10 interesting stories served every morning and every evening.

/post/zig-creator-calls-spade-a-spade

raymyers.org

Japan develops a method to recover up to 90% of lithium from used EV batteries and it could be a major breakthrough

tech.supercarblondie.com

In a ground-break­ing step for­ward, Scientists from Japan have de­vel­oped a new method to re­cover up to 90 per­cent of lithium from used EV bat­ter­ies — and it sud­denly feels like great news on Earth Day.

With elec­tric ve­hi­cles boom­ing world­wide, the pres­sure is mount­ing to find smarter ways to deal with old bat­tery waste.

This new tech­nique does­n’t just re­cy­cle ma­te­ri­als; it re­cov­ers most of them at an un­be­liev­able rate.

And if it de­liv­ers at scale, it could change how EV bat­ter­ies are made and reused for years to come.

A new method to re­cover up to 90% of lithium from used EV bat­ter­ies

This huge break­through in tech has come from a re­cy­cling fa­cil­ity in Japan, where en­gi­neers have man­aged to ex­tract around 90 per­cent of lithium from used bat­ter­ies.

That’s a huge leap com­pared to tra­di­tional meth­ods, which of­ten re­cover less than 50 per­cent of the ma­te­r­ial, es­pe­cially since it feels like a win to cel­e­brate this Earth Day.

At the heart of the process is a clever chem­i­cal tweak; in­stead of us­ing stan­dard sodium hy­drox­ide, the team swapped in re­cov­ered lithium hy­drox­ide dur­ing re­cy­cling, which is a white pow­der.

This helps con­vert bat­tery waste, known as black mass’, into high-pu­rity lithium that can be reused in new bat­ter­ies.

Even bet­ter, the process is­n’t just ef­fi­cient, it’s bet­ter for the en­vi­ron­ment too, be­cause re­searchers say it can cut car­bon emis­sions by around 40 per­cent com­pared to con­ven­tional re­cy­cling tech­niques.

It could be a ma­jor break­through for the fu­ture of EVs

This mat­ters be­cause lithium is one of the most crit­i­cal in­gre­di­ents in EV bat­ter­ies, and de­mand is sky­rock­et­ing, as well as min­ing be­ing ex­pen­sive, en­ergy-in­ten­sive, and of­ten geopo­lit­i­cally com­pli­cated.

By re­cov­er­ing lithium do­mes­ti­cally, Japan could re­duce its re­liance on im­ports and sta­bilise sup­ply chains.

In fact, the coun­try cur­rently im­ports al­most all of its bat­tery min­er­als, so re­cy­cling at this scale could be a game-changer.

Massive geopo­lit­i­cal shift. NHK World con­firms Japan has per­fected a rev­o­lu­tion­ary process to ex­tract high pu­rity lithium from dead bat­ter­ies with a stag­ger­ing 90 per­cent re­cov­ery rate. This bril­liant tech­no­log­i­cal leap guar­an­tees Japan’s ab­solute eco­nomic se­cu­rity. pic.twit­ter.com/​O7ENxL­HcNb— Furkan Gözükara (@FurkanGozukara) April 8, 2026

Massive geopo­lit­i­cal shift. NHK World con­firms Japan has per­fected a rev­o­lu­tion­ary process to ex­tract high pu­rity lithium from dead bat­ter­ies with a stag­ger­ing 90 per­cent re­cov­ery rate. This bril­liant tech­no­log­i­cal leap guar­an­tees Japan’s ab­solute eco­nomic se­cu­rity. pic.twit­ter.com/​O7ENxL­HcNb

There are still chal­lenges, though: only about 14 per­cent of used lithium-ion bat­ter­ies in Japan cur­rently make it into of­fi­cial re­cy­cling sys­tems, mean­ing col­lec­tion in­fra­struc­ture needs a se­ri­ous up­grade.

But with plans to make pro­duc­tion even more pow­er­ful by 2027 and ex­tract tens of thou­sands of tons of ma­te­ri­als an­nu­ally by 2035, this in­no­va­tion could be a big turn­ing point.

If adopted glob­ally, it might not just change lives in Japan; it could save the world.

Apple's New Speech API vs Whisper: The First Real Benchmark

get-inscribe.com

The re­sult, up front

Apple’s new SpeechAnalyzer is the most ac­cu­rate on-de­vice speech en­gine we tested. It beat every Whisper model we ship, in­clud­ing Whisper Small, on both the clean and the noisy half of LibriSpeech, while run­ning roughly three times faster than Small. And the API it re­places, SFSpeechRecognizer, came last on clean speech: be­hind even Whisper Tiny, a 40MB model.

Lower is bet­ter: WER is word er­ror rate, the per­cent­age of words an en­gine sub­sti­tutes, drops, or in­vents. LibriSpeech test-clean is 2,620 ut­ter­ances of clean read speech; test-other is 2,939 harder, nois­ier ut­ter­ances. Every en­gine ran fully on-de­vice on an Apple M2 Pro (32GB, ma­cOS 26.5.1).

Apple SpeechAnalyzer2.12%

Whisper Small3.74%

Whisper Base5.42%

Whisper Tiny7.88%

SFSpeechRecognizer (legacy)9.02%

Why we ran this

With iOS 26 and ma­cOS 26, Apple re­placed SFSpeechRecognizer with a new API, SpeechAnalyzer and SpeechTranscriber. It pub­lished no ac­cu­racy fig­ures for ei­ther one. So every de­vel­oper de­cid­ing whether to mi­grate, and every­one com­par­ing Apple’s built-in recog­ni­tion against Whisper, has been guess­ing.

We ship both Apple en­gines and three Whisper mod­els side by side in Inscribe, a pri­vate on-de­vice AI work­space, which puts us in an un­usual po­si­tion: we can run all five through iden­ti­cal pro­duc­tion code paths on the same ma­chine and the same au­dio. So we did.

