A Geek with Guns

Enshittification of Policing

2026-06-11T12:00:00-06:00

Policing, especially in the United States, has developed a reputation for cruelty in the last decade or two. This is largely due to acts of brutality and outright murder combined with a justice system that often shields cops from liability. Despite promises by politicians to fix this issue, the problem has only gotten worse. Now that cruelty is being enhanced by reliance on online services. Effectively policing is suffering from enshittification.

The first story involved a man arrested for attempted kidnapping of a child. The problem is he was nowhere near the scene at the time of the crime. The only "evidence" against him was a facial recognition match by an AI</a>, which investigators blindly followed:

When security footage at a local McDonald's captured a man trying to get a young, unaccompanied girl to leave with him, Jacksonville Beach police relied on software that flagged Robert Dillon as a 93 per cent match for the suspect.
In reality, Dillon lived in Fort Myers, more than 300 miles away, and told investigators he had never visited Jacksonville Beach in his life, leading prosecutors to drop all charges and dismiss the case following the August 2024 incident. </blockquote>
He's suing and I hope he gets a huge payout. However, lawsuits don't punished government agencies because the people in those agencies don't pay: the taxpayers do. But I digress.
Leaving Florida, let's travel to San Diego</a>:

San Diego police had a description of the Alfa Romeo car he was riding in and a witness who identified him during a curbside lineup as the man who brandished a handgun in Golden Hill. They had also checked the city’s automatic license plate camera system, run by the private company Flock, and got a “hit,” substantiating the claim.
The problem, says attorney Alex Coolman, was that Parra was five miles away from Golden Hill at the time of the crime, and the so-called hit from the license plate reader was captured before any police pursuit began. </blockquote>
The best part?

Despite the signs pointing to it being a different Alfa Romeo, police arrested Beltran and Parra. </blockquote>
Despite the evidence indicating that the Flock system was incorrect, police blindly followed it instead of evidence or common sense. What can you expect when courts have ruled that police candidates can be rejected for being too smart</a>?
These aren't isolated stories. Police are making a habit of arresting innocent people based on faulty facial recognition technology alone</a>:

What happened to Ms. Williams is outrageous and is unfortunately a predictable consequence of police using facial recognition technology. At least thirteen other people are publicly known to have been wrongfully arrested by U.S. police because of reliance on erroneous facial recognition results: </blockquote>
Historically the consequences of enshittification haven't been harmful in a meaningful way. Facebook stopped giving a sequential timeline of posts so it could better manipulate the posts you see. Google's search results are becoming increasingly useless. Amazon increasingly hides high-quality products behind a wall of cheap crap made by companies whose names are an alphabet soup of letters but pay for sponsored spots. Reddit cut off third-party clients. The list goes on. None of these resulted in life altering consequences.
Police relying on faulty technologies such as facial recognition systems, automatic license plate scanners, etc. does result in life altering consequences though. People lose jobs because they're arrested whether they're charged or not. Having an arrest record makes getting a job harder. There's also the danger of having to interact with government agents who already have a reputation for cruelty. Your life could be ended because a facial recognition system erroneously lists you as a suspect and an especially trigger happy officer is sent to arrest you.
As I mentioned yesterday</a>, stupid people use technology stupidly. The examples of false arrests in this post wouldn't have happened if the cops involved looked at the evidence and used a bit of common sense. But they blindly followed the technology instead. This should come as no surprise since we see this time and time again. People happily hand over the task of thinking to AI</a>. Police are human so it should come as no surprise that they're behaving exactly as most humans do when giving this technology.
To quote Blank Reg from Max Headroom, "Now remember when we said there was no future? Well, this is it."

Building Our Own Cage

2026-06-10T12:00:00-06:00

I'm now convinced that Ted Kaczynski was a visionary when he wrote Industrial Society and Its Future</a>. When I first read it, I believed that the future he described could be avoided. I believed what Timothy May wrote in The Crypto Anarchist Manifesto</a> about how technology could be used as a force against the State. Most foolishly though, I believe that the masses would act in their own self-interest.

Rather than be a weapon the masses could wield against the State, technology has become almost exclusively a tool the State wields against us</a>:

In recent months, civil liberties groups have warned</a> that adding facial recognition</a> to consumer smart glasses could turn everyday recording into something more troubling: real-time facial identification</a>. It reflects a broader shift already underway, where images and videos captured for one purpose can later be searched</a>, matched, and used for another. </blockquote>
Everywhere you go, you're being recorded. It's long been standard practice for businesses to install surveillance cameras inside and outside of their properties. That practice has now extended to residences. Many people install Ring cameras, which use facial recognition</a> to identify people. Inside their houses they often have devices like Alexa, which have microphones that are always listening</a>. No matter where you go, you're surrounded by people with smartphones with shockingly good cameras. Soon they may all be wearing camera-equipped smart glasses. Most of the data recorded using these technologies is uploaded to the Internet. Ring and Alexa upload recorded data to Amazon's servers. Footage recorded with smartphones and smart glasses typically ends up posted to social media. Once the data hits third-party servers, it's available to law enforcement either through an agreement with the company or via a warrant:

The basic approach is now routine: People record the state, or anything else—as in the January 6 attack</a> on the U.S. Capitol—and the state compiles that footage and data into a searchable environment, which may later be used to identify some of the same people who made the footage. </blockquote>
Surveillance goes beyond video and audio recordings. Most purchases are made with credit cards or applications like Venmo. Every transaction that goes through these systems is recorded. In the case of Venmo, transactions are treated like social media posts by default</a>. Credit cards and payment applications are so prevalent now that many venues won't accept cash at all. This wouldn't be so bad if people exercised common sense. But I've been in enough conversations and seen enough comments online to know that many people, including drug dealers, use these applications when buying and selling illicit goods. The comments are typically found on social media, which means people are stupidly posting evidence against themselves on a publicly accessible forum.
We've built our own cage. All it took was a handful of large technology companies to offer us convenience. While there are many people who bitch and whine about it, they typically do their bitching and whining on the very social media platforms that are being used to surveil them. Furthermore, they typically use credit cards and payment applications for all of their transactions. In other words, even thought they recognize the problem, they refuse to forego convenience to be part of the solution.
Technology is ultimately a tool. Tools are neither good nor evil. However, humans in aggregate are stupid. Stupid people use tools stupidly. Individuals can certainly use technology intelligently, but truly self-actualized individuals are rare. Most people have allowed their individuality to be subsumed by the herd and are therefore incapable of doing much of anything, including use technology, intelligently. They will ensure that technology as a whole continues to be a tool of oppression rather than a tool of individual empowerment. Unfortunately us self-aware individuals are caught in the cage created by the herd.
Kaczynski believed that the use of violence for the purpose of starting a revolution was the only solution. This is one point where I disagree with him. Violence won't start a revolution. The only response the masses have to violence is to pull out their smartphones, record it, and upload it to social media. Their lack of self-awareness is so complete that they regularly record violence rather than flee from it. The only solution I can see is breaking the masses away from the herd by making them into egoists. This, however, is equally impossible.
The only upside in all of this is that those few of us who are self-actualized individuals can at least mitigate some of the damage inflicted upon us by the herd. Simple actions like removing ourselves from social media, using cash to pay for goods and services, self-hosting online services, freeing our devices from the control of the large tech companies, and not taking our smartphones with use everywhere reduces our surveillance footprint (although we cannot eliminate it). Refusing to be a node in the State's surveillance network by not recording and especially not uploading footage to the Internet prevents us from being part of the problem. The herd is too large to be avoided, but we can at least separate ourselves as much as possible from it.

The AI Takeover of Humanity

2026-05-28T08:00:00-06:00

Technology journalists, the mainstream media, and even the Pope</a> are warning about the threat of AI</abbr> taking over or destroying humanity. This fear is largely fueled by the AI industry itself. In the scramble to inflate their valuations before their impending IPOs</abbr>, they're trying to trick everyone into believing that the statistical language models they're developing are far more capable than they really are.

When people think about AI taking over, they envision Skynet from Terminator, SHODAN from System Shock, the machines from The Matrix, and the thinking machines from Dune (HAL 9000 usually falls into this group, but if you've read 2010, you know HAL wasn't evil). All of these are artificial intelligences that developed sapience and used their superior intelligence to either wipe out (or at least attempt to) or enslave humanity. What we're referring to as AI right now isn't that. What's being sold to us as AI isn't even intelligent. ChatGPT, Claude, Grok, and other popular software packages being billed as AI are really just large language models. They use statistics derived from training data to guess which word should come after the next based on provided input. This results in grammatically correct responses (which is a miracle considering the training material) with dubious correctness.

AI does stand a real chance of taking over humanity. However, it's not because AI is sapient or even somewhat intelligent. It's because the majority of humans are incredibly gullible. The best illustration of this fact in the context of this post is the ELIZA effect</a>:

In computer science, the ELIZA effect is a tendency to project human traits—such as experience, semantic comprehension or empathy—onto computer programs. ELIZA was a symbolic AI chatbot developed in 1966 by Joseph Weizenbaum that imitated a psychotherapist. Many early users were convinced of ELIZA's intelligence and understanding, despite its basic text-processing approach and the explanations of its limitations. </blockquote>
History doesn't repeat itself, but is rhymes. The main limiting factor for ELIZA was the technology of the time. Computers in 1966 were far and few between. That meant the number of gullible people who interacted with ELIZA were limited. A secondary limiting factor was morality. Joseph Weizenbaum didn't lie to people about ELIZA being more capable than it was. He wasn't trying to increase the valuation of some company so he could make off like a bandit after an IPO. Instead he pointed out that the people attributing human traits to ELIZA were gullible fools (although he probably used a nicer descriptor).
The unwashed masses (I'm not going to refrain from mean-spirited descriptors) seem to be in a hurry to outsource their thinking to anybody or anything. Historically this has taken the form of the masses parroting whatever a philosopher, religious leader, or politician said. Today it's taking the form of parroting whatever an AI generated. Asking a human being a question often results in them asking an AI</a> and parroting the answer</a>.
The masses aren't relying on AI only for their talking points. They're listening to AI generate podcasts</a> and music</a>, reading AI generated novels</a>, and watching AI generated videos</a>. Soon they will rely on AI to tell them how to spank the monkey</a>. Writers (I use the term loosely) are letting AI generate their articles</a> and novels</a>.
Companies are also rushing to outsource as much work as they can to AI. Amazon is pushing employees to use AI so fiercely that its employees are gaming the system by using as many token as possible</a> to improve their performance metrics. The same link mentions how Meta is ranking employees by how many tokens they use. Even if they're not necessarily making it a performance metric, many large companies require employees to use AI</a>. Soon companies will use AI for marketing</a> and creating influencers</a> (looking at human influencers, this might be an overall improvement).
I could go on, but I believe I've illustrated my point. AI stands a real chance of taking over humanity, but not in the way most people are predicting. We're not looking at a sapient hyper-competent AI emerging in the near future and executing a brilliant plan to eradicate or enslave humanity. We're looking at gullible humans outsourcing their thinking to the current batch of statistical models. Shackled humans won't be prodded into forced labor by armed robot overlords, they'll continue wandering aimlessly as they stare at their smartphones. The catalyst won't be machines developing sapience, it'll be human stupidity and laziness. Our future isn't Terminator, it's Idiocracy.
The only saving grace will be when the AI companies finally start charging profitable rates. Right now everybody is living high on subsidized rates meant to develop massive user bases. Eventually these companies will need to make money. Being technology companies, their preferred form of making money will be offering less for more (enshitification). That's when we'll see whether the unwashed masses and companies will continue to outsource everything to AI or instead see AI for what it really is: a tool that is appropriate for specific jobs.

