10 interesting stories served every morning and every evening.
“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U. S. Constitution, First Amendment.
In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges.
This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U. S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.
The right to petition allows citizens to communicate with the government, whether to complain, request action, or share viewpoints — without fear of reprisal. But that right is being assaulted by this administration on multiple levels. For starters, many GOP lawmakers are now heeding their leadership’s advice to stay away from local town hall meetings and avoid the wrath of constituents affected by the administration’s many federal budget and workforce cuts.
Another example: President Trump recently fired most of the people involved in processing Freedom of Information Act (FOIA) requests for government agencies. FOIA is an indispensable tool used by journalists and the public to request government records, and to hold leaders accountable.
The biggest story by far this week was the bombshell from The Atlantic editor Jeffrey Goldberg, who recounted how he was inadvertently added to a Signal group chat with National Security Advisor Michael Waltz and 16 other Trump administration officials discussing plans for an upcoming attack on Yemen.
One overlooked aspect of Goldberg’s incredible account is that by planning and coordinating the attack on Signal — which features messages that can auto-delete after a short time — administration officials were evidently seeking a way to avoid creating a lasting (and potentially FOIA-able) record of their deliberations.
“Intentional or not, use of Signal in this context was an act of erasure—because without Jeffrey Goldberg being accidentally added to the list, the general public would never have any record of these communications or any way to know they even occurred,” Tony Bradley wrote this week at Forbes.
Petitioning the government, particularly when it ignores your requests, often requires challenging federal agencies in court. But that becomes far more difficult if the most competent law firms start to shy away from cases that may involve crossing the president and his administration.
On March 22, the president issued a memorandum that directs heads of the Justice and Homeland Security Departments to “seek sanctions against attorneys and law firms who engage in frivolous, unreasonable and vexatious litigation against the United States,” or in matters that come before federal agencies.
The POTUS recently issued several executive orders railing against specific law firms with attorneys who worked legal cases against him. On Friday, the president announced that the law firm of Skadden, Arps, Slate, Meager & Flom had agreed to provide $100 million in pro bono work on issues that he supports.
Trump issued another order naming the firm Paul, Weiss, Rifkind, Wharton & Garrison, which ultimately agreed to pledge $40 million in pro bono legal services to the president’s causes.
Other Trump executive orders targeted law firms Jenner & Block and WilmerHale, both of which have attorneys that worked with special counsel Robert Mueller on the investigation into Russian interference in the 2016 election. But this week, two federal judges in separate rulings froze parts of those orders.
“There is no doubt this retaliatory action chills speech and legal advocacy, and that is qualified as a constitutional harm,” wrote Judge Richard Leon, who ruled against the executive order targeting WilmerHale.
President Trump recently took the extraordinary step of calling for the impeachment of federal judges who rule against the administration. Trump called U. S. District Judge James Boasberg a “Radical Left Lunatic” and urged he be removed from office for blocking deportation of Venezuelan alleged gang members under a rarely invoked wartime legal authority.
In a rare public rebuke to a sitting president, U. S. Supreme Court Justice John Roberts issued a statement on March 18 pointing out that “For more than two centuries, it has been established that impeachment is not an appropriate response to disagreement concerning a judicial decision.”
The U. S. Constitution provides that judges can be removed from office only through impeachment by the House of Representatives and conviction by the Senate. The Constitution also states that judges’ salaries cannot be reduced while they are in office.
Undeterred, House Speaker Mike Johnson this week suggested the administration could still use the power of its purse to keep courts in line, and even floated the idea of wholesale eliminating federal courts.
“We do have authority over the federal courts as you know,” Johnson said. “We can eliminate an entire district court. We have power of funding over the courts, and all these other things. But desperate times call for desperate measures, and Congress is going to act, so stay tuned for that.”
President Trump has taken a number of actions to discourage lawful demonstrations at universities and colleges across the country, threatening to cut federal funding for any college that supports protests he deems “illegal.”
A Trump executive order in January outlined a broad federal crackdown on what he called “the explosion of antisemitism” on U. S. college campuses. This administration has asserted that foreign students who are lawfully in the United States on visas do not enjoy the same free speech or due process rights as citizens.
Reuters reports that the acting civil rights director at the Department of Education on March 10 sent letters to 60 educational institutions warning they could lose federal funding if they don’t do more to combat anti-semitism. On March 20, Trump issued an order calling for the closure of the Education Department.
Meanwhile, U. S. Immigration and Customs Enforcement (ICE) agents have been detaining and trying to deport pro-Palestinian students who are legally in the United States. The administration is targeting students and academics who spoke out against Israel’s attacks on Gaza, or who were active in campus protests against U.S. support for the attacks. Secretary of State Marco Rubio told reporters Thursday that at least 300 foreign students have seen their visas revoked under President Trump, a far higher number than was previously known.
In his first term, Trump threatened to use the national guard or the U. S. military to deal with protesters, and in campaigning for re-election he promised to revisit the idea.
“I think the bigger problem is the enemy from within,” Trump told Fox News in October 2024. “We have some very bad people. We have some sick people, radical left lunatics. And I think they’re the big — and it should be very easily handled by, if necessary, by National Guard, or if really necessary, by the military, because they can’t let that happen.”