Should you mi­grate off SFSpeechRecognizer?

Yes. This is the clear­est re­sult in the data. The new API cuts word er­ror rate by 3.5 to 4x on the same au­dio: from 9.02% to 2.12% on clean speech, and from 16.25% to 4.56% on noisy speech. There is no ac­cu­racy trade-off to weigh; the new API wins every­where we mea­sured, and it pro­duces punc­tu­ated, cased text where the legacy en­gine’s out­put is rougher.

Put dif­fer­ently: an hour-long meet­ing tran­scribed with the legacy API con­tains roughly four times as many wrong words as the same meet­ing through SpeechAnalyzer. If your app still uses SFSpeechRecognizer for any­thing longer than a voice com­mand, the mi­gra­tion is worth it on ac­cu­racy alone.

SpeechAnalyzer vs Whisper

The more sur­pris­ing re­sult: Apple’s new en­gine also beat Whisper Small, the largest model we ship, by a com­fort­able mar­gin on both splits, at roughly a third of Whisper Small’s com­pute time per sec­ond of au­dio. For English, on Apple hard­ware, the built-in en­gine is now the strongest on-de­vice op­tion we can mea­sure.

Whisper keeps two real ad­van­tages. It cov­ers far more lan­guages (SpeechTranscriber sup­ports around 30 lo­cales), and it runs any­where, not just on Apple plat­forms with OS 26. But for English tran­scrip­tion on a cur­rent iPhone or Mac, the days of Whisper be­ing the au­to­matic ac­cu­racy pick are over.

We changed our own prod­uct on this re­sult: Inscribe’s Auto en­gine now prefers SpeechAnalyzer for the lan­guages it sup­ports, and Whisper for every­thing else. Shipping a bench­mark and ig­nor­ing it in your own de­faults would be a strange kind of hon­esty.

Speed

All five en­gines ran com­fort­ably faster than real time: be­tween roughly 12x and 40x on the M2 Pro, mean­ing an hour of au­dio tran­scribes in about 1.5 to 5 min­utes on-de­vice. SpeechAnalyzer was about 3x faster than Whisper Small per sec­ond of au­dio while beat­ing it on ac­cu­racy. We are de­lib­er­ately not print­ing a pre­cise per-en­gine tim­ing table yet: the ac­cu­racy runs shared the ma­chine with a de­vel­op­ment work­load, which does not af­fect WER but does add noise to tim­ing. We will up­date this page with tim­ings from a ded­i­cated idle run.

Methodology, and why you can check it

A bench­mark from a com­pany that sells one of the en­gines should be treated with sus­pi­cion. Ours has two prop­er­ties de­signed for that sus­pi­cion.

The Whisper col­umn is re­pro­ducible against OpenAI’s own num­bers

We used LibriSpeech pre­cisely be­cause OpenAI pub­lished Whisper’s WER on it. If our har­ness mea­sured Whisper cor­rectly, our num­bers should land on theirs. They do, on all six mea­sure­ments:

The small, con­sis­tent pos­i­tive off­set (a slightly stricter text nor­mal­izer plus CoreML quan­ti­za­tion) is what hon­est re­pro­duc­tion looks like; ran­dom er­ror would scat­ter in both di­rec­tions. Since the same cor­pus, nor­mal­izer, and scorer pro­duced the Apple columns, the num­bers no­body else can check in­herit the val­i­da­tion from the num­bers any­one can.

The raw tran­scripts are pub­lic

Every per-ut­ter­ance hy­poth­e­sis for both Apple en­gines is down­load­able be­low, next to the ref­er­ence text and per-ut­ter­ance WER. Disagree with our nor­mal­iza­tion? Rescore it your­self.

sum­mary.json - all ten mea­sure­ments, ma­chine-read­able (3KB)

raw-tran­scripts-ap­ple.json.gz - SpeechAnalyzer, all 5,559 ut­ter­ances (620KB)

raw-tran­scripts-legacy.json.gz - SFSpeechRecognizer, all 5,559 ut­ter­ances (620KB)

Details that de­cide whether a WER num­ber means any­thing

Same pro­duc­tion code paths. Each en­gine ran through the ex­act code Inscribe users get, not a lab har­ness with dif­fer­ent buffer­ing or set­tings.

Text nor­mal­iza­tion. LibriSpeech ref­er­ences are up­per­case, un­punc­tu­ated, with num­bers spelled out; mod­ern en­gines emit punc­tu­a­tion and dig­its. Both sides pass through the same nor­mal­izer (casing, punc­tu­a­tion, dig­its-to-words, con­trac­tions), mir­ror­ing OpenAI’s English nor­mal­izer. Score raw text and you pun­ish en­gines for for­mat­ting nicely rather than for mis­hear­ing.

Corpus WER, not av­er­aged WER. Total er­rors di­vided by to­tal ref­er­ence words, so short ut­ter­ances are not over-weighted.

Fully on-de­vice, ver­i­fied. SFSpeechRecognizer sends au­dio to Apple’s servers by de­fault. We forced on-de­vice recog­ni­tion and made the har­ness refuse to run rather than silently fall back to the cloud, both be­cause a cloud re­sult would in­val­i­date the com­par­i­son and be­cause we were not go­ing to up­load 5,559 ut­ter­ances from a pri­vacy prod­uct.

Failures counted, not hid­den. An en­gine re­turn­ing noth­ing scores 100% WER for that ut­ter­ance. It hap­pened once in 27,795 tran­scrip­tions (legacy, test-other).

What build­ing this taught us about our own app

The bench­mark found a ship­ping bug in Inscribe. Our Apple-engine file im­port fed au­dio to SpeechAnalyzer and closed the in­put stream, but never called fi­nal­ize­AndFin­ishThrough­End­OfIn­put(). Without that call the an­a­lyzer never de­liv­ers its fi­nal re­sults, and the im­port hangs for­ever. It had gone un­no­ticed be­cause our Auto set­ting pre­ferred Whisper. The fix shipped the same day, and it is part of why we pub­lish the har­ness de­tails: mea­sur­ing your own prod­uct care­fully has a way of find­ing the things you were not look­ing for.

