goatdaddy.net
New York's proposed 2026-2027 budget currently includes provisions that will require all 3D printers sold in the state to run print-blocking censorware—software that surveils every print for forbidden designs.Electronic Frontier Foundation
:
End state will be 3d printer firmware as thin client to cloud service with surveillance on all print jobs and your printer only working when connected to the internet.
DIY printers and quad copters are going to become worth making again.
So Anthropic employees are using Claude Code to contribute AI-generated code to open source repositories and hiding the fact using their own internal “undercover mode”.
Totally trustworthy people.
(Any open source project that at the very least requires disclosure of AI-authored contributions should immediately ban Anthropic employees on principle.)
@KillerQueenLena There will soon be an abundance of Rust programmers
furry.engineer/@soatok/1151987…
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
ChatGPT:
Gemini:
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.
Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.
Touch grass. Install @ublockorigin
Thanks for your analysis, good stuff. Confirms my suspicion that GenAI LLM are a kind of AdTech Surveillance Capitalism on steroids, draining way more data from the victim than 'traditional' TechBro corporate eavesdropping.
I suggest to establish digital self defence:
1) Use common sense and avoid bullshit products based on stolen data (GenAI LLMs use HUGE amounts of energy and water for ... what?). Practice good thinking and figure what you can do on your own, with your brain, and without a lying electric parrot crutch.
2) Harden your browser > uBlock Origin, and get to protect your network on DNS level > e. g., with Pi-hole. There, add AI blocklists.
3) Get independent, and off TechBro ripoff services and subscription products. Reclaim your digital freedom.
Again, there is no "age verification", there is only "identity verification", and "identity verification at the OS level" means specifically that there is no such thing as free software in any inclusive, democratic sense and no such thing as "computer ownership" in any way that involves meaningful choice.
chaos.social/@sleepyowl/116126…
Attached: 1 image A friend, @[email protected] has been speaking up against the proposal to enforce age verification at the OS level, and the QRTs to this shows the extent of naivety that a lot of people have.chaos.social
@glyph I feel that the ratchet happening in the UK over, for example, VPNs is an example of why this is not going to work and it's going to go to bad places. Once you've let the camel's nose into the tent, you've lost the most fundamental arguments (here, that the state can require OSes themselves to do age-related things¹).
¹ I expect the argument to go "these things the OSes are doing now are insufficient to solve the problem that you've admitted exists, so we have to go harder".
@glyph I skimmed CA's AB-1043¹ and it contains things that alarm me. An OS is not allowed to block or lie to an application that requests age bracket information, and "covered application store" appears to cover any collection of downloadable software. Arguably this includes Github (!); certainly it appears to include Linux package collections. And I don't see any carve-outs for things labeled "not for use in CA" if they can in fact be used in CA.
¹ leginfo.legislature.ca.gov/fac…
AB 1043 Age verification signals: software applications and online services.leginfo.legislature.ca.gov
@Glyph Any time some one uses the phrase "for the children" it has nothing to do with that. They are just trying to white wash some fascist ass bullshit.
There is never any pacifying people like that as more will never be enough for them.
So Duo (the multifactor authentication service that #infosec loves) has integrated with Persona (the privacy destroying, Peter Thiel backed, AI-linked, facial scanning and mapping "identity verification" software)
You know the recent Discord snafu that received such massive pushback and caused so many people to leave Discord that they've dropped their identity verification?
Yeah, that Persona.
Duo integrates it into Duo Premier, Duo Advantage, and even Duo Essentials...
...which means many working class folks will have no option but to be enrolled into and use Persona...
...or be fired.
duo.com/docs/identity-verifica…
#Duo #Persona #Privacy #Discord #AI
Perform high-assurance identity validation of Duo users with government ID verification.Cisco Duo
Amazon Vendor (where Amazon is the client and the manufacturer the supplier) also requires identification card or something. We (the employees) refused and made the CEO give its personal data.
💪💪💪
Opinion: Careless big-time users are treating FOSS repos like content delivery networksSteven J. Vaughan-Nichols (The Register)
ssh is an obscure but widely-deployed command. It stands for Secure Snake Home and was made in the 90s to securely play snake online
I made a massively multiplayer backend for it with support for thousands of concurrent snake players
ssh snakes.run to join!
How many people know that #WordPress was co-founded by a black man, Mike Little?
Or that he's from the north of England? A self-taught coder from #Stockport, just south of #Manchester? Or that he never received so much as a share, cent or job offer from the $7bn+ valued Automattic after spending five months working exclusively with Matt Mullenweg on the B2 fork?
After @bevangelist told me about @mikelittle I interviewed him for a documentary I never got round to making. Back then I was left with two certainties: he's Wozniak to Mullenweg's Jobs. Among other things he added the one-click upgrade that's been central to WP's bonkers 45%-of-the-web-success. And he's one of the nicest people I've ever interviewed, which is also bonkers given that he not only didn't share in WP's financial success, but that he's barely known.
