock (_lock) { _cache.SetString(key, JsonSerializer.Serialize(accessTokenItem), options); } } private AccessTokenItem? GetFromCache(string key) { var item = _cache.GetString(key); if (item != null) { return JsonSerializer.Deserialize<AccessTokenItem>(item); } return null; } }

The WebApiDuendeService class uses the token API service to request data from the downstream API.

using IdentityModel.Client; using Microsoft.Extensions.Options; using System.Text.Json; namespace WebApiEntraId.WebApiDuende; public class WebApiDuendeService { private readonly IOptions<WebApiDuendeConfig> _webApiDuendeConfig; private readonly IHttpClientFactory _clientFactory; private readonly ApiTokenCacheClient _apiTokenClient; public WebApiDuendeService( IOptions<WebApiDuendeConfig> webApiDuendeConfig, IHttpClientFactory clientFactory, ApiTokenCacheClient apiTokenClient) { _webApiDuendeConfig = webApiDuendeConfig; _clientFactory = clientFactory; _apiTokenClient = apiTokenClient; } public async Task<string> GetWebApiDuendeDataAsync(string entraIdAccessToken) { try { var client = _clientFactory.CreateClient(); client.BaseAddress = new Uri(_webApiDuendeConfig.Value.ApiBaseAddress); var accessToken = await _apiTokenClient.GetApiTokenOauthGrantTokenExchange ( _webApiDuendeConfig.Value.ClientId, _webApiDuendeConfig.Value.Audience, _webApiDuendeConfig.Value.ScopeForAccessToken, _webApiDuendeConfig.Value.ClientSecret, entraIdAccessToken ); client.SetBearerToken(accessToken); var response = await client.GetAsync("api/profiles/photo"); if (response.IsSuccessStatusCode) { var data = await response.Content.ReadAsStringAsync(); if (data != null) { return data; } return string.Empty; } throw new ApplicationException($"Status code: {response.StatusCode}, Error: {response.ReasonPhrase}"); } catch (Exception e) { throw new ApplicationException($"Exception {e}"); } } }

Duende IdentityServer implementation

Duende IdentityServer provides an IExtensionGrantValidator interface to implement the identity server support for OAuth 2.0 Token Exchange standard. This service must validate the access token and provide the data to issue a new Duende access token. Other validation checks are required like validating the sub claim which represents the user in the delegated access token. It is important to validate the access token fully. The new access tokens should only be issued for the same user. It is important to use a unique identifier from the access token to read data and issue new data for the user. An email is normally not a good solution for this as users can change their email in some IAM solutions.

public class TokenExchangeGrantValidator : IExtensionGrantValidator { private readonly ITokenValidator _validator; private readonly OauthTokenExchangeConfiguration _oauthTokenExchangeConfiguration; private readonly UserManager<ApplicationUser> _userManager; public TokenExchangeGrantValidator(ITokenValidator validator, IOptions<OauthTokenExchangeConfiguration> oauthTokenExchangeConfiguration, UserManager<ApplicationUser> userManager) { _validator = validator; _oauthTokenExchangeConfiguration = oauthTokenExchangeConfiguration.Value; _userManager = userManager; } public async Task ValidateAsync(ExtensionGrantValidationContext context) { // defaults context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest); var customResponse = new Dictionary<string, object> { {OidcConstants.TokenResponse.IssuedTokenType, OidcConstants.TokenTypeIdentifiers.AccessToken} }; var subjectToken = context.Request.Raw.Get(OidcConstants.TokenRequest.SubjectToken); var subjectTokenType = context.Request.Raw.Get(OidcConstants.TokenRequest.SubjectTokenType); var oauthTokenExchangePayload = new OauthTokenExchangePayload { subject_token = subjectToken!, subject_token_type = subjectTokenType!, audience = context.Request.Raw.Get(OidcConstants.TokenRequest.Audience), grant_type = context.Request.Raw.Get(OidcConstants.TokenRequest.GrantType)!, scope = context.Request.Raw.Get(OidcConstants.TokenRequest.Scope), }; // mandatory parameters if (string.IsNullOrWhiteSpace(subjectToken)) { return; } if (!string.Equals(subjectTokenType, OidcConstants.TokenTypeIdentifiers.AccessToken)) { return; } var (Valid, Reason, Error) = ValidateOauthTokenExchangeRequestPayload .IsValid(oauthTokenExchangePayload, _oauthTokenExchangeConfiguration); if (!Valid) { return; // UnauthorizedValidationParametersFailed(oauthTokenExchangePayload, Reason, Error); } // get well known endpoints and validate access token sent in the assertion var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>( _oauthTokenExchangeConfiguration.AccessTokenMetadataAddress, new OpenIdConnectConfigurationRetriever()); var wellKnownEndpoints = await configurationManager.GetConfigurationAsync(); var accessTokenValidationResult = await ValidateOauthTokenExchangeRequestPayload.ValidateTokenAndSignature( subjectToken, _oauthTokenExchangeConfiguration, wellKnownEndpoints.SigningKeys); if (!accessTokenValidationResult.Valid) { return; // UnauthorizedValidationTokenAndSignatureFailed(oauthTokenExchangePayload, accessTokenValidationResult); } // get claims from Microsoft Entra ID token and re use in Duende IDP token var claimsIdentity = accessTokenValidationResult.ClaimsIdentity; if (claimsIdentity == null) { return; } var isDelegatedToken = ValidateOauthTokenExchangeRequestPayload .IsDelegatedAadAccessToken(claimsIdentity); if (!isDelegatedToken) { return; // UnauthorizedValidationRequireDelegatedTokenFailed(); } var name = ValidateOauthTokenExchangeRequestPayload.GetPreferredUserName(claimsIdentity); var isNameAndEmail = ValidateOauthTokenExchangeRequestPayload.IsEmailValid(name); if (!isNameAndEmail) { return; // UnauthorizedValidationPreferredUserNameFailed(); } // Should use the OID var user = await _userManager.FindByNameAsync(name); if (user == null) { return; // UnauthorizedValidationNoUserExistsFailed(); } var sub = claimsIdentity.Claims!.First(c => c.Type == JwtClaimTypes.Subject).Value; var style = context.Request.Raw.Get("exchange_style"); if (style == "impersonation") { // set token client_id to original id context.Request.ClientId = oauthTokenExchangePayload.audience!; context.Result = new GrantValidationResult( subject: sub, authenticationMethod: GrantType, customResponse: customResponse); } else if (style == "delegation") { // set token client_id to original id context.Request.ClientId = oauthTokenExchangePayload.audience!; var actor = new { client_id = context.Request.Client.ClientId }; var actClaim = new Claim(JwtClaimTypes.Actor, JsonSerializer.Serialize(actor), IdentityServerConstants.ClaimValueTypes.Json); context.Result = new GrantValidationResult( subject: sub, authenticationMethod: GrantType, claims: [actClaim], customResponse: customResponse); } else if (style == "custom") { context.Result = new GrantValidationResult( subject: sub, authenticationMethod: GrantType, customResponse: customResponse); } } public string GrantType => OidcConstants.GrantTypes.TokenExchange; }

In Duende a client is required to support the OAuth 2.0 Token Exchange. This is added using the AllowedGrantTypes property. A secret is also required to acquire a new access token.

new Client { ClientId = "tokenexchangeclientid", ClientSecrets = { new Secret("--in-user-secrets--".Sha256()) }, AllowedGrantTypes = { OidcConstants.GrantTypes.TokenExchange }, AllowedScopes = { "shopclientscope" } }

Support for the OAuth Token Exchange is added to the Duende IdentityServer setup using the AddExtensionGrantValidator extension method.

var idsvrBuilder = builder.Services .AddIdentityServer(options => { options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; // see https://docs.duendesoftware.com/identityserver/v6/fundamentals/resources/ options.EmitStaticAudienceClaim = true; }) .AddInMemoryIdentityResources(Config.IdentityResources) .AddInMemoryApiScopes(Config.ApiScopes) .AddInMemoryClients(Config.Clients()) .AddAspNetIdentity<ApplicationUser>(); // registers extension grant validator for the token exchange grant type idsvrBuilder.AddExtensionGrantValidator<TokenExchangeGrantValidator>();

Running the solutions

When all four applications are started, the data from the Duende protected API is returned to the Razor Page application which uses Microsoft Entra ID to authenticate.

Links

Implement the OAUTH 2.0 Token Exchange delegated flow between an Microsoft Entra ID API and an API protected using OpenIddict

https://github.com/damienbod/OAuthGrantExchangeOidcDownstreamApi

https://docs.duendesoftware.com/identityserver/v7/tokens/extension_grants/token_exchange/

JSON Web Token (JWT)

Best Current Practice for OAuth 2.0 Security

The OAuth 2.0 Authorization Framework

OAuth 2.0 Demonstrating Proof of Possession DPoP

OAuth 2.0 JWT-Secured Authorization Request (JAR) RFC 9101

OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

OpenID Connect 1.0

Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow

OAuth 2.0 Token Exchange

JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

HTTP Semantics RFC 9110

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims

https://github.com/dotnet/aspnetcore/issues/8175

Twenty-fifth in the News Commons series

This is etched in limestone over an entrance to a building at the University of Wyoming. It gave John McPhee the title for perhaps its most useful book.

Southern California has two seasons: Fire and Rain.

Rain didn’t begin this year until a few days after Fire ended apocalyptically, incinerating much of Altadena and Pacific Palisades. Now Rain is here, with the occasional atmospheric river flowing across the faces of hills and mountains whose beards were just burned off.

Much is being  written about what geologists call debris flows and Muggles call mudslides. These tend to happen when mountains of poorly bound slopes of loose rock and soil get drenched in rain after the vegetation holding everything in place has been burned away. Many of the big slopes above Los Angeles are mile-wide dump trucks waiting to hoist their beds and open their tailgates. The Los Angeles County Flood Control District (aka “Flood”) has been on this case for a century and stands ready with debris basins and other risk abatements. But the San Gabriel Mountains are much bigger, and resemble volcanoes in their tectonic youth and tendency to erode downward and outward almost as fast as earthquakes push them up.

For describing all this, no writing is more useful than John McPhee‘s Los Angeles Against The Mountains, which ran first as a pair of long essays in September and October 1988 editions of The New Yorker, and later as a chapter in The Control of Nature, which came out in 1990. (Another chapter in that book is “The Army Corps of Engineers vs. the Mississippi,” which first appeared as Achafalya in a 1987 issue of The New Yorker. The magazine published it again after Hurricane Katrina as if it were a live report on what happened when the levees failed in New Orleans—though it had been written, prophetically, seventeen years earlier.)

McPhee is the Beethoven, the Rembrandt, the Shakespeare of nonfiction: inimitable and without equal. At ninety-three he is still writing and teaching other writers at Princeton. Though I’ve never set foot in Princeton, McPhee has been teaching me how to write for many decades.  I have read all his books, some many times. A few have so many page flags I could brush off a table with them. Some of those flags now aid my compression of  “Los Angeles Against the Mountains.”

Here he frames the battle:

…in the confrontation of the urban and the wild. Los Angeles is overmatched on one side by the Pacific Ocean and on the other by very high mountains. With respect to these principal boundaries, Los Angeles is done sprawling. The San Gabriels, in their state of tectonic youth, are rising as rapidly as any range on earth. Their loose inimical slopes flout the tolerance of the angle of repose. Rising straight up out of the megalopolis, they stand ten thousand feet above the nearby sea, and they are not kidding with this city. Shedding, spalling, self-destructing, they are disintegrating at a rate that is also among the fastest in the world…

The slopes average sixty-five to seventy per cent. In numerous places, they are vertical…The term “oversteepened” is often used to describe them. At the giddy extreme of oversteepening is the angle of maximum slope. Very large sections of the San Gabriels closely approach that angle. In such terrain, there is not much to hold the loose material except the plants that grow there…

And here he’s describing the experience of hanging with geologists on the steep face of one slope:

Evergreen oaks were fingering up the creases in the mountainsides, pointing toward the ridgeline forests of big-cone Douglas fir, of knobcone and Coulter pine. The forests had an odd sort of timberline. They went down to it rather than up. Down from the ridges the conifers descended through nine thousand, seven thousand, six thousand feet, stopping roughly at five. The forests abruptly ended—the country below being too dry in summer to sustain tall trees. On down the slopes and all the way to the canyons was a thicket of varied shrubs that changed in character as altitude fell but was everywhere dense enough to stop an army. On its lower levels, it was all green, white, and yellow with buckwheat, burroweed, lotus and sage, deerweed, bindweed, yerba santa… The thicket’s resistance to trespass, while everywhere formidable, stiffened considerably as it evolved upward…Whatever and wherever they were, these plants were prickly, thick, and dry, and a good deal tougher than tundra. Those evergreen oaks fingering up the creases in the mountains were known to the Spaniards as chaparros. Riders who worked in the related landscape wore leather overalls open at the back, and called them chaparajos. By extension, this all but impenetrable brush was known as chaparral.

The low stuff, at the buckwheat level, is often called soft chaparral. Up in the tough chamise, closer to the lofty timber, is high chaparral, which is also called hard chaparral. High or low—hard, soft, or mixed—all chaparral has in common an always developing, relentlessly intensifying, vital necessity to burst into flame. In a sense, chaparral consumes fire no less than fire consumes chaparral. Fire nourishes and rejuvenates the plants. There are seeds that fall into the soil, stay there indefinitely, and will not germinate except in the aftermath of fire. There are basal buds that sprout only after fire. Droughts are so long, rains so brief, that dead bits of wood and leaves scarcely decay. Instead, they accumulate, thicken, until the plant community is all but strangling in its own duff. The nutrients in the dead material are being withheld from the soil. When fire comes, it puts the nutrients back in the ground. It clears the terrain for fresh growth. When chaparral has not been burned for thirty years, about half the thicket will be dry dead stuff—twenty-five thousand tons of it in one square mile. The living plants are no less flammable. The chamise, the manzanita—in fact, most chaparral plants—are full of solvent extractives that burn intensely and ignite easily. Their leaves are glossy with oils and resins that seal in moisture during hot dry periods and serve the dual purpose of responding explosively to flame. In the long dry season, and particularly in the fall, air flows southwest toward Los Angeles from the Colorado Plateau and the Basin and Range. Extremely low in moisture, it comes out of the canyon lands and crosses the Mojave Desert. As it drops in altitude, it compresses, becoming even dryer and hotter. It advances in gusts. This is the wind that is sometimes called the foehn. The fire wind. The devil wind. In Los Angeles, it is known as Santa Ana. When chamise and other chaparral plants sense the presence of Santa Ana winds, their level of moisture drops, and they become even more flammable than they were before. The Santa Anas bring what has been described as “instant critical fire weather.” Temperatures rise above a hundred degrees. Humidity drops very close to zero. According to Charles Colver, of the United States Forest Service, “moisture evaporates off your eyeballs so fast you have to keep blinking.”

About fires, when they happen, he says this:

…Where the Santa Anas collide with local mountain winds, they become so erratic that they can scatter a fire in big flying brands for a long distance in any direction. The frequency and the intensity of the forest fires in the Southern California chaparral are the greatest in the United States, with the possible exception of the wildfires of the New Jersey Pine Barrens.

McPhee’s writing is always wrapped around characters, most of which I’m leaving out of this compression. The first exception for our purpose here is Wade Wells, a hydrologist with the United States Forest Service.

The chaparral fires are considerably more potent than the forest fires Wade Wells saw when he was an undergraduate at the University of Idaho or when he worked as a firefighter in the Pacific Northwest. “Fires in the Pacific Northwest are nothing compared with these chaparral fires,” he remarked. “Chaparral fires are almost vicious by comparison. They’re so intense. Chaparral is one of the most flammable vegetation complexes there are.”

It burns as if it were soaked with gasoline. Chaparral plants typically have multiple stems emerging from a single root crown, and this contributes not only to the density of the thickets but, ultimately, to the surface area of combustible material that stands prepared for flame. Hundreds of acres can be burned clean in minutes. In thick black smoke there is wild orange flame, rising through the canyons like explosion crowns. The canyons serve as chimneys, and in minutes whole mountains are aflame, resembling volcanoes, emitting high columns of fire and smoke…

In millennia before Los Angeles settled its plain, the chaparral burned every thirty years or so, as the chaparral does now. The burns of prehistory, in their natural mosaic, were smaller than the ones today. With cleared fire lanes, chemical retardants, and other means of suppressing what is not beyond control, people have conserved fuel in large acreages. When the inevitable fires come, they burn hotter, higher, faster than they ever did in a state of unhindered nature. When the fires end, there is nothing much left on the mountainsides but a thin blanket of ash. The burns are vast and bare. On the sheer declivities where the surface soils were held by chaparral, there is no chaparral.

Fine material tumbles downslope and collects in the waterless beds of streams. It forms large and bulky cones there, to some extent filling the canyons. Under green chaparral, the gravitational movement of bits of soil, particles of sand, and other loose debris goes on month after month, year after year, especially in oversteepened environments, where it can represent more than half of all erosion. After a burn, though, it increases exponentially. It may increase twentyfold, fortyfold, even sixtyfold. This steady tumbling descent of unconsolidated mountain crumbs is known as dry ravel. After a burn, so much dry ravel and other debris becomes piled up and ready to go that to live under one of those canyons is (as many have said) to look up the barrel of a gun.

One would imagine that the first rain would set the whole thing off, but it doesn’t. The early-winter rains—and sometimes the rains of a whole season—are not enough to make the great bulk move. Actually, they add to it…

In the slow progression of normal decay, chaparral litter seems to give up to the soil what have been vaguely described as “waxlike complexes of long-chain aliphatic hydrocarbons.” These waxy substances are what make unburned chaparral soil somewhat resistant to water, or “slightly nonwettable,” as Wells and his colleagues are wont to describe it. When the wildfires burn, and temperatures at the surface of the ground are six or seven hundred centigrade degrees, the soil is so effective as an insulator that the temperature one centimetre below the surface may not be hot enough to boil water. The heavy waxlike substances vaporize at the surface and recondense in the cooler temperatures below. Acting like oil, they coat soil particles and establish the hydrophobic layer—one to six centimetres down. Above that layer, where the waxlike substances are gone, the veneer of burned soil is “wettable.” When Wells drips water on a dishful of that, the water soaks in as if the dish were full of Kleenex. When rain falls on burned and denuded ground, it soaks the very thin upper layer but can penetrate no farther. Hiking boots strike hard enough to break through into the dust, but the rain is repelled and goes down the slope. Of all the assembling factors that eventually send debris flows rumbling down the canyons, none is more detonative than the waterproof soil.

In the first rains after a fire, water quickly saturates the thin permeable layer, and liquefied soil drips downhill like runs of excess paint. These miniature debris flows stripe the mountainsides with miniature streambeds—countless scarlike rills that are soon the predominant characteristic of the burned terrain. As more rain comes, each rill is going to deliver a little more debris to the accumulating load in the canyon below. But, more to the point, each rill—its natural levees framing its impermeable bed—will increase the speed of the surface water. As rain sheds off a mountainside like water off a tin roof, the rill network, as it is called, may actually cube the speed, and therefore the power, of the runoff. The transport capacity of the watershed—how much bulk it can move—may increase a thousandfold. The rill network is prepared to deliver water with enough force and volume to mobilize the deposits lying in the canyons below. With the appearance of the rills, almost all prerequisites have now sequentially occurred. The muzzle-loader is charged. For a full-scale flat-out debris flow to burst forth from the mountains, the final requirement is a special-intensity storm.

Some of the most concentrated rainfall in the history of the United States has occurred in the San Gabriel Mountains. The oddity of this is about as intense as the rain. Months—seasons—go by in Los Angeles without a fallen drop. Los Angeles is one of the least-rained-upon places in the Western Hemisphere. The mountains are so dry they hum. Erosion by dry ravel greatly exceeds erosion by water. The celebrated Mediterranean climate of Los Angeles owes itself to aridity. While Seattle is receiving its average rainfall of thirty-nine inches a year, Chicago thirty-three, the District of Columbia thirty-nine, and New York City forty-four, Los Angeles is doing well if it gets fifteen. In one year out of every four over the past century, rainfall in Los Angeles has been under ten inches, and once or twice it was around five. That is pure Gobi. When certain storm systems approach Los Angeles, though—storms that come in on a very long reach from far out in the Pacific—they will pick up huge quantities of water from the ocean and just pump it into the mountains…

Here begins a story about one debris flow, in a setting high and dry:

Five miles into the mountains from the edge of the city is a small, obscure, steep-sided watershed of twenty-five hundred acres which is drained by the Middle Fork of Mill Creek, a tributary of the Big Tujunga. The place is so still you can hear the dry ravel…

Then came Fire:

It was a textbook situation—a bowl in the mountains filled with hard chaparral that had not been touched by fire in ninety-nine years. The older chaparral becomes, the hotter it burns. In its first ten years of new growth, it is all but incombustible. After twenty years, its renewed flammability curves sharply upward. It burns, usually, before it is forty years old. The hotter the fire, the more likely a debris flow—and the greater the volume when it comes. The century-old fuel of the Middle Fork was so combustible that afterward there were not even stumps. The slopes looked sandpapered. The streambed, already loaded, piled even higher with dry ravel. The Middle Fire, as the burn was known, was cause for particular alarm, because a small settlement was a mile downstream. Its name—Hidden Springs—contained more prophecy than its residents seemed prepared to imagine. Three hundred and ninety thousand cubic yards of loose debris was gathered just above them, awaiting mobilization.

Then, Rain:

Toward midnight February 9th, an accidental fire broke out in a small building of Gabe Hinterberg’s. A fire truck eventually came. Half a dozen people fought the fire, assisted by the heavy rain. One of them was George Scribner. The five-minute spike of greatest downpour occurred at about one-thirty. Half an hour later, George said, “Hey, we got the fire put out.”

Gabe said, “Good deal.”

And then Gabe and George were dead.

Amos Lewis, nearby, was holding a fire hose in his hand and was attempting to prevent it from kinking. In his concentration, he did not see danger coming. He heard nothing ominous. He only felt the hose draw taut. Through his peripheral vision he became aware that the fire truck—with the hose connected to it—was somehow moving sideways. Seconds later, Amos Lewis, too, was swept away.

