Six years ago, I nearly got my ISP to upgrade our fibre connection to 1Gbps. As I said at the time: This is a curmudgeonly post which is going to look ridiculously outdated in a few years. What's the point of Gigabit broadband? Well, it's a few years later and Virgin Media have just given me their Gig1 package for £30 per month. Nice! With all the inflation related price rises, it's great to …
IT Philosophy, the first of three on European software sovereignty. A great deal of procurement language at the moment treats open source as a sovereignty answer; the reasoning runs that proprietary cloud providers are foreign-jurisdiction firms, open source is by contrast open, therefore open source is sovereign. The conclusion is louder than the premises warrant. Open and owned are not the same word; they overlap in places, they diverge in others, and where they diverge tends to be precisely where procurement assumes they do not. The question is being asked across multiple jurisdictions: France's Interministerial Digital Directorate (DINUM) announced in April 2026 a migration of its own workstations from Windows to Linux, with a directive to all ministries to formalise plans for eliminating extra-European dependencies by autumn; Huawei launched its HarmonyOS PC line in May 2025 after the company's Windows licence was withdrawn under US sanctions; India has produced BharOS through IIT Madras and government sponsorship; China's procurement directives now favour domestic ISA work at the chip layer. A licence is not a deed of ownership, it is a statement of conditions. The licence landscape needs three shelves rather than two. Permissive licences (BSD 2-Clause, BSD 3-Clause, MIT, Apache 2.0) let anyone build on the code, fork it, ship it, sell it and combine it with other code under any licence at all; original authors retain attribution. Copyleft licences (GPLv2, GPLv3, LGPL) let anyone receive and modify the code but require that any distribution of the modified version arrives under the same licence; the receiver does not own what they build with it in the unrestricted sense, they hold it under the conditions the original author set, in perpetuity. Network copyleft licences (AGPLv3) extend copyleft to the case where the modified version runs as a service rather than being distributed as a binary; Section 13 closes what is sometimes called the SaaS loophole of classical GPL. The Server Side Public Licence (SSPL), introduced by MongoDB in 2018 and adopted by Elastic in 2021, extends AGPL's network clause to require open-sourcing of the entire surrounding management stack; the Open Source Initiative declines to recognise SSPL as open source, citing field-of-use discrimination, so SSPL is a fourth shelf that does not behave like the other three. The European Union Public Licence (EUPL-1.2) sits in the copyleft family and is OSI-approved; it exists in part because the EU wanted a Union-grounded licence with cross-Member-State legal certainty in twenty-three languages. GPL keeps the code open, it does not return it to the receiver: every downstream version remains under GPL, the original author's licensing choice propagates indefinitely, and a European entity that needs to take a piece of GPL code and integrate it with proprietary or commercially-sensitive surrounding code finds that GPL has decided the licensing of the surrounding code as well, because the licence absorbs. A useful demonstration is FreeBSD's compiler migration: FreeBSD 10.0 (January 2014) moved its base system from GCC to Clang; the technical case existed but was not decisive, the decisive factor was that GCC had moved to GPLv3 and a coherent permissive base could not host a copyleft compiler whose conditions would leak outwards. AGPL is the honest middle: if you modify this code and use it to serve users over a network, the users have a right to your modifications; it does not require you to share user data, internal management software, or anything outside the modified program itself, which is exactly what tipped SSPL out of the OSI classification. The xz incident reminds us that open is not audited: in March 2024 a Microsoft engineer named Andres Freund was profiling SSH connections, noticed unusual CPU time inside liblzma, and discovered a backdoor (CVE-2024-3094, CVSS 10.0) inserted by a maintainer operating under the name Jia Tan after a multi-year social-engineering campaign that began in 2021; the backdoor was discovered by one person's curiosity, not by the audit infrastructure of the open-source ecosystem, because permissive licensing makes audit possible, it does not make audit happen. In October 2024 the Linux kernel project removed approximately eleven maintainers from a particular jurisdiction subject to expanded US sanctions; the change appeared on the kernel mailing list as compliance requirements, Linus Torvalds confirmed it shortly afterwards and declined to reverse it; the specific jurisdiction is not the point, the point is that the Linux Foundation is registered in the United States and US sanctions reach the operations of US-registered organisations, so whichever jurisdiction comes under expanded US legal pressure next has the same exposure to the same mechanism. The CLOUD Act (March 2018) permits US law enforcement to compel US-based service providers to hand over data regardless of where that data is stored; Schrems II (Court of Justice of the European Union, Case C-311/18, July 2020) held that US surveillance law under FISA Section 702 and Executive Order 12333 does not meet the proportionality standard required by EU law and invalidated the EU-US Privacy Shield. These create a strong reason for European public services to prefer software stacks they can host, modify and audit locally; the same reasoning runs in Beijing, in New Delhi, in Moscow, in Brasilia, with the relevant counterpart jurisdiction differing in each case. A licence is a permission slip; sovereignty is the practice of using the permission, which consists of reproducible local build, audit and signing, and continuous re-receipt. A receiver who owns the licence but does not own the build infrastructure does not own the result; a receiver who owns the build infrastructure but runs it on someone else's silicon has only moved the question down a layer. This piece sets the question; the architectural layer is next Sunday, the silicon layer the Sunday after.