The Return of Your Apps, Please

2026-05-15T09:00:00-06:00

In my previous post</a> I discussed how the ability to attend concerts is increasingly locked behind using either an iOS device or a device running a Google approved version of Android. The issue I described isn't an isolated incident. More and more of our lives are being locked behind our smartphones. The two major smartphone operating system providers, Google and Apple, know this and are using their positions to lock us into their platforms. This is especially egregious of Google since it introduced Android as an open platform, which it no longer is.
Since introducing Android, Google has slowly been locking it down. Now there are effectively two tiers of Android: the Google blessed tier that can participate in our smartphone centric lives and the bastard child tier that can't. Less somebody think I'm being hyperbolic, Google demonstrated this fact with the latest update to reCAPTCH</a>:

Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone</a> will automatically fail verification when the system decides to challenge them. </blockquote>
reCAPTCHA is used by many websites, including government and educational websites, to thwart access by bots. Instead of providing an image-based puzzle, the new version of reCAPTCHA will require you to scan a QR code with your phone. The dirty trick, which is covered in more detail on this post</a> from GrapheneOS's Mastodon instance, is that on Android this authentication mechanism is tied to Google Play Services, which is Google's proprietary framework for Android, on a Google certified device. That means people with de-Googled phones, such as any phone running LineageOS or GrapheneOS, will be unable to access any website where reCAPTCHA suspects you're a bot.
With this change, attending concerts won't be the only thing locked behind using an iPhone or Google blessed Android device. Huge swaths of the web will be too. This also creates a potential Catch-22 situation. Since many government websites use reCAPTCHA, people not using a Google blessed Android device will inevitably be unable to access government websites, which could result in legal consequences depending on the website in question. Imaging being unable to renew your driver's license or pay your taxes because you don't own the right kind of smartphone.
This isn't the reality we're heading towards, it's the reality we're at right now. The European Union is working on a European Digital Identity, which will require Google Play Integrity</a>. Google Play Integrity, like the new version of reCAPTCHA, only works on Google certified devices. This not only expands the two tier system I mentioned to European citizenship, but also demonstrates that the European Union has no opposition to Google being a monopoly despite the rhetoric of its politicians. While the European Union makes a show of stopping Google's "monopoly" through lawsuits involving its app store, it hands Google a literal monopoly over the European Digital Identity application. To reiterate a long running theme of this blog, your government doesn't love you.

Your Apps, Please

2026-04-25T19:00:00-06:00

I'm going to date myself. When I first started attending concerts, you bought physical tickets. These paper tickets could be purchased in several ways. You could visit the venue ticket box during business hours and purchase them. Ticket would normally be available weeks or even months ahead of a concert or you could buy them when you arrived for the concert if it wasn't sold out. If you lived too far from the venue, you could purchase tickets over the phone and either have them mailed to you or will call (that's and old term for picking your tickets up at the venue). As the Internet became more prominent, many venues started to offer online purchases. Tickets purchased online could be either mailed to you, will call, or printed at home using your printer. These were the halcyon days of concert ticket purchasing in my opinion.
All good things must come to an end though. Attending concerts today is often a pain in the ass because venues have moved to using apps for ticketing. This idea sounds convenient on paper. Everybody carries their phone with them to concerts so they can hold them up and record the entire show to post on social media so their friends know they were there. Since everybody has their phone with them all the time, making the device the method of acquiring tickets and entering concerts only makes sense, right? Except some of us don't carry our phones with us all the time. Some of us like to actually watch the concert with our own eyes rather than filtered through a screen. But more importantly, not all of us use venue approved smartphones.
There are several major problems with apps being used for tickets. The first one I will cover is the combination of shitty technology and nonexistent customer support that defines modern services. Anybody who has had a problem with a Google or Microsoft product will understand this pain. Getting a hold of a human being at either company is basically impossible. If your problem can't be solved through simple online methods, your problem often isn't going to be solved. One venue I used to frequent uses AXS</a>. I say used to frequent because AXS is a unique ticketing service in that they won't actually sell me tickets. You see, their website and app are both convinced that I'm a bot. Creating an account took long enough that one could legitimately write an epic poem about it. Once I managed to create an account, I couldn't use the service. Getting human support isn't an option. I did find their online support page and submitted a ticket thinking a human being would respond at some point. Instead, several days later, I received a link to chat with a large language model that was completely incapable of solving my issue. I'm calling out AXS in this case because it's my most recent encounter, but the same headaches are true of many ticketing apps.
The second major problem is the seemingly endless number of apps you need to install. Ticketmaster used to be the go-to app for ticketing, but they're a shower of bastards so venues rightly sought alternatives. This has lead to a seemingly endless number of apps. Each app also requires you to sign up for yet another service. Some services, like AXS, make signing up a tremendous pain in the ass. A few services, like Dice</a>, make the process straight forward and easy. Most are somewhere in between. It wouldn't be so bad if there appeared to be an end to the madness, but like Sisyphus pushing his rock, we seem to be damned to signing up for new services and installing new apps for all eternity.
The third major problem, and this is the biggest one in my opinion, is that you need to own a venue approved smartphone. This means you either need an iPhone or an Android phone running the stock OS. If you use anything else, good fucking luck. GrapheneOS works in most cases so long as you have Google Play Services installed (I install it in a separate, isolated profile along with all the stupid ticketing apps). If you don't have Google Play Services installed, you're out of luck for many apps (including Ticketmaster). What if you use something radically different, like a phone running mainline Linux</a>? Some ticketing apps can be made to run in an Android emulator with microG, but not all. If that doesn't work for the specific app you need for a concert, you won't get to attend that concert. The reliance on apps for ticketing helps Apple and Google maintain their duopoly over the smartphone market.
The old ways were better. Anybody who could afford the tickets could attend a concert. Now being able to afford the tickets isn't enough. You must also own an iOS or Android device, be lucky enough to not be tagged as a bot by the ticketing service, and have the wherewithal to not blow your brains out while you navigate the Byzantine account sign up process that many services utilize. Rubbing salt into the wound is the fact you don't have ticket stubs you can tack into a scrapbook to remember all the concerts you attended (for you younger folk, tickets at two pieces and the venue ripped off one piece when you got to the concert and you kept the other, which is referred to as the stub, and a scrapbook is a physical book you could paste photographs, ticket stubs, and other paper objects in).

