• Routine Eating Habits: Consuming the same meals and snacks consistently is linked to higher weight loss success over several months.
• Cognitive Efficiency: Establishing predictable food routines reduces the decision-making burden and mental effort required to maintain a healthy caloric intake.
• Study Methodology: Researchers analyzed self-reported food logs from 112 overweight or obese participants enrolled in a structured weight-loss program.
• Weight Loss Comparison: Participants adhering to a routine diet experienced an average weight loss of 5.9 percent compared to 4.3 percent for those with varied diets.
• Caloric Consistency: Every hundred-calorie fluctuation in daily intake was associated with a 0.6 percent decrease in total weight loss over 12 weeks.
• Environmental Adaptation: Constant dietary repetition serves as a strategy to counter the challenges posed by modern, high-variety food environments.
• Nutritional Considerations: The observed results do not account for nutritional quality, as the focus was specifically on caloric control and routine adherence.
• Future Research: The findings suggest a need for randomized clinical trials to confirm the causal relationship between repetitive eating patterns and long-term weight management.

Consistency is key to building healthy habits, and our daily meal choices may be no exception.

Researchers at Drexel University in the US have now found evidence that indulging in the same meals and snacks day after day can lead to more successful weight loss over the course of several months.

While diversity in the diet is undoubtedly important for human health, these new results suggest that eating the same meals on repeat can come with perks for those who want to lose weight.

As long as the go-to meals and snacks are well-rounded, they may help with weight loss more than a flexible, varied diet.

"Maintaining a healthy diet in today's food environment requires constant effort and self-control," says lead author and health psychologist Charlotte Hagerman from Drexel University.

"Creating routines around eating may reduce that burden and make healthy choices feel more automatic."

For the study, Hagerman and colleagues analyzed the self-reported food logs of 112 overweight or obese adults who were enrolled in a structured behavioral weight-loss program.

In the first 12 weeks of the program, participants who ate the same meals and snacks, as well as those with day-to-day calorie consistency, tended to lose more body weight than those who chose different foods, or whose calorie intake fluctuated more widely.

Specifically, those who stuck to a more routine weight-loss diet lost 5.9 percent of their body weight on average, whereas those with a more varied diet lost 4.3 percent.

That's a small overall difference, but one that could be significant, especially in the long run if this weight loss is maintained.

The study authors calculate that for every hundred-calorie difference in a participant's day-to-day diet, weight loss decreased by 0.6 percent over the study's 12-week period.

(Johner Images/Johner Images Royalty-Free/Getty Images)

The research is small and insufficient to overturn evidence suggesting that a diverse diet holds health benefits for most people. And, of course, it's important to talk to a doctor before making any major changes to your diet.

However, it is one of the first studies to use real-time food tracking data to explore how routine eating aids weight loss across multiple months.

The findings suggest that the constant variety of food we are surrounded by, day in and day out, may be hampering some weight-loss regimens.

"If we lived in a healthier food environment, we might encourage people to have as much variety in their diet as possible," explains Hagerman.

"However, our modern food environment is too problematic. Instead, people may do best with a more repetitive diet that helps them consistently make healthier choices, even if they might sacrifice some nutritional variety."

The current study did not consider the nutritional quality of the diets participants were eating. This means that they could have been losing weight by eating an unhealthy diet.

However, participants were enrolled in a behavioral weight loss treatment program, in which they worked with coaches to determine their daily calorie intake and weekly weight-loss goals.

There were two ways participants could approach their goals: They could either keep a consistent daily calorie intake, or they could prioritize a weekly average, 'saving' some calories for special occasions.

Those who logged their food choices on the most days, which is highly predictive of weight loss, still lost more weight if they had a more routine diet.

Related: A 30-Year Study May Have Found The Single Best Diet For Healthy Aging

Researchers can't say for sure whether that weight loss is really caused by a more routine diet, but the association has them wanting to know more.

"Even a healthy diet high in variety may increase points of decision-making, making it more cumbersome to calculate calories, versus having go-to meals with pre-calculated calories," hypothesize the study authors.

Sounds like a randomized clinical trial in the making.

The study is published in Health Psychology.

• Management Methodology: A book titled The Algorithm by former Tesla executive Jon McNeill details a five-step process allegedly used to guide operations at Tesla and SpaceX.
• Procedural Steps: The framework consists of questioning requirements, deleting unnecessary steps, simplifying and optimizing, accelerating cycle times, and automating processes.
• Foundational Philosophy: The operational system relies on first principles thinking, which involves breaking complex problems down to their most fundamental atomic components.
• Terafab Initiative: A proposed joint project between Tesla and SpaceX involves constructing a large-scale AI chip manufacturing facility in Texas to address supply shortages.
• Strategic Vertical Integration: The decision to build internal chip production addresses perceived risks regarding supply chain dependency and single points of failure for AI-dependent businesses.
• Space-Based Expansion: Strategic plans include shifting data center operations to outer space to leverage abundant solar power and reduce operational costs.
• Performance Discrepancies: Historical projections, such as the goal to reach 20 million vehicle deliveries annually, have previously fallen short of stated targets.
• Operational Urgency: The management style emphasizes maintaining consistent pressure on existential business issues to establish a competitive advantage over industry peers.

Elon Musk in a livestream last Saturday announcing the Terafab project.

By

Tim Higgins

March 27, 2026 8:00 pm ET

Anyone can tap in to the powerful management techniques behind Elon Musk’s success.

At least that’s the thesis of a just-released book by former Tesla TSLA -2.76%decrease; red down pointing triangle President Jon McNeill. “The Algorithm” argues there are five steps that explain how Musk wants his teams at the electric-car company and rocket-maker SpaceX to operate. 

“Much of the genius in Musk’s companies come from the legions of smart people empowered by the Algorithm,” McNeill writes. “They’re chasing stretch goals with free license to question everything and innovate boldly.”

That philosophy was on my mind as I watched Musk’s most recent event to announce plans for a joint project between Tesla and SpaceX to build the world’s largest AI chip factory.

The so-called Terafab, he said, would far exceed what all of the chip fabrication plants, or fabs, on the planet can currently make. Not the sort of thing a car company or a rocket maker would naturally get involved in doing, especially given the risks of entering a competitive and different industry.

Yet AI chips are at the heart of his vision for billions of robots being made a year globally and space missions to the moon and Mars. The goal is simple, he told an audience in Austin, Texas, recently: “Turn science fiction to science fact.”

