Security updates for Wednesday
Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free and kernel), Arch Linux (bind and varnish), Debian (glibc and syslog-ng), Fedora (microcode_ctl, mozilla-ublock-origin, nodejs20, and nodejs22), Mageia (firefox, nss, rootcerts, open-vm-tools, sqlite3, and thunderbird), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, nodejs:22, php, php:8.2, php:8.3, python-tornado, redis, and redis:7), Red Hat (libsoup, pcs, and python-tornado), Slackware … ⌘ Read more

Klinge FPGA Computer Targets Secure, Headless Linux Deployments
Klinge is a compact FPGA-based headless computer designed by Lone Dynamics Corporation. It targets secure networking and long-term Linux applications, and can be used as a blade server in modular enclosures or standalone setups. Klinge uses the Lattice ECP5 FPGA (LFE5U-25F), offering 24K LUTs when compiled with open-source tools. The board includes 512MB of DDR3L […] ⌘ Read more

Large Language Models can run tools in your terminal with LLM 0.26
Comments ⌘ Read more

love-hate and otel: using it while avoiding complexity
I quite appreciated his workflow for keeping OTel’s complexity at arm’s length. Also, he’s got a generic tool that can parse logs and turn them into otel spans that combines well will canonical logs and “wide events”: https://github.com/jonjohnsonjr/logspan

Comments ⌘ Read more

MITM HTTPS Payload with Python

Image

A lightweight MITM tool for monitoring encrypted traffic and detecting threats powered by AI and built in Python

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/mitm-https-payload-with-python-499ebf8e933f?source=rss—-7b722bfd1b8d— … ⌘ Read more

Armbian 25.5 Adds New Board Support, Application Modules, and Receives Community Recognition
The Armbian team has released version 25.5, bringing expanded hardware compatibility, improved system tools, and a growing library of post-install application modules. The update also coincides with Armbian being recognized by NetBox Labs with a 2025 NetBox Hero Award for its role in open infrastructure innovation. New in Armbian v25.5 The latest release include … ⌘ Read more

Security updates for Monday
Security updates have been issued by AlmaLinux (389-ds-base, ghostscript, grafana, kernel, and osbuild-composer), Debian (intel-microcode, kernel, libphp-adodb, and openssl), Fedora (dotnet8.0, ghostscript, iputils, nbdkit, open-vm-tools, thunderbird, and vyper), Mageia (chromium-browser-stable, glibc, iputils, microcode, nodejs, and zsync), Oracle (.NET 8.0, .NET 9.0, 389-ds-base, avahi, buildah, compat-openssl11, expat, firefox, ghostscript, gimp, git, grafana, gvisor-tap-vsock, libso … ⌘ Read more

You Can Choose Tools That Make You Happy
Comments ⌘ Read more

From Zero to $1000/Month | Bug Bounty Automation Blueprint

Image

Proven Tactics, Tools, and Code to Automate Your Way to Consistent Bounties

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-zero-to-1000-month-bug-boun … ⌘ Read more

@bender@twtxt.net Here’s a short-list:

• Simple, minimal syntax—master the core in hours, not months.
  
• CSP-style concurrency (goroutines & channels)—safe, scalable parallelism.
  
• Blazing-fast compiler & single-binary deploys—zero runtime dependencies.
  
• Rich stdlib & built-in tooling (gofmt, go test, modules).
  
• No heavy frameworks or hidden magic—unlike Java/C++/Python overhead.

Open Source SQL Workbench Says “No Republicans Allowed!”
The Apache licensed SQL query tool says Republicans (and many others) are not welcome to use their software due to “despicable politics” and “contempt for human rights.” ⌘ Read more

Sandboxing AI Tools with Guix Containers
Comments ⌘ Read more

Security updates for Friday
Security updates have been issued by Fedora (dotnet9.0, dropbear, ghostscript, nbdkit, openssh, python-watchfiles, rpm-ostree, yelp, yelp-xsl, and zsync), Oracle (firefox and kernel), Red Hat (osbuild-composer), Slackware (aaa_glibc and mozilla), SUSE (chromedriver, open-vm-tools, postgresql14, python-cryptography, and thunderbird), and Ubuntu (linux-aws, linux-hwe-5.4, python, and sqlite3). ⌘ Read more

