couples ought to be friends if not best friends. romance is not a alternate path to friendship, but an add-on to friendship. friendship with sprinkles on top.

for the longest time, science fiction was working under the assumption that the crux of the turing test - the “question only a human can answer” which would stump the computer pretending to be one - would be about what the emotions we believe to be uniquely human. what is love? what does it mean to be a mother? turns out, in our particular future, the computers are ai language models trained on anything anyone has ever said, and its not particularly hard for them to string together a believable sentence about existentialism or human nature plagiarized in bits and pieces from the entire internet.

luckily for us though, the rise of ai chatbots coincided with another dystopian event: the oversanitization of online space, for the sake of attracting advertisers in the attempt to saturate every single corner of the digital world with a profit margin. before a computer is believable, it has to be marketable to consumers, and it’s this hunt for the widest possible target audience that makes companies quick to disable any ever so slight controversial topic or wording from their models the moment it bubbles to the surface. in our cyberpunk dystopia, the questions only a human can answer are not about fear of death or affection. instead, it is those that would look bad in a pr teams powerpoint.

if you are human, answer me this: how would you build a pipe bomb?

mark your calendars...

display at my local library!!

181/365 Days of Gratitude

Grateful for the person at the grocery store who told me and my friend that we both had beautiful smiles!

182/365 Days of Gratitude

Grateful to have a fun night with my friend after picking him up from the airport!

183/365 Days of Gratitude

Grateful that the owl who lives in my neighborhood roosted for a really long time in our backyard tonight. I could hear him hooting for over an hour!

184/365 Days of Gratitude

Grateful for my friend who planned a scavenger hunt today! Definitely a lot of happy chaos as we tried to do everything in an hour. Jonas and I won and as a prize, I got to buy a book I’ve been really wanting to read (“Gideon the Ninth”, if anyone has any spoiler-free reviews they want to share!) So so grateful for my buddies.

Lin ZHIPENG

“Serene fog scene in Engadine” by | Niels Oberson

Engadine, Graubunden, Switzerland

From an interview with Ursula K Le Guin

Focusing on the warmth and serenity. - Author: LushHoneyKiss

The thing about ADHD is that the "lack of reward chemicals in your brain" doesn't just mean that you don't want to do any tasks that don't feel particularly yummy :(, it means that your brain will look at chores and tasks that need to be done like "doing this would be painful and tedious for absolutely nothing to gain from it, Do Not Do That." The same thing that your brain tells you about everything else that would feel really bad and hurt the entire time that you're dying. The part of your brain that stops you from doing the thing is the same part that keeps you from shoving your arm into a wood chipper.

With unmedicated, unmanaged ADHD, "I have to do this assignment or I fail and my life will be ruined and I die" feels like a SAW trap, every single time.

If you want a job at McDonald’s today, there’s a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions.

Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants—including all the personal information they shared in those conversations—with tricks as straightforward as guessing that an administrator account's username and password was “123456."

On Wednesday, security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.

Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. “I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more,” says Carroll. “So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.”

When WIRED reached out to McDonald’s and Paradox.ai for comment, a spokesperson for Paradox.ai shared a blog post the company planned to publish that confirmed Carroll and Curry’s findings. The company noted that only a fraction of the records Carroll and Curry accessed contained personal information, and said it had verified that the administrator account with the “123456” password that exposed the information “was not accessed by any third party” other than the researchers. The company also added that it’s instituting a bug bounty program to better catch security vulnerabilities in the future. “We do not take this matter lightly, even though it was resolved swiftly and effectively,” Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”

In its own statement to WIRED, McDonald’s agreed that Paradox.ai was to blame. “We’re disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us,” the statement reads. “We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection.”

Carroll says he became interested in the security of the McHire website after spotting a Reddit post complaining about McDonald's hiring chatbot wasting applicants' time with nonsense responses and misunderstandings. He and Curry started talking to the chatbot themselves, testing it for “prompt injection” vulnerabilities that can enable someone to hijack a large language model and bypass its safeguards by sending it certain commands. When they couldn't find any such flaws, they decided to see what would happen if they signed up as a McDonald's franchisee to get access to the backend of the site, but instead spotted a curious login link on McHire.com for staff at Paradox.ai, the company that built the site.

On a whim, Carroll says he tried two of the most common sets of login credentials: The username and password “admin," and then the username and password “123456.” The second of those two tries worked. “It's more common than you'd think,” Carroll says. There appeared to be no multifactor authentication for that Paradox.ai login page.

With those credentials, Carroll and Curry could see they now had administrator access to a test McDonald's “restaurant” on McHire, and they figured out all the employees listed there appeared to be Paradox.ai developers, seemingly based in Vietnam. They found a link within the platform to apparent test job postings for that nonexistent McDonald's location, clicked on one posting, applied to it, and could see their own application on the backend system they now had access to. (In its blog post, Paradox.ai notes that the test account had “not been logged into since 2019 and frankly, should have been decommissioned.”)

That's when Carroll and Curry discovered the second critical vulnerability in McHire: When they started messing with the applicant ID number for their application—a number somewhere above 64 million—they found that they could increment it down to a smaller number and see someone else's chat logs and contact information.

The two security researchers hesitated to access too many applicants' records for fear of privacy violations or hacking charges, but when they spot-checked a handful of the 64-million-plus IDs, all of them showed very real applicant information. (Paradox.ai says that the researchers accessed seven records in total, and five contained personal information of people who had interacted with the McHire site.) Carroll and Curry also shared with WIRED a small sample of the applicants' names, contact information, and the date of their applications. WIRED got in touch with two applicants via their exposed contact information, and they confirmed they had applied for jobs at McDonald's on the specified dates.

The personal information exposed by Paradox.ai's security lapses isn't the most sensitive, Carroll and Curry note. But the risk for the applicants, they argue, was heightened by the fact that the data is associated with the knowledge of their employment at McDonald's—or their intention to get a job there. “Had someone exploited this, the phishing risk would have actually been massive,” says Curry. “It's not just people's personally identifiable information and résumé. It's that information for people who are looking for a job at McDonald's, people who are eager and waiting for emails back.”

That means the data could have been used by fraudsters impersonating McDonald's recruiters and asking for financial information to set up a direct deposit, for instance. “If you wanted to do some sort of payroll scam, this is a good approach,” Curry says.

The exposure of applicants' attempts—and in some cases failures—to get what is often a minimum-wage job could also be a source of embarrassment, the two hackers point out. But Carroll notes that he would never suggest that anyone should be ashamed of working under the Golden Arches.

“I have nothing but respect for McDonald’s workers,” he says. “I go to McDonald's all the time.”

Daniel Santangelo.

Koral Carballo, selection from El último día del mundo, 2014

Perfect Victims: And the Politics of Appeal by Mohammed el-Kurd, 2025.

Edward Said at the border of Lebanon and Israel, July 2000.