This term, Trump acted swiftly to remove the top judicial advocates in the armed forces who would almost certainly push back on any request by the president to use U. S. soldiers in an effort to quell public protests, or to arrest and detain immigrants. In late February, the president and Defense Secretary Pete Hegseth fired the top legal officers for the military services — those responsible for ensuring the Uniform Code of Military Justice is followed by commanders.
Military.com warns that the purge “sets an alarming precedent for a crucial job in the military, as President Donald Trump has mused about using the military in unorthodox and potentially illegal ways.” Hegseth told reporters the removals were necessary because he didn’t want them to pose any “roadblocks to orders that are given by a commander in chief.”
President Trump has sued a number of U. S. news outlets, including 60 Minutes, CNN, The Washington Post, The New York Times and other smaller media organizations for unflattering coverage.
In a $10 billion lawsuit against 60 Minutes and its parent Paramount, Trump claims they selectively edited an interview with former Vice President Kamala Harris prior to the 2024 election. The TV news show last month published transcripts of the interview at the heart of the dispute, but Paramount is reportedly considering a settlement to avoid potentially damaging its chances of winning the administration’s approval for a pending multibillion-dollar merger.
The president sued The Des Moines Register and its parent company, Gannett, for publishing a poll showing Trump trailing Harris in the 2024 presidential election in Iowa (a state that went for Trump). The POTUS also is suing the Pulitzer Prize board over 2018 awards given to The New York Times and The Washington Post for their coverage of purported Russian interference in the 2016 election.
Whether or not any of the president’s lawsuits against news organizations have merit or succeed is almost beside the point. The strategy behind suing the media is to make reporters and newsrooms think twice about criticizing or challenging the president and his administration. The president also knows some media outlets will find it more expedient to settle.
Trump also sued ABC News and George Stephanopoulos for stating that the president had been found liable for “rape” in a civil case [Trump was found liable of sexually abusing and defaming E. Jean Carroll]. ABC parent Disney settled that claim by agreeing to donate $15 million to the Trump Presidential Library.
Following the attack on the U. S. Capitol on Jan. 6, 2021, Facebook blocked President Trump’s account. Trump sued Meta, and after the president’s victory in 2024 Meta settled and agreed to pay Trump $25 million: $22 million would go to his presidential library, and the rest to legal fees. Meta CEO Mark Zuckerberg also announced Facebook and Instagram would get rid of fact-checkers and rely instead on reader-submitted “community notes” to debunk disinformation on the social media platform.
Brendan Carr, the president’s pick to run the Federal Communications Commission (FCC), has pledged to “dismantle the censorship cartel and restore free speech rights for everyday Americans.” But on January 22, 2025, the FCC reopened complaints against ABC, CBS and NBC over their coverage of the 2024 election. The previous FCC chair had dismissed the complaints as attacks on the First Amendment and an attempt to weaponize the agency for political purposes.
According to Reuters, the complaints call for an investigation into how ABC News moderated the pre-election TV debate between Trump and Biden, and appearances of then-Vice President Harris on 60 Minutes and on NBC’s “Saturday Night Live.”
Since then, the FCC has opened investigations into NPR and PBS, alleging that they are breaking sponsorship rules. The Center for Democracy & Technology (CDT), a think tank based in Washington, D. C., noted that the FCC is also investigating KCBS in San Francisco for reporting on the location of federal immigration authorities.
“Even if these investigations are ultimately closed without action, the mere fact of opening them — and the implicit threat to the news stations’ license to operate — can have the effect of deterring the press from news coverage that the Administration dislikes,” the CDT’s Kate Ruane observed.
Trump has repeatedly threatened to “open up” libel laws, with the goal of making it easier to sue media organizations for unfavorable coverage. But this week, the U. S. Supreme Court declined to hear a challenge brought by Trump donor and Las Vegas casino magnate Steve Wynn to overturn the landmark 1964 decision in New York Times v. Sullivan, which insulates the press from libel suits over good-faith criticism of public figures.
The president also has insisted on picking which reporters and news outlets should be allowed to cover White House events and participate in the press pool that trails the president. He barred the Associated Press from the White House and Air Force One over their refusal to call the Gulf of Mexico by another name.
And the Defense Department has ordered a number of top media outlets to vacate their spots at the Pentagon, including CNN, The Hill, The Washington Post, The New York Times, NBC News, Politico and National Public Radio.
“Incoming media outlets include the New York Post, Breitbart, the Washington Examiner, the Free Press, the Daily Caller, Newsmax, the Huffington Post and One America News Network, most of whom are seen as conservative or favoring Republican President Donald Trump,” Reuters reported.
Shortly after Trump took office again in January 2025, the administration began circulating lists of hundreds of words that government staff and agencies shall not use in their reports and communications.
The Brookings Institution notes that in moving to comply with this anti-speech directive, federal agencies have purged countless taxpayer-funded data sets from a swathe of government websites, including data on crime, sexual orientation, gender, education, climate, and global development.
The New York Times reports that in the past two months, hundreds of terabytes of digital resources analyzing data have been taken off government websites.
