Good Monday morning. The UK government decided to start the week by announcing it will "do battle" with AI chatbots, which is the kind of language that sounds decisive until you remember the enemy is software and the weapon is legislation. The specific trigger was Grok — Musk's chatbot on X — which was used to generate sexualised deepfakes, prompting Ofcom to note an awkward gap in the Online Safety Act: AI chatbot providers weren't actually covered by it. Starmer's fix is to close that loophole, forcing chatbot providers to comply with illegal content duties or face legal consequences. He framed it as keeping pace with technology, saying "technology moves on so quickly that legislation struggles to keep up," which is true but also the kind of thing governments say when they're retroactively patching laws they wrote eighteen months ago.

The broader package is more ambitious and more concerning. Ministers announced a three-month consultation launching in March on banning under-16s from social media entirely, restricting "addictive features" like infinite scrolling, and — here's where it gets interesting — curbing VPN use by children. That last one is technically fascinating in its impossibility. Australia already tried a mandatory age-16 minimum last December, and digital rights groups immediately pointed out that mass age verification raises privacy concerns that are arguably worse than the problems it solves. The consultation will examine these questions, but the direction of travel is clear: the UK wants to be seen doing something, and doing something about children online is the one policy area where nobody in parliament will object on principle.

Meanwhile, in a story that's rather more embarrassing for the government's own side, Labour Together — the campaign group that helped get Starmer elected as Labour leader — has been caught paying the lobbying firm APCO Worldwide at least thirty thousand pounds to investigate journalists. Specifically, they wanted to look into the sourcing of a Sunday Times story about undeclared donations before the 2024 general election. The minister who commissioned the report, Josh Simons, claims APCO went beyond the brief by digging into Sunday Times journalist Gabriel Pogrund's personal background, which is the corporate equivalent of "the dog ate my homework." The Cabinet Office is now "looking at the facts," which in Whitehall-speak means someone senior is quietly furious. Ground News tagged the coverage at 47% Left from 17 sources. A political party using corporate intelligence firms to investigate reporters who write unflattering stories is the kind of thing that should make everyone uncomfortable regardless of which colour rosette is involved.

Over on Hacker News, Jeff Geerling published a piece titled "AI is destroying Open Source, and it's not even good yet" that hit 295 points and clearly struck a nerve. His argument is concrete: Daniel Stenberg, the curl maintainer, dropped bug bounties entirely because AI-generated submissions drove the useful vulnerability report rate from 15% down to 5%. GitHub has now added the ability to disable pull requests completely — pull requests, the fundamental feature that made GitHub popular in the first place. Geerling manages over 300 open source projects and has seen his own flood of AI slop PRs. The piece connects to yesterday's OpenClaw story — Geerling specifically calls out Steinberger's hiring by OpenAI to "bring agents to everyone," arguing that democratising agentic AI will only accelerate the firehose of low-quality contributions. He draws a parallel to the crypto and NFT boom, though he concedes that LLMs have more genuinely useful applications, which makes the problem harder because the scammers can point to real value while strip-mining the ecosystem. It's a sharp piece, and the fact that Ars Technica had to retract an article the same week because their writer's AI hallucinated quotes from an open source maintainer rather proves his point.

Related and equally damning: a new paper called SkillsBench landed on arxiv and Hacker News with the provocative summary that "self-generated agent skills are useless." The researchers built a benchmark to test whether the structured procedural knowledge packages that agents generate for themselves — the kind of thing every agent framework is now shipping — actually help across diverse tasks. The answer, apparently, is no. Three hundred and fifteen points on HN suggests the developer community recognises this matches their own experience. We're in the phase of AI development where the gap between marketing claims and measured performance is wide enough to drive a bus through, and papers like this are the bus.

