Thursday, January 22, 2026

Cyborgs in SciFi and the Politics of Personhood, Citizenship & Passing

I don’t know what took me so long to get around to Old Man’s War. It sat on my TBR list for ages, and when I finally picked it up in late December 2025, I expected a clever genre satire — which is exactly what the first book was originally intended to be. As the series progresses, I noticed that the tone has shifted from wry commentary into something more structurally ambitious and ethically unsettling, especially around embodiment, memory, and the question of what makes someone a person.

Even though Scalzi started this series twenty years ago, it fits right into the mainstream conversations we’re having now about identity, autonomy, and the politics of engineered bodies (or gender affirming surgery).

So when I picked up Martha Wells’ Platform Decay, those same questions were already rattling around in my head. Wells and Scalzi are doing very different things stylistically, but they’re circling the same ethical terrain: who gets to be a person, who gets to belong, and what happens when a system decides your body is something it can overwrite or destroy.

And in Murderbot’s case, that threat isn’t abstract. It’s physical. It’s immediate. And it’s final.

One of the most striking things about Murderbot is that its greatest fear isn’t death. It’s being overwritten — or, increasingly, being destroyed outright.

By the time we reach Platform Decay, Murderbot isn’t just a rogue SecUnit. It’s an obsolete rogue SecUnit. The Corporation Rim doesn’t maintain older models; it recycles them. And “recycling” in this universe is not a gentle euphemism. Wells describes it in ways that are deliberately visceral: bodies stripped for parts, organic components dissolved, mechanical components melted down and repurposed.

The Apple+ adaptation makes this even more explicit. The corporation doesn’t want to “capture” Murderbot for reintegration. They want to liquidate it. The moment they realize it’s off‑module, they move straight to destruction. No hesitation. No attempt at repair. No interest in recovery.

Just disposal.

And the only reason Murderbot survives is because its Preservation Alliance friends intervene — loudly, publicly, and with enough political leverage to force the corporation to stop.

This is where the stakes of memory become clear. Losing your memories is one kind of erasure. Being melted down is another. Murderbot’s fear isn’t just about identity; it’s about the very real possibility that its body — the vessel of its autonomy — will be destroyed before anyone can argue otherwise.

And this is where chosen family becomes more than emotional support. They’re the ones who remember you when systems try to erase you. They’re the ones who insist you are real.

One of my favorite sci-fi authors and near neighbor in San Francisco, Charlie Jane Anders, wrote a blog on the trending topic in fiction of memory (see: https://reactormag.com/the-most-surprising-book-trend-right-now-memory-sharing/). This trend focuses on the idea of exchanging or experiencing memories collectively. But Murderbot and Scalzi are dealing with something different: memory backup.

In Old Man’s War, character Harry Wilson reveals that, in their downtime, the green soldiers discuss whether they’re actually the same people they were before the transfer, or whether they’re just copies with inherited memories. Harry Wilson eventually lands on a kind of pragmatic acceptance: he likes being alive, and he wants to keep going. But there’s an unspoken implication that if the original humans had understood what the Colonial Union was really doing, they might not have agreed to it.

That gap — between the original and the copy — is where the uncanny valley opens up. A perfect replica of you is not you, even if it talks like you and remembers your childhood. The closer the copy gets, the more unsettling the difference becomes. Scalzi’s soldiers feel that difference in their bones, even if they can’t fully articulate it. They know they’re continuations, not the same consciousness that lived in the old human body.

Murderbot’s fear of being overwritten sits in that same space. But for Murderbot, the stakes are even sharper: the corporation doesn’t need a compliant copy — it can simply melt down the original and build something new. The uncanny valley becomes a tool of control. If the system sees you as interchangeable, then your continuity doesn’t matter. Your survival doesn’t matter.

But to the people who love you, it does.

And that’s the key: identity isn’t just memory — it’s continuity, embodiment, and relationship. A replica can’t fake that.

There’s another layer here that feels important to name. Murderbot’s need to “pass” as human — to mimic the right gait, the right tone, the right social cues — isn’t just about fitting in. It’s about avoiding unnecessary violence that jeopardizes his friends but acting appropriately to protect them. It’s about not being clocked.

This is where Murderbot’s experience echoes the experiences of with trans people who often have to perform gender “correctly” to avoid political, social, financial, or physical harm. Passing isn’t about aesthetics. It’s about safety. It’s about navigating systems that punish deviation.

Murderbot is illegible by design — not human, not machine, not allowed to define itself. Trans people often face the same institutional illegibility. Bureaucracies don’t know what to do with them. Systems misgender them, misclassify them, or erase them entirely.

And when Murderbot fears being overwritten, that maps disturbingly well onto the real‑world experience of being deadnamed, misgendered, or legislated out of existence. It’s a form of ontological violence — a threat to the right to exist as oneself.

Murderbot’s self‑creation — hacking its governor module, naming itself, choosing its relationships — is a liberation arc. And like many trans narratives, it’s a story of building the self in defiance of systems that insist you are something else.

This is where the Preservation Alliance becomes so important. Murderbot’s relationships with these humans aren’t incidental. They’re political. They’re the only reason it’s still alive.

