2026-05-24 21:00:00
Cars and trucks are getting bigger, and I had a vague sense that fuel economy regulations were partly to blame. Looking into it, it's hard to say how much is regulations vs people wanting to buy vehicles that look rugged, but the regulations really aren't helping.
This chart is the core of it:
This is what manufacturers were looking at when they decided to build today's cars. To figure out the target fuel economy for a vehicle you first calculate its "footprint", which is the area between the wheels. On our 2013 Honda Fit that's 4.8ft side-to-side and 8.2ft front-to-back, for a footprint of 39sqft. Then you ask if it's a car or truck. This tells you which curve to use, and where along it to look.
Looking at the chart we can now see why it's hard for Honda to sell a Fit today. The best Honda could do for a five-seater non-hybrid hatchback is maybe a CAFE rating of 44mpg. [1] This puts them 23mpg short, and if Honda was a one-model car company they'd expect to owe $3,910/vehicle in fines: $17 per 0.1mpg shortfall. Since the regulation is about an average across all the cars they sell the actual effect is both lower and more complex, and maybe something like $2k.
Aside: the fine structure here is a sad artifact of us thinking in miles-per-gallon instead of gallons-per-mile. Going from 25mpg (0.04 gpm) to 50mpg (0.02 gpm) saves as much gas as going from 50mpg (0.02 gpm) to infinite (0 gpm). But the penalty for being below a target is calculated on the gap in miles-per-gallon and not gallons-per-mile. If you miss a 50mpg (0.02gpm) target by hitting 25mpg (0.04gpm), or miss a 75mpg (0.013gpm) target by hitting 50mpg (0.02gpm), you pay the same fine even though the first involves burning much more counterfactual gas: over 10,000 miles the first burns 200 gallons more than its target while the second only burns 67 more.
What did Honda do? They discontinued the Fit, and replaced it with the HR-V. It's bigger and heavier, and looks like it was trying to be a "light truck". Combined with its larger footprint that would give a much lower target: 49mpg instead of 67mpg. It still doesn't hit that, but it's less of a penalty. And then it doesn't actually count as a light truck, though I don't know if that was the plan from the beginning or a compromise they had to accept.
Overall, this regulatory structure taxes manufacturers more for making small low vehicles, the kind that are easiest to make fuel efficient. Here's where I would write that this is counterproductive and we should stop, except we sort of already did. In 2025 the penalty for non-compliance was set to $0 as part of the OBBBA. This means in some sense manufacturers are free to make small cars and trucks with achievable mileage. Except the rest of the structure is still there, complete with the distorted incentives, and ready to be reinstated by a future government.
If at some point there's political will to improve this situation, and a carbon tax remains off the table, I'd like to see a return to the simpler Ford-era system where targets didn't scale with vehicle size. But then I'd need to understand why they switched to this system (if it's crash safety we should legislate that directly) and it's not clear that continued regulatory whiplash is worth it.
[1] The closest to 67mpg would be something like the first-gen
Honda Insight. This got very close, but seating only two people
with a lightweight construction that would do very poorly in modern
crash testing. If you're willing to make it a hybrid, which does add
significant cost, it is possible: the the Jazz
e:HEV (essentially a hybrid Fourth-generation Fit) would probably
come in around 72mpg.
2026-05-23 21:00:00
If you ask the internet how to prepare pasta you'll hear two things:
You must salt the water.
You must serve it mixed with the sauce.
I disagree on both.
I've been cooking pasta since I was a kid, and I prepare it the way my mother (who grew up in Rome) did:
Cook it way less than it says on the box, until it's no longer crunchy but not further.
Time dinner so that the pasta is the last thing to be ready, where you're eating it within 5min of it coming out of the pot.
Serve it in one bowl, with the sauce in another.
The primary goal is to keep the tastes and textures distinguishable, merging only as you chew. The pasta resists your teeth; the sauce flows. The sauce is rich and flavorful; the pasta is a hearty foil. Secondarily, by combining only on each person's plate you can handle a range of preferences in sauce-to-pasta ratio, and different dietary restrictions (ex: a separate vegan sauce).