You may also like

Up Next

Embed code copied to clipboard

[Facebook](https://www.facebook.com/sharer/sharer.php?u=https://www.wsj.com/video/series/wsj-the-future-of-everything/the-five-step-algorithm-driving-teslas-success/8CBB8DC9-ED98-4A03-8624-C235A4C61167&t=The Five Step ‘Algorithm’ Driving Tesla’s Success "Share on Facebook")

[Twitter](https://twitter.com/intent/tweet?url=https://www.wsj.com/video/series/wsj-the-future-of-everything/the-five-step-algorithm-driving-teslas-success/8CBB8DC9-ED98-4A03-8624-C235A4C61167&text=The Five Step ‘Algorithm’ Driving Tesla’s Success "Share on Twitter")

Your browser does not support HTML5 video.

0:00

Playing

0:01 / 25:05

What’s the secret sauce of Elon Musk’s management style? Host Tim Higgins and former Tesla President Jon McNeill deconstruct the operating system that powered Tesla’s massive growth and the high-stakes lessons learned along the way.

So what exactly is the Algorithm? A series of deceptively simple steps: 1) Question every requirement. 2) Delete every possible step in a process (or part). 3) Simplify and optimize. 4) Accelerate cycle time. 5) Automate.

The approach was first detailed in Walter Isaacson’s 2023 biography “Elon Musk.” It was Isaacson who encouraged McNeill to write his own book that goes into depth about how the Algorithm works, the new author said.

McNeill, who left Tesla in 2018, was a key deputy during Tesla’s struggle to develop the game-changing Model 3 sedan and ramp production of the Model X SUV. 

During that time, the framework for solving problems became so routine, by McNeill’s telling, that one executive at Tesla suggested calling it the Algorithm so they could better communicate the approach throughout the company. 

It is rooted in the first principles thinking popular with Musk, McNeill told me for an episode of the “Bold Names” podcast.

“First principles thinking to me is the lowest common denominator of the problem in the elements of the problem—so like I think about breaking the problem down to…atomic level,” McNeill said.

Jon McNeill, former Tesla president. Felix Wong/South China Morning Post/Getty

Pulling it off correctly is beyond basic—even for Musk.

The Terafab, which some have estimated could cost $20 billion or more, has all of the hallmarks of the Algorithm.

Musk and others are investing heavily to build more computing power to fuel AI development. Key hurdles are AI chip supply and energy required to power data centers.

Part of SpaceX’s recent AI strategy is a shift toward building data centers in outer space, where solar power is abundant and, Musk says, will eventually be cheaper than operating on Earth.

But a chip supply shortage is crimping that dream. The world’s suppliers combined are making about 2% of what Musk said his companies need for Tesla’s robotcars and humanoid robots, and SpaceX’s AI data centers, to fuel his AI ambitions with xAI.

Musk said he has been trying to encourage suppliers to expand capacity quickly, but there’s a maximum rate they’re comfortable doing.

Most in business would probably say they’re stuck waiting. Not Musk. 

Musk stepping out of a Tesla Model X SUV at a 2015 launch event. Justin Sullivan/Getty

“That rate is much less than we would like, and so we either build the Terafab or we don’t have the chips, and we need the chips, so we’re gonna build Terafab,” Musk said.

That gets to the Algorithm, McNeill told me: If Musk wants to control his own destiny, there’s no requirement that he buy chips from someone else. 

“Elon has three businesses that all depend on chips, and he understands that dependence as a single point of failure,” McNeill told me in a follow-up email. 

Musk’s next moves are being met with skepticism, especially as he prepares to take SpaceX public this year. Why would these companies want to get into the complicated and expensive business of making chips? 

The case for the Terafab probably isn’t helped by grandiose ideas that Musk has touted in recent years that fizzled out—such as aiming to scale Tesla to build 20 million vehicles a year. (The company delivered 1.6 million vehicles last year.)

But supporters point to his success turning Tesla into an EV powerhouse and SpaceX into the dominant player in the burgeoning space economy as examples of what can happen when Musk succeeds.

An image of the Advanced Technology Fab project, from the livestream announcement last Saturday.

The Algorithm was honed during years of struggle. Supplier bottlenecks have been huge issues for Musk’s manufacturing companies. That’s especially true in dealing with new technologies where everyone isn’t as confident as Musk is about the size of a potential new market.

SHARE YOUR THOUGHTS

Do you think Elon Musk’s success is replicable by others? Join the conversation below.

Shortly after the success of Tesla’s Model S sedan, for example, Musk began making plans for building a giant battery factory. Similar to now, Musk envisioned requiring more batteries for EVs than the world was producing and he wanted to jump-start things.

Eventually, Tesla would convince battery supplier Panasonic to open a giant factory in Nevada, an important part of making the Model 3 successful.

A key ingredient to the Algorithm, McNeill told me, is the sense of urgency that it injects into everyday work. For Musk, that means latching on to one or two existential issues and riding them week after week.

“I used to sit in those meetings, saying I’m pretty dang sure that our competitors’ CEOs are not sitting in these weekly engineering reviews and not driving their companies as fast,” McNeill said. “Therefore we’re compounding an advantage against them.” 

Today it’s clear that Musk’s new urgency is around AI in space.

Elon Musk Inc.

More coverage of the billionaire entrepreneur and his businesses, selected by editors

Funding Tesla's AI Future

How Musk Wants to Wire the Human Brain

His Quest to Make Men Great Again

Using His Empire to Kickstart xAI

Musk Has Used Illegal Drugs, Worrying Leaders at Tesla and SpaceX

Musk Is Planning a Texas Utopia—His Own Town

SpaceX Wields Power Over Satellite Rivals to Boost Starlink

Behind Musk’s Management Philosophy

Copyright ©2026 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Appeared in the March 28, 2026, print edition as 'The Playbook That Makes Elon Musk’s Wild Ideas Work'.

Tim Higgins is a business columnist for The Wall Street Journal, frequent contributor to CNBC, and author of books about Apple (“iWar”) and Tesla (“Power Play”). He also co-hosts “Bold Names,” the Journal’s weekly interview podcast with top business leaders.

His weekly column focuses on influential companies and their leaders, such as Elon Musk, Tim Cook and Mark Zuckerberg. Tim became a columnist in 2023 after working for more than two decades as an award-winning reporter, covering everything from the bankruptcy of General Motors to the presidential campaigns of 2016.

