to read (pdf)

1. I don't want your PRs anymore
2. JitterDropper | OALABS Research
3. DomainTools Investigations | DPRK Malware Modularity: Diversity and Functional Specialization
4. EXHIB: A Benchmark for Realistic and Diverse Evaluation of Function Similarity in the Wild
5. Neobrutalism components - Start making neobrutalism layouts today

generated: May 04, 2026 at 04:18:25

1. May 04, 2026
   1. 🔗 VoidNullable/lific v1.2.1 release

      Full Changelog : v1.1.3...v1.2.1

   2. 🔗 Stavros' Stuff Latest Posts Adding a feature to a closed-source app rss

      Who needs source code?

      I use Audiobookshelf (abbreviated ABS) for all my legal audiobooks that I bought legally, and I really like it. I also use the Smart Audiobook Player (abbreviated SABP) Android app, which I also bought (leg

2. May 03, 2026
   1. 🔗 r/reverseengineering GitHub - 03DSmoothie/minecraft-cpp-versions: Minecraft recoded in C++ (multiple versions) rss

      submitted by /u/03D_DEV
      [link] [comments]

   2. 🔗 r/LocalLLaMA One bash permission slipped... rss

      | How? It kept getting chained bash commands wrong, with wrong escapes. So it created many bad directories, and tried "fixing" its mistake. It offered to run a large bash command, with rm -rf inside, and stupid me missed it. I'm glad I push everything often. But the disruption is massive. FAQ:

      • No, I don't run this on my personal computer. It's an isolated proxmox VM for coding with LLMs.

      submitted by /u/TheQuantumPhysicist
      [link] [comments]
      ---|---

   3. 🔗 r/Leeds Wand and Tankard at St John's Centre rss

      After walking past several times and being confused as to what the place actually is (thought it was for kids), today I approached the owner/manager. Wand and Tankard is an outside pub/beer garden that adjoins Merrion Gardens. Anyone can basically go, order drinks and chill out in the cabins or garden they have. Inside the St John's Centre is the Hole in Wand (Indoor golf). Felt a bit sorry for the guys today as they had 3 great buskers on, a seemingly good bar concept, yet was nearly empty.

      submitted by /u/Puzzleheaded_Bunch44
      [link] [comments]

   4. 🔗 r/Yorkshire Whitby, moody version rss

      | submitted by /u/SectorSensitive116
      [link] [comments]
      ---|---

   5. 🔗 r/Yorkshire Now and then rss

      submitted by /u/Still_Function_5428
      [link] [comments]

   6. 🔗 r/reverseengineering Automated RASP Bypass with Frida + AI Agent | nutcracker & aipwn demo rss

      submitted by /u/Aggravating_Lie_5779
      [link] [comments]

   7. 🔗 r/york love this place! rss

      | submitted by /u/TrueNeighborhood7624
      [link] [comments]
      ---|---

   8. 🔗 r/york Which pubs have darts boards in York? rss

      I’m hoping to organise a darts pub crawl for a friend’s birthday around York but I don’t know many pubs that have boards (the white horse and the old bank are the only two I’ve seen). Do you have any recommendations?

      submitted by /u/ZealousidealRange269
      [link] [comments]

   9. 🔗 r/Yorkshire Whitby Beach rss

      | submitted by /u/Glittering_Vast938
      [link] [comments]
      ---|---

   10. 🔗 r/Yorkshire Whitby Harbour rss

       | submitted by /u/Glittering_Vast938
       [link] [comments]
       ---|---

   11. 🔗 r/Yorkshire Grade II listed bid for 1960s Shipley Clock Tower rejected rss

       | submitted by /u/Kagedeah
       [link] [comments]
       ---|---

   12. 🔗 r/Yorkshire Pen-y-ghent. rss

       | Took the morning i did the yorkshire 3 peaks. Probably one of the best photos I've taken. submitted by /u/Pearls_of_Rizzdom
       [link] [comments]
       ---|---

   13. 🔗 r/reverseengineering Please critique my reverse engineering ctf platform. It is meant for beginners but I would like input from serious reverse engineers. It is functionally done but I need criticism for further refinements, thank you! rss

       submitted by /u/ComplaintDirect4335
       [link] [comments]

   14. 🔗 r/wiesbaden Nachbar möchte sein Auto verkaufen. Wer möchte es bzw. an wen wendet man sich? rss

       Hi,

       meine Nachbarn ziehen zurück nach Amerika und verkaufen ihr deutsches Auto. Sie kennen sich damit nicht so aus und ich ehrlicherweise auch nicht so, da ich nie ein Auto besessen habe. Ich würde ihnen aber gerne helfen.
       Es handelt sich dabei um einen gut gepflegten Hyundai i10 mit 30.000km drauf. Ist 3 oder 4 Jahre alt, hat 49 kW (früher waren das die PS, oder?) und soll für 10.000 Euro verkauft werden in ca. 2 Monaten.

       Wo inseriert man das in Wiesbaden, um einen lokalen Käufer zu finden? Kann man das einfach einem guten Autohaus geben? Was wäre ein gutes Autohaus?

       submitted by /u/Individual-Handle676
       [link] [comments]

   15. 🔗 r/Leeds Who would be responsible for these stairs, Whitehall Rd leading to the canal? Is it the council or the canal trust, rss

       Earlier today a lady in front of me slipped and fell forwards on these stairs, normally not an issue other than the fact these stairs are rusted asf with sharp jagged edges. She cut her hand pretty bad, I had to take her to my apartment around the corner to clean her hand up and then put her in an uber to the hospital for what will definitely be a few stitches.

       This area is really busy now, with all the new apartments and offices nearby, surely about time they replace this staircase.

       It’s covered in rust, most of the metal grates are broken and full of sharp jagged edges, and it’s slippery asf when wet.

       I was hoping to write to who owns it, along with a few pictures of the ladies hand, a threat of liability and compensation might also help them have a bit of urgency. However I can’t work out if this is the canal trust or the council who would be responsible for this. Any help appreciated. Thanks.

       submitted by /u/MiserableSandwich36
       [link] [comments]

   16. 🔗 r/Yorkshire Harrogate firm that is 'Britain’s largest independent sausage maker' is to open its doors to jobseekers rss

       | submitted by /u/willfiresoon
       [link] [comments]
       ---|---

   17. 🔗 r/Leeds Name of band at the corn exchange 02/05/2026 rss

       Did anyone catch the name of this band that were playing outside the corn exchange yesterday?

       They were killing it but the wind made their sign blow over so I have no idea who they are!

       Thankyou /Leeds

       submitted by /u/baldursbae
       [link] [comments]

   18. 🔗 r/Yorkshire Sheffield's Reform Candidate Who Was Told R*cists Not Wanted Here Has A Dumb Idea: Scrap Clean Air! rss

       | submitted by /u/johnsmithoncemore
       [link] [comments]
       ---|---

   19. 🔗 Register Spill Joy & Curiosity #84 rss

       No big intro today. No time. I have to tweak some orbs, there's a big release coming.

       

       • Evan Phoenix: Agile in the Age of AI. There's so much in there and it's all really good. Highly recommended.

       • This is one of the most interesting analyses of What's Going On With Software Right Now that I've read in recent weeks: "To be a little less vague, I suspect that we're likely (not certain, but likely) to be entering into a period of unprecedented software degradation, and we're going to be seeing an increasing frequency of outages like this across many high profile products. But IMO the cause is actually not just the-one-thing-that-everyone-is-always-talking-about, it's a number of things that have all been bubbling away at just below critical levels for a long time.[…]" You know this joke about the fish and the water, right: old fish asks young fishes "morning! how's the water?" and the young fish are confused and ask "what's water?" It's easy (and probably not that wrong) to point at AI and declare it the cause of every change we see, but I think it's equally likely that only now that we're out of the ZIRP-era do we see what ZIRP has actually done to this industry.

       • Ghostty Is Leaving GitHub: "It's not a fun place for me to be anymore. I want to be there but it doesn't want me to be there. I want to get work done and it doesn't want me to get work done. I want to ship software and it doesn't want me to ship software. I want it to be better, but I also want to code. And I can't code with GitHub anymore. I'm sorry. After 18 years, I've got to go. I'd love to come back one day, but this will have to be predicated on real results and improvements, not words and promises." The times they are a-changing. Don't forget to read Mitchell's comment here. I don't have the time right now to spell out how much GitHub means to me, but I can safely say that without GitHub I wouldn't have the life I have today. And for many, many years I thought working at GitHub would be the best job in the world.

       • This chart made the rounds and kinda said the record straight: "I don't work on reliability & scaling at GitHub, but the people who do aren't bad at their jobs. They're dealing with unprecedented scale from agents. It's easy to shit on GitHub from the outside if you're not in charge of 30X-ing capacity within a few months. Have some grace."

       • I found Armin's commentary on the whole GitHub situation to be very good: Before Github. This, for example: "GitHub is currently losing some of what made it feel inevitable. Maybe that's just the life and death of large centralized platforms: they always disappoint eventually. Right now people are tired of the instability, the product churn, the Copilot AI noise, the unclear leadership, and the feeling that the platform is no longer primarily designed for the community that made it valuable. Obviously, GitHub also finds itself in the midst of the agentic coding revolution and that causes enormous pressure on the folks over there. But the site has no leadership! It's a miracle that things are going as well as they are." (Sidenote: I can't be the only one who's never used the word 'forge' before and now sees it everywhere as if there had been a big "this is the new word we're going to use now" memo going around.)

       • Mat Duggan on the GitHub he'd build if he were "rich like a man who owns a submarine he's never been inside. Rich like a man whose third wife has a skincare line. Tech-titan rich -- the kind of money that buys you a compound in Wyoming and the confidence to wear the same gray t-shirt to congressional testimony." Doesn't look like what I'd envisioned but some of the points are very interesting, especially this one: "My local copy of the repo should be a representation of the entire repo, not just the code. I should be able to approve a PR from the same VCS I use to check in the code. I should be able to go through my issues by looking through local files." It's kinda funny that over the last decade git and GitHub haven't really merged. It's always been repository here and rest over there.

       • Highly, highly, highly recommend you read this piece by Kevin Kelly on Our Uncertain Uncertainties: "In other words, we have a sustained, extended period of uncertainty. Not just a few years, but a decade or more. As AI continues to progress, rather than resolving our perplexity, it expands it. So for the next 10-15 years we have perpetual, continuous, severe uncertainty. This is a burdensome weight because people hate uncertainty more than bad news. […] what should we do about it? The most effective response to this multi-layered persistent uncertainty is not to seek impossible stability, but to cultivate radical adaptability and radical optionality. Give up on having a reliable prediction of what happens next. Instead cultivate multiple scenarios of what could happen, and endeavor with each of them to maximize your options. Goals should be considered as disposable hypotheses, constantly ready to be discarded and replaced by better-fitting concepts later on." As much as I don't like to say it, I think it's true. I think the last 30 years will look incredibly calm compared to the next 10. But hey, when the going gets tough, the tough get going, right? Or as the Hunter S. Thompson quote goes that I had pinned to me teenage bedroom wall: when the going gets weird, the weird turn pro.

       • My friend Tomas Senart is looking for a founding engineer to work with him on Perfloop. I worked with Tomas for many years at Sourcegraph, he's a true hardcore programmer, incredibly high agency (probably came out of the womb with his sleeves rolled up), and has a great sense of humor. Also: I trust him blindly to order sushi for me whenever we go out. If you're into AI and systems programming and performance optimizations: talk to him!

       • Had you asked me, when I started this newsletter, whether I'd ever link to something in the National Catholic Register, I probably would've laughed and said "What? What is that? What's in there? Why would I link to it?" But now we're here and I think this is one of the best things I've read on AI and education, or actually: education in general, in a long, long time: Reparing the Ruins: Why AI Can't Replace Education. Listen to this: "Education worthy of the name has always understood this. Its end is not the delivery of content, however accurate. It is the formation of persons capable of judgment, attention and intellectual honesty. That formation requires a genuine encounter with difficulty -- the friction of a hard text, the resistance of a problem that does not yield quickly, the discomfort of revising what one believed. It requires embodiment as much as intellect: reading slowly, speaking in one's own voice, accepting the cost of standing behind one's words. A person does not become capable of truth by managing information alone. Wisdom is formed in contact with reality, not in its simulation." Amen.

       • Big oof: "Copy Fail is a straight-line logic flaw -- it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017."

       • The West Forgot How to Make Things. Now It's Forgetting How to Code: "Five to ten years from now, we'll need senior engineers. People who understand systems end to end, who can debug distributed failures at 2 AM, who carry institutional knowledge that exists nowhere in the codebase. Those engineers don't exist yet because we're not creating them. The juniors who should be learning right now are either not being hired or developing what a DoD-funded workforce study calls "AI-mediated competence." They can prompt an AI. They can't tell you what the AI got wrong. It's Fogbank for code. When juniors skip debugging and skip the formative mistakes, they don't build the tacit expertise. And when my generation of engineers retires, that knowledge doesn't transfer to the AI."

       • This was delicious. Daniel Lemire "created something I call the SIMD Quad algorithm" which beats binary search due to parallelism. Essentially: divide your list into blocks of 16 elements, then divide the list of blocks into quarters, check independently which quarter must contain your target (which CPU can optimize), do that until you end up with a single block, then check all 16 elements at once. Slick!

       • Very interesting (but maybe a bit shallow) profile of Mistral in Forbes. This is brutal: "But Mistral has slipped ever further behind in leader­boards ranking AI performance. It's so bad that Mistral's best model would lose in a face-off against a version of Anthropic's Claude that was released nine months earlier, per one popular benchmark. Worse, it's also bested by a new crop of open-weight models from Chinese startup DeepSeek and tech giant Alibaba." But there is a But: "But Mensch bets that a smaller, cheaper model made in Europe is better suited for governments and global companies than an American closed-source LLM with far more horsepower. Plus, it's too risky for serious Western companies to depend on Chinese models, says Mistral investor Jeannette zu Furstenberg of venture fund General Catalyst. The strat­egy has worked to the tune of $200 million in revenue in 2025. And Mensch says Mistral is on track to start making around $80 million monthly by December" Very interesting. But (another one), as a European myself, I have to say that I can't stand it anymore when European tech companies pitch their product with what essentially boils down to: "at least we're not [US company]." Yeah, the product might be worse, yeah, it doesn't work as well as the other thing, but hey, at least we're not …, at least we don't store your data in the US, at least … As a colleague of mine once said about a similar sounding marketing campaign by Opera, the browser company from twenty years ago, in which it essentially said "at least we don't track you": that's not what a winner would say.

       • 3 constraints before I build anything. This was fascinating, because my first reaction was: yes, constraints #1 and #2 are right, but what does #3 even mean? But now, re-reading it, I think that even #2 can be argued. And, hey, #1 too, actually. It is interesting though that they all have some value and I'd definitely say it's three things to consider before building anything, but [turning around and pointing at the choir behind me: now everybody!] it depends.

       • Why fat tailed costs emerge at scale: "I find that analysis of AI business models consistently underestimates the impact of unit economics. When people say AI startups face margin squeeze, they point to external competitors or monopolistic GPU pricing as contributing factors. But it seems that the internal resource variance would still exert pressure, even if there was only one LLM provider and chips were abundant." We'll probably never get it, but an in-depth blog post by one of the inference providers or model houses on exactly this would be very interesting.

       • Hell yes: "I like art that feels like it was made by a free person. I like to see how a person chooses things. I like art before it gets noted and workshopped and homogenized. I like art that preserves the rough edges of the person. Polish can be taught, so it's less interesting to me than that which can't be. I like when I can sense how someone really talks, feels, and thinks. I mean consciously so, but also unconsciously so. Every choice communicates. Even the 'errors.' I embrace the errors." That's why I like to listen to live music a lot. As our admin on the Led Zeppelin bootleg forum in 2007 said: "They always bit off more than they could chew -- and then chewed it."

       • Very, very interesting: Inside macOS window internals: how SkyLight enables multi-cursor background agents.

       • Zed 1.0 is out! Congratulations!

       • CorridorKey: "When you film something against a green screen, the edges of your subject inevitably blend with the green background. This creates pixels that are a mix of your subject's color and the green screen's color. Traditional keyers struggle to untangle these colors, forcing you to spend hours building complex edge mattes or manually rotoscoping. [...] I built CorridorKey to solve this unmixing problem. You input a raw green screen frame, and the neural network completely separates the foreground object from the green screen. For every single pixel, even the highly transparent ones like motion blur or out-of-focus edges, the model predicts the true, un-multiplied straight color of the foreground element, alongside a clean, linear alpha channel. It doesn't just guess what is opaque and what is transparent; it actively reconstructs the color of the foreground object as if the green screen was never there." Crazy that his even works without a green screen.

       • So, Henrick Johansson, this Twitter European VC parody account that often hit a bit too close to home is… real?! No, that can't be, right? So my theory is: it started as a parody account, but then Comp AI took over the account, changed the avatar to this actor's image, and now uses it to run ads for compliance while keeping the parody going. Anyone know more?

       • Staring at walls to improve focus and productivity. I don't know, man. On one hand: whew, wow, wow. On the other: if it works? On the third: it's meditating

       • Beautiful: I just learned I only have months to live.

       

       Yes, these lines are drawn by hand (well: mouse). Each one. Every time. Yes, that got you, didn't it? Here's where you can subscribe:

   20. 🔗 r/reverseengineering "AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts rss

       submitted by /u/RasheedaDeals
       [link] [comments]

   21. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 release rss

       sync repo: +1 release
       
       ## New releases
       - [BinSync](https://github.com/binsync/binsync): 5.15.0
       

   22. 🔗 r/LocalLLaMA Qwen3.6-27B vs Coder-Next rss

       | Burned about 20 hours of side-by-side compute on my two RTX PRO 6000 Blackwells trying to get a definitive answer on which of these two models was clearly better. As with many things in life, after many tokens and kWhs later the answer was "it depends." These models in the aggregate are actually crazy well matched against each other — scoring similarly overall across a wide range of tests and scenarios, hitting and missing on different things, failing and succeeding in different ways. Across the 4 cells I ran at N=10, Coder-Next 25/40 ships, 27B-thinking 30/40 — statistically tied with overlapping Wilson CIs. On the face of that, it kind of makes sense. 27B is a later-gen dense model that's high on thinking. Coder-Next has roughly 3x the parameters to work with but only activates 3B at a time as it works. Depending on what you're trying to do, either could be the correct choice. Kind of interestingly, 27B with thinking disabled was the most consistent shipper of work — 95.8% across the full 12-cell grid at N=10 (Wilson 95% [90.5%, 98.2%]). Same model weights as 27B-thinking, just --no-think. A side-by-side hand-graded read on the both-ship cells found substantive output is preserved; the difference is verbosity of reasoning prose, not output decisions. The "thinking-trace as loop substrate" mechanism turned out to be real — the documented word-trim loop on doc-synthesis halves with no-think (4/10 → 2/10). 3.6-35B-A3B pretty much fell flat on its face so often for tasking that it didn't seem worth carrying on to keep comparing against the other two. Folder kept as failure-mode evidence. I tossed a lot of crazy stuff at these models over the course of a few days and kept my two GPUs very warm and very busy in the process. I jumped into this mainly because, for lack of a better term, I felt like the traditional benchmarks were being gamed. So I wanted to just chuck these guys in the dirt and abuse them and see what happened. Give them tasks they could win, tasks where they were essentially destined to fail, study how they won and failed and what that looked like. The most lopsided single result: Coder-Next 0/10 on a live market-research task where 27B was 8/10 (Wilson 95% [0%, 27.8%] for the Coder-Next collapse, reproducible). Inverse: Coder-Next ships 10/10 on bounded business-memo and doc-synthesis tasks at 60–100x lower cost-per-shipped-run than either 27B variant. Same models, very different shapes of "good at." There's a ton of data, I tried to make it easy to sort through, and right now this is all pretty much just about thoroughly comparing these two models. Either way, I'm sleepy now. Let me know your thoughts or if you have any questions, and the repo is below. I'll talk more about this when I'm not looking to pass out lol. https://github.com/Light-Heart-Labs/MMBT-Messy-Model-Bench-Tests submitted by /u/Signal_Ad657
       [link] [comments]
       ---|---

   23. 🔗 matklad Minimal Viable Zig Error Contexts rss

       Minimal Viable Zig Error Contexts

       May 3, 2026

       fn process_file(io: Io, path: []const u8) !void {
           errdefer log.err("path={s}", .{path});
       
           const fd = try Io.Dir.cwd().openFile(io, path, .{});
           defer fd.close(io);
       
           // ...
       }
       

       Out of the box, Zig provides minimal and sufficient facilities for error handling — strongly-typed error codes. Error reporting is left to the user. Idiomatic solution is to pass a Diagnostics out parameter (“sink”) to materialize human-readable strings as needed.