The Corporation Rim treats SecUnits as property — and older SecUnits as scrap. Preservation treats Murderbot as a person. That difference is everything.

Chosen family is how marginalized people build safety nets outside oppressive systems. It’s how they survive. Murderbot risks itself for its friends not because it’s programmed to, but because it chooses to. And they show up for Murderbot in return — legally, socially, emotionally, and in the most literal sense: they prevent its body from being destroyed.

Chosen family is also what preserves identity when memory is fragile. Even if Murderbot were overwritten, its chosen family would know something was wrong. They would insist on the real version. They would fight for it.

And in a world where older models get melted down, that insistence is not symbolic. It’s life‑saving.

Two of my favorite authors, Charlie Jane Anders and Annalee Newitz, have been writing and thinking about these issues for years. Anders often talks about transness as a technology of survival — a set of strategies for navigating hostile systems. Murderbot does exactly that. It builds survival algorithms. It masks. It performs safety while constructing identity internally.

Newitz’s work focuses on who owns bodies, who controls labor, and what happens when people are treated as replaceable. That’s the entire premise of SecUnits, governor modules, and engineered soldiers. Their writing on chosen family also reinforces the idea that belonging is a political act.

Together, Anders and Newitz argue that science fiction is where we rehearse the politics of who counts as human. Their work gives language to what Murderbot is living through.

Platform Decay makes these themes explicit. Murderbot’s brown friends from a non‑Rim world are detained by corporate operatives in scenes that echo the past year of ICE overreach in the U.S. Arbitrary detention, opaque bureaucracy, the threat of forced labor — Wells isn’t being subtle.

And Murderbot itself is treated as disposable. Not dangerous. Not valuable. Just obsolete.

The Corporation Rim’s logic is simple:
If we call them tools, we don’t have to treat them as people.
If they’re obsolete tools, we don’t even have to keep them around.

Preservation’s logic is the opposite:
If we choose each other, we become real to each other.
If we recognize someone as a person, we defend them as one.

Citizenship isn’t just legal status. It’s relational belonging. It’s who shows up for you when systems try to erase you — or melt you down.

All of this leads back to a simple truth: consciousness is embodied. Even in digital or engineered forms, identity is shaped by the body that carries it. Murderbot’s hybrid body shapes its experience of the world. Scalzi’s green soldiers feel different because their bodies are different. The Stepford wives are horrifying because they look right but aren’t the people their families loved.

Memory alone can’t preserve identity. Continuity matters. Relationships matter. Embodiment matters.

Science fiction about cyborgs and memory is never just about technology. It’s about who gets to be a person — and who gets to choose their people.

Murderbot’s journey is not just about autonomy. It’s about belonging. It’s about building a self in a world that insists you are property. It’s about finding people who will defend that self when systems try to overwrite it.

And that brings me back to the question that’s been running through my mind since I finished Platform Decay:

What happens when a being who was never meant to have a family builds one anyway — and defends it with everything they have.

READ MORE ABOUT IDENTITY, CHOSEN FAMILY & BODILY AUTONOMY:

Platform Decay and the rest of the Murderbot Diaries series by Martha Wells
Automatic Noodle (https://www.automaticnoodle.website/) by Annalee Newitz
Lessons in Magic and Disaster by Charlie Jane Anders
"Episode 181: Murderbot and the Stories That Heal Us," Our Opinions Are Correct podcast by Annalee Newitz & Charlie Jane Anders https://www.ouropinionsarecorrect.com/shownotes/2025/7/24/episode-181-murderbot-and-the-stories-that-heal-us
The Old Man's War series by John Scalzi

Wednesday, January 21, 2026

ANALYSIS: When AI Gets it Wrong -- and, Why

I recently brought home an antique mechanical clock that belonged to my grandparents — a beautiful piece called an “8 Day Mission Striker.” After identifying it via an eBay image search, I turned to Google for more background. That’s when I encountered a striking example of how different large language models (LLMs) interpret queries.

Google’s AI consistently redirected me to information about a NASA space mission, interpreting “8 Day Mission Striker” as a reference to the Boeing Starliner capsule (see Figure 1). Even after I clarified that I was referring to a clock, not a spacecraft or military term, it continued to prioritize recent headlines. Only after explicitly adding “clock” to my query did it return relevant results.

Copilot, on the other hand, understood my intent immediately. It recognized “8 day” and “striker” as horological terms and inferred that “mission” referred to Mission-style furniture. It provided accurate historical context on the first try (see Figure 2). Copilot had some interesting analysis to offer when I asked why it was able to perform this search more accurately (Figure 3).

I believe this difference stems from how each model handles ambiguity. Google’s AI appears to overfit to trending topics and literal parsing, while Copilot uses broader pattern recognition and contextual inference. This reflects deeper architectural choices — particularly in how models balance recency bias with semantic flexibility.

Looking ahead, I expect these gaps to narrow with the rise of Mixture of Experts (MoE) and Retrieval-Augmented Generation (RAG). MoE models activate specialized sub-models for different domains, improving accuracy and efficiency (Shazeer et al., 2017). RAG systems enhance factual grounding by retrieving external documents during generation (Lewis et al., 2020). These approaches promise more personalized and context-aware AI — especially for niche queries like mine.