Every system exhibits biases, and tendencies toward some states. Water flowing through a pipe, the vibrations of a machine, the relationships in a meadow, your lymph nodes, are all systems. Over time, all things being equal, a system tends to … Continue reading →
John Battelle's Search Blog Where’s All the AI Magic?
“Hey Google, how are the Giants doing this year?” I was standing at my bathroom sink, finishing up my daily ablutions, when a random thought popped into my head. It’s been a minu…
John Battelle's Search Blog Should AI Be Addictive?
The most interesting piece of news this morning comes from Microsoft’s Satya Nadella, who made a very public point of chastising his own team for saying the quiet part out loud. That quiet pa…
We’ve always found strace useful but somewhat hard to work with. Its output is often inscrutable, it’s hard to follow subprocesses or threads, and if you wan...
An investigation into collapse of Github and how the decay of our tech infrastructure is a crime against software. Detailed comparisons of Github, Gitlab, Codeberg, and more from a distributed systems and software performance expert.
Webflow mangles code blocks, so I made a little Go + Elm tool that renders them as SVG instead. The fun part: there's no database -- your code lives, compressed, inside the image URL.
Vibe Coding Is Dangerous, Agentic Engineering Isn't ft. Wes McKinney
Wes McKinney, creator of pandas and co-creator of Apache Arrow, shares how he works with AI coding agents: spec-driven workflows with superpowers, continuous AI code review with Roborev, token economics, and why vibe coding is dangerous but agentic engineering isn't. | Reading time: 15 min read
With the rise of agents, many people have been proclaiming that the age of software as a service (SaaS) is over. Who needs to subscribe to a service when you
On Second Thought Episode 10. The pager goes off, memory on the auth service is climbing, the on-call engineer SSHs in, observes nothing in particular, runs kubectl delete pod, the pod comes back, memory is fresh, the alert clears and nobody asks what was wrong. The runbook for half the world's incidents has three steps and only the last one matters: have you tried turning it off and on again. The reflex has two parents, and we kept only one. The first is the consumer-electronics tradition (a device with no language to be asked has only its power switch); it was honest about its limits and reasonable for the hardware of its time. The second was built deliberately to replace it. In 1986 at Ericsson's Computer Science Laboratory in Stockholm, Joe Armstrong, Robert Virding and Mike Williams began work on Erlang, a language for telephone exchanges that could not go down; the showcase AXD301 ATM switch runs on roughly two million lines of Erlang and is the system most often cited for nine-nines reliability (the figure is contested, the architecture is not). Armstrong's principle, on the surface, looked exactly like the consumer tradition: terminate the bad process; he called it let it crash, and the phrase has done more damage to the idea than any critic could. Read as a slogan it sounds like the Sky+ box; read as architecture it is the opposite. Three properties make it architecture: processes are isolated (an Erlang process has its own heap and message queue, shares nothing mutable with any other, and a crash takes itself with it and nothing else); every worker has a supervisor (a specific process defined in OTP, the standard Erlang library, to which crashes are delivered as messages); the supervisor decides according to a written strategy with names (one-for-one restarts only the crashed worker, one-for-all restarts all siblings, rest-for-one restarts the crashed worker and any later in the dependency order) and an escalation limit (when the maximum restart frequency is exceeded the supervisor itself crashes and the failure escalates one level up the tree). A failure is data, handled by a rule written years before the outage. Let it crash, in its proper form, is not have you tried turning it off and on again; it is we have already decided what to do when this fails and we wrote it down. What we kept of let-it-crash is the let-it-crash. What we left in Stockholm is the supervisor. So the restart is the diagnosis: pod returns, alert clears, day shipped; a memory leak, file-descriptor exhaustion, lock contention, a downstream throttled queue each leave the same heartbeat-recovery signature on a dashboard and need a different fix, and the restart