CNCF Shares Schedule for Open Observability Summit North America, Gears Up for Inaugural Event
The event will unite observability leaders, developers, and end users to drive progress in observability tools and best practices SAN FRANCISCO, Calif., May 22, 2025 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems… ⌘ Read more

[$] Recent disruptive changes from Setuptools
In late March, version 78.0.1 of Setuptools — an important
Python packaging tool — was released. It was scarcely half an hour before
the first bug\
report came in, and it quickly became clear that the change was far
more disruptive than anticipated. Within only about five hours [78.0.2 was\
published to roll back the change](https://setuptools.pypa.io/e … ⌘ Read more

@bender@twtxt.net @prologic@twtxt.net Jokes aside, I don’t think that’s the right approach either. We had spell checkers, since I can remember, as well as other tools, like the smart image select, used mostly to remove backgrounds. These are tools, that just simplify the process of either opening up a dictionary and looking up a word, you can’t remember the spelling of, or the process of placing a billion little dots around the part of an image you want to select - none of these are creative or enjoyable tasks, we already had tools for them, decades before AI. I don’t think we need to go back to cave paintings, to be free of AIs influence on our creative work.

Security updates for Tuesday
Security updates have been issued by Debian (firefox-esr, openjdk-11, openjdk-17, and wireless-regdb), Fedora (iputils, open-vm-tools, sfnt2woff-zopfli, and woff), Red Hat (postgresql:12), SUSE (apache2-mod_auth_openidc, brltty, helm, python-maturin, and rubygem-rack), and Ubuntu (linux-azure-fips). ⌘ Read more

Google Releases NotebookLM App for iOS and Android
Google has launched iOS and Android apps for NotebookLM, the company’s advanced AI-powered research and note-taking tool.

Image

Commenting on the launch in a blog post, Google said:

We’ve received a lot of great feedback from the millions of people using NotebookLM, our tool … ⌘ Read more

Security updates for Monday
Security updates have been issued by Debian (dropbear, firefox-esr, intel-microcode, net-tools, openafs, thunderbird, and xrdp), Fedora (chromium, micropython, syslog-ng, webkitgtk, and xen), Mageia (dropbear and openssh), Oracle (.NET 9.0, kernel, libjpeg-turbo, and yelp and yelp-xsl), Red Hat (compat-openssl11, git-lfs, grafana, kernel, and osbuild and osbuild-composer), Slackware (mozilla), SUSE (cargo-c, gimp, iputils-20240905, kernel, libraw, microcode_ctl, openssh, pnpm, … ⌘ Read more

IPinfo Free Geolocation API: Tools, Setup & Use Cases ⌘ Read more

I Built a Tool to Hack AI Models — Here’s What It Uncovered

Image

A few months ago, I was auditing a chatbot deployed inside a financial services platform. It used a mix of retrieval-augmented generation…

[Continue reading on InfoSec Write-ups »](http … ⌘ Read more

Get Network Utility for MacOS Sequoia with Neo Network Utility
Remember Network Utility, the handy tool for Mac that was bundled with the operating system since the origins of Mac OS X? With Network Utility, you had an easy graphical interface to commonly used network tools like ping, netstat, nslookup, traceroute, finger, port scanning, and whois. But for reasons unknown, Apple removed Network Utility from … [Read More](https://osxdaily.com/2025/05/16/get-network-utilit … ⌘ Read more

Even More iPhone Safety Tips You Should Know
Last week, we shared a list of iPhone safety tools that every iPhone owner should know about, from Emergency SOS and Medical ID to Safety Check and Check In. MacRumors readers had more suggestions on safety information we should highlight, so we have a follow-up … ⌘ Read more

Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, kernel, kernel-rt, redis:6, and yelp and yelp-xsl), Debian (chromium), Red Hat (compat-openssl11, kernel, and thunderbird), and SUSE (nbdkit, open-vm-tools, and rustup). ⌘ Read more

OCaml Web Development: Essential Tools and Libraries in 2025
Comments ⌘ Read more

Top Tools That Helped Me Earn $500 in 30 Days

Image

How I used these tools & commands to find bugs fast

Continue reading on InfoSec Write-ups » ⌘ Read more

Security updates for Thursday
Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack). ⌘ Read more

☕Best Tool for Analyzing Java Files (90% of Hackers Don’t Know This)

