I often watch #Apple's #WWDC as they're always ridiculous, but this year's #WWDC26 was boring as hell. All they presented is:
1. "Fixed" liquid ass (like how Windows 7 "fixed" Vista) which is what *OS 26 should have been from the beginning
2. Extensive parental controls as a way to comply to bullshit age verification laws (parents never use parental controls anyway)
3. AI AI AI AI AI AI!!!!!!!!!!! (white label Gemini)
And the "AI" parts had awkwardly long pauses, probably just to fill in time.
1. "Fixed" liquid ass (like how Windows 7 "fixed" Vista) which is what *OS 26 should have been from the beginning
2. Extensive parental controls as a way to comply to bullshit age verification laws (parents never use parental controls anyway)
3. AI AI AI AI AI AI!!!!!!!!!!! (white label Gemini)
And the "AI" parts had awkwardly long pauses, probably just to fill in time.
👍1🏆1
RE: https://mastodon.social/@jdelacueva/116103089304791787
More on this EU login trojan horse. I used DuckDuckGo app to check the trackings triggered by EU Login app. The result is 39 tracking attempts. The collected data is shown in the screenshots that follow. #privacy
More on this EU login trojan horse. I used DuckDuckGo app to check the trackings triggered by EU Login app. The result is 39 tracking attempts. The collected data is shown in the screenshots that follow. #privacy
Mastodon
Javier de la Cueva (@jdelacueva@mastodon.social)
Attached: 1 image
Actions speak louder than words.
I am unable to install EU Login app in my phone because I use LineageOS and not the Google Spy Android.
Thus, I cannot use the double factor authentication, mandatory from the 25-02-2026 on unless I tell…
Actions speak louder than words.
I am unable to install EU Login app in my phone because I use LineageOS and not the Google Spy Android.
Thus, I cannot use the double factor authentication, mandatory from the 25-02-2026 on unless I tell…
🤓1
RE: https://grapheneos.social/@GrapheneOS/116550899908879585
This is more important now than ever.
Unfortunately, even Mozilla (@mozilla@mastodon.social) recently added the Google Play Integrity API to Firefox for Android (@firefoxnightly@mastodon.social), as part of their effort to support generative AI features.
Hoping that someone at Mozilla sees this thread and reconsiders that decision, in order to reconcile with their mission statement/values.
This is more important now than ever.
Unfortunately, even Mozilla (@mozilla@mastodon.social) recently added the Google Play Integrity API to Firefox for Android (@firefoxnightly@mastodon.social), as part of their effort to support generative AI features.
Hoping that someone at Mozilla sees this thread and reconsiders that decision, in order to reconcile with their mission statement/values.
GrapheneOS Mastodon
GrapheneOS (@GrapheneOS@grapheneos.social)
Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy…
🤡4🤯2
#Meta Deletes Face-Recognition System From Its #SmartGlasses App After WIRED Report
https://www.wired.com/story/meta-removes-face-recognition-code-meta-ai-app-smart-glasses/
#privacy #FRT #FacialRecognition #Oakley #RayBan
https://www.wired.com/story/meta-removes-face-recognition-code-meta-ai-app-smart-glasses/
#privacy #FRT #FacialRecognition #Oakley #RayBan
WIRED
Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.
👍6🌭2
https://www.404media.co/fcc-wants-to-kill-burner-phones-by-forcing-telecoms-to-get-all-customers-ids/
The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.
#FCC #Privacy #Security
The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.
#FCC #Privacy #Security
404 Media
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs
The FCC wants to legally force telecoms to collect new and renewing customers’ government issued identity number and physical address, impacting everyone from the privacy-conscious to domestic abuse survivors. “We never thought that would happen here.”
🤬1🆒1
Didn't know #Flatpak apps can have internal updaters interacting with Flatpak directly so that they can update without the need for a graphical store like Discover or touching the command line. Handling things in Discover or the command line is probably more intuitive, but it's neat that apps can do this rather than trying to do their own thing only and possibly messing up files and introducing conflicts.
❤2
MANY ORPHANED AUR PACKAGES ARE BEING TARGETED WITH AN INFOSTEALER. official statement (fediverse discussion)
collection of detection scripts
the Arch User Repository package alvr has been orphaned, then adopted by a threat actor who immediately updated it with an infostealer. If you have this package on your system and updated it recently, you've been compromised. This is not a result of any upstream compromise; it's just that one AUR package. in particular, the alvr-bin sister package seems to be fine.
here's the relevant thread for alvr from the Arch Linux mailing list. alvr seems to be the first package compromised and/or the first one that was noticed. it was updated maliciously at 2026-06-11 13:53:45 UTC (2026-06-11T13:53:45.000Z) and reverted approximately 3-4 hours after that.