“While in many cases the underlying data still exists, the tools that make it possible for the public and researchers to use that data have been removed,” The Times wrote.
On Jan. 27, Trump issued a memo (PDF) that paused all federally funded programs pending a review of those programs for alignment with the administration’s priorities. Among those was ensuring that no funding goes toward advancing “Marxist equity, transgenderism, and green new deal social engineering policies.”
According to the CDT, this order is a blatant attempt to force government grantees to cease engaging in speech that the current administration dislikes, including speech about the benefits of diversity, climate change, and LGBTQ issues.
“The First Amendment does not permit the government to discriminate against grantees because it does not like some of the viewpoints they espouse,” the CDT’s Ruane wrote. “Indeed, those groups that are challenging the constitutionality of the order argued as much in their complaint, and have won an injunction blocking its implementation.”
On January 20, the same day Trump issued an executive order on free speech, the president also issued an executive order titled “Reevaluating and Realigning United States Foreign Aid,” which froze funding for programs run by the U. S. Agency for International Development (USAID). Among those were programs designed to empower civil society and human rights groups, journalists and others responding to digital repression and Internet shutdowns.
According to the Electronic Frontier Foundation (EFF), this includes many freedom technologies that use cryptography, fight censorship, protect freedom of speech, privacy and anonymity for millions of people around the world.
“While the State Department has issued some limited waivers, so far those waivers do not seem to cover the open source internet freedom technologies,” the EFF wrote about the USAID disruptions. “As a result, many of these projects have to stop or severely curtail their work, lay off talented workers, and stop or slow further development.”
On March 14, the president signed another executive order that effectively gutted the U. S. Agency for Global Media (USAGM), which oversees or funds media outlets including Radio Free Europe/Radio Liberty and Voice of America (VOA). The USAGM also oversees Radio Free Asia, which supporters say has been one of the most reliable tools used by the government to combat Chinese propaganda.
But this week, U. S. District Court Judge Royce Lamberth, a Reagan appointee, temporarily blocked USAGM’s closure by the administration.
“RFE/RL has, for decades, operated as one of the organizations that Congress has statutorily designated to carry out this policy,” Lamberth wrote in a 10-page opinion. “The leadership of USAGM cannot, with one sentence of reasoning offering virtually no explanation, force RFE/RL to shut down — even if the President has told them to do so.”
The Trump administration rescinded a decades-old policy that instructed officers not to take immigration enforcement actions in or near “sensitive” or “protected” places, such as churches, schools, and hospitals.
That directive was immediately challenged in a case brought by a group of Quakers, Baptists and Sikhs, who argued the policy reversal was keeping people from attending services for fear of being arrested on civil immigration violations. On Feb. 24, a federal judge agreed and blocked ICE agents from entering churches or targeting migrants nearby.
The president’s executive order allegedly addressing antisemitism came with a fact sheet that described college campuses as “infested” with “terrorists” and “jihadists.” Multiple faith groups expressed alarm over the order, saying it attempts to weaponize antisemitism and promote “dehumanizing anti-immigrant policies.”
The president also announced the creation of a “Task Force to Eradicate Anti-Christian Bias,” to be led by Attorney General Pam Bondi. Never mind that Christianity is easily the largest faith in America and that Christians are well-represented in Congress.
The Rev. Paul Brandeis Raushenbush, a Baptist minister and head of the progressive Interfaith Alliance, issued a statement accusing Trump of hypocrisy in claiming to champion religion by creating the task force.
“From allowing immigration raids in churches, to targeting faith-based charities, to suppressing religious diversity, the Trump Administration’s aggressive government overreach is infringing on religious freedom in a way we haven’t seen for generations,” Raushenbush said.
A statement from Americans United for Separation of Church and State said the task force could lead to religious persecution of those with other faiths.
“Rather than protecting religious beliefs, this task force will misuse religious freedom to justify bigotry, discrimination, and the subversion of our civil rights laws,” said Rachel Laser, the group’s president and CEO.
Where is President Trump going with all these blatant attacks on the First Amendment? The president has made no secret of his affection for autocratic leaders and “strongmen” around the world, and he is particularly enamored with Hungary’s far-right Prime Minister Viktor Orbán, who has visited Trump’s Mar-a-Lago resort twice in the past year.
A March 15 essay in The Atlantic by Hungarian investigative journalist András Pethő recounts how Orbán rose to power by consolidating control over the courts, and by building his own media universe while simultaneously placing a stranglehold on the independent press.
“As I watch from afar what’s happening to the free press in the United States during the first weeks of Trump’s second presidency — the verbal bullying, the legal harassment, the buckling by media owners in the face of threats — it all looks very familiar,” Pethő wrote. “The MAGA authorities have learned Orbán’s lessons well.”
...
Read the original on krebsonsecurity.com »
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.
For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.
I don’t use Android as my primary phone, but I have a spare one and I was really curious to find out which apps from Indian companies had checks to see what other apps I had installed.
So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app’s core functionality? 🙃
It’s worth acknowledging that there are some legitimate reasons for an app to check which other apps are installed on your phone. For example, an app might check which UPI apps are installed to show relevant payment options. Most of the manifest files I examined included checks for these apps. Some also looked for app cloning or multi-account apps, likely for security and fraud detection. All acceptable use cases.