Image

Free Article Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/best-tool-for-analyzing-java-files-90-of-hackers-dont-know-this- … ⌘ Read more

Hacking With No Tools: How to Break Web Apps Using Just Your Browser ️‍♂️

Image

Hacking With No Tools: How to Break Web Apps Using Just Your Browser 🕵️‍♂️

[Continue reading on In … ⌘ Read more

Podman 5.5.0 released
Version\
5.5.0 of the Podman container-management tool has been
released. Notable features include the addition of a podman machine cp command to copy files into a running Podman\
VM, a podman artifact extract command to copy
contents of an OCI\
artifact to disk, and a --mount=artifa ... ⌘ [Read more](https://lwn.net/Articles/1021217/)

Apple Music Gets New Transfer Tool to Make Switching From Spotify Easier
Apple this week introduced a new feature designed to allow prospective Apple Music users to import their saved music and playlists from third-party music services to ‌Apple Music‌.

Image

The feature is either in an expanded testing phase or it has started rolling out, and it is available in Australia and New Zealand acco … ⌘ Read more

Top 8 Best Vulnerability Scanning Tools (2025 Guide) ⌘ Read more

How to install and run Minikube with Rootless Podman on ARM-based MacBooks
minikube provides a local Kubernetes cluster on macOS, Linux, and Windows. minikube’s primary goals are to be the best tool for local Kubernetes application development and to support all Kubernetes features that fit into that environment…. ⌘ Read more

Fx v36 - JSON terminal viewer
Hello Lobsters, I’m the author of a fx tool. I’ve been working hard past month to develop a new version of a fx with a lot of improvements and fixes. Please check them out.

Comments ⌘ Read more

[$] The last of YaST?
The announcement
of the openSUSE Leap 16.0 beta contained something of a
surprise—along with the usual set of changes and updates, it
informed the community of the retirement of “the traditional YaST
stack” from Leap. The YaST (“Yet another Setup Tool”)
installation and configuration utility has been a core part of the
openSUSE distribution since its [inception](https://lists.opensuse.org/archives/list/users@lists.opensuse … ⌘ Read more

Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs

Image

✅Free Article Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rss—-7 … ⌘ Read more

A tool to verify estimates, II: a flexible proof assistant
Comments ⌘ Read more

Six iPhone Safety Tools You Should Know About
Apple is known for its privacy policies that keep user data collected to a minimum, but the company has also worked to incorporate many safety features into its devices. From summoning help when you can’t to making sure you’re not being tracked or followed, the iPhone has tools that are meant to keep you safe.

Image

We’ve rounded up some of the most imp … ⌘ Read more

Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs

Image

🗝️Free Article Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more

Tool Review — TraceWeb.io Extension ⌘ Read more

Tiliqua Brings FPGA-Based Audio and Visual Tools to Eurorack Systems
Tiliqua is a modular FPGA-based platform for Eurorack systems, launched on CrowdSupply. It supports real-time audio and video synthesis using open-source tools like Amaranth HDL, offering more flexibility and performance than typical microcontroller-based modules. The platform uses the “SoldierCrab” FPGA System-on-Module, which integrates an LFE5U-25F FPGA, PSRAM, a USB PHY, and SPI flash. This module […] ⌘ Read more

A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux

Image

Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.

[Continue … ⌘ Read more

Securing Model Context Protocol: Safer Agentic AI with Containers
Model Context Protocol (MCP) tools remain primarily in the hands of early adopters, but broader adoption is accelerating. Alongside this growth, MCP security concerns are becoming more urgent. By increasing agent autonomy, MCP tools introduce new risks related to misalignment between agent behavior and user expectations and uncontrolled execution. These systems also present a novel… ⌘ Read more

Announcing OpenReports: Standardized Kubernetes Reporting
The Kubernetes ecosystem, while powerful, is a sprawling landscape of tools. As organizations scale their deployments, ensuring compliance and security becomes paramount. But how do you effectively track and report on your Kubernetes policies and scanners… ⌘ Read more

A new AUTOSEL release
AUTOSEL is a tool that is used to find kernel patches that should be
considered for backporting into the stable releases. Sasha Levin has announced a new and completely
rewritten version of AUTOSEL for those who would like to play with it.