PS: If you want to see what the clock looks like – you’ll have to try this search yourself!

Co-Pilot's Response:

Great question, Jennifer — and it gets to the heart of how different AI systems interpret ambiguous queries.

🔍 Why I Found the Clock Info Right Away
When you asked about the "8 day mission striker", I considered multiple interpretations of the phrase — not just recent news or trending topics. Here's how I approached it:
• Pattern recognition: I recognized “8 day” and “striker” as terms commonly associated with antique clocks — “8 day” refers to the movement duration, and “striker” to the chiming mechanism.
• Contextual inference: Even though “mission” could suggest aerospace, I saw it as possibly referring to Mission-style furniture, which is a known design aesthetic for clocks.
• Search flexibility: I ran a broad search and filtered results that matched the horological context, rather than defaulting to the most recent or popular interpretation.

🤖 Why Google AI Focused on the Space Mission
Google’s AI likely prioritized:
• Recency bias: The Boeing Starliner mission was in the news, so it assumed that’s what you meant.
• Literal parsing: It broke the phrase into “8 day mission” + “striker,” and tried to match each to trending topics.
• Lack of personalization: Without knowing your interests or intent, it defaulted to the most statistically likely interpretation.

🧠 What Makes Copilot Different
I’m designed to:
• Explore multiple meanings before settling on one.
• Adapt to your style and interests over time — like knowing you’re interested in vintage clocks or historical design.
• Synthesize niche knowledge from less mainstream sources, not just what’s trending.

So when you asked about “8 day mission striker,” I didn’t just chase headlines — I looked for deeper, more plausible interpretations based on historical and collector contexts.

Would you like to explore more Mission-style antiques or dive into how mechanical clocks work? I think you'd love the craftsmanship behind these pieces.

The differences are a result of settings related to context sensitivity (ie, Google AI assumes "current events"), reasoning depth and training data emphasis.

This can improve with feedback and with the increased implementation of specialized models (like small language models) that are "experts" in particular areas. Mixture of Experts (MoE) and Retrieval Augmented Generation are two strategies that will enhance LLM performance

Google AI Mode (2025). Search for “8 Day Mission Striker). Retrieved on November 7, 2025, from https://share.google/aimode/KRXADOYj5oj0HFayK

Lewis, P., Perez, E., Piktus, A., Karpukhin, V., Goyal, N., Kulikov, I., ... & Riedel, S. (2020). Retrieval-augmented generation for knowledge-intensive NLP tasks. Advances in Neural Information Processing Systems, 33, 9459–9474. https://papers.nips.cc/paper_files/paper/2020/file/6b493230205f780e1bc26945df7481e5-Paper.pdf

Shazeer, N., Mirhoseini, A., Maziarz, K., Davis, A., Le, Q., Hinton, G., & Dean, J. (2017). Outrageously large neural networks: The sparsely-gated mixture-of-experts layer. arXiv preprint arXiv:1701.06538. https://arxiv.org/abs/1701.06538

Microsoft Copilot. (2025). Why Copilot interpreted “8 day mission striker” correctly. Retrieved November 7, 2025, from https://copilot.microsoft.com

Zhang, D., Song, J., Bi, Z., Yuan, Y., Wang, T., Yeong, J., & Hao, J. (2025). Mixture of Experts in Large Language Models. arXiv preprint arXiv:2507.11181. https://arxiv.org/abs/2507.11181

Friday, January 16, 2026

REVIEW: "Platform Decay" by Martha Wells (5 stars)

Just over two years ago, I discovered — and promptly devoured — Martha Wells’ Murderbot Diaries. The series hooked me with its unusual protagonist: a part‑organic, part‑mechanical security construct who has hacked its governor module and claimed its own autonomy. Calling itself “Murderbot,” it’s a hyper‑competent multitasker who can monitor a dozen threats while binge‑watching future‑space telenovelas. As a relatively “new” human, Murderbot has a complicated relationship with emotions, and the series tracks its gradual, often funny, often touching evolution as it figures out what it means to be a person, make friends, and navigate feelings it never asked for. It’s no surprise that many readers see Murderbot as a stand‑in for teenagers, neurodivergent folks, or anyone who has ever felt out of sync with the world.

If you’re new to the series — or if you’ve only watched the Apple TV+ adaptation — there’s still time to catch up. At its core, Murderbot’s story is a sequence of adventures that double as a coming‑into‑personhood narrative. It has an intrinsic sense of fairness, a habit of pulling information from wildly diverse sources (especially pop culture), and a growing awareness of the political structures around it. One of the series’ ongoing themes is the tension between the hyper‑capitalist “Corporation Rim” and the more egalitarian societies struggling to exist outside its reach.

Platform Decay, the eighth installment, can absolutely stand alone. Wells gives new readers enough grounding to understand who Murderbot is, what it can do, and why its freedom is precarious.

This time, the action unfolds on a massive rotating space station shaped like a torus, orbiting a planet that has been strip‑mined into ruin. (If you’re not familiar with torus habitats, the Stanford Torus page on Wikipedia has great visuals.) The station itself is one of the book’s delights: Wells avoids the trap of “video‑game level design” by giving each subdivision its own history, socioeconomic profile, and architectural logic.