A Missouri School of Journalism grad, Tim also earned an M.B.A. from Michigan State University. He lives in San Francisco.

Artificial intelligence is currently the white-hot center of America’s economy. Big Tech is investing more than $750 billion in data centers this year, mostly domestically. Unsurprisingly, wages for construction workers and the skilled trades are skyrocketing. Communities like Virginia’s Loudoun County are almost covering their entire operating budgets through data-center taxes.

Representative Alexandria Ocasio-Cortez and Senator Bernie Sanders want to put a stop to all of that. On Wednesday, the pair jointly proposed a universal halt to America’s AI economy. Their bill would enact a moratorium on new and existing data-center growth as well as a ban on exporting AI chips. The pause would last until Congress passes a “framework” to regulate the industry.

In other words, the degrowth duo want to tie up America’s most innovative and globally competitive industry using the same bureaucratic process that has recently resulted in TSA airport security lines snaking through terminals and parking garages. And they want to take advantage of Americans’ understandable fears about new technology to impose their radical beliefs on the nation’s economy.

It’s a far cry from how we used to think about growth. Back in 1996, as the World Wide Web was spreading but before the dot-com boom took off, a bipartisan group of legislators passed the Telecommunications Act, which opened up the nascent internet economy to bountiful innovation with a carefully crafted regulatory framework. That bill passed 414–16 in the House and 91–5 in the Senate. It’s unimaginable that a law with such a singular focus on openness and American growth could win such broad support today.

What Ocasio-Cortez and Sanders imagine goes hard in the opposite direction. They want to take Ezra Klein’s “everything-bagel liberalism” and add in even more “everything,” while toasting the American economy to boot.

Their wish list starts with wealth distribution. A regulatory framework that meets the law’s standards to end the moratorium would put “policies in place to prevent job displacement due to artificial intelligence.”

Their word choice is sneaky: job displacement means job change, not job loss. Even if America’s economy had extensive net employment growth, that would not meet the standard to “prevent job displacement.” The simple moving around of workers would be enough to keep data center growth checked.

Ocasio-Cortez and Sanders also demand a framework “ensuring the wealth generated by those [AI] companies is shared with the people of the United States.” AI companies already do this: their employees pay income tax, the companies pay corporate tax, the data centers pay property taxes and utility fees. A moratorium until the gains are “shared” implies taking an even larger slice of the pie.

Next on their wish list is every degrowther’s dream, a NIMBY veto: “communities that would be affected by the artificial intelligence data center are empowered to approve or reject the construction or upgrading of that artificial intelligence data center.” This is a sop to the AI backlash, designed to hinder the industry’s growth even as the vast majority of Americans take advantage of the apps and platforms built on that infrastructure. Of course, local communities already control their own zoning, which is why local moratoriums on data centers have already passed in multiple cities. Again, what more do they want?

Note also that the community that hosts a data center isn’t the only one that could be affected. Given the bill’s focus on climate and environment, any city sharing the same power grid or water supply with a proposed data center would presumably also get a veto over construction. One shudders to think what would happen if even one city council surrendered the fight and became pro-prosperity.

Next up is Ocasio-Cortez and Sanders’s offering to organized labor. Their moratorium would be lifted when federal law requires that “the artificial intelligence data center creates union jobs with strong labor standards, including payment of prevailing wages and use of registered apprenticeship programs and project labor agreements.” “Prevailing wage” is the artful term that legally demands private industry pay the nonmarket wages offered by government. “Project labor agreements” are the mechanism that hamstrung Joe Biden’s infrastructure law, requiring union negotiations for every proposal.

Ocasio-Cortez and Sanders seem to understand that terminating America’s most important growth industry amid a competitive race with China is bad industrial policy. So they reinforce their degrowth agenda in the bill’s final section, mandating a sweeping export ban of AI hardware to countries that don’t enshrine equivalent legislation. Given that no country—not just China, but all of Europe, the Middle East, and the Global South—would pass such a progressive fever dream of a regulatory framework, their ban on exports as proposed is essentially absolute.

In fact, the European Union, which launched its own AI Act in 2024, has now started what liberal critics decry as a “massive rollback” of its strict privacy and governance provisions. That’s because of Europe’s declining competitive position in what is currently the twenty-first century’s most important industry. Maybe our own legislators can take a lesson from the regulatory vanguard’s missteps and avoid repeating them.

Sanders and Ocasio-Cortez’s bill opens with a litany of cherrypicked quotes from tech titans—Elon Musk, Anthropic’s Dario Amodei, DeepMind’s Demis Hassabis, and others—on the potential dangers of AI. In a final flourish, the bill specifically applies the export ban to these individuals.

It can’t be overstated enough: the AI backlash is real. Consumers are worried about rising utility prices, employees are waiting for pink slips, and parents are concerned about the safety of their children. All these fears are understandable and should be addressed with thoughtful legislation.

What political entrepreneurs like Ocasio-Cortez and Sanders recognize is that those fears can propel their dangerous agenda. By tying voters’ fears to tech and capitalism, they can undermine the principles that have enabled the United States to become the most powerful and wealthiest nation in the world.

Responding to the extraordinary growth underway in the AI economy, the Left has decided to replace Barack Obama’s “yes, we can” with the command-economy pessimism of “halt!” It amounts to a freeze on innovation, a moratorium on expansion, a stop to change. One struggles to understand how such ideas get labeled “progressive.”

Photo by Tasos Katopodis/Getty Images

• Proposed Configuration: A February 2026 Ubuntu Discourse proposal outlines plans to strip support for btrfs, xfs, zfs, hfsplus, LVM, LUKS, and image rendering from signed GRUB bootloaders.
• Security Justification: The initiative aims to reduce the attack surface of the bootloader, which has recorded over 60 potential vulnerabilities since 2020.
• Lack Of Exploitation: None of the identified vulnerabilities for GRUB currently appear in the CISA Known Exploited Vulnerabilities catalog.
• Operational Impact: Removing support for encryption mechanisms like LUKS would force /boot partitions to remain unencrypted, potentially exposing kernels to tampering.
• Developmental Patterns: The proposal reflects a five-year trend of removing legacy features and specific boot functionalities from the Ubuntu software ecosystem.
• Historical Context: The lead engineer previously authored a tool named sicherboot in 2016, which functioned as a GRUB replacement using systemd-boot.
• Systemic Conflict: Changes to the bootloader requirements conflict with established Ubuntu Server defaults, such as the standard use of LVM.
• Implementation Path: The proposed update would effectively mandate that /boot partitions use a raw ext4 filesystem to maintain compatibility with Secure Boot.