The snout of the debris flow was twenty feet high, tapering behind. Debris flows sometimes ooze along, and sometimes move as fast as the fastest river rapids. The huge dark snout was moving nearly five hundred feet a minute and the rest of the flow behind was coming twice as fast, making roll waves as it piled forward against itself—this great slug, as geologists would describe it, this discrete slug, this heaving violence of wet cement. Already included in the debris were propane tanks, outbuildings, picnic tables, canyon live oaks, alders, sycamores, cottonwoods, a Lincoln Continental, an Oldsmobile, and countless boulders five feet thick. All this was spread wide a couple of hundred feet, and as the debris flow went through Hidden Springs it tore out more trees, picked up house trailers and more cars and more boulders, and knocked Gabe Hinterberg’s lodge completely off its foundation. Mary and Cal Drake were standing in their living room when a wall came off. “We got outside somehow,” he said later. “I just got away. She was trying to follow me. Evidently, her feet slipped out from under her. She slid right down into the main channel.” The family next door were picked up and pushed against their own ceiling. Two were carried away. Whole houses were torn loose with people inside them. A house was ripped in half. A bridge was obliterated. A large part of town was carried a mile downstream and buried in the reservoir behind Big Tujunga Dam. Thirteen people were part of the debris. Most of the bodies were never found.

As Amos Lewis suddenly found himself struggling in the viscous flow, he more or less bumped into a whirling pickup, coming down in the debris from who knows where upstream. One of the roll waves picked him up and threw him into the back of the truck. As the vehicle spun around and around, it neared one bank. Lewis saw an overhanging limb. He reached for it, caught it, and pulled himself above the rocky flow. Years later, just about where this had happened, he told Wade Wells and me the story. “I got pushed to one side,” he said as he finished. “I lucked out.” Lewis is a prematurely white-haired man with a white beard and dark-brown eyes. On this day in late spring, his muscular build and deeply tanned skin were amply displayed by a general absence of clothing. He wore bluejean shorts, white socks, mountain boots, and nothing else. When people began to discover human remains in the reservoir, he had gone in his patrol car to investigate the fate of his neighbors. “I had to go roll on them calls,” he said. “A deputy sheriff has to roll on any type of body being found. I carried out at least four, maybe five, skulls.”

These are all things to bear in mind when we visit how news ought to work in a digital environment where facts mostly don’t matter—until they do.

 

 

 

I made a video today reflecting on how we manage (or don’t) our energy and how our engagement with digital information complicates our lives. I’m proposing that people consider dialing back their social media consumption to spend time reflecting on their thinking, what we have learned over the past five years, and how we can navigate future challenges with integrity and grace. In the space that is created I am hoping some people will experience ontopoetic synchronicities, conversations with the divine, as we become more intentional about how we direct our consciousness and bodies in this 3D world. I would love to hear back from anyone who gives this a try to see what your experience has been. Life is a stage and we are players. Consider this an unplugged improv opportunity where you get to riff with the quantum.

Words of the day: biosemiotics, memetics, reality tunnel, and metacognition.

Take care with that biocomputer programming. : )

2月5日の個人情報保護委員会において、1月22日資料で事務局ヒアリング結果を踏まえ特に新たに追加した部分の多い「本人関与に係る規律の在り方」の部分(同意規制の在り方、漏えい発生時の本人通知の在り方、子供の個人情報)について具体的な制度設計の方向性を示されました。 https://www.ppc.go.jp/aboutus/minutes/2024/20250205/

これからちゃんと読みますが、例によってOtioに要約を作ってもらいましたのでシェアしておきます。

個人情報保護法の制度的課題に関する考え方(案)の詳細な要約 1. 個人データの取扱いにおける本人関与の規律 本人の同意が不要となる場合について再検討 統計情報作成のためのデータ共有が増加の傾向 特定個人を排除した統計情報の利用は権利侵害のリスクが低いとの認識 行政機関が統計作成に関する場合、例外規定の拡大を提案 2. 本人の意思に反しない取扱い 同意が不要となる条件を明確化 契約履行に必要な場合 プライバシーや権利利益を害さない場合 条件や具体的な範囲を設定する際にステークホルダーの意見を反映 3. 生命保護や公衆衛生のための同意取得 同意取得が難しいケースへの考慮 本人の同意を得ることが困難な状況のほか、「相当の理由」がある場合も例外適用を可能にする提案 プライバシー保護措置が実現されることを前提条件とする 4. 子供の個人情報取扱いに関する規律 子供に適用される年齢基準を明確化 16歳未満を対象とし、特別な保護を設定すべきとの提案 法定代理人からの同意取得を原則としつつ、例外的に本人の同意を認める場合も考慮 未成年者の最善の利益を考慮した取り扱い 事業者に対して責務規定を設置する提案 行政機関にも同様に責務を設ける改正の必要性

The Pulse is a series covering insights, patterns, and trends within Big Tech and startups. Notice an interesting event or trend? Send me a message.

Today, we cover:

Industry pulse. Where TikTok’s software engineers went, Apple Intelligence half-baked at launch, former FTC chair Lina Khan warns of reduced competition, OpenAI launches autonomous browser agent, Apple drops its AR glasses, with Meta also facing struggles – and more

Big Tech using distribution to win at AI? Meta, Microsoft, and Google are using their distribution power and financial muscle to give away AI features for free to users and customers. It’s a sensible way to avoid disruption, which makes it much harder for startups to compete

Before we start: thank you for all the thoughtful comments on last week’s issue about DeepSeek rocking the tech industry. I corrected a few details based on feedback – most notably how DeepSeek’s cost efficiency seems to be closer to 4-5x that of OpenAI, not 10-40x. See the updated issue here.

1. Industry Pulse Where did TikTok’s software engineers go?

The past six months has been something of a Doomsday scenario-esque countdown for TikTok, as the start date of its ban in the US crept ever closer. In the event, TikTok did indeed go offline for a few hours on 19 January, before President Trump gave the social network a stay of execution lasting 75 days.

How has this uncertainty affected software engineers at the Chinese-owned social network? According to data shared exclusively with The Pragmatic Engineer by Live Data Technologies, which tracks real-time live job change data across more than 160M professionals, this is how:

Where engineers went after TikTok, and where they joined from. Source: Live Data Technologies

There’s been an outflow of engineers to:

Big Tech: Meta, Google, Amazon (and AWS), Microsoft and Apple.

Publicly traded tech companies: Snap, Pinterest, Snowflake, DoorDash, NVIDIA, Coinbase, Coupang, Salesforce, Uber

Few private companies: X (formerly: Twitter) and OpenAI

It seems the uncertainty has motivated TikTok engineers to interview and quit when they get an offer. Still, I find it surprising that hardly any scaleups are popular destinations among TikTok leavers. To me, it indicates that people quit for better liquid total compensation packages; which may be why publicly traded companies are the most popular destination.

Apple Intelligence half-baked?

Read more

こんにちは、富士榮です。
そういえば2月4日にEUDIW ARFの1.5.0が出てますね。 https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework/latest/architecture-and-reference-framework-main/


GithubのCHANGELOGを見ると The ARF is aligned with the adopted Implementing Acts, covering articles 5a and 5c of the eIDAS Regulation.  The ARF also includes changes in response to comments provided on Github and by other stakeholders. Over more than 275 comments lead to changes in the ARF. とのことです。 まぁ、中を見ろ、と。

Before we start: a rare giveaway! To celebrate the podcast’s YouTube channel crossing 100K subscribers, I’m doing a giveaway of 100 books (10 of them signed and shipped) and 100 newsletter subscriptions. To enter, just subscribe to the podcast on the platform you use, leave a star review, and fill out this form, indicating you’d like to participate. The giveaway closes in 72 hours. More details here.

Stream the Latest Episode

Available now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

• Swarmia — The engineering intelligence platform for modern software organizations.

• Graphite — The AI developer productivity platform.

• Vanta — Automate compliance and simplify security with Vanta.

—

In This Episode

On today’s episode of The Pragmatic Engineer, I’m joined by Chip Huyen, a computer scientist, author of the freshly published O’Reilly book AI Engineering, and an expert in applied machine learning. Chip has worked as a researcher at Netflix, was a core developer at NVIDIA (building NeMo, NVIDIA’s GenAI framework), and co-founded Claypot AI. She also taught Machine Learning at Stanford University.

In this conversation, we dive into the evolving field of AI Engineering and explore key insights from Chip’s book, including:

• How AI Engineering differs from Machine Learning Engineering

• Why fine-tuning is usually not a tactic you’ll want (or need) to use

• The spectrum of solutions to customer support problems – some not even involving AI!

• The challenges of LLM evals (evaluations)

• Why project-based learning is valuable—but even better when paired with structured learning

• Exciting potential use cases for AI in education and entertainment

• And more!

Takeaways

My biggest takeaways from this episode:

1. “AI engineering” feels closer to software engineering than to ML engineering. The term itself is very new, and “AI engineering” evolved from ML engineering. A big difference is that thanks to LLMs being easy to use (both via APIs, and locally) “AI engineering” is much more about building a product first – and later on, getting around to tweaking the model itself. ML engineering was the other way around: spend a lot of time building a model, and then build an application on it.

2. To get good at AI engineering, focus on the basics. Understand what an LLM is (and how it works), how to evaluate them, how to use RAG, what finetuning is, and how to optimize inference. All of these techniques are foundational, and will remain important in a few years’ time as well. Chip’s book AI Engineering covers all these topics.

3. “The more we want to not miss out on things, the more things we will miss.” When I asked Chip about what she thinks about the fear of missing out (FOMO) across AI: she said it’s ironic that when you are worried about missing out, and keep up with everything new – you stay shallow! Chip doesn’t read news: she chooses to focus on deep research or learning instead. If there’s something that is important today: it will be important next week, after she’s done finishing learning whatever she was focused on.

4. Solving the problem is more important than using the latest AI tools. Amusingly, a lot of teams miss this part: and they build overcompliacated AI solutions that do practically nothing for the business.

Before the interview, I’ve started to go through Chip’s newly published book: AI Engineering. It feels to me this book will become a desk reference, and I recommend it.

The Pragmatic Engineer deepdives relevant for this episode

• Applied AI Software Engineering: RAG

• How do AI software engineering agents work?

• AI Tooling for Software Engineers in 2024: Reality Check

• IDEs with GenAI features that Software Engineers love

Timestamps

(00:00) Intro

(01:31) A quick overview of AI Engineering

(06:45) How Chip ensured her book stays current amidst the rapid advancements in AI

(11:35) A definition of AI Engineering and how it differs from Machine Learning Engineering

(18:15) Simple first steps in building AI applications

(24:38) An explanation of BM25 (retrieval system)

(25:28) The problems associated with fine-tuning

(29:40) Simple customer support solutions for rolling out AI thoughtfully

(35:29) Chip’s thoughts on staying focused on the problem

(37:04) The challenge in evaluating AI systems

(40:03) Use cases in evaluating AI

(43:09) The importance of prioritizing users’ needs and experience

(48:09) Common mistakes made with Gen AI

(53:57) A case for systematic problem solving

(54:57) Project-based learning vs. structured learning

(1:00:07) Why AI is not the end of engineering

(1:04:56) How AI is helping education and the future use cases we might see

(1:08:58) Rapid fire round

A summary of the conversation What is AI engineering?

AI engineering is a shift from machine learning to more engineering and product-focused work.

Previously, building machine learning applications required creating custom models, necessitating data and expertise in model training. Now, AI models can be used simply by making API calls. This lowers the barrier to entry and eliminates the need for specialized ML/AI degrees or to have large amounts of data collected.

Machine learning engineers did a lot of preparation work. They traditionally focused on data collection, annotation, and model training before deployment. AI engineering, in contrast, starts with a product idea and then progresses to data gathering and working with models.

AI Engineering is a new term. It emerged because the role is different from traditional Machine Learning Engineering. Chip surveyed people building applications on top of foundation models, and 'AI Engineering' was the most common way to describe what they did – so she stuck with this name!

A key difference compared to ML engineering: AI engineers often begin with readily available APIs or pre-trained models. This means they can start to prototype and iterate early on. They will only consider building custom models much, much later! See how e.g. Perplexity started to build their own AI models after their product was launched as the first version.

Ways to build AI applications

Start with basics. Understand what a “good response” and a “bad response” means. To do so, you need to set guidelines and evaluate responses. Use both automation and manual review.

Retrieval-augmented generation (RAG) is a commonly used pattern for adding context to model responses. RAG involves retrieving relevant documents or information to augment the model's context. We previously did a deepdive on RAG.

Keyword retrieval. Many equate RAG with vector search, but a simpler approach may be more effective initially. Try keyword retrieval before doing vector searches: as vector databases can be costly and may obscure specific keywords.

Data preparation and chunking are important to get right for RAG. Techniques such as extracting metadata or keywords from documents can significantly improve performance, potentially more than focusing on the database itself.

Fine-tuning: often a last resort and many teams never do it. This is due to the complexities of hosting and maintaining a fine-tuned model. The rapid pace of model development also makes it difficult for fine-tuned models to maintain their advantage over time.

One step at a time. Take a structured approach: starting with prompting, adding data, and then move to more complex methods if needed. Understand that the problem being solved is more important than using the latest technology.

Resist the urge to ship only incremental improvements. Building out new use cases is usually far more beneficial.

Practical approaches and avoiding pitfalls

Start with a human in the loop. After that, gradually increase automation as confidence in the AI solution grows. A phased rollout, starting with internal use cases, can help to mitigate risk.

Focus on solving the problem, not just using AI. Apply the simplest solutions to remove roadblocks.

Common mistakes:

Using GenAI when it’s not needed. Some problems may be better solved with simpler solutions like spreadsheets or manually scheduling tasks.

Abandoning GenAI when it doesn’t seem to work, without pinpointing where the process fails. Reasons for GenAI not (yet) working could be in data extraction or text processing. Don’t give up too easily!

Jumping into complex solutions like vector databases or fine-tuning without addressing simpler approaches.

Be careful about using untested or rapidly changing AI frameworks because they can introduce bugs and issues.

Evaluating AI systems

A difficult area, because as AI becomes more sophisticated, it is harder to assess the output. A convincing summary might not be a good summary, and a math solution from AI can be hard to evaluate if one does not know the answer.

There is no single, simple solution to evaluation. Instead, a combination of methods is required and talking to users, analysing their interactions and manual data inspections are essential.

Measure what matters. Sometimes, what seems intuitive isn’t what users actually want, for example, a meeting summarisation tool focusing on action items instead of overall content.

Do not skip the hard and manual work! Manual data inspection is critical and still offers the highest ratio of value

Human evaluations are important for seeing how users are actually using the product and to correlate with automated metrics.

Learning AI Engineering

Two ways of learning:

Project-based learning: pick up a project and working through all the problems.

Structured learning: taking courses or reading books.

Tutorials are great but it's important to stop and ask questions. Without that, tutorials can lead to mindlessly copying code without understanding it.

Combine project-based learning with structured learning. Also, observe your own workflow and see what parts can be automated by AI to get use case ideas.

Coding is not the same as software engineering. Software engineering is about solving problems, and while AI can automate coding, it cannot fully automate the problem-solving process.

AI can enable software engineers to build much more complex software.

AI will not eliminate software engineering because it can only automate part of the software engineering process. The need for precision in software development requires someone who understands the nuances of code.

Resources & Mentions

Where to find Chip Huyen:

• X: https://x.com/chipro

• LinkedIn: https://www.linkedin.com/in/chiphuyen/

• Website: https://huyenchip.com/

Mentions during the episode:

• AI Engineering: Building Applications with Foundation Models: https://www.amazon.com/AI-Engineering-Building-Applications-Foundation/dp/1098166302/r

• DeepSeek: https://www.deepseek.com/

• Multimodality and Large Multimodal Models (LMMs): https://huyenchip.com/2023/10/10/multimodal.html

• BM25: https://en.wikipedia.org/wiki/Okapi_BM25

• Microsoft Bot Framework: https://dev.botframework.com/

• Python: https://www.python.org/

• Javascript: https://www.javascript.com/

• ChatGPT: https://chatgpt.com/

• Claude: https://claude.ai/

• Llama: https://www.llama.com/

• Complex Adaptive Systems: An Introduction to Computational Models of Social Life (Princeton Studies in Complexity): https://www.amazon.com/Complex-Adaptive-Systems-Introduction-Computational/dp/0691127026/

• The Selfish Gene: https://www.amazon.com/Selfish-Gene-Anniversary-Landmark-Science/dp/0198788606/

• Antifragile: Things That Gain from Disorder: https://www.amazon.com/dp/0812979680/

—

Production and marketing by Pen Name. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

This is a follow up to yesterday’s video reiterating my thoughts about Live Action Role Play with encoded artefacts as an example of extended mind and possible future inter-dimensional information processing system. The talk goes along with two earlier talks Jason and I did on the work of Michael Mateas here. The feature image is taken from Paul Pangaro’s online archive of Pask materials that is very much worth exploring here.

I am including a few maps if you want to poke around. All maps are best viewed on a laptop.

One features Pask’s cybernetic (an synesthetic) endeavors. Click here for the interactive version – enter “Pask” in the search barn top to the left if needed to zoom in again.

https://embed.kumu.io/1e710f6678f0a88ace5a8d3fae2e9af7#untitled-map?s=bm9kZS10bXlnWlROWQ%3D%3D

One shows Jacobo Moreno and Timothy Leary’s work in psychology and group dynamics through role play. Click here for the interactive version – enter “Moreno” in the search barn top to the left if needed to zoom in again.

https://embed.kumu.io/68e1cf46a34811b86499685100a83863#untitled-map?s=bm9kZS1zOW9nM0VjQg%3D%3D

One shows Mateas, LARPing, and non-traditional materials that compute. Click here for the interactive version – enter Mateas in the search barn top to the left if needed to zoom in again.

https://embed.kumu.io/174960fb41354356ac833be7f75f6fad#untitled-map?s=bm9kZS1YY1VlZ1hLeA%3D%3D

One shows distributed cognition with respect to context and encoded artifacts. Click here for the interactive version – enter “Distributed Cognition” in the search barn top to the left if needed to zoom in again.

https://embed.kumu.io/2a9737e61e74d617d28bfdf81d54a1cf#untitled-map?s=bm9kZS1OYUR5NHE4aQ%3D%3D

One shows DAO voting, which I believe relates to collapsing waves in Quantum Potential. Click here for the interactive version – enter “Extended Mind” in the search barn top to the left if needed to zoom in again.

https://embed.kumu.io/0932741381c995440ed1891fc8d992b7#untitled-map?s=bm9kZS1MckliZmRyTA%3D%3D

Enjoy!

 

 

The People of DRCongo Shed Light on the “Heart of Darkness” as Our Media Looks the Other Way

Steve Soloman

Keeping up with world events, important as it is, can nonetheless be fraught. Any Canadian who wishes to stay informed has seen the coverage: autocratic governments flexing their muscles, personality cults rather than responsible governments and the rule of law being threatened even in well-established democracies. The internal rot of misguided populism and hyper partisanship, challenging as they are, are only the first steps along a very rocky road.

Despite what we see and hear, the news is not all bad. There is a place, little noticed and even less understood by most Canadians, where democracy is growing stronger despite a history of violence and exploitation.

When we think of Africa - if we think of it at all - we picture a continent struggling to overcome its colonial past. Tragically for the people who live there, this image is not entirely wrong; Africa has seen nine military coups since 2020. But like elsewhere youth in Africa are the continent’s hope, and Africa is a very young continent, with an average age in 2023 of just under nineteen. Education levels are rising though progress has been slow, due in part to a largely indifferent West. In the Democratic Republic of Congo (DRC), despite almost innumerable setbacks, positive strides are being made and there are valuable lessons to be learned if only we would take note. DRC and its people are working to overcome deplorable handicaps to create a government that is, to borrow a phrase, by the people and for the people.

When DRC does get mentioned, it’s because of either disease or warfare. This is largely due to the nature of the media beast; both what it is and what it isn’t. The media consists of profit-seeking businesses, and like any business it provides us with what it knows, or at least believes, we want. What it’s not is a pacifier ready to soothe our jangled nerves. Simply put, bad news sells. The news we get out of DRC is very much a case in point. There are positive developments, but we won’t read about this in mainstream media, not because of any sort of cover-up but rather out of rational business decisions. Thus democracy is evolving in the midst of a continent deserving of far more attention than it gets.

But before we can get to those positives we need to illustrate the circumstances out of which they have grown. This is really the only way we can appreciate what the people of DRC have suffered and continue to endure in their ongoing and heroic attempts to free themselves and achieve what so many of the rest of us take for granted.

DRC lies at the very centre of the African continent. With an area of 2.3 million square kilometres, it’s the second largest African nation after Algeria. It became a Belgian colony in 1908 but Europeans had ‘discovered’ the country well before that; in 1890 Joseph Conrad spent time there and later used it as the setting for Heart of Darkness. The book is a critique both of Belgian exploitation and an attitude toward Congo, and by extension all of Africa, that persists to this day.

Many of us continue to think of Africa as if it was one big country when in fact it contains fifty-four fully independent nations. Ethnically and culturally it’s at least as diverse as any other continent. In terms of its natural resources, DRC is amongst the wealthiest nations on Earth but its people are amongst the poorest. The Belgian colonizers exploited the country’s rubber reserves and more recently many nations, including Canada, have taken advantage of DRC’s vast quantities of copper, cobalt, zinc, silver, gold, bauxite, uranium and coltan. In all, minerals account for 90 per cent of DRC’s exports. To illustrate just one example, eighty per cent of the world’s supply of coltan comes from DRC and that mineral is in all the cell phones and laptops you and I use every day.

Much of the mining in DRC is referred-to as ‘artisanal’, a euphemism which when put into plain English, means men and children, typically boys, working as miners with no safety gear and little or no equipment of any kind beyond pickaxes. The coltan in our phones and computers has very likely come from one of these ‘artisanal’ mining operations. This is in no way meant to suggest we shouldn’t own these things, only that we should be aware; that we should be ready to take positive steps to give back in some way; to end the exploitation.

DRC officially gained its independence from Belgium on June 30th 1960. But the country was utterly unprepared to run its own affairs since the Belgians had taken no steps to prepare their former colonials for the challenges of self-rule. A republican government was established, with both a President and Prime Minister. Patrice Lumumba, a leader of the independence movement, and the country’s first Prime Minister, was both an African nationalist and a member of the pan-African movement. This meant he supported national self-determination and believed in strengthening bonds between all indigenous Africans and the global African diaspora. He played a major role in taking the nation from colony to independence. But his left-of-centre political views, in the midst of the Cold War, made him dangerous in the eyes of several western nations, particularly the United States.