       Diagnostics pattern works well for “production” code, but for more script-y code it adds too much friction relative to the default option of a plain try fallible(), which of course gives a less than ideal message on failure:

       λ zig build
       error: FileNotFound
       ~/.cache/zig/p/../lib/std/Io/Threaded.zig:4866:35: 0x1044126c7 in dirOpenFilePosix (fail)
                               .NOENT => return error.FileNotFound,
                                         ^
       ~/.cache/zig/p/../lib/std/Io/Dir.zig:578:5: 0x104347d8b in openFile (fail)
           return io.vtable.dirOpenFile(io.userdata, dir, sub_path, options);
           ^
       ~/fail/main.zig:10:16: 0x10443da5f in f (fail)
           const fd = try Io.Dir.cwd().openFile(io, path, .{});
                      ^
       ~/fail/main.zig:6:5: 0x10443db47 in main (fail)
           try process_file(io, "data.txt");
           ^
       

       Error trace is helpful, but knowing which file is the problem is even more so.

       The first attempt at finding a middle ground between fully-fledged diagnostics sink pattern and a plain try is something like this:

       const fd = dir.openFile(io, path, .{}) catch |err| {
           log.err("failed to open file '{s}': {t}", .{path, err});
           return err;
       }
       

       Unsatisfactory. The friction is high, you need to come up with a reasonably- sounding error message, the “happy path” of the code is obscured, and you need to repeat this for every fallible operation.

       A worse-is-better version of the above code is

       errdefer log.err("path={s}", .{path});
       const fd = try dir.openFile(io, path, .{});
       

       That is, just log error context as key=value pairs, guarded by errdefer. The result is not pretty, but passable:

       λ zig build
       error: path=./data.txt
       error: FileNotFound
       ~/.cache/zig/p/../lib/std/Io/Threaded.zig:4866:35: 0x1044126c7 in dirOpenFilePosix (fail)
                               .NOENT => return error.FileNotFound,
                                         ^
       ~/.cache/zig/p/../lib/std/Io/Dir.zig:578:5: 0x104347d8b in openFile (fail)
           return io.vtable.dirOpenFile(io.userdata, dir, sub_path, options);
           ^
       ~/fail/main.zig:10:16: 0x10443da5f in f (fail)
           const fd = try Io.Dir.cwd().openFile(io, path, .{});
                      ^
       ~/fail/main.zig:6:5: 0x10443db47 in main (fail)
           try process_file(io, "data.txt");
           ^
       

       The friction is reduced a lot:

       • No need to come up with any error messages beyond existing variable names.
       • No need to change any of the trys.
       • The context is set per-block. If a function does several fallible operations on a file, the path needs to be specified only once.
       • The context is “telescopic” every function in the call-stack can add its own context.

       There’s one huge drawback though — the error message is logged, even if the error is subsequently handled. This is especially important in Zig 0.16, where cancelation (serendipitous-success) is a possible error for any IO-ing operation, and which is intended to be handled, rather than reported.

       ---

       Generalizing:

       • Happy path adds context to all operations in-progress.
       • Errors materialize current context.

       This does feel like a better error management strategy than decorating errors individually, when they happen. I wonder which language features facilitate this style?

3. May 02, 2026
   1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-05-02 rss

      IDA Plugin Updates on 2026-05-02

      New Releases:

      • binsync v5.15.0

      Activity:

      • binsync
        • 667ba599: bump
        • cf2712ac: UX rework (#521)
      • Flare-On
        • c076e8a8: Add Copilot Ch9 solution
      • python-elpida_core.py
        • 571d10f5: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T23:57Z
        • b2c8810a: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T23:36Z
        • 61258e7c: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T23:19Z
        • 5f377075: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T22:57Z
        • 39919049: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T22:36Z
        • d7ebf47a: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T22:19Z
        • e20890db: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T21:58Z
        • 81067ca3: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T21:39Z
        • 00fa11cc: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T21:21Z
        • 2a31da83: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T20:59Z
        • 72ab2d30: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-02T20:39Z
   2. 🔗 r/LocalLLaMA I made a visualizer for Hugging Face models rss

      | I built hfviewer.com, a small tool for visually exploring Hugging Face model architectures. You can paste a Hugging Face URL and get an interactive visualization of the architecture, which can make it easier to understand how different models are structured and compare them at a glance. Here is the recent Qwen3.6-27B model as an example: https://hfviewer.com/Qwen/Qwen3.6-27B And here is a side-by-side view of the Gemma 4 family: https://hfviewer.com/family/gemma-4 Feel free to try it out and give me feedback on how it can be improved! :) submitted by /u/Course_Latter
      [link] [comments]
      ---|---

   3. 🔗 r/Yorkshire Goathland is one heck of a beauty village.... rss

      | submitted by /u/leodis95
      [link] [comments]
      ---|---

   4. 🔗 r/Yorkshire Seabirds at Bempton Cliffs rss

      submitted by /u/DentistKitchen
      [link] [comments]

   5. 🔗 r/Leeds Charity scam around city centre “Educate and empower “ rss

      Idk if u guys have noticed but every few days theres a group of guys in blue jackets with educate and empower written on them that stop us asking for donations for special needs kids. It sounds super fishy to me as the council guy has stopped them often asw and they dont have any proof to show where the money we give them is going to and the website( https://educateempower.net )they show is really basic asw and just feels like a bunch of lies. Have you guys encountered them?

      Edit: people from other cities dmed me asw and said its happening there asw so
      im tagging the relevant cities.

      submitted by /u/Historical_Ad9327
      [link] [comments]

   6. 🔗 r/Yorkshire Scarborough Appreciation Post rss

      submitted by /u/lovebun2222
      [link] [comments]

   7. 🔗 r/reverseengineering How to build .NET obfuscator - Part II rss

      submitted by /u/kant2002
      [link] [comments]

   8. 🔗 r/Leeds Peregrine Falcoln babies are here! rss

      Im not sure if everybody in Leeds already knows this, but peregrine falcons have been nesting at Uni of Leeds Parkinson Building since 2018 on and off, and theres a live webcam feed on the University website!

      A few days ago, I saw she was sitting on about 4 eggs, and yesterday I saw babies!!

      Id encourage everyone to have a look, it's such a wholesome part of Leeds for me ♥️

      Hope links are allowed! https://sustainability.leeds.ac.uk/our- work/biodiversity/university-of-leeds-peregrines/peregrine-camera-2/

      submitted by /u/Kazekageshinobigaara
      [link] [comments]

   9. 🔗 sacha chua :: living an awesome life May 14: Sacha, Prot, and Philip Kaludercic Talk Emacs: Newcomer Experience rss

      Philip Kaludercic wanted to continue the conversation from YE24: Sacha and Prot Talk Emacs - Newbies/Starter Kits. He's spent a lot of time thinking about this as one of the main contributors to newcomers-presets, so there'll probably be much to cover!

      Watch on YouTube

      <2026-05-14 Thu 10:30>–<2026-05-14 Thu 10:30> (America/Toronto -0400) = Thu May 14 1030H EDT / 0930H CDT / 0830H MDT / 0730H PDT / 1430H UTC / 1630H CEST / 1730H EEST / 2000H IST / 2230H +08 / 2330H JST

      We'll probably talk about:

      • Emacs 31 or Emacs 32 directions towards improving the newcomer experience
      • How the newcomers presets fits into the bigger picture
      • Documentation and guides
      • How to get more feedback from newbies (virtual focus group? mailing list? office hours?)
      • Informal community resources
      • Other things we can do to help

      Related links:

      • A proposal for a "beginners" (user-option) theme - Philip Kaludercic
      • Re: some file-related options to consider for newcomers-presets - Philip Kaludercic
      • A newcomer's feedback on newcomer presets - Abdulnafe Toulaimat

      View Org source for this post

      You can e-mail me at sacha@sachachua.com.

   10. 🔗 r/LocalLLaMA Bruh rss

       | Do reporting bots even do anything? submitted by /u/Icy_Butterscotch6661
       [link] [comments]
       ---|---

   11. 🔗 r/Leeds Feeling lonely in Leeds rss

       Hi guys, I’m 23M and feeling a bit lonely in Leeds this weekend. I don’t really know anyone my own age here and with it being a long bank holiday, I’m starting to feel it a bit.

       Is there anything going on or anything you’d recommend for someone in my position so I’m not just sat at home? Appreciate any suggestions, thank you.

       submitted by /u/Solid_Antelope902
       [link] [comments]

   12. 🔗 sacha chua :: living an awesome life June 4: Emacs Chat with Ben Zanin (@gnomon@mastodon.social) rss

       On June 4, I'll chat with Ben Zanin about Emacs and life.

       Watch on YouTube

       • Ben Zanin (@gnomon@mastodon.social) - Mastodon: Robertson screwdriver owner, believer in the value of personal-scale computing and skeptic of the value of computing scales any larger than that
       • ~gnomon's git repositories

       <2026-06-04 Thu 10:30>–<2026-06-04 Thu 11:30> (America/Toronto -0400) = Thu Jun 4 1030H EDT / 0930H CDT / 0830H MDT / 0730H PDT / 1430H UTC / 1630H CEST / 1730H EEST / 2000H IST / 2230H +08 / 2330H JST

       This session will be recorded, and I'll update this blog post with notes.

       You can add the iCal for upcoming Emacs Chat episodes to your calendar. https://sachachua.com/topic/upcoming-emacs-chats.ics

       Find more Emacs Chats or join the fun: https://sachachua.com/emacs-chat

       View Org source for this post

       You can e-mail me at sacha@sachachua.com.

   13. 🔗 r/wiesbaden Kaiser Friedrich Therme rss

       Hat jemand den Kaiser Friedrich Therme ab besucht, kann mir sagen, wie es dort ist?

       Erwarte ich, dass alle völlig nackt sind, ohne die ganze Zeit ein Handtuch zu tragen, wie es in Friedrichsbad ist, oder ist es anders?

       submitted by /u/Neither-Garage-876
       [link] [comments]

   14. 🔗 r/reverseengineering libghidra - SDK for automating Ghidra from Python, Rust, and C++ rss

       submitted by /u/e80000000058
       [link] [comments]

   15. 🔗 r/Yorkshire Richmond Mayfest off to a sunny start rss

       | submitted by /u/Still_Function_5428
       [link] [comments]
       ---|---

   16. 🔗 r/reverseengineering Release: Open-source CAN bus reverse engineering suite tailored for offline ML signal decoding, MitM injection, and UDS analysis. rss

       submitted by /u/Repulsive_Factor5654
       [link] [comments]

   17. 🔗 badlogic/pi-mono v0.72.1 release

       No content.

   18. 🔗 r/LocalLLaMA We are finally there: Qwen3.6-27B + agentic search; 95.7% SimpleQA on a single 3090, fully local rss

       LDR maintainer here. Thanks to the strong support of r/LocalLLaMA community LDR got very far. I haven't reported in a while because I thought I was not ready for another prominent post in one of the leading outlets of Local LLM research.

       But I think the LDR community finally there again. I think it is finally time to report again.

       Setup

       • RTX 3090, 24GB
       • Ollama backend (qwen3.6:27b)
       • LDR's langgraph_agent strategy — LangChain create_agent() with tool-calling, parallel subtopic decomposition, up to 50 iterations
       • LLM grader: qwen3.6:27b self-graded (I have used opus to review examples and it generally only underestimates accuracy)

       Benchmarks (fully local LLM with web search)

       Model | SimpleQA | xbench-DeepSearch
       ---|---|---
       Qwen3.6-27B | 95.7% (287/300) | 77.0% (77/100)
       Qwen3.5-9B | 91.2% (182/200) | 59.0% (59/100)
       gpt-oss-20B | 85.4% (295/346) | –

       sample size is small, but the benchmarks were not rerun multiple times and you can see from the other rows that this is unlikely just chance. Full leaderboard: https://huggingface.co/datasets/local-deep-research/ldr- benchmarks

       Important framing — these are agent + search scores, not closed- book

       However, also note that these are similar benchmarks results to Perplexity Deep Research (93.9%), tavily (93.3%) etc. [Tavily forces the LLM to answer only from retrieved docs (pure retrieval test). Perplexity Deep Research is an end-to-end agent and discloses no grader or sample size. ]

       Even if our results where only 90% it would already be a great success.

       Also I can confirm from using it daily that these results feel consistent with my performance on random querries I do for daily questions.

       Caveats:

       • SimpleQA contamination risk on newer base models is real
       • LLM-judge noise + Sampling error
       • bench-DeepSearch is in chinese so an advantage for the chinese qwen models
       • No BrowseComp / GAIA numbers yet - But I also dont believe we are good at this benchmark yet. I will have to run some benchmarks to verify the current state

       The thing that surprised me:

       Results seem to track tool-calling quality more than raw size for local deep research. The langgraph_agent strategy hammers the model with multi- iteration tool calls, parallel subagent decomposition, and structured output — exactly the axis where the newer Qwen generations have improved most. Hypothesis only; if anyone wants to design an ablation we'd love the data.

       Some cool LDR features that I want to additionally highlight:

       • Journal Quality System (shipped v1.6.0) - academic source grading using OpenAlex, DOAJ. I haven't seen this anywhere else in the open-source deep-research space.
       • Per-user SQLCipher AES-256 DB (PBKDF2-HMAC-SHA512, 256k iterations) — admins can't read your data at rest. No password recovery; we don't hold the keys.
       • Zero telemetry. no telemetry, no analytics, no tracking.
       • Cosign-signed Docker images with SLSA provenance + SBOMs.
       • MIT licensed. Everything open source

       Repo: https://github.com/LearningCircuit/local-deep-research

       Happy to share strategy configs, help reproduce the Qwen runs

       Thanks to all the academic and other open source foundational work that made this repo possible.

       submitted by /u/ComplexIt
       [link] [comments]

   19. 🔗 tomasz-tomczyk/crit v0.10.4 release

       What's Changed

       Resizable sidebars

       The file-tree panel and the comments panel both have drag handles on their inner edge. Widths persist across runs (consolidated into a single crit- settings cookie alongside the other UI prefs).

       • feat: resizable file-tree and comments-panel sidebars by @tomasz-tomczyk in #422 — Thanks @hbogaeus for suggesting!

       General

       • feat: print "Next round" command on review exit + restructure agent prompts by @tomasz-tomczyk in #421
       • feat: consolidate settings cookies, restore update dismiss by @tomasz-tomczyk in #418
       • docs: add SECURITY.md by @tomasz-tomczyk in #420
       • fix: confirm before discarding non-empty comment draft on Escape by @tomasz-tomczyk in #415
       • fix: prevent review comment form re-opening pre-populated after submit by @tomasz-tomczyk in #419
       • fix: skip stack autodetect in file mode; remove CRIT_NO_AUTODETECT by @tomasz-tomczyk in #423
       • fix: route crit comment --json bulk to alt review file by reply ID by @tomasz-tomczyk in #424

       Internal refactors

       • chore(deps-dev): bump eslint from 10.2.1 to 10.3.0 by @dependabot in #416
       • chore(deps-dev): bump stylelint from 17.9.0 to 17.9.1 by @dependabot in #417

       Full Changelog : v0.10.3...v0.10.4

   20. 🔗 r/york What kind of solicitor do I need and can you recommend one. rss

       I want to leave my partner in the house I own and buy another one. I’m thinking to put my house in a trust for my children. I don’t know who to consult

       submitted by /u/ExtensionPrice3535
       [link] [comments]

   21. 🔗 r/york Lgbtq football team- rss

       Im moving to york soon and im thinking of setting up an LGBTQ football team/league.

       Start of small and just try get enough people to have a kick about a week.
       If we can grow it then make smaller 7 a-side teams and get a league going?

       Would anyone be interested if i get the ball rolling?

       submitted by /u/Total_Bed_3882
       [link] [comments]

   22. 🔗 r/LocalLLaMA A Dark-Money Campaign Is Paying Influencers to Frame Chinese AI as a Threat rss

       |

       Build American AI, a nonprofit linked to a super PAC bankrolled by executives at OpenAI and Andreessen Horowitz, is funding a campaign to spread pro-AI messaging and stoke fears about China.

       So Local LLM is important .... always! Need to support who giving us more Open source & weights. Last month, Half of the open models came from there only. submitted by /u/pmttyji
       [link] [comments]
       ---|---

   23. 🔗 r/Leeds Comic & Gaming stores in Leeds centre. rss

       I used to be a regular in Leeds but aside from a couple of quick stops I haven't had a good wander in maybe fifteen years so whilst I can still find my way around I have no idea what's there.

       My sister asked me late last night if I could take my nephew into town for Free Comic Book Day as she's working so I was wondering if anybody could give me a list of comic and gaming stores in the city centre.

       Thanks!

       submitted by /u/RetroSquadDX3
       [link] [comments]

   24. 🔗 Probably Dance Apple is Holding my Pictures Hostage Until I Accept Their New Terms of Service rss

       It started off a few months ago, when my iPad suddenly couldn't play videos any more that it had recorded. It would show the first frame, but hitting the play button wouldn't do anything. I googled around but couldn't find anything. I had recently installed an update, so I figured I'll just wait for the next update to fix things.

       But the next update didn't fix things, and it turns out the reason is actually a little dystopian: Apple has deleted my local copies of my videos and will only give them back if I sign their new terms of service.

       You may have noticed that the preview pictures in the video above are often blurry. Soon after this, the pictures on my iPad also started looking oddly blurry. Eventually we noticed a little info icon next to the pictures that, when tapped, says "Unable to Load Photo. An error occured while loading a higher quality version of this photo."

       

       What is it talking about? Why would the thumbnail load but the full picture doesn't? But at least this is a message I can google for. I need to change the "iCloud -> Photos" settings to "Download and Keep Originals."

       I never paid for Apple's iCloud service so I am a little surprised that not only were my pictures uploaded, the local copy was deleted. Here is a picture of the storage in my iPad:

       

       See that yellow bar for "Photos"? It's almost not there because my local photos were almost all deleted.

       This scared me. I knew I should have backed these up… Google said I should go to the "iCloud" settings but those are grayed out, untappable:

       

       Since I never paid for iCloud, this is not too surprising, but what do I do now? I start by installing updates. That doesn't help, but eventually I find the right spot:

       

       So I agreed to the new terms of service. And as soon as I do, my videos are back. I immediately turn on the setting to keep a local copy of all my photos and videos.

       Are they Allowed to Do this?

       I obviously didn't read the new terms of service before accepting them. They're long. I asked Claude if they say anything about holding my pictures hostage, but there is no clear sentence saying they can withhold the content when they update their terms of service. They only say that they can

       1. change the terms of service with 30 days notice (Section I.E, "Changing the Service")
       2. terminate my service if I violate the agreement (Section VII.B, "Termination by Apple")
       3. ban me if my use of the service "intentionally or unintentionally threatens Apple’s ability to provide the Service" (Section I.C, "Limitations on Use")
       4. take "steps" they believe are "reasonably necessary or appropriate" to enforce compliance with any part of the agreement. (Section V.E, "Access to Account and Content")
       5. may remove the service "for indefinite periods of time", or cancel the service "in accordance with the terms of this agreement" (Section IX, "DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY")

       Number 1 happened, they didn't do number 2 or number 3 here. Number 4 might apply superficially, because they want to force me to sign the new agreement, but I didn't break any terms of the version of the agreement that I actually agreed to. But maybe none of that actually matters because number 5 says they are free to not provide the service anyway. But on the other hand "in accordance with the terms of the agreement" should mean that they're limited by the previous terms (though I'm not a lawyer).

       So neither Claude nor me sees anything here that says they can block access to my videos until I sign the new terms of service. In particular the "Access to Account or Content" section is really weak, which makes me think they're not allowed to block me from my own videos.

       In theory.

       In practice I signed the new agreement like everyone else, because what's supposed to happen if they do something that they're not allowed to do according to their own agreement? That's just how this works. The agreement limits me, not them.

       So What Evil Thing Happened Here?