But a few Indian companies went above and beyond with these checks. Let’s start with Swiggy. It has a staggering 154 package names listed in its manifest file, allowing it to query those apps on my phone. Here’s the full list:
I don’t even know where to begin unpacking this madness. How is knowing whether I have the Xbox or the Playstation app installed on my phone essential to their Swiggy’s core functionality? How will knowing if I have the Naukri or Upstox app help them deliver groceries to my doorstep?
The wide range of categories of apps in this list strongly suggests Swiggy is collecting installed apps data for user profiling and to build a behavioural profile of their customers. This seems to be against Play Store’s policies which considers the list of installed apps to be personal and sensitive user data.
This reminded me of that ppt from Blume Ventures - the one that blue tick twitter accounts living in certain pin codes of Bengaluru passionately discuss amongst themselves for a week every year. It had this interesting slide on apps used by different Indias:
Swiggy queries most of these apps and more on your phone. It not only knows which India you belong to, but it can pinpoint exactly where you fall within it.
Let’s talk about another app now, and it’s the usual suspect, the undisputed champion of asshole design - Zepto. They have listed 165 apps to check for on your device.
From Netflix to Bumble to Binance, the list includes nearly every popular app across all categories. There were recent reports of Zepto displaying different prices for iOS and Android users. With the help of this data, they can also show different pricing for different Android phones, which some customers are already seeing.
Even though Swiggy and Zepto have to declare these apps to query in the manifest file, as a user, you have no visibility into this list when you download their apps from the Play Store.
I also analyzed Swiggy and Zepto’s apps for their delivery riders. The app query list is different from their consumer apps. Both include checks to see which other companies their riders work for. Here’s Zepto’s list:
But Swiggy takes it a step further - it also checks for personal loan apps, personal finance apps, and even keeps tabs on apps like like Ludo King or Carrom Pool on their delivery riders’ phones.
Can’t we even play Ludo in peace without being spied on by our employers? Does even downtime need to be tracked by Swiggy? It’s embarrassing that Swiggy feels the need to include these ridiculous app queries on their delivery riders’ phones.
Speaking of personal loan apps in India, their predatory practices are well documented. A couple of years ago, there was a major crackdown that led to the removal of thousands of such apps from the Play Store. I took a look at some that still exist.
Kreditbee is listed as one of the top apps in the personal loans space on the play store with over 50 million downloads. And can you believe their app checks for 860 apps installed on your phone? 860!!! I am sorry you may have to squint or zoom in a little to view this list.
I only skimmed through this list - there are just too many apps. I hope someone reading this can do a thorough analysis. It’s probably because of the bubble I live in, but I hadn’t even heard of most of these apps. Even though most of them have tens of millions of downloads.
Beyond the usual categories, I see there are checks for apps like Tamil Calendar, Odia Calendar, Qibla Direction Finder, mandir apps, astrology apps. They know what they’re doing.
There is “Jodii for Diploma, +2,10 below”, a matrimony app for those who haven’t graduated high school. It has 10M+ downloads.
Then there is also “गाय भैंस खरीदें बेचें Animall” (cow buy/sell marketplace?) which also has more than 10M downloads.
This list of apps is a window into how a large part of India uses their phones - their daily lives, habits, and priorities.
Another leading personal loan app, Moneyview, with over 50 million downloads, has included checks for a staggering 944 apps in its manifest file - the highest among all the apps I examined. I am not including it in this post, you can read the full list here.
I’m surprised KreditBee and Moneyview apps passed the Play Store’s review. Play Store policy explicitly restricts personal loan apps from using the QUERY_ALL_PACKAGES permission. But these apps are bypassing this restriction by individually listing every app they want to detect in their manifest file instead.
I found only one manifest file which had the high-risk and sensitive QUERY_ALL_PACKAGES permission - it was Cred’s. Play Store grants a “temporary exception” to include this permission if apps have “a verifiable core purpose facilitating financial-transactions involving financially regulated instruments”.
But none of the other apps in the same segment as Cred I analyzed like PhonePe or PayTM had this permission in their manifest files. In fact, Cred offers personal loans too which as per Play Store’s Personal loans policy, is not eligible for this exception. Not sure how Cred is still allowed to keep this permission, which lets it see all the apps on your phone without any disclosures.
I read the manifest files of around 50 popular apps from Indian companies. Apart from Swiggy, Zepto, Cred, and a couple of personal loan apps, most had fairly reasonable and respectful app query lists.
Guess I expected worse. Maybe I am too cynical about these apps - could they actually be the good guys? 🙃
As I was about to conclude this exercise, I noticed a couple of interesting lines when I was skimming through the manifest file of one of the apps:
I am no expert in Android development, but from what I understand, the “ACTION_MAIN” filter in the configuration above allows visibility to all installed apps that, simply put, have a screen.
Since most installed apps run in the foreground and have a user interface, this filter grants developers access to see all the apps on your phone - without needing the QUERY_ALL_PACKAGES permission!