The independence celebrations were short-lived; within a very few days the new nation was faced with what came to be known as the Congo Crisis. With Belgian support the provinces of Katanga and South Kasai seceded and there was also a revolt by members of the military as Black soldiers were no longer willing to accept orders from white officers. The United Nations was preparing to send troops to aid the government against the secessionists but the Secretary-General, Dag Hammarskjold, made a last minute decision not to do so. In response, Lumumba called for assistance from the Soviet Union, which sent ‘military advisors’. The Soviet presence caused a split in the government between Lumumba and the President, Joseph Kasa-Vubu. It was at this point that Joseph-Désiré Mobutu Sese-Seko, a lieutenant-colonel and Lumumba’s chief military advisor, stepped in to break the deadlock by leading a coup-d’etat. Supported by both Belgium and the United States, he expelled the Soviets and established a government that supported his view of Lumumba as a danger to the country. He led a second coup in 1965 that made himself President. About 100,000 people died during this period of political conflict, including Lumumba, who was assassinated on January 17, 1961. Mobutu ruled from 1965 to 1997. In 1971 he changed the country’s name to Zaire. His thirty-year rule also saw European investors expelled and the nationalizing of their companies. He looted the nation’s treasury. In 1990 he agreed to end the ban he had imposed on a multi-party state and formed a transitional government while retaining considerable political power. In 1994 he agreed to the appointment of Kengo Wa Dondo, an advocate for free-market reforms, as Prime Minister.

That same year in neighbouring Rwanda, between April and July, armed groups consisting of Hutu fighters committed genocide against the Tutsi people. Over 800,000 victims, mostly Tutsis, were killed and the violence spread into DRC as small groups of Hutu extremists formed militia groups. Such militias continue to operate in DRC to this day, funded largely by the Rwandan government under the leadership of Paul Kagame. Kagame, who is Tutsi, was a commander of a militia that sought, successfully, to put an end to the genocide. However he later initiated two rebel wars in DRC, the First Congo War, from 1996 to 1997, immediately followed by the Second Congo War of 1998 to 2003. Among horrific atrocities committed was the serial rape and murder of Congolese women. Canada’s Trudeau government, usually so ready to condemn such acts, has remained entirely silent about the continuing actions of the militia groups in DRC. As recently as July 13th of 2024, seventy-two people were killed by armed militia in a village about one hundred kilometres east of the nation’s capital, Kinshasa.

While the equally horrific acts occurring in Ukraine are breathlessly reported within hours, this slaughter in DRC was reported in a Toronto newspaper four days after the event and was buried at the bottom of page five.

Mineral wealth provides the incentive for the ongoing violence. Recent reports indicate that Rwanda’s national army, somewhat ironically named the Rwandan Defence Force, has deployed as many as four thousand soldiers to DRC. Their mission appears to be aiding the militia groups and facilitating the smuggling of minerals into Rwanda. In late January of this year, Rwanda sent even more troops into DRC, in numbers that indicated full-out invasion. Along with a militia group called M23, they captured the capital of DRC’s eastern region, Goma.

Since the 1990s Rwandan-backed militias have taken control of coltan and other mineral-mining operations. The Congolese government estimates that it loses $1 billion (U.S.) each year because of these illegal activities. The Congolese army is fighting to halt these operations but finds itself facing an enemy that is very well armed with modern weapons such as so-called mortar drones. Desertion is also a significant factor, as the militia groups pay their soldiers better wages than DRC can pay. People continue to be forced to flee their homes, a harsh reality in eastern DRC for almost thirty years. This violence has also resulted in severe food shortages as farms are abandoned in areas controlled by militia groups. The only realistic way to put an end to all this would be to confront the Rwandan government directly, with military force if needed. Why this has gone on all this time with no response from the West is a matter for conjecture, though it’s by no means far-fetched to suggest having access to relatively cheap minerals plays a role. A case can also be made that Western governments feel no pressure to act because their citizens are uninformed by media.

DRC has also been plagued by outbreaks of disease. In 1976 the country made headlines due to the outbreak of Ebola, a disease named after a tributary of the Congo River. The Ebola virus was first detected in a village about 110 kilometres from the river but it was decided to name the disease Ebola in order to avoid having the village become forever known as the starting point of this often - though not always - fatal pathogen. There have been subsequent outbreaks that have killed thousands of people. Work to create vaccines began to make progress in 2014. The World Health Organization did much to speed the process and an effective vaccine began to be used in 2016. Recent outbreaks have been quickly brought under control.

There are organizations in the West who lay claim to knowledge of the situation in DRC. Freedom House, a Washington D.C.- based non-profit that assesses how democratic various nations are, continues to list DRC as “not free”. However, a review of current trends suggests that the Freedom House ranking should be reviewed.

In January 2019, when Felix Tshisekedi became President, it marked the first time since independence that the presidency was peacefully transferred from one political party to another. Tshisekedi freed seven hundred political prisoners jailed by his predecessor. Understanding that education is vital to building a free and democratic state, he also invested heavily in schools for DRC’s next generation.

In December 2023 he faced another election, as the country’s constitution requires. Western media tended to focus on claims of voting irregularities that originated mostly with defeated candidates. Voter turnout was 48.8 per cent despite three provinces being unable to safely participate due to ongoing militia violence. That figure marks a small but important increase from the prior election in 2018 when 45.5 per cent of eligible voters cast a ballot (voter turnout in the Ontario election of 2022 was forty-three per cent). Tshisekedi was re-elected by a comfortable margin and reports from well-informed sources within DRC state that the majority of Congolais believe the election was run fairly, the results are credible and that the re-elected President had achieved some positive change that ordinary citizens could see for themselves. The really crucial point is this: if the majority of people in DRC see themselves as living in a democracy, how legitimate can it be for outsiders like Freedom House to claim otherwise?

DRC is just one of many countries that has had a long, hard struggle to achieve democracy, and the hard work of maintaining what has been won never stops. The people of that nation have overcome crushing obstacles, and the progress they’ve made continues to be under siege by those both in Africa and abroad who have very different interests.

Democracy doesn’t just happen by itself. It must be fought for and constantly supported by an informed and active electorate. The people of DRC have learned this vital lesson while too many of us in the West appear to have forgotten it.

The W3C Verifiable Credentials Working Group has published a Snapshot Candidate Recommendation of the Controlled Identifiers specification. This follows the five Candidate Recommendation Snapshots published by the working group in December 2024. Two of these specifications, including Securing Verifiable Credentials using JOSE and COSE, depend upon the Controlled Identifiers spec. The planned update to the W3C DID specification also plans to take a dependency upon it.

A W3C Candidate Recommendation Snapshot is intended to become a W3C Candidate Recommendation after required review and approval steps.

Thanks to my co-editor Manu Sporny and working group chair Brent Zundel for their work enabling us to reach this point.

React Native and Flutter are by far the most popular cross-platform development technologies, as previously covered in the deepdive, Cross-platform mobile development. React Native (made by Meta) seems more popular in the US and UK, and at mid to large-sized companies, while Flutter (made by Google) powers more apps overall, globally.

But there’s also one other company that consistently comes up in talk about cross-platform mobile technologies: Expo. When the Bluesky team shared their cross-platform tech stack, they mentioned that it was React Native and Expo. Meanwhile, the React Native “getting started” guide strongly advises starting development with Expo, and calls it “a production-grade React Native Framework.”

So, what is Expo and why is it so important for cross-platform React Native development?

A year ago, I travelled to California and visited Expo’s offices in Palo Alto, meeting with the team to find out more; a few months later, I got back in touch for extra details on how Expo works, and to learn what makes it popular. This deepdive covers:

Why is Expo popular? It played a large role making React Native as widespread as it is today, and its developer focus has been a big factor.

History. Expo began in dissatisfaction about the clunkiness of developing and shipping mobile apps. Today, a mission to make mobile development as seamless as web dev still motivates the team.

React Native vs a React Native framework. Expo is a React Native framework, and the only production-ready one, to date.

Expo: developer tools. Overview of tools Expo offers as open source, for free.

Shipping to production with EAS. Expo generates revenue with its Expo Application Services (EAS): a freemium remote build and submission service. An overview of its wide-ranging capabilities.

Alternatives for shipping cross-platform apps. Ionic Appflow, Shoebird, Fastlane, Bitrise, Codemagic.

This deepdive features contributions from Expo’s co-founder and CEO Charlie Cheever, co-founder and CTO James Ide, and engineering manager Brent Vatne. Their input is appreciated!

As with every deepdive we publish, The Pragmatic Engineer has no commercial affiliation with the company featured, and was not paid to write about them in this article. More in our ethics statement.

1. Why is Expo popular?

Expo is a startup based in Palo Alto, California, employing 32 people, 29 of whom are developers – a surprisingly high ratio of 90%. The company lists employees on its about page. The ratio at larger software companies like Meta, Google, or Microsoft is rarely above 30-40%, due to the presence of other teams like sales, support, and many other support functions.

Today, the open source Expo framework is used in more than 1 million public Github repositories, and has more than 800,000 downloads per week. The project is very active: more than 1,300 developers contribute in total, and there were more than 50,000 members of the Discord channel at time of publication.

Expo may be the biggest reason why React Native became as popular as Flutter. These days, when I hear a company develops with React Native, it almost always follows that they use Expo, too. This is because it has developer tools which make even the best cross-platform framework much less clunky to develop on for the iOS and Android native platforms.

For Flutter, similarly solid developer tooling which Google built and maintained has long been a differentiator; the search giant built sophisticated tools to debug, profile and diagnose Flutter applications. However, getting started with Flutter still requires a multi-step developer environment setup, while shipping iOS and Android apps is a pretty involved process, compared with the simplest ways of getting started with React Native and Expo:

Just open the website snack.expo.dev.

This is the site called “Expo Snack,” where you can immediately start to do live editing on a React Native application that runs on an Android emulator, an iOS emulator, or a web view:

An app built in two minutes without installing anything, running on a remote iOS simulator. Image: Expo Snack

You can also run the app on your mobile device by scanning a QR code and installing the Expo Go app. I also did this – and the app live updated as I made changes. With such little effort required, this felt magical.

A React Native app running on my phone as a native app, after a few minutes of coding and zero dev environment setup

Being able to live edit an app with zero development tooling feels magical, even in 2025. Developing with no tools installed locally is not possible when doing native iOS or Android development. Google’s cloud development environment, Project IDX, comes close, but it’s not as snappy. Meanwhile, Expo Snack is just one of many developer-first features produced by Expo’s small team, that’s on a par with Apple and Google tools. More below on Expo’s development tooling in the sections, “What is Expo?” and “Shipping to production.”

Why do companies move to Expo? We asked the Bluesky engineering team, who are heavy React Native users – and whom we previously covered in the deepdive Inside Bluesky’s engineering culture. Here’s what Paul Frazee – the dev who built the initial Bluesky’s iOS, Android, and web applications, using a single codebase – told us:

“We were initially manually building the app using Xcode and Android Studio, then uploading the builds.

The reason we first looked at Expo was to help us with deployments. Expo has a really solid cloud-build infrastructure (EAS Build) and over-the-air update system (EAS Update). We looked at the other React Native cloud build services and none of them seemed as well built, so we took a chance with Expo. We found ourselves iteratively adopting expo modules, and then moved fully into their framework. My only regret is that we didn’t start with it. It’s not often that I have such a positive experience.

We started migrating over to Expo around 9 months into app development, around February 2023. This was when we had a pretty mature app. It was an iterative migration that went pretty smoothly.”

2. History

As previously mentioned, Expo was founded out of frustration at how long it takes to build a mobile app. In 2012, Charlie Cheever was CTO at Quora and working on an iOS and Android app for the Q&A site. Being a hands-on developer with extensive web experience (he was an early engineer at Facebook), he assumed it would take at most a few weeks to build each native app. However, it actually took months per platform, and included terrible developer experiences on both iOS and Android; at least, compared to the web. From this came the idea for Expo. Charlie sums up the objective:

“The web is a pretty good way of doing development and it’s so powerful. Let’s take everything that’s good about the web and web development and make the mobile development space better.”

He teamed up with James Ide and they started experimenting with ways of using web technologies to build mobile apps, eventually ending up with a framework that wrapped mobile-native components; basically something pretty similar to React Native. They were about to launch when React Native was released, which was created and used by Meta, with around 40 people working on it. In contrast, the as yet-unreleased Expo framework was developed by two people.

Rather than compete with React Native, Expo decided to embrace it. Charlie and James understood that coding an app was just one of the many parts of shipping a cross-platform app. Every developer using React Native still had other problem areas to solve:

Distribution to the iOS and Android App Stores

Release strategies

CI pipelines

Improving the developer experience

“Exponent” was the first product the team shipped; a React Native development tool that sat a level above React Native. The team announced it in 2015 at a React conference called React Rally. It took care of things like:

Dealing with Xcode and Android Studio

Provisioning profiles for iOS

Development and deployment certificates

Any Objective-C, Swift and Java-specific things

Sketch of the explanation used to introduce Exponent in 2015

The Exponent toolset kept evolving, and two years later in 2017, the name changed to Expo because it’s easier to say and remember. From 2017, Expo kept shipping new, major releases to Expo SDK several times per year. Back then, Expo’s SDK was on version 21; today, it’s on version 52. The company maintains a changelog listing notable changes, and a detailed changelog.

3. React Native vs a React Native Framework

Expo is a framework and set of tools that uses React Native (RN), and simplifies the development of RN applications. It also happens to be the only React Native Framework considered as production-grade, currently. But what is a “React Native Framework?” As React Native builds on top of React, let’s see how things work in the React world.

React vs React Frameworks

React: providing core capabilities. React is a JavaScript library for building web user interfaces.

React code using the markup called JSX, a JavaScript syntax extension popularized by React which supports HTML-like rendering logic. Source: React

React takes care of many things, like:

High performance: using a Virtual DOM, React creates an in-memory data structure cache of the UI, computes the resulting differences, and updates the browser’s DOM only as needed. This process is called reconciliation and produces better performance

JSX: support for the JSX syntax extension to allow using HTML-like code within JavaScript

Reusable UI components: the core of React is reusable components. React specifies how to define components, their lifecycle events, nesting, communicating between them, rendering differently based on different conditions, and more

Handling events like clicking, hovering, keyboard inputs, swiping, etc.

UI state management: an opinionated way to manage state. Instead of manipulating individual parts of the UI, React uses a declarative approach

Other features like support for TypeScript, React Hooks (using React features from components), and support for server components, among others.

The simplest React component. The React framework specifies how to create these, and has support for even complex use cases for components. Source: React

React Frameworks: providing production-grade capabilities. You can build web applications only using React. However, the more complex and larger an application gets, the more additional features must be built, like routing between pages, code-splitting between several files, fetching data, moving some rendering to the server, and so on. Here’s what the React team says about frameworks in the getting started guide:

“You can use React without a framework, however we’ve found that most apps and sites eventually build solutions to common problems such as code-splitting, routing, data fetching, and generating HTML. These problems are common to all UI libraries, not just React.

By starting with a framework, you can get started with React quickly, and avoid essentially building your own framework later.”

The React team lists three “production-grade” frameworks, defined by:

Support for all features needed to deploy and scale apps in production

Open source

Can be deployed to a personal server or a hosting provider

React Frameworks which meet these conditions, and are recommended by the React team:

Next.js: the Pages Router of Next.js is a full-stack React framework. It’s versatile and lets you create React apps of any size, from a mostly static blog, to a complex dynamic application. Maintained by Vercel.

Remix: a full-stack React framework with nested routing. It lets you break an app into nested parts that can load data in parallel and refresh in response to user actions. Maintained by Shopify.

Gatsby: a React framework for fast CMS-backed websites. Its rich plugin ecosystem and GraphQL data layer simplify integrating content, APIs, and services into one website. Maintained by Netlify.

React is funded by Meta, but React frameworks are funded by other companies. Vercel and Netlify are hosting providers and fund the frameworks as it helps drive adoption of their services. Remix was acquired by Shopify, and is being merged into React Router.

React Native vs a React Native Framework

Considering the differences between React and React Frameworks, it’s likely to be unsurprising that React Native has a similar concept split between “core” React Native features, and production-ready features which frameworks should provide.

React Native offers core APIs and capabilities to build native apps. It’s a framework that allows using the React programming paradigm to build native iOS and Android applications, which offers:

A runtime for JavaScript and the React syntax, with the ability to augment it using native iOS and Android extensions

Similar-enough performance to native-only applications

Continual support for modern React features like Suspense (declaratively specifying the loading part of a component tree), Transitions (distinguishing between urgent and non-urgent updates), automatic batching (grouping multiple re-renders into a single re-render for better performance) and others

APIs to invoke native iOS or Android APIs

Hot reloading: during development, see changes made in the code update on the emulator or device in around a second

React Native frameworks provide production-grade capability: The React Native team follows an RFC approach for discussions and proposals. In 2024, the team opened an RFC for React Native frameworks and arrived at the following definition of a RN framework:

“Shipping native apps to production usually requires a set of tools & libraries that are not provided by default as part of React Native, but are still crucial to hit the ship to production. Examples of such tools are: support for publishing applications to a dedicated store, or support for routing and navigation mechanisms.

When those tools & libraries are collected to form a cohesive framework built on top of React Native, we call this a React Native Framework.

A practical example of bespoke React Native Framework is how Meta uses React Native internally. We do have a collection of libraries, scripts and tools that make the integration of React Native easier with the various apps where it's used.”

Expo: the only production-grade open source RN framework available today. At the time of publishing, the React Native team only recommends Expo as a production-grade framework. This is a very strong recommendation, given that the same team also writes this about React Native frameworks:

“You’re either using a React Native Framework or you’re building your own React Native Framework”

So how did Meta end up recommending Expo? Charlie explains:

“I’d clarify the recommendation a tiny bit: the Meta team’s guidance about React Native is that you’re going to need to use some framework with it to build anything real. If you don’t choose an off the shelf one, you’re going to end up having to build one yourself.

Today, Expo is the only very mature React Native framework. However, if tomorrow another team comes along and builds another really good React Native framework, everyone would welcome this.”

Collaboration with Meta started early, as Brent Vatne, engineering manager at Expo, recalls:

“A few of us have been contributors to React Native since the earliest days, the initial preview release at React Conf 2015. We’ve demonstrated through our involvement for nearly 10 years that we are deeply invested in the success of React Native, and can be relied on to collaborate on everything from conference talks to some of the largest initiatives on the open source side of the project.

For example, over the past year we have been working closely with the React Native team at Meta on getting the New Architecture for React Native ready to roll out to open source. We helped prepare the ecosystem by migrating all of our tooling at Expo, using dependency statistics to determine the most impactful third party libraries and helping to migrate them, reporting and/or fixing related issues that we encounter in React Native, educating the community, and many other projects that come out of rolling out such a significant change.”

Expo seems to fill a gap in a way that helps Meta, by making React Native more accessible for external developers. Charlie:

“Meta’s focus is mostly about making React Native work great inside Meta, and ours is to make it work great outside of Meta. Meta doesn’t directly benefit from making React Native open source and most of their team’s focus is on making it work really well for them. So there’s a natural way that we’re able to fit together in a way that everyone wins!”

React Native by itself does not support tools necessary to deploy and scale an app that is production-grade. Meta has its own production-grade React Native framework, which is tailored to its needs and its vast number of custom internal tools. So it’s a win for Meta to have a company building a more generic production framework to build React Native apps with.

4. Expo: collection of developer tools

Expo makes it easier to build production-grade React Native apps by providing additional abstractions (like routing) and tools (like a command line) to make building apps faster. It brings these added features to React Native development, built on top of React Native:

Read more

Polen, das derzeit den Vorsitz im EU-Rat innehat, schlägt eine wichtige Änderung des viel kritisierten EU-Vorschlags zur Chatkontrolle vor: Anstatt die generelle Durchsuchung privater Chats anzuordnen soll die Chatkontrolle wie bisher im Ermessen der Anbieter stehen. Vertreter der EU-Regierungen werden den Vorschlag in der EU-Arbeitsgruppe für Strafverfolgung am Mittwoch beraten.

“Der neue Vorschlag ist ein Durchbruch und im Kampf um unser digitales Briefgeheimnis ein großer Sprung nach vorn”, kommentiert Patrick Breyer (Piratenpartei), ehemaliges Mitglied des Europäischen Parlaments und digitaler Freiheitskämpfer. “Der Vorschlag würde sichere Verschlüsselung schützen und damit die Sicherheit unserer Smartphones. Allerdings blieben drei grundlegende Probleme ungelöst:

1. Massenüberwachung: Selbst wenn Anbieter wie Meta, Microsoft oder Google die Chatkontrolle “freiwillig” praktizieren, ist sie immer noch eine völlig ungezielte und wahllose Massenüberwachung aller privaten Nachrichten über diese Dienste. Nach Angaben der EU-Kommission sind etwa 75 % der Millionen privater Chats, Fotos und Videos, die jedes Jahr von den unzuverlässigen Chatkontrollalgorithmen der Industrie geleakt werden, nicht strafrechtlich relevant und lassen unsere intime Kommunikation in die Hände Unbekannter gelangen, bei denen sie nicht sicher ist und bei denen sie nichts zu suchen hat. Eine ehemalige Richterin des Europäischen Gerichtshofs, Ninon Colneric (S. 34 f.), und der Europäische Datenschutzbeauftragte (Abs. 11) haben gewarnt, dass diese wahllose Überwachung gegen unsere Grundrechte verstößt, selbst wenn sie im Ermessen der Anbieter liegt. In Schleswig-Holstein und Bayern sind bereits zwei Klagen gegen diese Praxis anhängig.

Das Europäische Parlament schlägt einen anderen Ansatz vor: Die Telekommunikationsüberwachung soll verpflichtend angeordnet werden können, aber auf Personen oder Gruppen beschränkt werden, die mit sexuellem Kindesmissbrauch in Verbindung stehen. Das Parlament schlägt außerdem vor, dass die Anbieter ihre Dienste durch eine Reihe von Voreinstellungen, Nachfragen und Warnungen sicherer für junge Menschen gestalten müssen.

2. Digitaler Hausarrest: Nach dem von Polen unverändert vorgeschlagenen Artikel 6 könnten Nutzer unter 16 Jahren künftig zu ihrem eigenen Schutz vor sexueller Annäherung alltägliche Apps aus dem App-Store nicht mehr installieren. Dazu gehören Messenger-Apps wie Whatsapp, Snapchat, Telegram oder Twitter, Social-Media-Apps wie Instagram, TikTok oder Facebook, Spiele wie FIFA, Minecraft, GTA, Call of Duty, Roblox, Dating-Apps, Videokonferenz-Apps wie Zoom, Skype, Facetime. Ein solches Mindestalter wäre leicht zu umgehen und würde Jugendliche bevormunden und isolieren, anstatt sie zu stärken.

3. Verbot anonymer Kommunikation: Nach dem von Polen unverändert vorgeschlagenen Artikel 4 (3) wäre es Nutzern künftig nicht mehr möglich, anonyme E-Mail- oder Messenger-Konten einzurichten oder anonym zu chatten, ohne einen Ausweis oder ihr Gesicht vorzeigen zu müssen, wodurch sie identifizierbar würden und das Risiko von Datenlecks entstünde. Dies würde z. B. sensible Chats zum Thema Sexualität, anonyme Pressekommunikation mit Quellen (z. B. Whistleblowern) sowie politische Aktivitäten einschränken.