       It's hard to say which act exactly led to this dystopian setting where a company can make a copy of your picture, delete the originals, put a new agreement in front of you, and force you to agree to it in order to get your pictures back. But what exactly is the evil thing? Every individual step was not so bad:

       • They upload the pictures to iCloud even though I didn't sign up.
         • They always give you 5GB for free so might as well use them to have a backup of your photos. That's probably a good thing to do, because people (like me) are irresponsible and don't do backups on their own.
       • They delete local pictures by default.
         • This is probably very useful for people who have lots of online storage, more than they have space on their iPad.
       • They don't allow you to use iCloud if you don't agree to the new Terms of Service.
         • What else are you supposed to do? According to their own agreement they probably have to still provide access to the pictures, but that seems hard.
       • Repeatedly force you to agree to new Terms of Service that are too long for any sane person to read
         • South Park did an episode about this, but the new terms of service are probably not bad and they probably made changes for a reason.
       • Ship a locked down device where you can't run arbitrary software and regularly have to install updates and which automatically does weird things like the above.
         • Yeah there's definitely a bit of "Stallman was right" here. In particular I probably would have done backups already if I could run my normal backup software on there. But that's a terminal app and I don't think I can ssh onto an iPad.

       I don't know. None of these are really evil. I can see good people doing these things for not bad reasons. And nothing really bad happened here. I just had to tap "I Agree" to some agreement that I didn't read. But it sure doesn't feel good. I thought you'd at least get a warning before buying the device: "This device may delete your pictures. We'll make a copy and promise to give them back as long as you agree to all future terms of service."

       Also what's the lesson for me personally, if I want to not be evil? Which of the above things should I refuse to do? Every individual step isn't so bad. I guess you have to notice the patterns, notice when other people think what you're doing is bad (FSF, South Park), and then actually take that seriously, not just dismiss it…

       And what should Apple do? Obviously they should allow access to the pictures and videos even if I haven't signed the new agreement. That small step would move them from "dystopian" back into good territory. But I do notice that they have already walked into a part of the good territory where it's very narrow and small missteps move you into bad areas…

       Will this change my behavior in any way? I already don't buy most apple products, precisely for the "walled garden" reason. I have this iPad and that's it. I'll try to not buy more.

   25. 🔗 Julia Evans Testing Vue components in the browser rss

       Hello! One of my long term projects on here is figuring out how to write frontend Javascript without using Node or any other server JS runtime.

       One issue I run into a lot in my frontend JS projects is that I don't know how to write tests for them. I've tried to use Playwright in the past, but it felt slow and unwieldy to be starting these new browser processes all the time, and it involved some Node code to orchestrate the tests.

       The result is that I just don't test my frontend code which doesn't feel great. Usually I don't update my projects much either so it doesn't come up that much, but it would be nice to be able to make changes with more confidence! So a way to do frontend testing that I like has been on my wishlist for a long time.

       idea: just run the tests in the browser tab

       Alex Chan wrote a great post a while back called Testing JavaScript without a (third-party) framework in response to one of my previous posts in this series that explained how to write a tiny unit-testing framework that runs in a page in browser.

       I loved this post at the time, but it only talked about unit testing and I wanted to write end-to-end integration tests for my Vue components, and I didn't know how to do that.

       So when I was talking to Marco the other day and he said something like "you know, you can just run tests for your Vue components in the browser", I thought "hey, I should try that again!!!"

       I just did all of this yesterday so certainly there's a lot to improve but I wanted to write down a few things I noticed about the process before I forget.

       This was a bit tricky for me because the Vue site usually assumes that you're using Node as part of your build process in some way (there's a lot of "step 1: npm install THING), and I didn't want to use Node/Deno/etc. But it turned out to not be too complicated.

       The project I'm going to talk about testing is this zine feedback site I wrote in 2023.

       the test framework: QUnit

       I used QUnit. It worked great but I don't have anything interesting to say about how it works so I'll leave it at that. I think that Alex's "write your own test framework" approach would have worked too. I followed these directions.

       I did appreciate that QUnit has a "rerun test" button that will only rerun 1 test. Because there are so many network requests in my tests, having a way to run just 1 test makes it a lot less confusing to debug the test.

       step 1: set up the component for testing

       The first thing I needed to do was get my Vue components set up in the test environment.

       I changed my main app to put all my components in window._components, kind of like this:

       const components = {
         'Feedback': FeedbackComponent,
         ...
       }
       window._components = components;
       

       Then I was able to write a mountComponent function which does basically exactly the same thing my normal main app does (render a tiny template with the component I want to use). The only differences are:

       1. I can optionally pass some some extra data to use as its props.
       2. It mounts the component to a temporary invisible div which will get removed from the DOM after the test is done. The div is positioned off the page (position: absolute; top: -10000, ...) so you can't see it.

       Here's what using the mountComponent function looks like:

       const {div} = mountComponent(
         '<Page :feedbacks="feedbacks" id=2 />',
         {feedbacks: [testFeedback]},
       );
       

       and here's the code for it:

       function mountComponent(template, data) {
         const app = Vue.createApp({
           template: template,
           data: () => data,
         })
         for (const [c, v] of Object.entries(window._components)) {
           app.component(c, v);
         }
         const div = document.getElementById('qunit-fixture')
                    .appendChild(document.createElement('div'));
         return div;
       }
       

       The result is a div where I can programmatically click, fill in form data, check that the right content appears, etc.

       step 2: add some fixture data

       Because I was writing end-to-end integration tests to make sure my client JS worked properly with my server, I needed to have some test data in my database. So I wrote ~25 lines of SQL to set up some test data in my database, and added an endpoint to my dev server to run the SQL to reset the test data to a known state.

       async function reset() {
           return fetch('/api/reset_test_data', {method: "POST"})
       }
       

       Then I just run await reset() at the beginning of any test that needs the test data.

       My reset() function actually doesn't always totally reset everything which is kind of bad, but it was workable to start with and can always be improved.

       step 3: a basic test

       Here's what a basic test looks like! Basically we're rendering the div and make sure it contains some approximately correct data.

       QUnit.test('renders feedback content', async function (assert) {
         const {div} = mountComponent(
           '<Page :feedbacks="feedbacks" id=2 image=2 page_hash=2 />',
           {feedbacks: [testFeedback]},
         );
         assert.ok(div.textContent.includes('loved this section'));
       })
       

       Those are all the basic pieces! Now here are a few issues I ran into along the way

       waiting for parts of the page to render

       I have a lot of network requests in my tests, and it takes time for them to finish and for the Vue code to do what it has to do with the results and update the DOM.

       I think we all learned a long time ago that putting random sleep() calls in your tests and hoping that the timings are right is slow and flaky and extremely frustrating, so I needed a different way.

       As far as I can tell the normal way to deal with this is to figure out a way to tell from the DOM whether it's okay to proceed or not. Like "if this button is visible, we can ".

       So I wrote a little waitFor() function that polls every 20ms to see if a condition has finished yet. It times out after 2 seconds.

       Here's what using it looks like:

       QUnit.test("click item", async function (assert) {
         const {div} = mountComponent(
           '<Feedback zine_id="test123" image_width="800px" />',
           {});
         const item = await waitFor(() => div.querySelector('.feedback-item'));
         item.click();
         // rest of test goes here... 
       })
       

       It looks like there are a lot of implementations of this concept out there and they're all better thought-through than mine. (from a quick Google: qunit- wait-for, playwright expect.poll)

       figuring out the right thing to wait for is not straightforward

       In some cases I thought I'd identified the right thing to wait for in the DOM ("just wait for this textarea to appear!') but it turned out that because of some internal details of how my program works, actually I needed to wait for something else later on which was hard to pin down.

       I ended up changing one of my components to add some random value to the DOM when it was finished an important action (like data-this-thing-is- ready=true) which didn't feel great.

       My best guess is that the right way to fix this kind of test issue is a refactor that also makes the app more reliable for the users: if there's an element in the DOM that isn't actually ready for the user to interact with, maybe I shouldn't be displaying it yet!

       adding some CSS classes to identify things (but is that right?)

       I ended up adding a few classes to HTML elements that I needed to find in the tests, either because I needed to click on them or wait for them to appear in the DOM.

       I might want to change this approach later - frontend testing frameworks seem to suggest avoiding using CSS classes and instead using something like getByRole or as a last resort something like a data- testid. Feels like there's a way to make the app more accessible and easier to test at the same time.

       filling out forms is tricky

       To fill out a form, I can't just set the value, I also need to dispatch an event to tell Vue that the element has changed. For example, checkbox and textarea need different kinds of events.

       textarea.value = 'banana banana banana';
       textarea.dispatchEvent(new Event('input'));
       
       
       
       checkbox.checked = true;
       checkbox.dispatchEvent(new Event('change'));
       

       This is kind of annoying and it made me realize why I might want to use some kind of UI testing library, for example:

       • Testing Library's example of filling out a form looks extremely different from what I'm doing
       • Vue Test Utils: their section on form handling looks like it simplifies this a lot.

       test coverage

       I want to have an idea of what my test coverage was, and it turns out that Chrome actually has a built-in code coverage feature for JS and CSS!

       My JS is bundled into a file called bundle.js with esbuild, so I could just look at bundle.js and see which lines weren't covered.

       The process was a little finicky: I had to turn off sourcemaps in the Chrome devtools to get this to work, and there's a specific not super obvious series of actions I have to do in order to see the coverage data.

       this was so fun!

       As usual with these posts I've never really worked as a frontend or backend developer (other than for myself!) and I feel like I'm constantly learning how to do super basic tasks.

       I really had a blast doing this. My frontend projects always feel so fragile because they're untested, and maybe one day I'll have a test suite I'm confident in!

       Some things I'm still thinking about:

       • While writing this post I found this frontend testing library called Testing Library that has a lot of guidelines for how to write tests that are very different from my initial ideas. I experimented with rewriting everything to use Testing Library and it felt pretty good, so we'll see how that goes. They distribute a .umd.js file that works without Node.
       • I'm not sure how I feel about not having a way to run these tests on the command line at all. Maybe there's a simple way to work primarily in the browser but have an way to run them in CI too if I want?
4. May 01, 2026
   1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-05-01 rss

      IDA Plugin Updates on 2026-05-01

      New Releases:

      • twdll v0.5.0

      Activity:

      • augur
        • bc3811f9: chore: update dependencies
      • haruspex
        • bae06e05: chore: update dependencies
      • idamcp
        • feee6987: change priority
      • playlist
        • 77aa1304: damm
      • python-elpida_core.py
        • e027e52e: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T23:49Z
        • 8749b650: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T23:28Z
        • ac41a7a3: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T23:04Z
        • 25d0d305: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T22:41Z
        • f02f22f5: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T22:22Z
        • 4cfc24de: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T21:58Z
        • 80c9bc28: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T21:35Z
        • dc754a62: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T21:12Z
        • f021ac53: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T20:52Z
        • 63f8871f: [HERMES-ROUTED] Phase 3 routing artifact 2026-05-01T20:30Z
      • rhabdomancer
        • bd028753: chore: update version
        • f01acb0b: chore: update dependencies
      • space-reversing
        • 14ba3ca9: Update DataCore script RVAs and refactor struct parsing
      • twdll
        • 90c93dd6: chore(readme): add info about releasing
        • a3d53799: release: 0.5.0
        • c4271a91: refactor!: cleanup the project into what it was initially - clear min…
   2. 🔗 badlogic/pi-mono v0.72.0 release

      New Features

      • Xiaomi MiMo Token Plan provider - New Anthropic-compatible provider with XIAOMI_API_KEY auth, default model (mimo-v2.5-pro), and /login display. See docs/providers.md. (#4005 by @Phoen1xCode).
      • Model thinking level metadata - Models can now declare which thinking levels they support via thinkingLevelMap, replacing the old reasoningEffortMap. See docs/models.md#thinking-level-map and docs/custom-provider.md. (#3208).
      • Custom provider base URL overrides - pi.registerProvider() now respects per-model baseUrl settings. See docs/custom-provider.md. (#4063).
      • Post-turn stop callback - Agent loop can now exit gracefully after a completed turn via shouldStopAfterTurn. See packages/agent/README.md.
      • Self-update detection fix - pi now correctly identifies and applies available updates. (#3942, #3980, #3922).

      Breaking Changes

      • Replaced compat.reasoningEffortMap in models.json and pi.registerProvider() model definitions with model-level thinkingLevelMap (#3208). Migration: move old mappings from compat.reasoningEffortMap to thinkingLevelMap. Use string values for provider-specific thinking values and null for unsupported pi levels that should be hidden and skipped by cycling. See docs/models.md#thinking-level-map and docs/custom-provider.md.

      Added

      • Added Xiaomi MiMo Token Plan provider support with XIAOMI_API_KEY, default model resolution, /login display support, and provider documentation (#4005 by @Phoen1xCode).
      • Added model-level thinkingLevelMap support in models.json and pi.registerProvider(), allowing models to expose only the thinking levels they actually support (#3208).
      • Added shouldStopAfterTurn agent loop callback for post-turn stop control, inherited from @mariozechner/pi-agent-core. See packages/agent/README.md.

      Fixed

      • Fixed pi.registerProvider() to honor per-model baseUrl overrides (#4063).
      • Fixed self-update detection so pi correctly identifies when a newer version is available and applies updates (#3942, #3980, #3922).
   3. 🔗 r/Harrogate Cat flap fitting? rss

      Does anyone have any recommendations for a local glazier/window company who would fit a new cat flap into a sliding patio door please?

      submitted by /u/purte
      [link] [comments]

   4. 🔗 r/york Where to get complicated acrylic nails ? rss

      | Forgive the screenshots my download doesn’t work. I am looking to get acrylic nails done but everywhere I’ve been they simply my designs. Recs ? submitted by /u/jskdjjdjdjd
      [link] [comments]
      ---|---

   5. 🔗 r/Leeds final straw rss

      Been applying for jobs since i moved to Leeds in November 25’ to come live with my girlfriend and get our own apartment,

      The only jobs that have been calling me back have been agency temp work for manual handling jobs like Waste operative or Warehouse operative, only needing me for 2 to 3 shifts then saying they dont need me anymore or that my assignment is suddenly finished,

      Have previous experience for 6 months as a Accounts Payable Admin and other fast food and hospitality experience at mcdonalds from my teenage years.

      Can anybody help me find a way to get my foot through the door and get an employment contract thats not temp or agency work?? I will literally do robot work, help me dm anyone please its coming up on half a year with no solid job security and im about to start applying for JSA and UC cause my savings are running out

      submitted by /u/BeingRemarkable2117
      [link] [comments]

   6. 🔗 r/Yorkshire Another Now and Then rss

      submitted by /u/Still_Function_5428
      [link] [comments]

   7. 🔗 r/Yorkshire Rievaulx Abbey rss

      | a few pics from my brief visit today, it probably says much about me that I was fascinated by the drain... submitted by /u/buster1bbb
      [link] [comments]
      ---|---

   8. 🔗 r/reverseengineering Why my macOS Messages badge lied to me (and the one-line fix) rss

      submitted by /u/dado3212
      [link] [comments]

   9. 🔗 @binaryninja@infosec.exchange Do you remember how we got here? Because I don't. Join us at 4pm ET today mastodon

      Do you remember how we got here? Because I don't. Join us at 4pm ET today where we'll be writing a reverser's reflog plugin for Binary Ninja: https://www.youtube.com/live/oBzBMGJGC8E

      With a chance of some exciting announcements 👀

   10. 🔗 r/wiesbaden Pubs that show F1 races live? rss

       Hello everyone,

       as the title suggests, could anyone tell me if there are any good pubs where I can go and watch live F1 races?

       Thank you.

       submitted by /u/Orph3us_151
       [link] [comments]

   11. 🔗 r/reverseengineering Running Adobe’s 1991 PostScript Interpreter in the Browser rss

       submitted by /u/tnavda
       [link] [comments]

   12. 🔗 r/reverseengineering Hello! Here is my Oura Ring 4 pure Python driver! Let me know what you think :) rss

       submitted by /u/Expensive-Medium7425
       [link] [comments]

   13. 🔗 r/LocalLLaMA PFlash: 10x prefill speedup over llama.cpp at 128K on a RTX 3090 rss

       | Hey fellow Llamas, thank you for all the nice words and great feedback on the last post I made. We have something new we thought would be useful to share. As always your time is precious, so I'll keep it short. We built speculative prefill for long-context decode on quantized 27B targets, C++/CUDA only. A small drafter loaded in-process scores token importance over the full prompt; the heavy target only prefills the spans that matter. Repo: github.com/Luce-Org/lucebox-hub (open source, MIT). Head-to-head on Qwen3.6-27B Q4_K_M, RTX 3090, single-shot: 24.8 s TTFT vs ~257 s for vanilla llama.cpp = ~10.4× at 128K (and 13.5 s vs 134.95 s = 10.0× at 64K), with NIAH retrieval preserved end-to-end. No Python, no Triton, no PyTorch in the inference loop. The problem Q4_K_M Qwen3.6-27B on a 24 GB 3090 decodes fast (~74 tok/s with DFlash spec decode), but prefill scales O(S²). On a 131K-token prompt, vanilla llama.cpp takes 248.4 s cold (llama-bench pp131072 --no-warmup -r 1, 527.6 tok/s). That is 4.1 minutes staring at a blank screen before the first token. Decode is fast, but the wait kills the UX. Warmed steady-state is better (169.3 s at 128K) but still painful, and grows quadratically as you push context. Standing on shoulders This work stands on two recent papers, both excellent reads:

       • Speculative Prefill (Liu et al, arXiv 2502.02789) and Cross-Family Speculative Prefill (SambaNova, ICLR 2026). Insight: a small draft model's attention pattern over a long prompt faithfully predicts which tokens matter for the answer. Run the draft, score per-token importance, keep the top spans, drop the rest.
       • FlashPrefill (Fan et al, 2026). Block-sparse attention so the drafter itself does not pay O(S²) at 128K.
       • mit-han-lab/Block-Sparse-Attention (BSA) for the FA-2-derived sm_80+ sparse forward.
       • ggml / llama.cpp for the runtime. We link libggml*.a and never libllama.

       Our contribution is the C++/CUDA composition of these two algorithms, in- process, on a 24 GB consumer card. As far as we are aware, the two papers had not been combined in an open implementation before. What we built

       • In-process composition. Drafter forward (custom Qwen3-0.6B BF16 ggml graph), FlashPrefill scoring, sparse attention, target prefill, and DFlash spec decode all run in one C++/CUDA process sharing one ggml allocator. No subprocess, no IPC, no Python, Triton, or PyTorch in the inference loop.
       • CUDA port of FlashPrefill. The reference (qhfan/FlashPrefill) is Triton. We wrote 4 CUDA kernels from scratch (mean_K, score, select, sparse_fwd) and dispatched the sparse forward through mit-han-lab/Block-Sparse-Attention. BSA ships as a libtorch C++ extension; pulling 2 GB of libtorch into a 24 GB inference loop was a non-starter, so we wired it in via a 3-header ATen/c10 stub set under dflash/deps/bsa_stubs/.
       • 24 GB memory orchestration. Drafter (1.3 GB weights + KV + ~600 MB BSA scratch at 128K) and the DFlash daemon (15 GB target + 3 GB draft + 3 GB KV) do not coexist on a 3090. The daemon parks, unparks, and frees weights between stages over a stdin protocol; ~3 s per request, makes the whole pipeline fit on a single consumer card.

       Setup bash

       # clone with submodules (pulls llama.cpp/ggml + Block-Sparse-Attention) git clone --recurse-submodules https://github.com/Luce-Org/lucebox-hub cd lucebox-hub/dflash # build dflash + BSA kernel (sm_80+, ~10 min cold compile pulls cutlass) cmake -B build -S . -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_CUDA_ARCHITECTURES=86 \ -DDFLASH27B_ENABLE_BSA=ON cmake --build build --target test_dflash test_flashprefill_kernels -j # fetch weights (target + drafter + spec-decode draft) huggingface-cli download unsloth/Qwen3.6-27B-GGUF Qwen3.6-27B-Q4_K_M.gguf --local-dir models/ huggingface-cli download Qwen/Qwen3-0.6B model.safetensors tokenizer.json --local-dir models/drafter/ huggingface-cli download z-lab/Qwen3.6-27B-DFlash --local-dir models/draft/ # bench cd ../pflash && pip install -e . python tests/niah_gen.py --n 1 --ctx 131072 --out /tmp/niah_128k.jsonl python tests/bench_niah_cpp.py \ --bin ../dflash/build/test_dflash \ --target ../dflash/models/Qwen3.6-27B-Q4_K_M.gguf \ --draft ../dflash/models/draft/model.safetensors \ --drafter-gguf ../dflash/models/drafter/qwen3-0.6b.gguf \ --cases /tmp/niah_128k.jsonl --keep-ratio 0.05
       

       Numbers Single-shot on RTX 3090, Qwen3.6-27B Q4_K_M target, q4_0 KV, DFLASH_FP_USE_BSA=1 DFLASH_FP_ALPHA=0.85 keep_ratio=0.05. NIAH single-needle as the end-to-end retrieval check. Baseline is vanilla llama.cpp with default f16 KV (apples-to-oranges on KV; q4_0 KV costs ~3% AL at short context, 8.56 to 8.33, benchmarked). | Context | PFlash TTFT | llama.cpp cold | Speedup (cold) | llama.cpp warmed
       ---|---|---|---|---
       64K | 13.5 s | 134.95 s | 10.0x | (smaller)
       128K | 24.8 s | 248.4 s | 10.0x | 169.3 s

       These are cold-cache numbers (first request after process boot). Warmed-vs- warmed is a smaller multiplier because llama.cpp settles into ~169 s at 128K once caches are hot. Both numbers are real and the right one depends on your workload; if you keep an engine resident, use warmed.