To be sure, I vibe co — I can’t say it without wincing — I vibe coded a basic android app and added the same “ACTION_MAIN” filter in my manifest file. And when I queried for installed packages, just as expected, this little hack returned a list of all the apps on my phone!!!
This seems like a massive privacy loophole in Android. Surely Play Store would reject apps that use this hack as this is a blatant violation of their store’s user data policy?
Out of 47 Indian apps I randomly analyzed, 31 of them used the “ACTION_MAIN” filter - giving them access to see all the apps on your phone without any disclosure. That’s 2 out of 3 apps.
Apps that don’t use this hack:
Even fucking Ludo King has this in its manifest file. So most Indian companies can actually see all the apps on your phone - they’re just sneakier about it than the likes of Swiggy and Zepto. So much for being the good guys.
In fact, Swiggy has got this filter config too, yet it still chooses to explicitly lists the apps it queries when it could just as easily do this discreetly behind closed doors like others. But I’m not complaining. This oversight from them gives a glimpse into Swiggy’s data collection practices. If Google had enforced this policy properly, we might have had similar visibility into other companies as well.
All the manifest files I read are in my Github. The majority were downloaded on March 18 or 19.
This hack isn’t exclusively used by apps from Indian companies. I checked the manifest files of some other popular apps. Facebook, Instagram, Snapchat, Subway Surfers, and Truecaller all have this config. Meanwhile, Amazon, Spotify, X, Discord, and WhatsApp didn’t. I didn’t investigate further beyond these.
This makes me wonder, what was the whole purpose of Google’s package visibility policy? It was supposed to protect users, yet most apps seem to have found ways around it anyway.
And installed app data is very sensitive and personal. In 2022, Vice reported that a data marketplace called Narrative was selling data on users who had downloaded period-tracking apps right after news emerged that Roe v. Wade (which had federally protected abortion rights in the U. S.) could be overturned. This is frightening to even think about.
Installed apps data is one data point. The extensive set of permissions each and every one of these apps have included in their manifest files, often far beyond what’s necessary is another can of worm for someone else to open.
I’ll conclude this post with a tiny example from Zepto. They ask for READ_SMS permission. You can deny it, but it’s mandatory if you sign up for Zepto Postpaid.
When you grant the permission, this is the list of sender IDs they check for in your inbox:
Most of them are TRAI sender IDs of banks. They’re likely reading these for their Postpaid plan eligibility check. They can still read this even if you never opt for it. And look how they’ve sneaked in SMSes from Blinkit, Swiggy, Bigbasket, Flipkart too.
Their competitors are probably doing the same, they just didn’t leave behind such an obvious trail of evidence in the app itself.
The point is when any app gets permissions like READ_SMS, as users, we have no visibility over when or what it’s accessing.
Please remember the next time you casually install an app on your Android device, this information is being broadcast to the whole world. Data brokers will use it to profile you, cross-reference it with data about you from other ad networks and eventually it will be used to decide how much you’ll be asked to pay the next time you order a samosa.
Thank you for reading. In case you subscribed to this newsletter after reading the “What’s inside this QR code menu at this cafe?” post and can’t find it anymore. Here’s my tweet about it.
I am also on Bluesky.
...
Read the original on peabee.substack.com »
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer, Indiana University, and had his homes raided by the FBI. No one knows why.
Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University’s Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there.
He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data. I have personally spoken to him on three occasions for articles here, here, and here.
In recent weeks, Wang’s email account, phone number, and profile page at the Luddy School were quietly erased by his employer. Over the same time, Indiana University also removed a profile for his wife, Nianli Ma, who was listed as a Lead Systems Analyst and Programmer at the university’s Library Technologies division.
As reported by the Bloomingtonian and later the Herald-Times in Bloomington, a small fleet of unmarked cars driven by government agents descended on the Bloomington home of Wang and Ma on Friday. They spent most of the day going in and out of the house and occasionally transferred boxes from their vehicles. TV station WTHR, meanwhile, reported that a second home owned by Wang and Ma and located in Carmel, Indiana, was also searched. The station said that both a resident and an attorney for the resident were on scene during at least part of the search.
...
Read the original on arstechnica.com »
The same year Apple launched the iPhone, it unveiled a massive upgrade to Mac OS X known as Leopard, sporting “300 New Features.” Two years later, it did something almost unheard of: it released Snow Leopard, an upgrade all about how little it added and how much it took away. Apple needs to make it snow again.
Snow Leopard did what it was made to do. It was one of the most solid software releases Apple ever put out. I’d say one of the best modern operating system releases, period.
After Apple’s frenetic run of overhauling and quickly iterating on the entire Mac platform in the early 2000s, becoming a major technology player again with the iPod, moving the Mac to a new processor architecture (for the second of three times) and releasing the iPhone, it was time for detail work. 2009’s Snow Leopard was understated, but improved the underlying system while shrinking it in size by removing outdated accretions.
In an era when people still paid money for operating system upgrades every few years (anyone else remember standing in line for Windows 95?), releasing an OS upgrade without huge new features was unusual. But, it was the right idea and cemented one of the best eras of the Mac.