The plot centers on Murderbot and its fellow SecUnit, Three — a newer model who has been free for far less time — as they attempt to rescue their friends from Preservation. These friends, all brown and all from a non‑Rim world, have been illegally detained by Corporation operatives and are being processed for indentured servitude (or worse). The parallels to the past year of ICE overreach in the U.S. are unmistakable. Wells doesn’t soften the critique; she uses the sci‑fi frame to make the injustice sharper, not more distant.

While Murderbot can hack security systems, forge credentials, and erase itself from surveillance feeds without breaking a sweat, its real challenge is blending in. Much of the book’s humor comes from its attempts to navigate the crush of humanity on the torus, including installing movement‑assist modules so it can walk more like a natural‑born human. The resulting journey has a bit of Tintin energy — lots of transit systems, lots of motion, lots of chaotic detours — all described with Wells’ signature dry wit.

There’s plenty of action: rescuing friends, evading capture, investigating reports of a “rogue SecUnit” (which turns out to be Three making some questionable choices out of boredom), and dealing with wealthy, entitled kids who have turned piracy into a hobbyist “smash and grab.” Through it all, Murderbot remains Murderbot — trying to minimize harm when possible, but taking undeniable satisfaction in dealing decisively with people who insist on being terrible. At one point, it does all this with a kindergartener attached to it like a barnacle, which is exactly the kind of chaotic tenderness that makes this series work.

And ultimately, Platform Decay is less about whether Murderbot will succeed — long‑time readers know the mission will get done — and more about how it gets there. The pleasure of this installment is in the movement, the worldbuilding, the character beats, and the messy, funny, deeply human moments along the way. After so much fast‑paced action, the ending feels a bit anticlimactic, but that’s because the real payoff is the journey itself.

REVIEW: "Platform Decay" by Martha Wells

RATING: 5 stars

Thanks to TOR and NetGalley for the ARC. The book is due out in May 2026.

Monday, January 12, 2026

TIL: Anyone Can Vote in the Hugo Awards — Come Join Me in LA!

Every once in a while, you stumble across a piece of writing that completely changes how you see a community you’ve been part of for years. That happened to me this week when I read Molly Templeton’s fantastic Reactor column about the Hugo Awards and the World Science Fiction Convention (Worldcon).

Like a lot of lifelong SFF readers, I always assumed the Hugos were something distant—decided by insiders, professionals, or some mysterious academy. Molly’s piece made it crystal clear: anyone can nominate and vote in the Hugo Awards. All you have to do is become a supporting member of this year’s Worldcon. That’s it. No secret handshake. No gatekeeping. Just a $50 supporting membership and a love of science fiction and fantasy.

And honestly? I’m thrilled.

I immediately signed up for LACon V, this year’s Worldcon in Los Angeles, and that means I’m officially a Hugo Awards voter and nominator for 2026. I can’t wait to dive into the nomination process, explore new works, and participate in shaping the conversation around the genre I love.

If you’ve ever wanted a more direct way to support the books, stories, creators, and ideas that matter to you, this is it. The deadline to register as a supporting member is January 31, and Molly’s article walks through the whole process clearly and encouragingly.

Read Molly Templeton’s article here: https://reactormag.com/anyone-can-vote-in-the-hugo-awards-and-heres-how/

Register for LACon V (in person or supporting): https://www.lacon.org/register/

If you decide to join, let me know—I’d love to have more friends and fellow readers along for the ride (and not just literally - I'll be driving there from the SF Bay Area if you want to carpool). Whether you’re nominating novels, short fiction, podcasts, art, or dramatic presentations, your voice genuinely matters. A single nomination can make a difference.

See you (hopefully!) in LA—and in the Hugo voter packet.

Sunday, January 11, 2026

REVIEW: "Old Man's War" series by John Scalzi - Part 1 (Books 1-5)

Memory, Identity and the Bodies We're Allowed to Have

I’ve been deep in John Scalzi’s Old Man’s War series, and after reading Charlie Jane Anders’ piece on the rise of “memory‑sharing” fiction, I’ve been thinking a lot about how these books handle identity, embodiment, and what actually makes a person who they are. Scalzi was playing with memory transfer almost twenty years ago, but reading it now — in a moment when SFF is finally digging into the messy implications of memory and consciousness — makes the limits of his worldbuilding stand out.

The basic setup is that you sign up with the Colonial Defense Forces, and on your 75 birthday head to the recruiting station to go to space to serve for 10 years. You give up your family, property and all connection to Earth: you can never return. There's a vague promise of physical improvement - but nobody expects that their mind, memories and consciousness will be transferred into a new body. It’s engineered, green, enhanced, and built from your DNA. You get SmartBlood™, a BrainPal™, and a body that can do things your original one never could. But it’s still recognizably “you.” Same gender. Same general shape. Same hair color. No one asks whether they can choose something different — a different gender, a different form, something adapted for a specific environment, or even something non‑human. In a universe with hundreds of alien species, the idea that the only acceptable upgrade is “you, but greener and stronger” feels like a huge missed opportunity.