But he should be - so, better late than never - please meet #MikeLittle, perhaps the most-influential-least-known person in #foss… 25.netribution.co.uk/nic/mike-…
In the story of WordPress –the tool that powers 45% of the web– Mike Little is Steve Wozniak to Matt Mullenweg's Steve Jobs. But unlike Woz, Mike never had shares in Matt's $7bn business – or even a job there.Netribution @ 25
Not sure where #Google asked for feedback about their developer verification program, but they surely didn't talk with #FLOSS devs, civil society, privacy organisations or their #Android users
#FDroid did since September, and interacted with folks in the Fediverse, forum, email and in person
They all voiced one opinion: "developer verification must be stopped"
@marcprux has written an open letter, signed by likeminded organisations who want to #keepandroidopen
Click: f-droid.org/2026/02/24/open-le…
As we wrote about back in September in F-Droid and Google’s Developer Registration Decree, Google plans to enforce mandatory developer registration as a requ...f-droid.org
Google continues to take money for malware pretending to be Homebrew installation.
There’s nothing Homebrew can do about this. Google needs to fix it.
Please put me in contact with someone at Google high enough level to actually fix it.
github.com/Homebrew/install/is…
your problem was from running the official install or uninstall script? you carefully read the output and it was not a git fetch or other connection issue to GitHub (that Homebrew has no control ov...sastorsl (GitHub)
Setting up a traditional & generational Japanese food stall in Fukuoka
Tagged new releases for every repository in the Public Key Directory project
I think the only things really left to do to make them ready for real world deployments are:
External work meaning:
And then I can shift gears to MLS-related work so folks can actually encrypt once they have public keys exchanged :D
Specifications for Fediverse Auxiliary Service Providers - mastodon/fediverse_auxiliary_service_provider_specificationsGitHub
When this rolls out, your private messages on ActivityPub will be encrypted using post-quantum cryptography, if I have any say in the matter:
github.com/swicg/activitypub-e…
We should be extremely opinionated about which cipher suites MUST be supported, even if we ultimately allow clients to support broader rangers of algorithms. To that end, I'm going to make some alg...soatok (GitHub)
I wrote this four months ago, and we're already this far along.
soatok.blog/2025/10/15/the-dre…
Since I have your attention for the moment, I’d like you to ask yourself a question: What is it that drives you in life? Do you yearn for the feeling of safety? By seeking power, status, weal…Dhole Moments
Zuck's assholes decided to bring facial recognition technology into the courtroom, thus providing the means for deanonymizing jurors.
cbsnews.com/news/meta-trial-ma…
A Los Angeles judge ordered Meta officials to remove their AI glasses at a trial over the impact of social media on users.Mary Cunningham (CBS News)
Been using Check::SuricataFlows at work and been loving it. Far faster and memory efficient than Check::NetworkSpans.
Added IP ignore capabilities in 0.2.0, but not found a reason to use that really. Big thing was 0.1.0 with adding the ability to check for multiple sensors in the flow log.
Looking at adding in some delay capabilities for sensors that are stupidly low traffic and only see a flow maybe once every 10 minutes or so.
By the way, if you're looking at Stoat:
github.com/stoatchat/for-ios/b…
Take a guess what this does.
Stoat for iOS. Contribute to stoatchat/for-ios development by creating an account on GitHub.GitHub
@vantiss It's one of those really big code smells that looks like the network security equivalent of a "kick me" sign, but a friend tells me it's pretty typical for anything that handles user content.
It allows HTTP connections, instead of requiring HTTPS, basically.
the other fun thing is that docs explicitly state it's ignored in "iOS 10.0 or later or macOS 10.12 or later"
so, y'know, only ..... most of a decade ..... which ime fairly likely means it's being cargoculted / pulled from bad defaults / simlar
"not set with intention, but there because lack of regard"
(I will note icbw here, I don't really do ios appdev actively - just a quick glance at docs now and there might be nuance/derp)
soatok.blog/2026/02/17/cryptog…
#Matrix #infosec #vulnerabiltiy #cryptography #privacy
Two years ago, I glanced at Matrix’s Olm library and immediately found several side-channel vulnerabilities. After dragging their feet for 90 days, they ended up not bothering to fix any of i…Dhole Moments
@kitkat @varx @mkj Pretty sure you're wrong about that. There's no reason clamping would affect things in any way.
In fact, here's a PoC: gist.github.com/meithecatte/14…
now excuse me, as the time I had allocated to arguing with people on the internet today has run out.
On Soatok's alleged high-severity Vodozemac vulnerability - soatok.mdGist
So published Check::SuricataFlows yesterday, which is a more efficient follow up to Check::NetworkSpans.
To do list includes adding...
- IP ignore capabilities
- checking for multiple Suricata instances incase multiple instances are appending to the same file.