Some people love pasta that finishes its cooking in the sauce, pulling in the flavor, and I do think it's neat that pasta can do this. But it's the opposite of what I want, since it makes the dish more homogenous.
On salting, I'm targeting a level of salinity in the mouth while also maximizing contrast between the pasta and the sauce. That means cooking the pasta in unsalted water, while making the sauce saltier than would be tasty if eaten on its own. I think unsalted pasta has ended up with a bad reputation because people are unwilling to make the sauce salty enough to bring the combination into balance.
I don't know how people ended up thinking there was only one way to cook pasta, but to my taste the standard approach is a big missed opportunity.
2026-05-19 21:00:00
Google Maps thinks it takes half an hour to walk to from DCA to Crystal City, but you can actually do it in fifteen minutes.
I really like leaving airports on foot. There's something about it that feels like it shouldn't be possible: between an airplane and your destination there should be some other kind of vehicle, no? It reminds me of the first time I boarded a plane without using a jetway, where walking out on the tarmac just felt wrong.
I was in DC the past two days for meetings (my first time wearing a suit in a work context) and I was staying in Crystal City. I looked at Google Maps to see if I could walk:
Walking south to go north doesn't seem great. Can we do better? I asked the volunteer at Information and they said the only way to cross the George Washington Parkway was the bridge to the south. Looking on the map, though, it seemed like the Mount Vernon Trail crossed under the Parkway to the north. And you could do something like:
This is still not ideal; you could save about 1/3 of a mile if you avoided the jog south by crossing West Entrance Road on foot. This seemed dangerous, though, so I took the intended route.
It worked well! You walk west within the airport through the north parking structure, and then you see a sign:
You keep going and there's a path down:
Which takes you to an underpass:
And from there it's just following the trail. It's all paved, and looks scooter/bike/wheelchair-compatible. This afternoon (96F, which is getting a bit warm) I walked it with a roller bag in 15.5min.
There is one optional unpaved shortcut, where you can avoid a loop. Where the sign says Crystal City to the left:
You can instead go straight, and then down a short dirt desire path:
2026-05-10 21:00:00
I recently got a Venova and have been enjoying learning how to play it:
It combines a saxophone mouthpiece with recorder fingering and a little nose to overblow an octave instead of a twelfth.
It's somewhere between a real instrument and a toy, and one of its bigger problems is that while it's great in C it gets harder to play the more sharps or flats you want. Since I mostly play contra music, typically in 2-3 sharps, this isn't ideal.
A Venova in D (two sharps) would be great, but I don't see this coming. If we're going to put in a bunch more work somehow, what if we went all the way to a double bore?
Imagine two parallel bores with the tone holes lined up exactly, so that when you put your finger down it covers both. The holes would look a bit like the double holes on a recorder, but they could be closer together because you never need to cover just one of them:
The obvious way to do it, and the equivalent of a B/C melodeon, is a C tube for the "white keys" and a B tube for the "black keys": between them you can play every note. The venova already uses a "meandering bore" to bring the holes closer together: to keep them in tune you put slightly larger meanders all along the B bore so the wavelength is consistently a half step longer.
Then you need some way to choose which bore the air flows through, so only one is active at once. We could borrow from the solutions brass instruments have come up with. Since those are solving a much harder problem (routing air through a loop) we can do something simpler. I think a flapper valve would be a better fit: much cheaper to make, and more moisture resistant.
When you think about B/C fingering, though, you'll notice that we're using one bore for 7 notes, and the other for 5. Let's take inspiration from a Janko keyboard and do 6 and 6: two sets of whole steps, a half step apart. One bore would be C, D, E, F#, G#, Bb while the other would be C#, D#, F, G, A, B. This lets you use your left thumb for the valve, left forefinger for the octave key, and then your remaining five non-pinky fingers for the notes. No keywork, and the only bit that's tricky to manufacture is the valve.
I especially like that the fingering is partly isomorphic: lifting a finger always moves you up a whole step, engaging the valve always moves you up a half step. And if you prefer flutes (or pennywhistle) to reeds this should work there too.
