Plutonic Rainbows

Handelsblatt reported this week, and Reuters confirmed through a Commission spokesperson, that Brussels is days away from designating ChatGPT as a Very Large Online Search Engine under the Digital Services Act. If the decision lands as expected, it will be the first time a generative AI product has been pulled into the DSA's most demanding compliance tier, and it will happen because OpenAI's own numbers forced the question.

The trigger is scale, not function. The DSA hands its harshest obligations to any platform or search engine that averages more than 45 million monthly active users in the EU. OpenAI disclosed that ChatGPT's search feature hit 120.4 million EU users over the six months ending September 2025. That's 2.7 times the threshold. The Commission was required to publish user numbers anyway, every six months, so the evidence arrived in its inbox via OpenAI's own transparency reporting. The only remaining question was whether the Commission would treat ChatGPT as a search engine at all, and a spokesperson has already indicated it will be handled "case-by-case."

Translation: yes, probably.

What follows a VLOSE designation is not trivial. The Commission's own page lays out the schedule plainly. Four months to comply. Mandatory annual risk assessments covering illegal content, fundamental rights, electoral processes, public health, and the protection of minors. Independent audits. A crisis response mechanism. Researcher data access. Supervisory fees calculated as a percentage of EU turnover. The obligations read like the shape of a regulator trying to catch up with ten years of unchecked product design, all at once, pointed at a company that has been public-facing for less than three years.

OpenAI's position is awkward. The company has spent the past year arguing, plausibly, that ChatGPT is not really a search engine, that it retrieves, synthesises, generates, and does several other things besides. The DSA's definitional scaffolding doesn't care. It cares about the search-shaped function and the user count, and OpenAI built the former and reported the latter. The company can contest the designation at the General Court, which is the path VLOP designees have used before, but that doesn't pause the clock. You still comply while you litigate.

The broader pattern is worth naming. Europe's regulatory posture toward American AI firms has stopped being consultative. The AI Act, the DSA, Ireland's Media Commission calculating supervisory fees — this isn't one framework, it's a stacking set of them, and the interaction effects are where the real enforcement pressure will land. A model provider can comply with the AI Act's GPAI rules and still be on the hook for DSA systemic-risk obligations for the consumer product that wraps it. The state-level pressure in the US is crude by comparison, a threat to yank broadband money to keep states from passing their own laws. Brussels just does the work.

There is a version of this story where the designation is a tidy procedural event, OpenAI ships the risk report on time, the audit clears, nothing visibly changes for the EU user. That is probably how the next six months go. But the precedent is the point. Once one generative AI service is inside the VLOSE tent, every other chatbot that reports EU usage becomes a candidate by arithmetic. Gemini already clears the threshold. Claude will, if it hasn't. Perplexity is smaller but arguably more search-shaped than any of them. The Commission has been handed an instrument and a user-count floor, and it knows how to use both.

The regulators caught up faster than I expected. That might be the most interesting part.

Three days after the NSA quietly joined the Mythos preview, an unauthorized group has the model too. Anthropic confirmed on Wednesday it is investigating the incident. The vector, per the reports, was a third-party contractor's environment. A private online forum ended up with access to the system Anthropic had chosen not to release broadly.

This is the thing everyone was worried about, and it arrived on roughly the schedule you'd expect.

The timeline is short and bleak. April 7: Mythos announced, a limited set of vetted partner organisations given keys. April 16: Opus 4.7 lands with Mythos held back as its more capable but gated cousin. April 20: reporters reveal the NSA has access, a detail Anthropic had not disclosed. April 21: TechCrunch runs the breach story. Bloomberg and SiliconAngle follow the same day. By Wednesday morning the former National Cyber Director is telling Fortune that Mythos can hack nearly anything and the country is not ready, and Chubb's chief executive is on an earnings call using the phrase "the arms race is on."

Two weeks from closed preview to unauthorized access. If you sat down to script how a controlled rollout of a frontier offensive-security model would fail, you would write something close to this. Not a direct breach of Anthropic's corp network. Not a jailbreak of the model itself. A vendor relationship. Someone with legitimate keys whose environment turned out to be the weakest link in the chain.