       Decode after prefill is the standard DFlash spec-decode path with DDTree (~74 tok/s sustained on Qwen3.6-27B Q4_K_M).

       Quality

       NIAH single-needle (magic-key + 7-digit answer randomly placed in filler) retrieved at every context tested from 32K through 128K, keep_ratio=0.05, DFLASH_FP_ALPHA=0.85.

       Honest flag: NIAH single-needle is a structurally easy probe for an attention- based selection method like ours, since the algorithm is well-suited to finding a single high-attention span. RULER and NIAH multi-needle are next on the list; a fair audit should wait for those numbers.

       Why the stack works

       Speculative prefill solves a quality problem: how do you compress without losing the answer-relevant content? FlashPrefill solves a speed problem inside the drafter step: how do you make the drafter fast enough at 128K that it doesn't become the bottleneck. They compose cleanly because the target side (DFlash spec decode) is unchanged; it just receives a much shorter prompt with full attention enabled.

       At 128K, drafter scoring is now the dominant cost (~12 s of the 24.8 s TTFT). Target prefill on the compressed ~6.5K survivors is ~10 s; the remaining ~3 s is the park/unpark/free dance. The next obvious lever is a smaller or distilled drafter, which we have not done yet.

       Tuning

       bash

       DFLASH_FP_USE_BSA=1 # dispatch sparse FA forward through BSA (sm_80+, required for 10x) DFLASH_FP_ALPHA=0.85 # block-selection threshold; higher = stricter = fewer K-blocks per Q-row DFLASH_FP_PROFILE=1 # log per-stage timings (mean_K / score / select / forward)
       

       keep_ratio=0.05 is the default. 0.02 cuts target prefill from ~10 s to ~3 s but starts losing the needle. DFLASH_FP_ALPHA=0.99 cuts ~1 s at 128K with a small NIAH-margin loss. Calibration territory.

       Any feedback is more than welcome!

       submitted by /u/sandropuppo
       [link] [comments]

   14. 🔗 r/Leeds New documentary on Garforth Town rss

       Hello all, I've just released my documentary on local team Garforth Town. They're based just outside Leeds. Hopefully you enjoy it: https://youtu.be/WryaDtTBaDM

       submitted by /u/Norde_Polar_Films
       [link] [comments]

   15. 🔗 tomasz-tomczyk/crit v0.10.3 release

       What's Changed

       PR-scoped and commit-range review

       crit pr 1234 opens the PR diff scoped to the layer you're reviewing, with a stack popover for hopping between branches in the chain. crit --range A..B does the same for any commit range. The popover surfaces the default branch as a non-interactive root marker and lists every reachable tip with full-stack vs layer scope toggles, so reviewing a stacked diff feels like reviewing a single PR.

       • feat: PR-scoped and commit-range review (#300) by @tomasz-tomczyk in #391 (Thanks @omry for the suggestion!)

       Review-level comments

       General feedback that doesn't belong on a specific line now lives in a dedicated "Review conversation" section. Add, reply, edit, resolve - same threading model as line comments, but for the review as a whole. Drafts you're typing survive sibling state changes (adding a reply elsewhere no longer wipes your in-progress comment).

       • feat: give review-level comments a real conceptual home by @tomasz-tomczyk in #405 (Thanks @omry for the suggestion!)

       Fixes

       • fix: prefer origin/ as diff base over stale local branch by @tomasz-tomczyk in #397 (Thanks @TheCoreMan for reporting!)
       • fix: persist verified user_id on auth login by @tomasz-tomczyk in #393
       • fix: thread resolved share URL into lazyBackfillAuthUserID by @tomasz-tomczyk in #398
       • fix: bulletproof external diff isolation (#380) by @tomasz-tomczyk in #409 (Thanks @TheCoreMan for reporting!)
       • fix: require c keypress to comment on selection (#408) by @tomasz-tomczyk in #411 (Thanks @ewgdg for the suggestion!)
       • fix: patch hljs markdown grammar and re-enable for diff view by @tomasz-tomczyk in #388 (Thanks @hbogaeus for reporting!)

       Documentation

       • docs(integrations): mention markdown in replies; print URL on daemon start by @tomasz-tomczyk in #401 (Thanks @hbogaeus for the suggestion!)
       • docs: surface crit pr subcommand and --scope/--remote in printHelp by @tomasz-tomczyk in #412

       Internal refactors

       • chore: post-release audit fixes (Go backend) by @tomasz-tomczyk in #389
       • chore: post-release audit fixes (frontend) by @tomasz-tomczyk in #390
       • refactor: return errors from installAider; unify integration list by @tomasz-tomczyk in #394
       • chore: wire markdown-patch smoke test into CI by @tomasz-tomczyk in #395
       • ci: run nix build check on PRs by @tomasz-tomczyk in #396 - Thanks @vereis for reporting!
       • test: add selfhosted+OAuth integration test suite by @tomasz-tomczyk in #400
       • ci: fix invalid codecov.yml so status checks wait for all uploads by @tomasz-tomczyk in #402
       • test: integration test for review-level reply round-trip by @tomasz-tomczyk in #407
       • test: stabilize range-mode popover tests against async render by @tomasz-tomczyk in #410
       • refactor: clean up frontend dead code and fix review:new draft loss by @tomasz-tomczyk in #413

       Full Changelog : v0.10.2...v0.10.3

   16. 🔗 r/Yorkshire Yorkshire Dales✨I finally visited this place🥹 rss

       | submitted by /u/No_Donut1433
       [link] [comments]
       ---|---

   17. 🔗 r/Leeds Has anybody had anything delivered by the ubereat robots? rss

       How was the experience?

       I see them all the time on my walk home and I think if I got something delivered to my door from one of those. I'd never order from that place again. They're slow and get stuck regularly

       submitted by /u/Empty-Sleep-9770
       [link] [comments]

   18. 🔗 badlogic/pi-mono v0.71.1 release

       Added

       • Added websocket-cached to the transport setting options for the OpenAI Codex provider used with ChatGPT subscription auth. This keeps the same WebSocket open for a session and, after the first request, sends only the new conversation items instead of resending the full chat history when possible.
   19. 🔗 r/wiesbaden Morgen Retro Game Messe in Mainz rss

       Moin Leute,

       einige von uns haben uns unter einem anderen Beitrag für morgen für die Retro Game Messe in Mainz verabredet.

       Infos:

       https://www.messen.de/de/22886/mainz/retrogamescon-mainz/info

       https://retrogamescon.de

       02.05 (Samstag)

       Einlass 11 Uhr – Ende 16 Uhr

       altes Postlager direkt am Hbf

       Wir treffen und 13 Uhr am Eingang.

       Wer Lust hat ist eingeladen mitzukommen.

       submitted by /u/JohnTheMonkey2
       [link] [comments]

   20. 🔗 r/york The Shambles, York is well preserved! rss

       | submitted by /u/Seabeachlover10
       [link] [comments]
       ---|---

   21. 🔗 r/Leeds Alternative Real Ale Trail rss

       I did an alternative Real Ale Trail yesterday from Leeds, with four old Rugby mates to celebrate retirement. Cracking afternoon if you are looking for a different rail route.

       Train from Leeds to Saltaire (get a return to Gargrave) then:

       Saltaire - Salt Beer Factory

       Bingley - Engine Room

       Keighley - Boltmakers Arms

       Skipton - The Boat House Bar

       Gargrave - Masons Arms, then a curry at Bollywood Cottage before train back to Leeds.

       I've done the original https://realaletrail.uk/ before but this was a great low key alternative.

       submitted by /u/andrewbyrom
       [link] [comments]

   22. 🔗 r/wiesbaden 2€/L Sprit ist der neue Schnäppchen-Preis rss

       Schon traurig, wie plötzlich alle Schlange stehen um für 2€/L zu tanken. Ich hoffe es geht deutlich weiter runter….

       submitted by /u/Loko21784
       [link] [comments]

   23. 🔗 r/Harrogate Any plans for the long weekend? rss

       I am looking forward to visiting the reopened Shepherd and Dog at some point.

       Keen to get into Weetons for some quality meat to chuck on the bbq.

       Will also take a trip out to Leeds either Saturday or Sunday for a bite to eat and a bit of shopping.

       submitted by /u/Similar-Actuator-338
       [link] [comments]

   24. 🔗 r/wiesbaden Massiver Rückstau Schiersteiner Brücke rss

       Kann mir jemand den häufig massiven Rückstau auf der Schiersteiner Brücke erklären? Gestern gegen 18.30 standen sie Richtung Mainz ja schon am Ortsausgang Schild von WI.

       Kommt das nur von den Pendlern oder sind dort Bauarbeiten?

       submitted by /u/Kaninchen2468
       [link] [comments]

   25. 🔗 Bits About Money Notes on a non-profit indicted for bank fraud rss

       The financial industry understands itself to be an arm of the government. We were inducted into this service other-than-willingly through the ordinary operation of law and regulation.

       This is uncontroversial and unsurprising to insiders.

       A claim which will be more surprising: some regulated financial institutions have delegated authority for account- and transaction-level decisioning to a non-profit.

       Another: that non-profit includes a private intelligence agency, which runs covert assets, publishes intelligence estimates, develops target lists, and communicates them to decisionmakers.

       Still another: the non-profit organized a coalition of the willing as an outgrowth of its intelligence agency. The willing non-profits, that is. The coalition engaged in a years-long campaign to coerce financial infrastructure and other firms to give them the ability to direct accounts to be closed. The infrastructure built to do this against domestic terrorists was applied to an American politician's fundraising efforts, and no one seemed to think that was odd.

       Last week, the DOJ unsealed an indictment against the organizing non-profit for bank fraud. This was based, in part, on how it paid the intelligence agency's covert assets.

       They likely developed evidence for that indictment using the Bank Secrecy Act (BSA) mandatory reporting regime.

       We begin, as always, with the bank fraud.

       The strategic logic of bank fraud charges in white collar indictments

       White collar prosecutions are structurally difficult because they frequently depend on intent. It is difficult to prove intent beyond a reasonable doubt, as it frequently depends on subjective mental states which we cannot directly observe. This problem is discussed in the literature including in book- length treatments.

       There exist ways to overcome this difficulty as a prosecutor.

       The classic one is waiting for the criminal to violate Stringer Bell's dictum on the wisdom of taking notes on a criminal conspiracy. You then introduce their notes into evidence. They will frequently contain explicit statements demonstrating mens rea (a legal concept of a "guilty mind"). The register of those statements will be less guilty and more gleeful. Crime is awesome! Wow I sure hope the government never reads this! Because we are committing so much crime right now!

       The prosecutorial toolbox has other tricks, too. Rely less on charges which require demonstrating intent. Rely more on what the economics of law field calls bright-line rules. For those crimes, you do not need to demonstrate what emotional valence someone experienced while committing a criminal act. You only need to demonstrate the fact of the act.

       Interdicting crime is an iterated game. Responding to our noted inability to manage some forms of crime, legislators have intentionally added some items to the prosecutorial toolbox. Whether one describes them as tools or weapons depends mostly on whether one touches them with the hand or the face.

       As Bits about Money has covered frequently previously, the anti-moneylaundering (AML), Know Your Customer (KYC), and related regulatory edifices function in a subtle manner. They do not simply proscribe conduct and rely on perfect enforcement by the financial industry. To achieve the overall objective of stochastically interdicting crime, the regs are designed to force criminals into repeated unpalatable tradeoffs. One is "You can choose making money, or you can choose never interacting with banks, but it is very difficult to choose both."

       We then follow the criminal into the bank. "By the way, lying to a bank is a crime. It doesn't matter what you think while you're doing it. It doesn't matter why you did it. It doesn't matter if you're a sinner or a saint. It doesn't matter if it is a big lie or a little lie. It doesn't matter if the bank believes you. Lying to a bank is a crime. And everything you say to a bank will be recorded for decades. It will be routinely forwarded directly to law enforcement if the forward-deployed intelligence analysts we force the bank to hire believe there is even a tiny chance law enforcement will find it useful."

       Al Capone infamously went down for the tax evasion because it was easier to prove than the murders. Drug smuggling is sometimes difficult to prove, but the smugglers will want their money in the regulated financial system. The mandatory questionnaire at account opening will ask "Why are you requesting this account?" They will probably not write down "Drug smuggling!", because a wag who tries doing so will quickly realize this does not successfully result in a bank account. So they will write any other answer. Now they have lied to a bank.

       And then, in the ordinary practice of U.S. prosecutors, you will charge them with any crimes you can prove, including the lie itself. And if you are able to demonstrate that it was in fact a lie, which is easier to prove than e.g. rolling up the entire drug smuggling network, you will then make a simple legal request: give us all the money you lied about. That request will be more directed at the banks than the criminal, and the banks will comply, with alacrity.

       Some worked examples of this in white-collar prosecutions

       Sam Bankman-Fried : SBF continues to believe he is innocent. His argument is, effectively, that being the best investor of his generation excuses stealing the principal to invest. That is not a defense in U.S. law, and the indictment charges fundamentally the same conduct (misappropriating money and crypto investors had on deposit at FTX) under a variety of statutory pathways, including 18 USC §1343 (wire fraud), §1344 (bank fraud), and §1956 (money laundering conspiracy).

       Let's focus on the bank fraud. One part of SBF's criminal empire needed banking in the United States. They could not convince a U.S. bank to let them handle FTX customer funds flows. But they wanted to do that. They incorporated North Dimension, a shell entity. Some shells have legitimate business purposes; this one existed only to deceive. North Dimension filled out a due diligence questionnaire. SBF signed it. It said North Dimension traded on its own account and did not handle customer funds.

       You need two bits of evidence to convict SBF of bank fraud. The first fits on one page of paper held by one bank. The second is the answer to a single question: "Did at least one dollar of customer funds flow into the North Dimension account?" Thousands of people at dozens of companies, and hundreds of thousands of electronic documents, know the answer to that question and you only need to find one.A single word convicts.

       Other charges can stack on the bank fraud. SBF deployed rationalizations about the core fraud counts like a squid deploys ink. Defeating all of them is unnecessary. A money laundering conspiracy requires showing agreement to a) move money that are the proceeds of at least one of a set of "specified unlawful activities" and b) any act to corrupt the integrity of the paper trail about that money movement.

       Bank fraud is a specified unlawful activity.

       And so you only need one more sentence to get the second charge. Many many sentences will do. Here's a question to elicit one: "Caroline Ellison, you are a cooperating co-conspirator. During the duration of your conspiracy, while you were the CEO of Alameda Research, did you at any time direct the North Dimension account to move money on behalf of Alameda Research, knowing that by this direction banking records would reflect the money movement to be directed by North Dimension and not by Alameda Research?" A single word convicts.

       SBF was, properly and justly, convicted of all of these crimes and more.

       He was not the first and he will not be the last. A brief survey for fellow aficionados of this genre:

       Dennis Hastert was accused of horrific acts against children but indicted for other crimes. He could not have been successfully prosecuted on the abuse even with a confession, because it was time-barred long before it came to light.

       Hastert paid one of his victims to keep him quiet. He was smart enough to make the payment in cash, but the system was smarter sooner, and made a trivial tripwire for attempting to move large amounts of cash out of the regulated banking system: your bank files a currency transaction report (CTR). Apprised of this, he changed his banking patterns to avoid the filing of a CTR. That is called "structuring" and it is a crime under 31 USC §5324(a)(3).

       When the FBI asked him about it they used another frequent prosecutorial tool to pick up a freebie. They asked why he had changed his banking practices. He did not say "To structure transactions to avoid the bank filing a CTR when I pick up hush-money." Instead, he agreed with the agents suggesting that perhaps he distrusted banks and simply wanted to keep hundreds of thousands of dollars of cash on hand. This gave the prosecutors a second charge of lying to federal officials.

       In a routine practice, they agreed to dismiss it if he would simply confess to the structuring. The implicit Or Else: "We go to trial, convict you on both, and you get a longer sentence both because the charges stack and because the sentencing formula will mechanically penalize you for this choice."

       Reggie Fowler was the U.S.-based partner of a payment processor which ripped off Tether. It will still be years before we unravel that ouroboros of crime. But that didn't need to delay the indictment, because he lied to banks that he was doing real estate development. Trivially a lie; his hundreds of millions had bought neither land nor buildings. Our old friend §1344 brought his new bestie §1343 (wire fraud), not because he defrauded Bitfinex/Tether but because he had caused his ill-gotten bank accounts to move money. Every movement is another crime.

       George Santos was indicted for a variety of abuses of the public trust. Prosecutions of elected officials are inevitably tricky business, particularly as finding the precise line between crime and politics-as-usual is contentious. (Many people seem to think that line should move radically every, oh, four years.)

       Happily, we have bright lines which don't move, like "don't steal credit cards" (§1028A). You can convict on that without needing to explain whether it was done with a gun or a political donation portal.

       Then you stack on wire fraud again, because we intentionally make it hard to spend directly on oneself from politics-adjacent pools of money, and so you need to move money at least once to enjoy it.

       Why do these indictments, and hundreds more, rhyme so much? Why can we employ these charges to such devastating effect against the rich and powerful, even those in positions of public trust, even those with allies who still love them? Because we maintain textbooks of how to make these cases and make them stick.

       Criminal law textbooks published on the Internet

       White collar criminal cases are like any other high-end bespoke services work. One could imagine that the production function is fully artisanal, like something out of a traditional French restaurant.

       You, an aspiring lawyer, labor for years under the eye of a terrifying supervisor. He periodically steps behind you, rips a brief from your hands, screams at your incompetence, and you have learned one new thing. After twenty years, you now write your own indictments. They bear his distinctive stamp but your signature. You have added your own spin, which you will pass on to the rising generation, via the traditional mix of hazing and hands-on instruction.

       This happens. But in law, as in restaurants, we are allowed to write down recipes and tell people to just follow the steps.

       For example, we in the financial industry are obliged to file Suspicious Activity Reports (SARs). These are basically three-ish page memos. Combined with statutory tools such as those discussed above, these memos will giftwrap charges and convictions. They get saved by the Financial Crimes Enforcement Network (FinCEN) for decades and some small fraction of the four million filed every year will eventually be read by a public servant.

       The bank pays the screening vendor which fires the alert, the bank pays the intelligence officer who reviews it, the bank pays the senior compliance analyst to spend a few hours collecting data from various employees and web applications into a single coherent narrative. And then the public pays the prosecutor to copy/paste the SAR into an indictment. (Accept this as a slight exaggeration, but if you can't name a paragraph lifted from a SAR into a federal criminal indictment, you will be able to in about five minutes.)

       FFIEC BSA/AML Examination Manual**: **

       One purpose of filing SARs is to identify violations or potential violations of law to the appropriate law enforcement authorities for criminal investigation.

       …

       Examples of agencies to which a SAR or the information contained therein could be provided include:

       • the criminal investigative services of the armed forces
       • the Bureau of Alcohol, Tobacco, and Firearms
       • an attorney general, district attorney, or state 's attorney at the state or local level
       • the Drug Enforcement Administration
       • the Federal Bureau of Investigation
       • the Internal Revenue Service or tax enforcement agencies at the state level
       • the Office of Foreign Assets Control
       • a state or local police department
       • a United States Attorney 's Office
       • Immigration and Customs Enforcement
       • the U.S. Postal Inspection Service
       • the U.S. Secret Service

       A diligent public servant is welcome to use FinCEN's database to get additional information on the subject of an existing investigation. But FinCEN will happily tell you the other sequencing works fine: trawl the database "proactively." Most SARs are not evidence of crime! But if you have the choice between doomscrolling Twitter and doomscrolling the SAR database, one is much more efficient at converting into prosecutions. Their phrase for this is proactive SAR review and they have twenty volumes more if you are interested.

       Very few Americans not professionally implicated in this surveillance regime understand it exists. FinCEN employees and bank compliance officers depend on it for their continued employment, and so it might be understandable why they are such effusive fans. But the regime does have informed critics, including occasionally this author.