Alles in allem ist der polnische Vorschlag im Vergleich zu den bisherigen Texten ein großer Fortschritt in Bezug auf unsere Sicherheit im Internet, aber er erfordert noch gravierende Nachbesserungen. Gleichzeitig geht der Vorschlag wahrscheinlich schon zu weit für die Hardliner-Mehrheit der EU-Regierungen und die EU-Kommission, deren Überwachungshunger bisher stets so extrem war, dass sie die Opfer lieber ohne Einigung ganz im Stich lassen als eine verhältnismäßige, gerichtsfeste und politisch mehrheitsfähige Alternative zur Chatkontrolle zu akzeptieren.”

Below are Joseph Gonzalez’s responses to questions I posed about his theory of quantum realism. You can find out more at his blog bantamjoe.com. I discuss these questions in the video below starting at timestamp 20 minutes.

Select links from Bantamjoe.com:

The Self-Aware Circle of Consciousness: Here

A Holographic Reality Designed By Consciousness, Designed For You!: Here

Fractal Dimensions of Consciousness: Here

Love, The First Action of Consciousness: Here

Consciousness From Microtubules to Brain Waves: Here

Simulation Theory Vs. Quantum Realism: Here

Link to Heart Forgiveness website.

Elevator Pitch for Quantum Realism

Quantum Realism proposes that the physical universe is not fundamental but instead a virtual construct generated by a self-sustaining quantum network or primal consciousness. The physical phenomena we observe, including space, time, energy and matter, are outputs of this underlying quantum process, more like a computational system where the quantum field serves as the substrate for reality. Unlike classical realism, which treats matter as independent and static, Quantum Realism views the universe as a dynamic, evolving system, continuously shaped by observation and interaction.

This theory aligns with the strange findings of modern physics, such as quantum superposition, entanglement, and the observer effect. These phenomena indicate that reality behaves more like information being processed than a collection of static objects. By grounding itself in the principles of quantum mechanics and information theory, Quantum Realism provides a framework that explains physical laws but also integrates consciousness as an active participant in the unfolding of reality. 

How Quantum Realism Differs from Other Theories

Quantum Realism stands apart by uniting consciousness and matter within a single quantum substrate. Classical physics focuses on deterministic interactions of matter, while dualism separates consciousness from the material. Quantum Realism suggests that matter emerges from the consciousness field, which acts as a self-generative, non-physical substrate. This explains phenomena like wave-particle duality and the observer effect, where the act of measurement collapses probabilities into specific outcomes.

In contrast to other simulation theories, which claim an external programmer, Quantum Realism describes a holographic reality that is self-generating, requiring no external creator. The consciousness quantum network acts as both the origin and sustainer of reality, dynamically evolving through recursive feedback loops. By embedding consciousness within this process, Quantum Realism resolves the paradox of how non-physical awareness can influence a seemingly physical world, offering a more integrated perspective than either dualism or materialism.

What Led You to This Investigation?

Stemming from my childhood curiosity of electricity and of light, I started learning the math that was required. It was the whole concept of imaginary numbers that got me questioning reality. 

The idea that light oscillates into a imaginary 4th dimension emerged from the mathematical framework of quantum mechanics. I later discovered Imaginary numbers are fundamental to describing oscillatory behavior in wavefunctions, suggesting that light and other quantum phenomena extend beyond the three spatial dimensions we perceive. This mathematical insight led me to consider whether these higher-dimensional oscillations underpin the strange behaviors observed in quantum systems, such as superposition and entanglement.

For me this opened a pathway to investigate how higher-dimensional processes might generate the physical universe as a lower-dimensional projection. By focusing on the recursive nature of these oscillations, I began exploring how reality could arise from iterative feedback within a quantum network. This exploration ties into Quantum Realism’s premise that space, time, and matter are emergent constructs, projected from the recursive operations of the quantum field.

The Circle of Values

Everything in the universe oscillates (light waves, matter waves, and even biological rhythms) indicating an underlying recursive principle. This principle, that I refer to as the “Circle of Values,” describes how primal consciousness perpetuates creation through cyclic processes. Each oscillation represents a feedback loop in which information from the quantum field interacts with localized nodes, generating structure and coherence across scales. These cycles are fractal-like, with self-similar patterns appearing at every level of reality, from quantum fluctuations to galactic rotations.

This recursive behavior mirrors the properties of fractal mathematics, where complexity arises from simple iterative rules. In Quantum Realism, the Circle of Values represents consciousness in action, continuously manifesting and sustaining the fabric of reality. By oscillating through states, this process generates not only physical structures but also the informational coherence necessary for life and awareness to emerge, illustrating the very deep interconnection between consciousness and the material world.

Holographic Reality vs. Simulations

A holographic reality differs fundamentally from a simulation in that it requires no external programmer or hardware. Instead, it emerges intrinsically from within the quantum field itself, with every fractal part containing information about the whole. This self-generative nature is supported by quantum entanglement, where particles separated by vast distances remain instantaneously correlated. Such behavior suggests that reality operates like a hologram, where local phenomena reflect an interconnected structure.

In contrast to simulations, which rely on predefined algorithms and external input, a holographic reality evolves dynamically through feedback between consciousness agents and the quantum network. This perspective resolves the apparent separation between observer and observed, as both are integrated within the same system. Quantum Realism states that the universe is not a static construct but a living, self-referential system that adapts and evolves as consciousness interacts with it.

Free Will: Participants or Puppets?

Quantum Realism portrays localized consciousness as an active participant in shaping reality. While physical parameters provide constraints (such as natural laws and probabilities) free will emerges as consciousness influences the collapse of quantum states. The observer effect demonstrates this participatory role, where the act of measurement determines which potential becomes reality. Thus, consciousness is not merely a bystander but an integral component of the quantum network.

This dynamic allows for meaningful choice within the parameters of the system. While deterministic factors like genetics and environment play a role, the ability of consciousness to interact with the quantum field introduces variability and agency. In this way, Quantum Realism reconciles the apparent tension between determinism and free will, framing individuals as co-creators within an evolving reality.

What Is Quantization?

Quantization is the process by which continuous possibilities are restricted to discrete units, such as energy levels in an atom. This principle is essential for the stability of physical systems, as it prevents infinite regress and ensures coherence. Without quantization, systems would lack the precision needed for consistent behavior, leading to paradoxes like infinite energy densities in classical physics.

In Quantum Realism, quantization also reflects the underlying processing structure of the quantum network. By discretizing energy, time, and space, the system ensures that interactions remain finite and manageable, enabling the emergence of stable structures like atoms and molecules. This discrete framework not only resolves the infinities problem but also provides a foundation for understanding how coherence and order arise in a fundamentally quantum reality.

Time, Causality, and Superposition

In Quantum Realism, time is not an absolute backdrop but an emergent property of processing cycles within the quantum field. Each cycle represents a discrete step in the evolution of reality, giving rise to the ordered flow of events we perceive as time. Superposition, where particles exist in multiple states simultaneously, reflects the quantum field’s ability to hold and process many potentials before they are collapsed into specific outcomes.

Causality emerges from this collapse, as interactions within the quantum network resolve probabilities into ordered sequences. This dynamic interplay between potential and actualization creates the linear progression we experience, while superposition ensures that the system retains flexibility and adaptability. Together, these principles demonstrate how time, causality, and quantum phenomena are deeply interconnected within the framework of Quantum Realism.

The Role of Our 3D Bodies

Our 3D bodies serve as localized nodes within the quantum network, enabling consciousness to interact with the virtual constructs of space and time. By acting as receivers and processors of quantum information, these bodies provide the specificity and coherence needed for complex interactions, such as perception, learning, and decision-making. This localized embodiment allows consciousness to experience and express reality in a focused and constrained way, facilitating exploration and growth.

At the quantum level, our bodies are composed of informational systems governed by quantized interactions, such as atomic vibrations and molecular bonds. These interactions provide the stability necessary for biological processes, while also linking us to the larger quantum network. This dual role (as both physical entities and conduits for consciousness) illustrates the magnificent integration of body, mind, and the quantum substrate.

Reflections on Itzhak Bentov’s Premise

Though admittedly I don’t know much about Bentov, his idea that life represents organized information gifted back to the cosmos aligns with Quantum Realism’s view of consciousness as a dynamic contributor to the quantum field. Each life accumulates unique experiences, which are reintegrated into the system upon death, enriching its informational density and coherence. This cyclical process mirrors the conservation of energy and information observed in physical systems.

By framing life as an exchange of information between localized consciousness and the quantum network, Quantum Realism provides a holistic view of existence. Death is not an end but a transition, where individual contributions are folded back into the universal substrate, furthering the evolution of the system as a whole. This perspective offers both a scientific, existential and spiritual understanding of life’s purpose and continuity.

Hope in Navigating 3D Reality

Quantum Realism offers a hopeful perspective by framing life as an integral part of a coherent, meaningful process. By recognizing that consciousness actively shapes reality, individuals can embrace their role as co-creators within this evolving system. This participatory view inspires purpose and creativity, transforming challenges into opportunities for growth and contribution.

The recursive and interconnected nature of the quantum network suggests that even small actions can have far-reaching effects. This reinforces the idea that every individual’s choices matter, contributing to the larger process of coherence and complexity. In this way, Quantum Realism not only explains the nature of reality but also provides a framework for navigating it with intention and hope.

You would have to be living under a rock to have missed all the talk about Agentic AI, and how it is going to revolutionize the way we live and work. AI-powered agents will be anything and everything – from personal shopper to travel concierge, executive assistant to inventory manager, medical diagnostician to customer service representative, software developer to security pentester. Article after article is devoted to both the opportunities and the risks. And when it comes to risk, all of us working in the Digital Identity space are not prepared for what is coming.

Photo by Growtika on Unsplash

In the wake of OpenAI releasing Operator, a Computer-Using Agent (CUA), in research preview, I’ve read many breathless posts about the future of Web-based Agentic AI (as opposed to API-based Agentic AI), and how it makes every website “programmable”, even without APIs. If you have worked in software development, you can visualize the mechanics easily – it’s like giving a QA Automation tool like Selenium WebDriver a brain, so that instead of just automating web applications for rinse-and-repeat testing, it can actually read the data, make decisions, adjust course, and take action. That framing should also make it easy to immediately grok how this will break the identity and security infrastructure we currently have, or are putting in place. I mean, we have been dealing with these in our QA Automation projects forever. I thought I’d share the thoughts that immediately jumped to my mind, mostly because I need to not be the only one worrying about these (#MiseryLovesCompany).

1) Bypassing/Breaking/Compromising Authentication Mechanisms

Since CUAs rely on web-based browsing, they necessarily run into some of the same break points that QA automation runs into – like multi factor authentication, bot verification techniques, and more. Any CUA would currently have to give the user back control of the browser to take these actions before proceeding. This high friction point is going to run head first into consumer dissatisfaction and business mandates to “just make it work”, and all of us in identity can guess exactly what will follow:

Users will hand over passwords to their Agent service so it can log in as them, or grant them access to their password managers (probably as a feature getting built into first the browser password manager and then the generic password managers). Users will turn off MFA to allow their agents to work. Any guesses on what will happen to passkeys? If syncing of the private key was the worst that you thought could happen…. There will people looking at how authorized session hijacking can become a feature to leverage, much like how Selenium allows direct manipulation of cookies and local storage, enabling agents to hoover up valid session tokens and bypass login screens. Case in point: Build MCP servers for any website with automatic browser auth syncing Just like Selenium can sometimes bypass automation (bot) detection protections using headless browsing and user-agent spoofing, expect Agentic AI tools to develop capabilities to do the same.

2) Violating Authorization Boundaries (When They Exist)

QA Automation scripts often execute actions as a high-privilege test user (e.g., an admin account) to avoid breaking tests that are verifying functionality but not data or access restrictions. The rush to deploy Web-based Agentic AI tools will mean that like other tools of the past, it won’t be built with proper scope controls, thereby driving implementors to grant it excessive privileges. You can guess the rest.

As for consumer applications, those rarely have differentiated access control models built in for their users. That means a customer that wants to use a CUA, but limit what it can and cannot do will be out of luck. We saw this play out in the days of screenscraping-based personal finance applications, and how long it took for us to move everyone over to OAuth2 and FAPI as the better and more secure approach.

3) Weakening Security Controls

(aka “Is that a DDoS attack, or an army of Agents here to take advantage of the limited time deal we announced?”)

It won’t just be Authentication controls that are impacted. There are many security protections that will likely be obstacles in the path of Web-based Agentic AI. Would any of us be surprised to find out that IT teams were told to weaken or disable security mechanisms (e.g., Content Security Policy, SameSite cookies, Bot and DDoS detection) to facilitate automated agents, inadvertently creating vulnerabilities?

And these are just what immediately jumped to mind. I am sure there are many more that I’m not even thinking of.

Identity vendors and practitioners everywhere really need to shift into high gear to help organizations properly prepare for what’s headed their way. The demand to support Web-based Agentic AI will put a great deal of pressure on them to enable safe acceptance, and being the “Agent of No” (see what I did there) is not likely to go well. As for what can be done – more on that later.

This post looks at customizing the sign-in UI and the sign-in options in an ASP.NET Core application using Duende IdentityServer and ASP.NET Core Identity. There are multiple ways of changing the look and feel of the UI for different OpenID Connect clients or different client flows.

Code: https://github.com/damienbod/duende-multi-tenant

Blogs in the series Multiple client sign-in customizations using Duende identity provider Customizing a single client sign-in using parameters in Duende IdentityServer Setup

The solution is setup using three different ASP.NET Core applications. In the example code, the “Admin” application has different federation authentication options compared to the “Shop” client authentication sign-in experience. The client ID from the authentication context is used to customize the look and feel, i.e. the styles, the layout and the options of the client are used to define which federation and authentication options are possible.

Customization of the sign-in options

The EnableLocalLogin parameter and the IdentityProviderRestrictions parameter from Duende IdentityServer can be used to change the sign-in options for the end user of the applications. If the EnableLocalLogin option is set to false, the define username, password login is disabled. The IdentityProviderRestrictions setting can be used to define which federation options are allowed for the client sign-in.

new Client { ClientId = "shop-client-ui", // more client options ... // show/hide the local authentication screen EnableLocalLogin = false // federated authentication options to display // empty displays all IdentityProviderRestrictions = ["AdminEntraID"] },

Layout Customization for clients

Sometimes the identity provider application need to display a different look and feel for the different clients. To achieve this, a separate login screen is used and each login screen uses a different layout. The layout and the style are changed using the client ID from the authorization context. If the shop client is used, the user is redirect to a different Razor Page. The UseShopClientDisplay bool is used for this.

private async Task BuildModelAsync(string? returnUrl) { Input = new InputModel { ReturnUrl = returnUrl }; var context = await _interaction.GetAuthorizationContextAsync(returnUrl); if (context?.Client.ClientId == "shop-client-ui") { View = new ViewModel { UseShopClientDisplay = true }; // Process in the shop client login return; } // standard code from duende template }

In the Login Razor Page on get method, the user is redirected to a different layout if the UseShopClientDisplay is true. The returnUrl is passed as a parameter.

public async Task<IActionResult> OnGet(string? returnUrl) { await BuildModelAsync(returnUrl); if (View.IsExternalLoginOnly) { // we only have one option for logging in and it's an external provider return RedirectToPage("/ExternalLogin/Challenge", new { scheme = View.ExternalLoginScheme, returnUrl }); } if (View.UseShopClientDisplay) { return RedirectToPage("ShopClient", new { returnUrl }); } return Page(); }

The HTML part of the Razor Page uses a different Layout and the Layout is set explicitly in the Razor Page.

@page @model IdentityProvider.Pages.Login.ShopClient @{ Layout = "Shared/_LayoutShopClient"; } <div class="login-page"> <div class="lead"> <h1>Shop Client Login</h1> <p>Choose how to login</p> </div>

Different, options, styles and layouts can be setup for any clients.

Or a different client display using the ClientID as the switch:

With this setup any CSS and any layout can be used for the different clients. This is one way of having a multi-tenant or multiple client setup. This setup uses a different Client ID to style and add or remove options.

Notes

This works well and does not require much effort. Sometimes customization is required within a single client. If you intend to use this in a multiple tenant solution, you should disable the default sign-in screen if building from the ASP.NET Core Identity templates. In a follow up post, I will look at further customization within a single client option.

Links

https://docs.duendesoftware.com/identityserver/v7

https://docs.duendesoftware.com/identityserver/v7/ui/federation/

https://learn.microsoft.com/en-us/aspnet/core/razor-pages

Kim Cameron first told me what Digital Identity is on February 1, 2005. He said that the Internet was created without an identity layer. He encouraged me “You should come help build it with me.” I’ve been at it ever since!

What I wrote about digital identity a decade ago remains as true today:

An interesting thing about digital identity is that, by definition, it’s not a problem that any one company can solve, no matter how great their technology is. For digital identity to be “solved”, the solution has to be broadly adopted, or else people will continue having different experiences at different sites and applications. Solving digital identity requires ubiquitously adopted identity standards. Part of the fun and the challenge is making that happen.

I’m not going to even try to list all the meaningful identity and security initiatives that I’ve had the privilege to work on with many of you. But I can’t resist saying that, in my view, OpenID Connect, JSON Web Token (JWT), and OAuth 2.0 are the ones that we knocked out of the park. I tried to distill the lessons learned from many of the initiatives, both successes and failures, during my 2023 EIC keynote Touchstones Along My Identity Journey. And there’s a fairly complete list of the consequential things I’ve gotten to work on in my Standards CV.

I’ll also call attention to 2025 marking twenty years of the Internet Identity Workshop. I attended the first one, which was held in Berkeley, California in October 2005, and all but one since. What a cast of characters I met there, many of whom I continue working with to this day!

As a personal testament to the value of IIW, it’s where many of the foundational decisions about what became JWS, JWE, JWK, JWT, and OpenID Connect were made. Particularly, see my post documenting decisions made at IIW about JWS, including the header.payload.signature representation of the JWS Compact Serialization and the decision to secure the Header Parameters. And see the posts following it on JWE decisions, naming decisions, and JWK decisions. IIW continues playing the role of enabling foundational discussions for emerging identity technologies today!

It’s been a privilege working with all of you for these two decades, and I love what we’ve accomplished together! There’s plenty of consequential work under way and I’m really looking forward to what comes next.

Images are courtesy of Doc Searls. Each photo links to the original.

Some simple steps to keep yourself safe.

Continue reading on Medium »

イギリス: AIによる年齢確認 ジョン・ルイスがAIを活用した年齢確認をオンラインナイフ販売に初導入。 Yoti社が開発した顔年齢推定技術を使用。 18歳未満を誤認するリスクを回避するため高い年齢基準を適用。 アメリカ: フィンテックでの企業買収 iCapitalがParallel Marketsを買収、投資家のオンボーディングを効率化。 再利用可能な投資家パスポートを提供し、コンプライアンスの負担を軽減。 AIと機械学習を活用した自動化が進む。 グローバル: デジタルトラベルクレデンシャル(DTC)の進展 RegulaがDocument Reader SDKを拡張し、デジタルトラベルクレデンシャルをサポート。 スマホやパスポートリーダーで仮想コンポーネントを作成可能。 公的機関による完全なデジタル認証の実現を目指す。 アゼルバイジャン: デジタル開発コンセプト 大統領が「デジタル開発コンセプト」を起動。 公共行政のデジタル化と高度技術の統合を推進。 デジタル教育とICT訓練による経済成長を目指す。 ヨーロッパ: ソーシャルメディアとデジタルIDの連携 スペイン首相がEUソーシャルメディアアカウントをEUデジタルIDウォレットと連携提案。 匿名性を減らし、行動責任を促進。 子供の保護やボットの影響削減を目指す。 デジタルID市場の成長 2023年の市場規模は324億ドル、2032年には1,426億ドルに成長予測。 2024年から2032年まで年平均成長率17.90%を記録する見込み。 マレーシア: ブロックチェーンのデジタルID MYEGとMyDigital ID Solutionsが協力し、全国的なブロックチェーン基盤のデジタルIDエコシステムを構築。 eウォレットや開発ツール環境を提供。 地域での相互運用可能なデジタル規格のニーズに対応。

（出所) https://www.thinkdigitalpartners.com/news/2025/01/27/digital-identity-global-roundup-201/

英国の電子渡航認証(ETA) 英国は、電子渡航認証(ETA)システムを国境セキュリティのために拡張中。 ビザ免除国からの渡航者に対し事前デジタル審査を義務化。 入国手続きの効率化およびセキュリティの強化が目標。 韓国のデジタル在留カード 外国人在住者はスマートフォンを使用してデジタル在留カードを申請可能。 デジタルカードは物理カードと同等の法的効力を持つ。 デジタルカードをデジタル金融サービスと統合する計画を推進中。 デジタルアイデンティティにおけるグローバルトレンド Prove社がPortablを買収し、再利用可能なID確認に注力。 カタールは国のデジタル認証戦略の一環として統一デジタルIDシステムを確立。 Credas Technologiesが英国での成長を背景に国際展開を拡大。 ジュニパー・リサーチは、2029年までに世界人口の3分の2以上がデジタルウォレットを所有すると予測。

（出所) https://www.thinkdigitalpartners.com/news/2025/01/20/digital-identity-global-roundup-200/

ナイジェリアのデジタルIDイニシアチブ ナイジェリアの国家身分管理委員会(NIMC)はデジタルIDの展開を強化する方法を模索中。 デジタルID登録プロセスに虹彩バイオメトリクスを追加する計画。 この追加は、障害を持つ市民がより多くのサービスにアクセスできるようにすることを目的。 セルビアのデジタルアイデンティティウォレット セルビアは2025年末までにデジタルアイデンティティウォレットを導入予定。 導入はEUのプロトコル標準化次第。 EUデジタルアイデンティティフレームワークは2024年5月に施行、2026年までに加盟国がEU版ウォレットを提供する必要あり。 イギリスの身分証明に関するパートナーシッ Vouchsafe社はCarefreeと提携し、写真付きIDを持たない無給介護者を支援。 無給介護者が写真無しで身分証明を可能にする統合を提供。 登録を簡素化し、無給介護者のサービスアクセスを改善することを目指している。 ヨーロッパのAIと身分証明技術 IDnow社がEU資金提供のACHILLESプロジェクトに参加。 このプロジェクトはHorizon Europe Framework Programmeの下で800万ユーロ以上の助成を受ける。 AIシステムの効率性と信頼性向上を目的とし、身分証明を含む多分野における応用に焦点が当てられている。

（出所) https://www.thinkdigitalpartners.com/news/2025/01/13/digital-identity-global-roundup-199/

モロッコのデジタルID拡大 2024年に約470万枚の電子国民IDカードを発行 信頼できる第三者ID確認プラットフォームを通じたデジタルIDシステム第2フェーズを実施 Bank Al-Maghribや医療機関を含む17の主要機関と枠組み協定を締結 30以上の機関が基本サービス提供のためプラットフォームを利用 ナイジェリアのID4Dプロジェクト 世界銀行がID4Dプロジェクトを2026年12月まで延長、1億8000万人分の新IDを対象 政府の要請に基づきプロジェクト拡張により国民ID管理システムを8300万ドルで近代化 生体認証により6400万以上の銀行口座を保護 プロジェクト予算は4億3000万ドルへ増額、国民登録とNIN発行を促進 アメリカでのデジタルIDの取り組み イリノイ州でモバイルIDカードとプライバシー保護に関する法律を制定 Google Walletが6つの州で運転免許証や州IDをサポートする機能を拡張 authIDがAccountable Digital Identity Associationに加盟し、標準化された分散型IDサービスを推進 デジタルIDとブロックチェーンチケットによりスタジアムでの待機時間を大幅短縮 世界のデジタルIDの進展 ベトナムではソーシャルメディア利用者に携帯番号または国民IDでのアカウント認証を義務化 サウジアラビアはAbsherプラットフォームで2800万以上の統一デジタルIDを発行 韓国は9つの地域でモバイルIDカードの試験導入を実施 セントクリストファー・ネイビスは2025年末までに台湾のICDFと協力し、電子IDシステムを開始予定

（出所) https://www.thinkdigitalpartners.com/news/2025/01/06/digital-identity-global-roundup-198/

The Pulse is a series covering insights, patterns, and trends within Big Tech and startups. Notice an interesting event or trend? Send me a message.