Limitations

English only. LibriSpeech is English read speech. These num­bers say noth­ing about the 100+ lan­guages Whisper sup­ports that SpeechTranscriber does not.

Read au­dio­book speech, not meet­ings. LibriSpeech is the stan­dard, com­pa­ra­ble cor­pus, which is why we started with it. Accented, far-field, and multi-speaker meet­ing au­dio is the ob­vi­ous fol­low-up.

One ma­chine. M2 Pro, ma­cOS 26.5.1. Accuracy should trans­fer across Apple Silicon; speed will vary by chip.

Whisper via WhisperKit CoreML. Quantized on-de­vice con­ver­sions, the same builds Inscribe ships. Reference GPU im­ple­men­ta­tions may dif­fer slightly, which the val­i­da­tion table quan­ti­fies.

What this means if you just want good tran­scrip­tion

If you are on a cur­rent iPhone or Mac, the best on-de­vice tran­scrip­tion en­gine for English is al­ready in the op­er­at­ing sys­tem, and the pri­vate op­tion is no longer the com­pro­mise op­tion. Inscribe uses ex­actly the en­gines mea­sured here: SpeechAnalyzer where it sup­ports your lan­guage, Whisper where it does not, all fully on-de­vice, noth­ing up­loaded. The bench­mark is not sep­a­rate from the prod­uct; it is how we de­cide what the prod­uct does.

Related read­ing

Apple Intelligence tran­scrip­tion

Best of­fline tran­scrip­tion apps

Private tran­scrip­tion apps

Attention Required! | Cloudflare

19thnews.org

Why have I been blocked?

This web­site is us­ing a se­cu­rity ser­vice to pro­tect it­self from on­line at­tacks. The ac­tion you just per­formed trig­gered the se­cu­rity so­lu­tion. There are sev­eral ac­tions that could trig­ger this block in­clud­ing sub­mit­ting a cer­tain word or phrase, a SQL com­mand or mal­formed data.

What can I do to re­solve this?

You can email the site owner to let them know you were blocked. Please in­clude what you were do­ing when this page came up and the Cloudflare Ray ID found at the bot­tom of this page.

Climate.gov was destroyed. Open data saved it.

werd.io

After los­ing their jobs at NOAA, Rebecca Lindsey, her sis­ter and an­other col­league teamed up to re­build a piv­otal re­source the Trump ad­min­is­tra­tion took of­fline.”

Link: Trump dis­man­tled a fed­eral cli­mate web­site. These women re­built it., by Jenae Barnes at The 19th

This should­n’t have been nec­es­sary, but is still won­der­ful to see. Climate.gov had been the go-to re­source for cli­mate data, but it went of­fline when the Trump Administration rad­i­cally cut NOAAs fund­ing. At that point:

[Rebecca] Lindsey joined forces with for­mer NOAA em­ploy­ees Anna Eshelman, and Mary Lindsey, her older sis­ter, to be­come the core team be­hind the de­ac­ti­vated site’s suc­ces­sor, Climate.us, pre­serv­ing over 15 years of key cli­mate data and re­sources. The trove fea­tures key maps, ed­u­ca­tional ma­te­ri­als and cli­mate in­di­ca­tor re­ports, in­clud­ing the now-deleted Fifth National Climate Assessment, the gov­ern­men­t’s most com­pre­hen­sive analy­sis of cli­mate change that was at risk of be­ing lost to the pub­lic.”

This is pos­si­ble be­cause US gov­ern­ment data is pub­lic do­main by law. Had it not been avail­able un­der a per­mis­sive li­cense, the ad­min­is­tra­tion’s act of van­dal­ism would have meant the data was gone for good. But be­cause it was, the datasets can find a new home.

It’s a joy to use. Check out the cli­mate dash­board, which tracks num­bers like the to­tal area of the Arctic Ocean that was at least 15% ice-cov­ered each September. It also hosts a set of re­sources for teach­ing cli­mate and en­ergy. The dataset gallery in­cludes cru­cial in­for­ma­tion like the NOAAs archive of oral his­to­ries from peo­ple whose lives were af­fected by cli­mate change.

But it’s also pre­car­i­ous. The whole thing re­lies on do­na­tions to keep it afloat, which is re­ally what tax dol­lars are for. Still, for the mo­ment it’s won­der­ful to see peo­ple pick up the slack when gov­ern­ment is no longer do­ing its job. In the ab­sence of gov­ern­ment sup­port, archives like this are works of jour­nal­ism in them­selves: ways to help us make stronger de­ci­sions. They de­serve stronger sup­port, and ul­ti­mately, we all de­serve the restora­tion of such im­por­tant gov­ern­ment in­fra­struc­ture.

Building and Shipping Mac and iOS Apps Without Ever Opening Xcode

scottwillsey.com

Lately, I’ve heard sev­eral Apple re­lated pod­cast­ers talk about how bad Xcode is, and how Apple needs to make vibe-cod­ing Mac and iOS apps bet­ter by mak­ing Xcode less in­scrutable. They’re not wrong, but also I don’t un­der­stand why they’re even open­ing Xcode in the first place. With a lit­tle bit of pre-work, you can vibe code Mac and iOS apps to your heart’s con­tent with­out look­ing at Xcode any­more.

And if you’re ever in doubt about how to make any of the fol­low­ing work, point Claude Code or your LLM cod­ing tool of choice to this blog post, and let it fig­ure it out. That’s lit­er­ally its job, fig­ur­ing out things you don’t want to have to.

TL;DR

Xcode.app must be in­stalled, but it never has to be open. xcode­build, no­tary­tool, sta­pler, and de­vicectl all live in­side Xcode and run fine from a shell.