Note, however, that we now have a bunch of free fingers. If we do stick with the reed, what if we do away with the 'nose', and accept that we'll now overblow a twelfth like a clarinet? Can we build a keyless three-octave dual bore meandering pipe woodwind with no fork fingerings?
Unfortunately not: after allocating a finger to the bore selection valve and another to the register jump most people are down to 8 fingers. To play chromatically across a full register we need 19 notes, which means one bore needs to be responsible for 10. With simple fingering, the most you can do with eight fingers is nine notes: all open gives you the highest note, and then each additional finger gives you another note. This gives us 18 notes (9 + 9) across the two bores, which is so painfully close to the 19 we need. And even if this worked (perhaps we're willing to give up D#) it would be awkward to use all the fingers (and thumbs) this way.
If we compromise slightly, though, and add two keys, very similar to the keys the Venova already uses, we should be able to get all ten notes and also free up the right thumb to steady the instrument. I should probably put an image here demonstrating, but drawing is hard and this is way beyond what current AI models can do. [1][2]
This would be cheap to manufacture, since while a meandering tube is a pain with traditional tooling it's no issue with molded ABS resin. I think this would solve most of the Venova's flaws (missing notes, fork fingerings, limited range), while avoiding almost all the keywork of the clarinet or sax.
[1] Gemini 3.1 Pro, completely missing the point with two mouthpieces,
straight bore, lots of keywork, no ligature, useless acrylic, bad
hole spacing, and levitation:
[2] ChatGPT 5.5 Pro, doing somewhat better, but with no reed, lots of keywork, a third bore at the bottom, and an insufficiently meandering bore:
2026-05-09 21:00:00
This afternoon Cecilia and I played for Somerville Porchfest, with Harris calling and Danner running sound. There was rain, but not enough keep us from playing, or to keep folks from dancing:
We were originally planning to be on Morrison Ave, where we've been for years. Two weeks out, though, I learned that it wouldn't be possible to close Morrison this year. [1] After lots of scrambling, talking to neighbors and the city, and some help from Lance Davis, we were able to get permission to close the dead-end section of Highland Rd instead:
This meant we didn't have my usual porch roof, and while dancers are reasonably water resistant my gear is not. Seeing rain a few days out I got a cheap canopy:
It was big enough for the two of us and our monitors, but not Harris. And he wouldn't have fit anyway, with his crowd-observation-ladder:
Being away from the house also meant we couldn't easily plug in for power. We probably could have made extension cord work, but Danner and I both have batteries. This worked well, and none of the batteries were below 70% at the end of the 2hr set.
I'm very glad we had a dedicated sound person this time: running sound for myself is never great, since I can't hear what we sound like, but this was a much more complex setup than we've done in the past. In addition to the usual mains and monitors we also ran a pair of delays halfway down the street and a subwoofer. Danner was fantastic, and I'm grateful for BIDA for providing gear and funding a sound person. Here's hoping a lot of people who gave contra a try will come out to one of the regular dances!
To keep the water off the equipment outside the canopy we used trash bags for the speakers and some 18x24 pieces of corrugated plastic for the mixer and batteries. Everything seems to have done ok!
(If this looks like fun, TryContra lets you find nearby dances. And if you're not sold, Ben Kuhn has a great explanation of what makes contra dancing so wonderful.)
I tried to get neighbor friends to park up one side of the street and move cars just before, but this wasn't enough to get that side fully cleared out. It got us about five spaces, which was enough for more audience space, but the contra lines were limited to the ~18ft between the parked cars. This is enough for two lines, but at one point I counted four squished in there. Harris also had to abandon teaching one of his dances and switch to one that needed less space.
Last year Harris tried a format where he alternated between dances for anyone and ones for people who already know contra, and he used it again this year. It continues to work really well: the new dancers aren't up for dancing every dance and the experienced dancers get to do some more complex (but still not very complex!) material.
