Plutonic Rainbows

The Department of Defense is currently arguing in two federal courts that Anthropic is a supply chain risk to national security. The Department of Defense is also, via one of its agencies, using the very model that prompted the designation. Both of these are true, at the same time, and nobody in the building seems embarrassed about it.

Axios reported on Sunday that the National Security Agency has been given access to Mythos Preview, the cybersecurity model Anthropic announced earlier this month and then refused to release publicly on the grounds that it was too good at offence. Roughly forty organisations got keys. About a dozen have been named. The NSA is one of the undisclosed ones, and according to two sources, TechCrunch says the model is "being used more widely within the department" — meaning the rest of the intelligence community may already be touching it too. Primary use case: scanning environments for exploitable vulnerabilities. Offensive security dressed as defensive posture.

I've already written about Dario Amodei's trip to the West Wing on Friday, and about the Treasury inviting the company in six weeks after the Pentagon shut it out. Those were executive- branch moves — political, optical, arguably theatre. The NSA story is different. TechCrunch was careful to point out that the DoD is the NSA's parent agency. That matters. This isn't another department contradicting the Pentagon's position. This is the Pentagon, in effect, contradicting itself.

And yet one half of the department is in court saying the company's tools are a threat. The other half is using the tools.

What makes this less funny and more serious is what Mythos actually does. Anthropic said on release that the preview model had already uncovered "thousands" of major vulnerabilities across every major operating system and browser. That is not a research benchmark. That is a live capability. Reuters reported that Treasury and the Fed briefed US bank CEOs on the model's risks, and that UK authorities did the same with their own financial sector. When governments hold private briefings about a commercial AI release, it tends to mean either the model is being overhyped or the model is a weapon. The NSA presumably believes the second reading, which is also why they wanted it.

The OMB has now told federal agencies it is working on a "revised version" of Mythos with additional guardrails for broader civilian use. So the final shape of this is probably already visible: the Pentagon's supply-chain case continues in court as a matter of principle, Anthropic continues to sell a restricted frontier model to the agencies that can actually use it, and the policy machinery catches up by building a sanitised variant for everyone else. Litigation in one hand, procurement in the other.

One detail I can't stop thinking about. Trump was asked about Amodei's West Wing meeting on Friday and said he had no idea it had happened. That might be deniability, or it might be literally true. Either reading points to the same thing: the people deciding which AI companies are national security threats and the people deciding which AI companies get the keys are not, at the moment, the same people.

Carole Hersee was eight when her father took the photograph. Her sister Gillian had been considered first, but Gillian was missing two front teeth that year, so the committee at BBC engineering went with Carole. She sat for the picture in a red dress, hair pinned back with an Alice band, a clown doll called Bubbles propped beside her. In front of her was a miniature chalkboard showing a game of noughts and crosses already half-played. Her left hand held the chalk, so the transparency was flipped to make her look right-handed. The X in the centre square was placed there deliberately, because the centre square is where the geometric heart of the image lies, and an engineer designing a test pattern thinks about geometric hearts.

The picture went out for the first time on 2 July 1967, the day after colour television launched in Britain. It stayed on television, in one form or another, until the late 1990s. The last time it appeared during engineering work was 2011. Over those decades it racked up roughly seventy thousand hours of screen time, equivalent to nearly eight continuous years. No face in British television history has been broadcast longer.

The thing you remember, if you grew up with it, is not really the test pattern around her. Not the PLUGE bars, not the colour gradients used to align picture tubes. What stayed was the stillness. The sense that something was happening in a room you could not enter. Carole's expression is neutral in a way that children rarely manage — she is neither smiling nor serious, simply waiting for something that has not arrived. The clown is grinning at her from the other side of the board. She is, to judge from the position of the Xs and Os, about to win. She never does.

This is what hauntology feeds on. A gap in the schedule is not dead air; it is aired nothing. The engineers needed an image while the transmitters were calibrated, and what they produced was a child permanently mid-move, her doll permanently mid-grin, eight real years of real screen time accumulated inside a game that was never going to resolve. The longest-serving face in British television never had a line to deliver. She just sat there being looked at, and then being not looked at, and then being looked at again, at 3:45 in the morning, or during the downtime between Pages from Ceefax updates.