       One critique is that this regime is functionally an end-run around the Fourth Amendment. Civil libertarians have made this point for decades, but never with the economy of phrase as the U.S. Immigration and Customs Enforcement (ICE) internal magazine Cornerstone's article The Currency Transaction Report: Controversial To Some--Essential To All.

       Why is the CTR so useful to law enforcement, ICE?

       ICE: ICE special agents utilize CTRs to establish links between individuals and businesses, and to identify co-conspirators and potential witnesses. This information is often utilized to meet the 'probable cause' requirement necessary to obtain search, arrest and seizure warrants.

       Is this surveillance regime narrowly tailored?

       ICE: ICE conducts approximately 1 million record checks of BSA data each year.

       If a libertarian were scripting you right now they'd ask you to say that innocents have nothing to hide.

       ICE: Individuals and businesses conducting legitimate transactions have no reason to avoid the filing of CTRs.

       Yikes. Say, did you ever articulate the intentional double-bind twenty years before Bits about Money did?

       ICE : However, criminals are forced to make a choice between appearing to be a legitimate customer, thereby exposing their assets and money movements through BSA reporting requirements, or engaging in risky, illegal actions to conceal the movement of their funds.

       Wow, it seems like this field is filled with carefully laid traps that function exactly as designed. Did you by chance happen to publish the Hastert prosecutorial strategy ten years early?

       ICE: Suspicious attempts to avoid the filing of a CTR by structuring cash deposits (making a series of deposits just under the $10,000 reporting threshold over a number of days) is a significant red-flag indicator of criminal activity and one of the most frequent triggers for the filing of a SAR.

       Which brings us to the Southern Poverty Law Center (SPLC).

       A textbook prosecution of bank fraud in many respects

       On April 21st, 2026, the Department of Justice unsealed an indictment of the SPLC for bank fraud.

       The SPLC is a storied civil rights organization. Like many non-profits, it runs a portfolio of what are sometimes called "programs" under a single roof. One of those programs is producing a data product listing individuals and entities that it considers to be involved in hate and anti-government activities.

       That data product is important financial infrastructure, and we will return to it in a moment.

       The SPLC runs a private intelligence service to produce it. The SPLC has in the past paid informants, who it describes as "field sources." Those informants are generally members of what it describes as domestic terror organizations. The existence of this program has been public knowledge for decades.

       It is unlikely that any magistrate in the United States would approve a warrant to search the bluest-of-blue-chip civil rights organization's papers on the suspicion that they have created a fictitious CIA to launder money to the wife of an Exalted Cyclops of the Ku Klux Klan. Are you not aware, officer, that the reason this organization is in high school history texts is they developed a novel civil litigation strategy to bankrupt the Ku Klux Klan? You will not get your warrant. You would be lucky to escape court without a citation for contempt or an order for psychiatric commitment.

       Well, good thing nobody ever had to ask for that warrant.

       Banks don't need warrants to become quite alarmed when they discover that they have created an account for the Center Investigative Agency and several other sole proprietorships for the same person… and those businesses don't receive revenue, run payroll, buy office supplies on their debit card, or rent office space. No, the only thing they do is take large deposits then transfer out hundreds of thousands of dollars directly to, Great Scott, the worst people imaginable.

       Substantially every employee of the financial industry, CEO or teller or product marketing manager that they may be, is obligated to attend a yearly training on their BSA compliance responsibilities. That training customarily requires you to pass a test. If that test stipulated this scenario and then asked what the financial institution must do next, there is only one correct answer: Conduct an investigation, close the accounts at issue with very high probability, and file a Suspicious Activity Report.

       We return from this flight of fancy to the indictment. Excerpting verbatim:

       Starting in the 1980s, the SPLC began operating a covert network of informants who were either associated with violent extremist groups, such as the Ku Klux Klan, or who had infiltrated violent extremist groups at the SPLC 's direction.

       If one does not closely follow this community of practice, one could be forgiven doubting whether prosecutors are being candid here. This claim does sound farfetched. The indictment, in this paragraph, is neutrally recounting the truth. The SPLC is proud of that program, which it ran for decades. NPR's gloss:

       The indictment came shortly after the SPLC revealed the existence of a criminal investigation into its disbanded informant program to gather intelligence on extremist group activities.

       Well, OK, they ran an intelligence agency. One can construct a narrative by which that makes some tactical sense. Sure.

       How did they get a bank to go along with making payments to people who the SPLC has spent decades attempting to make it impossible to pay. Did they perhaps… lie to a bank?

       Indictment:

       To secretly funnel donated money to the Fs, individuals at the SPLC, including a person who would become the Chief Financial Officer ( "Employee-1") and a person who would become the Director of the Intelligence Project ("Employee-2"), among others, opened a series of bank accounts at Bank-1 and Bank-2 in the name of various fictitious entities, including, but not limited to, the following: Center Investigative Agency ("CIA"), Fox Photography, North West Technologies ("North West Tech"), Tech Writers Group ("Tech Writers"), and Rare Books Warehouse ("Rare Books").

       Oh dear, SPLC! It would be extremely bad for you if you had in fact opened accounts for businesses which do not actually exist, then used them to move funds! Perhaps you can just pray that the feds never find out? … The bank is quite likely going to find out, though. Some bank accounts have red flags. These red flags have bank accounts.

       Indictment:

       In 2020, Bank-1 conducted an internal investigation into these accounts.

       Oh that's… unsurprising given the asserted facts. Well, your options are diminishing rapidly at this point.

       Hey quick intermission: want a surprisingly reliable way to combat credit card fraudsters, drug dealers, and the like? First, you identify one of their accounts which is definitely committing crime. Usually they have lots of these and cycle through them quickly. They are often opened with synthetic or stolen identities. Burning the identity doesn't get you all that much; they have thousands to cycle through. So just freeze the money in the account. Then, rely on human nature: nobody likes giving up "their" money. So compassionately offer to help them out, by offering to transfer the money from the frozen account to another account they control. We just need your quick written instruction to send your money to your other account, sir.

       Indictment:

       Thereafter, an SPLC employee requested that Bank-1 close the accounts associated with the CIA, Fox Photography, North West Tech, and Tech Writers and transfer the remaining balances in these accounts to a Bank-1 account ending in 6050 held in the name of the SPLC.

       Industry practice varies on whether you give the user their money back before filing the SAR.

       There are some grey areas in practice. You can't return the money if you understand the user to be e.g. Hamas. You might be able to return the money if you understand the user to be e.g. engaged in unsupportable but debatably legal behavior.

       "Unsupportable" here is a term of art: the institution, in its considered judgement, cannot allow it to happen on systems it controls. Many legal acts are unsupportable, and a determination of supportability is not and cannot be coextensive with a criminal conviction. Compliance officers are not federal judges and are happy to defer to them.

       Please, we beg you, do not ask Compliance to run a parallel criminal justice system. We will do it if you force us to, but you will not like the outcome.

       One of the functions of getting an explanation in writing from the SPLC (we will get to it; it is a doozy) is the financial institution seeks to absolve itself. Did we open accounts for cutouts to a domestic terrorism organization? If we did, *#%( , our regulators need to hear about that today. But this admission can be shared with a later regulator to say "We were unaware of the actual ownership of the accounts when opened and for ten years of use, which we agree is bad. We then executed our responsibilities with urgency. On the strength of this communication from the SPLC, which is not a terror organization, we decided to not immediately call you, and instead relied on the ordinary processes of our Compliance function. We will listen attentively if you feel we were ever derelict in our duties."

       One of those duties: a financial institution must, as a matter of black letter law (31 CFR § 1020.320), file a SAR if its investigation discovers a transaction designed to obscure the provenance of money. Transactions, by their nature, reference the account title (ownership, which could be by a e.g. company or trust) and beneficial ownership information (the ultimate people who have economic interest in the account). Any transaction conducted by an intentionally mistitled account is immediately and mandatorily reportable as soon as the financial institution has knowledge of this fact.

       Alright, options for the SPLC are narrowing precipitously, but perhaps it can argue that those two employees, senior though they might be, were acting rogue? Or perhaps they could argue that the SPLC was institutionally unaware of the specific financial infrastructure its employees had created to support the SPLC's intelligence program?

       Indictment, quoting the President and Chief Executive officer of the SPLC, to the bank:

       Pursuant to the discussion we had earlier this week, please let this correspondence serve as confirmation that the accounts listed below were opened for the benefit of Southern Poverty Law Center operations and operated under the Center 's authority. The following accounts are listed below:

       ...6700 Center Investigative Agency -- opened 1/31/2008, closed 8/5/2020

       ...9674 Fox Photography -- opened 1/31/2008, closed 8/5/2020

       ...6743 North West Technologies -- opened 1/31/2008, closed 8/5/2020

       ...6751 Tech Writers Group -- opened 1/31/2008, closed 8/5/2020

       ...6719 Imagery Ink -- opened 1/31/2008, closed 3/15/2013

       ...6727 J &J Electronics -- opened 1/31/2008, closed 3/15/2013

       ...6735 Kelly 's Marine -- opened 1/31/2008, closed 3/15/2013

       There are a variety of ways for the DOJ to get the CEO's email. It may have been attached to a SAR, and therefore filed automatically with FinCEN. The other way, of course, is to pivot from a SAR (or any other reason to open an investigation) to a request that the bank produce records. Subpoenas are not strictly required; that document exists to exonerate the bank. A financial institution, concerned it is falling under negative government attention, might proactively offer to share what they know.

       In any event, the feds got what they needed.

       This written communication is a succinct confession to bank fraud.

       There are multiple different ways to charge it, as we have seen. The indictment went with §1014. And if the SPLC admitted to bank fraud, then the transfers are wire fraud. And if the transfers were wire fraud, then the… you've seen this movie before and it ends predictably.

       I do not expect this conclusion to be a happy one to all readers. I believe it to be correct.

       There exist lawyers who say that the legal analysis in the indictment is sloppy. That statute is a weapon. Weapons wielded sloppily hit the target all the time. A weapon that only works when wielded perfectly is poorly designed.

       Some commentators have implied theories that, for example, §1014 only applies to applications for loans. Excerpting the statute:

       Whoever knowingly makes any false statement to … any [FDIC-insured institution]... upon any application… shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

       This is extraordinarily broadly drafted, by design.The long list of alternatives to application includes loan, and as a basic principle of statutory construction, this means that Congress considered limiting the list to only loan applications and then intentionally did not do that.

       In Wells, the defendant sold something of value to a bank, rather than borrowing money from them. (Turns out copiers print money, in a sense; you can sell the future revenue stream.) The lie was a relatively tiny detail relevant to the pricing discussion. Wells was prosecuted under §1014. The controversy was not "Does §1014 allow prosecution outside of loans?" Yes, read the plain text of the statute. But the holding is as interesting as the data point. Can you be convicted of fraud over a tiny lie? The Court held there is no materiality requirement under §1014. You can be convicted of fraud for a lie that doesn 't matter if you tried to influence any decision of a bank.

       Some have advanced the notion that the account application is misleading but not false. This matters due to Thompson, decided last year by the Supreme Court, which holds that §1014 doesn't cover misleading but true statements. Consider what happens when the prosecutor summons a senior SPLC executive to the stand and says: "So, Fox Photography, which you ran as a sole proprietorship. Did you buy a camera? Did you advertise? Did you file for a DBA? Did you make a website? Does Fox Photography have any activities other than this bank account application? You had three other businesses. Which of them did anything other than obtaining banking services?"

       Some believe, plausibly, that the prosecution is politically motivated. Others might counter that the SPLC is the nation's leading expert in lawfare and has just discovered sauce for the gander. Still others might believe both claims. Or they might believe "This looks like retaliation for the SPLC coordinating a coalition to interfere with Trump political fundraising," which is not the way coalition participants say the SPLC gained his enmity [archive]. We will return, at length, to the activities of a coalition the SPLC co-founded.

       Many commentators have argued that this program has been discontinued. Yes, bank fraud will frequently cease after its discovery. That is definitely a goal of this apparatus, and is almost definitionally true. Almost all white- collar prosecutions will happen after the conduct giving rise to them has ceased. The financial industry would certainly be chagrined to learn about a live fraud happening on its rails from the indictment. (That does happen; we have processes to detect it happening and then immediately investigate accounts associated with entities that were just indicted. We will discuss how data products and screening infrastructure function in substantial detail below.)

       The industry as an institution expects its supervisors in government to bring these cases, all the time, against targets that have many friends, positions of authority, extremely competent defense lawyers, and sincere belief that they are innocent of any real crime. The government expects, as an institution, to be overwhelmingly advantaged in these cases.

       Many commentators, including the government itself, have made this indictment mostly about the fraud against donors. Many believe that argument to be a stretch. I agree, unreservedly. As a connoisseur of this genre, I have read few documents which are simultaneously so far from the conventions while adding so little new to the canon.

       It is a stretch that the government routinely makes and wins in other contexts. Matt Levine has collected several hundred examples of the genre, which he calls Everything Is Securities Fraud. That genre is, succinctly, "If you run a for-profit corporation, and have raised money from outside investors, and anything at all goes badly, and you did not describe exactly that thing to the investors as a risk, you have arguably defrauded your investors." The government is comfortable making that argument and wins it routinely.

       Perhaps Everything Is Donor Fraud. Perhaps not.

       But, again, the design of this system is so you don't have to prove the hard crime, the one where you're being creative and taking some risks and pushing the envelope. You only have to prove the easy one, in exactly the same way hundreds of cases have won before. You will then use the spectre of conviction for (minimally) that as procedural leverage, and your target will likely settle.

       Absolutely textbook.

       Data products and mechanistic decisioning

       A brief break from the SPLC's situation. We'll return in a moment. I had promised you a discussion about how the financial industry uses certain data products, including one published by the SPLC. We will begin with the canonical example of a data product.

       As BAM has noted in discussing so-called debanking, the United States does not maintain a secret blacklist of people who can't gain bank accounts. It maintains a public one.

       Regulated financial institutions must deterministically reach the correct conclusion about accounts or transactions where they benefit certain people and organizations. That blacklist is called the Office of Foreign Asset Control (OFAC) list of Specially Designated Nationals (SDN). In broad strokes, this is a blacklist for foreign terrorists and narcotraffickers. (Banks aren't the only people who can't transact with the OFAC list. Reader, if you are an American, you can't either, under penalty of law. But enforcement action is concentrated against banks et al because they are a, how might one phrase this, choke point for money movement.)

       In theory, every time a bank opens a student checking account, it can have a bank employee mosey on over to the OFAC website, search the list in real time, and then determine that the prospective customer, yep, isn't on the OFAC list. This is quite impractical and unlikely to be considered an acceptable set of controls by a regulator unless it is the smallest-of-small-town community banks.

       You could write your own software to periodically download the list (yep, we just publish the files) from OFAC, and then compare new accounts and in-progress transactions against your recently-synced copy in your database. Most financial institutions do not choose to do this. It is fiddly, extremely high downside if you get wrong, and has zero financial upside if you do a better job than "minimally adequate." Also, you have to do it many times redundantly across hundreds of functions of your financial institution. Checks, wire transfers, accounts payable, even your employee giving program! This set of considerations spells "outsource this function."

       The jargon for the function is "OFAC screening" and the company or companies which the financial institution engages to handle this are selling "data products." You will work with your vendors and your internal IT teams to integrate those data products (which might be APIs, or platforms, or similar) with your other IT systems.

       Then you turn everything on. Presto! You get alerts sent to Compliance if someone appears to be OFAC-listed. One of the large team of intelligence analysts you are forced to hire will be instructed to click through alerts as they stream by. The interface frequently resembles a Twitter feed from the most boring possible circle of hell.

       Your analyst will tell the system to ignore the false positives (extremely common relative to true positives, but you basically have to look at every one) and action the true positives. "Action" here means close the account or block the transaction. A close synonym is "decision" the account.

       If you're technically sophisticated, you can probably configure your screening vendor to pass alerts off to some combination of heuristics, machine learning models, and other AI techniques before they are sent to a human. Alert fatigue is real and dangerous. You can decrease it by automatically decisioning low- risk accounts/transaction, based on criteria acceptable to your regulator, which you will write in your policies. Perhaps you have recorded that you have a U.S. passport or other evidence of citizenship on file for the account holder and therefore it is vanishingly unlikely they are the SDN whose citizenship is Farawayistan even if the names look similar. You might reasonably argue that, for retail accounts that are incapable of moving large amounts of money, that is good enough.

       A bit of engineering and Compliance jargon: this architecture is a pipeline. An alert enters the pipeline from your screening vendor. It goes through some automated decisioning and routing to end up in a particular queue for a particular team of analysts. They decision the alerts which will, in some cases, be the end of it. In other cases, this will result in a new type of entry in a new pipeline, perhaps to effect the series of actions one must take to offboard an account. Pipelines are serviced by a mix of technical and human systems, and governed by both computer code and process documents written in English. Both the code and the documents are subject to review from your regulators. (They are far more likely to read the documents than the code, but they have essentially carte blanche to ask Compliance for anything they want that describes e.g. the OFAC pipeline, and Compliance will probably not push back very hard. Keeping a positive relationship with regulators is a very large portion of their job.)

       The OFAC list is the canonical data product, but your screening vendor really wants to sell you several. Can you charge for a list the government makes freely available? Absolutely! Because the screening vendor isn't simply charging for the list. They are charging for a complex technical and human system around the list.

       One factor among many: you expect the list to change and you want them to be in charge of making sure you always have a very recent version. You also want them primarily in charge of understanding the e.g. regulatory environment around their data products. If one of the products goes from advisory to mandatory, you want to learn that from your vendor before you learn that from a pissed-off examiner wondering why you didn't read the bulletin two years ago.

       Some data products have very different characteristics than the OFAC list.

       One example, alluded to above, is repackaging criminal indictments into a screening list. You might bank Bob's Autos. If Beneficial Owner Bob is indicted as a money launderer for the mob, you want to know that very quickly so that no one e.g. drives off with the balances in Bob's Autos' accounts.

       But you don't have to close an account if someone is indicted, not like you have to close the account if they're added to the OFAC list. It's a judgement call, and you'll have described your decisionmaking process for it in internal procedures documents, and your regulator will have blessed them. So one of your intelligence analysts gets the tweet-sized version of the indictment from the pipeline, reads "Misdemeanor assault", and probably decides "Bob's in trouble, certainly, but still supportable." Or they read "Felony bank fraud" and that analyst very likely kicks off an internal investigation. Or, and again this is the dominant case, Close As False Positive. Turns out there are a lot of Bobs in the world who own car dealerships; that Bob was not our Bob.

       Another data product is so-called "adverse news" screening. This one is not an extension of state power like the OFAC or prosecutorial lists, not directly. You have much more discretion on whether you buy it than you have on OFAC screening. But your screening provider might have gone to the trouble of licensing wire service articles or newspaper feeds or the Twitter firehose or similar. They repackage it and match e.g. mentions of colorful local businessmen (a classic newsroom euphemism for "mob, but we can't prove it and he has lawyers ready to sue for defamation") to your accountholders. If a colorful local businessman is reportedly on the lam and feared to have left the country, and then he asks for an international wire transfer, you probably don't want to simply process it.

       And now the data product you've been waiting for: the SPLC Extremist Files. Like the OFAC list, it's available for free on their website, but there do exist screening providers which will happily charge you for it. Part of that work is for scraping, part of that work is for e.g. matching names to e.g. charity EIN numbers, etc. Your screening vendor will happily tell you, though, that the data product they're selling you is really SPLC's considered judgement, packaged in a way that makes it easy to include into your pipelines.

       Why would you buy this data product? In part, it is because the financial industry broadly considers the SPLC an extraordinarily trustworthy non-profit. It is widely believed that if they say you're a Nazi, you're a Nazi, and we don't want to do business with Nazis. Financial institutions, like other firms in capitalism, have broad discretion (with some specifically enumerated exceptions) in choosing who they do business with.

       An aside to conservative and progressive critics of the SPLC: yes, I know, they are not as selective, restrained, and expert as their reputation suggests. But please accept for the moment that the financial industry understands this less well than you do.

       One citation for the industry broadly considering the SPLC reliable and being aligned with their views on the good: JPMorgan Chase, the largest bank in the U.S., practically a metonym for conservative-as-a-banker, gave them $500,000 specifically to "work in tracking, exposing and fighting hate groups and other extremist organizations."

       If you were to have a thousand conversations in the financial industry about non-criminal clients you don't want to do business with, you would hear the SPLC cited more than any other group or data product.