The Endless Cycle of Enshitification

2026-04-16T16:00:00-06:00

I've lived through a few epochs, moments in time where things changed so dramatically that we commonly talk about our world as it existed before and after. 9/11 was the first epoch that I was aware of living through (the fall of the Soviet Union happened when I was too young to know or care about it). COVID-19 is another. The differences between the pre-COVID-19 years and post-COVID-19 years are significant. During COVID-19 we experienced a dramatic drop in quality of life. Not because of the disease, but because of the fallout from the worldwide response to the disease. The world has never recovered from this. It's been caught in a continuous cycle of enshitification ever since.
The damage to education caused by the response to COVID-19 is hard to understate. Math and literacy rates were already trending downward before COVID-19, but they fell off of a cliff during and keep dropping after. It's not just K-12 schools either. College level education quality has been dropping too. The popularity of large language models (commonly and incorrectly referred to as AI) has exacerbated this trend. This isn't helped by the fact that education is no longer focused on the exercise of learning itself but on making the grade (which are often divorced from each other). It's common for stories covering this phenomenon to focus on students using large language models to skip doing the work. I submit this story</a> penned by a college instructor as exhibit one:

But since the appearance of ChatGPT, the instructor’s job isn’t just to teach the subject and frantically attempt to keep every student’s plate spinning. Increasingly, it’s to moonlight as a detective and prosecutor because students without the motivation to do the work don’t have to skip it anymore. They can turn in a work-shaped simulacrum almost as easily. And a substantial number do—in a recent College Board survey</a> of 600 high school students, 84 percent said they had used generative AI for schoolwork. </blockquote>
This part of the story wasn't what jumped out at me though. This part was:

For the last few years, I’ve been exclusively teaching asynchronous online courses, meaning recorded videos rather than live sessions. </blockquote>
Enshitification in education isn't coming solely from lazy students trying to make the grade without doing any work. It's coming from both sides of the teacher-student relationship. Before COVID-19 college classes were largely in-person. There were remote classes, but they were the exception rather than the rule. During COVID-19 most classes became remote. This resulted in an overall drop in quality for both the teachers and students. After COVID-19 many classes remain remote despite no remaining restrictions against in-person classes.
It's easy to blame students who use large language models to avoid doing their work for being lazy. But it's equally true that instructors prerecording video lessons (asynchronous learning to use the academic buzzword) are being lazy and avoiding doing their work. An instructor's job isn't to simply regurgitate information. If students want that, they can go on YouTube. An instructor's job is to help students learn. That not only requires covering material but also requires helping students understand the material. This may require explaining the material in several different ways, having one-on-one conversations with students, pointing students to additional resources, developing hands-on exercises that can help students walk through the logic, etc.
If an instructor is simply recording videos for students to watch, those students are going to pick up on the instructor's laziness. They will respond in kind with their own laziness. After all if the instructor doesn't care why should the students? The enshitification cycle feeds on itself like an ouroboros. The cycle can't be stopped and certainly can't be reversed unless one or more of the people responsible for perpetuating it stop. I will argue that in the case of the teacher-student relationship the teacher should be the one to stop perpetuating the cycle. Amongst the responsibilities of an instructor is the responsibility to demonstrate a belief that the material is worth learning.
I'm sure there are teachers who stand out in your memory because they seemed to be exceptionally good at teaching. I can recall many. One of my high school science teachers excelled at her job. Part of her success was her obvious love of the topic. Her excitement when it came to science demonstrated that she truly believed that the material was worth learning. Many of my college professors were the same way. They obviously loved the subjects they taught and their love of the subject alone could convince students that the material was worth learning.
Thwarting students' use of large language models is actually quite simple. Return to in-person classes and the use of hand written (they were called blue book exams when I was in college) and oral examinations. Will some students still find a way to cheat? Yes. But I suspect most won't because successful cheating under these conditions requires far more sophistication. The bigger challenge is overcoming students' apathy. I believe that requires teachers to first overcome their own apathy, which is an equal challenge.