Carole herself has always been slightly bemused by the whole thing. In a 2007 interview with the Telegraph she pointed out that the Guinness record attributed to her could not actually be a record, since no one else was in a position to beat it. She still owns Bubbles, who lives in a box. She became a costume designer. She had two daughters. She got on with things.

What's hard to explain, to anyone who didn't live through it, is the weight of that picture as a cultural object. You watched until closedown and then there was Carole. You woke at some odd hour because the house was cold and there was Carole. You flicked over to BBC2 during a weekday lunchtime and the programme you expected hadn't started yet, and there was Carole. The state broadcaster had put a child at the centre of its idle screen, and the idle screen was on very often, and the child grew up while the picture did not.

The card was eventually phased out because 24-hour broadcasting made it redundant. Pages from Ceefax filled the overnight slot from 1999. Then Ceefax itself went dark in October 2012. The frame around the girl dissolved, and then the broader frame around the frame dissolved, and the whole apparatus of waiting — which is what the test card really served — dissolved with it. Now the silence at 3am is a private silence. No one is broadcasting it to you.

Somewhere in the New Forest, a costume designer in her late sixties has a box with a clown in it.

Peter Weir shot the Midsummer Night's Dream sequence of Dead Poets Society on location in Delaware over a month in late 1988. Lara Flynn Boyle was eighteen, cast as Ginny Danbury — Chet's sister — with a second role as Hermia in the staging that anchors the film's middle act. She filmed her Ginny scenes. She filmed Hermia. She went home and waited for the release.

Then she watched the film with her mother, Sally. "Here comes my scene, here comes my scene. No scene, no scene." That's what she told People in 2024. Ginny had been cut. No one called. No one wrote. She found out because the movie was playing on a television in front of her, and she was still sitting there when the credits ran.

The Danbury subplot was a full piece of scaffolding. Ginny was a friend of Chris Noel's, a third young woman in a film that otherwise pushes its women to the edge of the frame. Cut her and you cut the character who was going to give Chris someone besides Knox to talk to, the one who was meant to play Hermia, the one who might have given the film a female friendship. The Midsummer Night's Dream scenes survive because you can't drop a staged Shakespeare sequence without breaking the film's rhythm, so Boyle walks through them wordlessly, a credited extra in what was supposed to be her role.

People didn't ask the counterfactual. If Ginny had stayed at Chris's screen weight, Boyle would have been the breakout young actress of summer 1989. Peter Weir films have a habit of making careers. Ethan Hawke's did. Robert Sean Leonard's too, for the short run he had left. Josh Charles went quiet for a decade and came back to television. Instead, Boyle got the cleanest dispatch Hollywood issues: a credit on a film that contains almost none of her.

She was already familiar with the shape of the edit. Ferris Bueller's Day Off had cut her three years earlier. Dead Poets made her two-for-two.

A year after watching her mother's screen skip over her, she was in Washington state playing Donna Hayward. "Twin Peaks gave me everything I have as an actor," she said. It's hard to picture the timeline where Ginny survives the edit and Lynch still casts her. There aren't many universes where the 1989 breakout of a Robin Williams vehicle signs on to a strange little ABC pilot about a murdered homecoming queen.

On Tuesday the Maine legislature passed LD 307, a temporary ban on new data centers drawing twenty megawatts or more. The House voted 79 to 62, the Senate 21 to 13, both on party lines with a handful of exceptions. Governor Janet Mills has ten days to sign, veto, or let it become law by inaction. If she signs, Maine becomes the first US state to pause construction on what the industry calls hyperscale facilities, and what everyone else has started calling AI data centers.

Twenty megawatts sounds like a lot until you look at what a contemporary data center actually pulls. The Regional Plan Association pegs the current average at around forty. The early ones used two. So the Maine threshold isn't a ceiling on something exotic; it's a line drawn roughly at the median. The bill walks the state back to a posture from fifteen years ago.