There is a particular irony here that I want to name plainly. Anthropic's official posture is that Mythos exists, in part, to identify the next generation of supply-chain vulnerabilities. The company has been telling the White House and Treasury that frontier models are how the United States gets ahead of its own software fragility. The specific way their own most guarded capability leaked was through the class of risk the model was supposed to find. The fourth party had the keys.

I don't think this ends the Mythos program, for what it's worth. The NSA is presumably still using it. The courts will continue to hear the Pentagon's supply-chain case against Anthropic while the intelligence community continues to consume the product. The lesson the industry will draw is not "don't build Mythos." The lesson will be: tighten the vetted-partner list, redo the vendor attestations, add another audit layer. Business as usual, one notch paranoid.

What the breach actually demonstrates is quieter. A model described as capable of chaining software exploits and discovering flaws at scale is now, in some unknown quantity, outside the boundary of the vetted organisations that were supposed to hold it. Whoever has it does not need to exfiltrate weights or reverse-engineer the system card. They just need API access through someone else's key. That is a fundamentally different threat model from "a secret AI lab builds something scary." It's "a secret AI lab builds something scary and then a mid-tier consulting firm's Okta misconfiguration hands it to a chat room."

Chubb's Greenberg, whatever else you think about insurance executives on earnings calls, picked the right noun. This is an arms race, and the starting gun just went off sideways.

The £2,924,622 was won on the weekend the country stopped caring. A syndicate of regulars from the Yew Tree pub in Manchester shared the cheque, the largest payout in pools history. The date was November 1994. That same weekend, on a Saturday night televised by Noel Edmonds, the National Lottery launched with five winners splitting £5,874,778 on its inaugural draw. The pools had peaked and been displaced in the same breath.

Football pools were never really about football. The Treble Chance, introduced by Littlewoods in 1946, asked you to pick eight matches you thought would end as score draws. Score draws counted for the most points; no-score draws less; home and away wins least. You wanted twenty-four. The maths punished favourites and rewarded the kind of ordinary dull Saturday in March when nine matches across the lower divisions all finished 1-1. Most weeks nobody got the maximum. Some weeks the dividend was £2.94 million.

Ten million people played every week at the peak. Ten million in a country of fifty-eight million. The coupon arrived through the door from a collector you knew by name, or you carried it yourself to the corner shop. You filled it in with a biro, thinking about Crewe versus Bury, and you handed it back with the right coins counted out. Saturday tea-time was a calculation. The teleprinter at five o'clock, the classified results read by James Alexander Gordon in that cadence which rose for the away score and fell for the home, and somewhere in the rhythm a person was working out whether their eight had come in.

The lottery undid all of this in eighteen months. It wasn't that the pools were unfair, or hard to play, or unpopular. They were popular. They had been popular for sixty years. They were displaced by something faster: a six-number ticket bought at the counter of the Spar, drawn on television by a machine, with a jackpot that started at seven figures and rolled over until it hit eight. The pools required you to think about football. The lottery required you to think about nothing.

Vernons closed its pools operation in February 1998. Littlewoods sold out to Sportech in 2000 for £161 million, a number that would have been laughable five years earlier. Ten million players became 830,000 by 2006, then 700,000 by 2007, then something smaller still that nobody publishes loudly. Thousands of jobs went on Merseyside, most of them women who had counted coupons in the great Art Deco building on Edge Lane that Littlewoods opened in 1938 and which has stood derelict since 2003.

The texture you can't recover is the weekly arithmetic. People who would have called themselves bad at maths could in fact do permutation calculations in their head, trading coverage for cost, balancing what their pension would stand against what Saturday might bring. They were running probability models in a ledger in the kitchen drawer. Then a machine drew six balls and the ledger closed.

I don't think the lottery was a worse thing. It pays out in ways the pools never quite did: lump sums, instant millionaires, a charitable arm that built half the country's velodromes. But it asks nothing of you. The pools asked you to look at the fixtures.

Yew Tree won the most. Yew Tree won last.