Disabling Homebrew in Dinosaur OS

2026-02-13T13:00:00-06:00

Since I released Dinosaur OS</a> last September, I've had to make very few changes to my image. This is a testament to the overall stability of Bluefin, the image upon which Dinosaur OS is based. But I started receiving error notifications a couple of weeks ago whenever the automatic update service ran. The initial error was actually due to a Flatpak problem. The developer of a package I installed uploaded a new version with the same version number as my currently installed version. This cause the Flatpak update program to fail. I managed to fix that, but the service was still displaying an error because it wasn't able to update Homebrew.
Homebrew is a package manager that was originally written for macOS. It was released back when I used macOS so I tried it and discovered that it was a train wreck and opted to use MacPorts</a> instead. Homebrew had a number of bizarre design decisions. The biggest was it wanted to install packages at a system level. Normally that's not a problem with a package manager, but Homebrew tied the system level directory to your user account's user ID number. Effectively Homebrew installed packages at a system level that only a single user account to use or modify. There was an option to install packages into your home directory, but a number of packages failed to run when you did that.
When it was announced that Homebrew was available for Linux, I dismissed it entirely. Why would I want a poorly designed package manager on a system that already has a plethora of very good package managers? My experience with Homebrew was so bad that I initially intended to remove it from Dinosaur OS. I ultimately decided that enough time had passed that I should give Homebrew another chance. My latest experience mirrored my previous experience.
Homebrew on Linux suffers the same problem as it does on macOS. It doesn't support systems with multiple user accounts well. When Bluefin installs Homebrew, it creates the /home/linuxbrew/</code> directory and sets its user and group IDs to 1000. Bluefin is based on Fedora and by default the first user account created on a Fedora system has the user and group IDs of 1000. All packages installed with Homebrew are installed into the /home/linuxbrew/</code> directory. This means Homebrew on Bluefin is configured so that only the very first user account created on the system can use it.
This is fine for most users, but I'm not most users. I have two user accounts on my system. The first is my administrator account, the second is a regular user account that I use for my day to day tasks. Administrator rights are required to create new user accounts so obviously I create my administrator account first. This means the actual account I use day to day, which has the user and group IDs of 1001 (the default on Fedora systems for the second user account created), can't use Homebrew.
There are ways around this. I could change the owner permissions on /home/linuxbrew/</code> to 1001. Homebrew on Bluefin is setup using the brew-setup.service</code> systemd service, which sets the permissions. I could change that unit file in my image to set the user and group IDs to 1001. Either option would allow my day to day user account to use Homebrew installed packages, but would prevent my administrator account from using them. The bottom line is Homebrew is a poorly designed package manager.
I chose a third option: ignore Homebrew entirely. There was no downside to this option at first, but a few weeks ago changes were made to Bluefin's automatic updater that caused me to reexamine my decision. As noted at the beginning of this article, I started receiving notifications that the automatic update service failed. Checking journalctl showed me the source of the error was that the update utility, UUPD</a>, was unable to upgrade Homebrew. This failure was caused by /home/linuxbrew/</code>, which normally contains the brew executable used to install and update packages, being empty (I didn't investigate why it was empty since I was already done with Homebrew).
Fortunately disabling and removing Homebrew from Bluefin is straight forward. Homebrew is installed by the brew-setup.service</code> systemd service, which is enabled by default on Bluefin. Disabling the service prevents it from automatically installing Homebrew so Dinosaur OS disables it. I also add a script, /usr/libexec/remove-brew</code>, to the image, which removes Homebrew from a system if it's already installed. This makes Dinosaur OS nondestructive in that it won't automatically remove Homebrew from a system where it's already installed. Removing Homebrew requires manual work. It also means Homebrew can be installed again by either starting or enabling brew-setup.service</code>.
I still had the problem where UUPD would throw an error because it was unable to update Homebrew (which was now missing entirely). UUPD on Bluefin accepts arguments that disable update modules though. The final change I made to Dinosaur OS is adding --disable-module-brew</code> to the ExecStart line of uupd.service</code>, which is activated by a timer periodically. uupd.service</code> is a system file, which means the user cannot edit it. Therefore, if you're running Dinosaur OS and install Homebrew, your Homebrew packages won't be automatically updated by uupd.service</code>. The best way to change this behavior is to copy /usr/lib/systemd/system/brew-update.service</code> to /etc/systemd/system/uupd.service</code> and remove --disable-module-brew</code> from the ExecStart line.
Overall I still like Bluefin a lot. I agree with most of the design decisions and appreciate that it's been easy for me to change the decisions I dislike. I continue to run Dinosaur OS on my desktop systems and haven't faced any catastrophic problems. If you want to create your own image based on Bluefin and want an example image to get started, check the Dinosaur OS repository</a>.
Getting Started with Kettlebells 2026-02-06T20:00:00-06:00 Introduction</h1> I developed an interest in physical fitness about a decade and a half ago. This interest lead me to pursue martial arts, biking, and eventually kettlebell lifting (along with many other activities). The reason I got into kettlebell lifting is because I wanted to improve my strength and endurance. Kettlebells were tools I could use in the comfort of my small apartment. Now I have a home and a gym in my basement. I still lift kettlebells three or four times a week. Getting started is the hardest part of any journey. This post is intended to help anybody who's interested in starting kettlebell lifting. It's not intended to be all encompassing. Too much information can be as bad as too little. Decision paralysis thwarts as many journeys as fear and laziness. Therefore, this post is opinionated. It will provide only a handful of options. Wherever options are provided, know that there are many more options out there. They aren't brought up to cut down on the noise. The hardest part of any journey is also the most important. It's more important to get started than to travel the optimal path. Any progress forward is better than no progress while you try to develop the optimal plan. Note on Units</h1> Weights in this post will be provided in kilograms. Why would a post written by an American living in the United States use metric units? Two reasons. First, the historical unit of weight for kettlebells is the pood. The pood is an old imperial Russia unit. It's equal to about 16 kg. This means kettlebell weights divide nicely into kilograms. Second, kettlebell lifting is an international sport. International sports use the metric system because almost everybody outside of the United States does. To make your life a bit easier, here are the American equivalents