But yeah, so far much better. Can run on a 5 minute basis instead of basically needing a wrapper for using it with sneck like Check::NetworkSpans does.
hey, if you enjoy the #USCSB safety videos, the current administration is putting them on the chopping block with a reported $0 allocated for FY2025 and appropriating their emergency fund for the costs of shutting down the USCSB agency.
they put out a video in an attempt to justify themselves, but if you're in the US then please call and/or write to your congresspeople and ask them to back the CSB. their budget is miniscule for the impact they have.
youtube.com/watch?v=2z7h5BOZ2H…
With fewer than 50 employees and an annual budget of just $14.4 million, the U.S. Chemical Safety Board (CSB) plays a critical role in driving chemical safet...YouTube
hanging WLED lanterns
They are made using a 16x16 matrix of RGB LEDs inside a 2" clear tube with a small WLED controller and 12v->5v buck converter inside it. Powered via a cable that comes out the top to a connector, which also severs to provide the means to hang it as well.
On a some what related note...
github.com/librenms/librenms/p…
LibreNMS can now talk to WLED.
Today in "ad blockers are Internet security software":
Ars Technica, "Address bar shows hp.com. Browser displays scammers’ malicious text anyway.": arstechnica.com/security/2025/…
Malwarebytes, "Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number": malwarebytes.com/blog/news/202…
TL;DR: Scammers buy search engine ads linking to legit websites' help pages with a pre-filled help query, but the query bar text is a message to call the fake-support phone number.
Scammers are abusing sponsored search results, displaying their scammy phone number on legitimate brand websites.Pieter Arntz (Malwarebytes)
Block ads, even in your go-to search engine.
Block ads, *especially* in your go-to search engine.
I have to spend several hours each week dealing with security issues reported by third parties. Most of these issues aren't critical but it's still a lot of...GitLab
I really like how these turned out. Supports/mounting is 1/2" black pipe, the wood is pine, and the stain is cognac.
Now to begin putting stuff on them and also figuring out where to relocate some of the art I needed to move.
Neat way to disable Windows Defender...
Register a no-op AV product in the Windows Security Center (WSC). This action is protected by an NDA that AV vendors sign, and, well...
Anyway, yeah, admin users can do admin things. Don't forget that.
An even funnier way to disable windows defender. (through WSC api) - es3n1n/defendnotGitHub
@GossiTheDog @deepthoughts10
TBH, I've never really fully grok'd what Tamper Protection actually does.
Here's a PoC of a bypass that I found a long time ago. 🤷♂️
Kyle Schutt is a 37 year old "DOGE software engineer," according to ProPublica. In February, Drop Site News reported that he gained access to FEMA's "core financial management system.Micah Lee (micahflee)
@osuosl has been around for 22 years. They kindly host our gitlab for 6 months now, and provide important services for more than 150 other free and open source software communities such as @alpinelinux, @chimera , @debian, @fdroidorg, @gentoo, @gnome, @LineageOS, #ReplicantOS, @torproject. Now their future is in jeopardy 😢
We usually don't ask this, but please boost for reach, this is important infrastructure for so many FLOSS projects! 
A nonprofit organization working for the advancement of open source technologies.osuosl.org
Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructure.Electronic Frontier Foundation
The Authenticity Drought
The types of people that proudly call themselves "influencers," and describe what they create merely as "content," are so profoundly allergic to authenticity that it bewilders the mind. Don't believe me? Look no further than the usage of "unalive" in the modern lexicon. The verb "unalive" became a thing because content creators (predominantly on YouTube) were being penalized by advertisers for talking about suicide and other heavy topics.
soatok.blog/2025/04/03/the-aut…
The types of people that proudly call themselves “influencers,” and describe what they create merely as “content,” are so profoundly allergic to authenticity that it bewilde…Dhole Moments
great blog post,
good puns, one amazing lyrics replacement (that one’s gonna be stuck in my head for a while).
Also excellent recommendations. While I (think I) never did subscribe (heh) to much of the influencer stuff and have found quite some excellently weird people on here, I still think I have more outcasts to find (and the people stuff, but peopling is hard and scary). Maybe also a bit more being weird, though I think I am not too shabby there.
Thanks for that!
I did a lot of talks on student surveillance last year, including talks aimed at college administrations trying, to convince them that turning the campus into a surveillance state was not a good idea. I have not been invited to do a single talk on student surveillance in 2025 for some reason.
nytimes.com/2025/03/29/us/univ…
Colleges are using surveillance videos and search warrants to investigate students involved in pro-Palestinian protests. Experts say it’s a new frontier in campus security that could threaten civil liberties.Isabelle Taft (The New York Times)
Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26200.5516 (KB5054687) to the Dev Channel. REMINDER: Starting withWindows Insider Blog
They use G code which is a bunch of x,y,z movement commands.