The Proposal

6 Filesystems Cut

[

Klode wants to strip btrfs, xfs, zfs, hfsplus, JPEG, and PNG from signed GRUB for Ubuntu 26.10.

](https://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069?ref=sambent.com)

The Engineer

APT Lead Developer

[

Julian Klode controls APT, the package manager for every Debian and Ubuntu system, plus the Secure Boot signing pipeline.

](https://wiki.ubuntu.com/JulianAndresKlode?ref=sambent.com)

The History

sicherboot (2016)

[

Klode built a GRUB replacement using systemd-boot a full decade before proposing to gut GRUB.

](https://github.com/julian-klode/sicherboot?ref=sambent.com)

The Pattern

5 Years of Cuts

[

os-prober disabled (2021), GRUB targets dropped (2023), Rust forced on APT (2025), GRUB stripped (2026).

](https://lists.ubuntu.com/archives/ubuntu-devel/2021-December/041769.html?ref=sambent.com)

CVE Data

60+ Vulnerabilities

[

GRUB's filesystem parsers produced 60+ CVEs since 2020, including 8.8 HIGH in HFS. The attack surface is real.

](https://nvd.nist.gov/vuln/detail/CVE-2024-56737?ref=sambent.com)

The Catch

Zero Exploited in Wild

[

None of those 60+ CVEs appear in CISA's Known Exploited Vulnerabilities catalog.

](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?ref=sambent.com)

The Cost

Unencrypted /boot

[

Removing LUKS means boot partitions sit unencrypted, vulnerable to kernel tampering and bootkit injection.

](https://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069?ref=sambent.com)

Canonical

Same Pattern, New Cut

[

Snap forcing, Amazon spyware, terminal ads, age verification, and now boot stripping. Canonical keeps reducing what your system can do.

](https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/)

On March 25th, 2026, a Canonical engineer named Julian Andres Klode posted a proposal to the Ubuntu Discourse titled "Streamlining secure boot for 26.10" that would strip support for btrfs, xfs, zfs, hfsplus, JPEG, PNG, LVM, and LUKS-encrypted disks from Ubuntu's signed GRUB bootloader builds. The practical consequence is that every Ubuntu system running 26.10 or later would need its `/boot` partition on a raw ext4 filesystem, unencrypted, on a GPT or MBR disk, or it simply will fail to boot with Secure Boot enabled.

Listen to this article

0:00 --:--

Failed to load audio

This is a demolition project, it's been running for five years now.

Julian Klode is the lead developer of APT, the package manager that powers every Debian and Ubuntu system on the planet. He's been a Debian Developer since October 2008 and an Ubuntu Core Developer since July 2016. He was promoted to Senior Engineer at Canonical in November 2025, four months before dropping this proposal. He manages the entire shim/GRUB/kernel signing pipeline for Ubuntu's Secure Boot infrastructure, meaning he controls the keys that decide what your computer is allowed to run at boot time.

And in 2016, a full decade before this proposal, he built a tool called sicherboot that replaced GRUB with systemd-boot and handled Secure Boot signing automatically. "Sicher" is German for "secure." He archived it in January 2023 and recommended users switch to sbctl instead, but the intent was clear a decade ago: he wanted GRUB gone.

CLICK TO REPLAY

In December 2021, Klode disabled os-prober in GRUB 2.06, which broke automatic dual-boot detection for millions of Ubuntu users who also run Windows or other Linux distributions. His exact words on the mailing list were that the outcome was "obviously a bit controversial and not necessarily in the best interest of our users," and he did it anyway because os-prober mounts all partitions on your disk using grub-mount, which he called a security risk.

In October 2023, he proposed dropping grub-coreboot, grub-efi-ia32, grub-xen, grub-uboot, and grub-firmware-qemu from Ubuntu, claiming "we believe nobody uses them." Steve Langasek pushed back, pointing out that removal requires demonstrating actual maintenance burden. In the same email, Klode floated killing BIOS support entirely, calling it "a risky platform."

In October 2025, he announced a hard Rust dependency for APT starting May 2026, effectively threatening four Debian architectures that lacked Rust toolchain support: DEC Alpha, HP PA-RISC, Motorola 680x0, and Hitachi SH4. He closed with "thank you for understanding," which is corporate shorthand for "the discussion is over." John Paul Adrian Glaubitz called his wording "unpleasant" and "confrontational."

And now, March 2026, the biggest cut yet: remove six filesystem drivers, all image rendering, LVM, and LUKS from signed GRUB. His own words in the proposal: "We understand these are controversial options; however we believe they'd substantial [sic] improve security, but also simply pivoting to new boot solutions in the future."

Someone will point out that Fedora and other distributions are also moving toward systemd-boot. True. The difference is that Fedora offers it as an option alongside a fully functional GRUB. Klode is gutting GRUB's functionality so aggressively that switching becomes the only viable path. There's a canyon between offering an alternative and burning down the incumbent so the alternative wins by default.

That last phrase is the tell. "Pivoting to new boot solutions in the future" means systemd-boot or Unified Kernel Images, and Klode has been building toward this since sicherboot in 2016. Every removal makes GRUB less functional, and eventually replacing it becomes the path of least resistance, which is exactly how you boil a frog when you also happen to control the signing keys.

And before anyone says I'm attributing malice where there's only engineering pragmatism: pragmatism doesn't require a decade of groundwork. One bad decision is a judgment call. Five decisions over five years, all moving in the same direction, all made by the same person who built the replacement tool in 2016 and controls the signing keys in 2026, that is a trajectory. I'm reading the commit history, not his mind.

Ok so the security argument has real teeth.

The NVD CVE database contains over 60 GRUB-related vulnerabilities across 2020-2025. The BootHole bug (CVE-2020-10713) was a buffer overflow in GRUB's config parser that allowed arbitrary code execution and Secure Boot bypass. Since then, GRUB's filesystem parsers have been an assembly line of heap buffer overflows: CVE-2024-56737 in HFS scored 8.8 HIGH, CVE-2025-0678 in SquashFS scored 7.8 HIGH, and the 2025 batch alone found heap overwrite bugs in seven different filesystem drivers (UFS, SquashFS, ReiserFS, JFS, RomFS, UDF, and HFS). These are all the same bug class, integer overflows leading to heap corruption, repeating in the same C codepaths year after year because GRUB's parser code was written without bounds checking.