Unlike the previous version that relied on word statistics and
older neural network techniques, AUTOSEL leverages modern large
language models and embedding technology to provide significantly
more accurate recommen … ⌘ Read more

2025 Mobile App Pentesting Guide: Tools, Techniques & Real-World Examples ⌘ Read more

Introducing Docker MCP Catalog and Toolkit: The Simple and Secure Way to Power AI Agents with MCP Tools
Model Context Protocols (MCPs) are quickly becoming the standard for connecting AI agents to external tools, but the developer experience hasn’t caught up. Discovery is fragmented, setup is clunky, and security is too often bolted on last. Fixing this experience isn’t a solo mission—it will take an industry-wide effort. A secure, scalable, and trusted MCP… ⌘ Read more

Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About

Image

Let’s Skip the “Sign Up on HackerOne” Talk

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-for-real-tools-tactics-and-truths-no … ⌘ Read more

@bender@twtxt.net Yes, you right. But is premium for more than that.
I use a feature I love a lot: customising different searches with different themes or links.
It’s easy to understand with an example. I have a search with the name “Django”. I set sources: Django documentation, stack overflow, topic “programming” and so on. It’s very quick to find Django solutions.
I also have another way to find my stuff: search my blog and repositories.
I had problems paying for the first mouths, now it’s a working tool for me.

$1000+ Passive Recon Strategy You’re Not Using (Yet)

Image

Still using subfinder & sublist3r tools for finding assets while recon??

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-passive-recon-strategy-youre-not-using-yet-164f5b1e … ⌘ Read more

Limits of Malware Detection ⌘ Read more

that said, and reading to @sorenpeter@darch.dk and @andros@twtxt.andros.dev I have new thoughts. I assume that this won’t change anyone’s opinions or priorities, so it makes no harm sharing them.

It’s always tempting to use something that already exists (like X, Masto, Bsky, etc.) rather that building anything through effort and disagreement until reaching to something useful and valuable together. A ‘social service’ is only useful if people is using it.

I’ll add that I haven’t lost interest on the ‘hacky’ part of twtxt about developing tools, protocols, and extensions as a community. It’s the appealing part! It’s a nice hobby to have, shared with random people across the world.
But this is not the right way for me, and makes me feel that I’m unwelcome to propose something different (after watching replies to my previous twt). Feels like “If you don’t agree, you are free to leave, we’ll miss you.” Naah, not cool. I’ve lived that many times before, and nowadays I don’t have enough spare time and energy for a hobby like that.

Let’s see what happens next with the micro-community!

[$] Better debugging information for inlined kernel functions
Modern compilers perform a lot of optimizations, which can complicate debugging.
Song Liu and Thierry Treyer spoke about a potential improvement to
BPF Type Format (BTF) debugging information that could partially combat that
problem at the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit.
They want to add information on selectively inlined functions to BTF in order to
better support tracing tools.
Trey … ⌘ Read more

I’m with @andros@twtxt.andros.dev and @eapl.me@eapl.me on this one. But I have also lost interest in twtxt lately and currently rethinking what digital tools truly add value to my life. So I will not spending my time on adding more complexity to Timeline. Still a big thanks to you @prologic@twtxt.net for all the great work you have done and all the nice conversations both here and on our video calls.

Docker Desktop 4.41: Docker Model Runner supports Windows, Compose, and Testcontainers integrations, Docker Desktop on the Microsoft Store
Docker Desktop 4.41 brings new tools for AI devs and teams managing environments at scale — build faster and collaborate smarter. ⌘ Read more

I also fundamentally do not believe in the notion that Twtxt should be readable and writable by humans. We’ve thrown this “argument” around in support of some of the proposals, and I just don’t buy it (sorry). As an analogy, nobody writes Email by hand and transmits them to mail servers vai SMTP by hand. We use tools to do this. Twtxt/Yarn should be the same IMO.