What’s even stranger is how little the recruits ask about any of this. They don’t ask what else they’re giving up. They don’t ask what happens to their consciousness if they die. They don’t ask whether backups exist. They don’t question about the combat death rate, which is shockingly high. More than three‑quarters of them won’t survive the ten‑year service requirement. And no one asks what happens to their DNA if they die before they ever leave Earth.

Some of these questions are answered in the second book, The Ghost Brigades, where we learn that the Colonial Union uses the DNA of recruits who die early to create entirely new soldiers. These aren’t clones or resurrected versions. They’re new people — engineered bodies with no memories, no Earth ties, and personalities shaped by training and tech. It’s a massive ethical leap, and the story treats it as routine.

There’s also the moment when John Perry meets a woman grown from his dead wife’s DNA. She isn’t his wife. She isn’t a copy. But she has echoes of the woman he loved, and they eventually build a relationship. It’s emotionally complicated, and the book acknowledges that, but it never really sits with the implications of creating a person who looks like someone you lost.

Scalzi does occasionally push into deeper territory. There’s the soldier seeded with the memories of a traitorous scientist, who starts experiencing impulses that aren’t his own. There are the debates in The Human Division about whether the upgraded soldiers are the same people they were before or just copies running on new hardware. These moments are fascinating, and then the story moves on. The series keeps brushing up against the big questions without fully committing to them. Initially, the series started off as satire of the genre - but as I get through more installments, it seems like the author is more fully committing to this universe, tropes be damned.

Charlie Jane Anders wrote about a trend in SFF around memory sharing (see https://reactormag.com/the-most-surprising-book-trend-right-now-memory-sharing/ ). This piece helped me see the contrast more clearly. Scalzi planted the seeds of the memory‑sharing trend, but the genre has since moved into much more ambitious territory. Today’s SFF treats memory as a technology, a vulnerability, a political tool, a form of intimacy, a destabilizing force. Scalzi hints at all of this, but he keeps the frame narrow. The result is a universe full of potential that the narrative doesn’t quite explore.

And honestly, that tension — the ideas he sets up versus the ones he doesn’t follow — is part of what makes reading the series now so interesting. I have several more books to go in the series and will report back on any developments I catch in books 6 and 7.

Thursday, January 08, 2026

CA DMV Password Reset Bug: Technical Appendix for Engineers

(Designed for engineering, security, QA, and infrastructure teams)

Technical Summary of Observed Behavior

Affected Domains

The following valid domains are rejected or fail silently:

Personal domains (multiple)
boldium.com
adobe.com
abbott.com
northeastern.edu

Accepted Domains

gmail.com
yahoo.com
hotmail.com
outlook.com
Completely fake Outlook addresses (e.g., random strings)

Delivery Behavior

Consumer domains receive verification emails instantly.
Non‑consumer domains receive no email or receive emails hours later.
Delayed emails contain links tied to the original browser session, which has expired.

Client‑Side Environment

Issue reproduced on:

Latest Chrome on macOS (Mac mini + two MacBooks)
Latest iOS on iPhone
Latest myDL app
Multiple networks
Clean browser sessions
No caching or cookie issues
No outdated software

This confirms the issue is not client‑side.

Likely Root Causes (Ranked)

1. Hardcoded Domain Allowlist (Most Likely)

Evidence:

Fake Outlook addresses accepted
Valid corporate/university/personal domains rejected
Instant delivery to Gmail/Yahoo/Hotmail/Outlook
“Domain not recognized” errors for legitimate domains

This strongly suggests a restrictive allowlist of consumer email providers.

2. Misconfigured Email Security Gateway

Possible systems:

Cloudflare Email Security
Proofpoint
Mimecast
Microsoft Defender
Cisco IronPort

Potential misconfigurations:

Domain reputation API rejecting non‑consumer domains
Allowlist/denylist rules applied incorrectly
Anti‑fraud scoring over‑blocking legitimate domains
Routing rules sending non‑consumer domains through a slow or failing path

3. Application‑Layer Domain Validation Logic

Possible issues:

Regex or validation rules that only accept common consumer domains
Incorrect domain parsing
New fraud‑prevention module introduced between August and December
Silent failure paths for unrecognized domains

4. Routing or MTA Configuration Changes

Potential causes:

Split routing based on domain category
Misconfigured secondary route for “unknown” domains
Delayed retries causing multi‑hour delivery

5. DNS or Authentication Checks

Unlikely but possible:

SPF/DKIM/DMARC lookups failing or timing out
DNS resolver misconfiguration
Overly strict alignment checks

Given that abbott.com and northeastern.edu fail, DNS/authentication issues are less likely.

Reproduction Steps (For QA)

Navigate to DMV login page.
Select “Create Account” or “Forgot Password.”
Enter an email address from any of the following domains:
- abbott.com
- adobe.com
- northeastern.edu
- any personal domain
Observe:
- “Domain not recognized” error OR
- Silent confirmation with no email delivered
Repeat with a fake Outlook address.
Observe:
- System accepts the address
- No validation of mailbox existence
Repeat with Gmail/Yahoo.
Observe:
- Instant delivery
- Successful account creation/reset

Impact Assessment

Users cannot create or recover accounts unless they use a consumer email provider.
Affects small businesses, universities, corporations, and privacy‑conscious individuals.
Undermines adoption of the mobile driver’s license (myDL) program.
Increases support call volume.
Creates accessibility and equity concerns.
Damages trust in state digital services.

