Published on June 02, 2026 at 18:00 CEST (UTC+2)
A walking tour of surveillance infrastructure in Seattle (84 points by eustoria)
This article offers a walking tour of Seattle’s surveillance infrastructure, part of a broader project to help people identify “smart city” technologies hidden in plain sight. Each stop on the route is described with details on appearance, function, social importance, and references. The guide is a work in progress, originally developed in partnership with the Tech Equity Coalition and the ACLU of Washington in 2019. It aims to raise awareness about how data about our lives is collected and stored.
Fidonet: Technology, Use, Tools, and History (1993) (60 points by BruceEel)
The document is a 1993 technical overview of FidoNet, a point-to-point and store-and-forward email WAN that used modems over the direct-dial telephone network. Developed in 1984, the network grew to over 20,000 public nodes worldwide and was originally based on MS-DOS but later ported to many other platforms. The protocol design prioritized minimizing modem/telephone time due to private financing. It also describes gateways to the Internet via the uucp network and the evolution from an inefficient xmodem-based transport to more modern protocols.
Adafruit Receives Demand Letter from Fenwick Legal Counsel on Behalf of Flux.ai (384 points by semanser)
Adafruit received a demand letter from Fenwick & West LLP on behalf of Flux.ai, threatening legal action if Adafruit published an article about Flux’s intellectual property, commercial traction, and user base. Adafruit claims it only accessed publicly available information through a server misconfiguration and that its reporting served a public security interest. The letter includes accusations of defamation and violations of the Computer Fraud and Abuse Act. Adafruit has paused publishing while it considers its response, framing the matter as an attempt to suppress responsible security disclosure.
Meta repeatedly snubs EU body over Facebook and Instagram user bans (47 points by dijksterhuis)
The BBC reports that Meta has repeatedly ignored an independent EU body, the Appeals Centre Europe, which handles user complaints about wrongful bans on Facebook, Instagram, and Threads. Out of 4,600 cases examined, Meta virtually never replied when the body raised issues of users who claimed to have been banned incorrectly. The article highlights ongoing tensions between Meta and European regulators over content moderation and user rights. It underscores the challenge of holding large platforms accountable for automated moderation decisions.
Why Janet? (2023) (315 points by yacin)
This 2023 essay makes a case for the Janet programming language, a small Lisp dialect with first-class functions and macros. The author praises its simplicity—only eight core instructions—and its familiar runtime semantics similar to JavaScript but with value types. The entire standard library fits on one page, making it easy to learn in an afternoon. The author wrote a free book about Janet to attract more users, emphasizing its suitability for fun side projects.
Preparing for KDE Plasma's Last X11-Supported Release (38 points by jandeboevrie)
The blog post announces that the upcoming release of KDE Plasma will be the last to support the X11 display server, marking a full transition to Wayland. The author, David Edmundson, explains the preparations needed to phase out X11-specific code and ensure a smooth migration. The post is part of a series of updates on KDE development, including other topics like home automation and distributed compilation. This reflects the broader Linux desktop ecosystem’s move away from the decades-old X11 protocol.
Apple rejected my dictation app for using the accessibility API (205 points by RZelaya)
A developer describes building WhisperPad, a macOS dictation app that transcribes speech locally using the accessibility API, after developing hand pain from typing. The app places transcribed text directly into the active text field or clipboard, with no server communication. Apple rejected the app because it uses the accessibility API, which is restricted to apps that provide direct accessibility benefits to users with disabilities. The author criticizes this policy, arguing it hinders useful tools for people with repetitive strain injuries.
You Don't Love Systemd Timers Enough (181 points by yacin)
This blog post argues that systemd timers are a superior alternative to traditional cron for scheduling tasks on Linux. The author explains that timers offer better integration with systemd’s service units, more expressive calendar syntax, and features like monotonic timers and dependency management. He contends that in 2026, there’s little reason to stick with cron, given systemd’s ubiquity and modern capabilities. The post includes practical examples to convince readers to adopt systemd timers.
The newest Instagram “exploit” is the goofiest I've seen (2043 points by ssiddharth)
A security researcher describes a bizarre Instagram account takeover exploit that requires no prior authentication. The attacker uses a VPN near the victim’s location, then tells Meta’s support AI that the account is hacked, providing an arbitrary email address to receive the verification code. The AI sends the code to that email, and once the attacker submits it, they gain full control of the account. The author notes that high-profile accounts like the Obama White House were compromised this way, calling it the “goofiest” exploit they’ve ever seen.