       Some of the most established screening providers do not carry the SPLC data product, though they have data products which compete with it. The SPLC has in the past criticized those providers by name:

       _World-Check is often criticized by civil rights organizations, advocates, and experts on international terrorism for bias and misinformation that can result in the blacklisting and de-platforming of legitimate charitable groups. The commercial nature of World-Check, its lack of coordination with civil society organizations, its use of unsubstantiated data, and its lack of transparency make it a highly problematic tool to screen out hate. _

       In substance, the SPLC's complaint is that our competitors list people we wouldn't, don't list people we would, and we're just better at this. Which, fair enough, everyone is allowed to have an opinion.

       How did we arrive at the position where financial institutions clamored for their data providers to offer SPLC screening? Marketing and sales are skills and the SPLC is very, very good at them. Also, again, read a history book of your choice; they picked a fight with the KKK and won. If you get a reputation for doing that for decades and also have an aligned product many customers feel the need for, sure, they will want to get it from you specifically.

       That is not the only reason why many people in tech companies, financial infrastructure companies, and banks are intimately acquainted with the work of the SPLC. We will return to the oth er reason in a moment.

       But, what does your SPLC pipeline do? Depends! Perhaps alerts go to an analyst, who checks it for false positives (yep, hits will frequently be false positives), and in the case of true inclusion you have a spirited debate within your firm. Perhaps some people argue that even Nazis need to eat, and to eat you need money, and that on balance the marginal harm of giving this particular Nazi a checking account is outweighed by the social utility of their children not starving to death. You are consuming the SPLC's data product on an advisory basis; your firm retains full control of decisioning.

       Or you could configure your pipeline to automatically deny services to anyone the SPLC lists, either by operation of computer code or by the programmatic- but-in-the-sense-of-directing-humans way that many processes still work in the financial services industry.

       Jeff Bezos, in Congressional testimony, describing Amazon's reliance on the SPLC data product for AmazonSmiles, a now- discontinued charitable product they offered:

       _" We use the Southern Poverty Law Center data to say which charities are extremist organizations. We also use the U.S. Foreign Asset Office [sic] to do the same thing." _

       Bezos was interrupted before he could finish his next thought; you're welcome to read the testimony for full context. He is clearly referring to the OFAC SDN list.

       Bezos went on to elaborate that the Fortune 2 company could not operate AmazonSmile without some way to kick out the extremist organizations and that SPLC was, effectively, the only reasonable option. He asked Congress for other suggested data providers. None were offered. (No, really, he did that.)

       Let us pause to acknowledge that Bezos, one of the richest men in the world, considers these two four-letter organizations as peers. One of them is created by statute, operates within constitutional and administrative-law constraints, and answers to Congress, the courts, and ultimately the people of the United States of America. It could jail Bezos, personally, for willful non- compliance. And the other is …some people in Montgomery with a very specific interest, whose decisions are subject to review by no court, and whose only power appears to be moral suasion.

       Bezos was equally and entirely committed to satisfying both.

       Why? We'll return to it in a minute.

       As a longstanding financial infrastructure enthusiast and practitioner, I am confident that SPLC screening is used on an advisory basis in very many sectors of the financial industry. It is also used in a delegated authority fashion for some products at some firms, in the fashion that Amazon used to. In the delegated-authority cases, an SPLC hit kills an account application or transaction as cleanly and automatically as an OFAC hit does.

       Perhaps that strikes readers as implausible, even after you just heard it in sworn testimony to Congress. I offer to you publicly documented examples, frustrated that they all cluster in a small set of the vast panoply of financial products. There is a reason for that clustering, related to the SPLC's marketing and sales motion, and we will discuss it in a moment. A warning: if you assume the public examples are fully representative of the SPLC's delegated authority you will materially underestimate how much actual power the SPLC has over financial infrastructure.

       Many employers in the United States offer a perk: if you donate to charity, we'll match what you donate, up to some dollar amount and subject to some restriction. This is, morally, compensation, just like the salary is compensation, just like the 401-k match is compensation, just like the healthcare benefits are compensation. Firms use specialist providers of financial services to run payroll, administer 401-k plans, and deliver health insurance.

       Deed offers a workplace giving program as a service (WGPaaS? We'll workshop it.) Some Deed customers are banks, and so they have a ready answer [archive] for your Compliance people on the work Deed already does on your behalf: Continuous Monitoring: Stay protected with up-to-date screening against sanctions and regulatory watchlists, including IRS, OFAC, SPLC, PEP, and adverse media.

       One of these acronyms is not like the others.

       This perk is quite popular in banks, who have been trying to shake the heartless image since the Medicis, and who want people to feel good that they teleport value through time and space but also really and truly care. So some financial institutions in the United States, possibly without knowing it , may have, in delegating authority to Deed to decision requests for compensation, indirectly delegated it to the SPLC.

       I assume, as enterprise-grade software, that many workplace giving programs have many levers available to customers if they want HR to review every match of a $20 donation to someone's parish. As a self-evident statement of prioritization: no, HR does not want to do this, at all, ever, please stop wasting my time, configure it the way you do for every other bank. Do you expect Customer Success to press on and say "Nope, sorry, not enough to proceed. Is being able to donate to Nazis important to your employees?"

       An observation from someone who worked in the marketing department of a financial services company: features on the industry-specific solutions page are there because customers care about them and not having them is a dealbreaker. So you must offer the SPLC screening to customers. But it is socially impossible to ask whether they want it. Product decision time: what is the default value of the Allow Gifts to Nazis checkbox.

       Now, a quiz: do you think Compliance at a bank is neutral on "Can the bank delegate transaction-level decisioning authority, in any part of the business, however small, to an entity under federal indictment for bank fraud? Does the answer change if they are convicted of bank fraud?"

       No! Compliance will not let you do that! Not because they are worried about the integrity of the blacklist. An accused bank fraudster has the final say to approve money movement out of a regulated financial institution. That is very likely intolerable to Compliance.

       What happens next? Well, remember, when you bought the data product, you were also buying someone anticipating your concerns before you even voice them and preparing options before you ask. Jeff Bezos' words echo in San Francisco today: Does anyone know another option?

       Deed is not an outlier in workplace giving programs.

       Groundswell? The FAQ recently read "Groundswell does not process donations to organizations denoted as hate groups by the Southern Poverty Law Center. " _but changed to " Groundswell conducts due diligence to confirm they meet applicable IRS standards. Clients can also configure their own charitable restrictions within Groundswell, including allowing or blocking specific organizations or categories of organizations, in accordance with their internal policies."_

       No prizes for guessing the default.

       Millie? Blog: " Vetting nonprofits can be a time and labor sensitive task… That is why vetting is typically left up to the experts at SPLC. All vetting for the Millie database is even through the SPLC!" [sic throughout] [archive]

       And, again, you are reading the tip of the iceberg. There is much more use of the SPLC list in the financial industry, in much more important products than workplace giving.

       Why is it so easy to find public evidence in giving programs but not of SPLC blacklisting in e.g. life insurance or wire transfers or options trading?

       The SPLC and its allies bootstrapped a consensus in their core community of practice, non-profits and the supply chain that funds them. I will describe the shape of that consensus without making specific claims about truths. It is: either you're screening charitable donations for hate funding, or you are a monster. You will not attend our parties. You will not get our retweets. You will be iced out of the flow of money , because we have friends at Ford. One phone call and Open Society is closed to you. And then good luck paying your staff. We have spent our professional careers getting very good at delivering social consequences through tightly coordinated coalitions. Get with the program, or get consequenced.

       If you want to understand why the charitable giving world moves in lockstep here, start with the Amalgamated Foundation's "Hate Is Not Charitable." You will find it a project to reconstruct what that did, but the SPLC has a whitepaper with most of the important story beats.

       It's a long story, and I would rather tell you a different story, about how the SPLC formed a coalition to gain account- and transaction-level decisionmaking capability at tech companies, financial infrastructure firms, and banks through a coordinated pressure campaign.

       Parts of this story are abundantly reported in public. Parts are extremely well understood in the organizations that the SPLC's coalition repeatedly persuaded, cajoled, or threatened (pick your favorite verb for the moment).

       Some parts of the story are original public interest reporting. What is the public interest in candidly recounting the exercise of power over Nazis? Because they did not stop once they achieved power over the Nazis.

       The coordinated pressure campaign, as experienced by industry

       One coalition of non-profit organizations ran an organized pressure campaign against industry, for years. It started in 2017, with the SPLC and another non-profit informally coordinating. It intensified and formalized in 2018, under SPLC co-leadership. It escalated sharply in 2020 and 2021.

       The campaign had two main components. The first was public advocacy and communications work. The second, less visible but more consequential, was a series of meetings with industry. Hundreds of meetings. With a specific target set of companies.

       The campaign's declared aims were three. To convince those companies to censor more communications the coalition characterized as hate. To blacklist organizations and individuals the coalition characterized as promulgators of hate or violence. And to interdict the flow of funds to those blacklisted parties.

       The coalition claimed to be non-partisan. Be on the lookout for mentions of "non-partisan," because it is a word the coalition understands differently than I do.

       The coalition calls its targets "Internet companies" and relies on government, media, and the public to not read the fine print. In it, they define Internet company mendaciously to include banks, credit card processors, and any other financial infrastructure their enemies could touch. The coalition was going after posts, but it was also and primarily going after money. I will use the language "industry participants" going forward to identify who they met with.

       Industry participants included Facebook, Twitter, JPMorgan Chase, Visa, Mastercard, and many other firms. Some were among the largest companies in the world. Others had fewer than 10 employees. (I estimate headcount based on published reporting and industry experience.)

       Stripe was an industry participant. I was employed at Stripe continuously from late 2016 through early 2023, covering the entire period under discussion. I remain an active advisor to Stripe. Stripe does not necessarily endorse what I write in my personal spaces.

       This series of hundreds of meetings involved hundreds of employees from industry participants. Those employees included C-suite executives and managers and individual contributors across a host of functions. Those functions included communications, legal, government affairs, Trust and Safety, and compliance professionals.

       Meeting notes were frequently kept, and sometimes widely circulated, as is the routine practice in industry. The meetings were documented on calendar invites (often with full participant lists), shared docs, attachments, emails, and other contemporaneous records. In the ordinary practice of industry these primary documents distribute themselves promiscuously into secondary documents; think of an email being screenshot to paste into a PowerPoint to discuss the response in a meeting. Records exist on conservatively hundreds of systems and can be accessed by many more than 10,000 people.

       No employee of an industry participant I have spoken to, familiar with the contents of the meetings, was willing to provide quotes for publication with their name and corporate affiliation attached.

       Their reasoning included not being authorized to disclose private information, fear for their personal and corporate reputation, future career consequences for leaking, personal consequences for being identified adjacent to national political controversies, in some cases fear for their physical safety, and in some cases unwillingness to betray a cause they personally support.

       Industry participants recount the tone of the meetings differently, and as varying over the meetings. Some meetings were strained-but-professional. Sometimes the coalition participants were described as demanding and "hectoring." Industry participants report abusive remarks towards their companies and to the people in the meeting.

       Industry participants were repeatedly told that if they did not accede to demands they would be profiting from evil, complicit in the death of innocents, or benefitting from white supremacy. The innocents claimed to be at risk were often specifically identified as black, including during a period of intense societal concern for the lives of black Americans specifically. Industry participants were told that they wanted this. That they were taking "blood money". Industry participants repeatedly felt personally attacked, in ways and using language not normative in their professional experience.

       On the account of multiple industry participants, coalition participants explicitly held individuals in the meeting personally responsible for the actions of their employers. This was aimed at individuals with substantial influence and authority in companies, and also at junior employees.

       Industry participants describe the coalition participants as threatening their employers, openly and by implication.

       The most commonly described threat was coordinated negative public messaging with the goal of causing reputational harm to the industry participants. Feared comms outcomes ran the gamut from heavy mainstream media coverage to a Twitter pile on. Twitter is real life, particularly when a large and vocal contingent of your employees use it and Slack simultaneously. Ever been pulled into a meeting over a single customer tweet then burn weeks on managing the fallout? Count yourself lucky.

       Less commonly, the industry participants perceived they were being threatened with adverse legislative, executive, or regulatory action indirectly by coalition participants who are reasonably read as exercising substantial political influence. Industry participants sometimes report that coalition participants flaunted their political influence.

       Industry participants were repeatedly told that if they did not accede to specific demands, they would share the blame for future deaths. Bits about Money has reviewed contemporaneous records which unequivocally make this claim, authored by coalition participants. We note that this echoes language the coalition routinely puts in press releases, Medium posts, and similar artifacts after presumptively careful review of the phrasing. The coalition was inconsistently disciplined in phrasing in documents we have reviewed, and we decline to quote their phrasing, in part, out of charity.

       You will share the blame. We will hold you responsible.

       The coordinated pressure campaign, as narrated by its authors

       The coalition has publicly and voluminously described their own understanding of what was said in those meetings.

       Where employees of industry participants dispute their characterizations, I will characterize broadly what some employees of industry participants have said, to preserve their anonymity. You should not view this as a claim on behalf of all industry participants. Patterns emerge frequently, but I am making no claims about unanimity.

       Mid-2017: Color of Change dialogue with PayPal begins

       Many left-of-center voices felt that white supremacists had been emboldened by the 2016 election of Donald Trump. Beginning in mid-2017, Color of Change communicates with and meets with PayPal, with the objective of cutting off financial services to hate groups. Color of Change is a civil rights organization which specializes in online organizing.

       The Center for Media and Democracy, an aligned non-profit, quotes a senior executive as saying "Let's be clear: public speech promoting ideologies of hate always complements and correlates with violent actions."

       Industry participants characterize the coalition participants as asserting that speech was inseparable from conduct. Free speech concerns were dismissed and, industry participants report, mocked, including with the dismissive rendering "freeze peach."

       August 11th, 2017: Charlottesville Unite the Right Rally

       As has been abundantly reported elsewhere, a coalition of white nationalist, neo-Nazi, and alt-right organizations (per voluminous public reporting tracking self-identification) organized a rally in Charlottesville, Virginia. This sparked counter-demonstrations. A rally attendee struck and killed a counter-demonstrator with his car.

       Color of Change intensified its existing engagement with PayPal and other industry participants. Rashad Robinson, then executive director, would describe them in detail later, to a podcast on iHeartRadio. Fast Company [archive] approvingly cites that this came after "Robinson used similar tactics to move companies to withdraw sponsorship from the 2016 Republican National Convention." The Republican National Convention is a get-together sometimes described as a grand old party.

       Robinson articulated the coalition's theory of change: "Power is the ability to change the rules." The coalition perceived the industry participants as having power, desired power for itself, and took steps to achieve it.

       Color of Change swiftly organized what it describes as a social media campaign using the hashtag #NoBloodMoney.

       In the wake of Charlottesville, which was shocking in the broader U.S. political environment and perceived as a watershed moment within tech companies, many industry participants made decisions to end services to a variety of groups they felt had violated their policies against promoting violence or extremism. This was sometimes proactively. It was sometimes after receiving communication from activists, either in their personal capacity or identified as coalition participants.

       Meetings were, prior to this point, relatively ad hoc. This would soon change.

       August 21, 2017: JPMorgan Chase Foundation donates $500k to SPLC

       As mentioned above, the SPLC enjoyed broad trust within the financial industry dating to long before these events. Chase's donation to SPLC immediately after a galvanizing tragedy could, if one were immensely cynical, be read as a tiny communications expenditure.

       Industry participants routinely claimed shock and a sense of urgency after Charlottesville. A grown man once wept in my presence recounting that event. While there is substantial diversity of views among industry participants, many have, in their private spaces, when the cameras are not rolling, when there is nothing to gain, repeatedly described the SPLC to me as being on the side of the angels.

       Keep this in mind as the coalition describes industry as being standoffish and foot-dragging.

       2018: SPLC organizes Change the Terms, which becomes the coalition's

       nucleus

       The SPLC co-led an effort to unify, coordinate, and intensify previously ad hoc organizing actions. Change the Terms (CTT) was a coalition, to its friends, a conspiracy, to its enemies, and an unincorporated association, to a geek with an unhealthy interest in LLC formation. (The only fact I've ever retained about unincorporated associations is that they are jointly and severally liable for acts of the members.)

       The individuals identified contemporaneously as co-chairing CTT were Heidi Beirich (then-head of the SPLC Intelligence Project) and Henry Fernandez, of the Center for American Progress (CAP).

       SPLC's Intelligence Project ran the private intelligence service and produced its data products. It also produces an annual intelligence estimate, such as the (2024) Year in Hate and Extremism.

       (Beirich left SPLC in 2019 to co-found Global Project Against Hate and Extremism (GPAHE) with a fellow SPLC alumna.)

       The SPLC characterized the CTT coalition as its own initiative under the Intelligence Project, and not simply Beirich's initiative, in charitable governance and fundraising documents in the possession of Bits about Money. We cite one such document below, contrasted against later Congressional testimony.

       According to documents reviewed by Bits about Money produced by coalition participants, the SPLC participated in cost-sharing arrangements to fund expenses of other coalition participants incurred in carrying out the joint purpose of the coalition. We are unaware of the extent of this practice.

       CTT presently describes its most senior members as CAP, Color of Change, Common Cause, Free Press, GPAHE, Muslim Advocates, the National Hispanic Media Center, and the SPLC. There is some ambiguity around who claims founding member status and whether that list has evolved over time. Startup life, I get it.

       I will refer to CTT's primary artifact as the Terms. This document, announced at the coalition's debut, was foundational to CTT's positioning (they are Change the Terms). The Terms were sometimes described as recommendations, sometimes as a model Terms of Service (ToS). They were consistently positioned as being for Internet companies.

       This is sleight-of-hand. A primary purpose, perhaps the primary purpose, of the Terms is to interdict money movement.

       The Terms define "Internet Companies" in a non-standard fashion to include banks, credit card brands, any business of any character which facilitates a transfer of money with a web or mobile interface, and also more central examples of Internet companies. This is in keeping with the coalition's by-now demonstrated target selection of PayPal (an Internet company) and Mastercard (which predates the commercial Internet by decades).

       The SPLC co-drafted the Terms.

       The SPLC referenced the Terms in Congressional testimony as being an extension of the SPLC's long-running campaign to interdict money movement to targeted organizations.

       For decades, the SPLC has been fighting hate and exposing how hate groups use the internet. We have lobbied internet companies, one by one, to comply with their own rules to prohibit their services from being used to foster hate or discrimination. A key part of this strategy has been to target these organizations ' funding.

       The Change the Terms coalition existed to coordinate and parallelize execution on this tactic. In addition to nominating targets for existing policies, it extracted concessions from industry in the form of policy changes. The coalition, when minimizing its own power served its purposes, sometimes described all actual decisions as made by industry. The coalition was very candid when speaking with itself, with allies, and with industry participants. The coalition understood itself to have some degree of coercive power, and factually had some degree of coercive power, as we will discuss. It also secured delegated authority, routinely but not universally, as we have discussed.

       Industry participants do not consider the Terms to be reasonably characterized as a ToS.

       I would say the Terms are an advocacy artifact which adopts the stylization of a ToS without making any effort to be one. A ToS is a binding contract that industry customarily pays professionals to produce or adapt from firm- maintained templates appropriate to young startups. The English-language U.S. ToS of a major tech company has consumed more than 7 figures in bespoke services work, as a rule. The idea that a filesharing service and regulated U.S. depository institution could adopt the same ToS is fatuous on its face.

       The purpose of the Terms was to get the meeting and, oh boy, did the coalition get them. I estimate they successfully achieved hundreds of meetings.

       March 2021: Color of Change describes the meetings on a podcast

       Color of Change's Robinson was interviewed by Hillary Clinton on her podcast You and Me Both in March 2021. You and Me Both is available on major podcast platforms through iHeartRadio. Readers may recognize Clinton from other work.

       Bits about Money has archived the podcast MP3 file, to make specified quotations findable via timestamps. Many professional podcasts use dynamic insertion of ads, which is good for advertising revenue but bad for reproducibility of timestamps across listeners. Please do not use the archive unless you need these specific timestamps.

       Robinson confirms that CoC works with SPLC and that its relevant work began after the 2016 election (29:15).

       Episode at 29:30:

       We started calling the credit card companies. We started calling these payment processing companies. And you know what they told us? They said, oh, we 're with you, but, you know, you have to talk to the banks. And then the bank said, you know, you have to talk to the credit card companies. So we start building the #NoBloodMoney campaign and we start building this platform. And, you know, we're not quite done with it all when Charlottesville happens.