Before ChatGPT, there was a paper. March 4, 2022. Ouyang, Wu, Jiang, Almeida, and a cast list long enough to fill a film credit, posting to arXiv under the title "Training language models to follow instructions with human feedback." Inside the paper sits the specific mechanism that turned a statistical parrot into something you could ask for things.

GPT-3, for all its parameter count, did not follow instructions. It predicted the next token. If you gave it "Summarise this paragraph in one sentence," it would happily extend the paragraph, suggest ten more instructions, or ignore you entirely and generate a shopping list. Prompt engineering was the art of tricking it into the shape of the task. Most people gave up after a few tries.

OpenAI's fix came in three stages. First, supervised fine-tuning. Forty human labelers sat down and wrote, by hand, roughly thirteen thousand demonstrations of the form (prompt, correct response). The model was fine-tuned on these the way you'd fine-tune on any other dataset. This alone got them most of the way there. The SFT model already outperformed vanilla GPT-3 on instruction tasks, and a reasonable person might have called it done.

They didn't. The second stage was a reward model. Same labelers, different task: presented with a prompt and several model outputs, rank them from best to worst. That preference data trained a separate model whose only job was to predict, given a candidate response, how much a human would like it. A critic, in the old-fashioned sense. It has no opinions of its own, only an internalised sense of what the labelers collectively preferred.

Third stage, the reinforcement learning itself. They took the SFT model, let it generate responses to new prompts, scored each response with the reward model, and used Proximal Policy Optimization to shift the weights so that higher-reward tokens became more likely. The critic graded, PPO updated. Round and round. The original pretraining objective got mixed back in (they called this PPO-ptx) to stop the model from forgetting how to write English while chasing the reward.

The headline result: a 1.3 billion parameter InstructGPT was preferred by labelers over the 175 billion parameter GPT-3 it started from. A model a hundred times smaller, judged better, because it had been shown what better looked like. Size still mattered. But the gap between "big" and "useful" turned out to be bridgeable by thirteen thousand demonstrations and a ranking tool.

What the paper doesn't advertise is what the technique inherits. Reinforcement learning from human feedback had been kicking around since Christiano et al. in 2017, where it taught agents to perform tasks in simulated environments and Atari games by eliciting human preferences rather than writing down a reward function. Teaching a model to be helpful is, structurally, the same problem: you cannot write the reward function, so you collect it from humans and train a model to stand in for their judgement. What changed was the scale of the demonstration set and the object being trained.

Every model you talk to that acts like an assistant is, underneath, some descendant of this pipeline. The chain-of-thought monitoring that Anthropic relies on to catch deception is a shadow cast by this exact mechanism. The model learned to produce reasoning the reward model liked. Whether that reasoning is faithful to the computation underneath is a question the 2022 paper did not ask. Four years later, it's the question everyone is asking.

Walk the Brampton Valley Way between Market Harborough and Northampton and the ground tells on itself. The path is flat in a way ordinary paths aren't, held above the fields on an earth shelf too deliberate to be geology. At a certain point the brick edges of a platform surface through the nettles, with numbers cut into the stone that nobody has a reason to read. This was Lamport. A station on the Midland line from Northampton to Market Harborough, which carried passengers until 1960, and then stopped carrying them, and then stopped being a line at all once the freight traffic fell away two decades after that.

Lamport closed early, three years before the report that came to stand for the whole thing. The Beeching cuts were the formalisation of a closure programme that had been grinding away through the 1950s, a momentum the 1963 report only accelerated. The Reshaping of British Railways in 1963 and The Development of the Major Railway Trunk Routes in 1965 proposed that roughly a third of the British railway network be closed. Over two thousand stations and around five thousand route miles. The figures are rehearsed so often they feel like a creed; what matters more, walking the ex-lines, is that the geometry never leaves. British Rail sold bridges for scrap and embankments for development, but plenty of the corridors survived because nobody quite got round to them. They became nature reserves by default. They became cycle paths when councils went looking for free linear infrastructure. The Trans Pennine Trail is a Frankenstein of them.

What strikes me about a trackbed is how much effort was put into hiding it from the natural gradient of the land. Cuttings through shale. Embankments raised over streams. Bridges at exactly the height a fireman needed. You can't walk these corridors without noticing you're travelling on engineering that outlasted its purpose by a factor of three or four. The steam age poured this much reinforced earthwork into a country that then changed its mind about it within a generation, and the country couldn't afford to remove the evidence.