This week, a massive event shook the tech industry: a lesser-known Chinese AI lab shocked the markets and tech professionals with the DeepSeek AI model, which feels on a par with OpenAI’s most capable publicly available model, ChatGPT o1. OpenAI has a more advanced o3 model, but it’s in preview and isn’t publicly available yet. DeepSeek is released as open and free to use within the DeepSeek app, or for anyone to host and download it.

Major AI companies are coming to terms with the fact that a small team in China with supposedly little funding, and no access to NVIDIA’s latest AI chips, could pull this feat off. It shatters the image of OpenAI’s invincibility, the notion that the US leads the AI race, and also raises the question of whether open models will turn advanced LLMs into a commodity.

Today, we cover:

The first “thinking model” that feels fast – and is a hit

About 4x cheaper — and possibly more efficient? — than ChatGPT

Open model spreads fast

OpenAI’s need to remain fully closed highlighted by DeepSeek

How did DeepSeek do it, and why give it away for free?

Geopolitics and export controls

Google feared open source AI will win

1. The first “thinking model” that feels fast – and is a hit

On Monday, NVIDIA’s valuation plummeted from $3.5 trillion to $2.9 trillion; an almost $600B reduction in its market cap on a 17% drop in the stock price. This was reported as the biggest ever fall by a U.S. company. The cause? A new Large Language Model (LLM) model called DeepSeek built by a Chinese AI startup, which has been an overnight sensation. Also on the same day, the DeepSeek app (built by the same company) hit the #1 spot on the US App Store on both iOS and Android, making it more downloaded than ChatGPT, which was relegated to #2. DeepSeek has remained #1 since.

Top iOS apps in the US. It’s rare for an app by a Chinese developer to hit top spot. DeepSeek is #1 on Android as well

What’s the cause of Deepseek’s sudden popularity? It’s thanks to the company updating the app to enable its “DeepThink (R1)” mode that uses their DeepSeek-R1 model. This model is similar to OpenAI’s o1 model in that it takes more ‘thinking time’ to respond, by using more compute to serve up a better response.

A big difference is that DeepSeek displays the model’s “chain of thought”, whereas OpenAI hides what happens during the “thinking” phase. So, the model feels much more “snappy” than OpenAI’s o1, more transparent, and more relatable. And frankly, it’s a far better experience to watch the model “think out loud” for 30 seconds, than watching ChatGPT’s spinner for 30 seconds.

Here’s a good example of what happens when asking a question that trips a lot of LLMs up: “if a chicken says ‘all chickens are liars’ is the chicken telling the truth?” DeepSeek starts to “think” for nearly a minute, spitting out pages-worth of internal monologue:

DeepSeek shows its inner prompts while “thinking” up a response. It generated four times as much to answer the riddle I posed

In the end, the answer it generates concludes the question is a paradox. The output is pretty similar to what OpenAI’s o1 produces, except o1 takes around the same time (38 seconds) to “think” and doesn’t show anything to the user.

DeepSeek: free, OpenAI: $20-200/month. An obvious reason for the DeepSeek app’s popularity is that it’s free and offers virtually the same functionality as paid ChatGPT plans, which cost $20/month for limited access, and $200/month for unlimited access to the advanced o1 and o1-mini models. DeepSeek offers all of this for free, while somehow dealing with what look like enormous loads. The key to this is that DeepSeek seems to be an order of magnitude cheaper to operate than existing models, like OpenAI’s’.

2. About 4x cheaper — and possibly more efficient? — than ChatGPT

The team behind DeepSeek found dozens of approaches to improve efficiency of their model – and published these optimizations in a paper titled DeepSeek-V3 Technical Report. Novel optimization methods include:

Read more

Deadly D.C. Plane Crash Comes Months After Congress Ignored Warning About Traffic at Reagan Airport

As the new administration is playing stupid games, yesterday morning, prior to yesterday’s aviation disaster, professor Thomas Schaller cautioned:

An FAA employee I know confirms agency already lacks sufficient air traffic controllers. The so-called “buyouts” and other attacks on federal employees won’t help. Remember that fact when the flight delays (crashes?) commence and Trumpers start falsely blaming DEI or Biden.

This should be a wakeup call and I have a deeper appreciation for people like Phyllis Fong who this week have resisted the illegal orders that are already causing significant harm. On the other hand, if you like anarchy and disaster, congratulations.

Stream the Latest Episode

Available now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

• Formation — Level up your career and compensation with Formation.

• WorkOS — The modern identity platform for B2B SaaS

• Vanta — Automate compliance and simplify security with Vanta.

—

In This Episode

In today’s episode of The Pragmatic Engineer, I’m joined by Jonas Tyroller, one of the developers behind Thronefall. Thronefall is a minimalist indie strategy game that blends tower defense and kingdom-building, now available on Steam. Developed by just two developers, it sold 1M copies in the first year of its launch: quite the hit for a game priced at $12.99!

A screenshot from the game Thronefall. This episode goes behind the scenes to walk through how two devs built this indie hit game

Jonas takes us through the journey of creating Thronefall from start to finish, offering insights into the world of indie game development. We explore:

Why indie developers often skip traditional testing and how they find bugs

The developer workflow using Unity, C# and Blender

The two types of prototypes game developers build

Why Jonas spent months building game prototypes in 1-2 days

How Jonas uses ChatGPT to build games

Jonas’s tips on making games that sell

And more!

If you enjoy playing games, or one day perhaps could see yourself building your own game: this episode is for you.

Takeaways

My biggest takeaways from this episode:

It takes a lot of different skills to be a successful indie game developer. Jonas balances design, development, creating music, thinking about marketability, creating YouTube videos to share process (and get traction), building prototypes — just to name a few activities.

Graph theory can be surprisingly useful at times! Jonas used the A* pathfinding algorithm with this game: and fought a lot at making pathfinding “feel right.” It’s a good example on how computer science theory can become useful in various situations.

Engineering best practices don’t apply to most indie games. Jonas was almost embarrassed to admit they don’t do code reviews, don’t write unit tests and that the code quality could be better. However, indie games are built to ship once: so why overdo it? By all accounts, Thronefall is a smash success, with close to 1M sales. Code reviews and unit tests would have not helped this project with two experienced developers — though the lack of them might slow down larger projects!

To be good at building games: build a lot of games! Jonas made game development sound easy. However, I learned that he has 20 years of game development experience: having been building games since he was 9 years old! Here is a video about the close to hundred games he’s built. Most of them are very simple.

It’s easier than ever to build a game. Unity provides excellent tooling, and there are so many resources on how to build games — videos, tutorials, blogs, books. If you know how to code: you can build a simple game, the very least. We shared a tutorial: Building a simple game using Unity, if you want to get started.

The Pragmatic Engineer deepdives relevant for this episode

Game development basics

Building a simple game using Unity

Timestamps

(00:00) Intro

(02:07) Building in Unity

(04:05) What the shader tool is used for

(08:44) How a Unity build is structured

(11:01) How game developers write and debug code

(16:21) Jonas’s Unity workflow

(18:13) Importing assets from Blender

(21:06) The size of Thronefall and how it can be so small

(24:04) Jonas’s thoughts on code review

(26:42) Why practices like code review and source control might not be relevant for all contexts

(30:40) How Jonas and Paul ensure the game is fun

(32:25) How Jonas and Paul used beta testing feedback to improve their game

(35:14) The mini-games in Thronefall and why they are so difficult

(38:14) The struggle to find the right level of difficulty for the game

(41:43) Porting to Nintendo Switch

(45:11) The prototypes Jonas and Paul made to get to Thronefall

(46:59) The challenge of finding something you want to build that will sell

(47:20) Jonas’s ideation process and how they figure out what to build

(49:35) How Thronefall evolved from a mini-game prototype

(51:50) How long you spend on prototyping

(52:30) A lesson in failing fast

(53:50) The gameplay prototype vs. the art prototype

(55:53) How Jonas and Paul distribute work

(57:35) Next steps after having the play prototype and art prototype

(59:36) How a launch on Steam works

(1:01:18) Why pathfinding was the most challenging part of building Thronefall

(1:08:40) Gen AI tools for building indie games

(1:09:50) How Jonas uses ChatGPT for editing code and as a translator

(1:13:25) The pros and cons of being an indie developer

(1:15:32) Jonas’s advice for software engineers looking to get into indie game development

(1:19:32) What to look for in a game design school

(1:22:46) How luck figures into success and Jonas’s tips for building a game that sells

(1:26:32) Rapid fire round

A summary of the conversation Game Development Philosophy and Process

Finding a balance between personal interest and marketability: a key challenge for indie game developers. Finding something that will sell is difficult enough on its own, but finding something that will sell that you also enjoy working on is very tricky. The approach is to make a lot of things that you can imagine working on that are interesting and then try to measure or guess how well they might do on the market. Then, focus on the most promising ideas.

“What do I want to create today?” After opening up Unity, this is how a typical enough day starts for Jonas. He comes up with a random idea that he finds interesting and “just” makes it.

Games can be made very quickly. This is especially true for simple prototypes without fancy graphics or menus. Polishing and getting to production quality takes the most time. Keep in mind that Jonas has created closer to a hundred small games before, though!

Unity + C#: the development stack Jonas uses.

Scenes: the backbone of the project structure. In Thronefall a scene is basically a level. Each scene contains objects with attached scripts that dictate their behavior. These scripts are MonoBehaviours that inherit from the mono behavior class and are attached to game objects. We covered these concepts in the deepdive Building a Simple Game using Unity

Indie developers often write 'spaghetti code'. It’s also common enough to not write any unit tests. Jonas believes that unit tests are not critical for smaller indie games: but they do become more important at a larger scale.

QA process: “works on my machine,” beta testing and release. Modern game engines are a “godsend” for fewer bugs. If it “works on my machine” there’s a fair chance it works on everyone’s machine with robust game engines. For indie games, bugs are usually found through self-testing, beta testing, and ,finally by real players after the game is released.

Tools, Workflow, and Team Dynamics

Visual editing + code changes: this is the workflow Jonas follows. When building a new level, most of his time is spent moving things around in the Unity editor. He uses Blender for 3D modeling, where models are created and then integrated into Unity.

No code review. Not for a small indie game with two developers!

Push straight to main branch. And try to not break the game for the other dev!

Splitting the work: one Jonas focused more on the gameplay, and the other dev (Paul) did a lot more of the user interface. They also “cross-tested” each other’s work for functionality and the “fun factor.”

Listen to playtesters. Early playtesters reported that there were too few choices for the building upgrades: and so the team took this feedback and implemented more choices for upgrades.

Balancing levels is an art. Game devs are a lot better at playing the game than the average player. So they need to make levels to a difficulty that feels “stupid easy” for them – at least for early levels.

Strategy games are “snowbally.” This means that it is exponentially more difficult to recover from falling behind. To smooth this out, Jonas coded up enemies dropping gold in order to smooth out the economy curve. This made the game easier to balance because the amount of gold a player has at a given time is easier to predict.

Development and release

Prototyping: the first phase. The two devs created prototypes and mini-games, not spending more than 1-2 days on them. The time reserved for prototyping is scaled to the size of the project. For a two-year game, two months of prototyping could be a good rule-of-thumb. Prototypes help figure out what might sell well, and what the devs also enjoy working on.

Gameplay first. During the prototyping phase, gameplay is explored before visuals. Gameplay prototypes consist of simple shapes and colours and that visual prototypes are created after gameplay, and are composed of scenes without any logic or motion.

Major development challenge: pathfinding. For this game, Jonas spent a lot of time on this problem. How will units move “correctly?” How to ensure they don’t go through walls? The team bought a plugin from the Unity Asset Store using the A* pathfinding algorithm, and then customized it. Units don’t exactly move on nodes, so additional post-processing is required to ensure they are taking the straightest path between nodes.

ChatGPT: helpful for development. Jonas uses it to generate skeleton code, which is then filled in, and to translate shader code or answer questions on unfamiliar subjects.

Steam: a no-brainer. Steam is the go-to platform for indie developers, and Steam sales usually make up the vast majority of sales compared to other platforms.

The launch: not as fancy as you’d think! As per Jonas, the launch was surprisingly anticlimactic. He just pressed a button in the Steam backend.

The reality of being an indie developer

Bureaucracy: the dreaded part. Jonas hates bureaucracy the most in being an indie game developer. Things like filling out Steam forms, legal documents, and dealing with lawyers.

Advice: don’t build your own game engine! The single biggest advice Jonas has for a developer building their own game: do NOT turn it into building a game engine! It’s too tempting, but is a waste of effort for the most part.

“Bigger” games don’t necessarily sell better. Smaller games often have a better payoff-to-effort ratio because they are easier to make successful and the user experience should be prioritized before the engineering behind it.

University was helpful. Jonas says that it is possible to be self-taught in game development. However, for him, going to a game development college connected him with a valuable network of people. Both games that sold 1M+ copies he built with people he met at his university at HTW Berlin

How to succeed as an indie game developer? Find the correct overlap between something you enjoy and something that will also perform well in the market. It is not enough to just make a perfect game; it must be the right game. You also need to make a game for others, not just yourself!

Resources & Mentions

Where to find Jonas Tyroller:

• X: https://x.com/jonastyroller

• LinkedIn: https://www.linkedin.com/in/jonas-tyroller-213a63144/

• YouTube: https://www.youtube.com/c/JonasTyroller

Mentions during the episode:

• Thronefall on Steam: https://store.steampowered.com/app/2239150/Thronefall/

• Unity: https://unity.com/

• C Sharp: https://en.wikipedia.org/wiki/C_Sharp_(programming_language)#

• Blender: https://www.blender.org/

• Adopting Software Engineering Practices Across the Team: https://newsletter.pragmaticengineer.com/p/engineering-practices

• Warp Digital: https://warpdigital.com/

• Islanders on Steam: https://store.steampowered.com/app/1046030/ISLANDERS/

• Coatsink: https://coatsink.com/

• Will You Snail on Steam: https://store.steampowered.com/app/1115050/Will_You_Snail/

• No Gravity Games: https://nogravitygames.com/

• Miro: https://miro.com/

• A* algorithm: https://en.wikipedia.org/wiki/A*_search_algorithm

• ChatGPT: https://chatgpt.com/

• Claude: https://claude.ai

• Github Copilot: https://github.com/features/copilot

• Godot: https://godotengine.org/

• GameMaker: https://gamemaker.io/en

• Game Design program at Hochschule für Technik und Wirtschaft Berlin

University: https://gamedesign.htw-berlin.de/en/

• Opus Magnum on Steam: https://store.steampowered.com/app/558990/Opus_Magnum/

• Outer Wilds on Steam: https://store.steampowered.com/app/753640/Outer_Wilds/

• GAMEDEV: 10 Steps to Making Your First Game Successful: https://www.amazon.com/GAMEDEV-Steps-Making-First-Successful-ebook/dp/B08CBLXPB7

• Flow: The Psychology of Optimal Experience: https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics/dp/0061339202/

• Game Development Basics:

https://newsletter.pragmaticengineer.com/p/game-development-basics

• Building a Simple Game: https://newsletter.pragmaticengineer.com/p/building-a-simple-game

—

Production and marketing by Pen Name. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

My first attempt at building a decentralized app in this day and age will use Solid Pods and DIDs. The goal? A super simple “BooksWeLike” app—a place where I can review books and see what my friends are reading and enjoying.

What makes this app different is how it handles data. Unlike traditional apps where data lives in a centralized database, my app will let users store their own data in Solid Pods. Think of a Pod as your own personal data vault—you control who can access it and how it’s used. And instead of relying on centralized logins like Google or Facebook, I’ll use Decentralized Identifiers (DIDs), which allow users to prove their identity on their own terms.

The plan for the app is straightforward:

• If you already have a DID or a Solid Pod, you can sign in using your existing accounts.

• If you don’t, the app will help you create them when you sign up.

Of course, part of this journey is figuring out how practical and possible all of this really is. Beyond building the app, I’ll also evaluate the tools, SDKs, client libraries, and documentation available for Solid and DID developers. How well is the building community being enabled? I’ll compare my experience with other distributed ecosystems as I attempt to replicate this app in different environments in the future. Once the app exists across multiple ecosystems, I can explore broader topics like ecosystem interoperability and federation.

These technologies are still evolving, and I’m excited to explore what’s possible—and what needs improvement.

So, what about you? Have you already taken the plunge into the world of DIDs or Solid Pods? Or is this your first time hearing about them? Let’s find out together as I document this journey.

In my next post, I’ll dive into the nitty-gritty of authentication—getting users to log in with their DIDs and connecting them to their Pods. I suspect it’s trickier than it sounds, but that’s all part of the adventure.

Hi – this is Gergely with the monthly, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover challenges at Big Tech and startups through the lens of engineering managers and senior engineers. If you’ve been forwarded this email, you can subscribe here.

Google is the undisputed king of search engines, with around 90% market share. The product generates revenue exclusively via advertising, and it is a lot. The tech giant’s revenue from ads placed in users’ search results has exploded in 20 years: from $1B in 2004, to around $200B, last year. Today, around 70% of Google’s revenue comes from this single source, alone.

Predictably, this has led to Google search starting to feel more like an “ads engine”, and less like a search engine. About a year ago, I began using alternatives, and have since replaced day-to-day use of Google search with two other products developed by startups:

Perplexity: an AI-powered search engine and answer engine, changing how people discover information online. It’s a VC-funded startup on the rise.

Kagi: a search engine with no ads, which gives “power back to the user.” A bootstrapped, profitable company growing at a reasonable pace.

To learn more about these challengers to Google search, I reached out to both to ask how their engineering teams operate in this bold mission to disrupt the web search market.

Note: I have no commercial affiliation with Perplexity or Kagi, and was not paid to write about them in this article. I also get no compensation from the special offers for my subscribers (see below). Indeed, it was I who asked if these companies would consider making these offers. See more in my ethics statement.

Special offer: paying subscribers of The Pragmatic Engineer get free access to paid versions of Perplexity and Kagi. As a paid subscriber, you get:

Perplexity Pro for one year (worth $200)

Kagi Ultimate for 3 months (worth $75)

Get Perplexity Pro and Kagi Ultimate

See more context and details on this offer.

Today, we cover:

Backgrounds and cultures. One of these companies is rumored to be valued at $9B, while the other has taken no VC-funding. Perplexity is mostly in-office these days, while Kagi is full-remote.

Tech stack and AI tools. Kagi uses the lesser-known Crystal programming language and builds a simple but novel message-passing system. Perplexity is built on React+NextJS, and also uses its own custom LLMs.

How does Kagi index? A search engine is only as good as its index. Kagi aims to only crawl high-quality websites, and to skip sites with too many ads. This custom index explains its distinctive search results, compared to other search engines.

How is Perplexity so fast? Speed is an important differentiator for Perplexity, and a source of constant tweaking. Surprisingly, the product runs multiple models for every query, under the hood.

Engineering practices. At Perplexity, there’s no formal design review process, and AI evaluations are defined upfront. At Kagi, there’s “checkpoint standups” and trunk-based development. Both companies use Linear for task and project management. For more about the innovative project management startup, Linear, check out this deepdive.

Product milestones. Perplexity employed a smart strategy of initially launching as something akin to a lightweight wrapper, and then built their own search index, API, and custom features such as “Shop Like a Pro.” Meanwhile, Kagi spent considerable time building out the core experience, and then launched lots of additions like FastGPT, Kagi Translate, and more.

Unique challenges of “search engine engineering”. For Perplexity, creating a “futuristic” experience was probably the trickiest part. For Kagi, it’s the attention to even the smallest details, in order to gain and retain customers.

This is an engineering culture deepdive. See similar ones about Meta, Amazon, Stripe, OpenAI, Figma and several other tech companies.

Thanks to Alex Lang (engineering lead at Perplexity), Zac Nowicki (tech lead at Kagi Search), and Vladimir Prelovac (founder and CEO at Kagi Search) for sharing interesting details.

1. Backgrounds and company cultures Perplexity

Some stats about this Google search challenger:

2022: Founded by Aravind Srinivas (CEO), Denis Yarats (CTO), Johnny Ho (Chief Strategy Officer), and Andy Konwinski

$9 billion: Rumoured valuation as of December 2024; up from $520 million just a year ago. This is truly standout for such a young company!

20 million search queries per day: the latest milestone hit; almost a 10x increase on a year ago, when there were 2.5M search queries.

165 people: team size, two-thirds of whom work on the tech team.

The tech organization is currently structured as four groups, with some groups consisting of several teams:

AI

Search

Product Engineering

Design

Perplexity’s company values:

Curiosity

Quality

Ownership

Velocity

Perplexity is mostly in-office, after operating as remote in its early days. While scaling up, the company is focused on hiring for the office; or at the very least, for pods in the same city. Perplexity has locations in:

San Francisco: 70 people

New York: 14 people

Austin, Texas: 9 people

Europe: 32 people

Remote, in the US: 37 people

What’s it like to work at Perplexity? Alex Lang says ownership and communication are priorities:

‘Everything for us works backwards from the end-user. We want to imbue a spirit of curiosity and quality that reflects the best ideal of an answer engine. Once we have found the right projects to tackle, we place extreme emphasis on ownership and velocity.

