Latest Posts (20 found)

An Interview with Google Cloud CEO Thomas Kurian About the Agentic Moment

Listen to this post: Good morning, This week’s Stratechery Interview is with Google Cloud CEO Thomas Kurian . Kurian joined Google to lead the company’s cloud division in 2018; prior to that he was President of Product Development at Oracle, where he worked for 22 years. I previously spoke to Kurian in March 2021 , April 2024 , and April 2025 . The occasion for these interviews, at least for the last three years, is Kurian’s annual keynote at Google Cloud Next. You can watch the keynote here , and read the blog about Google’s announcements here . I spoke to Kurian a week ago, on April 15, and at that time only had access to the afore-linked blog post. With regards to the keynote, which I have since watched, I thought it was a powerful opening: Kurian returned to last year’s theme, about a unified architecture, but emphasized that the use cases were no longer theoretical or pilots but running at scale for real users. He also emphasized — in a foreshadowing of a point we discussed below — that Google itself was running on the same infrastructure as Google Cloud. Google CEO Sundar Pichai, meanwhile, talked about Google’s capex investment, and that (1) half of it was going towards Google Cloud, and (2) that Google Cloud was running the same stack as Google itself. I sense a theme! Pichai also emphasized security, a point that Kurian was also careful to raise in our talk, before discussing the shift to agents. To that end, in this interview — which again, was conducted before the keynote — we discuss agents. Specifically, I wanted to get Kurian’s take on the quality of Gemini’s harness (unsurprisingly, he thinks it’s great). Google has an integration advantage, but is it paying off in such a large company? I was also curious about how Google thinks about TPUs specifically and the cloud business generally in terms of balancing its internal needs with external customers like Anthropic. We also talk about the software ecosystem, why Google still believes in partnerships, and why the company was ready to seize the AI moment (hint: it’s because of Kurian). As a reminder, all Stratechery content, including interviews, is available as a podcast; click the link at the top of this email to add Stratechery to your podcast player. On to the Interview: This interview is lightly edited for clarity. Thomas Kurian , welcome back to Stratechery. I promise I have recording turned on this year — in fact, I have two recordings turned on. TK: Thank you so much, Ben. Good to see you, thanks for taking the time. Well, I look forward to talking to you. It’s good to talk to you for multiple interviews, much better than talking to you multiple times in one interview, so we’re already doing better this year. But like last year, we are recording before your Google Next keynote . We’re actually quite a bit ahead, I think we’re several days ahead, but this podcast won’t be released until after the keynote. Therefore, I’m going to ask the exact same question I asked last year. Specifically, I like watching keynotes, not for the announcements, but for the framing that happens up front. Last year, that framing was infrastructure, [Google CEO] Sundar Pichai actually delivered that at the opening, then you came in and talked about that, and that was the context for everything that you talked about. What is the framing this year? TK: The framing this year is that as AI models have become more sophisticated, we see customers evolving the use of AI models from being used to answer questions in a chatbot-like fashion, to actually automating tasks on their behalf, and to automate process flows within the organization. By automating process flows, you both get efficiency improvements, productivity improvements, frankly, you can also change the way that you introduce new products and services to market, for example. In order to do that well, the technology, what you need is a world-class agent platform and to underpin the agent platform, you need world-class infrastructure. You need the way that the agents interact with your company’s data and your business — so you need capabilities to help an agent really understand the company’s business information and context. I think, as you’ve seen in the press, AI and cyber have become very contextual now, there’s a lot of concerns that AI will accelerate the speed of cyber attacks on people’s systems, and so we’re going to be talking about how we’re bringing AI and our cyber technology together to protect, including the integration of Wiz , and then we’re introducing Gemini Enterprise and our agent platform to customers. That’s sort of the theme of what we’re talking about. You mentioned agents last year, everyone was talking about them to a degree, what has really changed from last year to this year that makes this different? I read your whole blog post, it’s very long, and I think the word “agent” may appear in every single paragraph. TK: There’s three or four big things that have changed. The first is capabilities of models — Gemini is able to reason much more effectively as new versions of Gemini have come out. Second, they’re able to maintain long-running memory, which you require if you have an agent that’s automating tasks over many, many steps, it has to maintain a lot of state in memory. Third, their interaction with tools and the rest of the world, there have been good abstractions, skills, tools, MCPs [ Model Context Protocol ], as they’re called, they’re all abstractions for how an agent reasons and interacts with the rest of a company’s systems. All of them have advanced and so the core capabilities that the models themselves have gotten a lot better, the capability and the ability to use tools and interact with the rest of the world has become a lot better, the abstractions that the world exposes itself to the model has improved and so now you have models have these capabilities to do these very complex tasks. That all makes sense and certainly tracks. A lot of these announcements, though, as I was going through them, a lot was about the infrastructure around agents, which makes sense — the orchestration, registry, identity, security, all these bits and pieces. All of this is clearly necessary for large enterprises, something they’re going to worry about and ask about. But the agents have to actually work; do Gemini agents actually work? Because there’s a lot of talk, you know, Gemini was the belle of the ball four months ago, but over the last little bit, it’s been mostly a lot about Anthropic and Claude, Codex, a lot of talk about that, and Gemini, not much talk. What’s your feeling about your actual capabilities, not just agents in general? TK: I’ve always said when people ask us about it, I always say, “Let our customers talk about it, rather than we talk about it”, I think you’re going to hear from 500 customers telling their stories at Next. Even people building agents, we have a whole range of them, from Citigroup to Bosch to eBay to Virgin Voyages to Walmart, there’s a whole range of them, Food and Drug Administration, etc., Comcast, Unilever, all of them are going be talking about specific business problems they had. For example, for Citi, they’ll be talking about a new wealth advisor, Investment Management, where they’re using our agents to research a person’s investment priorities. So a person says, “Here’s my priorities for investment, my kids are going to school, I need this kind of cash flow in order to fund it”, and then it researches your financial portfolio and interacts with you to give you recommendations. If you look at Comcast, they’re using us for all of the work that they do for consumer services — this is repair, scheduling appointments, dispatching field technicians, there’s very complex flows that have many, many steps and interact with you with a lot of complex systems. If you look at some of these flows, they require all of the capabilities I talked about. So as an example, I want the capability to call a set of tools, and those tools may be I want to book an appointment, so I need calendar, I need to look up, if I’m dispatching a technician, I need to look up spare parts so I need to pull up from my inventory that spare parts inventory, I need to schedule that to be available at the same time as the person who’s going out, I need to update my inventory that have taken something out of it. I mean, these are very, very complex steps. What’s interesting about all these complex steps and going through all these bits and pieces, it sounds like you’re saying that almost the more constraints there are, the more things you’re bumping up into, is that actually a better environment for instituting these sort of flows just because what you need to do is clearly defined? TK: Just being perfectly frank, Ben, having constraints requires the model to be even more intelligent. Just as an example, the number of variants in a process flow that’s complicated many, many steps, the number of different idiosyncratic situations that you may encounter are large so you cannot a priori program every one of them. You need to teach the model to use, for example, to be able to spin up a virtual machine and use a tool in the virtual machine to generate code to deal with some of these situations. So the most sophisticated thing is where you can give the model a high level set of instructions and have it goal seek an outcome. So you say, “I need to schedule this appointment”, and it turns out there may be 19 different conditions that occur when you’re trying to schedule an appointment and as part of that, you can’t a priori tell the model every single possible condition deterministically. So you need to teach the model, “Okay, the user did not tell you what to do, but the goal was to schedule an appointment, so here is how you generate code to then create a collection of things that can interact with the model and understand what to do”. This is very interesting, you’re walking through this process, this makes a lot of sense. How do you have that conversation with DeepMind? You’re connecting the, “This is the workflow that is needing to happen, these are what we need the model to do, this is where it does well, where it doesn’t”, what’s the working relationship there? TK: We have a harness in which all these flows journeys, for example, as we see them with customers, we put them into the harness and they get into the reinforcement loop for Gemini. How tight is that process? TK: Very tight. We have people sitting next to [DeepMind CEO] Demis’ [Hassabis] team, in fact I just came from a meeting with them, that loop is what allows us — we are in a unique position in the market. We’re unique in three different ways, we’re unique because we have the whole stack of AI technology. In order to do agents well, you need to have a model that takes all these journeys and puts it into the harness that handles the improvement, as we call it, hill climbing, literally every hour of every day, and the complexity of the journeys we see are in some ways much more complicated because in companies, you have many different systems, different conditions, different flows, you may not see that in other domains, like in a pure consumer domain. In order to do these well, you also need, for example, models need to spin up compute, models need to now hold on to tokens for longer because they need to hold, for example, a KV cache that holds memory about what’s happening during the transaction flow. Having awesome infrastructure, both classical, what we call classical compute machines, and TPUs gives us real strength there. Third, as you walk through these, one of the things you find is a lot of the systems these models interact with are things like databases, enterprise applications. So understanding the context of these, like for example, “How much inventory do you have?”, defining “What is inventory?”, “What part are you talking about?”, “What part number are you talking about?”, those things require you to have technology that understands the business graph and the dictionary of all the objects and the sources of information in your company. Our strength in data processing gives us some technology that we’re going to be talking about next week around something we call Knowledge Catalog, think of it as as your global dictionary for all information within the company, that’s a unique strength. And then obviously you don’t want information that’s critical to your company exposed on the Internet, you don’t want your model to get attacked because now it’s handling very complex process flows, you don’t want it hijacked, and so all the anxiety around cyber, we have very specific tools on, so our differentiation is all these pieces working together. That makes sense, the integration is a big part of your pitch. At the same time, you’re also a big, sprawling company and I think there’s maybe a perception, that I maybe hold, that some of the frontier labs are much more focused, they’re much more top-down about, “This is how our harness is going to work, the way it’s going to use tooling”, and all the things you’re talking about having this feedback flow back in sounds great unless there’s so many different takes on the way it should work and then you have your own internal customers as well. How do you balance having a point of view versus getting stuck in the muck? TK: Every product that Google has is on the same Gemini version, on the same day, on the same hour, every one of us is using the same harness. And you feel good that that harness is where it needs to be — it’s not getting pulled in 50 million directions thanks to all your customers and Google’s workloads? TK: Absolutely not, we are very focused on working with Demis and [DeepMind CTO] Koray [Kavukcuoglu] who lead our team to make sure they see the sophistication of these scenarios and we work literally side-by-side, hour-to-hour with them. There’s been a lot of speculation on are we distracted the company… I don’t think you’re distracted, I think it’s more just a matter of it’s a classic big company versus small company bit. Like a startup comes in and you have a very clear point of view and you don’t have all the enterprise stuff, you don’t have all this protecting the data, or permissions and all those structures, and yet that stuff sort of gets pulled along because there’s such demand to use your product that works really well and then over here it’s like, “Hey, we have everything protected and we have all these things around it”, but does the core product actually deliver? TK: The core product is being used by lots of people. The proof of that — we generate 16 billion tokens a minute, up from 10 just last December or January. Well, your financial results certainly showed that as well. There’s a bit where you’re doing so well, I have to be a little hard on you here. TK: A lot of people told us we were dead in 2023 — we’re still living. I think you’re doing more than living, you’re doing very well. TK: And so we never say anything negative about anybody else, our results prove for themselves. I always say, let our customers tell the story, they’re doing amazing things with Gemini in companies, enterprise, and they see the value of what we’re delivering for them. You mentioned that everyone in Google is on the same version of Gemini, using the same harness. Does that also apply to all this infrastructure around agents you’re doing, around sort of identity and security? TK: Yeah, in the enterprise, the way that all the infrastructure works is we have configurable mechanisms. Like for example, when you configure an agent, a very simple thing is you want to configure the agent with a different identity from a person, just a very simple example so that you can track, “Who did this transaction? Was it the human or the agent?, because there’s issues like liability. You may want to revoke permissions for the agent at a certain point in time, you want to allow it to only do certain tasks and not everything that the human does so there are controls you want to put around an individual agent and a collection of things that’s separate from the person. As we bring agents to consumers as part of our Gemini app, very similar concepts want to be exposed, and so the architecture that we use allows us to have those things. The sources of that may be different. In the consumer world, they may use the Google login account, in the enterprise world, they may use a directory to store it, but that’s just an abstraction of our technology to the rest of the world. We’ve been talking a lot about Gemini agents and the whole Gemini platform, but you also have just the broader Google Cloud platform. One of your major tenants is a company I was just sort of referring obliquely to, which is Anthropic, they’re doing a lot of inference on TPUs in particular. If Anthropic wins deals at the expense of Gemini, is that still a win? TK: We sell different parts of our stack. One of the things people don’t realize is we monetize many different parts of the stack in different ways. Like Anthropic, there’s a lot of labs that use our stack — in fact, most of the large AI labs use our stack. So if somebody uses TPUs to either to train their model or to use it for inference, we’re monetizing that part of the stack, that gives us resources to then fund our R&D and other investments. Some of the labs use our TPU and our Gemini model, others may use our TPU and then buy our cybersecurity protection for their models. So as a platform player, we have to allow our technology to be monetized in as many ways as possible and we don’t see it as a zero sum. Sometimes, though, if you have the SaaS layer and the platform layer and the infrastructure, is there one that is the most important? On one hand, SaaS has the highest margins, it kind of decreases going down. On the other hand, that infrastructure needs to be used, you’re spending a lot of money on it, you want full utilization. How do you think about that in terms of what’s the most important? I know they’re all important, but how do you think about that tradeoff? TK: If we were making TPUs just for ourselves, we would have lower volume than we do as a general purpose TPU supplier, which means there would be times of day that we would not be using those TPUs. Do you follow me? Like if you think how chat systems work, they’re very diurnal in nature, because you ask questions when you’re awake and we have a great search business and we have a great Gemini app business, but there would be a certain diurnalty to it during the daytime, there’d be a lot of questions, what about in the evening? Because we sell TPUs in the market, we’re able to offer it at spot to the rest of the world because we have such a large business. We’re able to also get manufacturing, better terms with suppliers and other things because of a real volume player, and that in turn lowers our cost of goods sold. So there are many more dynamics. The company is very focused on ensuring we win every part of this, not just one part of it. Gemini is obviously a super important initiative for us, and you’ll see the big announcements are around— For sure, it’s almost all Gemini. TK: But I wouldn’t assume that if we do that, the only way to do that is to offer our chips along with our model. We see a strong business offering our chips to many other people and you’ll see all of this is what’s accelerating our differentiation, and you see it in our financial results. Your financials are incredible, your revenues up, margins are up hugely, I’ve been posting that chart of them for a long time, last quarter was amazing . I do have to ask about TPUs, though. You talk about selling our TPU chips, to date that has meant TPU instances on GCP, but now there’s talk about actually selling TPU chips, what’s the status of that? What’s the official word, can I go buy a TPU? TK: I’ll explain a little bit what we see. So let me talk briefly about what the announcements we’re making, what the product is being used for, and then how we bring some of it to market. TK: We’re introducing two big new TPUs next week. One is TPU 8t, which “t” stands for training, it’s more optimized for training, think of it as 9,600 TPU chips, a single pod, as we call it, it has three times better performance than the current generation, which is already the leading one in the market. Then there’s 8i, which is “i” for inference, it’s 1,152 chips, three times the SRAM, and it has a new thing called the Collectives Engine, which gives you super efficient calculation performance for inference. Now, along with that, we are introducing Nvidia VR200, we’re also introducing more ARM capability for classical compute, because people who use models increasingly need to spin up a VM in order to do tasks, and that VMs we see interest in. We’re introducing not just new compute families, but also new storage, there are two new storage offerings. There’s one, the fastest Lustre solution in the market, it’s 10 terabits per second, that’s just to give you a sense, it’s like five times number two. We’re also introducing a new thing for ultra low latency — when you do inference, you want super low latency in accessing storage, we call it Rapid Storage, it can give you 15 terabits per second with ultra low latency, like microsecond latency. So why are we introducing all this stuff? TPUs, definitely a big market is the AI labs, but we’re seeing interest from new segments of the market. So a big new segment is financial services and when I say financial services, capital markets, and the reason is that today, if you’re a trading firm, a capital markets firm, you spend a lot of time running algorithmic trading and algorithmic trading is running numerical algorithms on traditional Intel type cores, x86 cores. Now what they find is that models can do inferencing and the inference performance is actually better than traditional numerical computing. So that’s one new segment, the second segment is high performance compute. We see a ton of people wanting to do energy modeling, computational fluid dynamics, solid state, there’s a whole bunch of parameters there too. What’s interesting about those is, you will see at our event, Citadel Securities for example, talk in the keynote about how they’re using TPU. Citadel, as you know, is a large capital markets firm. Department of Energy, they have a mission called Genesis , which is the new national lab mission on changing the energy infrastructure for the United States. There’s a big Brazilian largest utility in Brazil, Axia, all of them are examples of people who are part of just the keynote talking about how they use TPUs. When we look at that, there’s a couple of different things we see. Capital markets firms say, “Hey, if we’re going to replace our algorithmic trading solution, you have to bring TPU to where the venue is”. Right, because they care about the latency of going to a data center, that’s why they’re all New Jersey. TK: Secondly, if you’re a national lab, you have so much data you’ve collected over the last X