Bobby Seal, writing about the Mold to Denbigh Junction line which closed in 1962, called it a phantom limb of twisted metal, grasping roots and overhanging trees. I like the phrase because it identifies what these walks actually feel like. There's the literal overgrowth, the hazel and birch coming up through ballast that hasn't seen a sleeper since the Wilson government. And there is the other thing. The sense that the corridor is still signalling, that if you stand at Star Crossing or Nannerch long enough you can almost hear the excursion trains coming through in a cloud of steam toward Rhyl, which they did, every August Bank Holiday, for decades, and then one year didn't.

I don't think hauntology is the right word for every old thing. It gets used promiscuously now, which drains it. But the Beeching routes are specifically hauntological in the Mark Fisher sense, not because they are spooky, but because they are the trace of a future that was paid for in reinforced clay and then abandoned mid-sentence. The embankments aren't mourning anything. They are just there, still raised, still flat, still arrow-straight across three parishes, waiting to be told what they're for now.

The Borders Railway reopened thirty miles of the old Waverley line in 2015, the longest new domestic railway built in Britain in more than a century. The trackbed was largely intact, which is the only reason it was possible. Elsewhere the bridges had already gone, the cuttings been infilled, the route chopped up by A-roads and warehouse estates. The choice to reopen a line is usually a choice to admit that the original decision was wrong; the ability to reopen depends entirely on how completely the original decision was enforced.

Half-erased, half-preserved. That's the settlement the cuts left behind. Not a ruin. A suspension.

Boards of Canada quietly pushed an album to preorder on Bleep today. The catalog number is WARP496. The title is Inferno. It's their first album in thirteen years, and the page kept timing out when I tried to load it.

The lead-up was elaborate, even by their standards. On April 6 dozens of fans started receiving unmarked VHS tapes at addresses they'd used to buy things from Warp's mail-order arm. The sender was something called Ochre Logistics, which is the platform Bleep itself runs on. The tapes contained no music, just static and a chopped-up religious broadcast that fans traced to a Moody Bible Institute ad from around 1990. Then the street posters showed up in London, LA, New York, and Tokyo, all bearing the duo's hexagon logo with no text. On April 16 they uploaded a track called "Tape 05" to YouTube with no description, no caption, no announcement. Three minutes of gentle, droning synths.

Now Inferno itself is on Bleep, and the site can't keep up. The release page returned 504 Gateway Timeout for me, and the Wayback Machine snapshot from earlier today is how I ended up confirming what I was looking at. WARP496, releasing May 29. Red transparent vinyl deluxe at $44.99, black 2×LP at $33.99, CD at $15.99. Eighteen tracks. The first one runs thirty-six seconds. The longest stretches past six minutes.

A preview clip sits on the listing too, when the listing loads.

Forty-Two Seconds of Inferno

The fan response is doing what BoC fan responses always do: people are decoding things. The Twoism forum and r/boardsofcanada have been parsing the posters for hidden frequencies and comparing the VHS audio to the Societas x Tape NTS broadcast from 2019. Fans have been tracking something called LP5 for a couple of years. It's now Inferno.

What's interesting is how legacy this all feels. Mailing physical media to surprise customers, putting up wheat-paste posters, releasing a teaser track with zero context, the long preorder window before a vinyl drop. Boards of Canada didn't invent this playbook, but they're one of very few acts who can still make it work, because their audience hasn't stopped paying attention since 1998. There's something steadying about it. The promotion strategy that made sense before social media still makes sense, when the audience was already there and willing to refresh a page for an hour to get a record.

A six-petalled flower, drawn with iron compasses, scratched into the oak jamb of a Tudor doorway. It is 2026. Nobody in the building believes in witches. The mark works anyway, or it doesn't, depending on what you mean by work.