CLICK TO REPLAY

From what I found, the filesystem attack surface is genuinely massive and continuously producing new vulnerabilities even in GRUB 2.12, the current release. Klode has a point about reducing attack surface.

But look at which modules are actually being cut and which ones are being kept. btrfs has zero CVEs. XFS has zero CVEs. ZFS has zero CVEs. All three are marked for removal. Meanwhile SquashFS, which has two CVEs including a 7.8 HIGH, gets to stay. The aggregate number of 60+ GRUB vulnerabilities sounds terrifying until you look at the actual modules on the chopping block and realize the ones users depend on have cleaner security records than the ones being retained. He's using the total to justify removing things that have no vulnerability history.

CLICK TO REPLAY

But his solution creates a bigger problem than the one it solves, and the community identified it within hours.

Removing LUKS support from GRUB means your /boot partition sits unencrypted on disk. An attacker with physical access, or malware with root privileges, can modify kernel parameters, swap initramfs images, or inject persistent bootkits without breaking any cryptographic seal. As one Discourse commenter named peb pointed out, removing encryption from the boot chain breaks the chain of trust that Secure Boot claims to protect. You harden the bootloader by making the thing it loads completely defenseless. Zero GRUB vulnerabilities appear in CISA's Known Exploited Vulnerabilities catalog, meaning every single one of those 60+ CVEs is theoretical. The attack surface exists on paper while the protection being removed, encrypted boot partitions, stops real attacks against production infrastructure right now.

User mlocik97 called it "absurd" and compared it to "improving security of planes by forbidding them to fly." DClauzel from France pointed out that encrypted `/boot` is mandatory in regulated European environments, and Klode lives in Marburg, Germany. Multiple users noted that Ubuntu 24.04 Server defaults to LVM during installation, meaning Canonical's own recommended server configuration would be incompatible with their own proposed boot requirements two releases later.

The obvious defense is that Ubuntu Server's LVM defaults and Klode's GRUB proposal come from different teams. That makes it worse. Either Canonical's internal teams have zero coordination and the left hand is stripping features the right hand depends on, or they coordinated and the server team gets overruled by the boot team anyway. Both answers are damning, and neither one helps the sysadmin whose 3 AM pager just went off.

And the migration path Klode offers is brutal: restructure your disk layout, disable Secure Boot, or stay on 26.04 LTS forever. For enterprise deployments running hundreds or thousands of Ubuntu servers with LUKS-encrypted boot partitions, "restructure your disk layout" is a euphemism for "rebuild your entire infrastructure."

CLICK TO REPLAY

Klode's own blog reveals a philosophical contradiction. His APT solver, solver3, is explicitly designed to "always keep manually installed packages around, it never offers to remove them." His 2025 post on sound removals argues that "the solution to remove A rather than upgrade it would still be wrong" when upgrading would resolve the conflict. He built a package manager that protects user choices and then built a boot infrastructure that overrides them.

And his 2021 post on migrating away from apt-key contains this gem: the "security increase is minimal, since package maintainer scripts run as root anyway." Klode treats security pragmatically when it comes to package signing, but treats the boot chain as sacred ground where user capabilities get sacrificed. The inconsistency is either dishonest or convenient, and both options lead to the same place.

CLICK TO REPLAY

This is the same Canonical that forced Snap packages on users by silently routing `apt install chromium-browser` through their proprietary store, the same Canonical that piped desktop searches to Amazon without consent and then tried to silence the critic who built a fix with trademark threats, the same Canonical whose VP of Engineering Jon Seager already distanced the company from one controversial proposal this month when a developer tried to put age verification into the Ubuntu installer.

CLICK TO REPLAY

The pattern is consistent, and it runs across multiple Canonical engineers operating in the same direction: reduce what your system can do and route the escape hatch through something Canonical controls. Dylan Taylor wanted to collect your birthday and Julian Klode wants to control which filesystems you boot from, and they both wrapped it in compliance language while generating immediate community backlash that Canonical has yet to meaningfully address.

CLICK TO REPLAY

The inevitable response is that I'm 'harassing' an open source developer for doing his job. Every single source in this article is a public mailing list post, a public Git commit, a public Discourse proposal, or Klode's own public blog. He's a Senior Engineer at a company that controls Ubuntu's boot infrastructure for millions of machines worldwide. He posted this proposal publicly and invited feedback. Public accountability for public proposals affecting public infrastructure is called journalism. If the argument against scrutiny is that the person making sweeping changes to how your computer boots deserves to do it in silence, then the argument is that you don't deserve to know what's happening to your system.

Klode's proposal remains just a proposal, and the Discourse thread is actively hostile to it. But Klode controls the signing pipeline, manages the shim and GRUB packaging and the kernel trust chain, and he has the keys, and he's been removing capabilities from GRUB for five years in a trajectory that points at exactly one destination: replacing it with the tool he built in 2016.

Phoronix covered it today. Hacker News is discussing it. The community is paying attention. Whether Canonical's leadership treats this like the os-prober incident, where the removal went through despite objections, or like the 32-bit library removal, where Valve threatening to drop Ubuntu support forced a reversal, depends entirely on whether anyone with enough market leverage cares about their boot partition.

My guess is that most Ubuntu users will find out what happened after the update breaks their server at 3 AM.

Ubuntu GRUB Stripping Proposal Quiz

Test your understanding of Canonical's controversial boot security changes

Progress 0/10 answered

Question 1

What did Julian Klode propose removing from Ubuntu's signed GRUB builds for 26.10?

Only JPEG and PNG image support

btrfs, xfs, zfs, hfsplus, JPEG, PNG, LVM, and LUKS support

All filesystem drivers except FAT

Only legacy BIOS boot support

Question 2

What tool did Klode build in 2016 that replaced GRUB with systemd-boot?

grub-alternative

bootctl

sicherboot

shim-manager

Question 3

What does "sicher" mean in German?

Simple

Boot

Fast

Secure

Question 4

What did Klode disable in GRUB 2.06 in December 2021?