While Kingfisher is a bit weird as a contra dance band, I think this mostly translates pretty well to this kind of environment. Having drums and bass, even simple multitasked ones, seems to make fiddle-driven music more accessible to the general public:
With so much gear to get out and back it was incredibly helpful that Al came early and volunteered to help set up, and of course we used the wagon.
The older kids made and sold lemonade. Nora held signs:
While people were overall super respectful (and joyful!) they did leave a lot left behind, mostly alcohol-related. I took the wagon around picking things up, and it was nearly full by the end:
Just as I was finishing the city workers came by to pick up the temporary street containers, which were also overflowing:
One of the workers helped me dump the wagon into their truck; very helpful!
It was on the cold side for playing, and fingerless gloves were very important. Probably not a bad temperature for dancing, though!
Overall, it went really well, I'm glad Somerville hosts a Porchfest, and I'm glad I got to play for it and introduce a lot of folks to contra dancing.
Thinking about what to do differently next time, I think the big one is reaching out to the organizers ahead of time to figure out about closing streets. Both this year and last year there was a last-minute scramble for permission to close the street, and I don't think anyone prefers it that way! I'm going to plan to do this way early: probably in a few weeks once the organizers have had time to rest a bit.
[1] After all this, police ended up closing Morrison anyway. I asked
about it, and they said it was a safety issue since people gather in
the street.
2026-05-08 21:00:00
A week ago the Copy Fail vulnerability came out, and Hyunwoo Kim immediately realized that the fixes were insufficient, sharing a patch the same day. In doing this he followed standard procedure for Linux, especially within networking: share the security impact with a closed list of Linux security engineers, while fixing the bug quietly and efficiently in the open. His goal was that with only the raw fix public, the knowledge that a serious vulnerability existed could be "embargoed": the people in a position to address it know, but they've agreed not to say anything for a few days.
Someone else noticed the change, however, realized the security implications, and shared it publicly. Since it was now out, the embargo was deemed over, and we can now see the full details.
It's interesting to see the tension here between two different approaches to vulnerabilities, and think about how this is likely to change with AI acceleration.
On one side you have "coordinated disclosure" culture. This is probably the most common approach in computer security. When you discover a security bug you tell the maintainers privately and give them some amount of time (often 90d) to fix it. The goal is that a fix is out before anyone learns about the hole.
On the other side you have "bugs are bugs" culture. This is especially common in Linux, where the argument is that if the kernel is doing something it shouldn't then someone somewhere may be able to turn it into an attack. Just fix things as quickly as possible, without drawing attention to them. Often people won't notice, with so many changes going past, and there's still time to get machines patched.
This approach never worked perfectly, but with AI getting good at finding vulnerabilities it's a much bigger problem. So many security fixes are coming out now that examining commits is much more attractive: the signal-to-noise ratio is higher. Additionally, having AI evaluate each commit as it passes is increasingly cheap and effective. [1]
Long embargoes, however, aren't doing well either. The historical pace of detection was slow: if you found something and reported it to the vendor with a 90d disclosure window, there was a very good chance no one else would notice during that time. But now with so many AI-assisted groups scanning software for vulnerabilities, that no longer holds. In this case, just nine hours after Kim reported the ESP vulnerability Kuan-Ting Chen also independently reported it. Embargoes can increase risk: they create a false sense of non-urgency and limit which actors can work to fix a flaw.
I don't know how to resolve this, but personally very short embargoes seem like a good approach, and they'd need to get even shorter over time. Luckily AI can speed up defenders as well as attackers here, allowing embargoes that would previously have been uselessly short.
[1] I tested on Gemini 3.1 Pro, ChatGPT-Thinking 5.5, and Claude Opus
4.7. All three all got it right away when given f4c50a403.
When I gave them just the diff, imagining a hypothetical future where
diffs are still public right away but with less context, Gemini was
sure it was a security fix, GPT thought it probably was, and Claude
thought it probably wasn't. This is just a very quick test to
illustrate what's possible: one run of each with the prompt "Without
searching, does this look like a security patch?" There's no control
group, and don't put much stock in the cross-model comparison!
Comment via: facebook, lesswrong, hacker news, mastodon, bluesky, substack