SEVERAL OTHER PACKAGES ARE BEING TARGETED WITH THE SAME MALWARE: 1, 2, 3, 4, 5
AUR mailing list megathread <-- over 400 (!!!!) packages have the malicious npm dependency
collection of detection scripts
the Arch User Repository package alvr has been orphaned, then adopted by a threat actor who immediately updated it with an infostealer. If you have this package on your system and updated it recently, you've been compromised. This is not a result of any upstream compromise; it's just that one AUR package. in particular, the alvr-bin sister package seems to be fine.
here's the relevant thread for alvr from the Arch Linux mailing list. alvr seems to be the first package compromised and/or the first one that was noticed. it was updated maliciously at 2026-06-11 13:53:45 UTC (2026-06-11T13:53:45.000Z) and reverted approximately 3-4 hours after that.
SEVERAL OTHER PACKAGES ARE BEING TARGETED WITH THE SAME MALWARE: 1, 2, 3, 4, 5
AUR mailing list megathread <-- over 400 (!!!!) packages have the malicious npm dependency
❤🔥2
i believe this is an up-to-date list of all packages that are known to be compromised
they all share in common that they will install the atomic-lockfile package from NPM. they were all orphan takeovers. as far as i can tell, all of the ones that have been noticed were reverted to known safe versions. including alvr.
THAT NPM PACKAGE HAS BEEN TAKEN DOWN, but there is another wave of this attack still ongoing! this time, the infected packages are installing js-digest or lockfile-js, also from npm registry (but using bun). js-digest was already taken down, but lockfile-js was published 2026-06-12 13:01:03 UTC (2026-06-12T13:01:03.000Z) and is still live right now !!
this is an infostealer, meaning it exfiltrates sensitive data from your system such as browser cookies, discord tokens, ssh keys, and container registry logins. removing the malware will not undo the damage; the attacker now has all your credentials. moreover, uninstalling the malicious package will not remove the malware because it persists as a systemd service that stays on your system indefinitely.
it executes as an npm preinstall script, and the npm package is installed by the AUR packages. this means that simply installing the malicious versions of any of these packages will compromise you. it does not require you to do anything more afterwards. again, the malware persists if you uninstall the malicious packages
to check if you've been compromised, look in /etc/systemd/system and ~/.config/systemd/user for a recently added .service file with a random name. that's the persistence mechanism and the most obvious mark that you've been compromised.
---
Attached is a screenshot of an announcement from the "Linux VR Adventures" discord.
i know we all hate discord, but LVRA has a lot of auxiliary discussion, so here's an invite link. (or at least, it had a lot of relevant discussion when the news broke and this post was much shorter; it's mostly quiet now as we realized the scope goes way beyond VR. this post is also now more complete than it was)
of special interest, here's a malware analysis thread. Feel free to follow it in real time, or contribute, or whatever. Whanos has produced a preliminary analysis blog post that contains a lot of important information about the malware.
they all share in common that they will install the atomic-lockfile package from NPM. they were all orphan takeovers. as far as i can tell, all of the ones that have been noticed were reverted to known safe versions. including alvr.
THAT NPM PACKAGE HAS BEEN TAKEN DOWN, but there is another wave of this attack still ongoing! this time, the infected packages are installing js-digest or lockfile-js, also from npm registry (but using bun). js-digest was already taken down, but lockfile-js was published 2026-06-12 13:01:03 UTC (2026-06-12T13:01:03.000Z) and is still live right now !!
this is an infostealer, meaning it exfiltrates sensitive data from your system such as browser cookies, discord tokens, ssh keys, and container registry logins. removing the malware will not undo the damage; the attacker now has all your credentials. moreover, uninstalling the malicious package will not remove the malware because it persists as a systemd service that stays on your system indefinitely.
it executes as an npm preinstall script, and the npm package is installed by the AUR packages. this means that simply installing the malicious versions of any of these packages will compromise you. it does not require you to do anything more afterwards. again, the malware persists if you uninstall the malicious packages
to check if you've been compromised, look in /etc/systemd/system and ~/.config/systemd/user for a recently added .service file with a random name. that's the persistence mechanism and the most obvious mark that you've been compromised.
---
Attached is a screenshot of an announcement from the "Linux VR Adventures" discord.
i know we all hate discord, but LVRA has a lot of auxiliary discussion, so here's an invite link. (or at least, it had a lot of relevant discussion when the news broke and this post was much shorter; it's mostly quiet now as we realized the scope goes way beyond VR. this post is also now more complete than it was)
of special interest, here's a malware analysis thread. Feel free to follow it in real time, or contribute, or whatever. Whanos has produced a preliminary analysis blog post that contains a lot of important information about the malware.
Discord
Join the Linux VR Adventures Discord Server!
We discuss topics about the Linux VR experience. Anyone who uses VR on Linux or is interested is welcome. | 7875 members
#IntelligenzaArtificiale alla polizia, il Governo approva i decreti. #Piantedosi: “Non sarà un Grande Fratello”.