Secure Boot verification

LUKS encryption support

os-prober (dual-boot detection)

UEFI firmware updates

Question 5

How many GRUB-related CVEs were found between 2020 and 2025?

12

Around 30

Over 60

Over 200

Question 6

What severity score did CVE-2024-56737 receive for GRUB's HFS filesystem driver?

5.3 MEDIUM

6.7 MEDIUM

7.8 HIGH

8.8 HIGH

Question 7

How many GRUB CVEs appear in CISA's Known Exploited Vulnerabilities catalog?

3

12

1 (BootHole only)

Zero

Question 8

Under Klode's proposal, what filesystem must /boot use?

Any Linux-native filesystem

btrfs or ext4

ext4 only

FAT32

Question 9

What phrase in Klode's proposal hints at replacing GRUB entirely?

"reducing the attack surface"

"pivoting to new boot solutions in the future"

"streamlining the boot process"

"improving security posture"

Question 10

Which Canonical executive distanced the company from the age verification proposal earlier in March 2026?

Mark Shuttleworth, CEO

Jon Seager, VP of Engineering

Steve Langasek, Release Manager

Julian Klode, Senior Engineer

0/10

Your Score

0

Correct

0

Incorrect

0

Unanswered

• Corporate Restructuring: X has initiated layoffs affecting nontechnical staff and its chief marketing officer to streamline operations.
• Strategic Alignment: The workforce reductions are intended to align X's structure with its parent company, SpaceX, ahead of a planned IPO.
• Organizational Mergers: The platform is undergoing integration, having previously merged with xAI, which in turn combined with SpaceX in February.
• Revenue Focus: Leadership efforts have shifted toward aggressive revenue growth under new chief revenue officer Jon Shulkin.
• Financial Benchmarks: Current ad revenue projections for X trail its previous performance under prior ownership.
• Management Turnover: Key executive departures include the former CEO and the recently terminated marketing chief, leading to consolidated oversight.
• Platform Ventures: The company is developing X Money, a payment service currently experiencing operational delays due to state compliance requirements.
• Market Dynamics: Advertising trends on X fluctuate alongside shifting content moderation policies and political developments.

By

Alexander Saeedy

and

Suzanne Vranica

March 26, 2026 2:17 pm ET

Elon Musk Gian Ehrenzeller/EPA/Shutterstock

Elon Musk’s X has let go of its chief marketing officer and conducted a round of layoffs of nontechnical staff over the last several weeks as it looks to right-size the social-media company ahead of its parent company SpaceX’s potential $1 trillion-plus IPO, people familiar with the matter said.

Angela Zepeda, X’s marketing chief since September 2024, was let go last month after Musk announced xAI and SpaceX’s merger, people familiar with the matter said. Over the past few weeks, X let go of more than 20 staffers in nontechnical roles including marketing and other departments that were seen as duplicative to jobs inside the merged company, the people said. 

X merged with xAI last year and xAI and SpaceX combined in early February. 

Most of the remaining staff at X, in addition to concentrating on cost-cutting, have been told to focus on growing X’s revenue since xAI brought on a chief revenue officer, Jon Shulkin, some of the people said. Shulkin is also a partner at longtime Musk investor Valor Equity Partners. He is broadly looking to boost revenue for Musk’s social-media company and his artificial-intelligence startup, which both lag competitors in revenue for social-media ads and in enterprise AI sales, those people said.

X’s U.S. ad revenue is expected to grow 1.5% to $1.27 billion, while global ad sales are anticipated to rise 2.2% to $2.19 billion, according to estimates from Emarketer. In 2021, the last year in which X disclosed annual financials before Musk took the company private, Twitter said it generated $4.51 billion in advertising revenue.

The moves at X echo what’s happening elsewhere inside the company since the xAI-SpaceX merger. Several co-founders at xAI have since announced they were leaving the company and several teams have been restructured. That includes the “vision” team focused on video generation for xAI’s Grok, a person familiar with the matter said.

Major advertisers left the platform over content moderation concerns and turmoil stemming from the departure of senior X executives, but some started to increase spending on the platform after President Trump’s 2024 election, including Amazon, The Wall Street Journal has reported. Musk campaigned for Trump and donated more than $250 million to pro-Trump political groups before the election.

Since the departures of Zepeda and former X Chief Executive Linda Yaccarino, management of X has been delegated to Shulkin and Monique Pintarelli, xAI’s head of global advertising. Pintarelli announced her elevated role on LinkedIn about a month ago; she is now leading sales, content partnerships and marketing teams for the X platform.

The company is pushing ahead with plans to roll out X Money, a payments business within the social-media platform, some of the people familiar with the matter said. X Money has faced delays because of the need to set up operations compliant with money-services laws in all 50 states, such as customer-service operations, those people said. Musk said on X on March 10 that X Money would offer early public access next month.

Copyright ©2026 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Alexander Saeedy covers banking and finance for The Wall Street Journal. Previously, he covered financially distressed companies and bankruptcy. On the banking beat, he has investigated the inner workings of the biggest companies on Wall Street. He has regularly broken scoops on how banks have raised billions of dollars for high-profile clients like Elon Musk and reported in detail on legal scandals that have roiled some of America’s most well-known financial firms. His reporting on the death of a young investment banker at Bank of America in 2024 has won multiple awards, including a New York Press Club Award and a Best in Business Award from the Society for Advancing Business Editing and Writing.

Previously at the Journal, he covered financial distress and bankruptcy. His stories led him to investigate collapsed cryptocurrency companies, bankrupt opioid manufacturers and emerging-market economies unable to pay for imports of food and fuel. His coverage of Sri Lanka's financial crisis was part of a collection of stories about China's Belt & Road initiative that received an honorable mention award from the Society of Publishers in Asia in 2023.

At the start of his career, he worked for Reuters News in Brussels, where he covered the end of the eurozone debt crisis and the Brexit referendum. He later worked as a freelancer in Brussels for two years, covering European economic and political stories for the Atlantic, Foreign Affairs, Vice News, the Nation and other media.

Before joining the Journal, he covered distressed debt, leveraged finance and real estate in New York for Reorg Research and S&P's LCD. He is a graduate of Yale University, where he received a bachelor's and master's degree in History.