number of years with your experiments — saying you have to bring all that data to the cloud to reason on it doesn’t make sense, so you will see us putting TPU in other people’s venues, and when we do that, we’re introducing new ways of people also procuring it. When I say procuring it, you buy it as a system, you don’t have to buy it just as a cloud source. How does this new way of selling, which is almost like a third way, so you have in Google’s data centers, you have bringing TPUs to customers, but then you have a deal like last week where between Anthropic and Broadcom and Google, this is going in their data centers. There’s these sort of renegade data centers that have access to power, maybe they were doing Bitcoin or whatever it might be, there’s been a big push to get TPUs into those. Where does that fit into this? TK: I would not assume everything you read in the press is true. Well, the Anthropic announcement was definitely a a big announcement. TK: Just to be honest with you, we have a flavor that runs in the cloud and a flavor that runs in third-party data center. The technology, the machines are identical. My question here is, where is that coming from? Is that part of your TSMC allocation? Is that Broadcom’s? Because no one can get enough compute, so ultimately that goes all the way back to the root. TK: The chips are all part of our global — TPU is a Google chip, as you know. So it’s part of global allocation, Broadcom partner who manufactures the TPUs with us and so it’s just part of the overall business. The new thing we’re talking about is just that you can run TPU in other venues. Makes sense. Will we ever have enough compute? Last year you said, “I think we’re going to resolve it shortly”, it doesn’t seem very resolved, what’s the status there? TK: We’ve worked super hard as an organization, our team that’s done our compute infrastructure, our global data centers, machines, all that, they’ve done an amazing job, there’s always a shortage, there’s never enough. But it doesn’t mean that we’re not — we would not be growing at the rate we are if we didn’t have enough compute. And so there’s more that we want, but there’s also the reality of our teams have done an amazing job, and our customers who are using it will tell you they’re seeing the benefits of the hard work our teams have done. There’s potential customers in the market, maybe current customers, who may be willing to pay basically any price for compute at this point. How do you think about the short term, “Wow we can actually just make a lot of money right now”, versus, “We need to invest in our products” — you had Microsoft, who I’m not going to ask you to comment on, but last quarter they’re like, “Yeah, we allocated less to Azure because we had our own internal workloads”. These are real trade-offs that you need to think about, how do you think about that in terms of GCP? TK: We run a balanced portfolio, we want to grow different parts of our business, we sit down as an executive team and also with Sundar and work through how we’re going to balance the different parts of our portfolio. We see, broad brush, three to four buckets of things. One bucket of things is where we want to grow Gemini as a business, our core Gemini business is doing super well, 16 billion tokens a minute, up 40% since last quarter, even this product called Gemini Enterprise , which is our core agent platform, has grown 40% sequentially quarter-over-quarter. So that part of the business, we’re committed to making it super successful, it’s a priority for us. Second segment of the business is where Gemini is being used inside of some of our core products, so I’ll give you an example. We’ve introduced Gemini inside our threat intelligence tools. Why is that? Because we have real expertise at Google scanning the dark web to identify threats, the problem is there’s so many of them, an average organization doesn’t know which of those many threats apply to them. So we use Gemini to process and prioritize which threats might affect you, it’s 98% accurate and has processed 3.9 million threats in the last year, so that’s an example of Gemini being used as an embedded capability. Right. The whole SaaS, PaaS, IaaS — the SaaS bit is still important. TK: There’s that capability, there’s people who want to use Gemini to reason on data in our analytics infrastructure so there’s a second big set where Gemini is an embedded capability and that in turn depends on chips and TPUs and GPUs. And the third one is offering our compute platform to people. We balance across those because we want all of them to be successful by bringing hardware or out machines to other people’s venues. We’re broadening our TAM, total addressable market, in that part of the business also we see a different cash flow model than if you were putting CapEx so there’s a lot of different parameters we have to balance. All those ones you listed for you to make trade-offs on, but then you also have to get in a meeting with Sundar and the other leaders of Google to make trade-offs with DeepMind and their R&D and with the consumer products. What are those meetings like? TK: We have a regular set of cadence of meetings and we balance the different priorities and we want to be successful on many different dimensions. I wouldn’t assume all of these dimensions are zero sum. Like, for example, when we offer our product in other venues, we drive cash flow in a different way than putting CapEx — so to some extent, that changes the boundary of how we offer our capital boundary as a company also. So I think there’s a general view of there’s a compute shortage, and if you give one, you will have to take from another, I think that’s an overly simplistic view of it, having been in this for long enough and having been, my team does both parts. We are responsible for delivering all the infrastructure for Alphabet, and they’ve done an amazing job doing that, and I’m also responsible for running the cloud business, and you can tell that our differentiation, I come back to this, it would be a different problem if you didn’t have demand. You can, and whenever I ask us to prove that you’ve got demand, I always say, “Look at our results”. Well that’s been the biggest change even since January where there was still some sort of latent skepticism about, “Is all this CapEx worth it?”, feels like those questions have been completely erased at this point. Speaking of markets in the last couple months, all these SaaS companies are getting killed in the market, you have a big SaaS business, you’re definitely not getting killed in the market, why are you escaping it? TK: I think we have transitioned. The core fundamentals is finding, and this is the way we approach our product portfolio, I’ll give you a very simple example — 2023, we said, “Hey, at 2022, we said, we’re not just going to build a secure cloud, we’re also going to start offering cybersecurity products”. When we entered the market and then we looked at what other things people — the value of cyber is driven by two dimensions. Dimension one, “What is it protecting?”, because it has to protect high value things, and the other element is, “How good is it at protecting?”, “What’s the technology that it’s going to use to protect?”. So we said, “There are only two valuable places to protect, there’s either the endpoint”, which is your desktop on which apps run, other people are doing a good job there, the rest of the world is moving all their applications and data to the cloud, let’s protect that. Second, we said AI is going to find vulnerabilities because at the end of the day, finding vulnerabilities is a question of a model really understanding code, and if you can find vulnerabilities at a much more accelerated rate, people need to fix vulnerabilities at an incredibly aggressive, fast rate, and so we started a set of work back then and we said to ensure that we have the leading product portfolio, let’s acquire Wiz. We’re now working on, you’ll see a number of announcements, there’s the Threat Intelligence Agent that allows us to you know understand the threat landscape and use Gemini to prioritize what you should pay attention to where a lot of people are using Gemini to actually scan their code, and then we’re introducing three new Gemini-powered agents with Wiz , one called Red Agent — think of it as continuous red-teaming of your infrastructure, a Blue Agent that says, “Okay, I looked at what’s happening with the Red team and I know what you need to go fix”, and a Green Agent that says, “I’ll fix it for you”, and that’s going to cut the cycle time. Like our Threat Intelligence Agent, you will see reference customers from Chicago Mercantile Exchange, there’s a whole bunch of them talking next week, about how it takes an investigation that just take 30 minutes and does it in 30 seconds, that allows you to get response. Now, this is an example of when we started, people said, “Why would a hyperscaler want to become a cyber company?”, and we were like, “It’s not about being a hyperscaler, it’s about solving that problem at the intersection of — AI is going to accelerate cyber threats and you cannot do repair the old way”. Yep, it really answers the question that people had when you acquired Wiz, which is, “ Why do you need to buy it , why can’t you just build it?”. It’s like, “Well, in two years, it’s going to be too late”. That’s, I think, also felt very tangibly right now. TK: Today, we are where we are because we made that bet. TK: So when people ask, “Why are you guys growing even in sectors that may be struggling?”, it’s because we have differentiation and we made those decisions early. That makes sense. One of the interesting product announcements this year is this cross-cloud lakehouse which lets customers leave their data in AWS and Azure while still being query-able by by your services instantly. Is this the final admission that even if enterprises love your AI and love Gemini, they’re not going to shift all their workloads if they’re already on other clouds? Lots of your products have been about that in the past — even Wiz is about that to a certain exten — but is that just the reality? There’s not going to be a huge amount of spillover as far as pulling things from other clouds to Google. TK: If you use BigQuery today, you don’t have to move your transactional applications to BigQuery. If you’re using Gemini today, you can keep your applications in another cloud and use Gemini to reason on it. The problem we were trying to solve is a very specific problem. Today, when people talk about lakehouses, they say, “We have a multi-cloud lakehouse”. What they really mean is their lakehouse can be run on any cloud, but when it’s running on a particular cloud, you can only access the data in that cloud. And then people say, “That’s crazy, because I’ve got data in a SaaS app like Salesforce”, “I’ve got data in an ERP system”, “I’ve got data in Azure and Amazon, and I’d like to use analysis across all this”, one choice to customers is copy all that data out, that’s expensive for them because of the egress tax that everybody imposes. So we said, “Keep your data there, we can still give you world-class analysis”, and so it’s solving that custody. The customer has a problem, they want to do analysis, there are four things we’re giving them. Keep your data where it is, no matter how many clouds. We’re not talking about a single cloud lakehouse, we’re talking about across all the clouds and across all your SaaS apps, we can do analysis, one. Two, people said, “How fast can you run?”, the proof that we’re going to show is we’re 2x better in price performance than the market leader, right out of the gate. The third one, people said, “I’m not an expert on writing Python and Spark, can you give me essentially vibe coding for Python and Spark?” — yes, you’ll see us introduce a agent manager to generate Python and Spark code using Gemini. And then the last one people said today, Ben, if you ask a question, I was using that example of field service, I’m running a query on, “How much inventory do I have in parts?”, before I send the technician — that information sits inside an application in a set of tables in a database, most organizations have thousands of databases, teaching the model which system has what information, and the notion of part is split across 10 different tables in this particular database, you need a system that builds that semantic graph of all the information in your company. Right, this is the Knowledge Catalog . TK: That’s the catalog, and that gives you super good accuracy when you’re researching information. So we put all this together and back to, we’ve always been super pragmatic. I always say enterprises have certain problems that they see independent of a cloud. For example, security — they don’t want to buy three different security tools from three different hyperscalers. Analytics — they don’t want to buy three different analytic tools from three different hyperscalers. Others have chosen to say, “My stuff only works with my cloud”, that’s why enterprises often choose us, because we work across all the clouds and all the security environments you have and you can keep stuff wherever you are and use Gemini to access and automate stuff for you, so all that is just part of listening to customers. This all makes perfect sense, particularly this bit about the Knowledge Catalog definitely fits how I’ve been thinking. I wrote about this a few years ago about this importance of this whole layer and understanding it, it’s a bit of a big lift to get this in place. You have some sort of analog, say, with like a Palantir that’s putting in like their ontology thing . They have FDEs out on the site, multi-month projects doing this. You have OpenAI talking about Frontier , their agent layer, and they’re partnering with all the tech consultancies to build this out. Is this going to entail a lot of boots on the ground to get this graph working and functional in a way that your agents can operate effectively across it? TK: We’re not competing with Palantir, we’re not building a semantic dictionary or an ontology. What we’re doing is, today I’ll give you the closest analogy. TK: Today when you use a model, let’s say you use Gemini, and you ask a question, Gemini goes through reasoning, and then it shows you a citation. A citation is, “How did I answer the question and what’s the source I derived from?” Now imagine that citation was a query that needed to go to a folder in, for example, a storage system because there’s some documents there and a database because, for example, in a part number, just think about there’s a part number document that lists all the part numbers and sits in a drive and then that part number you need to fetch out to say it’s the modem that the guy is coming to repair, and that’s mapped to a table in a database. So what the graph does, we use Gemini, so we don’t need humans, we use Gemini to say, “Hey, go and read all these documents in these drives and extract the information from it and then match that to the database table that has the reference to the part number”, and so then when Gemini turns around and says, “I got this query about how much inventory of modems they are”, the first thing it does is it says, “Okay, go to the Knowledge Catalog and it says modem is part number one, two, three, four, five”, and then it says, “By the way the table in the database that has the inventory information about this part number is this table, here’s a SQL”, it then makes the quality of what we generate higher and then when it answers the question it shows back — back to your, “Trust my data”, it shows a grounding citation saying, “That’s where we got it from.” What do you need from everyone in the ecosystem if this is going to work, all these SaaS applications and across all these entities, not just what’s in your databases, but what’s in a SAP database or whatever it might be. How do you get them on board so you can understand their data and build this Knowledge Catalog? TK: Really easy, the first thing is to use the lakehouse we support a standard format, industry is very standardized on it, it’s called Iceberg , so anybody who supports Iceberg we can talk to it and so that’s pretty much the whole world right now, so we don’t need them to do anything special to make it work. Second, all of these business systems have API specifications, and our Catalog can learn off of those API specifications, we just teach Gemini to process those, and so we can build a catalog pretty quickly. There are reports that OpenAI on Amazon Bedrock has been massively popular. Are we going to get OpenAI on Vertex? TK: We would love to have them. We are announcing a variety of third-party models on Vertex, including Anthropic, including open source, we’re open to any model provider on Vertex. I believe you. That’s going to be great, when and if it happens. Just one last question. We’ve talked in this interview series previously about how I think, and this is before your time, it’s not your fault, that Google Cloud missed the boat in terms of being a point of integration for the Silicon Valley enterprise ecosystem. I think last year I asked you if AI represented a new opportunity to do that. However, is there a bit where the models, and you’re in this game because you have one of the leading models, is just going to eat everything and is going to gradually expand to do the jobs and everyone else is just going to be a system of record? It’s going to be all one interface, that the integration, such that it is, is all under the surface, it’s not necessarily tying things together in user space. Is Gemini going to be all the user needs in the long run? TK: We don’t see it that way. In fact, one announcement you’ll see us make next week is how many third-party SaaS and ISV [independent software vendors] vendors are embedding Gemini not just as a model, but as an agent platform, because they want to build agents and our agent platform, you can use to build agents, not just our own agents, but they can use it and there’s a lot of independent software vendors embedding those agents. And do they see you as like, “Hey, you’re another established guy, let’s go with you because we don’t know what these other folks are up to, they want to eat all of us”? TK: It’s also the capabilities. The differentiation, I would say, is just think about you’re a bank or an insurance company, and think about you’re a SaaS vendor selling to them or an independent software vendor, there’s a number of things around identity, policy management. For example, if you’re a bank and you have documentation about a person and their credit, you cannot have that egress the bank’s boundary, so we have a gateway that protects against that, that’s part of our agent platform. You want to have auditability on the agent to say which agent did what task on what system when, that’s built into the platform. You want to have a registry where you expose all your skills so that people are not duplicate building all these things, we have a registry that does that. This is sort of the bit we started with at the beginning, it’s not just going to benefit your agents it’s going to benefit all agents, that’s sort of the pitch. TK: So one of the things that people like is the fact that we built all that plumbing for them, and so they don’t have to invest in it, they can focus on the value add that they have on their agent side. Additionally, for companies in this broader ecosystem, the cost of agents — and it becomes part of their bill of materials, if you will, the cost of goods sold — the fact that we have these super efficient chips that run inference with such efficiency eventually translates into cost efficiency for a third party that’s building on top of us. You can see that all of those benefits, we’re taking away all that complexity for these guys, so we definitely don’t see that all the ecosystem is going to die, we definitely don’t see that, we see us facilitating that ecosystem. You’ll see us announcing a number of things, including a substantial investment in dollars to accelerate the partner ecosystem around our platform. Thomas Kurian, great to talk to you again. TK: Thanks so much, Ben. And just in closing, the work that we announce every year at Next is a testament to all those customers and partners who gave us a shot to work with them. You’ll see them telling their story, and it’s a testament to all those people at our organization that made a bet to solve a technical problem a different way, or to bring our technology — we’ve hugely expanded our go-to-market organization, and doing all that with growing top line and operating income at the same time is a testament to the demand we see for our products and services. I mean, six, seven years ago, people used to tell us, “You have no shot in the market”, I think we are now truly uniquely positioned. Name one other player that has the stack of technology to do AI, when I look forward, I think there’s no question in people’s minds that the central problem that companies need to solve and technology providers need to solve is how good is the capability you offer for AI. We’re the only ones with chips, models, the context to feed the models from all of the data infrastructure, the cyber tools, and then a world-class agent platform. I would also add, you’re actually an enterprise company now. The things you talked about, pragmatism, listening to customers, all these pieces, GCP did not have at all a decade ago — there’s a bit where Wiz was ahead of its time, for sure, being forward-looking, but there’s a bit where the organization is ready for this moment in a way I don’t think it would have been previously. I find it very impressive. TK: We are very proud of the team. Also for Alphabet, to do AI well, you have to do a couple of things. One, see the breadth of problems that we see, we see all of the consumer problems, we see the enterprise problems, we see the problems that search sees, we see the problems that YouTube needs, we see all those that we’re solving with AI, that gives us a breadth of capability that the model needs to solve, that over time is a real strength because the diversity of problems we’re solving. Second, in order to do AI well, you have to invest, and in order to invest, you need to monetize in as many different ways as possible. I think we are very confident that our team, we do not have any hubris, but we are confident in where we stand. I think it’s very impressive. I look forward to your keynote. TK: Thanks so much Ben, it’s a privilege to talk to you every year and it’s great that you took the time to speak with me. And it’s all recorded, I can promise you that! This Daily Update Interview is also available as a podcast. To receive it in your podcast player, visit Stratechery . The Daily Update is intended for a single recipient, but occasional forwarding is totally fine! If you would like to order multiple subscriptions for your team with a group discount (minimum 5), please contact me directly. Thanks for being a supporter, and have a great day!