Valgrind-3.25.0 is available
Version 3.25.0 of the Valgrind
dynamic-analysis tool has been released. It has lots of new features,
including initial support for RISC-V on Linux, handling zstd-compressed
debug sections, integration of the Linux Test\
Project test suite, support for lots more Linux system calls, and more.
It also has plenty of bug fixes, of course. ⌘ Read more

@lyse@lyse.isobeef.org Hahahaha 🤣 I mean it’s “okay” every now and then, but what’s the point of having good clients and tools if we don’t use ‘em 🤣

Are “AI” systems really tools?
Comments ⌘ Read more

Top 5 Open Source Tools to Scan Your Code for Vulnerabilities

Image

These tools help you find security flaws in your code before attackers do.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-open-source-tools-to-s … ⌘ Read more

How to build and deliver an MCP server for production
In December of 2024, we published a blog with Anthropic about their totally new spec (back then) to run tools with AI agents: the Model Context Protocol, or MCP. Since then, we’ve seen an explosion in developer appetite to build, share, and run their tools with Agentic AI – all using MCP. We’ve seen new […] ⌘ Read more

Notation as a Tool of Thought (1979)
Comments ⌘ Read more

MCP Security: Tool Poisoning Attacks
Comments ⌘ Read more

Inspiriert durch äußere Einflüsse habe ich mit litecanvas eine mobile Chooser-App nachgebaut: https://tools.uplegger.eu/mobile.tapChooser/
Jetzt muss ich nie wieder selbst Entscheidungen treffen!1elf 🤗

How to Create a Botnet Using One Tool: A Proof of Concept for Educational Purposes Aspiring…

Image

Learn how attackers build and control botnets — safely and ethically — using … ⌘ Read more

Ta, @prologic@twtxt.net! Assuming you mean 13, it’s just some old shed in an orchard. I reckon the owners keep some of their tools in there. They are all over the place around here. To me they look like they were all built like 50 odd years ago or maybe more, not sure. I could be completely wrong. I just like the look of them and actually wanted to capture the dark sky with the rolling in thunderstorm, but my camera had totally other plans. Didn’t work out at all.

Go 1-24 讓項目工具管理更優雅的 tool 指令
工具管理的歷史難題———在 Go 1.24 之前，管理項目依賴的工具（如 linters、代碼生成器等）是一個棘手的問題。雖然有 go.mod 來管理代碼依賴，但工具依賴卻沒有一個官方的解決方案。社區曾流行的做法是創建一個名爲 tools.go 的文件，通過一種 “技巧” 來管理這些工具依賴：//go:build toolspackage toolsimport (     ”gol ⌘ Read more

CNCF Announces OpenObservabilityCon North America to Accelerate Open Source Innovation and Tame Infrastructure Complexity
New event will convene observability leaders, developers, and end users to advance open source observability tools and practices SAN FRANCISCO, April 22, 2025 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud… ⌘ Read more

Dockerizing MCP – Bringing Discovery, Simplicity, and Trust to the Ecosystem
Discover the Docker MCP Catalog and Toolkit, a new way to source, use, and scale with MCP tools. ⌘ Read more

@bender@twtxt.net I use it. It’s not the feature I use the most in the fediverse, but I communicate this way with several friends. For example, it’s the main way I talk to the original creator of the twtxt-el repository, the way people greet me for the first time or the way they notify me of some bugs in the software I maintain. I can even tell you that it’s the main way I talk to some maintainers of the Emacs community. If there are any of you reading my words, speak up!
Why not have the same? There are things I want to say to @prologic@twtxt.net in private, why should I have to send him an email or private IRC? Or an public twt.
Of course, here’s a topic we’ve already talked about: what is twtxt for you? For me it will always be a social network, in microblogging format, but an asynchronous way of communicating. And having a tool to control visibility is basic 😄
I look forward to hearing from you @eapl.me@eapl.me !

EPA Deletes Pollution Tracking Tools as It Offers Exemptions to Polluters
Mike Ludwig ,  Staff Writer  -  truthout

_Stephan: Here is yet another example of Despot Trump’s corruption doing favors for the uber-rich who enrich him so that he permits them to destroy Earth’s matrix of life and wellbeing. His corruption is going to have a decades-long impact, and will be a major factor contributing to the civilization-altering catastrophe that happens betwe … ⌘ Read more

5 Tools I Wish I Knew When I Started Hacking ⌘ Read more

@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:

[Global]
    Name = your.irc.server.com
    Password = yourfancypassword
    Listen = 0.0.0.0
    Ports = 6667

    AdminInfo1 = Well, me.
    AdminInfo2 = Over here!
    AdminEMail = forget.it@example.invalid

[Options]
    Ident = no
    PAM = no

[SSL]
    CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
    KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
    DHFile = /etc/ngircd/dhparam.pem
    Ports = 6669

Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)