Nowadays, Apple includes the system upgrades in the upfront cost of its computers, so the incentive to constantly roll out ten or twenty or three hundred “new features” should be lower. Inexplicably, since the company adopted that no extra charge, yearly release cadence, it has seemingly been more reticent to do a disciplined “Snow” release, no matter how necessary.
The latest releases — MacOS Sequoia and iOS/iPadOS 18 — are screaming for such a reset. Yes, they work and are still smoother and less glitchy than Windows 11, but they feel like software developed by people who don’t actually use that software. In the 22 years since I became a “switcher”, this is the worst state I can remember Apple’s platforms being in.
Some bugs are inevitable with major releases, sure. The troubling aspect is that many are easily reproducible across devices and show up in high-traffic areas, not just forgotten nooks. How do Apple’s engineers not notice these problems?
Take Messages. Apple’s iMessage and SMS tool is an essential app for communication for me and, I suspect, the vast majority of Apple users. Since the release of Sequoia last fall, one can no longer reliably cut or copy text from the Mac app. Attempting to copy a message bubble is a game of roulette: the message may copy or it may not. Who knows until you try to paste! Select text in a message and attempt to copy a specific part and it will copy… the whole message, not the selected portion. This is basic, nailed-down-in-the-1980s functionality even my first PC could get right every time.
Surface-level problems like this are joined by deeper structural issues, such as how slow and bloated Messages is. Compared to other end-to-end encrypted messaging tools, Messages takes forever to synchronize if the computer has been off or without Internet for even a day. Nor does it give any indication of an incomplete sync while it takes an hour or more to catch up. Meanwhile, I regularly catch it consuming 20-40% of a processor core when idling.
This is not good.
On my laptop, Mail, and any other tool that depends on MacOS’s secure networking libraries, will at times refuse to connect to the necessary servers. Because the problem is with some aspect of the underlying system, nothing less than a full restart of my Mac will allow connections to flow again. Separately, Safari regularly has internal components jam up and silently prevent a tab or the whole browser from loading pages.
Neither are the glitches confined to the Mac. UI bugs are strewn across Apple’s mobile platforms, too. Messages on iPad, for example, will regularly lose its top navigation bar, requiring a force quit of the app to get things working again. The emoji picker on both the iPad and Mac regularly comes up blank or fails to pass through a selection.
Then there are design decisions that aren’t bugs, they’re just bad. System Settings is a perfect case. For most of MacOS’s existence, you could rearrange a second display’s location in relation to the primary display simply by going into the System Preferences, clicking on Displays and dragging the pictured displays around. Now, counterintuitively, the picture of the displays on this main screen are immovable, with rearrangement functionality hidden behind a button that leads to another window.
That’d be an annoying step backward in the olden days, but it is worse in an era when an iPad can share the Mac’s mouse pointer and even double as a secondary display. Am I the only one who sometimes has his iPad on the left of the Mac and sometimes the right? Why make it harder to rearrange displays now?
I could walk item by item through System Settings and point out many equally inexplicable decisions. Did anyone at Apple really believe a Mac user’s life would be better if common features were buried deep in menus? Or that those menus would be better if designed with odd, glitchy interface arrangements more akin to web pages than a proper Mac app?
Then there’s the abomination that is the iOS and iPadOS Photos app. The previous release was not perfect, but it was good. The new release buried quick access to functions such as favorites. The first release also defaulted to showing all photos and videos with huge margins around them rather than using the full screen. When is the last time you heard someone say, “I sure hate when photos fill my whole screen, I wish they’d put a big border around them instead”? Meanwhile, navigation items are non-standard and riddled with inconsistencies — sometimes there’s a back navigation button, sometimes an “X,” sometimes in one place, sometimes in another — more akin to an Android app than a core part of iOS.
A year focused on cleaning up these and a thousand similar issues big and small is the single step Apple could take that would most enhance its products.
This decade old video from Apple’s WWDC conference summarizes Steve Jobs’ philosophy that “Innovation is saying no to 1,000 things.” This has exemplified Apple’s best moments and been absent during their worst.
This is not to say Apple’s platforms are without the need for updates. Apple is clearly behind on the AI arms race and the recent announcement that Apple Intelligence’s most exciting features are indefinitely delayed instills little confidence the company will soon catch up. John Gruber is right that Apple now seems to be producing concept videos of vaporware.
The company’s struggle to release its most important new features in years may be more than tangentially related to everything I’ve bemoaned in this column. Reports suggest Siri is actually divided into two different systems — the old, core, limited Siri and a newer one for the latest features — because they haven’t been able to pull off integrating them.
You can put beautiful new windows on your house when the wood is solid; when it is rotten, you need to replace the rotted-out structure first. Snow Leopard’s clean-up paved the way for years of solid, reliable upgrades to MacOS, including many of the flashy features we now take for granted.
I am not suggesting Apple has fallen behind Windows or Android. Changing a setting on Windows 11 can often involve a journey through three or four different interface designs, artifacts of half-implemented changes dating back to the last century. Whenever I find myself stuck outside of Appleland, I am eager to return “home,” flaws and all.
Yet, Apple’s products gained loyal supporters like me because their products were polished and “just worked.” They are middle of the road to premium offerings; it is no compliment when they are the “least bad” instead of the “best.” They should be better than the experience on a $200 PC.