0 views

It’s a lot to process

… everything. I need to know less, but I know more. Trying to cultivate a life which allows me to know less while still participating in society requires me to know more and do more than simply laying back and passively allowing the unending flood of information to drown me. Please note that we are all being drowned. What is it that is drowning us? Information and misinformation. Part of the drowning is the effort required to try to distinguish between the two. You’re trying to keep your head above water and there are waves and in order to not be pulled under by a wave you have to quickly look at it (while it’s looming larger and larger above you) and decide: Real or not real? Looks real. Is it real? Decide! Quick! I think it’s worth noting that when people don’t seem interested in the distinction between real and not real it may not be that they don’t care about what’s real. It may be that their capacity, their energy, their ability to distinguish is less than yours. And here I am. I’m adding to the information by writing this and publishing it. How do I feel about that? Weird. Really terribly weird and odd and disjointed and uncertain. Perhaps it would be better to stfu, one part of me says. Sometimes that is absolutely what is best. But not always. I don’t know about a lot of things. I can’t have that many opinions. I can’t understand that many issues. I can’t research that many topics. And I don’t like the pressure to be certain about things. All the things, all the time. It’s okay to say I don’t know . What I do know: I am real. Here’s a vignette: I’m on my balcony. Of course I’m on my balcony. I love this tiny little space. I mention it. I post photos sometimes, the sunset view through power lines or my feet up on a small table that wasn’t meant to be outdoor furniture. I can hear a kiddo inside talking to his girlfriend on the phone. The traffic, slowing but still there, on the road. The sound of neighbors as they walk in, talking softly. Here’s what I want to tell you. First, let’s imagine you’re here on the balcony too. There’s another chair. Let me know if you want a beverage. We have options. Don’t worry about the cats. I promise they won’t jump off. I want to tell you that I am real and you are real and that’s enough to know right now.

0 views

Writing an LLM from scratch, part 33 -- what I learned from finally getting round to the appendices

After finishing the main body of " Build a Large Language Model (from Scratch) ", I set myself three follow-on goals . The first was training a full GPT-2-small-style base model myself. That was reasonably easy to do but unlocked a bunch of irresistible side quests ; having finally got to the end of those, it's time to move on to the others: reading through the book's appendices, and building my own GPT-2 style model in JAX. This post is about the appendices. The TL;DR: there was stuff in there that could have saved me time in my side-questing, but I think that having to work those things out from scratch probably helped me learn them better. This is an excellent overview of PyTorch, and given that I'm writing for people who are reading the book too, all I can really say is that it's well worth reading, even if you have some experience in it. He gives an intro to what it is, some details on how to choose to use GPUs (or Apple Silicon) if you have them, and an overview of tensors. He then goes on to explain the basics of automated differentiation and back-propagation, with a bit of background detail about the chain rule. I think this bit is useful at a "how-to" level, but the mathematical details felt like they were summarised too briefly to be all that useful. I can see why -- this is an appendix to a book on an adjacent subject, not a textbook on the mathematics of training ML models. But something this brief feels like it would be confusing for people who don't know it already, but not really useful for those that do. Perhaps I'm underestimating the typical reader, but if and when I write up my own explanation of how this works (perhaps as a follow-up to " The maths you need to start understanding LLMs "), I'll go quite a lot slower and try to explain things in more detail. Anyway, as I said, the explanation is more of a bonus in this book, quite far from its main focus, so this is a nit. He then goes on to a high-level explanation of PyTorch's s and s. This was quite useful for me. I must admit that I've been struggling a bit to see the value of DataLoaders -- indexing directly into Datasets has worked very nicely for me. I suspect this is a question of scale more than anything; even my big training runs, 44 hours of training a 163M-parameter model on 3 billion tokens, worked fine without a DataLoader. But after reading this section, I felt I was getting some way towards having more of a handle on how they might help. I'm not quite there yet, but hopefully soon... Next, there are sections on training loops, both with and without GPU support. Nothing new there for me, at least. Then came the real surprise: a really solid walkthrough on training models across multiple GPUs with DistributedDataParallel! That's something I learned from the documentation and various online tutorials back in January , and reading this appendix first would have saved some time. But thinking back on it, I think that the way I did it was better pedagogically for me. By having to grind through it from first principles -- following the docs, coding something, seeing it break, trying again, and eventually getting there -- I think I internalised the knowledge much better. It's a balance, really. If I read explanations, I learn faster, but the knowledge is shallower. Learning by doing is slower but deeper. Working out a good balance is hard. It feels like I've struck a good balance on this one, but I suppose it's difficult to know for sure. The one thing in the DDP section that did stand out for me, though, was the use of a for the . That might have made some of my DDP code a bit simpler! On to the next appendix. I won't go through this in detail; it does what it says on the tin, and there's a bunch of interesting stuff in there. I scanned through and nothing felt like a must-read right now, but I'll be checking it in the future if I'm looking for suggestions for things to read about. Another one that is exactly what it says it is. Once again, something I could have saved time by reading first! In it, he covers gradient clipping, which I went over back in February , and warming up and then doing a cosine decay on the learning rate, which was something I looked into in March . Just like with DDP, I think that having to learn about these from resources I could find on the Internet meant that I got to a deeper understanding than I would have if I'd just been following the book. This is not a point against the book, of course! Again, it's one of those balancing acts: do it yourself and learn more, or read about it and learn faster. Still well worth reading though. This was a really interesting read. I've been reading about LoRA on the side, but most treatments I've seen started with an explanation of the maths, but then essentially said "now, to do it, install PEFT" (or Unsloth, or something similar). Raschka gives the full code, showing how you can write your own LoRA stuff, and I think this is excellent. Digging into it right now would be a side quest, but I'm inspired by it and might do my own LoRA writeup after finishing this LLM from scratch arc. Let's see if I manage that or if I get distracted by something shiny first... The last page in the book. Well, the first page of the index. Done. Wow! But before I start the celebrations, there's one last step. As I said last November , I wanted to: [Build] my own LLM from scratch in a different framework, without using the book. That is, I think, essential, and perhaps would be the crowning post of this series. It would be a nice way to end it, wouldn't it? I think I was right, so that's what's next. I asked people on Twitter which framework I should use, and the winner was JAX -- and so that's what's coming next. Watch this space!