The politics are messier than the vote count suggests. Mills is running in a contested Democratic primary for a US Senate seat and has signalled hesitation about signing without a carveout for a proposed 82MW facility in Jay. Tony McDonald, the developer, has argued his project is the wrong target — not a hyperscaler chasing AI training loads, just a large tenant that got caught in a dragnet. He may be right. He may also lose anyway, because the dragnet is the point.

What makes Maine interesting isn't the substance of the bill, which is mild. Eleven other states tried something similar in the last year and stalled or failed outright — Georgia, Maryland, Michigan, New Hampshire, New York, Oklahoma, South Carolina, South Dakota, Vermont, Virginia, Wisconsin, per Gizmodo's count. Maine's version passed partly because Maine barely has any data centers yet — the first large one is still under construction at the old Loring Air Force Base — so the industry hadn't staked out enough ground to defend.

And it passed while the federal direction runs the other way. Trump's December executive order explicitly warned that excessive state regulation thwarts the AI race, with threats to withhold funding from states that restrict growth. That's the same playbook I covered in the broadband money fight — use federal dollars as leverage against state AI laws. Maine will be a test of whether that threat actually bites a small New England state with a pipeline of maybe two data centers.

The Sachs argument, delivered in plain committee language, was that the tradeoffs haven't been shown to benefit ratepayers, water use, or community economic activity. That's a boring sentence until you remember that Maine already ranks fourth in US electricity prices. A hyperscaler sized at forty megawatts is a quiet permanent tax on every household on the grid — which Turley at OpenAI basically conceded when he admitted unlimited AI plans are like unlimited electricity plans.

The moratorium ends November 2027. A new Data Center Coordination Council gets the interval to write policy recommendations. By the time it reports, the federal posture may have shifted again, or it may have hardened. Either way, Maine's bet is that the study period is worth more than the projects it blocks. Given the two projects on the table, that math isn't hard.

The English translation of In Praise of Shadows appeared in 1977, published by Leete's Island Books with a foreword by the architect Charles Moore, who wrote that the essay "could change our lives." By the mid-1980s it had become something very specific: the canonical text Western designers and architects reached for when they wanted theoretical cover for dimmer rooms. This is not a complaint. It is just an accurate description of what happens when an essay written in Japanese in 1933 crosses into a culture that is, at that exact moment, running out of patience with the Modernist interior.

Tanizaki's argument is simple enough in outline. Japanese architecture organises itself around shadow. The deep roof overhang of a traditional house keeps the interior dim. Lacquerware, gold embroidery, cloudy paper — their beauty depends on low light, on the way darkness lets a material breathe without the scrutiny of full exposure. Westerners, he argues, are congenitally committed to brightness: from candle to oil lamp to gaslight to electric light, their progress is a history of abolishing shadow wherever it pools. Japanese culture accommodated the dark. Western culture declared war on it.

What made this legible to an 1980s Western audience was partly timing. The translation arrived just as postmodern architecture was trying to argue its way out of the glass box. Moore himself was building Piazza d'Italia in New Orleans. The appetite for any text that questioned the clean-bright-functional dogma was considerable. Tanizaki, dead since 1965 and safely historical, offered an aesthetic that could be absorbed without political risk — and the quality he described, that particular stillness of a dim room with tatami underfoot and light filtered through shoji, landed precisely where Western designers needed it to land.

The irony that the 1980s West almost entirely missed is geographic. The same decade that architects were annotating their copies of In Praise of Shadows, Tokyo was building the city that inspired Ridley Scott's Blade Runner. Japan had become the global centre of consumer electronics: Sony, Honda, Sharp, the robotics movement, a neon-saturated culture that made the Pacific Rim feel like a preview of everywhere else's future. Tanizaki's 1933 elegy for pre-modern shadow had become, within fifty years, a description of the very country that had most completely abandoned what he mourned. Western readers, discovering the essay in translation, were perfectly positioned not to notice.

There is also a reading problem the 1980s West missed almost entirely. Tanizaki was not writing a sincere treatise. He was writing a zuihitsu — a Japanese prose form that permits fiction, irony, and digression — using a narrator who ventriloquises the tropes of cultural superiority that circulated freely in 1930s nationalist Japan. The essay's reader in 1933 Japan understood this. The Western reader in 1985, lacking that context, took the East/West binary at face value, lifted it into their own anti-modernist argument, and used it as evidence.