Apple is a company with enormous resources. Apple has not wisely directed some, significant portion of those resources in recent years. An ill-advised focus on the far-fetched Vision Pro occupied Apple when it should have seen AI racing into the mainstream. I lamented that nearly two years ago. Having squandered its lead going the wrong direction, Apple’s temptation could now be to ignore the infrastructure rot and simply keep trying to bolt on catchup features without fixing what’s already broken.
With the company’s size and resources, though, this needn’t be a call to fall even further behind on AI. Apple could easily have its core operating system team focused on clean up releases of its operating systems even while its AI team tried to find its footing.
AI or no-AI, spring cleaning would make the Mac, iPhone and iPad really shine. If Apple Intelligence can get caught up, so much the better: the software around it won’t get in the way.
Full Disclosure: Tim does own some Apple (AAPL) and Microsoft (MSFT) stock.
...
Read the original on reviews.ofb.biz »
In just a few months, developers fixed over 700 reported issues, revisited old bug reports, and addressed unreported problems.
Alongside bug fixes, Winter of Quality also included tackling technical debt and improving documentation.
...
Read the original on www.blender.org »
The Model context protocol (aka MCP) is a way to provide tools and context to the LLM. From the MCP docs:
MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.
The Agents SDK has support for MCP. This enables you to use a wide range of MCP servers to provide tools to your Agents.
Currently, the MCP spec defines two kinds of servers, based on the transport mechanism they use:
stdio servers run as a subprocess of your application. You can think of them as running “locally”.
HTTP over SSE servers run remotely. You connect to them via a URL.
You can use the MCPServerStdio and MCPServerSse classes to connect to these servers.
For example, this is how you’d use the official MCP filesystem server.
MCP servers can be added to Agents. The Agents SDK will call list_tools() on the MCP servers each time the Agent is run. This makes the LLM aware of the MCP server’s tools. When the LLM calls a tool from an MCP server, the SDK calls call_tool() on that server.
Every time an Agent runs, it calls list_tools() on the MCP server. This can be a latency hit, especially if the server is a remote server. To automatically cache the list of tools, you can pass cache_tools_list=True to both MCPServerStdio and MCPServerSse. You should only do this if you’re certain the tool list will not change.
If you want to invalidate the cache, you can call invalidate_tools_cache() on the servers.
Calls to the MCP server to list tools
...
Read the original on openai.github.io »
On this release, we’re showing what happens when you push modern web standards — HTML, CSS, and JS — to their peak:
This entire app is lighter than a React/ShadCN button:
See benchmark and details here ›
Here’s the same app, now with a Rust computation engine and Event Sourcing for instant search and other operations over 150,000 records — far past where JS-version of the engine choked on recursive calls over the records.
This demo is here ›
Nue crushes HMR and build speed records and sets you up with a millisecond feedback loop for your everyday VSCode/Sublime file-save operations:
Immediate feedback for design and component updates, preserving app state
This is a game-changer for Rust, Go, and JS engineers stuck wrestling with React idioms instead of leaning on timeless software patterns. Nue emphasizes a model-first approach, delivering modular design with simple, testable functions, true static typing, and minimal dependencies. Nue is a liberating experience for system devs whose skills can finally shine in a separated model layer.
This is an important shift for design engineers bogged down by React patterns and 40,000+ line design systems. Build radically simpler systems with modern CSS (@layers, variables, calc()) and take control of your typography and whitespace.
This is a wake-up call for UX engineers tangled in React hooks and utility class walls instead of owning the user experience. Build apps as light as a React button to push the web — and your skills — forward.
Nue is a web framework focused on web standards, currently in active development. We aim to reveal the hidden complexity that’s become normalized in modern web development. When a single button outweighs an entire application, something’s fundamentally broken.
Nue drives the inevitable shift. We’re rebuilding tools and frameworks from the ground up with a cleaner, more robust architecture. Our goal is to restore the joy of web development for all key skill sets: frontend architects, design engineers, and UX engineers.
...
Read the original on nuejs.org »
In a short
note to the Reproducible Builds
mailing list, Debian developer Roland Clobus announced that live images for Debian 12.10 (“bookworm”) are now 100% reproducible. See the reproducible
live images and Debian Live todo
pages on the Debian wiki for more information on the images.
Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
...
Read the original on lwn.net »
Or why people pretending CSV is dead are wrong
Every month or so, a new blog article declaring the near demise of CSV in favor of some “obviously superior” format (parquet, newline-delimited JSON, MessagePack records etc.) find its ways to the reader’s eyes. Sadly those articles often offer a very narrow and biased comparison and often fail to understand what makes CSV a seemingly unkillable staple of data serialization.
It is therefore my intention, through this article, to write a love letter to this data format, often criticized for the wrong reasons, even more so when it is somehow deemed “cool” to hate on it. My point is not, far from it, to say that CSV is a silver bullet but rather to shine a light on some of the format’s sometimes overlooked strengths.