0 views

Exclusive: Microsoft Moving All GitHub Copilot Subscribers To Token-Based Billing In June

Documents viewed by Where’s Your Ed At shed additional light on Microsoft’s transition to token-based billing for GitHub Copilot, as the company grapples with spiraling costs of AI compute. As reported on Monday ( and as announced soon after by Microsoft ), the company has taken the step to suspend new sign-ups for individual and student accounts, has removed Anthropic’s Opus models from the cheapest $10-a-month plan, and plans to further tighten usage limits. According to the documents, the announcement for token-based billing will be tomorrow (4/23), with changes to GitHub Copilot rolling out at the beginning of June. Users will pay a monthly subscription to access GitHub Copilot, and receive a certain allotment of AI tokens based on their subscription level. Organizations paying for GitHub Copilot will have “pooled” AI credits, meaning that tokens are shared across the entire organization. GitHub Copilot Business Customers will pay $19 per-user-per-month and receive $30 of pooled AI credits, and Copilot Enterprise customers will pay $39 per-user-per-month and receive $70 of pooled AI credits. While the documents refer to moving “all” GitHub Copilot users to token-based billing, it’s unclear at this time how Microsoft will be handling individual Pro or Pro+ subscribers. If you liked this news hit and want to support my independent reporting and analysis, why not subscribe to my premium newsletter? It’s $70 a year, or $7 a month, and in return you get a weekly newsletter that’s usually anywhere from 5,000 to 18,000 words, including vast, detailed analyses of NVIDIA , Anthropic and OpenAI’s finances , and the AI bubble writ large . I recently put out the timely and important Hater’s Guide To The SaaSpocalypse , another on How AI Isn't Too Big To Fail , a deep (17,500 word) Hater’s Guide To OpenAI , and just last week put out the massive Hater’s Guide To Private Credit . Subscribing to premium is both great value and makes it possible to write these large, deeply-researched free pieces every week.  Internal documents reveal Microsoft’s planned rollout for token-based billing for all GitHub Copilot customers starting in June. Copilot Business Customers will pay $19 per-user-per-month and receive $30 of pooled AI credits. Copilot Enterprise customers will pay $39 per-user-per-month and receive $70 of pooled AI credits. Sources say that these amounts may change before the launch of token-based billing. It is unclear what will happen to individual subscribers. The company is expected to make the announcement on 4/23.

1 views

Automation conformity

Rollo May asserts plainly in the opening pages of The Meaning of Anxiety that anxiety in fact has meaning, and that our aim cannot be to eliminate it but to work with it, and through it, to use it to propel our creativity and vigor for life. And yet, anxiety is often deeply, even intolerably, unpleasant, and the effort to embrace it can test us beyond our abilities. We are wont, then, to look for an escape hatch, an easy path to relief; but those paths always come with a cost. It is to be expected that certain “mechanisms of escape” from the situation of isolation and anxiety should have developed. The mechanism most frequently employed in our culture, [Erich] Fromm believes, is that of automation conformity. An individual “adopts entirely the kind of personality offered to him [ sic ] by cultural patterns; and he therefore becomes exactly as all others are and as they expect him to be.” This conformity proceeds on the assumption that the “person who gives up his individual self and becomes an automaton, identical with millions of other automatons around him, need not feel alone and anxious any more.” It does not take a hard look to spot the evidence of this conformity in our own time. Millions of nearly identical LinkedIn posts, all saying the same thing, in the same jittery staccato, the same strained performance of revelation when in fact nothing at all is being revealed. (I am picking on LinkedIn here, but it is symptom of this phenomena, not the cause.) Worse, we now have chatbots who will produce and reproduce this pablum at scale, bringing a kind of double-edge to that conformity: we conform when we use those tools, when we accede to the assertion of their inevitability; and we conform again when we place them in our mouths and in our minds, when we outsource our speech and thinking to them. We become automatons twice over. Fromm and May here posit that when we make this trade, when we adopt those cultural patterns, we give up our unique selves in exchange for a relief of anxiety. In the light of our current drive for automation, I will make a counter proposal: we give up our unique selves in the hope that it will bring some relief, but that relief is ever deferred. For at present, becoming an automaton nearly guarantees that you will be left out to dry, as the promise of so-called AI is that the more you use it, the more it uses you . Such that in the act of becoming automatons, we bring ourselves that much closer to the thing we really fear: being left alone, without any of the care or materials we need to survive. We give up our individual selves for the appearance of security, without any of the conditions that can actually create it. This is the trap anxiety lays for us: in our effort to escape it, we run further into its jaws. But perhaps there are yet alternatives. May connects that impulse to escape with the experience of isolation: can we become less isolated without becoming automatons? Can we find community not in the center, but on the outskirts, among the weirdos and the outsiders, the people who never seem to fit in, who are always playing a different game? There are fewer of them, by definition, but not so few that we cannot find them. We won’t find the comfort of the majority among them, of course—but as we have seen, that comfort is mere illusion—but perhaps we can find the community and camaraderie that is so necessary for our survival, and without giving up our precious selves to get it. View this post on the web , subscribe to the newsletter , or reply via email .

0 views

The Meaning of Anxiety

Rollo May refutes the assertion that mental health is living without anxiety, proposing instead that anxiety is a necessary condition for creativity, intellect, and freedom. He defines anxiety as the “experience of Being affirming itself against Nonbeing,” as that which propels us to more self-awareness, consciousness, and life. He likewise shows that the refusal to embrace this anxiety, to attend to it and work with it and through it, is an invitation to authoritarianism and fascism. When we lack the skills of being with our anxiety, and feel our only option is to flee, we often flee right into the hands of a strongman who promises security at the cost of liberty. May wrote during the height of fascism in the last century; we read it during the renewal of the same in this one. The lessons hold. View this post on the web , subscribe to the newsletter , or reply via email .

0 views
iDiallo Today

How to Come Up With Great Ideas

There's a story about an art teacher who divides a class into two groups. The first group is given one task. Design a single, perfect pot. The second group has a different instruction entirely. Make as many pots as you can before time is up. The first group measures, plans, and deliberates. They sketch ratios, debate proportions, and handle the clay with care. They have one shot, so they treat it like one. The second group just makes pots. Terrible ones. pots that collapse on themselves, crack at the base, and lean sideways. They don't stop to mourn any of them, they just start the next. When time expires, the results are revealed. The first group has a pot... technically. But it wobbles. Before the session is over, it breaks. The second group's first pot is a disaster. But their second is better. Their third, better still. By the time they've burned through a dozen attempts, they've internalized something the first group never had the chance to learn. What doesn't work. Their final pot is flawless The second group won not because they were more talented, but because they were given the opportunity to experiment and gain experience. When it comes to writing, it's tempting to believe you need the entire story mapped out before you begin. That you need to fully understand the premise, complete the research, and know the ending before the first sentence. That's never been true for me. When I start writing, I often don't know what it's going to be until the words appear on the page. The research doesn't precede the writing. It follows it. I remember watching the Pixar documentary about Finding Nemo. They produced hundreds of story sketches and character drawings that never made it into the film. The director admitted that a lot of those ideas were pretty terrible. But without those sketches, they wouldn't have arrived at the final story. They learned from the volume of attempts. And we got to watch the final high quality result. I've been following what I call the 100-times rule . For any new skill, or anything new really, I give myself permission to do it 100 times before judging the results. The goal is simple. I want to narrow the gap between idea and execution. When I was learning to program, I'd open a blank JavaScript file and just start writing. Half the time, I'd finish a session with something unrelated to what I started. A half-baked startup idea buried in the comments, or a function that suggested an entirely new project. The work generated the ideas, not the other way around. When I decided to write regularly, I had about a dozen ideas ready to go. I dreaded the moment I'd exhaust them. But by the time I published the twelfth post, I had several dozen more. They didn't come from some secret source of inspiration. They came from momentum. Writing regularly has trained my mind to notice things worth writing down. Conversations, observations, small frustrations, fleeting questions. The ideas were always there. I just hadn't built the habit of catching them. This is the part most people get backwards. They wait for a great idea before they begin. But great ideas are rarely the starting point. They're the result of effort. You don't think your way to good work. You train yourself to good thinking by using repetition. When I have an idea now, I don't wait for the right moment. I write it down immediately in my phone, in a note, sometimes directly on my blog before I fully understand it. Publishing something unpolished is uncomfortable. But an unpolished idea that's out in the world can be refined, responded to, and built upon. A perfect idea that lives only in your head cannot. In fact, I've forgotten so many great ideas! Since the beginning of last year, I've written at least 230 articles. When I run low on new ideas, I have hundreds of old posts I can return to, deepen, and remake into something more considered. The volume created the options. If there is any secret to coming up with great ideas it's this: Start before you're ready. The first group in that classroom failed not because they were less capable, but because they optimized for perfection at the expense of experience. Every moment they spent planning was a moment they weren't learning what the clay actually does in your hands. If you're waiting for the perfect idea, the right time, or enough certainty before you begin then you are the first group. You have one pot and you're protecting it. Make more pots.

2 views

High-Quality Chaos

As I have been preparing slides for my coming talk at foss-north on April 28, 2026 I figured I could take the opportunity and share a glimpse of the current reality here on my blog. The high quality chaos era, as I call it. I complained and I complained about the high frequency junk submissions to the curl bug-bounty that grew really intense during 2025 and early 2026. To the degree that we shut it down completely on February 1st this year. At the time we speculated if that would be sufficient or if the flood would go on. Now we know. In March 2026, the curl project went back to Hackerone again once we had figured out that GitHub was not good enough. From that day, the nature of the security report submissions have changed. The slop situation is not a problem anymore. AI slop rate The report frequency is higher than ever. Recently it’s been about double the rate we had through 2025, which already was more than double from previous years. Number of hours between security reports The quality is higher. The rate of confirmed vulnerabilities is back to and even surpassing the 2024 pre-AI level, meaning somewhere in the 15-16% range. Confirmed vulnerability rate In addition to that, the share of reports that identify a bug, meaning that they aren’t vulnerabilities but still some kind of problem, is significantly higher than before. Share of reports that were bugs, not vulnerabilities Everything is AI now Almost every security report now uses AI to various degrees. You can tell by the way they are worded, how the report is phrased and also by the fact that they now easily get very detailed duplicates in ways that can’t be done had they been written by humans. The difference now compared to before however, is that they are mostly very high quality. The reporters rarely mention exactly which AI tool or model they used (and really, we don’t care), but the evidence is strong that they used such help. I did a quick unscientific poll on Mastodon to see if other Open Source projects see the same trends and man, do they! Friends from the following projects confirmed that they too see this trend. Of course the exact numbers and volumes vary, but it shows its not unique to any specific project. Apache httpd, BIND, curl, Django, Elasticsearch Python client, Firefox, git, glibc, GnuTLS, GStreamer, Haproxy, Immich, libssh, libtiff, Linux kernel, OpenLDAP, PowerDNS, python, Prometheus, Ruby, Sequoia PGP, strongSwan, Temporal, Unbound, urllib3, Vikunja, Wireshark, wolfSSL, … I bet this list of projects is just a random selection that just happened to see my question. You will find many more experiencing and confirming this reality view. When we ship curl 8.20.0 in the middle of next week – end of April 2026, we expect to announce at least six new vulnerabilities. Assuming that the trend keeps up for at least the rest of the year, and I think that is a fair assumption, we are looking at an estimated explosion and a record amount of CVEs to be published by the curl project this year. We might publish closer to 50 curl vulnerabilities in 2026. Number of published vulnerabilities Given this universal trend, I cannot see how this pattern can not also be spotted and expected to happen in many other projects as well. The tools are still improving. We keep adding flaws when we do bugfixes and add new features. Someone has suggested it might work as with fuzzing, that we will see a plateau within a few years. I suppose we just have to see how it goes. This avalanche is going to make maintainer overload even worse. Some projects will have a hard time to handle this kind of backlog expansion without any added maintainers to help. It is probably a good time for the bad guys who can easily find this many problems themselves by just using the same tools, before all the projects get time, manpower and energy to fix them. Then everyone needs to update to the newly released fixed versions of all packages, which we know is likely to take an even longer time. We are up for a bumpy ride.