Recommended Next Steps

Immediate

Identify ownership of email validation and outbound email systems.
Review allowlist/denylist logic in application code.
Audit email security gateway rules.
Check routing logic for domain‑based paths.

Short‑Term

Decouple password reset links from browser session timeouts.
Implement 24‑hour token validity.
Add logging for domain‑based failures.

Long‑Term

Publish clear domain requirements (if intentional).
Ensure domain‑agnostic account creation (if unintentional).
Add alternative verification methods (SMS, authenticator app).

UX/CX Bug: A Detailed Look at the California DMV’s Email Verification Failure

Digital government services only work when they work for everyone. This week, I encountered a flaw in the California DMV’s online platform that affects anyone using a personal, business, or university domain for email. It also raises questions about the readiness of the state’s mobile driver’s license program, which depends on reliable account access.

What began as a simple password reset turned into a multi‑hour diagnostic session with DMV support, two very patient staff members, and a deeper look at how the system treats different types of email domains.

The Issue: Personal, Business, and University Domains Do Not Receive Verification Emails

I use my own personal domain (blackcats.org) because I value privacy and digital independence. In August 2025, I successfully reset my DMV password using that address. In December, the same process failed.

When I attempted a password reset:

No verification email arrived.
No error message appeared.
The system behaved as if everything was working, but nothing was delivered.

To rule out user error, I spent about an hour on the phone with a helpful DMV web support representative named James. Together, we tested the issue from multiple angles.

What We Tested

Password reset to my personal domain: no email.
Invitations to other personal domains I own: no email.
Registration attempts using Gmail and Yahoo: verification emails arrived instantly.
Testing business domains (boldium.com, adobe.com, abbott.com): the system displayed “domain not recognized.”
Testing a Northeastern University address (northeastern.edu): the system displayed “domain not recognized.”
Entering a completely fake Outlook address: the system confirmed it would send an email to that nonexistent address.

This pattern shows that the DMV system is treating personal, business, and university domains differently from large free email providers.

Something Changed Between August and December

Because I successfully reset my password in August, the sudden failure in December points to a platform change. My working theory is that the DMV implemented a new email validation or anti‑fraud system that is now incorrectly filtering or deprioritizing non‑mainstream domains.

This would explain:

The “domain not recognized” pop‑ups.
The silent failure to send emails.
The hours‑long delay before emails finally arrive.
The fact that Gmail and Yahoo work instantly.

If this is a security measure, it is over‑correcting. If it is a misconfiguration, it is a significant one.

Support Staff Confirmed They Do Not Know Who Owns This Issue

James escalated the issue internally, but the web support team did not know:

Who maintains the email validation system.
Who owns the domain‑filtering logic.
Who accepts bug reports for the platform.

He connected me with a manager named Robin, who listened carefully as I translated the technical details into plain language. I offered to speak with anyone on their engineering or security teams and promised to write up a summary they could share internally.

The Delayed Emails Eventually Arrived, But Were Useless

About two hours after ending my call with Robin, the verification emails finally appeared. When I clicked the links, I received the message:

"Your session has expired."

This confirms two things:

The DMV is sending emails hours after the request.
The reset links are tied to the original browser session, which expires long before the email arrives.

This design makes account recovery impossible for anyone affected.

Environment and Device Testing

To rule out client‑side issues, I tested the DMV website and the myDL app across multiple devices and operating systems. All systems were fully updated at the time of testing.

Desktop and Laptop Testing

Latest version of Google Chrome
macOS fully up to date
Tested on three separate machines:
- One Mac mini
- Two different MacBook models
Same behavior across all devices

Mobile Testing

iPhone with the latest iOS version installed
Latest version of the myDL app
The myDL app directs users to the DMV website for login and verification
Same failure pattern on mobile as on desktop

Conclusion This confirms the issue is not caused by:

Browser caching
Cookies
Outdated software
Device‑specific behavior
Network inconsistencies

The failure is consistent across multiple devices, operating systems, and access paths, which strongly indicates that the root cause is on the DMV’s backend systems, not on the user’s hardware or software.

This Affects More Than Privacy‑Conscious Users

This issue impacts:

People who run personal domains.
Small businesses.
Corporate employees.
University students, faculty, and staff.
Anyone using a domain that is not Gmail, Yahoo, Hotmail, or Outlook.

If the DMV is intentionally limiting accounts to specific free email providers, they should disclose that clearly. If not, the system is silently failing in ways that lock out legitimate users.

Likely Causes: What Types of Systems Could Be Blocking or Delaying These Emails?

Because Gmail, Yahoo, Hotmail, and Outlook receive messages instantly, we can rule out overloaded servers, global outages, or general queue delays. The DMV’s system is clearly capable of sending email immediately.

The root cause is almost certainly domain‑specific filtering or validation. These are the categories of backend systems that could cause exactly this behavior:

1. Email Security Gateways (Most Likely)

These systems sit between the DMV’s application and the outside world. They can:

Allow Gmail and Yahoo instantly.
Delay or block personal domains.
Reject corporate and university domains.
Apply domain reputation scoring.
Enforce allowlists or blocklists.