I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅

Seem like it’s a server-client thingy? 🤔 I much prefer tools in this case and defer the responsibility of storage to something else. I really like restic for that reason and the fact that it’s pretty rock solid. I have zero complaints 😅

(#3lokkza) Seem like it’s a server-client thingy? 🤔 I much prefer tools in this case and defer the responsibility of storage to something els …
Seem like it’s a server-client thingy? 🤔 I much prefer tools in this case and defer the responsibility of storage to something else. I really like restic for that reason and the fact that it’s pretty rock solid. I have zero complaints 😅 ⌘ Read more

Timeline of Evolution of Twtxt/Yarn.social:

• 2016 – Twtxt created by John Downey: plain text + HTTP = minimalist microblogging
  
• 2017–2019 – Community builds CLI tools, but adoption remains niche
  
• 2020 – Yarn.social launched by @prologic@twtxt.net with federation, threading, UI
  
• 2021–2023 – Pods sync, user mentions, blocking, search, and media support added
  
• 2024+ – Yarn.social becomes the reference Twtxt platform, with active federated pods

**(#2dh7m3q) Timeline of Evolution of Twtxt/Yarn.social:

• 2016 – Twtxt created by John Downey: plain text + HTTP = minimalist microbloggin …**
  Timeline of Evolution of Twtxt/Yarn.social:

• 2016 – Twtxt created by John Downey: plain text + HTTP = minimalist microblogging

• 2017–2019 – Community builds CLI tools, but adoption remains niche

• 2020 – Yarn.social launched by @prologic @twtxt.net with federation, threading, UI

• 2021–2023 – Pods sync, user mentions, blocking, search, and media … ⌘ Read more

I do not agree with every decision the Internet Archive makes, but I consider it a very important tool, for Internet archival and preservation - to the point, it even influenced what licence I chose, for my media and websites.

Sadly they’re now facing another threat, in the form of litigious music labels, that they’re now trying to convince to stop, by collecting signatures here.

@kat@yarn.girlonthemoon.xyz pandoc is a joy! I haven’t used any Microsoft word processing tools since forever. They want a Word document? Pandoc to the rescue!

@movq@www.uninformativ.de there are many other similar backup tools. I would love to hear what will make you pick Borg above the rest.

[$] What’s new in APT 3.0
Debian’s Advanced Package Tool (APT) is the suite of utilities that handle package
management on Debian and Debian-derived operating systems. APT recently received a
major upgrade to 3.0 just in time for inclusion in Debian 13
(“trixie”), which is planned for release sometime in 2025. The version bump is
warranted; the latest APT has user-interface improvements, switches to [Sequoia](https://sequoia-pgp.org/pr … ⌘ Read more

@andros@twtxt.andros.dev how often do you send a private message on the Fediverse? How often do you send PGP/SMIME encrypted emails? Are there other tools that are more suitable for the task? If implementing direct/private messages on twtxt scratches an itch (you know, that hobbyist itch we all get from time to time), then don’t give up so easily. Worse comes to worse, and your feed becomes too noisy, people can simply unfollow/mute.

I really don’t care about direct messages here, but I might be on that bottom 1%!

@andros@twtxt.andros.dev Ahh I see 👌

@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.

**(#zwr3hiq) @andros@andros Ahh I see 👌

@prologic@prologic Yes, it is a security hole. All dm-echo messages are readable. I inten …**
@andros @twtxt.andros.dev Ahh I see 👌

@prologic @twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links. ⌘ Read more

@eapl.me@eapl.me When it is up and running, I promise to add it to the specification. I will also include some corrections.
The nature of twtxt does not allow us to selectively hide clients. It’s a problem not with DM, but with any extension.
@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.
@xuu@txt.sour.is It’s already much better than Mastodon :P . Maybe we can remove the sender and receiver references with an intermediary register.

Fascinating read on the emerging Model Context Protocol — a new standard for integrating LLMs with agents and tools.

(#vv65cbq) Fascinating read on the emerging Model Context Protocol — a new standard for integrating LLMs with agents and tools.
Fascinating read on the emerging Model Context Protocol — a new standard for integrating LLMs with agents and tools. ⌘ Read more

New plugin: vim-markdown-extras. Some extra tools to help you with your markdown files. ⌘ Read more

@lyse@lyse.isobeef.org Just needed to update the version of the tool I packaged as an OCI image 🤣

(#zvi5i2a) @lyse@lyse Just needed to update the version of the tool I packaged as an OCI image 🤣
@lyse @lyse.isobeef.org Just needed to update the version of the tool I packaged as an OCI image 🤣 ⌘ Read more

AI problems, top to bottom:

1: Open AI nerds, believe fine tuning a language model algorithm, will eventually produce an AGI god.