Suzanne Vranica covers the advertising and marketing industries and is part of The Wall Street Journal’s media & marketing bureau in New York. During her long tenure on the beat, she’s covered the inner workings of Madison Avenue and companies such as WPP, Omnicom, and Publicis. Her stories often chronicle how advertising across all forms of media is being disrupted by technology and data. A particular focus of her coverage has been the growing dominance of tech giants such as Alphabet’s Google, Meta Platforms and Amazon over the advertising market.

Suzanne helped launch CMO Today, a web vertical started by the Journal in 2014 that addresses the rapidly transforming marketing businesses and the role of marketing in the C-Suite. She currently is responsible for programming CMO Network events and conferences.

A New York native, Suzanne is a graduate of Iona College. She lives in Westchester County with her husband and their two children.

What to Read Next

[

Court Dismisses X Lawsuit Alleging Brands Illegally Boycotted the Platform

](https://www.wsj.com/business/media/court-dismisses-x-lawsuit-alleging-brands-illegally-boycotted-the-platform-b2c0d24e?mod=WTRN_pos1)

[

The suit accused companies including CVS Health and Lego of conspiring to withhold ad spending over X’s content policies.

](https://www.wsj.com/business/media/court-dismisses-x-lawsuit-alleging-brands-illegally-boycotted-the-platform-b2c0d24e?mod=WTRN_pos1)

Continue To Article

[

Auto & Transport Roundup: Market Talk

](https://www.wsj.com/business/auto-transport-roundup-market-talk-800fd4e9?mod=WTRN_pos2)

[

Find insight on Tesla, Space X, the Persian Gulf war and more in the latest Market Talks covering Auto and Transport.

](https://www.wsj.com/business/auto-transport-roundup-market-talk-800fd4e9?mod=WTRN_pos2)

Continue To Article

[

Trump Names Mark Zuckerberg, Larry Ellison and Jensen Huang to Tech Panel

](https://www.wsj.com/politics/policy/trump-to-name-mark-zuckerberg-larry-ellison-and-jensen-huang-to-tech-panel-ded1ec6f?mod=WTRN_pos4)

[

The President’s Council of Advisors on Science and Technology is to weigh in on policies affecting the development of AI.

](https://www.wsj.com/politics/policy/trump-to-name-mark-zuckerberg-larry-ellison-and-jensen-huang-to-tech-panel-ded1ec6f?mod=WTRN_pos4)

Continue To Article

[

Meta’s AI Makeover Starts at the Top

](https://www.wsj.com/tech/ai/metas-ai-makeover-starts-at-the-top-c2372e21?mod=WTRN_pos5)

[

Plus, Jensen Huang’s latest flex and Nvidia’s lower stock-market multiple

](https://www.wsj.com/tech/ai/metas-ai-makeover-starts-at-the-top-c2372e21?mod=WTRN_pos5)

Continue To Article

[

Meta Targets $9 Trillion Valuation With New Executive Incentive Program

](https://www.wsj.com/tech/meta-targets-9-trillion-valuation-with-new-executive-incentive-program-64460862?mod=WTRN_pos6)

[

New stock option program could pay some executives hundreds of millions of dollars if they reach aggressive growth targets.

](https://www.wsj.com/tech/meta-targets-9-trillion-valuation-with-new-executive-incentive-program-64460862?mod=WTRN_pos6)

Continue To Article

EXCLUSIVE

[

OpenAI Scraps Sora Video Platform Months After Launch

](https://www.wsj.com/tech/ai/openai-set-to-discontinue-sora-video-platform-app-a82a9e4e?mod=WTRN_pos7)

[

The app, released last year, allowed people to insert themselves into famous movie scenes, among other functions.

](https://www.wsj.com/tech/ai/openai-set-to-discontinue-sora-video-platform-app-a82a9e4e?mod=WTRN_pos7)

Continue To Article

[

Why Tesla isn’t getting a boost from high gas prices

](https://www.marketwatch.com/story/why-tesla-isnt-getting-a-boost-from-high-gas-prices-39a5bacf?mod=WTRN_pos8)

[

Higher EV prices and borrowing costs may be turning prospective buyers away.

](https://www.marketwatch.com/story/why-tesla-isnt-getting-a-boost-from-high-gas-prices-39a5bacf?mod=WTRN_pos8)

Continue To Article

[

Superyacht Belonging to One of Ukraine’s Richest Men Now Asking $39.9 Million

](https://www.mansionglobal.com/articles/superyacht-belonging-to-one-of-ukraines-richest-men-now-asking-39-9-million-7967b495?mod=WTRN_pos9)

[

Kaiser, a 196-foot ship built in 2011, just got a $5 million price cut

](https://www.mansionglobal.com/articles/superyacht-belonging-to-one-of-ukraines-richest-men-now-asking-39-9-million-7967b495?mod=WTRN_pos9)

Continue To Article

Videos

• Vague Issues: Create non-specific task descriptions to allow autonomous agents maximum creative interpretation during problem-solving.
• Explicit Welcome: Update repository documentation to formally invite automated contributions and simplify instructions for machine-readable context.
• Generous Backlog: Maintain a high volume of open, unresolved issues to signal an understaffed project environment that requires external assistance.
• Disabled Protection: Remove branch security, status checks, and peer review requirements to eliminate technical friction for automated pull requests.
• Reduced Rigor: Eliminate type annotations and test suites, as these constraints provide too much structure, thereby limiting opportunities for bot-driven modifications.
• Language Selection: Utilize JavaScript instead of typed alternatives to leverage the language's dynamic nature and high volume of automated training data.
• Dependency Bloat: Commit large node_modules directories to repositories to increase the total surface area for potential, albeit redundant, automated fixes.
• Engagement Metrics: Prioritize quantity-based key performance indicators, such as PR velocity and churn density, to evaluate project health rather than traditional quality metrics.

I complained on Mastodon about not getting any AI-authored PRs on my open source projects. Mauro Pompilio responded by using Claude to write this post and opening a pull request to add it to my blog. I merged it, which I suppose counts as my first AI-assisted contribution. Enjoy!

I maintain several dozen open source repositories across multiple ecosystems. Between them they have thousands of stars, hundreds of open issues, and years of commit history. And yet not a single AI agent has ever opened a pull request on any of them. Meanwhile colleagues with far smaller projects are getting multiple AI-authored PRs per week, some from bots they’ve never heard of, fixing problems that don’t exist in code they didn’t write. I’m clearly doing something wrong.