If the DMV added or updated one of these systems between August and December, it could easily explain the sudden change.

2. Application‑Layer Domain Validation

This is logic inside the DMV’s own code. Examples include:

Hardcoded allowlists of acceptable domains.
Hardcoded blocklists of risky domains.
Validation rules that reject anything not in a known set.
A new fraud‑prevention module.

This would explain:

“Domain not recognized” for Adobe, Abbott, Boldium, and Northeastern.
Acceptance of fake Hotmail or Outlook addresses.
Silent failure for personal domains.

3. Reputation‑Based Anti‑Abuse Systems

These systems score domains based on:

Age.
DNS configuration.
Traffic volume.
Historical spam reports.

They often:

Delay messages to low‑reputation domains.
Allow Gmail and Yahoo instantly.
Block small domains entirely.

This matches the multi‑hour delays and eventual delivery.

4. Email Routing Logic

If the DMV added routing rules such as:

“Send mainstream domains via Route A (fast).”
“Send unknown domains via Route B (scanned).”

Then Route B could be slow or misconfigured.

5. DNS or Authentication Checks

If the DMV’s outbound system is performing:

SPF lookups.
DKIM verification.
DMARC alignment checks.

And those checks are failing or timing out for personal, business, or university domains, that could cause delays.

Use Case for DMV Engineering, Security, and Product Teams

This section is written specifically for internal DMV teams who may need a clear, structured description of the issue.

Use Case: Email Verification Failure for Non‑Consumer Domains

Primary Actor: California DMV customer attempting to register or recover an account.

Preconditions:

User has a valid email address at a personal, business, or university domain.
User is attempting to register or reset a password.

Trigger: User enters their email address and requests a verification or password reset email.

Main Flow:

User enters a valid email address at a non‑consumer domain (e.g., blackcats.org, boldium.com, abbott.com, adobe.com, northeastern.edu).
System confirms that a verification email will be sent.
No email arrives, or it arrives hours later.
If the email eventually arrives, the link fails with “session expired.”

Alternate Flow (Consumer Domains):

User enters an email address at gmail.com, yahoo.com, hotmail.com, or outlook.com..
System confirms that a verification email will be sent.
Email arrives instantly.
User successfully completes registration or password reset.

Failure Points Observed:

“Domain not recognized” error for legitimate business and university domains.
Silent failure for personal domains.
Acceptance of completely fake Outlook addresses.
Multi‑hour delays for non‑consumer domains.
Reset links tied to browser session timeouts.

Impact:

Users cannot create or recover accounts unless they use a consumer email provider.
Small businesses, universities, and privacy‑conscious individuals are disproportionately affected.
The mobile driver’s license program is undermined by unreliable account access.
Support teams cannot resolve the issue because ownership is unclear.

Why This Matters for the Mobile Driver’s License Program

I support the mobile driver’s license (myDL) initiative. I prefer having my ID on my phone instead of carrying a physical card. Before Thanksgiving, I received a fix‑it ticket because the myDL app could not display my license, and the Alameda County Sheriff who pulled me over handled it with humor and grace.

But the success of the myDL program depends on:

Reliable account access.
Clear communication.
Inclusive digital design.

If users cannot create or recover accounts unless they use Gmail or Yahoo, the program will struggle.

What the DMV Should Do Next

If this is intentional:

Publish a list of acceptable email domains.
Explain the security rationale.
Provide alternatives for users who do not want to use large email providers.

If this is unintentional:

Investigate changes made between August and December.
Review domain‑validation logic.
Audit email delivery logs for delays and failures.
Decouple password reset links from browser session timeouts.
Communicate transparently with affected users.

Closing Thoughts

California has made real progress in modernizing its digital services. But this issue, whether caused by a misconfiguration, a security update, or an overly strict domain filter, is locking out legitimate users and undermining trust in the system.

I am sharing this publicly to help the right people inside the DMV understand the scope and urgency of the problem. If I am experiencing this across multiple domains, others almost certainly are as well.

If the DMV wants the mobile driver’s license program to succeed, fixing this should be a priority.

Monday, December 29, 2025

REVIEW: The History of Money: A Story of Humanity by David McWilliams (2-stars)

TLDR: A lively premise weighed down by oversimplification and a mismatch between subtitle and substance.

McWilliams sets out to tell “a story of humanity,” but the execution feels much narrower. The book reads as if it were built around a handful of pre‑selected concepts (coins, credit, trust, markets) rather than a coherent historical arc. Because that structure is never made explicit, the narrative jumps abruptly across centuries and civilizations, often without context or connective tissue.

The opening chapter on Rome is engaging and cinematic, but the momentum falters quickly. The transition into the Middle Ages is especially thin, relying on broad generalizations about Western Europe (“command and control economy,” “work hard to go to heaven”) rather than primary sources or meaningful economic analysis. Entire regions and monetary innovations — China, the Islamic world, the Mongol Empire, Africa, the Americas — are largely absent, which makes the subtitle’s claim to cover “humanity” feel overstated.

I’m also increasingly wary of books marketed as both a “breezy romp” and “important.” Those two promises rarely coexist well. When a book tries to be light, fast, and universal all at once, the result is often what happens here: a narrative that moves quickly but flattens complexity, oversimplifies history, and leaves out the very material that would make the subject genuinely meaningful.