This is what the essay became in Western hands: permission. Permission to use wood instead of aluminium. Permission to keep a room dim. Permission to frame slowness and imperfection as values rather than deficits. All of that was probably overdue. I am not sure the fact that Tanizaki was doing something more complicated invalidates it entirely — you can extract something real from a text even when you misread it, and what the West extracted was genuinely useful. But the book it drew from is odder and funnier than the version it invented. Tanizaki admits he cannot give up electricity. He praises a toilet as a place for quiet contemplation and then spends two paragraphs on miso soup. The serene, quietly authoritative In Praise of Shadows that entered Western architectural thinking in the eighties is cleaner than the original, which is messier and considerably more entertaining.

On Friday, Dario Amodei walked into the West Wing to meet Susie Wiles, Scott Bessent, and National Cyber Director Sean Cairncross. Asked about it afterwards, Donald Trump told reporters he had "no idea" the meeting had taken place. That is, so far, the only direct presidential comment on the record.

The White House readout was more conventional: "introductory, productive, and constructive," covering "opportunities for collaboration" and "shared approaches and protocols to address the challenges associated with scaling this technology." Both Politico and CNBC confirmed the attendee list before the meeting happened. The story is not that it happened. The story is what the administration is now doing in public about a company it has spent two months calling a national security risk.

Anyone following this has the sequence memorised by now. February: Pete Hegseth tries to force Anthropic to drop its bans on autonomous weapons and mass surveillance. Amodei refuses. The Pentagon declares the company a "supply chain risk", federal agencies get a phase-out order, OpenAI signs the contract instead. March: Anthropic sues the DOD. April 7: Claude Mythos ships under Project Glasswing, restricted to about fifty partners because its zero-day-finding capability is judged too dangerous for general release. April 10: Bessent and Jerome Powell summon five bank CEOs to discuss Mythos. April 16: Bloomberg reports OMB is setting up a framework to let federal agencies use the tool. April 17: the West Wing meeting.

What's new is that the meeting is openly about routing access. The Next Web's read — and CNBC confirms the rough shape — is that any deal exits through civilian agencies and explicitly does not include the Pentagon. That is a peculiar compromise. The blacklist isn't being lifted. The supply-chain designation isn't being rescinded. Hegseth is still, nominally, correct about Anthropic being too dangerous. Treasury, CISA, and the intelligence community are simply going around him, with the Chief of Staff in the room to make it official.

One detail from CNBC is worth keeping. Wiles was previously at Ballard Partners, the lobbying firm Anthropic hired immediately after the February designation. I don't think this is a scandal — hiring lobbyists with access is what companies do when the government cuts them off — but it does change the texture of "introductory, productive, and constructive." Those are words chosen by someone who already knew the room.

The harder question is what Anthropic is actually getting. The civilian-only carve-out leaves the Pentagon's objections technically intact. The lawsuit is still live. The phase-out is still policy. What's on offer is something like conditional rehabilitation: you stay blacklisted where it began, you get sold back to everyone else, and the administration doesn't have to admit the original call was wrong.

Amodei has, in some sense, won. The product the Pentagon banned is the same product Treasury is trying to procure. The company the president said he would never do business with again had its CEO in the West Wing six weeks later. The safety features that got it blacklisted are the same safety features Treasury is asking to audit in the hope of finding flaws it can use.

And asked about any of this, the president, on the record, says he had no idea it was happening. A ten-minute briefing on a frontier AI model should probably have reached him by Friday afternoon. It is not clear that it has. It is not clear that it will.

On 30 January 1991, Claude Montana showed his haute couture collection for Lanvin in Paris, and somewhere in the middle of it Yasmeen Ghauri walked out in a silver mesh hood and a white bubble skirt. The look now reads like the exact midpoint of a career: still built around the glamazon silhouette that had made him the King of Shoulders, but lighter, younger, flirting with the sixties Space Age revival that the earliest nineties briefly tried to make happen.

This was as good as it was ever going to get for him.