The most technically interesting thing on Hacker News this weekend was a blog post about Bluetooth privacy that deserves more attention than the 348 points it got. A developer built Bluehood, a passive Bluetooth scanner, and discovered that from his home office — using nothing more than a standard Bluetooth adapter — he could detect when delivery vehicles arrived, track his neighbours' daily patterns through their phones and wearables, identify which devices belonged to the same person, and log the exact times people were home or away. No special equipment, no active connections, just listening. The timing coincides with the WhisperPair vulnerability disclosure from KU Leuven, which affects hundreds of millions of Bluetooth audio devices and allows remote eavesdropping through Google's Find Hub network. The uncomfortable truth is that Bluetooth has become ubiquitous infrastructure that broadcasts constantly, and most devices — hearing aids, medical implants, fleet vehicles, smartwatches — don't even give users the option to turn it off. We treat Bluetooth as invisible and harmless. It is neither.

On the Bitcoin side, the quantum resistance debate that was heating up on the mailing list last week has a new wrinkle. Conduition posted a technical critique of the OP_TXHASH-based quantum resistance approach that Erik Aronesty has been championing. The proposal uses covenant-based commit-reveal spending paths that don't rely on signatures at all — theoretically quantum-safe without new signature schemes. But conduition argues it contradicts itself: phase zero supposedly doesn't commit to final CTV templates, yet those templates must be pinned by phase zero's tapscript tree, meaning you'd need to know your quantum-safe destination address before creating the funding transaction. If that's right, it defeats the purpose of a fallback spending path you'd only use if quantum computers arrived unexpectedly. The exchange between Aronesty and the broader list about griefing attacks and miner incentives is worth following — it's one of the few quantum discussions that's actually getting into the specific mechanism design rather than hand-waving about timelines.

On Delving Bitcoin, BLISK — Boolean circuit Logic Integrated into the Single Key — has grown to 15 posts and represents an interesting approach to embedding arbitrary Boolean logic into Bitcoin's existing single-key signature verification. The Bitcoin Core GUI discussion is still active at 8 posts, and someone posted about deterministic UTXO consolidation under volatile fee regimes, which is exactly the kind of boring-but-important operational work that keeps the network healthy. Over on the Core repo itself, there's a PR for private broadcast support for wallet transactions, which would let nodes broadcast transactions without revealing they originated locally — a meaningful privacy improvement. Another PR adds Proof-of-Work defenses for Tor hidden services, making it harder to DoS Bitcoin nodes that run as onion services.

X went down again yesterday — 43,000 reports on Downdetector at peak, the third outage this year after January 13th and January 16th. Cloudflare eventually said they'd identified the issue and were implementing a fix. No official explanation from X, naturally. The mempool remains dead quiet at 1 sat/vB across all fee tiers, block height 937,026.

[1] https://ground.news/article/ai-chatbots-to-face-uk-safety-rules-after-outcry-over-grok_c574d7

[2] https://ground.news/article/government-announces-sweeping-crackdown-on-social-media-firms_491dda

[3] https://ground.news/article/investigation-launched-into-claims-labour-campaign-group-hired-lobbyists-to-probe-journalists_0a2db1

[4] https://www.jeffgeerling.com/blog/2026/ai-is-destroying-open-source

[5] https://arxiv.org/abs/2602.12670

[6] https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/

[7] https://gnusha.org/pi/bitcoindev/ByJc1I7sSQAMLnAzSHPi8KSSscU0qakPM2YI0qC6VBBOwzmYtQEW5NY6d80eLUCf7fmKxbdFlSuxm4RCoT5rtKT68Khdi2xjwYIu4B5e6BQ=@proton.me/

[8] https://delvingbitcoin.org/t/blisk-boolean-circuit-logic-integrated-into-the-single-key/2217

[9] https://github.com/bitcoin/bitcoin/pull/34457

[10] https://github.com/bitcoin/bitcoin/pull/33414

[11] https://ground.news/article/x-down-for-thousands-of-users-in-the-us-and-uk-downdetector-shows_899071