       Robinson describes a central tactic of the coalition: identifying particular accounts it wants deactivated, with a consequence if demands are not met. He claims this to have been demonstrably effective.

       Multiple industry participants describe the same sequence of events across several invocations of the tactic. I feel it necessary to caveat causality, as described below.

       Episode at 30:00:

       We have been talking with you [companies] for months. We 've given you these lists of white nationalist groups. And then within about twenty four hours [of launching the #NoBloodMoney campaign], they start sending us a list of white nationalist organizations that they are cutting off from processing. No law had changed.

       Clinton interjects: Exactly.

       Robinson locates this within his non-partisan broader political project.

       Episode at 28:00:

       We really built what I feel is a new strategy. It was focused not simply on resistance, but on opposition. What would it mean to not just resist but to build power, to oppose, so that we could get back to governing, focusing on winning real victories at the local level, while also recognizing that the game was not fair, that the rules were rigged, and that we couldn 't simply say that what happened in 2016 was democracy. It was what happened.

       Clinton later comments, at 31:20 :

       Moving [your advocacy] to the private sector, and corporate power, was an incredibly smart approach.

       A brief interlude about causality and communications strategy

       Industry participants have, compared to anyone else in the world, broadly better information about account status, account history, position in pipelines, and similar. (This is not to say they have total awareness of all information in their possession, or that all employees of an industry participant have equivalent access to information and capacity to understand it. Some organizations tightly silo information internally by role.)

       It is easy to infer causality from timelines without that being warranted. One mechanism for this: accounts may be in pipeline at the time of target nomination. An external observer will perceive "account active, nomination communicated, account closed shortly thereafter" and make the obvious inference.

       If one understands one's counterparty to have misunderstood something, one can correct them. Or not.

       Industry participants describe a variety of tactics for extending olive branches to the coalition participants, including but not limited to acceding to demands. One such tactic was giving more visibility into pipelines than the broader public had, with or without influence on operation of those pipelines. "Thanks so much for bringing that to our attention. They are absolutely on our radar now." can mean many things, including "Message received.", "I confirm they are in pipeline.", "I confirm they are in pipeline thanks to you."

       The coalition targets politicians in non-partisan fashion

       The CTT Terms include the following recommendation.

       Many Internet Companies have granted special exemptions to official accounts, government actors and powerful people, allowing them to promote hateful activities, disinformation and other divisive behavior. Instead, these actors should be held to the same standards (if not higher standards) as regular users. There should be no special exemptions that allow the powerful to spread hate with impunity. Many official accounts at various social-media companies have circumvented platform policies despite promoting hateful activities, disinformation and other divisive behavior. Policies should apply equally to all users and must be enforced.

       Industry participants perceived themselves as being in an impossible situation with regards to a handful of accounts which were both extremely vexatious to coalition members and obviously newsworthy. Consider how manifestly unwise it would be to intentionally deplatform the sitting, duly elected President of the United States. While nominally about a large class of users, industry participants describe the motivating examples brought up in meetings as consistently circling back to Trump, Tucker Carlson, and a very short list of other names.

       The ADL, a coalition-aligned non-profit, co-authored a press release with some coalition members titled Deplatform Tucker Carlson.

       The coalition benefits from the mistaken impression that it only asks platforms to remove accounts controlled by terrorist organizations. No. The first, unobjectionable list is the ante. After you're in the hand, they raise you Tucker.

       Once the coalition has achieved agreement in principle it defines the bounds of polite society, it soon broadens the ask, framing the new concession as something you have already committed to publicly.

       The coalition often communicates the ask privately but the retaliation for non-compliance publicly. The public, mainstream media sources, and similar interpret the sudden coordinated pressure intensification as evidence that the targeted company has failed at the original commitment, the one about terrorist organizations.

       In public communications, some coalition participants exhibit message discipline in locating the agency within the industry participants: the coalition "recommends" policies, the industry participant agrees to a policy, then the industry participant is responsible for enforcing what is now their own policy.

       Coalition participants were, in the recollection of many industry participants, frequently undisciplined in meetings. They specifically nominated accounts for adverse actions, up to account closure, in no uncertain terms, and it was not a request.

       Color of Change, at a minimum, was quite disciplined: they consistently adopted coercive conditional escalation as their default engagement model. Get the meeting, communicate demand, show a marketing brief of words and images that would be activated if you did not swiftly accede to the demand. This account is described by industry participants and by executive director Robinson to Fast Company, where he describes employing it "95% of the time."

       Coalition participants were inconsistently disciplined in their contemporaneous written records, some of which Bits about Money has reviewed. Authenticating these as true copies is tricky; authenticating public statements is not.

       The Leadership Conference on Civil and Human Rights in October 2019 wrote Facebook a public letter, which the SPLC and many coalition members co-signed.

       And yet, sabotaging your own efforts, Facebook recently announced that it would automatically deem speech from politicians to be newsworthy, even when it violated the company 's Community Standards; exempt politician-created content from its fact-checking program - permitting anyone running for office to post or purchase ads with falsehoods; and exempt content deemed to be "opinion" from its misinformation rules. Politicians should not get a blank check to lie, incite, spread hate, or oppress groups of people. Politicians are historically responsible for perpetuating discrimination and erecting barriers to voter participation, while autocrats throughout history have relied on mass media to rise to power and subjugate minority communities.

       Note the conflation here of committing incitement (illegal), spreading hate/oppression (probably bad), and lying while being a politician (Tuesday). This sort of conflation, of attempting to box someone into a proposition they had never actually agreed to, was routine, in the view of some industry participants.

       I contemporaneously viewed the brouhaha about politicians lying as being battlespace preparation for the 2020 election. First, establish the general principle that social media platforms had a duty to censor lies told in campaigning. (This was sometimes described as "misinformation," to imply that an American politician lying was doing so in a Russian accent.) Then, seize on every lie in one very specific political campaign, and use the platforms to interdict that political campaign's storytelling. I didn't expect campaign financing shenanigans, because I have a strong prior that responsible professionals might fly close to the sun but do not attempt to fly through it. More on that later.

       Industry participants have their own compliance issues to worry about and frequently perceived this two-step as being too cute by half. The aim was obvious to them. Industry participants describe coalition participants as stating directly that Trump lies frequently, and helpfully telling people with degrees in logic that it therefore follows that if lies cause decisioning, and Trump lies, Trump should be decisioned.

       Early 2020: The SPLC describes this campaign to Congress

       The SPLC has described the coalition's strategy in its own voice, in the most formal venue available to it: sworn testimony before Congress. Lecia Brooks, who self-identifies as senior SPLC leadership, appeared before the House Financial Services, Subcommittee on National Security, International Development and Monetary Policy on January 15th, 2020.

       Verbatim quotes from prepared testimony:

       For decades, the SPLC has been fighting hate and exposing how hate groups use the internet. We have lobbied internet companies, one by one, to comply with their own rules to prohibit their services from being used to foster hate or discrimination. A key part of this strategy has been to target these organizations ' funding.

       The coalition was an extension of the SPLC Intelligence Project, identified as such in their 2018 Annual Report, pg 9 [archive]. A charity annual report is a governance and fundraising document exhaustively reviewed by professionals and customarily approved by the board. It would be uncharitable to argue the SPLC misunderstands or is dissimulating about its role in the coalition in that document.

       Brooks, to Congress, chooses to describe the SPLC as a member of the coalition and not the animating force of it:

       On Oct. 25, 2018, the Change the Terms coalition - including the SPLC and other civil rights groups - released a suite of recommended policies for technology companies that would take away the online microphone that hate groups use to recruit members, raise funds and organize violence. In response to Change the Terms' advocacy, several Silicon Valley leaders have made promising changes that align with the coalition's vision for a safer online world.

       Brooks then lists several examples of specific wins the coalition achieved.

       Brooks then claims these accomplishments advanced the SPLC's mission. She implies that the coalition's important work will continue.

       Hate groups have clearly been damaged by the efforts of the SPLC and its allied organizations, including the Change the Terms coalition, to fight them and their funding sources online. But the fight is far from over.

       Brooks had an opportunity to describe industry participants as valued partners. Brooks describes the SPLC's relationship with industry participants in part as follows:

       The public exposure was half the battle. We conducted the other part of the campaign privately. SPLC officials held dozens of meetings with top Silicon Valley executives. Some companies acted. Some took half steps. Others did little or nothing. But eventually, the far-right extremists who depended on Silicon Valley were beginning to feel the pain.

       Brooks characterizes the SPLC's tone in a similar fashion to industry participants quoted above.

       She indirectly confirms one of the campaign's core tactics: get the meeting, get a commitment under threat of coordinated public pressure, then judge progress against the commitment to be inadequate. In the next meeting, offer absolution and de-escalation, contingent on policy concessions. Repeat as desired.

       _The SPLC kept up the pressure, cajoling companies and exposing those that dragged their feet. _

       The coalition, across a wide variety of documents, more consistently describes itself as having only influence when having power would require accountability, and more consistently describes itself as having power when addressing audiences presumptively sympathetic to the aims towards which that power was deployed.

       June 2020: Widespread protests throughout America. National guard,

       Facebook deployed.

       As a reminder, in late May 2020, the death of George Floyd triggered a wave of nationwide protests.

       Several of those protests devolved into riots and looting. This continued for months. The usual reckoning of the death toll, based on contemporaneous reporting, is two dozen. Property damage is generally estimated at between $1 and $2 billion based on insurance industry claims data.

       Trump posted "Any difficulty and we will assume control but, when the looting starts, the shooting starts."

       The U.S., unfortunately, has long historical experience with race riots, and the civil rights movement has strong institutional memory of that phrase being invoked to justify murder as a riot control tactic.

       One can believe people steeped in this tradition, inclusive of many coalition members, sincerely understood the post to be a true threat. One can also believe they understood the situation to be an opportunity.

       The coalition's operating logic has been to use each expansion to prepare for the next. A win here would establish that no one is beyond its reach. It would also establish that industry just isn't qualified to understand what their policies mean, and should defer to the subject matter experts who wrote them.

       Facebook declined to remove the post.

       Some employees at Facebook organized a walkout in protest.

       In an attempt to quell the discontent within the ranks, senior Facebook leadership (Zuckerberg and two lieutenants) had an unusually publicized meeting with coalition members (the heads of Color of Change, the NAACP, and the Leadership Conference on Civil and Human Rights).

       Coalition participants did not achieve what they professed to want in that meeting and, in a tick-tock motion industry participants were very familiar with by this time, released a statement to media then coordinated coverage around it.

       Widely quoted language from the statement included "Mark is setting a very dangerous precedent for other voices who would say similar harmful things on Facebook. " The specificity and analytical rigor of this sentence is not dissimilar to that recounted by industry participants of statements made in many meetings.

       The statement explained its concern was that failing to censor Trump, in a non-partisan manner of course, would result in voter suppression, via a causational pathway that the margin of the statement may have been too small to contain.

       This was transparently designed to activate commitments Facebook had made in the wake of the 2016 election.

       Believing the 2016 election had been tainted due to Russian interference was a left-coalition signifier--much as believing Trump actually won 2020 became a right-coalition signifier later. Neither of these views has the evidentiary strength the coalitions claim for them. But they aren't claims advanced to achieve understanding; they are advanced to achieve alignment and, through it, power.

       If one was concerned about the substantive merits of the claim on election interference, and not willing to simply accede to it on the strength of the speaker's social position, one might wonder whether widespread actual violence might not suppress voting more than words describing hypothetical government violence.

       Industry participants who asked coalition participants (in other circumstances) to explain their reasoning were told that it was not their job to educate them, that there exists literature, and that civil rights organizations had unmatchable expertise. Stick to coding, geeks. This did not always mollify industry participants, who in 2020 and 2021 were becoming deeply skeptical of expertise wielded as a shield for disastrous policy recommendations. For reference, see any history of the early days of the covid pandemic.

       When they knew the cameras were rolling, participants were fractionally more disciplined. Color of Change's Robinson delivered a 2019 speech to Facebook leadership [archive], telling executives directly that they had 'profound gaps in their expertise' and that implementing CTT would be 'a step toward seriousness.' We believe we fairly characterize other documents we have seen as extending the logic from a claim about incapacity to understand racism as a societal problem to incapacity to understand the words written on industry 's internal policy documents.

       The term of art in industry for the person responsible for the interpretation of a document is the "owner" of that document. Accepting this term of art, many professionals in the industry would agree that if the coalition doesn't understand themselves to own the policies, it's tough to guess where they think they should be on the stakeholder-analysis form. "Consulted" doesn't get to say the owner has blood on their hands after a decision.

       July 29th, 2020: Anti-trust committee hearing about market power

       The House Judiciary Subcommittee on Antitrust, Commercial and Administrative Law conducted a hearing on Online Platforms and Market Power, Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google. The CEOs of the four companies attended as witnesses.

       This is the hearing at which Jeff Bezos invited Congress to recommend a substitute data product for the SPLC blacklist.

       About a month later 15 Republican lawmakers wrote Bezos a letter, saying:

       Amazon 's ongoing reliance on the SPLC, with its documented anti-conservative track record, reinforces allegations that Big Tech is biased against conservatives and censors conservative views.

       The letter did not contain a recommendation for an alternative data product.

       Industry participants were extremely aware of the climate regarding potential anti-trust actions against their firms at many times during these years. Avoiding that was a central goal of policy teams and company leadership at all levels. Industry participants perceived the coalition members as possessing substantial influence over outcomes for anti-trust policy.

       You don't get interviewed by Hillary Clinton for being a nobody.

       January 6th, 2021: A riot at the Capitol

       Joe Biden won the 2020 election. Trump disputes this.

       A planned demonstration in Washington D.C. for protesters sympathetic to him, timed to coincide with the counting of electoral votes in the Capitol Building, devolved into a riot. Demonstrators gained physical access to the Capitol Building, sometimes by force and sometimes being let in by overwhelmed police. Capitol Police shot and killed one demonstrator while she attempted to enter a window. A Capitol Police officer who had responded to the riot died the following day; the medical examiner ruled the cause natural (strokes) but noted the events of the day played a role in his condition.

       Industry participants and coalition participants treated the events of January 6th as a multi-faceted emergency and responded within days.

       Industry participants converged on nearly unanimously terminating or severely restricting services to Trump and affiliated entities. Coalition participants pressed publicly and privately for this outcome.

       Some commentators view these events as over a dozen firms watching the same news and making substantially the same decisions independently of each other. Some commentators, focusing on the near unanimity, believe these decisions to have been strictly coordinated. This commentator believes neither.

       There was a widespread effort to blame the tech industry specifically for the events of January 6th, contemporaneously reported in many places. The WSJ synthesizes, in a straight news story, the view "The Capitol incursion, some of which was planned and discussed in advance on social media, has hardened many Democrats' view that a lack of tech-platform regulation is undermining democracy." The climate in industry contemporaneously was acutely aware of being perceived as a threat to national security.

       Industry participants perceived they were making decisions under conditions of profound risk to their businesses. This perception was contemporaneously noted by many external observers, including then-Senator Rubio, quoted by the WSJ as saying:

       The reason why these guys are doing it is that the Democrats are about to take power, and they view this as a way to get on their good side.

       If "get on their good side" converges with "not get one's license to do business revoked" then there is not much daylight between that model and tech's own. I am making this observation generally, on the basis of years of industry experience, rather than on the specific basis of any conversation that happened that week.

       Financial professionals not directly employed by tech companies themselves shared this model, articulated it, and attempted to profit from it in a way which is entirely permissible under capitalism. Bellwether tech stocks (including those of industry participants) sold off during market highs for non-tech indexes, pricing in regulatory risk to these businesses.

       This was noted by many non-political industry observers. The WSJ quoted an equity analyst as saying:

       The bottom line is that the odds of legislative action on privacy, antitrust and [liability shield Section] 230 just went up significantly.

       Investment banks get market color on recorded lines. In tech we get it in DMs from people we've worked with before and will again. It flows up to decisionmakers when it needs to. Much color is tweets being pasted into Slack.

       This is not limited to times of national crisis. Speed is edge. As an illustrative example, regulators learned FTX had tried suborning a bank from the NYT, who learned it from an informed source in Tokyo, who developed a package of proof after reading a single document posted to Twitter. Or so this writer speculates in a curiously specific and consistent manner.

       Now, putting these observations together:

       Imagine a coordination game with two sides of a fence. Players have to pick either side of the fence. They may announce their decision at any time, and may change it until all players have announced a decision. Payoffs to this game decline the longer one waits. They are catastrophically negative if the game ends with one player alone on a side. The game has no winners ever and you can't refuse to play.

       This game has a "race to be second" dynamic, where any credible commitment to a move, or observed move, strongly encourages any player contemplating the same move to immediately announce it. Each additional player joining the block is a domino against players who have yet to announce.

       The real-life situation reached rough equilibrium by January 10th.

       Industry participants do not perceive themselves as having highly weighted the opinions of coalition participants during these few days. They were considered unimportant relative to other factors. Nor did industry participants broadly attempt to solicit input from coalition participants, in part because their responses were viewed as being trivially predictable. Further meetings during a crisis were considered a distracting waste of time.

       Coalition members publicly and privately, along with many who had learned by imitation, immediately demanded everyone shut down everything. If he still had Netflix the next day it was not for want of trying.

       Change the Terms issued a joint statement [archive] demanding an absolute Trump ban on January 6th itself using extraordinary language.

       If platforms do not take immediate action to permanently remove Trump 's accounts, they will further share in the blame for additional white- supremacist violence that may unfold over the evening and in the remaining days before Trump's term as president ends.

       February 25th, 2021: The SPLC lobbies Congress to require companies to

       inform on non-profits, and others, to government

       The House Financial Services Subcommittee on National Security, International Development and Monetary Policy held a hearing titled Dollars Against Democracy: Domestic Terrorist Financing in the Aftermath of Insurrection. SPLC's Brooks again offered prepared testimony. The SPLC appears to ask Congress for new legislation establishing a BSA-style mandatory reporting regime, with penalties for non-compliance, across industry participants.

       Verbatim quotes, bolding in original:

       Government should require regular, mandatory reporting by technology service providers to document abuse of their systems including financial support of violence, harassment, and terrorism.This includes implementation ofmandatory financial abuse reporting requirements for internet services operating in the United States, including social media services, infrastructure providers, banking institutions, cryptocurrency exchanges, crowdfunding sites, video streaming platforms, and the like.

       and

       [These companies] should be required to investigate and report the details of harms and abuse of their service. There should be … penalties applied to services that refuse these tracking and reporting responsibilities.

       Given that this reporting regime is mandatory, on the face of it, if a respected civil rights organization makes a payment to an individual responsible for violence, harassment, and/or terrorism, facilitators would have an immediate reporting requirement. That seems to carry the risk of reporting on the actions of an NGO to a potentially hostile government. That government could be the current one or a future one, because governments have been known to keep written records and employ personnel who serve across generations.

       Had the SPLC asked me for comment on this novel expansion of BSA-style enforcement mechanisms, I would have told them that the existing BSA enforcement apparatus routinely negatively impacts marginalized individuals the SPLC makes the center of their moral concern. Bits about Money has made this argument across many pieces and in depth for years, continuing on observations I had made during my time as a consumer advocate for individuals with banking and credit problems, dating to the mid-2000s.

       June 4th, 2021: Facebook rescinds newsworthiness exception to multiple

       policies

       Facebook announced that it would end its longstanding "newsworthiness exception" to content moderation rules. This was a concession to years of repeated public and private demands by CTT coalition members. These demands included the October 2019 letter co-signed by 46 organizations including several CTT coalition members.

       This form of exception was called out in the CTT Terms and ending it was an avowed goal of the coalition.

       CTT coalition members then pushed for another concession they desired.

       July 2021: The CTT coalition attempts non-partisan interdiction of Trump

       PAC fundraising

       Industry participants have characterized coalition members as being routinely undisciplined, verbally and in writing, in specifically nominating FEC- registered entity controlled accounts, including fundraising accounts, for termination. They claim this was a pattern of practice for several years. Bits about Money has reviewed multiple records suggestive of this pattern.

       It is not straightforward to authenticate documents obtained through sources. More rigorous authentication often poses additional risk to sources.

       On the other hand, sometimes documentary evidence of the pattern is available from the coalition directly. Common Cause maintains a WordPress site, and occasionally posts their target lists in public. [archive] WordPress is a complex and highly modular open source platform which you could use for a blog or e-discovery delivery service.

       Bits about Money 's eclectic collection of coalition-authored communications unequivocally demonstrates a) multiple coalition members b) specifically directing account termination and/or continuous restriction c) against Trump- affiliated accounts d) for the express purpose of interdicting political fundraising and other activity e) with them subsequently fundraising in specific reliance upon these acts. We offer the published document in substantiation of claims a-d and the next section of this piece in substantiation of claim e.