A few one-time steps do need the GUI (or an in­ter­ac­tive ter­mi­nal): sign into your Apple ID, cre­ate a Developer ID cer­tifi­cate, store a no­ta­riza­tion pass­word. After that, builds and de­ploys are fully head­less.

The Mac app ships via one script — scripts/​re­lease.sh — which you write once. It runs the whole chain: archive → Developer ID sign → no­ta­rize → sta­ple → in­stall to /Applications.

Signing is cer­tifi­cate-and-key­chain based. The sign­ing key lives in the lo­gin key­chain; xcode­build finds it au­to­mat­i­cally. No se­crets in the repo.

The one-time setup is the only part with any fric­tion, so let’s get it out of the way first.

Install Xcode

You do have to have Xcode in­stalled, there’s no get­ting around that, be­cause build de­pends on tools that live in­side Xcode.app.

Once Xcode is in­stalled, make sure it’s the se­lected com­mand line tool­chain, and not /Library/Developer/CommandLineTools. If the out­put of the check is /Applications/Xcode.app/Contents/Developer, you’re in good shape:

❯ xcode-se­lect -p/Applications/Xcode.app/Contents/Developer

❯ xcode-se­lect -p

/Applications/Xcode.app/Contents/Developer

If it DOES re­turn the path for the stand­alone CommandLineTools in­stead, point it to Xcode.

sudo xcode-se­lect -s /Applications/Xcode.app/Contents/Developer

sudo xcode-se­lect -s /Applications/Xcode.app/Contents/Developer

NOTE: The name Command Line Tools” can be con­fus­ing.

This is be­cause there’s a stand­alone Command Line Tools pack­age, avail­able with xcode-se­lect –install, which is the /Library/Developer/CommandLineTools ver­sion. This con­tains clang and git, but not the iOS SDK, no­tary­tool, de­vicectl, and other items needed for full app de­vel­op­ment.

The com­plete tool­chain is in­side Xcode.app, at /Applications/Xcode.app/Developer, and it has every­thing you need. If you have Xcode in­stalled, you don’t need the stand­alone Command Line Tools.

Install XcodeGen

Xcode and its com­mand line tools aren’t enough to gen­er­ate and man­age Xcode pro­jects au­to­mat­i­cally. For that, you’re go­ing to need XcodeGen. You can down­load it from Github or in­stall it us­ing home­brew:

brew in­stall xcode­gen

brew in­stall xcode­gen

Long story short, Xcode pro­jects are ac­tu­ally fold­ers that ma­cOS makes ap­pear as files, and they con­tain every­thing about your pro­ject needed to cre­ate and com­pile your app. Xcode con­stantly mod­i­fies the files and file ref­er­ences con­stantly, and it cre­ates is­sues for git repos­i­to­ries.

Xcodegen cre­ates a pro­ject.yml (YAML) file with all your pro­ject set­tings, and then on every build, it recre­ates the en­tire .xcodeproj folder us­ing that pro­ject.yml file. Only the YAML file has to be com­mit­ted to git, and the whole .xcodeproj can be ig­nored from git’s per­spec­tive.

Configure Xcode, Once

You do need to setup Xcode ini­tially in or­der to never have to look at it again.

Xcode License and Additional Components

First, ei­ther ac­cept its li­cense and in­stall its ad­di­tional com­po­nents, or do it through the com­mand line:

sudo xcode­build -license ac­cept­sudo xcode­build -runFirstLaunch

sudo xcode­build -license ac­cept

sudo xcode­build -runFirstLaunch

Setup Your Apple Developer Account in Xcode

Next, open Xcode, click on Settings → Accounts and click on + to add your ac­count.

NOTE: You have to have a paid Apple Developer ac­count in or­der to dis­trib­ute and no­ta­rize your apps.

And you will want them no­ta­rized in or­der to in­stall them on you Mac and iOS de­vices and not have the OSes de­cided they’re mal­ware and delete them.

Create a Developer ID Application Certificate

Once that’s done, cre­ate a Developer ID Application cer­tifi­cate (Settings → Accounts → your Apple ID → Manage Certificates… → + → Developer ID Application), which cre­ates a cert for sign­ing the shipped .app bun­dle.

Please note that a Developer ID Application cer­tifi­cate and your Apple Development cer­tifi­cate are two sep­a­rate things.

The Apple Development iden­tity is for build­ing and run­ning on your own de­vices — push­ing to your iPhone, lo­cal de­bug­ging. The Developer ID Application iden­tity is for the no­ta­rized .app that sur­vives Gatekeeper and runs on some­one else’s Mac. The re­lease script wants that sec­ond one.

Creating the cer­tifi­cate in Xcode in­stalls both the cer­tifi­cate and its pri­vate key into your lo­gin key­chain. That pri­vate key is what ac­tu­ally does the sign­ing, and it can­not be re-down­loaded — so don’t delete it, and back up your key­chain.

When in doubt, ask your LLM of choice about them and have it help you get set up. It’s the one that’s go­ing to be us­ing Xcode for you any­way.

And fi­nally,

Store a Notarization Credential — Once, in Terminal

Notarization up­loads your signed app to Apple for a mal­ware scan. no­tary­tool au­then­ti­cates us­ing a stored key­chain pro­file that you cre­ate once, in­ter­ac­tively — it prompts for an app-spe­cific pass­word, and there’s no way around the prompt:

xcrun no­tary­tool store-cre­den­tials App-Name \ –apple-id [email protected]” –team-id YOUR-TEAM-ID# paste an app-spe­cific pass­word when prompted

xcrun no­tary­tool store-cre­den­tials App-Name \

–apple-id [email protected]” –team-id YOUR-TEAM-ID

# paste an app-spe­cific pass­word when prompted

A few things worth know­ing here:

Name the pro­file af­ter the app. Don’t bor­row an­other ap­p’s pro­file — it’ll work on your ma­chine and then silently break on some­one else’s.