We want everyone to have high ownership and place a high bar on ourselves. We also recognize that impact delivered today has higher value than some improvement in the distant future.

We try to minimize standing meetings. Ongoing communication is extremely important for us. We value using Slack to communicate, hold a quick huddle if needed – but keep meetings to a minimum.’

Kagi

Some figures about the business:

2018: founded by Vlad Prelovac, in Palo Alto, US.

$0 raised in VC funding. In 2023 and 2024, the company raised funds – from users! A total of $2.4M.

~750,000 search queries per day: See realtime stats.

40 people: team size.

Live stats: See realtime details on the number of members (over 37,000), queries, families using the product (more than 3,000), and more. This is a surprising level of transparency!

Realtime stats at Kagi. When customer milestones are hit, the company marks the occasion. Last time, it shipped a t-shirt and sticker pack to early users. Source: Kagi

Of the 40-strong team, 30 are engineers. Engineering is divided into:

Core products (Search, Assistants, Maps): 15 engineers

Research and development (building new stuff): 5 engineers

Kagi is a remote-first working environment. Team composition by location:

US and Canada: ~45%

Europe: 40%

Asia: 15%

What’s it like to work at Kagi? Zac Nowicki says communication matters:

‘Open communication is king, in public channels, using our internal forum, staying out of DMs (unless discretion warrants it, of course). Some people can be shy about asking simple questions, but it is so important for optimizing remote communication loops and making issues (and wins!) visible. The worst thing is when some key decision was made behind "closed doors" and has repercussions we need to walk back weeks later. Or people debugging minor issues with our systems, out of sight from an engineering colleague who could solve the root cause, or otherwise inform our DX improvements.

‘In a physical working space, there is constant implicit communication; overhearing others, seeing things put on walls and whiteboards. Even body language; physically being able to see your coworker is having a hard time, and extending a helping hand. You don't put any effort into these things, they just happen.

‘Remote work is not for everyone because it’s a lot more effort to communicate openly. In remote, silence is the default. Nothing happens or has any nuance unless you put yourself forward and engage. Putting effort into crafting a safe space for open, remote communication that feels natural is important for leaders to put serious thought into.

‘Explicitly passing the baton comes to mind, too. If something needs a review, tag someone; anyone. It is okay if they don't have domain knowledge, as they will pass it to someone else if necessary. What doesn't work is putting things into the void and hoping someone will notice.’

2. Tech stack and AI tools

Let’s take a look at the technologies these two search startups use.

Perplexity

Frontend and backend

TypeScript as the preferred programming language

React as the frontend framework

Next.JS for server-side rendering as the full-stack framework powering the front and backends

Modern JavaScript stack: using tools like eslint (static code analyzer), turborepo (incremental bunder and build system for JavaScript and TypeScript), prettier (an opinionated code formatter / linter)

AI and machine learning (ML):

AI models: continuously keeping up with the latest foundational models. Perplexity evaluates them and uses ones that make the most sense.

Python and PyTorch (a deep-learning framework in Python)

Senior Frontend Engineer Oleg Akbarov said Perplexity moved from NextJS Pages Router to App Router, for a snappier web experience:

‘The Perplexity web experience was initially built as a NextJS web application using:

Pages Router for routing

Redux for state management

‘It was a great prototype and allowed a fast time to first byte (TTFB) experience for server-rendered routes. It also helped us ship a moderately dynamic experience within the pages.

‘However, about a year ago, we wanted to improve the navigation within the application and streamline the query submission experience. It was at this point that the performance limitations of a Pages Router became apparent. It was right at this time that the NextJS team introduced a new router version called App Router. App Router was a great fit for our use case: it allowed us to build rich, dynamic user interfaces without sacrificing the performance benefits of server-side rendering (SSR).

‘We needed to not slow down our shipping speed, while moving routing frameworks. Here is how we phased our migration:

Replace Redux with react-query. We did this because react-query has superior support for server rendering. It also has useful out-of-the-box features like optimistic updates and query revalidation (refreshing or updating cached queries to ensure they are up to date).

Gradually updating route logic. We carefully transitioned all the APIs from Pages Router to the new version, App Router.

Move data fetching logic. We moved data fetching logic to React Server Components (RSC).

‘Completing these stages took a few months. At the same time, we kept shipping new features even as the migration was ongoing. Best of all, the migration was invisible for end users.’

A lot of experimentation with AI tools: The Perplexity team is encouraged to experiment with AI tools. The most popular with engineers are:

GitHub Copilot and Cursor as IDEs. Most engineers inside the company use both – which was somewhat surprising to hear, as I’d assume engineers would settle on a favorite! Both have upsides, like Cursor’s Composer, and GitHub’s smooth integration with Visual Studio Code.

Internal tools to modify Perplexity’s custom LLMs. Perplexity has its own, internal large language models (LLM). This keeps being tweaked by the team, which requires engineering knowledge to do. The engineering team is also building tools so that later on, product managers can also make modifications.

Kagi

Here’s the tech stack behind Kagi:

Backend:

Crystal: the programming language used for the search binary. Crystal borrows a lot from Ruby (syntax/semantics), and Go (concurrency). The search binary contains all top level application logic and rendering.

Custom backend: The backend framework is largely custom; bootstrapped on some primitives from the standard library. Kagi uses a simple, novel message-passing system scripted using a visual diagramming tool.

Postgres: database of choice. For DB ops, the team uses Crystal's standard database driver for Postgres, and writes queries and migrations in raw SQL. The driver library provides a set of utilities for deserializing rows into types and connection poolings, which makes it very nice to use. Recently, the primary database instance was upgraded from 1vCPU with 4GB of ram, to something larger.

Frontend:

Server-side rendering using Jinja templates + JavaScript. The team uses an interpreter ported to Crystal for the Jinja templates.

As little JavaScript as possible. On principle, the Kagi team tries to use as little JavaScript as possible on the frontend, and to only use it to enhance the experience, not create it. They want to ensure the core search experience is usable without JS enabled at all. Ruthlessly trying to keep things simple is how they avoided having any serious use for Node in the build step, until very recently.

No client-side telemetry. This means no click tracking and no analytics. Admittedly, this creates challenges for both development and product. Still, the team believes it aligns with their values.

Zac shares the story of Kagi’s current backend, which is the second-generation:

‘After launching Kagi, we realized we needed to manage a ton of concurrent tasks, combined with even more checks and decision making. We needed to stay on top of a robust concurrent control flow, and not go crazy trying to debug it all. This was the motivator for the "second generation" backend.

‘Flow Based Programming (FBP) is the hidden gem we followed to build observable and complex concurrent systems. FBP is a methodology introduced in around the 1970s, and we use a modern variant that takes the simple ingredients:

Simple "black box" interface. One message in → multiple messages out

FIFO queues. First in, first out

Routing table. This describes how messages are transferred between components

‘These three components produce a system so "regular" that you can describe control flow with any off-the-shelf diagramming tool. Put simply, we could create visualizations of our system representing the full source of truth; we just needed to write an interpreter for it!

‘Compare this to the classic scenario of how understanding of systems becomes muddled:

Someone makes a nice diagram to help others understand a system’s inner workings.

From the start, this diagram is only going to represent someone's abstract idea of a system. This is a small enough problem early on, which most people gloss over.

As time goes on, the system changes but nobody updates the documentation, so it further drifts from truth.

Over time, the diagram no longer represents the system.

‘What we have done is establish a "domain specific language (DSL) for software architecture". As engineers, we can specify and communicate using the terms of these diagrams. We do not have to focus on small details that cause us to “not see the forest for the trees.” We can agree on the shape of a network, and leave other teammates to implement it, with fundamental guarantees of outcome, regardless of the “in the weeds” decisions they make.

‘The boundaries between messaging components become natural testing boundaries, without having to write code in a "testable" way. They lend themselves heavily to code reuse. The message passing history during a request gives us free observability in the form of tracing, with no explicit effort from a developer. The whole system works very well for us.’

3. How does Kagi index?

One of the most important parts of a search engine is its search index. Zac breaks down the process at Kagi:

‘We currently have about half a dozen different search indexes:

Teclis: index of the non-commercial web

Tinygem: index for trending news

Small Web is an index of personal blogs and websites

… and several more

‘A search index consists of three components:

Crawling

Indexing

Ranking

‘Each one comes with separate challenges:

‘Crawling the web is very different today to 20 years ago. Websites – especially big sites – are much more hostile to crawlers; probably for good reason! Luckily for us, we are not trying to crawl the entire web. Also, most websites we crawl are cooperative.

‘We do not index sites with too many ads. We crawl using a headless browser and with uBlock Origin extension installed, and count the number of ads and trackers on a page. If the figure is too high, we simply kick the page out of our index!

‘Indexing lets us do unique things most search engines don’t. The nature of our indexes is such that websites which get indexed tend to be high quality. We’ve noticed the number of ads and trackers on the page inversely correlates with the quality of content.

‘We surface the pages we consider high quality, pretty high up in our search results, which gives Kagi results a unique flavor. It also gives personal websites, blogs, and forums exposure in search, which they rarely get in other search engines.

‘Indexing and ranking utilize the newest machine learning techniques. For example, we use text embeddings, which allows us to search not just by keywords, but also by semantic meaning.

‘Kagi's indexes are focused on a very tiny portion of the web which allows us to be fast and cost effective. We hope this part of the web (not yet ruined by advertising) will grow in the future.’

4. How is Perplexity so fast?

One thing that stands out about Perplexity is that it’s very fast, despite being an AI search engine that needs to generate a lot of tokens (text) in realtime. How is it so rapid? Alex Lang explains:

‘Speed is a major focus that we optimize for because it has two major benefits:

Better UX. Quick responses dramatically improve user experience.

Lower cost. The faster an AI model produces an answer, the less computing resources it consumes. Having fast models actually reduces our infrastructure cost in serving answers!

‘Two things are worth highlighting:

We run multiple models for every query. Few people realize, but under the hood we are running multiple models to provide the final answer. We can do this because we’ve optimized to make these custom models as small as possible. We keep looking for ways to distill more knowledge into a smaller LLM. We also don’t shy away from using more traditional machine learning techniques if they give better results.

Building our custom scheduling and runtime engine. We are building this so we can have additional knobs to tune that aren’t available from third-party systems.

‘Both these approaches should unlock further speed gains; so expect Perplexity to speed up even more in the near future.’

5. Engineering practices Perplexity

Perplexity prefers lightweight processes and biases towards action, which means:

No formal design review process like design docs, RFCs, or ADRs. Most work starts with a quick Slack discussion, or a one-page document. The only exceptions are large-scale projects, which are still kicked off with a more traditional design process.

Code reviews: all PRs are reviewed before merging.

Staged rollouts: the norm across the engineering team.

Linear: used for task tracking. We published a deepdive on Linear’s engineering culture.

AI evaluations are defined upfront. This is an approach specific to working with LLMs. It’s roughly equivalent to a design review for non-AI engineering work. Engineering manager Alex Lang explains:

‘Detailed planning on the model side is a waste of time. This is because models and techniques are always changing, so any design needs to be agile and ready to switch at a moment's notice.

AI evaluations, however, are crucial to the final success of the product. Changing evaluations late in the process is extremely painful. Once we select the right evaluation, we keep this stable. We spend a lot of time and effort to go over details of the evaluation we are defining. By investing in this work upfront, we are able to guarantee the AI project will ultimately be a success.”

How does Perplexity hire? Alex Lang details the process:

‘Product sense is important for all our hires to have; we place great emphasis on this. Thanks to all engineers possessing it, the company has fewer engineering managers and product managers than many similar-sized companies. All product and engineering managers we hire are very technical, and strongly committed to empowering ICs.

We used to have trial periods, but no longer do. Early on, people were hired via trial periods. Over time, we did not find this approach scalable. We now have a fairly typical interview process.

We do have an extremely high bar. When choosing between hiring the wrong person or not hiring at all, we’d much rather not hire! For new joiners, we emphasize the importance of hitting the ground running. We want to see a positive impact in the first days, weeks, and months.’

Kagi

Here’s the engineering process at Kagi, as explained by Zac Nowicki:

‘We are ruthless in solving "papercut" pain points for our users on a weekly basis. We win so much favor with users when they report something, then wake up the next day and it’s fixed. It brings users delight, they tell their friends, and it usually doesn't take long for us to do. Everyone wins!

‘Managing larger developments has been much more of a challenge. Getting everything flowing smoothly from specification, design, and implementation is incredibly hard, with the odds against us; such as being a fully remote team spread across every major timezone.

‘We adopt a "marble-chiseling" approach of shaping things with targeted hits, like a sculptor uses their chisel. This is how it works:

Devs start out with a high-level spec, and own some large slice of the work

Devs largely self-manage their work

Reporting is done via two or three syncs throughout the week to keep successes and roadblocks as visible as possible

‘Our approach to getting stuff done is to do the most basic thing, then iterate to the next level of depth. Then repeat.

‘Process-wise, we use:

"Checkpoint" standups: a few throughout the week, to keep things grounded.

"Workspace" voice channels. Throughout the day, we have voice channels people can sit in for virtual "coworking." Sometimes this leads to collaboration, other times it's quiet. Still, we’ve found that even when working in silence, the "body doubling" effect – knowing that others are in the same channel – can be quite helpful for staying focused.

‘Trunk-based development: we rapidly integrate into a single main branch as frequently as possible. This comes with a few more approaches:

Aggressively feature flag WIP things

Refuse to work with long-lived development branches.

‘We aim to keep everyone on the same page, away from the "Git paperwork" of having to deal with complex merges.

‘As an added benefit, if you break something on the backend which goes under the radar, it’s not uncommon for someone else like a frontend developer to spot the issue. This is a lot better than what happens with long-lived branches. We think that changes stagnate by being siloed in branches until they’re "perfect", which is more harmful.

‘Linear: we currently use Linear for our overarching task & project management.’

6. Product milestones

Some notable milestones for Perplexity, and Kagi, to date:

Perplexity

Building the search index (started late 2023; ongoing)

Opening up the Perplexity API (October 2023)

Fine-tuning their own LLM models (November 2023: first launch of PPLX models)

Launching the discover feed (early 2024)

Launching Shop Like a Pro (November 2024)

Perplexity followed a smart strategy. Alex Lang elaborates:

‘Early on, it was easy to dismiss Perplexity as “just a wrapper.” And there was truth in this categorization, back then; the initial launch used third-party search results and AI models. However, people underestimated the value of this strategy.

‘As a product-led company, we wanted to get in front of real users and iterate rapidly. The fastest way to do that was to use third-party technologies. Once we understood our users better, we got to work on building:

Our own search index that matches our needs

Our own AI models that work according to our use cases

‘This “get in front of real users as soon as possible” approach remains ingrained in our engineering culture to this day. Once we’ve learned enough, we build the enduring moat that will allow us to scale.”

‘Once we had our own search index and models, we created an API to share our technology with others. The initial goal was primarily to speed up some internal work, but we knew that the same things that helped us internally, would help other developers. Since then, it's been fun to see how partners and independent developers have put our API to use.

‘Finally, a key milestone has been launching complimentary products to the original Answer Engine; honestly these could be a startup in their own right! Our users are curious, and the Discover feed has been a delightful way to satisfy that curiosity. While the Discover feed could stand on its own as a product, its true value has been its powered growth for the core Answer Engine. Our recent “Shop Like a Pro” that allows users to go from question to buying a product in one click, is a large-enough endeavour to be its own product. But this is just the first step in our evolution from an Answer Engine to an Action Engine.’

Kagi

Major product milestones:

Building Kagi Search (2022)

Launching The Assistant: a baseline LLM chat interface (2024)

Lots of small projects shipped on the side: like FastGPT, Universal Summarizer, the Small Web index, and the brand new Kagi Translate (2023-2024)

What’s next: integration of all these things, and looking for ways to have them talk to each other in ways that make sense and feel natural.

Zac has been part of the core team since the early days, and he reflected on the journey, so far. It’s really nice to hear a first-hand account of a successful product launch:

‘I am unsure anything will ever top the magic of our launch day in 2022. The months and weeks leading up to that were learning how Stripe works, designing our database schemas to hopefully last, and doing our damnedest to make sure it didn’t immediately fall flat when the clock struck midnight.

‘It's all simple strokes, but done under pressure, like:

A cloud function to catch Stripe events

Storing as little information as possible in our tables

Fallback logic so that if the Stripe event handler ever fails, we wouldn't go bankrupt thanks to incorrectly billing or refunding users

Design it with multi-user billing accounts in mind, which was only an idea at the time

‘It's not perfect and has its quirks, but it has largely been unchanged and has carried us to where we are today at ~36,000 paying customers.

‘There were fewer than five of us, each owning a slice in full depth. A formative moment for our core team (myself included), was when we taught ourselves what we could do with so little, considering the giants around us. Taking minimal dependencies, knowing exactly every risk we were taking.

It was totally unforgettable. I hope we can pull it off again.’

7. Unique challenges of search engine engineering

What are the biggest engineering challenges in building a search engine, compared to other systems the team has worked on?

Perplexity

Alex says:

‘The biggest challenge in building an Answer and Action Engine is ensuring we provide a futuristic experience, in a way that wows users, while covering all the basics a user expects from a search engine. In other words, it’s about figuring out the right ways to change up user behavior.

In the 1990s, the search experience was rapidly changing and users had not formed habits, but since then the search engine experience has been remarkably stable. So we constantly have to find a way to delight users with a surprising new experience that leverages recent technologies, while also rounding out the full product experience to cover all the tiny habits people have developed and expect to be present, in order to be satisfied with a search experience.’

Kagi

Zac reflects:

“The major difference for me is that this project connects with people like nothing else I've ever worked on.

It involves caring about details and edge cases in ways – and sometimes on such a small scale – that you wouldn't ever think of, usually. Using the publicly available APIs of other search engines, you could make something that walks and talks like Kagi; but what no one else has is the meticulous shaping of countless small rules and conditionals that keep the cruft (poorly designed, overly complicated, unwanted code) out of our results.

There's no "big secret" to what we do; we've simply put the hours into this marathon that no one else has, while staying true to our mission and value proposition to our customers, and no one else.”

Takeaways

These two startups are both in search, but are so different from each other:

Perplexity is VC-funded, growing rapidly in usage, hiring more aggressively, and launching new products at rapid speed.

Kagi: no VC funding, offering only a paid service, growing their team slowly, and being thoughtful about launching new features.

These are the most interesting points I learned about each startup:

Perplexity: hire for product sense, and prioritize in-person work. Perplexity’s engineering team emphasizes how important “product sense” is: it’s something they explicitly look for during the hiring process.

Kagi: don’t be afraid to build custom systems, or use lesser-known tools. Kagi is the first startup I’ve heard of which uses the Crystal programming language. The engineering team is unafraid to build novel systems if they decide doing so helps them get things done: this is how they built the backend, based on the Flow Based Programming methodology.

Both startups give broad ownership to engineers. Perplexity and Kagi each share the characteristic of giving engineers broad ownership and autonomy. I get the sense there is no heavy product layer at either company; engineers are encouraged to understand customers, the product, and come up with product ideas which they then build.

Both companies know they need to build a more pleasant, better search product than Google Search offers: it’s not easy, but the rewards for succeeding could be spectacular.

Each startup is building a challenger product to Google Search at a time when the Big Tech giant looks vulnerable. Will Google Search evolve to compete more with the likes of Perplexity, by becoming an “answer engine” while cannibalizing its ads revenue? Will it put customers first, and offer a paid product without ads? Or could it find itself “stuck” by being addicted to the hundreds of billions in ads revenue, thereby allowing competitors to overtake it?

Competition is great for the tech ecosystem, and challengers to Google in the search market are much needed. I hope you enjoyed learning about how these two startups operate. Best of luck to the Perplexity and Kagi teams!

As a paid subscriber, if you’d like to try out their paid products — without needing to enter your payment details — you can do so here.

If you enjoyed this deepdive: you might appreciate deepdives about about Meta, Amazon, Stripe, OpenAI, Figma and several other tech companies.

Hi, this is Gergely with a bonus issue of the Pragmatic Engineer Newsletter — with a special announcement. Note that this is a personal recommendation — and a deal I initiated with two tools I’ve been using as a paid customer to replace my Google Search usage the last year. It is not a paid advert: I have not received any monetary or other compensation for sharing this offer. I have no affiliation with either of the companies mentioned below. See more in my ethics statement. It’s the first-ever such announcement since the start of The Pragmatic Engineer three years ago — and I do not plan to do these frequently.

I’m excited to share a unique perk for all paying subscribers to The Pragmatic Engineer. Starting today, you now get access to:

Perplexity Pro for 12 months (worth $200)

Kagi Ultimate for 3 months (worth $75)

You don’t need to share credit card details or payment information to access this deal.

Get Perplexity and Kagi codes for free

This deal only applies to new Perplexity and Kagi customers. Cancelling a newsletter subscription deactivates the code supplied.

If you’re not yet a paid subscriber to The Pragmatic Engineer, you can upgrade here.

How did these offers come about?

Some background: for about a year, I’ve been using Kagi Professional as my default search engine, after deciding to drop Google Search. Meanwhile, for deep research and highly nuanced web search, my choice is Perplexity Pro.

I want to mention that I haven’t been paid to mention these startups – in fact, I reached out to them! I’m actually a longterm user of both products, and want to give subscribers the opportunity to discover them, too. So, I approached the companies about offering trials.

I’m pleased to say that Kagi and Perplexity were each open to offering multi-month free trials to subscribers of The Pragmatic Engineer. For Kagi, it’s the first time they’ve made such an offer via a third party.

Let’s tackle the elephant in the room: why would you pay for search? I certainly never thought I would. But the reason I do so today, is that I’m tired of being “the product” for search engines. Every time I execute a search, I have to scroll through sponsored results that are mixed into organic ones. I also have a nagging sense that search engine results are degrading over time. The likes of Google care more about maximizing ad revenue than they care about serving up high-quality, helpful search results.

Finally, as a tech professional and someone who believes in the benefits of competitive markets, it’s refreshing to see startups challenge the monopolistic Big Tech dominance of search with new, alternative approaches. Perplexity is barely two years old, and already a challenger to Google. And Kagi offers unusual transparency behind their exact usage numbers and customer numbers by sharing realtime platform stats.

Perplexity has built a product that feels like a new type of search; one which delivers research to your fingertips via a search engine, complete with references (links) about where the information has been sourced from. This lets you double check how legitimate the sources are, and so using such a tool can strengthen the credibility of your work.