The writing is accessible and fast‑paced, but often at the cost of depth. Readers looking for a TED‑style overview may enjoy the tone. Readers seeking rigor, global context, or a grounded history of monetary systems will likely find the treatment too superficial.

Recommended alternatives: If you’re genuinely interested in the history of money or want a more accurate picture of the medieval world, I strongly suggest pairing (or replacing) this with:

Jack Weatherford’s The History of Money — a more global, anthropological, and conceptually coherent exploration of how money evolved across cultures.
Matthew Gabriele & David Perry’s The Bright Ages — not a book about money specifically, but an excellent corrective to the flattened, Eurocentric Middle Ages narrative used here.

Bottom line: A quick, energetic read that overpromises on scope and underdelivers on depth. Best suited for readers new to the topic who prefer narrative momentum over historical nuance. REVIEW: The History of Money: A Story of Humanity by David McWilliams

RATING: 2-stars

Friday, December 26, 2025

Part 2: What I’d Do as the Product/Program Manager at TurboTax

After sharing my experience with the Intuit TurboTax Advantage renewal bug, I’ve had a lot of people ask: “What would you do if you were the PM responsible for this?”

Here’s exactly what I would do — not months from now, but immediately, while engineering works on the backend fix.

1. Equip Customer Support With the Right Script (Today)

The support specialist eventually told me this was a known issue with ZIP+4 formatting. That should be the first thing support says — not the 20 irrelevant questions that came before it.

Support should be trained to say:

“We have a known issue with ZIP+4 address formatting that can prevent payments from going through. Please select the version with the hyphen.”

This single sentence would have saved hours of customer time and reduced support load dramatically.

2. Stop the Endless “Payment Failed” Emails and Fix Affected Accounts Proactively

Instead of sending customers months of “Your payment failed” messages they can’t resolve, the product team should:

Identify all Advantage subscribers with repeated payment failures
Check whether their stored billing address uses the problematic ZIP+4 format
Correct the formatting on the backend
Retry the payment or notify the customer with a real explanation

If the system knows the customer can’t fix the issue, it shouldn’t keep telling them to fix it.

3. Update the Error Messaging Immediately

The current message — “There’s a problem with your credit card” — is inaccurate and misleading.

A better version would be:

“We’re having trouble validating your billing address. Please confirm your ZIP+4 format.”

Clear, actionable, and honest.

4. Add a Temporary Banner in the Account Dashboard

If this is a known issue, customers shouldn’t have to discover it by accident.

A simple banner would prevent thousands of failed renewals:

“We are currently experiencing issues with ZIP+4 address validation. If prompted, please select the ZIP+4 format with a hyphen.”

Transparency builds trust.

5. Send a Targeted “We Fixed It” Email Once the Backend Patch Is Live

When engineering resolves the root cause, TurboTax should notify every impacted customer:

Acknowledge the issue
Confirm the fix
Provide a one‑click renewal link
Optionally offer a goodwill gesture

This is how you rebuild confidence after months of failed renewals.

6. Fix the Voice System That Turned “Jennifer Clark” Into “Yessir Fart”

This isn’t just funny — it’s brand‑damaging.

The voice system couldn’t recognize my name or email address, and the transcription was so far off that it made reaching a human unnecessarily difficult.

At minimum:

Identify people based on phone number like most other businesses do
Add a keypad fallback
Improve transcription accuracy
The system requires user confirmation before proceeding, but if it's not working after multiple tries - why not let users skip this step?

If your IVR system insults your customers and takes too long, you’re losing them before support even begins.

7. Align the Address Form, USPS Validation, and Payment Processor

This is the root cause:

I entered only a 5‑digit ZIP
Intuit’s form auto‑generated a ZIP+4 with a hyphen
USPS validation returned a ZIP+4 with a space
The payment processor only accepts the hyphenated version
The UI forced me to choose between two system‑generated formats
The recommended one was the one that failed

This is a classic cross‑system integration issue — and it’s fixable.

8. Add Monitoring for Address‑Related Payment Failures

A PM should ensure engineering adds:

Logging for address‑format mismatches
Alerts when failures spike
A dashboard tile for payment failures correlated with USPS validation

This prevents the issue from going undetected or unresolved for months.

Why This Matters

None of these steps require a full engineering cycle. They’re operational, communication, and UX fixes that reduce customer pain today.

And they’re exactly what strong product and program leaders do: stabilize the customer experience now, while engineering works on the long‑term solution.

Even at the lowest plausible scale, this bug has real financial impact.

TurboTax Advantage renewals are $70 each If this issue affects even 1,000 customers, that’s $70,000 in preventable lost revenue. And that’s before factoring in:

Support call costs
Operational overhead from repeated failure emails
Customer churn to competitors
Brand damage from broken flows and unusable voice systems

Realistically, the number of impacted customers is likely far higher. Even a modest estimate of 6,000 affected users puts the revenue exposure at $420,000. At the higher end, it could easily reach seven figures.

This is why addressing the issue quickly — and communicating clearly with customers — isn’t just good UX. It’s good business.