The app-spe­cific pass­word is not your Apple ID pass­word. Generate one at ap­pleid.ap­ple.com → Sign-In & Security → App-Specific Passwords.

These pass­words go stale silently when­ever you change your Apple ID pass­word. A 401 in­valid cre­den­tials out of no­ta­riza­tion al­most al­ways means go make a fresh app-spe­cific pass­word,” not your setup is bro­ken.”

Confirm it’s stored:

xcrun no­tary­tool his­tory –keychain-profile App-Name

xcrun no­tary­tool his­tory –keychain-profile App-Name

Side topic here, I store my app-spe­cific pass­words in a 1Password vault that Claude Code has ac­cess to. That way when­ever I’m cre­at­ing a new app, I can tell IT to cre­ate the no­ta­riza­tion cre­den­tial for me, and it knows to check its 1Password vault for the pass­word. The whole point of us­ing the LLM in the first place is to avoid do­ing things man­u­ally that you don’t want to do.

Setup a Local.xconfig File and Add It to .gitignore

Real sign­ing needs your team ID and bun­dle pre­fix, and I put those in a Local.xconfig file:

cp Local.xcconfig.example Local.xcconfig# then edit Local.xcconfig to set:# BUNDLE_PREFIX = your.real.pre­fix# DEVELOPMENT_TEAM = YOUR-TEAM-ID

cp Local.xcconfig.example Local.xcconfig

# then edit Local.xcconfig to set:

# BUNDLE_PREFIX = your.real.pre­fix

# DEVELOPMENT_TEAM = YOUR-TEAM-ID

Again, if in doubt, ask Claude Code or your LLM of choice to cre­ate this for you.

Set up the Agent Tools

Create the Deploy Script

Deployment on my apps is han­dled via a script called re­lease.sh that lives in a scripts folder in­side the repo. Without it, I don’t have an au­to­mated build pipeline.

I had Claude Code cre­ate mine: I told Claude, more or less: I want to archive, Developer ID-sign, no­ta­rize, sta­ple, and in­stall this app to /Applications with­out ever open­ing Xcode. Write me a script that does the whole chain and fails loudly if any step breaks.

It did­n’t need me to ex­plain the pipeline, be­cause the pipeline is­n’t a se­cret — archive with xcode­build, ex­port with -exportArchive and an ExportOptions.plist, sub­mit with no­tary­tool –wait, at­tach the ticket with sta­pler, check with spctl. That’s the doc­u­mented, con­ven­tional way to ship a Developer ID Mac app, and the model knows it. What it needed from me was the pro­ject-spe­cific stuff: the scheme name, the team ID, what to call the no­tary pro­file, where to in­stall the re­sult.

Then it wrote a first draft, we ran it, it broke, and we fixed it. That loop is not a fail­ure mode, it’s just the process. I al­ways look at AI work­flows as works in progress, but it does­n’t take long be­fore you can stop tweak­ing things and just start work­ing.

This is the ac­tual script from one of my app re­pos:

#!/usr/bin/env bash# scripts/​re­lease.sh — pro­duce a Developer ID-signed, no­ta­rized MY-APP-NAME.app and# in­stall it to /Applications.## Requires (one-time): Xcode signed into your Apple ID, the paid Developer# Program, and a no­tary­tool cre­den­tial pro­file. Defaults to the MY-APP-NAME”# pro­file; over­ride with MY-APP-NAME_NOTARY_PROFILE=<name>.## Usage: ./scripts/release.shset -euo pipefail­PRO­JECT=“MY-APP-NAME.xcode­proj”SCHEME=“MY-APP-NAME-ma­cOS”AP­P_­NAME=“MY-APP-NAME”TEAM_ID=“YOURTEAMID”NO­TARY_PRO­FILE=“${MY-APP-NAME_NO­TARY_PRO­FILE:-MY-APP-NAME}“BUILD_DIR=“build”ARCHIVE_­PATH=“$BUILD_DIR/$​AP­P_­NAME.xcarchive”EX­PORT_­PATH=“$BUILD_DIR/​Ex­port”AP­P_­PATH=“$EX­PORT_­PATH/$​AP­P_­NAME.app”IN­STAL­L_DIR=“/​Ap­pli­ca­tions”LSREG­IS­TER=“/​Sys­tem/​Li­brary/​Frame­works/​Core­Ser­vices.frame­work/​Ver­sions/​A/​Frame­works/​Launch­Ser­vices.frame­work/​Ver­sions/​A/​Sup­port/​lsreg­is­ter”cd $(dirname $0”)/..“step() { printf \n\033[1;36m▸ %s\033[0m\n” $*”; }fail() { printf \n\033[1;31m✗ %s\033[0m\n” $*” >&2; exit 1; }step Pre-flight”command -v xcode­gen >/dev/null || fail xcodegen not in­stalled (brew in­stall xcode­gen).“if ! xcrun no­tary­tool his­tory –keychain-profile $NOTARY_PROFILE” >/dev/null 2>&1; then fail notarytool pro­file $NOTARY_PROFILE’ miss­ing. Create it with xcrun no­tary­tool store-cre­den­tials.“fis­tep Regenerating pro­ject”xcode­gen gen­er­aterm -rf $BUILD_DIR”; mkdir -p $BUILD_DIR”step Archiving (Release)“xcodebuild -project $PROJECT -scheme $SCHEME -configuration Release \ -derivedDataPath $BUILD_DIR/derived” -archivePath $ARCHIVE_PATH” \ -allowProvisioningUpdates archivestep Exporting Developer ID-signed app”cat > $BUILD_DIR/ExportOptions.plist” <<EOF<?xml ver­sion=“1.0” en­cod­ing=“UTF-8″?><!DOC­TYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN” http://​www.ap­ple.com/​DTDs/​Prop­ertyList-1.0.dtd><plist ver­sion=“1.0″><dict> <key>method</key><string>developer-id</string> <key>teamID</key><string>$TEAM_ID</string> <key>signingStyle</key><string>automatic</string></dict></plist>EOFxcodebuild -exportArchive -archivePath $ARCHIVE_PATH” -exportPath $EXPORT_PATH” \ -exportOptionsPlist $BUILD_DIR/ExportOptions.plist” -allowProvisioningUpdates[ -d $APP_PATH” ] || fail Exported app not found at $APP_PATH.“step Notarizing (submitting to Apple, may take a few min­utes)“ditto -c -k –keepParent $APP_PATH” $BUILD_DIR/notarize.zip”xcrun no­tary­tool sub­mit $BUILD_DIR/notarize.zip” –keychain-profile $NOTARY_PROFILE” –waitstep Stapling ticket”xcrun sta­pler sta­ple $APP_PATH”step Verifying Gatekeeper ac­cep­tance”spctl -a -vvv -t exec $APP_PATH”step Installing to $INSTALL_DIR/$APP_NAME.app”pkill -x $APP_NAME” 2>/dev/null || truerm -rf $INSTALL_DIR/$APP_NAME.app”cp -R $APP_PATH” $INSTALL_DIR/“[ -x $LSREGISTER ] && $LSREGISTER -f $INSTALL_DIR/$APP_NAME.app” >/dev/null 2>&1 || truestep Verifying in­stalled bun­dle”xcrun sta­pler val­i­date $INSTALL_DIR/$APP_NAME.app”spctl -a -vvv -t exec $INSTALL_DIR/$APP_NAME.app”printf \n\033[1;32m✓ %s no­ta­rized, sta­pled, in­stalled.\033[0m\n” $APP_NAME”