Meanwhile, Kagi is building a privacy-first, user-first version of Google search without VC funding or ads. The results it serves feel much more like “hits”, than the “misses” I’ve come to expect from Google. Check out the Kagi team’s view on the real cost of “free search.”

What you get from Perplexity Pro and Kagi Ultimate

What you get with Perplexity Pro:

Pro searches. A Pro search conducts thorough research to provide in-depth, accurate responses to questions. It’s particularly useful for summarising, data analysis, debugging, and content generation, making it the perfect tool for developers and data scientists. More about Pro search features.

Powerful AI models. Search using a choice of advanced AI models, each with its own unique strengths. Choose from GPT-4 Omni (advanced reasoning), Claude 3 Sonnet and Haiku (natural-sounding responses and file uploads), Sonar Large 32k (conciseness and accuracy). You can even use the new DeepSeek R1 reasoning model (hosted with Perplexity) and OpenAI o1 reasoning model.

Document Analysis: Upload text and data files to search the web and also internal knowledge bases.

What you get with Kagi Ultimate:

Unlimited Kagi searches. Lightning-fast, no ads and no tracking, and the ability to block domains. Popular domains users block include Pinterest, Daily Mail, and Quora.

The Assistant access. The Assistant by Kagi combines top large language models (OpenAI, Anthropic, Meta, Google and Mistral) with optional results from Kagi Search, making it the perfect companion for creative, research, and programming tasks. More details about The Assistant.

Get Perplexity Pro and Kagi Ultimate

Next up: deepdive on both startups

Tomorrow, we publish a deepdive on the engineering cultures of Perplexity and Kagi. Both these startups are building alternatives to Google Search, and each has its own distinct approach and engineering culture. Stay tuned!

Privacy by Design Conferenceとは

Privacy by Design Conferenceは、Data Privacy Day (1月28日)頃に開催する国際カンファレンスです。

プライバシーに関わる、文化、法律、テクノロジー、ビジネス、オペレーションなどのさまざまな立場の方が、多様な視点で対話を行います。

ことしは日比谷国際ビル コンファレンス スクエアにて1月28日におこなわれます。わたしもひとつのセッションのモデレータをさせていただきます。

14:35〜15:20

デジタルIDによってどのような社会を実現するのか（8C会場) (英語。日本語字幕）
Session:「Secure and Safety Service Design 〜Designing with Trusted Digital ID〜」

このセッションでは、モデレーターとパネリストが国境を越えたデジタルIDプロジェクトに関するトピックについて議論します。現在のユースケースを基に、信頼できるデジタルIDスキームに基づいたセキュリティと安全性に関する課題についてお話します。

Reference Link: DNP and MUFG Aiming to Commercialize Digital IDs

モデレーター: MyData Japan 理事長　崎村 夏彦 日豪クロスボーダー相互運用性ワーキンググループ メンバー　岡本 凜太郎 氏 Meeco　CEO兼創設者　カトリーナ・ダウ 氏 カンファレンスの詳細について

カンファレンスの詳細は、オフィシャルサイトからご覧になっていただけます。

それでは、現地にてお会いしましょう。

The Pulse is a series covering insights, patterns, and trends within Big Tech and startups. Notice an interesting event or trend? Send me a message.

Today, we cover:

Industry pulse. TikTok’s gamble pays off, Stripe and Meta do 4-5% layoffs, Reflections on a month of using Devin, Hundreds of billions in AI infra investments, Amazon’s AI models fail to impress, Google allows malware Homebrew install links as sponsored Search results, and more.

Netflix’s remarkable turnaround. In two years, Netflix went from growth stalling – and the company’s valuation in freefall – to all-time-high user numbers and valuation. The standout stock price growth means that Netflix employees who opted to take a part of their compensation as stock options most certainly did better than those opting for all-cash packages.

Managed database service loses customer data. Database-as-a-service Turso lost customer data thanks to no backups running on beta service offerings. There are learnings not just for the startup – launching a service without backups running doesn’t feel like a responsible move – but also for all engineering teams. Don’t assume your vendor does backups: validate that they do.

1. Industry Pulse TikTok’s gamble pays off?

Read more

Stream the Latest Episode

Available now on YouTube, Apple and Spotify. See the episode transcript at the top of this page, and a summary at the bottom.

Brought to You By

• Sonar — Trust your developers – verify your AI-generated code.

• Vanta —Automate compliance and simplify security with Vanta.

—

In This Episode

In today's episode of The Pragmatic Engineer, I'm joined by Charity Majors, a well-known observability expert – as well as someone with strong and grounded opinions. Charity is the co-author of "Observability Engineering" and brings extensive experience as an operations and database engineer and an engineering manager. She is the cofounder and CTO of observability scaleup Honeycomb.

Our conversation explores the ever-changing world of observability, covering these topics:

• What is observability? Charity’s take

• What is “Observability 2.0?”

• Why Charity is a fan of platform teams

• Why DevOps is an overloaded term: and probably no longer relevant

• What is cardinality? And why does it impact the cost of observability so much?

• How OpenTelemetry solves for vendor lock-in

• Why Honeycomb wrote its own database

• Why having good observability should be a prerequisite to adding AI code or using AI agents

• And more!

Takeaways

My biggest takeaways from this episode:

1. The DevOps movement feels like it’s in its final days, having served its purpose. As Charity put it:

“It’s no longer considered a good thing to split up a dev team and an ops team to then collaborate, right? Increasingly, there are only engineers who write code and own their code in production. And I think this is really exciting. We can understand why Dev versus Ops evolved, but it was always kind of a crazy idea that half your engineers could build the software and the other half would understand and operate it.”

Indeed, I cannot name any team at startups or at large tech companies that has a dedicated Ops team. While there surely exist such companies in small pockets – think of more traditional companies operating in highly regulated environments like finance or healthcare – this setup feels like the exception rather than the norm.

2. Lots of people get dashboards wrong! Charity doesn’t think that static dashboards are helpful to engineering teams at all. In fact, misusing dashboards is one of the most common observability practices she sees:

“Unless your dashboard is dynamic and allows you to ask questions, I feel like it's a really poor view into your software. You want to be interacting with your data. If all you're doing is looking at static dashboards, I think it limits your ability to really develop a rich mental model of your software. And this means that there are things that you won’t see; because you did not graph it on your dashboard!”

3. Observability will be especially important for AI use cases in these ways:

o11y for LLMs: to get data on how they behave and to be able to debug behaviors. This is relevant for teams building and operating AI models.

o11y for code generated by AI: the generated code should have the right amount of observability in place. Once the code is deployed to production, developers need to be able to get a sense of how the code is behaving there!

GenAI means that a lot more code will be generated via LLMs – and all this code needs observability!

The Pragmatic Engineer deepdives relevant for this episode

• How Uber Built its Observability Platform

• Building an Observability Startup

• How to debug large distributed systems

• Shipping to production

Timestamps

(00:00) Intro

(04:20) Charity’s inspiration for writing Observability Engineering

(08:20) An overview of Scuba at Facebook

(09:16) A software engineer’s definition of observability

(13:15) Observability basics

(15:10) The three pillars model

(17:09) Observability 2.0 and the shift to unified storage

(22:50) Who owns observability and the advantage of platform teams

(25:05) Why DevOps is becoming unnecessary

(27:01) The difficulty of observability

(29:01) Why observability is so expensive

(30:49) An explanation of cardinality and its impact on cost

(34:26) How to manage cost with tools that use structured data

(38:35) The common worry of vendor lock-in

(40:01) An explanation of OpenTelemetry

(43:45) What developers get wrong about observability

(45:40) A case for using SLOs and how they help you avoid micromanagement

(48:25) Why Honeycomb had to write their database

(51:56) Companies who have thrived despite ignoring conventional wisdom

(53:35) Observability and AI

(59:20) Vendors vs. open source

(1:00:45) What metrics are good for

(1:02:31) RUM (Real User Monitoring)

(1:03:40) The challenges of mobile observability

(1:05:51) When to implement observability at your startup

(1:07:49) Rapid fire round

A summary of the conversation

For those of you more interested in reading a summary of the conversation — or skimming over it — see it here. Takeaways follow after the summary.

Observability (o11y) basics

Observability is about understanding software, specifically the intersection of code, systems, and users.

It is not just about errors, bugs and outages; it is also about understanding the impact of code.

Observability is a tool that is critical for development feedback loops, and is not just an operational tool.

The goal of good o11y is to help engineers understand their software in the language of the business.

Engineers should be able to tie their work back to top-level goals, and explain how their work translates to the business.

Sampling is an important lever, contrary to the idea that every log is sacred.

‘metrics’ vs ‘Metrics’

We need to distinguish between metrics (small 'm') as a generic term for telemetry and Metric (capital 'M') as a specific data type, a number with appended tags.

The Metric data type is limited because it doesn't sort any contextual relationship data.

The Three Pillars Model

The three pillars model of observability is this: metrics, logs and traces.

Many vendors sell products for each of these pillars – as well as for all of them

The problem with the Three Pillars Model is that every request that enters a system is stored multiple times, in different tools (metrics, logs, traces, profiling, analytics).

There is little to connect the data points; engineers are left to manually correlate the data.

The cost of following this model is high: it’s because storing the same data in multiple tools and databases is very high!

What is Observability 2.0?

Observability 2.0 moves away from multiple sources of truth to unified storage.

With unified storage, there are no dead ends: engineers can click on a log, turn it into a trace, visualize it over time, and derive metrics and SLOs from it. They can then see which events are violating SLOs.

Good observability powers developer feedback loops. It allows engineers to visualize the CI/CD as a trace and see where tests are breaking. The goal is to keep the time between building code and seeing it in production as small as possible.

Observability is shifting from being an ops tool, focused on errors and downtime to something that supports the entire development cycle.

Modern engineering practices + good observability is where the real value is.

Modern engineering practices such as feature flags, progressive deployment, and canary releases, along with observability, give engineers confidence to move quickly and safely.

Observability acts as a translation layer, enabling engineers to reason about their work and tie it back to top-level business goals.

The dream goal? To be able to explain and understand our work in the same language as everyone else: how much financial value is this piece of code generating?

Why is observability hard, anyway?

Engineers have to think about what they might need to understand in the future. Like during an incident at 2:00 AM!

Software is hard. Observability is the first line of defense.

Tools have historically required engineers to be masters of multiple disciplines, e.g., they had to convert their code into physical resources such as CPU and RAM usage.

Cost of Observability: why is it so expensive?

One reason observability is expensive: the multiplier effect. The same data is stored multiple times. One common criticism of The Three Pillars model.

Cardinality: another thing that can make it a lot more expensive

Cardinality means to the number of unique items in a set. Unique IDs, such as request IDs, have the highest possible cardinality.

Big 'M' Metrics tools are designed to handle low-cardinality data (Observability 1.0 tools)

Adding high cardinality data to metrics tools makes them very expensive.

These days, world-class observability teams spend the majority of their time governing cardinality!

The more unique the data, the more valuable it is for debugging but that also means it costs more.

To solve this, the industry has to move away from tools backed by big 'M' metrics, to those using structured data where high cardinality can be stored.

The wider the logs (the more context attached to each event), the better the ability to identify outliers and correlate data.

Is Observability 1.0 getting in the way or building what engineering needs – at a lower cost?

The model for traditional observability tools does not fit the needs for the data that engineers actually need.

Metrics were optimized for a world where resources were very expensive, but now that storage and compute is cheaper, it's possible to store more data and slice and dice in realtime.

A column-based data store is needed to use flexible structured data without having to define indexes and schemas in advance.

OpenTelemetry

What is OpenTelemetry (OTel)?

A collection of APIs, SDKs and tools to make telemetry portable and effective.

It provides a framework for consistent telemetry with consistent naming and semantic conventions, allowing vendors to do more with the data.

OTel overtook Kubernetes as the number one project in the CNCF.

The goal of Otel is to allow engineers to instrument code once, and then point the data to whatever vendor is chosen.

OTel forces vendors to compete on the basis of their excellence and responsiveness.

Using OpenTelemetry is a safe bet for companies to enable portability of data between vendors.

It also gives the option of negotiating with vendors, because of the ability to switch!

Common mistakes with observability

Introducing it too late. Engineers feel like they don't need observability until they are in production and things start breaking.

Using dashboards wrong.

Engineers can get too attached to dashboards.

Dashboards, unless they are dynamic and allow you to ask questions, are a poor view into software.

Not using SLOs and error budgets enough.

SLOs (Service Level Objectives) should be the entry point, not dashboards.

SLOs are the APIs for engineering teams.

SLOs provide a budget for teams to run chaos engineering experiments.

SLOs are a hedge against micromanagement, because when teams meet their SLOs, the way they spend their time is not important.

SLOs allow teams to negotiate for reliability work if they are not meeting their obligations.

SLOs need to be derived from the same data as debugging.

Other topics

Why did Honeycomb build their own database?

At Honeycomb, Charity decided to build their own database despite the common wisdom to never do it. ClickHouse wasn't a thing back then: if it was, perhaps they would have not built it.

The database, called Retriever, is a column-based store. The query planner runs using Lambda jobs. Data is aged out to S3 after being written to SSDs.

It’s been a win, looking back now. The data model is custom, and being able to iterate on it has been a force multiplier.

Observability and AI

AI intersects with observability in three areas:

1. When building and training models

2. When developing with LLM

3. When dealing with code of unknown origin produced by AI

Good AI observability can't exist in isolation; it must be embedded in good software observability.

The inputs for AI models come from different services, data and humans and this creates a trace shaped problem

Build vs Buy vs Open Source

The main trend across the industry: consolidation. Companies try to control their bills.

Most companies use vendors and don't want to deal with observability tools breaking at 2am.

Metrics still have a place, but most companies need to move from 80% metrics/20% structured data to the reverse.

Frontend and mobile observability

Silos are created when different teams use different tools.

A unified view from mobile/browser to database is powerful.

Mobile is different because the build pipeline is different, and the inability to fold mobile into software development best practices.

Resources & Mentions

Where to find Charity Majors:

• X: https://x.com/mipsytipsy

• LinkedIn: https://www.linkedin.com/in/charity-majors/

• Blog: https://charity.wtf/

Mentions during the episode:

• Honeycomb: https://www.honeycomb.io/

• Parse: https://parseplatform.org/

• Ruby on Rails: https://rubyonrails.org/

• Christine Yen on LinkedIn: https://www.linkedin.com/in/christineyen/

• Scuba: Diving into Data at Facebook: https://research.facebook.com/publications/scuba-diving-into-data-at-facebook/

• Three pillars: https://charity.wtf/tag/three-pillars/

• Unified storage: https://charity.wtf/tag/unified-storage/

• “Every Sperm is Sacred”:

• Peter Borgan on LinkedIn: https://www.linkedin.com/in/peterborgan/

• Datadog: https://www.datadoghq.com/

• Vertica: https://en.wikipedia.org/wiki/Vertica

• Ben Hartshorne on LinkedIn: https://www.linkedin.com/in/benhartshorne/

• Cardinality: https://en.wikipedia.org/wiki/Cardinality_(data_modeling)

• COBOL: https://en.wikipedia.org/wiki/COBOL

• Ben Sigelman on LinkedIn: https://www.linkedin.com/in/bensigelman/

• OpenTelemetry: https://opentelemetry.io/

• Kubernetes: https://www.cncf.io/projects/kubernetes/

• SLOs: https://docs.honeycomb.io/notify/alert/slos/

• ClickHouse: https://clickhouse.com/

• Why We Built Our Own Distributed Column Store: https://www.honeycomb.io/resources/why-we-built-our-own-distributed-column-store

• "Why We Built Our Own Distributed Column Store" by Sam Stokes:

• "How we used serverless to speed up our servers" by Jessica Kerr and Ian Wilkes:

• Inside Figma’s Engineering Culture: https://newsletter.pragmaticengineer.com/p/inside-figmas-engineering-culture

• How to debug large, distributed systems: Antithesis: https://newsletter.pragmaticengineer.com/p/antithesis

• Observability in the Age of AI: https://www.honeycomb.io/blog/observability-age-of-ai

• Grafana: https://grafana.com/

• Prometheus: https://prometheus.io/

• What Is Real User Monitoring (RUM)?: https://www.honeycomb.io/getting-started/real-user-monitoring

• Crashlytics: https://en.wikipedia.org/wiki/Crashlytics

• Square wheels comic: https://alexewerlof.medium.com/on-reinventing-the-wheel-201148f74642

• WhistlePig Whiskey: https://www.whistlepigwhiskey.com/

• George T. Stagg bourbon: https://www.buffalotracedistillery.com/our-brands/stagg.html

• Stagg Jr.: https://newportwinespirits.com/products/stago-jr-ksbw

• Fluke: Chance, Chaos, and Why Everything We Do Matters: https://www.amazon.com/Fluke-Chance-Chaos-Everything-Matters/dp/1668006529

—

Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@pragmaticengineer.com.

Security professionals have long taught that organizations should limit the access individuals have in computer systems to just those privileges necessary to perform their job. This is known as the principle of least privilege. The problem is that knowing this is a best practice and putting it into practice are two different things. Traditionally, organizations have used access control lists (ACLs) and role-based access control (RBAC) based on groups to authorize activities. These methods are static, requiring that lists or groups be updated manually as people move between roles or leave employment. When this is extended to partners, suppliers, and other services, the problem is that much worse. And excess standing privileges are a real security risk.

Standing privileges are characterized by persistent access regardless of whether the person is using the resource or not, predefined scope where role is used to define broad access, and minimal oversight with little monitoring and accountability. Standing privileges increase the attack surface, letting attackers exploit broad permissions without further escalation. In addition, over time people accumulate permissions beyond what they need to perform their current job, a situation known as privilege creep.

In an ideal world, least privilege is like a shrink wrap, constantly adjusting the access perimeter as the needs of the employee change. Sometimes they expand and the shrink wrap expands to seamlessly grant any access to needed perform a job. Sometimes the needs shrink and the access perimeter of the employee contracts as well. By limiting access to just that necessary to perform tasks, least privilege ensures that the attack surface that an attacker can exploit is as small as possible.

Zero Trust

Sometimes it's easy to get least privilege and zero trust confused. Zero trust is an overall security framework that requires continuous trust verification. Zero trust is a strategic, overarching trust model for an entire organization. Least privilege, in contrast, is more tactical, determining who can access what and when they can do it.

To see how least privilege fits into a zero trust strategy, consider a database administrator (DBA). Least privilege might set access controls such that the DBA can manage databases, but cannot view customer data stored within them. If their credentials are compromised, the attacker cannot steal sensitive information because the DBA’s privileges are tightly scoped. Zero trust relies on the DBA's access being valid, but might also check for unusual activity such that if the DBA appears to be accessing the database from a new location or at an unusual time, access is curtailed until the DBA is re-authenticated.

As the example shows, least privilege is an important part of zero trust, but only part. Other tactics that play in a zero trust strategy include device management, multi-factor authentication, and segmenting applications and processes (i.e., microsegmentation) to make fine-grained access control possible. Still, least privilege is a core part of a zero trust strategy. And least privilege depends on eliminating standing privileges.

Eliminating Standing Privileges

Recent developments in dynamic authorization have made it easier than ever to eliminate standing privileges. Standing privileges are the result when automatically updating an employee's access in response to changing circumstances is difficult. Modern policy-based authorization systems like Cedar allow organizations to control access though policies that state who can access what and under what conditions. These policies are managed like code, making them easier to manage. More importantly, they can automatically respond to changing circumstances.

For example, the first of the following two Cedar policies forbids anyone to access any resource that's considered "critical" unless they're on a managed device with an acceptable security posture. The second permits employees in the Finance group to access any finance application. These policies work together, so that if the finance application is also a critical resource, then finance employees would also have to be on a managed device with an acceptable security posture. As employees change roles that group is automatically updated from the HR system, growing or shrinking access as needed.

forbid( principal, action, resource in Category::"CriticalResources" ) unless { context.device.security.risk == "Secure" && context.device.security.assessment.overall >= 80 }; permit( principal in UserGroup::"Finance" action, resource in Category::"FinanceApplications" );

While policy-based access control (PBAC) can be used to mimic a role-based access control system, proper system segmentation (i.e. being able to identify finance applications) and device management allows finer-grained access control where employee's actions can be restricted to specific systems and only when their using a company-owned device that is properly secured. Access control can be limited to certain times or from specific locations. All of these reduce the surface area of an employee's access perimeter for better security.

Just-in-Time Access Control

We can shrink the access perimeter even further using just-in-time access control. Just-in-time (JIT) access control is a mechanism that grants users, applications, or processes access to resources only for a limited time and only when it is explicitly needed. This minimizes the risks associated with long-term or persistent access privileges. While the principle of least privilege focuses on ensuring users or systems have the minimum permissions required to perform their roles or tasks, JIT access control refines this further with several other important features:

Time-Bound Privileges:—JIT ensures permissions are time-limited, reducing the window of opportunity attackers have to exploit rarely-used accounts. For example, a developer needing access to a production server might receive elevated privileges only for a specific task and only for a set duration.

Dynamic Privilege Assignment:—Even when policies are evaluated for each access, the permissions they allow are available indefinitely. JIT adds another dimension to the dynamic nature of PBAC where privileges are granted on demand and revoked automatically when no longer needed.

Granular Control:—Dynamic privilege assignment complements PBAC by making access more granular—not just who can access what, but also when and for how long.

JIT access control might, for example, be used to limit access to payroll functions except during the window when payroll is being processed. Another example is in so-called "break-glass" situations where access is granted to production resources in an emergency or in the case of unexpected failure. Other examples use dynamic roles (e.g., on call) to grant access or require a third party (like a manager) to approve access.

These scenarios can fit within a policy-based authorization architecture using mechanisms such as dynamically altering roles or adding information to the authorization request context based on querying other systems or utilizing permission tokens that carry time-based permissions with them. For example, the following policy makes use of an assignment to process payroll in the oncall tracking system to ensure only people with an oncall assignment of "payroll" can process the payroll.

forbid( principal action == "Payroll::Process", resource ) unless { context.oncall.assignment == "payroll" }

For this to work, the authorization agent that creates the request for the policy authorizer has to ensure that the context for the request includes the correct oncall assignment and oncall assignments need to be automated.

Putting it All Together

Zero trust, the principle of least privilege, and just-in-time access work together to create a comprehensive security framework.

Zero trust enables an overarching strategy that mandates systems, resources, and actions be designed such that it is possible to continuously verify every action.

Principle of Least Privilege forms the heart of the zero trust strategy, mandating authentication and authorization systems that can dynamically grant fine-grained access through policy.

Just-in-time authorization augments the authorization system so that permissions can be granted not just based on who and where, but also only when they are needed to perform critical actions.