0 views

Privacy Setup for Android 16 with GrapheneOS

GrapheneOS is a free and open-source mobile operating system, built on top of the Android Open Source Project (AOSP) but with a strong focus on privacy and security. It’s developed independently, with no ties to Google or any hardware vendor, and it’s the operating system I’ve been recommending (and using on my own devices) for years, both on the phone side and on the tablet side . Compared to the Android you get out of the box on a new Samsung Galaxy , nothing phone or even Google Pixel , GrapheneOS is a fundamentally different thing. Where stock Android ships deeply integrated with Google ’s services, that constantly sync contacts, calendars, search history, advertising identifiers, approximate location, and trickle telemetry back to Mountain View , GrapheneOS strips all of that out by default. Where vendor Android additionally ships with preloaded apps from Facebook , Microsoft , Amazon and the manufacturer’s own ecosystem, each with their own telemetry pipeline, GrapheneOS ships with almost nothing at all. And where stock Android relies on Google for things like push notifications, attestation, captive portal checks and time synchronization, GrapheneOS routes these through its own infrastructure, or makes them optional entirely. On top of that, GrapheneOS adds a substantial amount of hardening at every layer of the stack, from a hardened memory allocator and stricter sandboxing rules, all the way up to user-facing tools like per-app network and sensor permission toggles that simply don’t exist on stock Android. In short, GrapheneOS is what Android could look like if the people building it weren’t in the business of selling your data. And because it’s open source, independently audited and developed with a clear threat model in mind, it has earned the trust of journalists, activists, engineers and plenty of ordinary people who simply don’t want their phone to be a surveillance device. With all that said, there’s a common misconception that I keep encountering, that simply flashing GrapheneOS onto a compatible device is enough to magically protect its owner from Big Tech or other adversaries spying on them and their data. While GrapheneOS goes to great lengths to disable and circumvent the tracking that smartphone vendors like Google usually build into their Android phones, and hardens various aspects of the system on top of that, the main cause for concern is usually less the bare naked Android system, but more often than not the apps running on top of it. If you are using apps like Facebook , TikTok , Outlook and Amazon , the surveillance happens within these apps and platforms, regardless of what operating system they’re running on. Common questions from others that I’m encountering with regard to the use of GrapheneOS are along the lines of “I need to use this banking app on my phone, can I do that with GrapheneOS?” , or “I need to use Microsoft Teams for work, does GrapheneOS support it?” . While many of these questions can be answered with yes , there’s a fundamental issue with this approach, in which people think that if only they switch the base operating system of their smartphone, all of the sudden they will become invisible to the companies behind these apps. This is sadly a misconception. The operating system is, albeit an important part, only one layer of the stack. Flashing GrapheneOS protects you from a lot of what Google bakes into stock Android, and it adds a surprising amount of defense in depth via things like the hardened memory allocator , the network permission toggle or storage scopes . What it cannot do, however, is change what the apps you install are sending to their backends. If you depend heavily on using apps that are inherently privacy-invasive, it doesn’t make much sense to limit yourself to the few devices that an operating system like GrapheneOS is able to run on, and then go through all the hoops of getting the apps that you need to work on those devices. In such a case, compartmentalization is the better approach: Run these type of apps on e.g. a modern iOS device, which is a platform with industry leading out-of-the-box security for the average user, and only use a GrapheneOS device for the apps and platforms that you have full control over or can reasonably trust to not spy on you. This is in my opinion the most important mental model to internalize before starting down this path. The goal isn’t “one device that does it all, perfectly private” , as that device doesn’t exist and chasing it will only give you a false sense of privacy. The goal is to make sure that the device which lives in your pocket, the one that knows where you drive, where you sleep and who you talk to, is running a minimal, trustworthy and hardened stack. Everything that brings known spyware into the mix, like corporate communication suites, banking apps, rideshare apps, airline loyalty clients, food delivery apps, all the usual suspects, belongs on a separate, deliberately untrusted device. That device can happily be a stock iPhone or a stock Pixel. Don’t fight that reality, use it in the most minimal way possible. That device does not need a copy of your full address book and calendar, nor does it needs access to your primary password vault. And it most certainly doesn’t need your family vacation photos or your Taylor Swift concert videos. It can co-exist just fine on a dedicated SIM card, with a dedicated phone number and everything else that the corporate you needs. Using the spyware device in such a conscious way ultimately benefits your privacy alter-ego , as it maintains a public persona of yourself that hAs NoThInG tO hIdE . Many people recoil at the idea of carrying two phones, but in practice the spyware device rarely needs to leave your desk or (Faraday-)bag. You pull it out when you need to check in for a flight, pay a bill, submit an expense report or hop on a corporate video call. For everything else, the GrapheneOS device is more than sufficient. And because it doesn’t carry the weight of two dozen chatty apps, its battery life and overall responsiveness will improve dramatically as a side effect. However, because life is never as clear cut as this, with Android 16 there is a new Private Space feature that can be utilized to further compartmentalize apps within the same device. Private Space is essentially a separate user, nested inside of the owner user, with its own isolated storage, its own set of installed apps and its own work/background state. The apps inside a Private Space don’t share any common data with the rest of your apps and they don’t even necessarily share the same network routes. Therefor, if you are using a VPN on your main profile, your Private Space apps won’t see this and hence won’t be using the connection, and vice-versa. That last bit is worth pausing on. You can have a completely different VPN configuration, a completely different set of DNS settings and, effectively, a completely different exit IP for the apps inside your Private Space , without having to juggle user profiles via the lockscreen. When the space is locked , the apps inside it are frozen, their processes are torn down, their notifications are silenced and their icons disappear from the app drawer and the recents view. When the space is unlocked , it’s as if you briefly teleported to a second phone, used the app you needed, and then went back. Examples of apps which would make sense to run inside the Private Space would be for example the Uber app. This app contains your private information (name, payment info) and is something you don’t want to be running in the background 24/7, as you quite likely only need it sporadically, whenever you have to hail a ride. By installing Uber only inside the Private Space , it will only be allowed to run once you unlock the space. You don’t need to worry about Uber continuing to track your location after you completed your ride ever again. A similar argument can be made for a messenger like WhatsApp . I would not recommend relying on WhatsApp as your primary means of communication, but if you have that one group chat with family members that absolutely refuses to move off WhatsApp , or that one client who insists on sending you voice notes there, installing it inside the Private Space and only unlocking it when you actually need to check in is a reasonable middle ground. You get the communication channel, Meta doesn’t get a background service on your primary profile 24/7. However, this approach clearly only makes sense for apps that you only need to use sporadically or in emergency situations in which you might not have your dedicated spyware device with you. If you need to use something like Microsoft Teams on a constant basis, putting it into the confined Private Space might not make much sense as, unless the space is unlocked, the app won’t deliver message notifications. The official AOSP documentation even carries a warning that Private Space is not suitable for apps that need to run in the background or send critical notifications, such as medical apps. Treat it as the right tool for “occasional use” , not as a replacement for proper profile hygiene. People new to GrapheneOS often ask how Private Space differs from the traditional secondary user profiles that GrapheneOS has supported for years. The short answer is that Private Space is strictly more convenient, and secondary profiles are strictly more isolated. Secondary user profiles have their own encryption keys, derived from their own unlock credential. When you switch out of a profile or, even better, explicitly end the session of the profile, its data goes back to rest on disk and no longer resides in memory in a decrypted state. Private Space , on the other hand, lives inside the owner profile and piggybacks on its encryption context. When the owner profile is unlocked, the mere existence of data inside the Private Space can be inferred, even if the contents themselves remain protected. For most threat models this difference is purely academic, but it’s worth being aware of. In practice, my recommendation, and the one GrapheneOS itself tends to partially make , is roughly as follows: If you’re coming from a setup that relied solely on secondary profiles, you’ll notice that Private Space eliminates the lockscreen dance for the casual apps, while leaving the cryptographic isolation of secondary profiles available for the things that truly warrant it. The GrapheneOS installation itself is a breeze and, in my experience, the easiest way to put a non-stock operating system onto a smartphone. No , no , no fiddling with recovery images or sideloading obscure ZIPs. You unlock the bootloader, connect the phone to a computer and open GrapheneOS’ WebUSB installer in a compatible browser. From there, the installer walks you through the individual steps. The whole process takes around fifteen minutes and results in a factory-fresh GrapheneOS device. Make sure your device is in the list of officially supported models . Up until nowUp until now GrapheneOS specifically targets Google Pixel phones because Pixels offer verified boot with user-controllable root-of-trust, proper firmware and driver updates, the Titan M2 security chip and a bunch of other hardware-level properties that other Android vendors simply don’t match. This, however, is supposed to change with compatible devices from Motorola hitting the market in 2027. Running a “privacy ROM” on an unsupported device is in many ways worse than running stock Android, since you lose verified boot and in some cases even timely security patches. Once the device boots into GrapheneOS for the first time, resist the urge to immediately install all the apps you’re used to. Walk through the setup wizard, set a strong PIN or passphrase (six digits minimum!) and then, before doing anything else, spend fifteen minutes in the settings. This is the part most guides gloss over. GrapheneOS ships with sensible defaults, but a handful of additional tweaks can noticeably harden the device against both remote and physical threats. GrapheneOS adds a network permission toggle that appears on the install dialog of every new app and as a toggle in the app’s permissions screen. Habitually uncheck network access for any app that has no business talking to the internet. A gallery viewer, a calculator, a local file manager, a launcher, none of these should need network access. It’s a tiny friction with a disproportionately large effect on the amount of telemetry and personal data leaving your device. The sensors permission toggle covers everything the regular Android permissions don’t: Accelerometer, gyroscope, compass, barometer, and so on. You can block these on a per-app basis, which is particularly valuable for apps that have no legitimate reason to know how often you pick up your phone. GrapheneOS also exposes quick-toggle tiles for the camera and microphone in the pull-down menu, which cut access at the system level rather than the per-app level and are convenient for walking into a sensitive meeting or leaving the phone on the nightstand. Under Settings ➔ Network & internet ➔ Private DNS you can point the system resolver at a DNS-over-TLS provider of your choice. Quad9 , Mullvad DNS and NextDNS are all reasonable options. Cloudflare is (sadly) GrapheneOS’ default fallback. If you run your own recursive resolver, which I’d argue is the gold standard, even better. Keep in mind that the Private DNS hostname is looked up once via plaintext, so use a provider you’re okay briefly touching in the clear. With the base system locked down, it’s time to think about what actually goes on it. My general recommendation is to solely use F-Droid for free-software apps. Yes, F-Droid has its well-documented issues as is far from perfect, but for technically literate users who can read source code it remains the best option available in terms of provenance and privacy. For a browser, Vanadium is the default and the safest pick from a pure security standpoint, as it’s a hardened Chromium fork maintained by the GrapheneOS team, with strict site isolation, JIT disabled by default and a per-site JavaScript toggle. The main tradeoff is the lack of proper extension support, which rules out more sophisticated blocking support. If that’s a dealbreaker, install Cromite alongside Vanadium and reserve it for sites where you really need content blocking, while keeping Vanadium as your default for general browsing and anything sensitive. Also make sure to disable JavaScript by default and only enable it for sites that you know and trust! Once the setup is done, the real work is maintaining the discipline. A few habits that have served me well over the years: GrapheneOS on a recent Pixel remains, in my opinion, the closest thing to a genuinely private and secure mobile device that a non-state-actor can own today, despite Google ’s hardware being absolute garbage from quality control and performance perspectives. What GrapheneOS is not , however, is a magic spell that undoes the surveillance business models of the companies whose apps we’ve allowed into our lives. If you take one thing away from this post, let it be the compartmentalization mindset. Use a dedicated stock iOS or Android device for the stuff that absolutely demands surveillance-laden apps like banking portals that only ship as an app, corporate messaging suites, airline loyalty programs, food delivery, and rideshare. Use your GrapheneOS device for everything else, and save the Private Space on that GrapheneOS device for the in-between category, the apps you genuinely only need once in a while, like Uber while traveling, or a messenger like WhatsApp that a handful of people in your life refuse to leave behind. Reserve secondary user profiles for the hard cases that require Google services but that you don’t want bleeding into your daily profile. For new GrapheneOS users, the temptation will be to replicate your old app collection one-to-one. Don’t. Treat the move as an opportunity to audit what you actually need, and keep the owner profile as boring and empty as possible. For experienced users, the addition of Private Space in Android 16 is, I think, the single biggest quality-of-life improvement in years. It lets you retire a bunch of those one-off secondary profiles you created for “that one app” , without giving up meaningful isolation. Revisit your profile layout, consolidate where it makes sense, and lock the rest away behind a space that is off until you explicitly ask for it. None of this replaces thinking about your own threat model, your own habits and the people you communicate with. But on top of a thoughtful threat model, GrapheneOS with Android 16 is sadly about as good as it gets. Footnote: The cover image is a parody ( “meme” ) made from a screen capture of Google ’s Made by Google event with Jimmy Fallon . The host sadly did not publicly endorse GrapheneOS the same way he e.g. endorsed the highly questionable Bored Ape NFT . Owner profile: Lean, minimal, no Google services. F-Droid, trustworthy apps, a solid browser like Vanadium or Cromite . Secondary user profile for sandboxed Google Play : Install sandboxed Google Play here, along with the handful of apps that genuinely require Play Services, like certain banking apps. Keep this profile as small as possible, enable notifications so you don’t miss a transfer confirmation, and end the session whenever you’re done. Private Space inside the owner profile: The occasional use bucket. Uber, Lyft, food delivery, maybe WhatsApp for that one stubborn contact, loyalty apps that you open once a quarter. Lock it when you don’t need it. Auto-reboot: Settings ➔ Security & privacy ➔ Auto reboot . By default GrapheneOS reboots the device after 18 hours of being locked, putting all data back at rest and rendering cold-boot and many forensic attacks significantly harder. I personally lower this to eight or twelve hours. Duress PIN: Settings ➔ Security & privacy ➔ Device unlock ➔ Duress Password . This lets you configure an alternate PIN or password that, when entered on the lockscreen, irreversibly wipes the device in the background without any warning or confirmation. Useful if you’re ever in a situation where you’re compelled to hand over the device unlocked. Lockdown: The standard Android lockdown action (long-press the power button ➔ Lockdown ) disables biometrics and notification previews until the next successful PIN/passphrase entry. Make this a reflex whenever you hand the phone to someone or walk into a situation where you might be compelled to unlock it with your face or fingerprint. PIN scrambling and two-factor fingerprint unlock: Both are available in the lockscreen settings. The former randomizes the keypad layout to defeat shoulder-surfing, the latter requires a PIN after the fingerprint as a second factor. USB-C port control: Settings ➔ Security & privacy ➔ More security & privacy ➔ USB-C port . Set this to Charging-only when locked , or even Charging-only at all times if you rarely use the port for data. This prevents a plugged-in cable from establishing a data connection without your explicit consent. Resist re-installing apps you just removed. The whole point of going through this exercise is to shrink your attack surface. If you find yourself missing Instagram after two weeks, it’s worth asking whether you actually miss Instagram or whether you miss the dopamine loop. Review permissions periodically. Keep the spyware device actually separate. No shared WhatsApp account, no shared password manager vault. Treat it as a different person’s phone. Hit lockdown before boarding a plane or crossing a border. Biometrics offer essentially no legal protection in most jurisdictions. Lockdown forces the next unlock to require a passphrase and if things go sideways there’s the duress PIN. Reboot the device before sleep. Before First Unlock is a meaningfully different security state from After First Unlock . A fresh reboot means the keys haven’t been touched since the last time you intentionally typed your passphrase.