#!/usr/bin/env bash

# scripts/​re­lease.sh — pro­duce a Developer ID-signed, no­ta­rized MY-APP-NAME.app and

# in­stall it to /Applications.

#

# Requires (one-time): Xcode signed into your Apple ID, the paid Developer

# Program, and a no­tary­tool cre­den­tial pro­file. Defaults to the MY-APP-NAME”

# pro­file; over­ride with MY-APP-NAME_NOTARY_PROFILE=<name>.

#

# Usage: ./scripts/release.sh

set -euo pipefail

PROJECT=“MY-APP-NAME.xcodeproj”

SCHEME=“MY-APP-NAME-macOS”

APP_NAME=“MY-APP-NAME”

TEAM_ID=“YOURTEAMID”

NOTARY_PROFILE=“${MY-APP-NAME_NOTARY_PROFILE:-MY-APP-NAME}”

BUILD_DIR=“build”

ARCHIVE_PATH=“$BUILD_DIR/$APP_NAME.xcarchive”

EXPORT_PATH=“$BUILD_DIR/Export”

APP_PATH=“$EXPORT_PATH/$APP_NAME.app”

INSTALL_DIR=“/Applications”

LSREGISTER=“/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister”

cd $(dirname $0″)/..”

step() { printf \n\033[1;36m▸ %s\033[0m\n” $*”; }

fail() { printf \n\033[1;31m✗ %s\033[0m\n” $*” >&2; exit 1; }

step Pre-flight”

com­mand -v xcode­gen >/dev/null || fail xcodegen not in­stalled (brew in­stall xcode­gen).”

LAPD lets contract with surveillance giant Flock expire, citing ‘serious concerns’ over civil liberties and privacy

techcrunch.com

The Los Angeles Police Department (LAPD) is re­port­edly end­ing its deal with Flock Safety, a sur­veil­lance com­pany that helps law en­force­ment track ve­hi­cles us­ing thou­sands of its li­cense plate cam­eras placed across the United States.

A se­nior LAPD of­fi­cial told news out­lets, first re­ported by ABC7 and the Los Angeles Times, that the po­lice de­part­ment would al­low its three-year con­tract with Flock to ex­pire when it ends on Saturday. The de­part­ment cited serious con­cerns” around civil lib­er­ties and pri­vacy. Flock’s cam­eras are op­er­ated by the Atlanta, Georgia-based com­pany and not the LAPD.

This con­tract is not be­ing re­newed be­cause of se­ri­ous con­cerns around civil lib­er­ties and civil rights is­sues, par­tic­u­larly around pri­vacy and the data that is be­ing col­lected from these cam­eras,” LAPDs chief in­for­ma­tion of­fi­cer Dean Gialamas was quoted as say­ing. The LAPD had to make a dif­fi­cult de­ci­sion, in this case dis­con­tin­u­ing us­ing Flock ser­vices un­til we can get those data, pri­vacy, se­cu­rity and shar­ing con­cerns ironed out through a con­trac­tual re­la­tion­ship.”

A spokesper­son for the LAPD did not re­spond to a re­quest for com­ment from TechCrunch over the week­end, and it’s un­clear if Flock’s cam­eras will con­tinue record­ing in ab­sence of an ac­tive con­tract. According to ABC7, the po­lice de­part­ment is seek­ing new lan­guage in its con­tract ad­dress­ing pri­vacy and data stor­age con­cerns.

As the third-largest po­lice de­part­ment in the U.S., the LAPD is one of Flock’s largest gov­ern­ment cus­tomers to date. Several ma­jor U.S. cities have also stopped work­ing with Flock, in­clud­ing Mountain View, California and South Portland, Maine, cit­ing pri­vacy wor­ries and con­cerns that fed­eral im­mi­gra­tion of­fi­cials used the cam­eras to track peo­ple in vi­o­la­tion of their lo­cal laws gov­ern­ing their sanc­tu­ary city poli­cies.

The con­tract ex­piry caught the sur­veil­lance com­pany by surprise,” said Flock spokesper­son Holly Beilin in an email to TechCrunch. Flock said it was con­fi­dent that the com­pany could clear up the cur­rent mis­con­cep­tions” that led to the con­trac­t’s end. Flock would not say which spe­cific mis­con­cep­tions it was re­fer­ring to.