The specification of CSV holds in its title: “comma separated values”. Okay, it’s a lie, but still, the specification holds in a tweet and can be explained to anybody in seconds: commas separate values, new lines separate rows. Now quote values containing commas and line breaks, double your quotes, and that’s it. This is so simple you might even invent it yourself without knowing it already exists while learning how to program.
Of course it does not mean you should not use a dedicated CSV parser/writer because you will mess something up.
No one owns CSV. It has no real specification (yes, I know about the controversial ex-post RFC 4180), just a set of rules everyone kinda agrees to respect implicitly. It is, and will forever remain, an open and free collective idea.
Like JSON, YAML or XML, CSV is just plain text, that you are free to encode however you like. CSV is not a binary format, can be opened with any text editor and does not require any specialized program to be read. This means, by extension, that it can both be read and edited by humans directly, somehow.
CSV can be read row by row very easily without requiring more memory than what is needed to fit a single row. This also means that a trivial program that anyone can write is able to read gigabytes of CSV data with only some kilobytes of RAM.
By comparison, column-oriented data formats such as parquet are not able to stream files row by row without requiring you to jump here and there in the file or to buffer the memory cleverly so you don’t tank read performance.
But of course, CSV is terrible if you are only interested in specific columns because you will indeed need to read all of a row only to access the part you are interested in.
Column-oriented data format are of course a very good fit for the dataframes mindset of R, pandas and such. But critics of CSV coming from this set of practices tend to only care about use-cases where everything is expected to fit into memory.
It is trivial to add new rows at the end of a CSV file and it is very efficient to do so. Just open the file in append mode (a+) and get going.
Once again, column-oriented data formats cannot do this, or at least not in a straightforward manner. They can actually be regarded as on-disk dataframes, and like with dataframes, adding a column is very efficient while adding a new row really isn’t.
Please don’t flee. Let me explain why this is sometimes a good thing. Sometimes when dealing with data, you might like to have some flexibility, especially across programming languages, when parsing serialized data.
Consider JavaScript, for instance, that is unable to represent 64 bits integers. Or what languages, frameworks and libraries consider as null values (don’t get me started on pandas and null values). CSV lets you parse values as you see fit and is in fact dynamically typed. But this is as much of a strength as it can become a potential footgun if you are not careful.
Note also, but this might be hard to do with higher-level languages such as python and JavaScript, that you are not required to decode the text at all to process CSV cell values and that you can work directly on the binary representation of the text for performance reasons.
Having the headers written only once at the beginning of the file means the amount of formal repetition of the format is naturally very low. Consider a list of objects in JSON or the equivalent in XML and you will quickly see the cost of repeating keys everywhere. That does not mean JSON and XML will not compress very well, but few formats exhibit this level of natural conciseness.
What’s more, strings are often already optimally represented and the overhead of the format itself (some commas and quotes here and there) is kept to a minimum. Of course, statically-typed numbers could be represented more concisely, but you will not save up an order of magnitude there neither.
This one is not often realized by everyone but a reversed (byte by byte) CSV file, is still valid CSV. This is only made possible because of the genius idea to escape quotes by doubling them, which means escaping is a palindrome. It would not work if CSV used a backslash-based escaping scheme, as is most common when representing string literals.
But why should you care? Well, this means you can read very efficiently and very easily the last rows of a CSV file. Just feed the bytes of your file in reverse order to a CSV parser, then reverse the yielded rows and their cells’ bytes and you are done (maybe read the header row before though).
This means you can very well use a CSV output as a way to efficiently resume an aborted process. You can indeed read and parse the last rows of a CSV file in constant time since you don’t need to read the whole file but only to position yourself at the end of the file to buffer the bytes in reverse and feed them to the parser.
It clearly means CSV must be doing something right.
...
Read the original on github.com »
Late last year the popular Chrome extension Honey (owned by PayPal) was revealed for employing a few shady tactics, and the extension has since lost around 4 million users on Google’s browser alone.
To recap the situation thus far, Honey has amassed millions of users over the past several years on the promise of finding coupon codes for various online stores. The free extension saw wide advertisements and was eventually purchased by PayPal in 2020 for $4 billion.
In December 2024, a video on YouTube by the channel MegaLag exposed Honey for two shady practices. The first was how the extension took advantage of affiliate codes. Honey has always used affiliate programs to subsidize its service, but the video revealed that the extension would hijack these programs — removing affiliate codes from other refferers such as online creators and website — even if it didn’t have coupon codes or cash back to offer in return. The practice was working behind the scenes with businesses to control which codes would appear to Honey users, effectively directly lying about its promise of finding the “best” coupon codes on the web.
That video amassed over 17 million views, and Honey has now lost over 4 million users on Chrome.
As we reported in early January, Honey had lost around 3 million users immediately after the video went viral, but ended up gaining back around 1 million later on. Now, as of March 2025, Honey is down to 16 million users on Chrome, down from its peak of 20 million.
This drop comes after new Chrome policy has taken effect which prevents Honey, and extensions like it, from practices including taking over affiliate codes without disclosure or without benefit to the extension’s users. Honey has since updated its extension listing with disclosure, and we found that the behavior shown in the December video no longer occurs.
Are you still using Honey?
...
Read the original on 9to5google.com »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.