0 views
Stratechery Yesterday

John Ternus and Apple’s Hardware-Defined Future, SpaceXAI and Cursor

The elevation of John Ternus suggests that Apple's future is about hardware differentiation; then, the SpaceX-Cursor deal makes a lot of sense.

0 views
ava's blog Yesterday

vacation pics: husum

My wife in her historical clothing. Vacation home impressions. Husum castle. Museum impressions inside the castle. Spent time at a cafe. Outside the nerd store, waiting for my wife. City port area. Two of our best Cards against Humanity rounds. Visited the seal sanctuary/rehabilitation center. Some game rounds (Thurn und Taxis, and Chez Guevara/Chez Geek) My wife at the sea, in her historical clothing. Beautiful house we saw. Reply via email Published 22 Apr, 2026

0 views
Brain Baking Yesterday

Hello Again, SuSE Linux

It’s good to see you again, old friend. It’s been a while. Twenty-three years, you say? How come we managed to drift apart that far? I know, I know, I betrayed you. But my room was cold at night and Gentoo offered me the ability to keep on compiling. And then I betrayed GNU/Linux for FreeBSD. And then I switched the demon for the apple. I’ve been on an apple diet for so long now, I can barely remember the tux. What is it you say? Oh, it’s openSUSE now. Sure, you’re a chameleon, you can take on any colour you’d like. Great to see it’s still green. I like green. How’s YaST doing these days? ? What’s that, no more ? That’s cool, it looks like you’ve made some progress! Let’s make a screenshot the proper nerdy way and do some in a terminal! Oh, that’s no longer cool? ? So first and then that command? Let’s try that: openSUSE Tumbleweed running on the HP work laptop. My last experience with the Linux desktop was indeed about twenty years ago. Since 2012, I’ve been a macOS user. I’m no longer proud of it: I miss Linux and I think macOS is boring and full of bloat . Yet the rise of the Apple silicon made me buy another one in 2020, which is still the one I’m using right now. The hardware is amazing, the screen is amazing, and the weight and fanless features are amazing. But I still miss customisation features—the ability to truly make the desktop mine—and I stopped updating the OS as a protest to ever increasing bloatware. This laptop is still running Sonoma which is bad enough as it is. I have no intentions to go out and buy another machine any time soon; this one’s still doing fine; but I did start to wonder. What if… I got a ThinkPad and installed Linux back onto it? Would the hardware match the high standards I’m accustomed to now? Would I still be able to make my way around the OS? I ran GNOME 2 and KDE 3 (and then got nerdy with Fvwm). I compiled my own Linux 2.6 kernel patches back when that was brand new. I have no idea what’s happening now. That’s not to say that I don’t touch Linux: I use it daily to host this website, to run the NAS at home, and in virtual containers. But that’s not the Linux Desktop Experience . My main motivation for moving away from Linux was my frustration with endless configuration and compilation. Back in the day, hibernate didn’t just work out of the box, the fan speed had to be configured depending on the type of the laptop, nVidia drivers were a pain (still are), etc. Work and life started getting in the way: I no longer had endless seas of time on my hand to go nuts with Gentoo. With two young kids, that times has dwindled even more, so NixOS or even Arch is out of the question. Being fed up with the crappy Windows 11 installation on my work laptop, I wiped that partition and remembered my old friend The European Chameleon. So here I am, testing the waters yet again. Thanks to Valve, Lutris is amazing . KDE Plasma feels mature (even though some configuration settings seem sluggish). I don’t want to dive into the rabbit hole of AwesomeWM (but I do). I don’t want to try and live without systemd or have to hurt my brain about X11 vs Wayland. I want the thing to “just work”. I want my chameleon to be an apple. A proper one, like a “back in the day” apple one. I haven’t had the time to give openSUSE a proper trail. I’m mainly fighting my muscle memory with versus that strange location which is somewhat diminished by Toshy that then doesn’t work well in combination with my Emacs configuration. What I did notice is that hibernation/suspend is still ugly: if I close the lid for a night without putting the laptop in true hibernate mode (with its dedicated swap partition), the battery drain is ridiculous, especially coming from a MacBook Air that I just jam shut and open up again a hundred times a day. This made me realise I will probably have to give up on the hardware quality part if my next laptop is going to be a non-Apple one. Which I don’t really want to? Seb and I discussed which laptop to get when ours would break down. The Framework is an obvious one as are the System76 ones that specifically support Linux. Alex White’s everyday carry post made me realise the build quality of these is average at best. It’s going to be a painful experience migrating from that. I know Kev is happy with his Framework , but I’m not yet fully convinced. The fact that this HP EliteBook 6 G1a 16 work laptop’s screen and overall build quality is terrible is not helping either. The touchpad palm detection experience is horrible on KDE. Let’s first give the chameleon another chance to see if on an OS level I could live without macOS and my usual mac-exclusive power tools. The ones I’ll miss the most might be Alfred and DEVONthink . My recent migration to do-everything-in-Emacs does make the transition a lot easier. I also moved from iTerm2 to Ghostty last year and am now trying out Kitty with the Fish shell. My RSS feed now lives inside my FreshRSS server making me less dependent on NetNewsWire. Software-wise, I’m getting there. I’m sure I’ll get there. But what about hardware-wise? Related topics: / linux / By Wouter Groeneveld on 22 April 2026.  Reply via email .

0 views

re: The commodification of travel

I relate a lot to Herman's recent post , in more ways then one. His thoughts on travel are very similar to mine, and the fact that he's writing from Kyoto is even better. You see, I spent a semester studying in Japan 14 years ago (good grief has it been that long?). I went to a business school in Tokyo (武蔵大学), despite being a computer science major. I honestly had never been interested in traveling until then. The only reason I found myself in Japan was having been lured into the International Studies office by a sign saying "Free Pizza (Learn About Exchange Programs)", and hey, my college town did have good pizza! While in Japan, I visited Kyoto during the freezing cold of November. I went with another American in my program, we stayed in a hostel, hit the 銭湯 (public bathhouse) every night and hopped around on bus to each destination. We had little plan outside of a small list of things we wanted to see. Most of what we ended up doing was the result of recommendations from our hostel host. And we had a blast . Kyoto was near empty at that time. For example, when we visited 伏見稲荷大社 (the fox shrine that consists of thousands of Torii Gates leading up a mountain), we hiked for hours and saw only a handful of people. To escape from the crisp air, we stepped into a tea house and had a wonderful conversation with the owner (who was just happy to have company). It's one of the most memorable times of my life. I absolutely love Japan. I've been twice, a second time in 2017. But now, like Herman, I don't know if I would return. At least not to Kyoto. To explain why, let's switch countries. The first time in Taiwan, my wife and I went to a famous museum. We went by city bus and a whole lotta walking. Most people arrived by chartered tour busses. As we browsed the isles at a leisurely pace, we were constantly interrupted. First would be a person wearing a speaker, holding a little flag and talking in a microphone. Then, the herd of tourists would follow, each cramming their bodies infront of whatever object so as to get a selfie. They'd stay just long enough at each object to grab a picture, then shuttle off to the next. Not a person read the plaques or admired the details. It ruined the experience, I remember leaving that museum very frustrated. Unfortunately, I've heard that's the state of Kyoto these days. For example, the Geisha district my friend and I randomly found ourselves walking through while looking for dinner was closed due to unruly tourists . People travel for the photo, the checkbox, the badge of honor. They don't dare do or eat as the locals, they instead are pin-balled between selfie spots, only to end the day at a buffet of their home cuisine. When they get home, they post their photos, rake in the likes and forget the whole experience. And look, I've been part of these groups before. My wife is Chinese, and this is the normal way Chinese travel. A big reason for this is visas, a lot of countries (Japan included) don't allow Chinese tourists that are not part of a tour group. The first time I saw the Great Wall was as part of a tour group, the same with the China/Mongolia border. They shuttled us from selfie spot to selfie spot. We had very little time to explore. Each meal was a buffet. Most of my memories are of the inside of the charter bus, not the attractions themselves. I hated it. People are surprised when I mention I'm a repeat visitor to a small set of countries. I've visited Taiwan twice, Japan twice, China twice and Mexico 5 times. I'll get comments of "you really should do X country instead of places you've already done". I fall in love with cultures. And food (same thing). The last time I was in Taiwan, I was there for a month living in an Airbnb working out of a cowork spot. I met so many amazing people. There was the guy who designed the paint for subway cars that took me to a local noodle shop. The American that asked to join me for a day of temple adventures. And the guy who's wife insisted he invite me to sit with them at the theater and share the beer they snuck in. The second time in Japan I stayed in the same suburb as my dorm from my student days. In Mexico, I worked remotely from cafes and explored the incredible food malls of Mérida. I'm not into tourist spots, I'm into finding out what stores are in the alley, discovering what small town is at the end of the Tobu Tojo line, going behind the scenes on a TV show set at the top of a skyscraper, or discovering where the random boat I found that accepts my transit card takes me (it was an island with a bar on the beach, awesome night). That's what travel should be. Stepping into the unknown, excited, and a little afraid. Discovering the local culture, food and people. Making connections and memories that last a lifetime, so when things get tough you can sit in the shower, remembering the water in the public bath house washing over you. 14 years ago I sat on a futon, resting my worn luggage against the wall. After 20+ hours of travel I had made it to my new home in Saitama, Japan (さいたま市). As I sat there, I had a panic attack. Where the fuck was I? What was I doing in a country I knew nothing about. Hell, I didn't even speak a single word of the language, how could I possibly survive on my own for the next semester? An hour or so later I calmed myself down and went on a walk to a department store with a few of the other exchange students. I marveled at how similar, but different, everything was. I also gawked at the insane price of fruit. Three hours later I unexpectedly found myself in a public bath. Talk about culture shock! The next day was the start of the best 4 months of my life. That's what travel is.