These are called apotropaic marks, from the Greek apotropaios, averting evil. Historic England has been surveying them since 2016 and has catalogued more than 600 examples across churches, barns, manor houses, cottages, and caves. The most common is the daisy wheel or hexafoil: a geometric figure any apprentice with a compass could produce. They cluster at doorposts, window frames, hearth stones, chimney openings — the places James I identified in his 1597 Daemonologie as the routes by which witches, transformed into small animals, might slip into a home through any opening that admitted air.

The theory was that a demon, faced with a continuous line, would follow it. The concentric rings became a maze. The maze became a trap. A spirit attempting the chimney would spend eternity circling the inside of a beam.

At Gainsborough Old Hall in Lincolnshire, a volunteer spent two years cataloguing what turned out to be one of the densest concentrations of ritual marks in England. Over a hundred burn marks, struck to protect against fire. Marian symbols, overlapping Vs for the Virgin. Daisy wheels in doorways and beams. English Heritage cannot explain why Gainsborough, specifically, needed so much protection. The building, in any case, outlasted the fear.

What interests me is not the belief. The belief is legible and, in its internal logic, reasonable. What interests me is the moment the belief went and the marks didn't. Somewhere between the seventeenth century and the nineteenth, the idea that a witch-as-hare might crawl down the chimney stopped being credible to almost everyone. Nobody went back and sanded the hexafoils out of the oak. You cannot remove a daisy wheel without defacing the timber, and the timber was expensive, and the compass-scratched grooves eventually became, to later eyes, simply graffiti. Decorative. Meaningless.

This is the haunting more interesting than any haunting. The object outlives the frame that made it legible. The protective intention is still encoded in the wood. Someone, on a specific afternoon, with a specific anxiety about a specific threshold, bore down with an iron point and inscribed a figure meant to avert harm from the people inside. Four centuries later the figure is still averting. It just has nothing to avert.

Mark Fisher wrote that the eerie arises when there is a presence where there should be absence, or an absence where there should be presence. Sapphire & Steel does this with time itself. Apotropaic marks do something quieter, and I think harder to name. There is neither presence nor absence. There is intention without referent. The door is still being guarded. The guard is still at his post. The enemy he was posted against has forgotten he existed, or never existed in the first place.

Be cautious of the sentimental reading, though. These were not beautiful gestures made by simple people. The same century that scratched daisy wheels at the entrance to Shakespeare's Birthplace cellar burned women for the crimes the wheels were meant to repel. The marks coexisted with accusation, with the whole apparatus of the witch trials. Protection implies threat. The threat was imaginary; the response to it was not.

Still. Walk into any half-decent timber-framed pub in England and look at the beams over the hearth. If you see faint concentric circles, or a pair of overlapping Vs, or a burn mark that seems too deliberate to be accidental, that is someone's seventeenth-century evening of quiet fear, preserved. The carver is dead. The witches were never coming. The mark is still there. It is doing exactly what it was asked to do, which is nothing, because nothing is what was ever going to happen.

On September 30, 2012, the results of the ImageNet Large Scale Visual Recognition Challenge came back. One team, SuperVision, registered a top-5 error rate of 15.3%. The next-best entry managed 26.2%. Nearly eleven percentage points of separation, in a field where a good year moved the needle by one or two.

The team was three people at the University of Toronto. Alex Krizhevsky, a grad student with an unusual knack for wringing performance out of GPUs. Ilya Sutskever, another grad student, who had spent months convincing Krizhevsky to try a deep convolutional network on ImageNet. Geoffrey Hinton, their advisor, who signed off on the attempt and later joked that "Ilya thought we should do it, Alex made it work, and I got the Nobel Prize."

The network that became AlexNet was trained on two Nvidia GTX 580 cards, consumer GPUs you could buy at a computer shop, sitting in Krizhevsky's bedroom at his parents' house. Sixty million parameters, five convolutional layers, three fully-connected. ReLU activations, dropout, and a very efficient GPU implementation of convolution that Krizhevsky had been writing for years as cuda-convnet. Training took five or six days.

The paper landed at NeurIPS that December. In October, at the European Conference on Computer Vision in Florence, Krizhevsky presented the work and the old guard was unimpressed. Yann LeCun, who had been arguing for convolutional nets since the late eighties, told anyone who would listen it was a turning point. He turned out to be correct. Before AlexNet, almost no leading computer-vision paper used neural nets. After it, almost all of them did.