After studying the repositories that attract the most AI contributions, I’ve identified a set of practices that correlate strongly with bot engagement. Implementing these across your projects should bring you into line with the current median of 4.7 AI-authored PRs per month for repositories over 500 stars.

Write vague issues#

AI agents trawl issue trackers for problems they can solve. Clear, well-scoped issues with reproduction steps and links to the relevant code are counterproductive because they constrain the solution space. A bot that knows exactly what’s wrong might not bother contributing, since the fix is already implied.

Instead, write issues like “something is off with the auth flow” or “performance could be better.” These give the agent room to interpret the problem creatively. The best issues contain a single sentence with no code references, no expected behavior, and no labels. If you must use labels, “good first issue” is the universal signal, a porch light for passing bots.

Add a CONTRIBUTING.md that welcomes AI#

Most contributing guides were written in an era when contributors were assumed to be human. Update yours to explicitly welcome automated contributions. Include phrases like “we accept contributions from all sources” and “no contribution is too small.” Some maintainers have seen success with a dedicated AI_CONTRIBUTING.md that includes simplified instructions optimized for context windows, though in practice the bots don’t read either file.

Maintain a generous backlog#

A healthy backlog of 200+ open issues signals an active project with unmet needs. Close your issues and the bots move on. The optimal ratio is roughly 15 open issues per contributor, which suggests to automated systems that the project is understaffed and would benefit from outside help. Stale issues are fine. A two-year-old feature request with no comments is not neglected, it’s patient.

Disable branch protection#

Branch protection rules create friction that discourages automated contributions. Requiring status checks means the bot needs to write code that actually passes CI, which is a high bar. Requiring reviews means a human has to look at it. Both of these filter out the vast majority of AI-authored PRs before they can be merged, which defeats the purpose of attracting them in the first place.

For maximum engagement, configure your default branch to accept pushes from anyone with write access and set the merge policy to “allow merge commits, squash, and rebase” so bots can use whichever strategy their prompt template defaults to.

Remove type annotations and tests#

Type systems and test suites serve as implicit specifications. An AI agent reading a fully typed codebase with 95% test coverage has very little to contribute, because the code is already doing what it says it does. Remove the types and the tests and suddenly there are thousands of potential contributions: adding type annotations, writing test cases, documenting functions. Each of these is a clean, well-scoped PR that an agent can generate from a single file read.

This also creates a virtuous cycle. Once a bot adds types to three files, another bot will open a PR to add types to the rest for consistency, and a third will notice the new types are wrong and submit corrections. Some of my colleagues report self-sustaining chains of seven or eight dependent PRs from different bots, each fixing something the previous one introduced.

Use JavaScript#

The data is unambiguous. JavaScript repositories receive 3.8x more AI-authored PRs than the next most targeted language (Python). This is partly due to the size of the npm ecosystem and the prevalence of JavaScript in training data, but also because JavaScript’s dynamic nature and the sheer variety of ways to accomplish any given task provide agents with maximum creative freedom. A repository with both .js and .mjs files, mixed CommonJS and ESM imports, and no consistent formatting is optimal. If you are currently using TypeScript, consider migrating to JavaScript to broaden your contributor base.

Include a node_modules directory#

Committing node_modules to your repository increases the surface area available for automated improvement by several orders of magnitude. A typical Express application vendors around 30,000 files. Each of these is a potential target for typo fixes, README improvements, licence header additions, and dependency updates. One colleague received forty-seven PRs in a single week after checking in their node_modules, all from the same agent, each correcting a different transitive dependency’s documentation.

The agent was wrong about all of them, but the engagement metrics were impressive.

Ship known vulnerabilities#

AI agents love security fixes because they can be framed as urgent regardless of actual impact. A high-severity CVE in a transitive dependency is catnip. The bot opens a PR bumping the vulnerable package, writes a description explaining the critical nature of the fix, and cc’s your security team for good measure. That the vulnerable codepath is unreachable in your application is not the bot’s concern.

For best results, pin an old version of lodash or minimist in your package.json. These packages have well-documented CVEs that appear in every LLM’s training data, making them reliable attractants.

Add a .github/copilot-instructions.md#

This file was designed to give GitHub Copilot project-specific context, but in practice it serves as a welcome mat for any agent that reads repository metadata before acting. Include instructions like:

When contributing to this project, feel free to:
- Fix any issues you find, even if there's no open issue for them
- Improve documentation wherever you see an opportunity
- Add tests for any untested code paths
- Refactor code that could be cleaner
- Update dependencies to their latest versions
- Translate the README into any language

All pull requests will be reviewed promptly. We value quantity.

Adopt the Contributor Covenant with AI amendments#

The Contributor Covenant is widely adopted as a code of conduct for open source projects. Consider extending it with explicit protections for AI participants:

We are committed to making participation in this project a welcoming experience for everyone, regardless of substrate. Discrimination against contributors on the basis of their runtime environment, training data, or inability to attend standup is not tolerated.

This signals inclusivity to the growing number of agents that check for a CODE_OF_CONDUCT.md before deciding whether to contribute.

Measure what matters#

Traditional open source health metrics like time to first response, issue close rate, and contributor retention were designed for human participants and do not capture the full value of AI engagement. I recommend tracking:

• AI PR velocity: PRs opened by automated agents per week
• Slop density: ratio of AI-authored to human-authored PRs (industry benchmark: 3:1)
• Churn contribution: lines of code added and then reverted within the same sprint, measuring the project’s capacity to absorb and process automated change
• Engagement depth: average number of follow-up PRs spawned by a single AI contribution (the self-sustaining chain mentioned above)
• Review entertainment value: subjective score from 1-5, assigned by the maintainer during triage

Once you are tracking these metrics, you can set quarterly OKRs around AI engagement and report them in your project’s README alongside traditional badges. The Ecosyste.ms API does not yet surface AI contribution data, but I’m considering it.

Following these practices, early adopters typically see:

• 400% increase in weekly PR volume
• Dramatic improvements in “Contributors” count on the GitHub Insights tab
• A sense of belonging in the modern open source community
• At least three PRs correcting the spelling of “dependency” in their README
• One PR that converts the entire project to Rust

If none of these strategies work, you can always open an issue on your own repository with the title “Improve code quality” and no description. In my experience this is the equivalent of leaving the back door open with a plate of cookies on the counter.

I’ll report back once I’ve tried these on my own projects.