The well known adage that you can't buy security, applies to zero trust and JIT. There are products and technologies that make just-in-time, dynamic fine-grained access control possible, but besides putting them in place, you must also integrate them, make any necessary changes to other systems, and implement governance, monitoring, and auditing to ensure they work. These are organizational changes that take time, money, and perseverance. Done right, the payoff is not just a reduced attack surface and better security, but more productive employees as well. This may seem counter-intuitive, but poorly implemented, piecemeal security measures put much of the burden for keeping systems safe on employees who deal with tactics like frequent, yet ineffective password changes or requesting, and then waiting for, permissions to do their job.

When dynamic access control with JIT access is thoughtfully implemented, you shift the burden of security from employees to systems that automate protection, making it proactive and intelligent. Reducing friction so that employees can do their job while also enhancing security requires balance and a holistic approach that aligns technology, process, and culture. This transformation requires real effort but offers substantial rewards: resilient, secure systems; empowered employees; and peace of mind.

Photo Credit: Shrink Wrapped Computers from DALL-E (public domain) Prompt: draw a wide format picture of several colorful, shrink wrapped computers and smartphones.

Ask 10 startups or scaleups if they use the “Microsoft stack”, and I’d be willing to bet that almost none do. By “Microsoft stack”, I mean using any one of C# or F# as a programming language, the .NET framework, ASP.NET for web development, or SQL Server as a database. However, if you asked the same companies if they use one or all of Visual Studio Code, GitHub, Copilot, TypeScript, or npm, then all may reply that they do.

The questions might seem different, but they are in fact almost identical. VS Code, GitHub, TypeScript, npm are all technologies owned and operated by Microsoft which are increasingly popular with startups and modern tech companies, but just don’t have strong Microsoft branding.

The Windows maker is quietly investing more in developer tools than any Big Tech giant. It acquired GitHub for $7.5B in 2018. It likely spent hundreds of millions of dollars per year to develop Visual Studio Code – then and then gave it away for free while upselling some of its services. It also offers GitHub Copilot for $10/month or $100/year, which may currently be a loss-making price point.

So, why is Microsoft investing so much into developer tooling, and why does the rest of Big Tech seem comparatively uninterested in competing in this area? This question has been bugging me, so I attempted to find an answer. In order to properly understand what’s happening today, it’s useful to go back in time to when Microsoft became a highly profitable “dev tools monopoly” once before, in the 2000s.

This deep dive covers the first part of the story, covering:

A programming language interpreter company. Microsoft started out as a company selling BASIC interpreters to various hardware companies.

More and better developer tools. Following the success of MS-DOS and Windows, the company still built developer tools like Microsoft C, QuickC and MFC.

Journal for developers. Microsoft Systems Journal (MSJ). In the same year as going public, Microsoft started a printed magazine for MS-DOS and Windows developers.

Visual C++, a Development System for Windows. Microsoft created this IDE to make it easier to develop apps for Windows.

Visual Studio. The first IDE by the company that supported multiple programming languages.

Microsoft Developer Network (MSDN). Microsoft managed to figure out how to charge a large premium for quality documentation and access to the latest software.

“Developers, developers, developers!” This now-famous chant had more context: Microsoft knew that it needed developers to adopt the newly launched .NET framework, to make it a technology adoption success.

1. A programming language interpreter company

Most people associate Microsoft with the ubiquitous Windows operating system, but the company actually began by creating a language interpreter.

Building a BASIC interpreter in two months

On New Year’s Day in 1975, an advert for a minicomputer appeared on the front page of Popular Electronics, then the world’s most popular electronics magazine. It was for the Altair 8800; a small computer with an Intel 8080 CPU. The price was $439 (around $2,500 today) and the Altair couldn’t do much by itself: it had to be extended with memory (up to 4KB), and additional interface boards needed to be purchased to make it practical to use, like a typing board, cassette tapes, floppy disks, etc. All these were separate purchases, and some weren’t available at launch.

The price was incredibly low for its time. Before the Altair 8800, computers that were equally capable cost several times more, whereas the Altair was accessible to hobbyists. Its manufacturer, MITS (Micro Instrumentation and Telemetry Systems), hoped to sell 200 units, but sold 2,500 units in five months, and the device became the first commercially successful computer.

The ad announcing the Altair 8800 in Popular Electronics

The advert caught the attention of programmers Bill Gates and Paul Allen and Paul Allen, who predicted the device would quickly become popular, and spied an opportunity to develop software for it. They contacted MITS offering to develop an interpreter for a popular programming language called BASIC (Beginner's All-Purpose Symbolic Instruction Code). It’s a simple enough language:

INPUT "Enter the value of n: ", N IF N <= 1 THEN PRINT N : END A = 0 B = 1 FOR I = 2 TO N C = A + B A = B B = C NEXT I PRINT "The", N, "th Fibonacci number is:", B END

BASIC code to calculate the nth Fibonacci number

Allen and Gates did not have an Altair computer, but realized time was of the essence; so Allen wrote an Altair simulator based solely on the Intel manual for the 8080 chip (!!) Meanwhile, Gates wrote the BASIC interpreter to run on this simulator. In March, Paul Allen flew to meet the manufacturer, and demonstrated that it worked flawlessly: he loaded the interpreter into the machine, and then proved correctness by typing in simple programs like printing 2+2, sums of numbers, squares of numbers, and so on.

MITS was interested in distributing BASIC with the Altair, as the software would make their kit more useful for developers. This was the point when Allen and Gates created a corporate entity to do business: on 4 April 1975 they named and founded “Microsoft.” The company’s first contract was a licensing agreement to allow Altair to distribute their version of BASIC under the name “Altair BASIC.”

Microsoft BASIC

Microsoft’s emergence coincided with the start of a boom in affordable personal computers; every new hardware wanted to ship software to be more appealing to professional and hobbyist developers. A BASIC interpreter made all such systems easier to sell, and Microsoft developed and licensed many more BASIC interpreters to other manufacturers, including to Apple for the Apple II, to IBM, the Z-80, and the Commodore 64.

Smartly, these versions of BASIC were called “Microsoft BASIC” and the company extended the functionality of BASIC, adding improved string manipulation and better graphics support. Plus, the “Microsoft” brand name was displayed whenever the interpreter started up, which raised the company’s profile with users.

The first version of Microsoft Basic for the Apple II was on a cassette. Source: Global Nerdy 2. More and better developer tools

Microsoft’s commercial breakthrough began with creating and distributing the DOS operating system in 1981, and then the Windows operating system in 1985. In 1990, Microsoft launched Windows 3.0 and also introduced Microsoft Word and Microsoft Excel. This combination of an operating system and word processor helped Windows gain more popularity, and made the OS even more popular. Here’s how sales of the different versions compared:

Read more

I took notes on Marc Andreessen and Ben Horowitz’s post-election discussion of their Fairshake pro-crypto Pac and the coming Trump presidency about two months ago, but set them aside and other topics took precedence. Given the rising craziness in the crypto space around the inauguration, I thought it was a good time to put them out for consideration. A quick glance at the finances of their pro-crypto / pro-blockchain Pac should be a wake up call to anyone doubting the rising tide of automated, smart contract law and global cyber governance. We need to wrap our heads around the fact that it’s less about money and power and more about information theory, token engineering, and the shift of social systems into a networked super intelligence operating under the United Nations Sustainable Development Goals for expanded “human potential.” It is a bipartisan effort. It is an international effort. It will be framed as a “populist uprising” to take back “the commons,” engineered of course by the world’s largest asset holders. In my opinion, meme-coins are biosemiotic aides facilitating emergent swarm intelligence. Tread carefully around those digital mind viruses folks. A lot of money, and tokens, are being thrown around trying to get their planned cyberphysical-sociotechnical future to stick. 

 

Source: https://web.archive.org/web/20250118220652/https://www.followthecrypto.org/committees/C00835959 Source: https://embed.kumu.io/57d6a066cd053fc3241a8ee0c984a34e#untitled-map?s=bm9kZS1JVzhhQVBxVg%3D%3D

Ripple is a major donors to the Fairshake Pac. See relation to digital ID and MIT Media Lab / social physics and automated legal systems.

My video recorded today on Trump’s second inauguration:

The Why Files “irradiated wolves” video: 

The A16Z discussion comparing the Biden / Trump positions on crypto and emerging tech: 

An older presentation on Laura Arrillaga Andreessen (Marc’s wife) and social impact finance at Stanford:

Two older presentations on next-gen nuclear being promoted vigorously by A16z:

This article looks at management application access tokens in an ASP.NET Core web application. Any application with or without a user can use application access tokens as long as the application can persist the tokens in a safe way.

Code: https://github.com/damienbod/token-mgmt-ui-application

Blogs in this series ASP.NET Core user delegated access token management ASP.NET Core user application access token management ASP.NET Core delegated OAuth Token Exchange access token management Setup

The ASP.NET Core web application authenticates using OpenID Connect and OpenIddict as the secure token server. The application needs to use data from an app-to-app resource. An OAuth client credential flow is used to get an application access token to access the API. The OAuth client credentials flow can only be used when it can keep a secret. This token has nothing in common with the delegated access token from the user authentication. The application is persisted once for the application. An in-memory cache is used for this. The application sends the application access token as a bearer token to the API.

What must an application manage?

An access token management solution must ensure that tokens are securely stored per application for application tokens and updated after each UI authentication or refresh. The solution should be robust to handle token expiration, function seamlessly after restarts, and support multi-instance deployments. The tokens must be persisted safely in multiple instance setups. Additionally, it must effectively manage scenarios involving invalid or missing access tokens.

Properties of token management in the solution setup: The access token is persisted per application The token expires The token needs to be persisted somewhere safely (Safe and encrypted storage if not in-memory) The solution must work after restarts The solution must work for multiple instances when deployed to multi-instance deployments. The solution must handle invalid access tokens or missing access tokens Implementation example

An ApplicationAccessTokenCache service is used to manage the access tokens for the application. The service is registered as a singleton and runs once for the whole application. Each request scope can use this. The application looks in the cache for a valid token and if no valid token is present, the service requests a new access token using the OAuth client credentials flow. The token is persisted to the cache using the client ID. This means only one token can exist per client definition.

using IdentityModel.Client; using Microsoft.Extensions.Caching.Distributed; using System.Text.Json; namespace Ui; /// <summary> /// Cache persists token per application /// </summary> public class ApplicationAccessTokenCache { private readonly ILogger<ApplicationAccessTokenCache> _logger; private readonly HttpClient _httpClient; private readonly IConfiguration _configuration; private static readonly object _lock = new(); private readonly IDistributedCache _cache; private const int cacheExpirationInDays = 1; private class AccessTokenItem { public string AccessToken { get; set; } = string.Empty; public DateTime ExpiresIn { get; set; } } public ApplicationAccessTokenCache( IConfiguration configuration, IHttpClientFactory httpClientFactory, ILoggerFactory loggerFactory, IDistributedCache cache) { _configuration = configuration; _httpClient = httpClientFactory.CreateClient(); _logger = loggerFactory.CreateLogger<ApplicationAccessTokenCache>(); _cache = cache; } public async Task<string> GetApiToken(string clientId, string scope, string secret) { var accessToken = GetFromCache(clientId); if ((accessToken != null) && (accessToken.ExpiresIn > DateTime.UtcNow)) { return accessToken.AccessToken; } _logger.LogDebug("GetApiToken new from secure token server for {clientId}", clientId); var newAccessToken = await GetInternalApiToken(clientId, scope, secret); AddToCache(clientId, newAccessToken); return newAccessToken.AccessToken; } private async Task<AccessTokenItem> GetInternalApiToken(string clientId, string scope, string secret) { try { var disco = await HttpClientDiscoveryExtensions.GetDiscoveryDocumentAsync( _httpClient, _configuration["OpenIDConnectSettings:Authority"]); if (disco.IsError) { _logger.LogError("disco error Status code: {discoIsError}, Error: {discoError}", disco.IsError, disco.Error); throw new ApplicationException($"Status code: {disco.IsError}, Error: {disco.Error}"); } var tokenResponse = await HttpClientTokenRequestExtensions.RequestClientCredentialsTokenAsync(_httpClient, new ClientCredentialsTokenRequest { Scope = scope, ClientSecret = secret, Address = disco.TokenEndpoint, ClientId = clientId }); if (tokenResponse.IsError) { _logger.LogError("tokenResponse.IsError Status code: {tokenResponseIsError}, Error: {tokenResponseError}", tokenResponse.IsError, tokenResponse.Error); throw new ApplicationException($"Status code: {tokenResponse.IsError}, Error: {tokenResponse.Error}"); } return new AccessTokenItem { ExpiresIn = DateTime.UtcNow.AddSeconds(tokenResponse.ExpiresIn), AccessToken = tokenResponse.AccessToken! }; } catch (Exception e) { _logger.LogError("Exception {e}", e); throw new ApplicationException($"Exception {e}"); } } private void AddToCache(string key, AccessTokenItem accessTokenItem) { var options = new DistributedCacheEntryOptions() .SetSlidingExpiration(TimeSpan.FromDays(cacheExpirationInDays)); lock (_lock) { _cache.SetString(key, JsonSerializer.Serialize(accessTokenItem), options); } } private AccessTokenItem? GetFromCache(string key) { var item = _cache.GetString(key); if (item != null) { return JsonSerializer.Deserialize<AccessTokenItem>(item); } return null; } }

The ApplicationUsersService class uses the access token from the token service. This is a scoped service and the data is requested from the API using a bearer token in the authorization header.

using IdentityModel.Client; namespace Ui; public class ApplicationUsersService { private readonly IConfiguration _configuration; private readonly IHttpClientFactory _clientFactory; private readonly ApplicationAccessTokenCache _apiTokenCacheClient; public ApplicationUsersService(IConfiguration configuration, IHttpClientFactory clientFactory, ApplicationAccessTokenCache apiTokenCacheClient) { _configuration = configuration; _clientFactory = clientFactory; _apiTokenCacheClient = apiTokenCacheClient; } /// <summary> /// HttpContext is used to get the access token and it is passed as a parameter /// </summary> public async Task<string> GetPhotoAsync() { try { var client = _clientFactory.CreateClient(); client.BaseAddress = new Uri(_configuration["AuthConfigurations:ProtectedApiUrl"]!); var access_token = await _apiTokenCacheClient.GetApiToken( "CC", "myccscope", "cc_secret" ); client.SetBearerToken(access_token); var response = await client.GetAsync("api/ApplicationUsers/photo"); if (response.IsSuccessStatusCode) { var data = await response.Content.ReadAsStringAsync(); if (data != null) return data; return string.Empty; } throw new ApplicationException($"Status code: {response.StatusCode}, Error: {response.ReasonPhrase}"); } catch (Exception e) { throw new ApplicationException($"Exception {e}"); } } }

The required services are added the the application in the program file.

builder.Services.AddSingleton<ApplicationAccessTokenCache>(); builder.Services.AddScoped<ApplicationUsersService>(); builder.Services.AddHttpClient(); builder.Services.AddDistributedMemoryCache();

The token cache works great when using in-memory cache. If using a persistent cache, care needs to be taken that the access tokens are persisted in a safe way.

Notes

In follow up blogs, I will look at the different ways and the different types of strategies which are used to implement token management in ASP.NET Core web applications.

Microsoft.Identity.Web delegated access tokens & OBO access tokens Microsoft.Identity.Client application tokens Azure SDK tokens Handling multiple access tokens OAuth Token Exchange for downstream user delegated access tokens Links

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims

https://github.com/dotnet/aspnetcore/issues/8175

In this morning’s video I somehow missed the fact that the inauguration coincides with MLK Day, which is an interesting sync with the “melanin as optical material” lens. I’m going to drop a few links to old blog posts that touch on the YMCA and “out of school time learning” as as well as my “Momo” read-aloud playlist. Maybe I should do a read aloud of Bentov’s “Stalking the Wild Pendulum,” too? I’m understanding it much better now. Look for a discussion of quantum realism with Joseph Gonzales in the coming week. I’ll just say it once again, I can’t believe I have to talk about any of this, but if you don’t take it too seriously, conjecturing can be rather fun.

https://x.com/MAHAAction/status/1879945173721051166

Going “inside”

Momo Read Aloud Playlist https://wrenchinthegears.com/2017/05/08/out-of-school-time-learning-a-wolf-in-sheeps-clothing/ https://wrenchinthegears.com/2018/03/18/too-big-to-map-but-i-tried/ https://wrenchinthegears.com/2019/11/15/the-family-friendly-schools-act-a-set-up-for-soft-policing-schools-to-profit-impact-investors/ https://wrenchinthegears.com/2023/02/27/gods-eye-view-part-5-prediction-markets-in-public-policy/ https://wrenchinthegears.com/2023/02/05/dallas-esports-and-bucky-ballers-guest-post-and-follow-up-discussion/ https://ymcadallas.org/programs/youth-sports/esports

 

 

 

 

 

 

 

 

In this video I draw connections between Gestalt theory and organizational development as applied to digital groupthink in the context of Christiana Figueres, a leader in the development of carbon trading, who trained at the Gestalt Institute of Cleveland. As a young woman, she attended Swarthmore College, a Quaker institution. The first wife of her father, three-time president of Costa Rica and MIT alumnus, had ties to Quaker expats (Henrietta Boggs’ uncle and aunt) who emigrated south from Alabama in the 1950s.

Kenneth Boulding, a Quaker economist who developed some of the first ideas around social impact investing, and his wife Elise, sociologist who built the field of peace studies, were affiliated with Swarthmore though Kenneth only did a year’s stint as a guest lecturer.

When our family toured the campus for a college visit, it was made clear that only the top-tier candidates would be accepted, because many slots were reserved for equity outreach. Interestingly a high percentage of students presenting that day asserted their intentions to become economists with aspirations of working at the World Bank and the IMF. That was an eye-opener for sure! 

https://prabook.com/web/christiana.figueres/451403 https://www.swarthmore.edu/news-events/un-climate-chief-christiana-figueres-79-among-most-influential-people-2016 https://acrcarbon.org/news/winrock-international-applauds-board-member-christiana-figueres-on-united-nations-climate-change-secretariat-appointment/ https://www.ecosystemmarketplace.com/articles/christiana-figueres-close-personal-carbon-markets/ https://embed.kumu.io/a257abdf4aa4cbf3f75b90154c4f5099#untitled-map?s=bm9kZS1ycmxMMHJvNw%3D%3D https://www.neh.gov/humanities/2014/januaryfebruary/statement/first-lady-the-revolution https://www.quakersintheworld.org/quakers-in-action/257/Quakers-in-Costa-Rica https://alum.mit.edu/slice/mits-costa-rican-president

I use the visual of the optical illusion of paired silhouettes with a vase in the center to describe how two narratives can be presented, but often only one is truly “seen.” This Gestalt concept is applied to parallel narratives – one presented in two recent stories on Unlimited Hangout that foreground militarism and data surveillance in AI healthcare and the story I keep attempting to tell about gamified managed community “wellness” protocols linked to social impact finance deals on blockchain that on another level will be leveraged to catalyze emergent behaviors and possibly advance bio-hybrid information processing.

I also describe a strange encounter in which Aetna health care intended to target low-income communities of color for VR guided meditation in a digital “jungle” setting. The second hour of the video is a repeat of two site visits Jason and made in Denver in 2022 to the then new Palantir headquarters and the state capitol.

 

The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. The tokens are requested from an OpenID Connect server using the recommended standards. In this blog, the UI access token from the application authentication is re-used for the downstream API.

Code: https://github.com/damienbod/token-mgmt-ui-delegated-direct

Blogs in this series ASP.NET Core user delegated access token management ASP.NET Core user application access token management ASP.NET Core delegated OAuth Token Exchange access token management Setup

The solution uses a secure downstream API and requires user delegated access tokens for access. The UI application is implemented using ASP.NET Core and razor pages. The UI application authenticates against an OpenID Connect server implemented using OpenIddict. The application client is implemented using an OpenID Connect confidential client and the OpenID Connect code flow with PKCE. This flow returns an access token which is used for the downstream API.

What must an application manage?

An access token management solution must ensure that tokens are securely stored per user session for user delegated tokens and updated after each UI authentication or refresh. The solution should be robust to handle token expiration, function seamlessly after restarts, and support multi-instance deployments. Additionally, it must effectively manage scenarios involving invalid or missing access tokens.

Properties of token management in the solution setup: The access token is persisted per user session The token expires The token needs to be persisted somewhere safely The token must be replaced after each UI authentication (per user) The solution must work after restarts The solution must work for multiple instances when deployed to multi-instance deployments. The solution must handle invalid access tokens or missing access tokens Implementation example using Duende Token Management

The Duende Token Management OpenIdConnect Nuget package can be used to implement these requirements for user delegated access tokens. This is not the only way to do this and can be implemented in numerous different ways. With this package, the AddOpenIdConnectAccessTokenManagement can be used to add the token management.

builder.Services.AddOpenIdConnectAccessTokenManagement();

The different HTTP requests or the Razor pages can use the GetUserAccessTokenAsync method to get the access token for each user and session. The SaveTokens is set to true to persist the tokens in the session using a secure cookie per default. This is an option in the AddOpenIdConnect method. The defined scope is used to select the access token.

// token expires, token managment required var accessToken = await HttpContext.GetUserAccessTokenAsync( new UserTokenRequestParameters { Scope = "myscope" });

The AddUserAccessTokenHttpClient method can be used to add a named HttpClient client for the access token and the specific API.

builder.Services.AddUserAccessTokenHttpClient("profileClient", configureClient: client => { client.BaseAddress = new Uri(profileApiBaseUrl!); });

This client can then be used to access the API resource using the access token.

var client = _clientFactory.CreateClient("profileClient"); var response = await client.GetAsync("api/Profiles/photo"); if (response.IsSuccessStatusCode) { var data = await response.Content.ReadAsStringAsync(); if (data != null) return data; return string.Empty; }

When the applications are started, the access token can be used to request data from the downstream API.

Notes

In follow up blogs, I will look at the different ways and the different types of strategies which are used to implement token management in ASP.NET Core web applications.

OAuth Client credentials tokens in web applications Microsoft.Identity.Web delegated access tokens & OBO access tokens Microsoft.Identity.Client application tokens Azure SDK tokens Handling multiple access tokens OAuth Token Exchange for downstream user delegated access tokens Links

Duende.AccessTokenManagement.OpenIdConnect

Duende token management

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims

https://github.com/dotnet/aspnetcore/issues/8175

Perhaps, even though they are not themselves explainable, AIs can help us engineer explainable systems. But I’m not optimistic. It feels like we’re on a path to keep making systems harder for humans to configure, and we keep expanding our reliance on superhuman intelligence to do that for us.

The Configuration Crisis and Developer Dependency on AI

LLM series at The New Stack