The speed of the conversion is the part worth sitting with. Computer vision had spent twenty years perfecting hand-engineered feature pipelines. SIFT, HOG, deformable part models. Whole careers built on getting the descriptors right. A single result made most of that work obsolete inside a year. Research groups that had been refining feature extraction for a decade pivoted to training deep nets, often on the same kind of hardware, often using the code Krizhevsky had open-sourced.

That's the pattern Rich Sutton later formalised in nine paragraphs: general methods that scale with computation beat specialised methods that encode human understanding. AlexNet is the cleanest example in the set. The team didn't out-clever the competition. They out-computed it, on consumer hardware, against opponents with more institutional weight and better-tuned features.

The Computer History Museum released the original AlexNet source code in partnership with Google. Reading it now, it looks almost boring. A handful of CUDA kernels, a training loop, a few regularisation tricks. Nothing that couldn't be reimplemented in a weekend. What it did on September 30, 2012, cannot be reimplemented. That moment only happened once.

The sign in the butcher's window said CLOSED WEDNESDAY AFTERNOON, and it meant it. At one o'clock the shutters came down across most of the high street. The baker, the ironmonger, the shoe-repair place, the drapers. By half past one you could walk up the middle of the road without meeting a car. Some towns did Thursdays instead, because Wednesday was market day and nobody shut up on market day. Further north it was Tuesday. You were supposed to know which, and if you didn't, you were punished by a locked door and a tiny handwritten note taped to the glass.

This wasn't a folk custom. It was the law. The Shops Act 1911 gave shop staff a weekly half-holiday, codifying a campaign that had been running since the 1830s, Early Closing Associations pressing drapers to shut at eight in winter rather than nine, later pushing for a full afternoon off mid-week. The half-day became standard. It stayed standard. The statutory framework lingered until 1 December 1994, when the Shops (Early Closing Days) Act 1965 was finally repealed , the same season Parliament was also letting supermarkets open on Sundays via the Sunday Trading Act. One kind of scheduled pause was being dismantled as another was being legalised, in the same handful of months.

The detail I love is that Sheffield Wednesday Football Club is called that because its original members were shop workers, and Wednesday was the only day they could field a team. The working week was shaped around not-shopping. An entire football club inherits the name of an absence.

When the law went, the half-day didn't go with it everywhere. Mumsnet threads from 2020 are full of people in Norfolk, Derbyshire, Pembrokeshire, the North East, reporting the local butcher or post office or hairdresser still shutting at one on Wednesday or Thursday, out of pure habit. Ilkeston gave up its Wednesday closure around 2012. Halifax had already abandoned it in 1983. Watford adopted it in 1869. The dates don't form a national timeline. They form a scatter plot of towns deciding, one by one, that the pause wasn't worth the trouble.

What the law actually produced, sitting just under the economics of it, was a recurring weekly silence. Not Sunday silence, which was total and religious and belonged to the whole country at once. A local silence. You couldn't buy a loaf in Settle on Wednesday afternoon but you could in Skipton; you couldn't cash a cheque in Halifax on Thursday but you could in Bradford. The country was perforated with small, scheduled non-events that were impossible to navigate unless you lived there. The shops-closed hours belonged to the street, not the calendar.

The practical argument for ending it was obvious. People with weekday jobs couldn't shop on Wednesday afternoon; big retailers wanted uniform hours; a single family couldn't run a corner shop while also observing a mandatory unpaid half-day. The Shops Act made sense when shopkeepers were also shop workers and the town was the unit. Once that stopped being true, the half-day became a bureaucratic ghost, maintained out of habit and municipal inertia and the occasional grumpy ironmonger who refused to change.

It's the specific texture I can't quite reproduce in memory. The emptiness of a market-town high street at three o'clock on a Wednesday afternoon in the 1980s, the post office shuttered, the Woolworths keeping its own hours, a single Volvo parked outside the bank. The streets did not need to be busy. They weren't supposed to be. The law said you had time to go home and have your tea, and a surprising number of towns took the law seriously for a hundred years after it was passed.

A few of them still do.