0 views

Is Claude Code going to cost $100/month? Probably not - it's all very confusing

Anthropic today quietly (as in silently , no announcement anywhere at all) updated their claude.com/pricing page (but not their Choosing a Claude plan page , which shows up first for me on Google) to add this tiny but significant detail (arrow is mine, and it's already reverted ): The Internet Archive copy from yesterday shows a checkbox there. Claude Code used to be a feature of the $20/month Pro plan, but according to the new pricing page it is now exclusive to the $100/month or $200/month Max plans. Update : don't miss the update to this post , they've already changed course a few hours after this change went live. So what the heck is going on? Unsurprisingly, Reddit and Hacker News and Twitter all caught fire. I didn't believe the screenshots myself when I first saw them - aside from the pricing grid I could find no announcement from Anthropic anywhere. Then Amol Avasare, Anthropic's Head of Growth, tweeted : For clarity, we're running a small test on ~2% of new prosumer signups. Existing Pro and Max subscribers aren't affected. And that appears to be the closest we have had to official messaging from Anthropic. I don't buy the "~2% of new prosumer signups" thing, since everyone I've talked to is seeing the new pricing grid and the Internet Archive has already snapped a copy . Maybe he means that they'll only be running this version of the pricing grid for a limited time which somehow adds up to "2%" of signups? I'm also amused to see Claude Cowork remain available on the $20/month plan, because Claude Cowork is effectively a rebranded version of Claude Code wearing a less threatening hat! There are a whole bunch of things that are bad about this. If we assume this is indeed a test, and that test comes up negative and they decide not to go ahead with it, the damage has still been extensive: Last month I ran a tutorial for journalists on "Coding agents for data analysis" at the annual NICAR data journalism conference. I'm not going to be teaching that audience a course that depends on a $100/month subscription! This also doesn't make sense to me as a strategy for Anthropic. Claude Code defined the category of coding agents. It's responsible for billions of dollars in annual revenue for Anthropic already. It has a stellar reputation, but I'm not convinced that reputation is strong enough for it to lose the $20/month trial and jump people directly to a $100/month subscription. OpenAI have been investing heavily in catching up to Claude Code with their Codex products. Anthropic just handed them this marketing opportunity on a plate - here's Codex engineering lead Thibault Sottiaux : I don't know what they are doing over there, but Codex will continue to be available both in the FREE and PLUS ($20) plans. We have the compute and efficient models to support it. For important changes, we will engage with the community well ahead of making them. Transparency and trust are two principles we will not break, even if it means momentarily earning less. A reminder that you vote with your subscription for the values you want to see in this world. I should note that I pay $200/month for Claude Max and I consider it well worth the money. I've had periods of free access in the past courtesy of Anthropic but I'm currently paying full price, and happy to do so. But I care about the accessibility of the tools that I work with and teach. If Codex has a free tier while Claude Code starts at $100/month I should obviously switch to Codex, because that way I can use the same tool as the people I want to teach how to use coding agents. Here's what I think happened. I think Anthropic are trying to optimize revenue growth - obviously - and someone pitched making Claude Code only available for Max and higher. That's clearly a bad idea, but "testing" culture says that it's worth putting even bad ideas out to test just in case they surprise you. So they started a test, without taking into account the wailing and gnashing of teeth that would result when their test was noticed - or accounting for the longer-term brand damage that would be caused. Or maybe they did account for that, and decided it was worth the risk. I don't think that calculation was worthwhile. They're going to have to make a very firm commitment along the lines of "we heard your feedback and we commit to keeping Claude Code available on our $20/month plan going forward" to regain my trust. As it stands, Codex is looking like a much safer bet for me to invest my time in learning and building educational materials around. In the time I was typing this blog entry Anthropic appear to have reversed course - the claude.com/pricing page now has a checkbox back in the Pro column for Claude Code. I can't find any official communication about it though. Let's see if they can come up with an explanation/apology that's convincing enough to offset the trust bonfire from this afternoon! Amol on Twitter : was a mistake that the logged-out landing page and docs were updated for this test [ embedded self-tweet ] Getting lots of questions on why the landing page / docs were updated if only 2% of new signups were affected. This was understandably confusing for the 98% of folks not part of the experiment, and we've reverted both the landing page and docs changes. So the experiment is still running, just not visible to the rest of the world? You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options . A whole lot of people got scared or angry or both that a service they relied on was about to be rug-pulled. There really is a significant difference between $20/month and $100/month for most people, especially outside of higher salary countries. The uncertainty is really bad! A tweet from an employee is not the way to make an announcement like this. I wasted a solid hour of my afternoon trying to figure out what had happened here. My trust in Anthropic's transparency around pricing - a crucial factor in how I understand their products - has been shaken. Strategically, should I be taking a bet on Claude Code if I know that they might 5x the minimum price of the product? More of a personal issue, but one I care deeply about myself: I invest a great deal of effort (that's 105 posts and counting) in teaching people how to use Claude Code. I don't want to invest that effort in a product that most people cannot afford to use.

0 views
Herman's blog Yesterday

The commodification of travel

I've noticed that travel has become, of late, an act of collecting places. I've literally heard people referring to visiting a place as doing that place, as in "Have you done Japan?", assuming that one can do an entire country, and once that country is done it remains as such. As if a place is a product to be consumed and checked off the list. Why bother returning to a place if you've already done it? I received a gift many years ago which, while being well-intentioned, typifies this idea: a scratch-off map of the world. Each time you visit a country, you can scratch off the metallic coating and the country is now done , according to the map. The work trip I took to São Paulo a decade ago? Brazil: done. Bus tour through Europe? Germany? Check. France? Check. Spain? You get the idea. This kind of mentality is typified in the question I've heard asked many times: "How many countries have you been to?" This is often followed by a debate on whether layovers count towards your tally if you don't leave the airport, as if stepping beyond the airport boundaries bestows doneness . Like many things, I blame social media. It's changed travel from an exploration to social status signalling. I started thinking about this a few years ago while visiting some waterfalls in Indonesia. I love a good frolic in a waterfall, but all of them were just lines of people waiting to take their photo under the falls, and then they'd better get out of the way for the next photo-goers. No frolicking allowed! People need to do these waterfalls! I spent this morning in a beautiful garden outside of Kyoto, which exemplifies the cultural ideals of appreciating nature and meditating on the beauty that surrounds us. It was lovely during the early morning, but then the rest of the world showed up and all they wanted to do was take photos and move on to the next spot to do . There was one moment, in perhaps one of the most heart-wrenchingly beautiful places I've ever visited, where I was surrounded by about 20 other people, all of them either in the process of taking a photo, or looking at what they had just taken on their phones. No one was looking at the amazing stuff they were doing ! That isn't to say taking photos is bad. They're a great way to share an experience with others and save a memory of a time and place—but I think the threshold of what is enough has been crossed in the age of Instagram where images and video are socially valuable. Now beautiful places are commodified. And I don't know if we'll ever go back. I appreciate that many places in Japan limit photos and videos, such as on trains or in gyms, for the sake of not annoying those around you. Perhaps once sunglasses cameras take off and people can record their entire lives they can finally experience where they are, instead of trying to capture it perfectly for later. All that being said, I don't want to gate-keep. If this is the form of travel that makes people happy, then they should do it to their heart's content. Similarly to how some people collect Magic cards while never playing the game, sometimes the fun is in the collection itself. But perhaps look up from your phone once in a while. The world is prettier in full resolution.