Flock has a net­work of at least 80,000 cam­eras around the U.S. that scan li­cense plates and al­low po­lice and fed­eral agen­cies to track ve­hi­cles.

The com­pany has faced heavy back­lash from lo­cal com­mu­ni­ties that have ap­proved and then re­neged on their deals with Flock over con­cerns with pri­vacy and sur­veil­lance. Some lo­cals have taken mat­ters into their own hands by dis­man­tling Flock cam­eras and cov­er­ing them with trash bags, even as some com­mu­ni­ties found that Flock re­in­stalled cam­eras with­out per­mis­sion from lo­cal au­thor­i­ties.

Researchers have iden­ti­fied an uptick in doc­u­mented cases of mo­torists be­ing pulled over, de­tained, and held at gun­point by po­lice, or jailed, due to false pos­i­tives and er­rors with li­cense plate read­ers. Last week, a jour­nal­ist with car re­views and news web­site The Drive de­tailed how he was tracked for days and later boxed-in by po­lice af­ter a Flock cam­era mis­tak­enly flagged the li­cense plate of the on-loan re­view unit he was dri­ving as stolen.

Flock has also faced scrutiny fol­low­ing sev­eral se­cu­rity lapses that have ex­posed cam­eras and data, which in one case al­lowed in­de­pen­dent news out­let 404 Media to watch them­selves live on pub­licly ex­posed Flock cam­eras. Lawmakers have also urged fed­eral con­sumer au­thor­i­ties to in­ves­ti­gate Flock for fail­ing to im­ple­ment mea­sures that would pre­vent hack­ers and spies from gain­ing ac­cess to its se­cu­rity cam­eras, warn­ing that many of the po­lice user lo­gins are not pro­tected with multi-fac­tor au­then­ti­ca­tion.

404 Media also re­ported that the U.S. Drug Enforcement Administration used a lo­cal po­lice of­fi­cer’s pass­word with­out their knowl­edge to search for a sus­pect ac­cused of an im­mi­gra­tion vi­o­la­tion.

Do you know about se­cu­rity or pri­vacy is­sues with Flock Safety, or is­sues with Flock cam­eras in your com­mu­nity? We would love to hear from you. From a non-work de­vice, you can se­curely con­tact Zack Whittaker on the Signal mes­sag­ing app with the user­name za­ck­whit­taker.1337.

When you pur­chase through links in our ar­ti­cles, we may earn a small com­mis­sion. This does­n’t af­fect our ed­i­to­r­ial in­de­pen­dence.

Zack Whittaker is the se­cu­rity ed­i­tor at TechCrunch. He also au­thors the weekly cy­ber­se­cu­rity newslet­ter, this week in se­cu­rity.

He can be reached via en­crypted mes­sage at za­ck­whit­taker.1337 on Signal. You can also con­tact him by email, or to ver­ify out­reach, at zack.whit­taker@techcrunch.com.

View Bio

One More Week

superdario.pawb.de

The git history command deserves more attention

lalitm.com

Working with lots of changes in par­al­lel on git can be painful. You end up jug­gling branches and com­mits, and run­ning scary re­base -i com­mands that can leave your tree in a half-bro­ken state if you so much as sneeze.

jj, an al­ter­na­tive to git, gets dis­cussed a lot these days (1, 2, 3, 4) and is of­ten pitched as a so­lu­tion. While I’m very sold on the prob­lems jj is try­ing to solve, the way it solves them has­n’t quite hit home with me. Every 3 months, for the last 1.5 years, I try it out for a few days, re­ally try­ing to make it part of my work­flow but even­tu­ally I give up and go back to git.1

That’s where git his­tory comes in. It’s an ex­per­i­men­tal com­mand that ar­rived across two re­leases, 2.54 (April, re­word and split sub­com­mands) and 2.55 (June, fixup sub­com­mand). It got a flurry of at­ten­tion on each re­lease day, and then, as far as I can tell, not much com­mu­nity dis­cus­sion since. Which is a shame, be­cause IMO it al­ready de­liv­ers sev­eral of the ben­e­fits peo­ple tout for jj with­out need­ing to switch your whole work­flow. And the cool thing is that it’s part of the core git dis­tri­b­u­tion, so you can try it with­out in­stalling any­thing.

There are three sub­com­mands: fixup, re­word and split.

fixup

git his­tory fixup fixes an old com­mit that has some­thing wrong in it, then au­tore­bases all your branches to match.

You stage the fix as usual with git add, then run git his­tory fixup <commit> to fold those staged changes into the tar­get com­mit. It’s like a git com­mit –fixup plus an au­tosquash re­base but with the ex­tra magic that it also up­dates any other branch which con­tained that com­mit.

That last part goes fur­ther than git re­base –update-refs, which only moves refs sit­ting in­side the range you’re ac­tively re­bas­ing. git his­tory in­stead finds and rewrites every lo­cal branch de­scended from the com­mit (while also hav­ing an op­tion to limit it to only the cur­rent branch). On the other hand it does not work in the pres­ence of merge com­mits which, for some us­ages of git, is go­ing to be a deal­breaker.

Here’s how it works in prac­tice:

Before, with a fix staged for B:

After git his­tory fixup B:

B* is B with the fix folded in. Rewriting a com­mit gives it a new hash, so C and D are au­to­mat­i­cally re-cre­ated on top as C* and D*, and the feat-1 and feat-2 branch tips move with them.

The most im­por­tant prop­erty, com­mon to all three com­mands, is that it’s atomic: it never leaves your tree in a half-bro­ken state. It man­ages this by re­fus­ing any op­er­a­tion that could pro­duce a con­flict.