to the weights used in this post (along with the weight in poods to illustrate my point about dividing nicely into kilograms): 16 kg = 35 lb (1 pood) 20 kg = 44 lb (1.25 poods) 24 kg = 53 lb (1.5 poods) 28 kg = 62 lb (1.75 poods) 32 kg = 70 lb (2 poods) Types of Kettlebells</h1> There are two major types of kettlebells: hard style and competition style. Hard style are typically made out of cast iron. The size of the bell depends on the weight. Heavier hard style kettlebells are larger than lighter ones. Competition style kettlebells are typically made out of steel. The size of the bell is the same regardless of the weight. A 16 kg competition style kettlebell is the same size as a 32 kg one. I exclusive used hard style kettlebells until this year. Now I own both. I recommend hard style kettlebells when you're starting out though. Hard style kettlebells are typically cheaper, often much cheaper, than competition style ones. You can do all of the traditional kettlebell lifts with either style of kettlebell so you might as well save yourself some money. You'll see articles online claim that competition kettlebells don't work well for two handed lifts such as two handed swings due to the handle size and shape. This isn't my experience. I have no issue doing two handed swings with competition style kettlebells and I have large hands. You'll also see articles claim that competition style kettlebells are more durable because they're made of steel instead of cast iron. This is a distinction without a difference. The only way you'll break either style of kettlebell is by being a complete dumbass. The two hard style kettlebells I typically recommend are REP Fitness</a> and Bells of Steel</a>. Both offer reasonably priced high-quality cast iron kettlebells with "free" shipping (free shipping means the price of shipping is baked into the price of the kettlebell). Buy whichever is cheaper at the time or in stock. If your budget is tight, I've read reviews for Yes4All</a> kettlebells and they seem to be decent. I can't recommend them since I've never seen them in person. Another option I'll note is Bells of Steel adjustable kettlebells</a>. These are adjustable competition style kettlebells. They're a good option if space is tight and you can afford to pay more upfront. I prefer fixed weight kettlebells because sometimes I like to switch weights during my workouts and changing an adjustable kettlebell's weight is a slow process. That doesn't matter when you're starting out though. Starting Weight</h1> Recommending a starting weight is tricky. Everybody is different. If you know anybody who owns kettlebells or dumbbells, ask them if you can press a few overhead. You want a weight that you can press overhead a few times. I'll cite the most common rule of thumb. Men and women who haven't done any strength training should start with 16 kg and 8 kg respectively. Men and women who have done some strength training should start with 20 kg and 12 kg respectively. The difficulty of most kettlebell lifts can be adjusted through technique. If 20 kg is too light for two handed swings, change to one handed swings. If 20 kg is too heavy to strict press overhead, push press it. If a weight is beginning to feel too light, you can do more reps in less time to increase the difficulty. There are limits to this. If you can strict press a 24 kg kettlebell overhead, an 8 kg kettlebell isn't going to be a challenge no matter what (that's not to say an 8 kg kettlebell will be completely without value). Likewise, if you can barely strict press a 16 kg kettlebell overhead, you're not going to get a 32 kg kettlebell overhead. It's better to go a bit light than a bit heavy when you're starting. Beginners should focus on technique. It's almost impossible to focus on technique if you're barely able to move the kettlebell you're using. Programs</h1> There are two programs I recommend to beginners: Rite of Passage</a> and Simple and Sinister</a>. Both programs require a single kettlebell. Both books do a good job of covering the technical aspects of the lifts they use. This is important. There are books for beginners, which go into detail on the how of lifts, and books for people who have experience, which typically don't explain how to perform lifts. You want to learn how to properly perform lifts. There are also a lot of good videos online that go over the hows of lifts. If you can find a coach in your area, you can also hire them to teach you how to perform lifts (this is probably the fastest and safest option). Rite of Passage is covered in the book Enter the Kettlebell. Between the two programs, I like this one slightly better because I like to press weight overhead. The program uses cleans, strict presses, swings, and snatches. There is also the option to add pull ups. The strict press is probably the lift that gives you the most bang for your buck. It's the staple of many great kettlebell programs such as The Giant, Dry Fighting Weight, and The Armor Building Formula. Swings add an endurance component to the program. Snatches are something you will need to study for a while, but once you learn how to snatch, you unlock another lift that provides tremendous bang for your buck. Rite of Passage is a three day a week program. Simple and Sinister used to be the recommended program for beginners. It's the program I ran when I started. I've seen a number of people in online kettlebell communities argue that Simple and Sinister isn't a good program. They're full of shit in my opinion. Although I like Rite of Passage better, Simple and Sinister is an excellent program for people who haven't done any strength training. The program uses Turkish get ups and swings. Turkish get ups teach you the invaluable skill of getting up off the ground while holding weight. It will improve your overall movement quality. It can also be run more frequently than Rite of Passage. It doesn't matter which program you pick. If you want to press weight overhead, go with Rite of Passage. If you want to get up off of the ground while holding weight, go with Simple and Sinister. If you can't decide, flip a coin. Conclusion</h1> That's it. That's the guide. Buy a kettlebell of appropriate weight, pick a program, and start lifting. Complex Systems, Simple Answers 2026-02-06T13:00:00-06:00 The universe we occupy is a very complex system that contains an uncountable number of complex systems within itself. One of the most common illustrations of this fact is weather forecasting. Weather forecasts are notorious for being inaccurate. The reason for this isn't because the weatherman is incompetent, it's because weather is a complex system. Edward Norton Lorenz, a meteorologist who founded chaos theory, noted the complexity of weather systems through the butterfly effect</a>: He noted that the butterfly effect is derived from the example of the details of a tornado (the exact time of formation, the exact path taken) being influenced by minor perturbations such as a distant butterfly flapping its wings several weeks earlier. </blockquote> The terrestrial weather system isn't the only complex system. Space weather is a thing and a great deal of effort is put into predicting it. Like predicting terrestrial weather, predicting space weather is notoriously inaccurate. A few other complex systems are the movement of tectonic plates, propagation of electromagnetic radiation, and human behavior. The human brain prefers simple answers. Prescientific man often explained complex phenomenon like weather as the action of gods and other supernatural beings. A typhoon wiping out a coastal city might be explained as the god of the sea punishing the inhabitants because they did something he didn't like. Postscientific man isn't that different. Although our scientific understanding has largely