       Verbatim quotes from the document:

       _As you know, The Team Trump Facebook page is operated by Save America, a political action committee ( "PAC") controlled by Trump. _

       and

       Allowing Team Trump to continue running political ads on Facebook is a significant loophole in Trump 's two-year suspension and provides a pathway for the former president to evade the ban. … Further, Team Trump is soliciting donations and inviting supporters to Trump rallies.

       and

       [We urge you to s]ubject the Team Trump account and any other account under Trump 's control, including any account of a political committee authorized and/or established by Trump pursuant to campaign finance law, to the same two year-ban as his Facebook and Instagram accounts.

       No other accounts are specifically nominated in this document.

       The document makes a token gesture that the principle is broader than the specific PAC whose fundraising activities it desires to be interdicted.

       [We urge you to s]ubject any Facebook pages run by a political committee or other political entity authorized, established, financed, maintained or controlled by an individual to the same content moderation decisions as that individual 's Facebook account.

       The Common Cause demand letter was co-signed by CTT coalition members Common Cause, CAP, Free Press, GPAHE, Media Justice, NHMC, and many other aligned 501c3 organizations. The published version of the demand letter is not signed by the SPLC.

       Consider what level of operational discipline prevailed in the coalition, which employs many communications professionals and lawyers, to publish that document. Now imagine what individual coalition employees wrote with their thumbs. Do you picture excessive emoji, or prose that reads more Blackberry.

       Later in 2021: Coalition members fundraise in reliance upon this conduct

       Coalition participants Free Press and Common Cause rented a mobile billboard to reiterate their demands. The mobile billboard was deployed to follow Facebook executives around Washington D.C. They tie this action to organizing to achieve a government investigation of Facebook.

       Verbatim quotes from their press release [archive], titled Facebook Targeted by Mobile Billboard Circling Capitol Hill Demanding That Company Close the Trump Ad Loophole:

       A mobile billboard demanding that Facebook ban Team Trump ads in accordance with its ongoing suspension of Donald 's [sic] Trump's accounts will greet Facebook representatives following their Capitol Hill testimony today.

       and

       Sponsored by Free Press Action and Common Cause, the mobile billboard began its route

       this morning and is continuing to circle the Federal Trade Commission, the White House,

       Facebook headquarters and the U.S. Capitol, and will join the "Rally to Investigate Facebook"

       We below reproduce Chris Cruz 8 Media Group's photo of the mobile billboard, attached to the press release. The mobile billboard reads "Facebook must close Trump's ad loophole" and "Nobody is above the rules." We believe this reproduction is fair use for the purpose of reporting and commentary, but are happy to pay any reasonable fee for an unrestricted non-exclusive perpetual worldwide license across all media types currently existing or to be invented. Invoice to Kalzumeus Software, LLC please.

       

       Free Press's 2021 end of year communication [archive] to donors, signed by its co-CEOs, attempted to fundraise in part based on their participation in the Change the Terms coalition and in part based on the mobile billboard campaign to interdict PAC fundraising. The communication includes a photo of the billboard. All following quotes are from the document, and bolding is true to the original.

       [W]e co-founded Change the Terms, a coalition that calls on the platforms to adopt model policies we developed to crack down on hateful content.

       …

       Our efforts have yielded numerous concrete changes. After years of pressure from Free Press and our allies, Twitter finally banned Trump[.]

       …

       Facebook initially suspended Trump "indefinitely" and later changed his suspension to a two-year ban. We're now pushing the company to permanently ban Trump and to close a loophole that's allowing a Trump PAC to fundraise and organize on his behalf.

       The funding call to action, immediately above a donate button, was:

       FUND THE FIGHT. Your generosity makes our work possible. Please give what you can today to make sure we have the resources we need to keep fighting for equitable media policies that improve people's lives.

       The communication included the following disclaimer, directly under the donation call-to-action. It was italicized.

       Free Press and Free Press Action are nonpartisan organizations fighting for your rights to connect and communicate. Free Press and Free Press Action do not support or oppose any candidate for public office.

       2022 to present: the Change the Terms coalition sunsets (?)

       Meetings between industry participants and coalition participants decline from being a regular practice to occasional and ad hoc. This is according to several industry participants in past meetings. The Change the Terms social media presences, which had posted regularly from 2018 through 2021, substantially cease operations. Their last Medium post was in May 2022.

       CTT coalition member GPAHE released a statement [archive] about Facebook and Trump on January 25th, 2023. The Change the Terms coalition retweeted it, in one of their final Twitter posts, and the final one naming Trump.

       The most striking difference from the CTT coalition's past several years of public and private statements: this is, conspicuously, carefully worded.

       There was no urging, calling upon, demanding, etc in this public statement. It was comparatively disciplined in only describing Facebook's decision and their analysis of it, and letting a rhetorical question hang in the air.

       _If that 's not enough for Facebook to continue to ban him, then what is? _

       The Change the Terms coalition website remains up, but it is difficult to say whether any members maintained their longstanding non-partisan interest in shaping industry policy via pressure campaigns and then nominating targets for enforcement. Perhaps they achieved final victory over hate.

       Or perhaps, since September 2021, they had learned operational discipline. The kind that chuckles at a proposal to chase executives around with mobile billboards demanding the interdiction of PAC fundraising, in a totally non- partisan fashion of course, and then doesn 't do that. Donor funds are best spent elsewhere.

       In other news, Trump had filed his candidacy paperwork with the FEC in November 2022. He would go on to win the 2024 election.

       A brief parable about maintaining tax-exempt status

       Wiley Coyote Charities, an IRS-recognized 501c3 non-profit organization in a universe not too far from our own, has chased its hated nemesis for years. The orange road runner is tantalizingly close. Focused and untiring, perceiving himself close to ultimate victory, Wiley Coyote Charities salivates. This time, this time for sure, he will be sated. He will be free.

       Wiley Coyote Charities speeds past a sign reading "Danger: Plausible Non- Partisanship Ends." The only danger is to that blasted bird.

       Wiley Coyote Charities is, to the appearance of observers of the race, now running over two miles of clear blue sky. He has not yet looked down. We know what will happen when he does. Blame the road runner all the way down.

       As a former 501c3 CEO myself, I am aware of the requirements to maintain tax-exempt status. This is of paramount importance to charities. You can save yourself some legal bills quickly with the IRS's Restriction of Political Campaign Intervention by Section 501(c)(3) Tax-Exempt Organizations :

       " Under the Internal Revenue Code, all section 501(c)(3) organizations are absolutely prohibited from directly or indirectly participating in, or intervening in, any political campaign on behalf of (or in opposition to) any candidate for elective public office. Contributions to political campaign funds or public statements of position (verbal or written) made on behalf of the organization in favor of or in opposition to any candidate for public office clearly violate the prohibition against political campaign activity. Violating this prohibition may result in denial or revocation of tax-exempt status and the imposition of certain excise taxes."

       501c4 organizations have similar considerations. Consult your lawyer.

       Does Bits about Money have a political agenda?

       BAM mostly explains and analyzes financial infrastructure. The pipes work for everyone in every party, and for that thank God, plus the many people who go to work every day to make it happen.

       A reader unfamiliar with years of issues will assume, picking one at random, that we are sympathetic to the then-current administration because we referenced an indictment. We say very similar things at substantial length every single time. Some pieces you may enjoy: The Bond Villain compliance strategy re: CZ, an extensive discussion in Debanking and Debunking of bank compliance failures enabling the FTX fraud, and our voluminous record on the function and tradeoffs of the BSA regime.

       Bits about Money does not generally recommend particular providers of financial services, including of screening data products. As an editorial decision: we anti-recommend the SPLC blacklist. It is unfit for purpose in financial services and obviously so. We have no position as a publication as to whether it is valuable for other uses.

       To the extent I personally have policy preferences, I prefer the orderly administration of law. Any law we would not be willing to enforce against a sympathetic lawbreaker, a friend, or an ally is a bad law. Until a bad law is changed, it is the law. I reject a legal realism, or legal cynicism, that says that power is the only law.

       The Declaration of Independence and D.C. billboards agree: No one is above the rules. We have no kings in this country.

       On the SPLC specifically, I don't really specialize in charity effectiveness ratings, but so I am not accused of hiding the ball: I think they achieved a meaningful and historic victory in the cause of righteousness many years ago. They have dined well on that reputation for a very long time.

       To those who think their mission remains critical and more intrinsically noble than simply the pursuit of political power for their favored coalition, I will say this. If the coyote has a noble mission on his back, he owes it to the mission to let the damned bird go, before he takes that mission off the cliff with him.

       Postscript to my fellow communications professionals

       Just following up on my emails. Do I have the correct addresses? Emails to the team alias and your personal work accounts, formatted correctly, did not bounce; emails to incorrect guesses for the team alias did.

       SPLC: I had asked you to deny that the email between the SPLC's CEO and bank exists or dispute the accuracy of the excerpt in the indictment, and asked you to comment on whether the Change the Terms coalition you co-founded had specifically nominated accounts for negative actions. I still welcome a denial or comment from you on any matter, like whether it is fair to characterize Change the Terms as the SPLC's concerted coalition to interrupt the fundraising of political opponents.

       Common Cause: I asked you to comment on whether you have ever nominated the account of an FEC-registered entity for negative decisioning, and told you I had written evidence of you doing so on at least one occasion. I welcome your future comment, perhaps on when you started that practice and when or whether you have ceased. We could compare notes.

       Email is my preference, but since the SPLC specifically is well-resourced to pursue the other way to deliver a response if it desires, I'll save everyone 6 billable minutes: tell them "to Kalzumeus Software, LLC's registered agent." The Internet and I will read it attentively.

       To the as-yet uncontacted coalition members, that meeting can be an email: "How about 'We categorically deny ever directing any company to interfere with fundraising of a political opponent.' ?" "Approved. Next topic?" Unless you doubt that is true, in which case, book the non-partisan conference room for workshopping the language.

       Don't worry, I am a reasonable professional. Most journalists haven't worked in a comms department. I have, and so gave all parties contacted several business days to answer very simple questions.

       Postscript to fellow geeks who need to hear it

       Your employer is profoundly opposed to you sending confidential information to external parties, even a fellow geek. The incremental value of evidence to me is far lower than risk to you.

       Audit logs exist, including for searches and document accesses.

       Remember the front page test. If you write it down, you could read it in the NYT. Or HN. So don't write down anything you wouldn't want published next to your name for forever.

   26. 🔗 r/LocalLLaMA 16x Spark Cluster (Build Update) rss

       | Build is done. 16 DGX Sparks on the fabric, all hitting line rate. Setup was time consuming but honestly smoother than I expected. Each Spark runs Nvidia’s flavor of Ubuntu out of the box with mostly everything pre installed and ready to go. For setup I had to rack them, power on, create the same user/pass across all nodes, wait about 20 minutes per node for updates, then configure passwordless SSH, jumbo frames, IPs, etc. which I scripted to save time. Each Spark connects to the FS N8510 switch with a single QSFP56 cable. The DGX Spark bonds its two NIC interfaces into each port, so you get dual rail over one cable. I'm seeing 100 to 111 Gbps per rail, which aggregates to the advertised 200 Gbps. Why this over H100s or a GB300? Unified memory. The whole point is maximizing unified memory capacity within the Nvidia ecosystem. With 8 nodes I was serving GLM-5.1-NVFP4 (434GB) at TP=8. Now going to test with DeepSeek and Kimi The longer term plan is a prefill/decode split. The Spark cluster handles prefill (massive parallel throughput), and once the M5 Ultra Mac Studios drop I'll add 2 to 4 into the rack for decode. — Full rack, top to bottom: - 1U Brush Panel - OPNSense Firewall - Mikrotik 10Gb switch (internet uplink) - Mikrotik 100Gb switch (HPC to NAS) - 1U Brush Panel - QNAP 374TB all U.2 NAS - Management Server - Dual 4090 Workstation - Backup Dual 4090 Workstation (identical specs) - FS 200Gbps QSFP56 Fabric Switch (Spark cluster) - 1U Brush Panel - 8x DGX Spark Shelf One - 8x DGX Spark Shelf Two - 2U Spacer Panel - SuperMicro 4x H100 NVL Station - GH200 submitted by /u/Kurcide
       [link] [comments]
       ---|---

   27. 🔗 r/reverseengineering /r/ReverseEngineering's Triannual Hiring Thread rss

       If there are open positions involving reverse engineering at your place of employment, please post them here. The user base is an inquisitive lot, so please only post if you are willing to answer non-trivial questions about the position(s). Failure to provide the details in the following format and/or answer questions will result in the post's removal.

       Please elucidate along the following lines:

       • Describe the position as thoroughly as possible.
       • Where is the position located?
       • Is telecommuting permissible?
       • Does the company provide relocation?
       • Is it mandatory that the applicant be a citizen of the country in which the position is located?
       • If applicable, what is the education / certification requirement? Is a security clearance required? If so, at what level?
       • How should candidates apply for the position?

       Readers are encouraged to ask clarifying questions. However, please keep the signal-to-noise ratio high and do not blather. Please use moderator mail for feedback.

       Contract projects requiring a reverse engineer can also be posted here.

       If you're aware of any academic positions relating to reverse engineering or program analysis in general, feel free to post those here too!

       submitted by /u/AutoModerator
       [link] [comments]

   28. 🔗 r/york Into The Valley bike rally rss

       Anyone else from York going to the Into The Valley bike rally today? I'm going (on my lonesome) wouldn't mind some others to tag along with.

       submitted by /u/StratosphereXX
       [link] [comments]

   29. 🔗 r/york Hobby/Gaming Shops rss

       I’m in York today for work, but I’ve got a two hour gap in the middle of the day. Are there any fun and friendly hobby/Warhammer/gaming shops I can pop my head into in the middle of town?

       Ta!

       submitted by /u/Fletch1396
       [link] [comments]

   30. 🔗 r/reverseengineering In-circuit NAND acquisition for edge devices (Raspberry Pi GPIO, no chip-off) rss

       submitted by /u/No_Connection_8582
       [link] [comments]

   31. 🔗 r/Yorkshire I just want to live in a place like this forever✨ rss

       | Video by @ ajmchaletravels submitted by /u/Seabeachlover10
       [link] [comments]
       ---|---

   32. 🔗 r/LocalLLaMA Qwen 3.6 27B vs Gemma 4 31B - making Packman game! rss

       | Gemma just crushed Qwen in a local LLM gamedev contest! Device: MacBook Pro M5 Max, 64GB RAM Qwen 3.6 27B: 32 tokens/sec · 18m 04s · 33,946 tokens.
       Gemma 4 31B: 27 tokens/sec · 3m 51s · 6,209 tokens. So what is more important: tokens per second, or the quality of the final answer? Qwen made a very long response and showed more creativity and visual style. But Gemma gave a shorter, clearer, and more logical answer in much less time. In this one-shot Pac-Man gamedev contest, Gemma 4 31B was the clear winner. Its game logic was stronger: click reactions were smoother, and it handled interactions with elements like walls, ghosts, and particle effects better. Open Source Local AI Models Server: atomic.chat Basic Prompt: Create a single standalone HTML file for a complete playable Pac-Man–style neon arcade game. Use only HTML, CSS, JavaScript, and one full-page canvas. No external libraries or assets—everything must be procedurally drawn and run immediately in the browser. Generate a compact (~21×21) symmetrical maze programmatically (no ASCII). It must be fully connected, playable, and use tile types (wall, path, pellet, power pellet, ghost spawn, Pac-Man spawn, fruit spawn). Ensure no unreachable pellets or invalid spawns. Canvas must fill the window. Center and scale the maze dynamically using available space (no fixed tile size). Reserve space for a HUD. Game states: title, playing, paused, life lost, level complete, game over. Include controls (keyboard + mobile). Title and game over screens must show instructions. Pac-Man: smooth tile movement, queued turns, no diagonal movement, no clipping, wraps through side tunnels, resets after life loss. Ghosts (4): simple pathfinding with distinct behaviors, spawn in a central house, exit with delays, move only on valid paths, never freeze. Gameplay:

       • Pellets (+10), power pellets (+50), fruit (+500), ghost chain scoring (200→1600)
       • Power mode (~8s, min 3s): ghosts become edible and return to spawn when eaten
       • Combo multiplier for quick pellet collection
       • 3 lives, level progression increases difficulty
       • Store high score in localStorage

       Extras:

       • Fruit spawns near center temporarily
       • Visual polish: neon maze, glowing elements, animations, particles, screen effects
       • HUD: score, high score, lives, level, combo, power timer

       Technical:

       • Use requestAnimationFrame with delta time
       • Keep performance stable (limit particles)
       • No bugs: avoid invalid movement, stuck entities, unreachable areas, or crashes

       Final output: only the complete HTML code. submitted by /u/gladkos
       [link] [comments]
       ---|---

   33. 🔗 Rust Blog Raising the baseline for the `nvptx64-nvidia-cuda` target rss

       The nvptx64-nvidia-cuda target is a compilation target for NVIDIA GPUs. When using this target, the final output is PTX. Two version choices shape that output:

       • a GPU architecture (for example, sm_70, sm_80, …), which determines which GPUs can run the PTX, and
       • a PTX ISA version, which determines which CUDA driver versions can load (and JIT-compile) the PTX.

       In Rust 1.97 (scheduled for release on July 9, 2026), the baseline PTX ISA version and GPU architecture for nvptx64-nvidia-cuda will be increased. These changes affect both the Rust compiler (rustc) and related host tooling, and they make it impossible to generate PTX artifacts compatible with older GPUs and older CUDA drivers.

       The new minimum supported versions will be:

       • PTX ISA 7.0 (requires a CUDA 11 driver or newer)
       • SM 7.0 (GPUs with compute capability below 7.0 are no longer supported)

       Why are the requirements being changed?

       Until now, Rust has supported emitting PTX for a wide range of GPU architectures and PTX ISA versions. In practice, several defects existed that could cause valid Rust code to trigger compiler crashes or miscompilations. Raising the baseline addresses these issues and enables more complete support for the remaining supported hardware.

       Removing support affects users of the architectures being removed. In this case, the most recent affected GPU architectures date back to 2017 and are no longer actively supported by NVIDIA. We therefore expect the overall impact of this change to be limited.

       Maintaining support for these architectures would require substantial effort. These removals let us focus development efforts on improving correctness and performance for currently supported hardware.

       What happens when I update to Rust 1.97?

       If you need to target a CUDA driver that does not support PTX ISA 7.0 (CUDA 10-era drivers and older), Rust 1.97 will no longer be able to generate PTX compatible with that environment. Similarly, if you need to run on GPUs with compute capability below 7.0 (for example, Maxwell or Pascal), Rust 1.97 will no longer be able to generate compatible PTX for those GPUs.

       Assuming you are targeting a CUDA driver compatible with CUDA 11 or newer and using GPUs with compute capability 7.0 or newer:

       • If you do not specify -C target-cpu, the new default will be sm_70, and your build should continue to work (but will no longer be compatible with pre-Volta GPUs).
       • If you currently specify an older -C target-cpu (for example, sm_60), you will need to either:
         • remove that flag and let it default to sm_70, or
         • update it to sm_70 or a newer architecture.
       • If you already specify -C target-cpu=sm_70 (or newer), there should be no behavioral changes from this update.

       For more details on building and configuring nvptx64-nvidia-cuda, see the platform support documentation.

   34. 🔗 Drew DeVault's blog I can't cancel GitHub Copilot rss

       Back when Copilot first came out, I immediately disliked it. But I decided to give it a fair shake and tried to evaulate it in good faith. I wasn’t interested in paying for it, but they had a form for FOSS community members to apply for a free subscription, so I filled it out and gave it a shot. Once approved I spent 15 minutes (successfully) convincing it to write a Python script that printed out the lyrics to “All Star” verbatim, and haven’t touched it since.

       Since then, like clockwork I get an email every month informing me that my subscription has been automatically renewed.

       Hi there,

       Thank you for renewing your free access to GitHub Copilot. Your access to GitHub Copilot will be reviewed on 2026-05-31. GitHub Copilot checks eligibility monthly per our policy. No steps are needed on your end.

       We hope you enjoy using GitHub Copilot and participating in the developer community.

       I’m not being charged for it and so it’s a matter of principle more than anything, but I ought to be able to turn this off. But I cannot find anything in the GitHub settings which would allow me to cancel this free “subscription”.

       

       GitHub support has been less than helpful:

       

       How do I get rid of this thing!

generated: May 04, 2026 at 04:20:42