erases the question that distinguishes them. The structural cost: Kubernetes liveness and readiness probes are, honestly read, a contract that the orchestrator rotates the symptoms while the cause goes unexamined; there is no concept in the standard flow of capturing the dying process's state, preserving the crash for inspection, asking why before the next pod is scheduled. Self-healing is accurate in the sense that a person who takes paracetamol every four hours has a self-healing headache. The institutional cost: a team that restarts to fix gets good at restarting and never gets good at diagnosing; the post-incident review adds a command to the runbook, the collective intuition shifts from what is this system actually doing to what sequence of recovery steps clears the current alert. There is software in operation that does not work this way. WhatsApp serves over a billion users with around fifty engineers, on Erlang, on the Stockholm supervisor architecture; the engineers spend the day writing the rules under which the boxes manage themselves. In the unixoid tradition the FreeBSD base provides the operator's half of the same picture: init and rc.d use explicit start, explicit dependency, explicit recovery; when a service misbehaves the operator has dtrace to follow what the kernel and user-space code are actually doing, ktrace to record system calls, procstat and fstat to read what a process is holding, post-mortem core dumps that survive the crash, and a kernel willing to say what process held what lock at what time. The reboot is available, on FreeBSD as everywhere else; it is rarely the first reach, because the system is willing to speak and the operator has been trained to listen. The honest question is not whether to keep the restart; the runbooks have it for a reason. The question is the one we did not write down: in a system that fails, was the restart the answer, or the moment the question got dropped? A restart, on second thought, is not a tool. It is a measurement. It tells you, with some precision, how much of the cause you decided you could afford to leave unknown.
In the Net Episode 05. The fifth distinct lock-in genus in the series: lock-in by definition, not by format, with licence-compliance audit as the sales channel. Java arrived in 1995 with a kept promise, write once run anywhere, and was for most of its history simply there and free; Sun open-sourced it as OpenJDK in 2006-2007, Oracle acquired Sun in 2010. The licensing sequence: Java 11 (2019) moved Oracle's branded JDK to a paid subscription for commercial production use; Java 17 (2021) softened this with the free No-Fee Terms and Conditions licence; on 23 January 2023 Oracle introduced the Java SE Universal Subscription and retired the per-user (Named User Plus) and per-processor metrics for new subscriptions. The new metric is per employee, and employee counts the entire organisation (full-time, part-time, temporary staff plus contractors, consultants and agents), not the people who use Java. One server running Oracle's Java makes the whole headcount billable; list pricing starts around 15 US dollars per employee per month, stepping down by volume. A firm of 12,000 staff at the entry band pays a little over 2 million euros a year whether twelve or twelve hundred use Java. Oracle holds the brand, the official commercial builds and the TCK compatibility suite. Enforcement is by audit: a Dimensional Research survey commissioned by Azul, a commercial OpenJDK vendor and Oracle competitor, reported 73 per cent of Oracle Java users audited in the previous three years and 81 per cent moving or planning to move to open-source Java; Gartner estimated the per-employee model at two to five times the previous cost. The exit is genuinely open: OpenJDK is the reference implementation Oracle's JDK is built from, and from Java 11 the switch is a reinstall, not a rewrite. The catch is the past: an audit reads download history, and a single legacy Oracle JDK becomes a retroactive claim scoped to the workforce, not the machine. Escape route: free OpenJDK distributions (Eclipse Temurin from Adoptium, Amazon Corretto, Azul Zulu, Microsoft Build of OpenJDK, BellSoft Liberica, Red Hat, IBM Semeru), all TCK-tested, all under GPLv2 with the Classpath Exception; inventory every host for legacy Oracle JDK first; and for the same per-core, whole-cluster audit pattern in Oracle Database, PostgreSQL and MariaDB are a complete answer for many workloads. Write once, run anywhere. Licence once, pay for everyone.