To be clear, this is strictly less pow­er­ful than jj. jj treats con­flicts as first class so it can carry a con­flicted state through a re­base and let you sort it out later. git his­tory does­n’t do this yet but the docs leave the door open:

This lim­i­ta­tion is by de­sign as his­tory rewrites are not in­tended to be state­ful op­er­a­tions. The lim­i­ta­tion can be lifted once (if) Git learns about first-class con­flicts.”

This lim­i­ta­tion is by de­sign as his­tory rewrites are not in­tended to be state­ful op­er­a­tions. The lim­i­ta­tion can be lifted once (if) Git learns about first-class con­flicts.”

So ba­si­cally, this lim­i­ta­tion may change in the fu­ture; ex­cited to see if it does!

re­word

git his­tory re­word up­dates the com­mit mes­sage on an old com­mit and au­to­mat­i­cally re­bases every­thing on top. This is very use­ful for go­ing back and fix­ing com­mit mes­sages when the de­sign shifts as you it­er­ate.

git his­tory re­word <commit> opens your ed­i­tor with that com­mit’s ex­ist­ing mes­sage. You edit it, save, and the rest of the stack is re­built on top with the branches fol­low­ing along. It’s ex­actly like fixup but for com­mit mes­sages in­stead of the tree con­tents.

Because it only changes a mes­sage, re­word (like split later) never touches your in­dex or work­ing tree at all; it works purely on the com­mit graph. So both let you rewrite a com­mit on a branch you don’t have checked out with­out dis­turb­ing what­ever you’re in the mid­dle of.

Before:

After git his­tory re­word B:

Only B’s mes­sage changes, but that still gives it a new hash, so C is re­built on top as C* and feat-1 fol­lows along.

split

git his­tory split takes one com­mit and splits it into two, in­ter­ac­tively pick­ing what you care about from each. It’s the equiv­a­lent of git add -p, but with­out need­ing gym­nas­tics with git re­base. I’ve found this to be the most spe­cial­ized of the three, but in­valu­able when I need it.

Specifically, git his­tory split <commit> drops you into a hunk-by-hunk prompt over that com­mit’s diff. The hunks you keep make up the first com­mit, the rest fall into the sec­ond.

Before, with B bundling two un­re­lated changes:

After git his­tory split B:

B be­comes B1 and B2, and C is re­built on top of the pair as C*.

Conclusion

Judging by how many peo­ple are us­ing jj, I do think there’s still some key men­tal shift which I’m not yet mak­ing. And to be clear, git his­tory does­n’t close the full gap: jj still gives you an op­er­a­tion log with easy undo, mod­els your work­ing copy as a com­mit, and can carry con­flicts through a re­base, none of which this is try­ing to do.

But for now, git his­tory is a big step for­ward in adopt­ing many of the pieces that at­tract peo­ple to jj, and it’s al­ready in the tool I use every day. And the way the doc­u­men­ta­tion is writ­ten makes me hope­ful that more im­prove­ments will be com­ing in up­com­ing re­leases!

Samsung will delete your health data if you don't let them use it to train AI

neow.in

Samsung Health in­tro­duces a con­tro­ver­sial AI data con­sent tog­gle that blocks back­ups and threat­ens dele­tion if users opt out.

David Uzondu

Neowin ·

Jul 13, 2026 11:06 EDT

· Hot!

Samsung has started no­ti­fy­ing users that they’d have to con­sent to the use of their pri­vate health data to train new AI mod­els or risk los­ing it for­ever.

Apparently, the com­pany has in­tro­duced a Consent to the Use of Health Data for AI train­ing and mod­el­ling” tog­gle deep in the set­tings of the Samsung Health app and is forc­ing peo­ple to agree to these terms if they want to back up their in­for­ma­tion. This tog­gle gives Samsung the right to use per­sonal met­rics for train­ing and al­go­rithm re­fine­ment. When you try to turn off this op­tion, the app stops you in your tracks with a warn­ing that reads:

Withdraw from this agree­ment?

You will not be able to sync health data with your Samsung ac­count and your health data will be deleted un­less re­tained pur­suant to ap­plic­a­ble law. If re­ten­tion is re­quired, we will erase it as soon as the re­quired re­ten­tion pe­riod ends.

Withdraw from this agree­ment?

You will not be able to sync health data with your Samsung ac­count and your health data will be deleted un­less re­tained pur­suant to ap­plic­a­ble law. If re­ten­tion is re­quired, we will erase it as soon as the re­quired re­ten­tion pe­riod ends.

Samsung said that the data it col­lects will improve Samsung Health” through re­fined ma­chine learn­ing al­go­rithms that an­a­lyze health con­di­tions. The com­pany plans to grab four cat­e­gories: your sleep, your med­ica­tions, your med­ical records, and your cy­cle track­ing de­tails. The com­pany also said that hu­mans (maybe Samsung em­ploy­ees and third-party con­trac­tors) will be able to re­view some of the data col­lected.

The Samsung Health app re­cently un­der­went a mas­sive Generative AI over­haul just in time for the up­com­ing launch of the Galaxy Watch 9 and One UI 9 Watch. Among the many Gen AI fea­tures Samsung added is Vitals, a tool that an­a­lyzes overnight bio­met­ric sig­nals against your base­line to warn you about po­ten­tial sick­ness or fa­tigue. It specif­i­cally mon­i­tors five sig­nals: heart rate, heart rate vari­abil­ity, res­pi­ra­tory rate, skin tem­per­a­ture, and blood oxy­gen lev­els, and it can send you a no­ti­fi­ca­tion if some­thing looks wrong.

Other fea­tures in­clude a Heart Health Score fea­ture that com­bines your body com­po­si­tion, daily phys­i­cal ac­tiv­ity, sleep met­rics, and daily stress into a sin­gle card on the home screen. Samsung has also pack­aged in a Cardio Load met­ric to pre­vent over­train­ing and a Fitness Index that grades how fit you are based on dif­fer­ent met­rics like your VO2 max and step count com­pared to peers.

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

Visit pancik.com for more.