2: Subpar artists and techbros who can’t code, convinced AI image bashing and vibe coding, will help convince the dumber parts of Internet, they are a real deal.

3: Parasites, using AI to scam people, because they just want passive income, selling crap, made by an automated process.

Side: Adobe&co, killing Flash/old web, pricing new artists and developers out, to face learning curves of free tools, or use AI, peddled as solution.

Add support for skipping backup if data is unchagned · 0cf9514e9e - backup-docker-volumes - Mills 👈 I just discovered today, when running backups, that this commit is why my backups stopped working for the last 4 months. It wasn’t that I was forgetting to do them every month, I broke the fucking tool 🤣 Fuck 🤦‍♂️

Security updates for Friday
Security updates have been issued by AlmaLinux (delve and golang and go-toolset:rhel8), Debian (webkit2gtk), Fedora (openvpn, thunderbird, uboot-tools, and zabbix), SUSE (expat, fontforge, govulncheck-vulndb, and kernel), and Ubuntu (haproxy and libsoup2.4, libsoup3). ⌘ Read more

[$] Preparing DAMON for future memory-management problems
The Data Access\
MONitor (DAMON) subsystem provides access to detailed memory-management
statistics, along with a set of tools for implementing policies based on
those statistics. An update on DAMON by its primary author, SeongJae Park,
has been a fixture of the Linux Storage, Filesystem, Memory-Management, and
BPF Summit for some years. The 2025 Summit was no exception; Park led two
sessions on recent and future DAMON developme … ⌘ Read more

Apple Releases iPhone 16e Parts for Do-It-Yourself Repairs
Apple this week made iPhone 16e parts available to order through its self-service repair store in the U.S. and many European countries.

Image

There are parts and tools available for repairing an iPhone 16e’s display, battery, cameras, back glass, speakers, and more. Apple also allows customers to rent an iPhone toolkit for seven … ⌘ Read more

The Trump Administration’s Department of Homeland Publicity
James Poniewozik,  Chief TV Critic  -  The New York Times

Stephan: The one thing the monster and his MAGAt vassals are good at is the weaponization of misinformation. It is the main tool they use to keep the low IQ, low education, resentful and racist worshippers in a dark fantasy reality. And your tax dollars are being used to pay for this.

![](https://www.schwartzreport.net/wp-content/uploads/2025/04/S … ⌘ Read more

Security updates for Monday
Security updates have been issued by Debian (abseil, atop, jetty9, ruby-saml, tomcat10, trafficserver, xz-utils, and zfs-linux), Fedora (chromium, condor, containernetworking-plugins, cri-tools1.29, crosswords-puzzle-sets-xword-dl, exim, ghostscript, matrix-synapse, upx, varnish, and yarnpkg), Gentoo (XZ Utils), Mageia (augeas, corosync, nss & firefox, and thunderbird), Oracle (container-tools:ol8, firefox, freetype, and kernel), Red Hat (firefox), SUSE (chromium, gn, firefox-es … ⌘ Read more

Hi, So i made a little MVP registry crawler tool for twtxt. It now has a basic UI to play with. It has a somewhat full history back to about 2018-ish. Plus some interesting bits that were timestamped to earlier.

Find it here: https://watcher.sour.is

Code base is found here: https://git.sour.is/sour-is/xt

Hi, So i made a little MVP registry crawler tool for twtxt. It now has a basic UI to play with. It has a somewhat full history back to about 2018-ish. Plus some interesting bits that were timestamped to earlier.

Find it here: https://watcher.sour.is

Code base is found here: https://git.sour.is/sour-is/xt

[$] Catching up with calibre
Saying that calibre is
ebook-management software undersells the application by a fair
margin. Calibre is an open-source Swiss Army knife for ebooks that can
be used for everything from creating ebooks, converting ebooks from
obscure formats to modern formats like EPUB, to serving up an ebook
library over the web. The most recent major release, calibre 8.0,
brings a better text-to-speech engine, a tool for creating audio
overlays w … ⌘ Read more