Il Consiglio dei ministri ha approvato in esame preliminare due decreti legislativi per adeguare la normativa italiana ai regolamenti europei. Uno dei passaggi riguarda l’uso dei sistemi di #AI da parte delle forze di polizia per attività di videosorveglianza, riconoscimento facciale e trattamento di dati biometrici collegati all’identificazione.
@tecnologia
https://www.greenme.it/scienza-e-tecnologia/social-e-web/intelligenza-artificiale-alla-polizia-il-governo-approva-i-decreti-piantedosi-non-sara-un-grande-fratello/
Il Consiglio dei ministri ha approvato in esame preliminare due decreti legislativi per adeguare la normativa italiana ai regolamenti europei. Uno dei passaggi riguarda l’uso dei sistemi di #AI da parte delle forze di polizia per attività di videosorveglianza, riconoscimento facciale e trattamento di dati biometrici collegati all’identificazione.
@tecnologia
https://www.greenme.it/scienza-e-tecnologia/social-e-web/intelligenza-artificiale-alla-polizia-il-governo-approva-i-decreti-piantedosi-non-sara-un-grande-fratello/
greenMe
Intelligenza artificiale alla polizia, il Governo approva i decreti. Piantedosi: "Non sarà un Grande Fratello"
Il decreto porta l’intelligenza artificiale nelle attività di polizia: biometria, riconoscimento facciale e garanzie da verificare.
🖕3👎2
The Arch Linux AUR had over 400 packages compromised with malware https://www.gamingonlinux.com/2026/06/the-arch-linux-aur-had-over-400-packages-compromised-with-malware/
#Linux #ArchLinux #Security
#Linux #ArchLinux #Security
GamingOnLinux
The Arch Linux AUR had over 400 packages compromised with malware
Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users compromised a lot of packages.
😁7🥰1😱1
HERE WE GO! @stopkillinggames.bsky.social@bsky.brid.gy seems unstoppable now!
Despite the constant misrepresentation from industry lobbyists, the demands from the movement have a high chance of leading to actual protection legislation. The latest update:
The decision is being made on Stop Killing Games! + The ESA can't stop lying.
Despite the constant misrepresentation from industry lobbyists, the demands from the movement have a high chance of leading to actual protection legislation. The latest update:
The decision is being made on Stop Killing Games! + The ESA can't stop lying.
❤3❤🔥1🌚1
Double the updates! Our mobile beta is now available on Github for Android users, AND, we are excited to launch Fluxer v2!
https://fluxer.app/blog/mobile-clients-and-fluxer-v2
Mobile clients and Fluxer v2 |...
https://fluxer.app/blog/mobile-clients-and-fluxer-v2
Mobile clients and Fluxer v2 |...
Fluxer
Mobile clients and Fluxer v2 | Fluxer
Fluxer v2 is out, mobile clients are open source, self-hosting is improving, and public development is moving back to GitHub.
❤4👎2
The idea of a smart-dumb flip phone that doesn't spy on you is really cool and features like a high quality DAC and the LEDs are quite unique, but the high price and the abundance of "AI" slop images on the website killed the hype for me almost immediately. Feels somewhat insulting. The choice of OS (SailfishOS) is probably fine, even though they could have chosen a slightly more open option, but the UIs they showed are all different and likely "AI" slop too.
@82mhz@mastodon.bsd.cafe https://mastodon.bsd.cafe/@82mhz/116758732689711358
@82mhz@mastodon.bsd.cafe https://mastodon.bsd.cafe/@82mhz/116758732689711358
BSD.cafe Mastodon Portal
Andreas (82MHz) (@82mhz@bsd.cafe)
#Commodore event right now:
https://www.youtube.com/watch?v=ixD_fqrnA_c
https://www.youtube.com/watch?v=ixD_fqrnA_c
🤡1
Since the bridge bot is still dogshit, I gotta specify I'm talking about the Commodore Callback.
https://commodore.net/callback/
https://commodore.net/callback/
Plasma 6.7 is out and landing soon on your distro of choice!
You can look forward to easier menu customization, better control over your mics, and, as for virtual desktops... Well, well, well! You get keyboard navigation and the much anticipated feature of having separate virtual desktops on different monitors.
Find out about all the new stuff packed into Plasma 6.7 here:
https://kde.org/announcements/plasma/6/6.7.0/
#Plasma6 #desktop #FreeSoftware #OpenSource
---
Become a Supporting Member:
https://kde.org/anniversaries/30/
You can look forward to easier menu customization, better control over your mics, and, as for virtual desktops... Well, well, well! You get keyboard navigation and the much anticipated feature of having separate virtual desktops on different monitors.
Find out about all the new stuff packed into Plasma 6.7 here:
https://kde.org/announcements/plasma/6/6.7.0/
#Plasma6 #desktop #FreeSoftware #OpenSource
---
Become a Supporting Member:
https://kde.org/anniversaries/30/
💩1