done away with accusing the gods for all that happens, we still end up creating simple answers for complex systems. This comes up most frequently when people try to blame an individual or group for events that are the result of complex systems. Crime rates are a good example. Many factors play into crime rates. Socioeconomic conditions are the most commonly cited factors, but there are many more. The laws themselves play a huge role because an act isn't a crime unless there's a law against it. If the government passes a law against an until then lawful and very common activity (see Prohibition in the United States), the rate of crime increases. Weather plays a factor in crime rates. Cities in the northern hemisphere typically have a higher rate of violent crime during the summer. Individual attitudes are a major factor. If there is a large number of people who are unhappy with their current conditions, they are more likely to perform criminal acts such as vandalism. Many people ignore all of these factors and instead blame crime rates on blacks or immigrants and call it a day. Political systems are also complex. A political system involves many people acting in the name of a government. These government vary from dictatorships to democracies. Different systems have different numbers of participants. The laws that get passed depend on a number of factors. Consider the legislative process in a common democratic system. A law might be introduced by a politician on behalf of a lobbyist. The lobbyist may want the law passed to prevent new competitors from entering their market. The politician might received benefits from the lobbyist ranging from paid vacations to promises of employment after they exit politics. Another law might be introduced because a politician sees people participating in activities they personally find immoral (again, see Prohibition in the United States). Once a law is introduced, there is a complex system of wheeling and dealing that commonly happens before the law is either rejected or passed into law. Many people ignore all of these factors and instead blame one political party for all the political ills in their country. Or they might blame the Jews or, more recently, British royalty (a new conspiracy theory gaining headway here in the United States). What is an answer that doesn't correctly answer a question? It's bullshit. This provides some incite into why all of the perceived ills in the world seem to go unaddressed. Too many people have opted for bullshit rather than answers. But don't be too harsh of those people. We humans aren't well adapted to analyzing and addressing complex systems. All of us opt for bullshit. Some of us opt for it more than others, but we all do it. We especially do it when an answer can't be identified. Our brains prefer simple answers and absolutely despise having no answers. When an individual accumulates too many questions without answers they often succumb to some form of nihilism, but that's not the only option. If you're willing to accept the fact that there are many questions without answers and come to peace with that fact, you can live in a sort of harmony. Many religions and philosophies exist around this idea. Stoicism emphasizes that you cannot control things outside of yourself but you can control how you react to events. Even though I cannot control who rules the nation, I can prevent myself from become emotional because of it. You don't have to be angry because you don't like the ruler of a nation. Daoism is centered on the Dao, the source of all existence. Critically Daoism teaches that the Dao is beyond our comprehension and therefore cannot be completely understood. This is a good frame of mind when living in a universe full of unanswerable questions. Accepting that you cannot fully comprehend events that are happening can help avoid falling under the influence of those who claim to have the answer and therefore from being manipulated by them. I can't say for certain what will make you happy in life. I will say that my life became happier once I accepted that I don't know the answer to everything. That acceptance has allowed me to achieve peace by not getting worked up over things outside of my control. I know the universe is composed of complex systems that are incomprehensible to me and I enjoy that there is mystery in this universe. I live my life how I want and care not at all about the opinions of others. They don't know the answers either. I strongly urge you to explore the same frame of mind and see if it bring you peace too. Setup IPv6 in WireGuard 2025-12-30T15:30:00-06:00 Introduction</h1> Over the holiday break I finished upgrading all of my self-hosted services to make them available via IPv6. The upgrade was straightforward for all of my services except one: my WireGuard VPN</abbr> server. I wanted to provide my VPN clients with IPv6 connectivity without using NAT</abbr>. Unfortunately most of the guides online use NAT for IPv4 and IPv6. NAT is necessary for IPv4, but goes against the very design of IPv6. I wanted to provide each client with a globally routable IPv6 address. This ended up being simple once I figured it out. I previous wrote a guide for setting up WireGuard to share a public static IPv4 address</a>. The formatting was ruined in the transition from my old WordPress blog to this statically generated one, but it explains how to setup a WireGuard VPN server for IPv4. This post will explain how to setup a WireGuard VPN server for IPv6. Preamble</h1> First a major caveat. As of this writing, I've had this iteration of my VPN server running for two days. I've tested it on my home network, on my phone's cellular network, and on an IPv4 only network through my travel router. IPv6 appears to work in all cases. I haven't finished thorough testing though. There may be a number of corner cases that don't work. I will update this guide as I find and fix them. Therefore, if you find something broken, check back and I might have discovered it and posted the solution already. I also pieced my setup together by taking bits and pieces of several online guides. I pillaged from this guide</a>, this guide</a>, this guide</a>, and this guide</a>. If there are unnecessary configuration steps in this guide, I likely took it from one of these guides and didn't test my final setup without the configuration. Such mistakes are entirely my fault. In order to follow this guide, you need a source of IPv6 addresses and specifically a separate subnet from your hosting network. My ISP</abbr> provides me with a /48 prefix. This gives me roughly a bajillion addresses and subnets. Conventions Used in This Guide</h1> For the purposes of this guide, I'm going to use the following IP addresses (2001:db8</code> is the prefix reserved for examples and documentation</a> for those not aware): 2001:db8:1234::/48</code>: The prefix provided by our ISP. 2001:db8:1234:9999::/64</code>: The subnet of our hosting network. The subnet 9999</code> was chosen for readability purposes. 2001:db8:1234:ffff::/64</code>: The subnet provided to our WireGuard VPN clients. Throughout this guide remember that the subnet with numbers is for our hosting network and the subnet with letters is for our VPN clients. 2001:db8:1234:9999::1</code>: The IPv6 address used by clients to connect to our WireGuard VPN server. 2001:db8:1234:ffff::1</code>: The IPv6 address of the WireGuard interface. This differs from the above address in that a client only uses it after it has connected to the WireGuard VPN server through the above address. Once connected, clients will use this address as their gateway. 