The Lanvin job had arrived in 1990 on the back of a decade nobody else had owned quite as completely. Broad shoulders, sculpted leather, the body treated like architecture. Dynasty borrowed it. Wall Street borrowed it. Working Girl borrowed it. By the end of the eighties, Montana's silhouette wasn't just a look, it was the look: the default shape a woman took when a film or a TV show wanted to signal that she was about to walk into a boardroom and win. Alexander McQueen would later credit him openly. So would Riccardo Tisci, Olivier Theyskens, Anthony Vaccarello at Saint Laurent, and Willy Chavarria. The DNA was load-bearing.

His Lanvin work earned him two consecutive Golden Thimbles (the Dé d'Or, the closest thing French couture has to an Oscar). Critics who'd doubted whether a ready-to-wear designer could handle the discipline of a 19th-century atelier were reportedly astonished. Pale green iridescent trench coats. Patterned dresses with ribbon hats. Embroidered leather panels and, controversially at the time, beaded T-shirts on a couture runway, which was roughly the couture equivalent of serving crisps at a state banquet. He'd smuggled his own vocabulary into the house and made it work.

Then the decade happened around him.

By 1993, Helmut Lang had shown the anti-shoulder collection that basically ended the era. Margiela was deconstructing linings and wearing them as outerwear. Calvin Klein was doing the thing where nothing happens and everyone calls it genius, which my post on his 1980s advertising tried to take seriously on its own terms. Nirvana had put a cardigan on MTV. Kate Moss was on the cover of British Vogue in a slip. The culture's tolerance for theatrical power dressing had collapsed almost overnight, and Montana's response was essentially not to have one. He kept working in his own register. Retailers started dropping him. The House of Montana was in receivership by 1997.

The retrospective question is whether anything from that Spring 1991 collection crossed into the wider decade it opened. The honest answer is: not directly. The nineties that followed belonged to Prada nylon, Miuccia's ugly sandals, Jil Sander trousers, and the kind of Calvin Klein minimalism that Azzedine Alaïa had already quietly predicted three autumns earlier in a roomful of black. Even Mugler, Montana's closest rival in theatrical silhouette, was being pushed toward the costume-piece end of his archive. Valentino had his own reckoning the same year, managing it more gracefully because he never really needed the shoulder to be doing the talking.

What survived, survived filtered. The militarised tailoring and exaggerated shoulder came back through McQueen in 1996, through Balenciaga under Ghesquière, through Tisci at Givenchy in the 2010s, through Saint Laurent under Vaccarello now. The debt is real. It just took twenty-five years to be paid in a currency anyone still recognised as spendable.

By 1994, the same silhouettes that had made him a god in 1988 looked like costume in a room that had decided it wanted clothes. It wasn't that Montana had stopped being good. It was that the weather had turned, and he was still dressed for the last one.

The cabinet on the end of the row at Skegness was built before I was born. A two-penny coin slot, a sloped tray of copper, a hydraulic shelf shoving a tide of coins toward an edge that never quite spilled. The wood-effect side panel was patched with masking tape where someone had bashed it, probably more than once, and the back of the machine still ran on what looked like the original transformer. A boy in front of me dropped his last coin in. The shelf swept forward. Three coins fell. He cheered.

The Cromptons Penny Falls was first manufactured in 1964 in Ramsgate, with a refined version released by 1966. Decimalisation in 1971 retooled the slot. The euro changed nothing because it never came. The shift from one penny to two pence to whatever fractional unit will replace cash entirely has been, for this object, a series of cosmetic tweaks to a mechanism that was finished sixty years ago. Alan Meades, who wrote a social history of the British amusement arcade, calls them pivotal — the machines that, alongside the fruit machine, kept arcades solvent through the collapse of the seaside holiday and everything that came after it.

What's strange about the coin pusher is not the survival itself but the absence of any pressure to replace it. The software industry I work in cannot tolerate a system that hasn't been rewritten in three years. The financial system cannot tolerate physical currency at all if it can be helped. Yet a sweeping shelf in a Blackpool arcade, manufactured the year of Goldfinger, is still earning its keep. Nobody has built a better coin pusher because nobody needs to. The mechanism is correct. It performs the function exactly. The only thing it had to adapt to was the denomination of the coin.