0 views
Sean Goedecke Yesterday

Luddites and AI datacenters

Is it time to start burning down datacenters? Some people think so. An Indianapolis city council member had his house recently shot up for supporting datacenters, and Sam Altman’s home was firebombed (and then shot ) shortly afterwards. People from all sides of the argument are sounding the alarm about imminent violence. The obvious historical comparison is Luddism , the 19th-century phenomenon where English weavers and knitters destroyed the machines that were automating their work, and (in some cases) killed the machines’ owners. Anti-AI people are reclaiming the term to describe themselves, and many of the leading lights of the anti-AI movement (like Brian Merchant or Gavin Mueller ) have written books arguing more or less that the Luddites were right, and we ought to follow their example in order to resist AI automation 1 . Like many people, I have heard a lot about Luddism and Luddites, but only in the context of it being a general term for someone who is anti-technology. I was interested in learning more about the actual historical movement: what kind of people participated, what it was, and what it accomplished. I read Merchant’s and Mueller’s books, plus others 2 , to try and figure all of this out. Who were the actual, historical Luddites? What can we learn from them about burning down datacenters? The Luddites were a decentralized movement of artisans in the 1810s who engaged in violent protest - smashing machines, threatening violence, and ultimately killing people - over the fact that their jobs were being automated away. They were not rich, but they were certainly not unskilled labor: these were people who had apprenticed for seven years . They were mostly working from home, producing cloth from raw material given to them by their employer, often with tools rented from that same employer. They were working short weeks (three days, per William Gardiner) at their own discretion. In the early 1800s, their skilled labor was becoming unnecessary. With the help of expensive machines, unskilled labor could now produce lower-quality cloth, so employers were beginning to pass over these artisans in favor of cheaper employees: children, unapprenticed workers, and women 3 . Combined with the bad economic position of England at the time (at war with France, and thus deliberately cutting off much European trade), times were beginning to be very tough indeed. Starvation was a real threat. Cloth artisans were groups of capable men who were used to getting their own way, knew each other very well, and were broadly respected in their communities. It was thus a natural response for them to organize into what was effectively a militant union. The Luddites would send anonymous threatening letters to their old (or current) bosses, warning them to stop using their machines. If they didn’t comply, they would raid the workshop or factory, smashing the machines up. They typically did not harm people, though they certainly delivered threats of bodily harm or even murder, and the raids were violent enough (e.g. shooting through windows) to have risked accidental deaths. In at least two instances where a factory owner was seen as unusually cruel, the Luddites did attempt assassinations: one unsuccessful, and one successful one that eventually prompted a crackdown that ended the movement for good. Luddism was fully decentralized. Different communities could and did decide to engage in machine-raiding independently, particularly when news spread of the tactic succeeding. Although each community had its own influential men, there was never a single “leader of Luddism”. King Ludd himself was a folk-tale figure. This made it an absolute nightmare for the British government to try and suppress them: putting down one Luddist group did nothing to prevent other groups from continuing to operate. I was surprised by how difficult it was for the government to get a hold of any of the local Luddist ringleaders. The government was willing to offer huge rewards to informers: at one point up to 40x the yearly wage. However, there were no takers for several years. Armies of spies were recruited and tasked with infiltrating Luddist groups, with absolutely no success. Why was it so hard? Firstly, because the working class was so overwhelmingly pro-Luddist. People universally blamed the economic situation on the government and the factory owners (rightfully so, since the government had chosen to go to war and the factory owners had chosen to embrace automation). Secondly, the communities in question were so insular and tightly-knit that informers would have to rat on their friends and relatives. The handful of people who did eventually inform lived out the rest of their lives as pariahs. Because each group was so insular, any spies trying to infiltrate the movement would have been complete strangers to the community, and would thus have a very hard time gaining the trust of a group of men who had known each other for their whole lives. The spies that did exist were restricted to the occasional inter-group Luddist meetings, where people didn’t all know each other so closely. But it’s unclear how important those meetings were, since Luddist groups didn’t need to coordinate to achieve their goals. According to Merchant, the spies spent much of their time embellishing tales of an imminent revolution to encourage their employers to keep the money flowing. In the absence of reliable information, the British government was forced to use force. And they did, sending 12,000 troops 4 into the northern counties. This served mainly as an intimidation tactic, since there was no standing Luddite army to fight, and the soldiers spent most of their time marching back and forth or being abused by the townspeople. More successful was the imposition of a full police state in Yorkshire, under the magistrate Joseph Radcliffe, who was empowered to randomly grab people off the street and interrogate them for days. That pressure eventually convinced a handful of people to give up their local Luddist organizers, who were tried and inevitably hanged. Their deaths (and the ensuing climate of fear) ended the high-water mark of Luddist activity. Even then, Luddist raids continued on and off for six more years before petering out. This is a tricky question. In one sense the answer is obviously no: the movement was crushed, many of their leaders were executed, the textile industry continued to be automated, and today there are no longer thousands of jobs for skilled British weavers, knitters, spinners and dyers. The pro-automation side won. However, they did achieve a number of short-lived victories. Their early threats often succeeded in preventing the building of a factory in a particular location, or in delaying the adoption of industrial machinery in a particular shop by years. In one case, hosiers that had been spooked by Luddite activity gave out pre-emptive bonuses to their workers to discourage them from smashing up their machines (which were indeed not smashed). The Luddites also scared the hell out of the British government, who (encouraged by their over-eager spies) thought they might have a genuine revolution on their hands. While they didn’t get many legal concessions at the time, the specter of Luddism must have loomed over the labor reform movement of the 1800s, which saw the first anti-child-labor laws and the beginnings of independent inspection of factories. Finally, every book I read argued that the Luddism movement may have created the first idea of a “working class”, by unifying many previously-independent groups of workers against a common enemy. Seen this way, the “political arm” 5 of Luddism can arguably claim partial credit for every labor victory since the 1800s (though the ringleaders were still hanged and the weavers did still lose their jobs). We can now describe the “Luddist approach” to fighting technological change: Note that starting or joining a national movement is not the Luddist approach. Staying almost entirely isolated in small cells helped the Luddists avoid government spies and made them impossible to root out without enforcing a police state. Note also that you need a lot of public support for this to work: so that you get a lot of copycat groups without having to explicitly organize them, and so that your property destruction and murder is taken sympathetically instead of getting you immediately reported and arrested. There are many reasons why this doesn’t map onto the current anti-AI movement. First, Luddism grew from a homogeneous group of high-status workers whose jobs almost vanished overnight, not a broad group of people whose jobs are getting slightly worse because of AI (like the gig-economy workers Merchant endlessly references). That meant that Luddites had really specific asks: higher wages for piecework, a phased introduction of specific textiles machinery, and so on. They were not generally demanding that the machines all be immediately destroyed 6 . Second, Luddism was very local. A pre-existing group of artisans in a particular town would gather in that town - either at work or an inn, say - and decide to petition or raid the businesses in that town that were harming their livelihoods. AI concerns are not like this. It isn’t businesses in Chicago or Tokyo that are making decisions that imperil Chicago’s or Tokyo’s jobs, it’s businesses in San Francisco. Unlike the Luddists, anti-AI activists can’t naturally organize with people they already know to take direct action where they already live. Third, Luddist victory could also be local. If you successfully lobby your local cloth business to not use a weaving machine, you have secured your job at that business for a while. But if you successfully lobby your town (or even your country!) to not build a datacenter, it doesn’t meaningfully improve your local position, since your job can be as easily replaced by a datacenter on the other side of the planet. Reading through the history of the Luddites from a modern perspective, I was struck by the near-total absence of good government . The artisans were left to work out their grievances with their bosses more or less by themselves, with no formal channels for complaint or any attempt at mediation. When the government did intervene - in response to near-universal unrest in half of the country - they did this: I suppose it worked, in the sense that it eventually succeeded in stopping the Luddist raids. But I can’t help but think that even a token gesture of compromise (say, requiring employers to make their wages public, or restricting the most cheap-and-nasty factory-made textile products) would have gone a long way towards calming things down. This almost actually happened! The 1812 Framework Knitters’ Bill, which had these provisions in it, passed the House of Commons but was shot down in the House of Lords. Why did the government fail to even make a token attempt at compromise? Before the industrial revolution, I wonder if the workers and bosses of the English textiles industry were genuinely able to often just work out their problems together, so the government never really needed to do large-scale mediation. When that changed - when automation first made it possible for the bosses to durably “win” - government took a long time to realize, so there were some unpleasant decades of disempowered workers trying to bully factory-owners (via riots and death threats), and factory-owners trying to brutalize workers (via direct violence and automation). The Luddites weren’t anti-technology in general. Instead, they were against four or five specific machines that were automating away their skilled work. Contrary to many of the books I read, I think that’s actually fairly well understood today. But what surprised me was how truly decentralized and widespread the movement was. Every town with weavers faced the same incentives (the bosses to industrialize, and the workers to fight back) which created Luddism locally. And nobody was willing to report the Luddites: not for years, or for what would have been a fortune in cash, or in disagreement with their actions. They were only stopped by a truly fascist crackdown, with the army in the streets and the secret police pulling away random citizens for arrest and questioning. I can see why modern “Luddites” - who are genuinely anti-technology - talk so much about the legacy of original Luddites. Luddism was a grassroots organization which notched up some real short-term wins, enjoyed near-total support among the public, and didn’t seem to be troubled by infighting at all 7 . If you’re an anti-AI campaigner, I bet all of that sounds great 8 . But I’m not convinced that the neo-Luddites really are the inheritors of Luddism. A load-bearing feature of Luddism is that it was local : it didn’t have manifestos, or leaders, or factions, or even much explicit ideology beyond the artisans’ immediate practical concerns. These were local men striking back against the local factories harming their local jobs. That simply isn’t the case with AI, where a datacenter in China can take my job in Australia. If it isn’t time to start burning down datacenters, what can we do? Well, workers today are better off than the Luddites were, because we stand on their shoulders. Unlike the Luddites, today’s workers can all vote (and I suspect there will be no shortage of anti-AI candidates to vote for). It’s a much less exciting answer to say “try and get better laws passed” than to say “viva the revolution, where’s my Molotov cocktail”. Still, if the Luddites had that option, I suspect they would have used it. edit: A reader pointed me at Against the Luddites , which argues that (a) the Luddites were an elite (ish) movement, (b) they explicitly and deliberately excluded women, and (c) their leftist theory bonafides are questionable. I don’t really care about (c), agree with (b), and mostly agree with (a), with the caveat that they really did have a broad base of non-elite support. I got linked this article calling AI a “fascist artifact” (on a blog called “Breaking Frames”, a clear reference to Luddism) while I was writing this blog post. I really enjoyed Merchant’s book and did not enjoy Mueller’s (which I found to be 10% about the Luddites and 90% about interminable intra-Marxist ideological arguments). I also read The Luddites , which was effectively a dry summary of the ground Merchant covers, a bunch of other essays, and went back and forth with ChatGPT and Claude on some of the key questions. Merchant (around page 134) attempts to characterize Luddism as a pro-feminist movement, citing some examples of women helping organize raids, but later on even he (page 162) quotes a representative of the Irish weaver’s guild effectively saying “we don’t have your English problems of women working in the industry”. In general it’s a bit frustrating that the popular books on Luddism are all fairly uncritically pro-Luddist (though not surprising, I suppose). Merchant doesn’t touch at all on the Luddist practice of going around to knitting-shops with women and “discharging them from working”. Sometimes this is described as more troops that were sent to fight Napoleon (even by Merchant himself on page 89), but that isn’t right . In quotes because it was not an official Luddist group (there were none), just people who were trying to stop the violence through lobbying and legislation. Otherwise why would any boss agree, instead of just waiting for the Luddites to do it themselves? As far as I can tell this is true: the Luddists basically had no internal conflict. I think this is because each individual cell knew each other well already, and so handled their disagreements privately (instead of by writing pamphlets), and disagreements between cells didn’t matter that much because they had no need to coordinate. It beats the hell of the other popular reference, Dune’s Butlerian Jihad , which was two generations of brutal violence followed by the reimposition of the feudal system. (Although, at least the Butlerian Jihad succeeded …) Find a few conspirators in your existing community who agree with your political project (but don’t join a broader organization, since that leaves you vulnerable) Make public anonymous demands in support of your specific goals, backed up by threats of violence, signed by a fictional character that’s easy for other groups to appropriate If your threats are ignored, attack the physical machines in the dead of night, destroying them and threatening (but not killing) any guards Hope your example inspires many more people to independently do (1)-(3) themselves Keep raiding, optionally escalating to assassination of some of the bosses, until you bait a totalitarian crackdown from the government Eventually get arrested and executed, to great public dismay Twenty years later, your example inspires the first national trade unions Make machine-breaking and oath-taking capital crimes Dump thousands of soldiers more or less at random into the area, with no plan to guard factories or do anything beyond just hang around in case a revolution broke out Empower a single magistrate to arrest and interrogate whoever he wanted in order to root out the conspiracy I got linked this article calling AI a “fascist artifact” (on a blog called “Breaking Frames”, a clear reference to Luddism) while I was writing this blog post. ↩ I really enjoyed Merchant’s book and did not enjoy Mueller’s (which I found to be 10% about the Luddites and 90% about interminable intra-Marxist ideological arguments). I also read The Luddites , which was effectively a dry summary of the ground Merchant covers, a bunch of other essays, and went back and forth with ChatGPT and Claude on some of the key questions. ↩ Merchant (around page 134) attempts to characterize Luddism as a pro-feminist movement, citing some examples of women helping organize raids, but later on even he (page 162) quotes a representative of the Irish weaver’s guild effectively saying “we don’t have your English problems of women working in the industry”. In general it’s a bit frustrating that the popular books on Luddism are all fairly uncritically pro-Luddist (though not surprising, I suppose). Merchant doesn’t touch at all on the Luddist practice of going around to knitting-shops with women and “discharging them from working”. ↩ Sometimes this is described as more troops that were sent to fight Napoleon (even by Merchant himself on page 89), but that isn’t right . ↩ In quotes because it was not an official Luddist group (there were none), just people who were trying to stop the violence through lobbying and legislation. ↩ Otherwise why would any boss agree, instead of just waiting for the Luddites to do it themselves? ↩ As far as I can tell this is true: the Luddists basically had no internal conflict. I think this is because each individual cell knew each other well already, and so handled their disagreements privately (instead of by writing pamphlets), and disagreements between cells didn’t matter that much because they had no need to coordinate. ↩ It beats the hell of the other popular reference, Dune’s Butlerian Jihad , which was two generations of brutal violence followed by the reimposition of the feudal system. (Although, at least the Butlerian Jihad succeeded …) ↩

0 views

Ralph and Lisa

We know the Ralph Wiggum loop: The Ralph loop is about context management; doing things one "turn" at a time can be more effective and cheaper than doing many turns (see "Expensively Quadratic" ). Let me introduce you to the Lisa loop: Write a script that does this or that. If it fails, be sure to exit non-zero, and another agent will fix it. Script failed (with last output ). It was intending to do what was described in . Fix it in place. When your agent loop finishes, it will execute again, and the agent will be re-invoked if there are errors. Use to leave notes for future iterations. Lisa is self-sufficient. Lisa is self-healing. Lisa is smart.

0 views

News: Anthropic Removes Claude Code From $20-A-Month "Pro" Subscription Plan For New Users (Developing)

In developing news, Anthropic appears to have removed access to AI coding tool Claude Code from its $20-a-month "Pro" accounts. This is likely another cost-cutting move that follows a recent change ( per The Information ) that forced enterprise users to pay on a per-million-token based rate rather than having rate limits that were, based on researchers' findings, often much higher than the cost of the subscription. Previously, users were able to access Claude using their Pro subscriptions via a command-line interface and both the web and desktop Claude apps. Users were, instead of paying on a per-million-token basis, allowed to use their subscription to access Claude Code, but will likely now have to pay for API access. Anthropic's Claude Code support documents ( as recently as this April 10th archived page ) previously read "Using Claude Code with your Pro or Max plan." The page now reads "Using Claude Code with your Max plan." Pricing on Anthropic's website reflects the removal of Claude Code on both mobile and desktop. Some Pro users report that they are still able to access Claude Code via the web app and Command-Line Interface. It is unclear at this time whether this change is retroactive or for new Pro subscribers, or whether Anthropic intends to entirely remove access to Claude Code (without paying for API tokens) from every Pro customer. I have requested a comment from Anthropic, and will update this piece when I receive it, or if Anthropic confirms this move otherwise. If you liked this news hit and want to support my independent reporting and analysis, why not subscribe to my premium newsletter? It’s $70 a year, or $7 a month, and in return you get a weekly newsletter that’s usually anywhere from 5,000 to 18,000 words, including vast, detailed analyses of NVIDIA , Anthropic and OpenAI’s finances , and the AI bubble writ large . I recently put out the timely and important Hater’s Guide To The SaaSpocalypse , another on How AI Isn't Too Big To Fail , a deep (17,500 word) Hater’s Guide To OpenAI , and just last week put out the massive Hater’s Guide To Private Credit . Subscribing to premium is both great value and makes it possible to write these large, deeply-researched free pieces every week.  Anthropic appears to have removed access to Claude Code for its $20-a-month "Pro" Plans. Current Pro users appear to still have access via the Claude web app. Claude Code support documents exclusively refer to accessing Claude Code via "your Max Plan," after previously saying you could access "with your Pro or Max Plan."

0 views

Where's the raccoon with the ham radio? (ChatGPT Images 2.0)

OpenAI released ChatGPT Images 2.0 today , their latest image generation model. On the livestream Sam Altman said that the leap from gpt-image-1 to gpt-image-2 was equivalent to jumping from GPT-3 to GPT-5. Here's how I put it to the test. First as a baseline here's what I got from the older gpt-image-1 using ChatGPT directly: I wasn't able to spot the raccoon - I quickly realized that testing image generation models on Where's Waldo style images (Where's Wally in the UK) can be pretty frustrating! I tried getting Claude Opus 4.7 with its new higher resolution inputs to solve it but it was convinced there was a raccoon it couldn't find thanks to the instruction card at the top left of the image: Yes — there's at least one raccoon in the picture, but it's very well hidden . In my careful sweep through zoomed-in sections, honestly, I couldn't definitively spot a raccoon holding a ham radio. [...] Next I tried Google's Nano Banana 2, via Gemini : That one was pretty obvious, the raccoon is in the "Amateur Radio Club" booth in the center of the image! Claude said: Honestly, this one wasn't really hiding — he's the star of the booth. Feels like the illustrator took pity on us after that last impossible scene. The little "W6HAM" callsign pun on the booth sign is a nice touch too. I also tried Nano Banana Pro in AI Studio and got this, by far the worst result from any model. Not sure what went wrong here! With the baseline established, let's try out the new model. I used an updated version of my openai_image.py script, which is a thin wrapper around the OpenAI Python client library. Their client library hasn't yet been updated to include but thankfully it doesn't validate the model ID so you can use it anyway. Here's how I ran that: Here's what I got back. I don't think there's a raccoon in there - I couldn't spot one, and neither could Claude. The OpenAI image generation cookbook has been updated with notes on , including the setting and available sizes. I tried setting to and the dimensions to - I believe that's the maximum - and got this - a 17MB PNG which I converted to a 5MB WEBP: That's pretty great! There's a raccoon with a ham radio in there (bottom left, quite easy to spot). The image used 13,342 output tokens, which are charged at $30/million so a total cost of around 40 cents . I think this new ChatGPT image generation model takes the crown from Gemini, at least for the moment. Where's Waldo style images are an infuriating and somewhat foolish way to test these models, but they do help illustrate how good they are getting at complex illustrations combining both text and details. rizaco on Hacker News asked ChatGPT to draw a red circle around the raccoon in one of the images in which I had failed to find one. Here's an animated mix of their result and the original image: Looks like we definitely can't trust these models to usefully solve their own puzzles! You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options .

0 views