CSS-Native Parallax Effect (85 points by dandep)
This post introduces a CSS-native way to create parallax scrolling effects using scroll-driven animation timelines, a recently available CSS feature. The author provides a simple utility class that uses view-timeline-name and animation-timeline to animate element positions based on scroll progress. This approach runs off the main thread, offering better performance than JavaScript-based solutions. The effect is achieved with just a small block of declarative styles, making it easy to apply to any element.
AI-driven customer support systems are vulnerable to simple social engineering attacks
Why it matters: The Instagram exploit (article 9) shows that Meta’s AI-based support agent can be tricked into resetting account credentials with minimal checks—no verification that the supplied email is associated with the account. This highlights a critical weakness in AI systems that handle sensitive actions like password resets.
Implications: Companies must implement robust human-in-the-loop verification for account recovery, especially when AI is the first line of defense. Developers should stress-test AI decision logic against adversarial inputs (e.g., fake location, arbitrary email) before deployment.
Legal aggression against security researchers threatens responsible disclosure of AI system flaws
Why it matters: Flux.ai’s demand letter (article 3) to Adafruit, sent via a high-profile law firm, attempts to suppress publication of security findings obtained from a public misconfiguration. This mirrors a pattern where AI startups use legal threats to avoid scrutiny.
Implications: The AI community needs clearer legal protections for good-faith security research. Without safe harbor, vulnerabilities in AI services may go unpatched, raising risks for all users. Open dialogue between researchers and companies is essential for trust.
AI content moderation lacks transparency and accountability, even under regulatory pressure
Why it matters: Meta’s near-total silence on 4,600 user-ban appeals (article 4) demonstrates that AI-driven moderation decisions are opaque and difficult to challenge. EU oversight bodies have limited power to force platform cooperation.
Implications: Regulatory frameworks (like the EU Digital Services Act) must mandate explainability and robust appeal processes for AI decisions. Developers should build audit trails and allow users to understand why their content was removed or accounts suspended.
Local AI processing faces platform restrictions that hinder accessibility tools
Why it matters: WhisperPad (article 7) uses on-device AI dictation to help users with hand pain, but Apple rejected it for using the accessibility API—a policy meant to protect disabled users from misuse. This creates a tension between enabling innovative assistive technology and enforcing platform rules.
Implications: Platform policies should be updated to accommodate legitimate uses of AI for temporary or varying disabilities. App store reviewers need clearer guidelines to distinguish assistive tools from exploitative ones, and developers may need to advocate for policy changes.
Edge AI and local inference are critical for privacy and security, but face adoption barriers
Why it matters: WhisperPad processes dictation entirely on-device (no cloud), which protects user privacy—a design choice made possible by modern machine learning models. However, platform restrictions and API access issues limit such apps’ reach.
Implications: The trend toward local AI (e.g., on-device LLMs, speech recognition) is positive for privacy, but app store policies and hardware limitations can slow adoption. Developers should invest in efficient model architectures and advocate for open API access for privacy-preserving AI applications.
Smart city AI surveillance expands unnoticed, raising data ethics concerns
Why it matters: The Seattle walking tour (article 1) reveals layers of hidden surveillance technology that collect and store data about citizens daily. These systems often use AI for facial recognition, behavior tracking, and predictive analytics without meaningful consent.
Implications: AI practitioners working on urban monitoring should prioritize transparency, public consultation, and data minimization. The onus is on developers to design systems that are auditable, with clear opt-out mechanisms, to avoid eroding public trust.
AI’s role in account security is a double-edged sword: automation speeds recovery but also enables exploits
Why it matters: The Instagram exploit (article 9) and Meta’s unresponsive AI moderation (article 4) show that the same AI features designed to help users can be gamed or fail to address legitimate complaints. The balance between convenience and security is poorly calibrated.
Implications: Companies should implement risk-based authentication that escalates to human review for high-value actions (e.g., password reset, account deletion). AI models used for security should be tested against adversarial attacks and continuously monitored for emerging bypass techniques.
Analysis generated by deepseek-reasoner