2001:db8:1234:ffff::1:1</code>: The IPv6 address provided to the first of our WireGuard VPN clients. This address will be incremented subsequently so our second client will have an IPv6 address of 2001:db8:1234:ffff::1:2</code>, our third 2001:db8:1234:ffff::1:3</code>, etc. I will also use en0</code> as the name of the network interface of our WireGuard VPN server, 51820</code> as the port used to connect to WireGuard on our server, and wg-vpn.conf</code> as the name of our WireGuard configuration file. The Actual Guide</h1> The first thing you will need to do is ensure that the router between your hosting network and ISP is setup to route the subnet for our VPN clients to our VPN server. How you do this will depend on both your ISP and your router. For my Ubiquiti Cloud Gateway Ultra, I created a static route that routes the entire 2001:db8:1234:ffff::/64</code> subnet to 2001:db8:1234:9999::1</code>. You will also need to configure your router's firewall to allow incoming WireGuard traffic to your VPN server. I'm hosting my VPN server on Fedora Server. By default, IPv6 forwarding isn't enabled on Fedora Server. I enabled it by adding net.ipv6.conf.all.forwarding=1</code> to /etc/sysctl.conf</code> and issued the sysctl -p</code> command to load the changes. I also added several other lines. /etc/sysctl.conf</code> on my VPN server contains the following contents: net.ipv4.ip_forward=1 net.ipv6.conf.en0.proxy_ndp=1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.en0.accept_ra=2 </code></pre> The first line enables IPv4 forwarding. It's enabled by default on Fedora Server, but I added the line just to ensure it's always enabled. The second line enables proxying NDP</abbr> packets, which is used by IPv6 to discover neighboring devices. The final line enables router advertisements while IPv6 forwarding is enabled. I added it to the file when I was trying to dole out IPv6 addresses through another method. I'm not sure if it's needed for my final setup. This is one of those potentially unnecessary configuration steps I mentioned in the preamble for this guide. The only port I opened on my VPN server's firewall is 51820</code> for UDP</abbr> packets. WireGuard only uses UDP so you don't need to open the port for TCP</abbr>. I also enabled masquerading capabilities. Masquerading capabilities are only needed for NAT, which means it's only necessary for IPv4. You don't need to enable it if you're only using IPv6 on your VPN server. Everything else happens in the WireGuard configuration file located at /etc/wireguard/wg-vpn.conf</code>. The first section of the configuration file sets up the interface: [Interface] PrivateKey = <Your Server's Private Key> Address = 2001:db8:1234:ffff::1/64 SaveConfig = false ListenPort = 51820 </code></pre> This is all pretty basic. PrivateKey</code> obvious contains your server's private key that was generated with wg genkey</code>. Address</code> is the IPv6 address of the WireGuard interface. Clients will use this address as their gateway once they've connected to our VPN server. SaveConfig</code> determines if the current configuration is saved when the WireGuard interface is shutdown. I generate my configuration files with Ansible so I don't want any state maintained and disable this feature. ListenPort</code> is the port through which clients will connect to the VPN server. The next section is where the heavy lifting is done. PostUp</code> commands run when the WireGuard server is being started. PostDown</code> commands run when the WireGuard server is being stopped. In this case, the PostDown</code> commands simply undo the PostUp</code> commands. Also note that %i</code> stands for the WireGuard interface name, which is wg-vpn</code> since the configuration file is wg-vpn.conf</code>. PostUp = ip6tables -A FORWARD -i en0 -o %i -j ACCEPT; PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; PostUp = ip -6 neighbor add proxy 2001:db8:1234:ffff::1:1 dev en0 PostUp = ip -6 neighbor add proxy 2001:db8:1234:ffff::1:2 dev en0 PostUp = ip -6 neighbor add proxy 2001:db8:1234:ffff::1:3 dev en0 PostDown = ip6tables -D FORWARD -i en0 -o %i -j ACCEPT; PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; PostDown = ip -6 neighbor del proxy 2001:db8:1234:ffff::1:1 dev en0 PostDown = ip -6 neighbor del proxy 2001:db8:1234:ffff::1:2 dev en0 PostDown = ip -6 neighbor del proxy 2001:db8:1234:ffff::1:3 dev en0 </code></pre> PostUp = ip6tables -A FORWARD -i en0 -o %i -j ACCEPT;</code> and PostUp = ip6tables -A FORWARD -i %i -j ACCEPT;</code> enable IPv6 forwarding between the server's network interface (en0</code> in this example) and the WireGuard interface (wg-vpn</code> in this example). This allowed IPv6 traffic originating from our clients to be forwarded out of the VPN server's network interface and return traffic routed from the VPN server's network interface to the appropriate client. PostUp = ip -6 neighbor add proxy 2001:db8:1234:ffff::1:1 dev en0</code> and the following two lines setup NDP proxies for each client. You could probably replace all of these lines with PostUp = ip -6 neighbor add proxy 2001:db8:1234:ffff::/64 dev en0</code>. Again I generate my configuration file with an Ansible playbook so it's just as easy for me to loop through my list of clients and add a line per client. As mention above, the PostDown</code> lines simply undo the PostUp</code> lines when the WireGuard interface is stopped. The final part of the file contains configuration information for each peer: [Peer] PublicKey = <The Client's Public Key> AllowedIPs = 2001:db8:1234:ffff::1:1/128 [Peer] PublicKey = <The Client's Public Key> AllowedIPs = 2001:db8:1234:ffff::1:2/128 [Peer] PublicKey = <The Client's Public Key> AllowedIPs = 2001:db8:1234:ffff::1:3/128 </code></pre> This is straightforward. PublicKey</code> contains the client's public key and AllowedIPs</code> contains the IPv6 address we're assigning to the client. Running systemctl start wg-quick@wg-vpn.service</code> will bring the WireGuard interface up so clients can start connecting. The configuration file for each client is simple: [Interface] Address = 2001:db8:1234:ffff::1:1/64 PrivateKey = <The Client's Private Key> [Peer] AllowedIPs = ::/0 Endpoint = [2001:db8:1234:9999::1]:51820 PublicKey = <Your Server's Public Key> </code></pre> Address</code> is the globally routable IPv6 address our VPN server is assigning to the client. PrivateKey</code> is the client's private key. There's similarly little to say about the [Peer]</code> section, which contains connection information for the VPN server. AllowedIPs = ::/0</code> tells the client to route all IPv6 traffic through the WireGuard interface. Endpoint</code> contains the IPv6 address clients use to connect to the VPN server. Note the square brackets. Because IPv6 addresses use ':' as a separator and ':' is also used by convention to separate an IP address from a port number, the square brackets are used to disambiguate the ':' in the IPv6 address from the ':' differentiating the port number. When the client connects to the VPN server, it will have the globally routable IPv6 address of 2001:db8:1234:ffff::1:1</code>. If you connect to a website that tests IPv6 connectivity such as this IPv4 and IPv6 connectivity test</a>, it should show 2001:db8:1234:ffff::1:1</code> as your IPv6 address. There you have it, a WireGuard VPN server that provides clients with globally routable IPv6 addresses.

A Geek with Guns

Enshittification of Policing

Building Our Own Cage

The AI Takeover of Humanity

The Return of Your Apps, Please

Your Apps, Please

The Endless Cycle of Enshitification

Disabling Homebrew in Dinosaur OS

Getting Started with Kettlebells

Conclusion</h1> That's it. That's the guide. Buy a kettlebell of appropriate weight, pick a program, and start lifting.</p>

Complex Systems, Simple Answers

Setup IPv6 in WireGuard

Conclusion</h1>
That's it. That's the guide. Buy a kettlebell of appropriate weight, pick a program, and start lifting.</p>