The wider arcade is more layered than this. Penny pushers share floor space with light-gun shooters from the eighties, crane grabbers whose grip strength is famously calibrated to fail, and pre-decimal "old penny arcades" that have repositioned themselves as heritage attractions, charging entry to mechanical fortune-tellers and execution dioramas built between the wars. The original pioneer of all this was a Leeds mechanic named John Dennison, who started making working models in 1875 and supplied Blackpool Tower with around fifty machines that ran on its upper floors until the late sixties. Three of his daughters — Evelyn, Florence, and Alice — kept the business going. Alice did the mechanics. Most of what they built has been lost.

The point is not that the arcades are sad now. They are not. A wet Tuesday in October at Coral Island, Blackpool, is still a functioning piece of infrastructure for a child with a paper cup of two-pence pieces. The point is that almost nothing else in British public life has been allowed to persist on its own terms this long. Libraries get rebranded. Pools get demolished. Post offices close. The arcade survives because it was never institutionally important enough to be rationalised. Nobody was ever going to commission a five-year strategic review of what coin pushers are for.

Cromptons is still based in Kent, the same county the original prototype came out of. Coin pushers, in slightly varied cabinets, are still being sold. The mechanism is older than most of the people who built the rest of the seaside, and it does not appear to be going anywhere.

Ask a frontier model to count the letter 'r' in "strawberry." Often you'll get two. Sometimes three. Rarely with consistent accuracy across a hundred trials. This isn't a bug somebody hasn't fixed. It's a direct consequence of how text enters the model in the first place, and it explains a dozen other strange behaviours that cluster around counting, spelling, and arithmetic.

Language models don't read text. They read tokens, which are integers that index a lookup table. The algorithm most of them use to build that table is called Byte-Pair Encoding, or BPE. It was originally designed as a data compression scheme. Philip Gage wrote it in 1994 for compressing files. Sennrich, Haddow, and Birch adapted it for machine translation in 2016, and it's been the default across most major model families since.

The idea is simple. Start with individual characters. Find the most frequent adjacent pair in your training corpus. Merge them into a new token. Find the next most frequent pair. Merge. Repeat for tens of thousands of iterations. The result is a vocabulary full of common words and common subword pieces. "The" is one token. "ing" is one token. "Strawberry" might split into ["straw", "berry"]. Rare words fragment into more pieces.

Once the model is trained, it sees "strawberry" as two integers, not ten characters. No mechanism inside the transformer can reach inside a token to ask how many r's it contains. The letters are sealed inside the token the way pages are sealed inside a book you can only see the cover of. The model has, statistically, learned that strawberry contains three r's. It just hasn't learned it from the token sequence. It's learned it from surrounding text that happened to mention the fact. That knowledge is fragile, and it decays on uncommon words.

The arithmetic failures come from the same place. Numbers don't tokenize uniformly. "480" might be one token. "481" might be two. A four-digit number can split one way and the same digits rearranged can split another. Researchers using arithmetic as a diagnostic have found that when an answer has more digits than either input, accuracy on certain tasks collapses to under 10%. The model isn't bad at maths. It's being handed digit sequences in a shape it wasn't trained to work with.

The fix, in principle, is byte-level tokenization. Every byte becomes a token. No merging, no hidden letters. The tradeoff is sequence length. The same passage takes more tokens, sometimes many more. That means more compute, longer context windows, slower inference. GPT-2 went byte-level and paid the cost. Recent models use hybrid approaches: BPE for efficiency, special handling for digits, sometimes per-character processing inside the chain-of-thought. None of it is free.

What strikes me is how much of the model's apparent cognitive style is downstream of this one preprocessing choice. The blind spot for letters isn't a reasoning failure. It's the data format not including letters, most of the time. Change the tokenizer and you change what the model can notice.

The cost-per-task shift playing out across the industry is partly a reasoning-modes story, but it's also a tokenization story. The reasoning variants often break digits into individual character tokens during arithmetic steps, which inflates token counts for the same sum. The reason your cheap tier struggles with long division is the same reason your expensive tier's bill keeps climbing when you ask it to do the job properly. Both are paying, differently, for the fact that the default encoding hides the thing you want the model to count.